Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Implementing a robust security network across the bank leveraging on Operational Risk processes

Published in: Economy & Finance
  • Be the first to comment


  1. 1. DIGITAL BANKING SECURITY– QUO VADIS? Implementing a robust security network across the bank leveraging on Operational Risk processes Oliver Binder Operational Risk CEE UniCredit Bank Austria Vienna, 11 September 2015
  2. 2.  BACKGROUND  Digital Banking on the Rise  Cybercrime as the Dark Side of the Internet  NEW OPERATIONAL RISK CONCEPTS  OpRisk Network as support of IT Security  OpRisk Tools & Outlook  New Concepts – New Questions AGENDA 2
  3. 3. INTERNET BANKING ON THE RISE IN EUROPE 3  Online banking penetration in the European Union (EU28) from 2007 to 2014* *source: Statistica
  4. 4. BANKS HAVE TO REACT TO GLOBAL TRENDS AND INCREASING COMPETITION  Development from cash to cheques, to credit cards and debit cards, and now to online banking and mobile commerce.  Increasing competition through financial services offered by non-banking firms  New means of transactions, e.g. paying with your smartphone, are becoming more and more popular 4
  5. 5. 5  Criminals increasingly leverage on big data analysis ExamplesThreats  Criminals use vulnerabilities in banks ICT system framework  Phishing  Rogue mobile applications/ malware  Account takeover Online Channel attack Hacking/ Hacktivism Big Data* Development and adaption of malware based on analysis of client device configurations KEY TRENDS AS THE WORLD GOES MOBILE, CYBERCRIME WILL FOLLOW  Criminals target digital channel transactions of bank clients  Loss of client data  Loss of confidential internal data  System damage --> Reputational Risk *Big data is an evolving term that describes any voluminous amount of structured, semi-structured and unstructured data that has the potential to be mined for information
  6. 6. 6  Global cyber-crime likely cost individuals, companies and governments between $375 billion and $575 billion in 2013 (0,5% of global GDP)* A GLIMPSE ON THE GLOBAL DAMAGE CAUSED *source: Center for Strategic and International Studies, 2013
  7. 7. Increase clients’ awareness Increase staff skills and mindset Personalized Security Settings for different channels Offline Security Structure supporting online security 2 Factor Authentication (Token, SMS, Mobile) PKI, Biometrics Fraud Detection Systems Real time SMS alerts Coorporation with GSM Operators and Phone Manufacturers Non - Secure Secure ITI WILL BE A LONG ROAD TO SECURED DIGITAL BANKING. Regular Mobile Security and Penetration Tests
  8. 8. UNICREDIT – BIG BANK, BIG CHALLENGES 8 Estonia Latvia Lithuania Poland Croatia SerbiaBosnia Slovakia Ukraine Turkey Hungary Russia Czech Rep. Slovenia Austria Bulgaria Romania Italy Germany Monte- negro Bank Austria Subholding BA Group AMA LEs: • UC Bank Austria (2007) • Zagrebacka Banka (HR, 2007) • Schoellerbank (AT, 2008) • UCB Czech Republic (2008) • UCB Slovakia (2008) • UCB Slovenija (2008) • UCB Hungary (2009) • UC Tiriac Bank (RO, 2009) • UC Bulbank (BG, 2010) UniCredit Group Bank Austria Sub-holding International network in 50 markets 17 European countries Present in 13 countries ~ 8,500 Branches ~ 2,500 ~ 147,000 Employees ~ 47,000 ~ 40 million customers € 844 billion Total assets € 189 billion Milan Headquarters Vienna
  9. 9. IDENTIFICATION & COOPERATION OF ALL AREAS IS KEY UniCredit Bank Austria AG – Management Board CEO HR CRO CFO CEE Commercial Banking Corprorates & IB Private Banking Legal ORGA Compliance Internal Audit DORM DORM DORM UBIS Risk Management DORM OpRisk unit Special Credit DORM DORM DORM Private Customers Corporates DORM DORM DORM DORM Operational & Reputational Risk Committee DORM Security Office DORM Schoellerbank OpRisk Management CEE legal entities OpRisk functions Police Other banks External institutes Payment units
  10. 10. VISION: ENHANCING OPPORTUNITIES AND REDUCING THREATS TO BUSINESS OBJECTIVES 10 Permanent Work Group What?  Analyzing operational loss data, KRIs and Scenarios  Identify mitigation actions  Reduce potential operational losses and key risks in the future  Monitoring and facilitating of proceedings of strategic relevant initiatives Who?  Operational Risk (OpRisk)  Organisation (ORGA)  representatives from other relevant functions i.e. Business Divisions, Legal, Audit, Compliance, etc. if needed How?  Fostering proactivity, members take the initiative and areas actively promote topics  Emergence of bilateral discussions – e.g. ORGA / Security  Function as escalation body for previously uncovered topics When?  Bi-weekly operative Jour Fixe with ORGA  Quarterly meeting with all major participants for decision taking Effective execution of the PWG concept resulted in successful cooperation with key stakeholders and business
  11. 11. VISION: ENHANCING OPPORTUNITIES AND REDUCING THREATS TO BUSINESS OBJECTIVES 11 KEY SUCCESS FACTORS  Establishing a good cooperation with stakeholders is crucial  Regular meetings result in intense teamwork  Set-up at an operative level in order to enable tangible results  Involve all company employees through initiatives (idea management)  Include the roll-out of the PWG concept into high priority programmes with clear management attention
  12. 12. OPERATIONAL RISK FRAMEWORK BANK AUSTRIA WHERE WE COME FROM … AND WHERE WE WANT TO GO Strategies Mitigation actions Process enhancement Insurance Internal loss data External loss data Scenario analysis Key operational risk indicators RAF* Quantitative Requirement Mitigation& Controlling Integrated Risk Management  Integration in business strategies and day-to-day business decisions  Alignment of Risk management to managerial view  Active mitigation of OpRisk profile  A constant increase in awareness for operational risk  Active involvement of business divisions  Decentral OpRisk Framework  Sound basis for controlling and monitoring of risk profile *Risk Appetite Framework
  14. 14. NEW BRANCH CONCEPTS – OPEN QUESTIONS 14  Are your new channels secure, both physically and electronically?  Can you meet all legal standards, e.g. data security laws?  Is your IT-infrastructure stable?  Are your internal processes aligned with the new concepts?  Are your employees and customers fit for the new challenges?  Are you ready to cover possible new emergencies?  What about your customers who want to stick with traditional channels?
  16. 16. ANY QUESTIONS? 16