Security has always been a top priority for financial services institutions—and now more than ever. Why? Strict new regulations such as Sarbanes Oxley and Basel II, as well as intensified scrutiny by law enforcement, have upped the ante for full and swift compliance. While banks and insurance executives find themselves under increasing pressure to reduce operating costs and improve efficiency, companies that invest in improved security systems achieve more than enhanced regulatory compliance and improved productivity, they also benefit from new business capabilities.
Unfortunately, due to the steady stream of security threats and warnings raised on the Internet, companies often develop a reactive mentality, leaving security managers scrambling to respond to the latest risk. But high-performance businesses that maximize their investments in financial security systems are proactive—they plan ahead by building well-structured, quantified security management processes, based on a thorough cost-benefit analysis. Their Corporate Security Officers (CSOs) and Corporate Information Officers (CIOs) understand that a lack of planning can result in ineffective security budgets with only enough funds to respond to security breaches, instead of preventing them in the first place.
Too often, guesswork is the basis for estimating security budgets. But Accenture has developed a procedure that helps take out the guesswork. Executives can build a strong business case for increased security investment by weighing the potential savings in both internal and auditing costs. The return on investment is calculated by figuring out what the company is currently spending, what the technology solution will cost, and what it will save by improving compliance and automating manual systems. Some banks indicate that the cost of regulatory compliance has mushroomed from as much as three to 10 times the costs just in the past few years. But by using leading-edge automated systems, high-performance companies can achieve compliance at significantly lower costs. Sarbanes Oxley requires executives to vouch that security controls are in place and that they are monitored to prevent financial information from being altered. Instead of spending millions of dollars for auditors to manually audit security reports, a company could invest in a centralized system that drastically reduces the workload: auditors need to review just a dozen of pages of policies to determine if appropriate controls are in place, instead of thousands of pages of access reports.
The optimal amount of security for a financial services institution will be obtained through a risk management process. Accenture has developed an effective risk management process that involves the following five components: - Risk assessment—To identify the gaps
- Controls Identification—To achieve desired risk level
- Cost-Benefit Analysis—To help prioritize security investment
- Implementation—To reduce identified risks
- Program Monitoring—To determine the effectiveness and cost of controls
A security breach can severely damage a company’s reputation and undermine customers’ trust. By investing in advanced security solutions, financial institutions can gain a competitive advantage. For example, one bank is building customer loyalty by marketing the controls it provides to prevent identity theft. By investing in security, a high-performance financial institution knows it is doing more than solving a short-term problem. It is investing in the future by safeguarding a company’s most important asset: its reputation with customers. Lowering the Risk at a Large Bank in Europe
The bank, the largest mortgage and savings provider in Europe, is a dramatic example of how a financial institution leveraged its security investment to not only meet compliance regulations, but also improve the company’s overall performance. After the bank’s merger in 2001, its internal security organization was faced with significant increases in workload and the task of providing compliance with internal security policies. The bank turned to Accenture to help design and implement an innovative technology solution because of the broad expertise and proven track record offered by Accenture Infrastructure Consulting and Security Practices.
Working closely with the bank, Accenture’s security professionals helped develop an Identity and Access Management solution, tailored to its needs. The software solution allows the bank to quickly mobilize and enhance security operations as well as providing a centralized audit and reporting capability. The end result: the new identity management system reduces operational risk. And by lowering the risk, the bank can reduce its capital requirements, freeing up money for other investments. With increased efficiency and productivity, the bank is demonstrating its commitment to achieving continued high performance.
Business Rationale for Security Investments
Download our new whitepaper to learn about building a business case for security investments that drive business results. [PDF, 129K]
PDF Help
Contacts
Click Here to be contacted by an Accenture Financial Services Security expert.
For further information, please contact Accenture’s leadership team:
Alastair MacWillson, Global Security Practice Lead
Stephen A. Barlock, North America Security Practice Lead
Stephen Wylie, EMEA Security Practice Lead
Client Success
European Bank: Electronic Banking Service Reengineering Related Information
Accenture Security Solutions Accenture’s Risk & Regulatory Management capabilities Sign up
to receive The Point, a monthly thought publication based on studies, research and/or analysis by Accenture’s Financial Services group and thought leadership team. Sign up now to receive e-mail alerts on key financial services topics.
 To Top
|