TORONTO — A set of international guidelines expected for 2006 could have some serious implications for the way banks handle customer data.
The so-called Basel II framework requires that banks aggregate and store credit data such as ratings decisions, borrower histories, and probabilities
of default and rating migration for at least three years.
Basel II is the work of The Basel Committee on Banking Supervision, a Switzerland-based committee of central banks and bank supervisors and regulators from more than a dozen countries, including Canada.
The Office of the Superintendent of Financial Institutions (OSFI) is the federal regulator in Canada responsible for federally chartered financial institutions and federally administered pension plans. The OSFI also benchmarks best practices for the industry with a view to reducing operational and technical risk.
The risks of managing technology in the banking industry are mitigated by the time it takes any given bank to implement it, said Abhilash Bhachech, managing director of the financial services division of OSFI. Bhachech spoke Tuesday at the Information Integrity symposium hosted by Cyrca Solutions Ltd.
It typically takes a bank 18-24 months to review, approve and install technology, he said — longer than the software release cycles of many major vendors.
“”If you look at this reality, a lot of things can go wrong,”” he said, also noting that 40 per cent of IT projects are cancelled before getting off the ground, and 33 per cent of the projects that go ahead are often second-guessed due to time and cost constraints.
Banks are constantly challenged by threats to their data integrity, not the least of which is the scope of their operations. “”You find that the data is available across geographies, across legal entities,”” said Bhachech. “”It’s very difficult to contain that data.””
Data can also start “”drifting”” due to the complexity of IT within a bank’s infrastructure, as well as other factors like the mergers and acquisitions that complicate the organization and simple human error.
These will all present challenges for Canadian banks in terms of their ability to comply with Basel II, he said. As such, the OSFI has broadened its mandate to consider operational risk, rather than just technical risk, within the Canadian banking community.
Basel II, along with recent legislation like PIPEDA, will force banks to focus on data integrity management rather than the technology that contains it, according to Dr. V. Kumar Murty, Cyrca’s chief scientist and chair of the department of mathematics and computational sciences at the University of Toronto. “”Regulatory issues are forcing us to accelerate that evolution,”” he said.
Users may need to revise their approach to data integrity, he said, and consider the best way to demystify complex technology and reconcile it with security concerns. He likened it to searching for your car in a crowded parking lot. The best way to reduce complexity is to break the lot down into a grid and appoint one person to search one section methodically.
In the future, he added, users will also have to make the distinction between information and data: information is meaningful, data is a collection of ones and zeroes. It’s easier to track information as it moves across an enterprise’s different IT systems and locations, he said.