A Holistic Approach to Risk Management

Participants at last week's Financial Services E-Mail, Instant Messaging & Collaboration Summit, a cross-section of information security, audit, legal, and compliance experts, agreed that a successful risk mitigation and compliance program requires taking a holistic approach instead of attempting to tackle each risk separately.This applies to both to traditional credit and market risk, for which banks have developed a broad spectrum of tools and data to work with, and to newer forms of risks such as hacking attacks, phishing, and other types of malicious code, for which they have relatively little experience to draw upon. "All layers of the organization-legal, IT, compliance, and information security-have to be on the same page," says a technology risk executive at a top international banks. "The better job of working collaboratively, the more responsive we can be to business needs." Financial institutions are encouraging software vendors to build greater security into newer versions of their products, but they're also realistic about it. "Millions of lines of code exist in an operating system," says this executive. "There's a limit to what a vendor can do."