Transcript Operational Risks in CDS Elizabeth Garbayo
Inicial
OPERATIONAL RISK IN CSDs 1 Elizabeth Garbayo CENTRALCLEARING - www.centralclearing.com.br
ACSDA November 2002
Operational Risk
“The most common and persistent risk that central securities depositories must face.” “Uncertainty of losses due to inadequate systems, controls and human resources management.” “All sources of risk excluding market risk and credit risk.”
2
3 CENTRALCLEARING
is a Central Counterparty All concepts are applicable to CSDs
4 Main Goals in Controlling Operational Risk in CENTRALCLEARING 1 – Control of internal processes and procedures.
2 – Monitoring systems against frauds.
3 – IT control, system performance and reliability.
4 – STP (Straight Through Processing).
5 Controlling Operational Risk CENTRALCLEARING 1 - Control of internal processes and procedures:
• Risk Committee.
• Compliance Director.
• Independent internal / external auditing and periodical reports.
Controlling Operational Risk CENTRALCLEARING
Auditing techniques -
Internal, external and systems auditing are made by using sophisticated techniques
Key IT Controls
Internal Audit System Development Change Management Management of IT 5 4 3 2 1 0 Physical Security Security of Information 1st Quartile 2nd Quartile 3rd Quartile 4th Quartile Continuity of Systems Central
6
7 Controlling Operational Risk CENTRALCLEARING
Auditing techniques –
Physical security
Physical security
3 2 5 4 1 0
Physical Access Control
CENTRAL 1st Quartile 2nd Quartile 3rd Quartile 4th Quartile
Protection of Environment
8 Controlling Operational Risk CENTRALCLEARING
Auditing techniques –
Risk Matrix
Risk Matrix – Key IT Controls High Moderate Low Low Moderate
Probability
High
9 Controlling Operational Risk CENTRALCLEARING 2 - Monitoring systems against frauds:
• Physical access control.
• Surveillance system.
• Internal controls.
• System access control.
• Operational insurance.
10 Controlling Operational Risk CENTRALCLEARING 3 - IT control, system performance and reliability:
• Mirrored storage.
• Disaster-recovery plan.
• Physical security of hardware.
11 Controlling Operational Risk CENTRALCLEARING
System Contingency
Server redundancy: • Two identical servers.
• Contingency server.
12 Controlling Operational Risk CENTRALCLEARING
Office contingency:
Office redundancy: • Two contingency offices: 1.
2.
ALGORITHMICS (RJ).
CENTRALCLEARING (SP).
13 Controlling Operational Risk CENTRALCLEARING
System contingency:
• Redundant telecommunication links.
• Internal network is duplicated.
• Quarterly contingency tests.
Controlling Operational Risk CENTRALCLEARING
2 Independent links
System display for each service:
2 Independent links
Outside world Server 1 Contingency Server Server 2 Main site Contingency site 14
15 Controlling Operational Risk CENTRALCLEARING
Other features for system performance and reliability:
• High availability servers.
• Redundant power and cooling systems.
• High speed backup and restoration.
• High historical availability.
16 Controlling Operational Risk CENTRALCLEARING 4 – STP (Straight Through Processing):
CETIP
End to End
CENTRAL
Inicial
OPERATIONAL RISK IN CSDs 17 Elizabeth Garbayo CENTRALCLEARING - www.centralclearing.com.br
ACSDA November 2002