Basel II: The New Basel Capital Accord

The five main features of a rigorous supervisory review process are as follows:

• Board and senior management oversight
• Sound capital assessment
• Comprehensive assessment of risks
• Monitoring and reporting
• Internal control review

• Affected banks can use SOTEC Remote Monitoring or SRM-embedded services to alert, notify, threshold on and document changes in technology, new security threats, unauthorized activity and new business arrangements

Fundamental elements of sound capital assessment include:

• Policies and procedures designed to ensure that the bank identifies, measures, and reports all material risks
• A process that relates capital to the level of risk
• A process that states capital adequacy goals with respect to risk, taking account of the bank's strategic focus and business plan
• A process of internal controls, reviews and audit to ensure the integrity of the overall management process

SOTEC Remote Monitoring helps CIOs address the assessment, identification and documentation of internal controls:

• Use SRM to take a quick "snapshot" and baseline network activity to establish what constitutes "normal" activity for comparison purposes
• Asset report automatically discovers and documents resources across the IT infrastructure
• Asset reports automatically identify all moves, adds, and changes
• Notify on changes in access policies, changes in firewall configurations, router configurations, disk drive removals, and environmentals
• Documentation of security controls: firewall logs, intrusion monitoring, vulnerability assessment, patch assessment, assurance that virus updates are current
• Aggregated firewall reports ensure firewall is in compliance with organization security policy
• Archive up to one year's worth of history

• The bank should establish an adequate system for monitoring and reporting risk exposures and how the bank's changing risk profile affects the need for capital
• The bank's senior management or board of directors should, on a regular basis, receive reports on the bank's risk profile and capital needs

IT systems, as they support business operations and financial management, play a significant role in the detection and management of material events. Proactive use of IT solutions such as SOTEC Remote Monitoring enable earlier detection and mitigation of material events with some of the following capabilities:

• Overall monitoring, alerting and notification system on network, system, application and security issues
• Use of thresholds, severity and time-based alerts and escalations

The bank should conduct periodic reviews of its risk management process to ensure its integrity, accuracy and reasonableness. Areas that should be reviewed include:

• The appropriateness of the bank's capital assessment process given the nature, scope and complexity of its activities
• The identification of large exposures and risk concentrations
• The accuracy and completeness of data inputs into the bank's assessment process
• The reasonableness and validity of scenarios used in the assessment process
• Stress testing and analysis of assumptions and inputs

• SOTEC Remote Monitoring proactively scans your networks, systems and apps for more than 800 different vulnerabilities and automatically prioritizes the severity of each to help identify and mitigate the biggest security risks
• SRM patch assessment reduces the costs of keeping your infrastructure current with Microsoft security patches by automating the identification, prioritization and mitigation of Windows security patch vulnerabilities
• Realtime intrusion monitoring; monthly summaries on use of admin. password including; login/logout activity, failed login details; account modifications
• Automated security alerts, notification, and escalation capabilities
• Time-based escalations
• User-customizable threshold-settings to control and focus alerts

• Supervisors should consider the quality of the bank's management information reporting and systems, the manner in which business risks and activities are aggregated, and management's record in responding to emerging or changing risks

Because IT systems generate periodic reports and control e-mail, the primary tool for communicating information internally, banks must ensure host systems are secure and reliable. SOTEC Remote Monitoring assists with the following:

Reliability:

• System availability reports
• System O\S reports
• Network Utilization (NIC card)
• Overall alerts/notification system
• Exchange, Notes, e-mail application monitoring

Security:

• Vulnerability assessments
• Firewall monitoring
• Patch assessment
• Intrusion monitoring
• Automatic archival of all reports for up to one year