Basel III Cybersecurity Requirements for Data Storage

From: BNA/Bloomberg Law

By Richard A. Blunk and Eric W. Armstrong

Richard Blunk is Managing Director and General Counsel of Thermopylae Ventures, LLC, a Dallas-based alternative investment group with interests in cybersecurity, intellectual property monetization, alternative litigation finance, fire retardants, Internet addresses, inbound foreign investment, vocational rehabilitation equipment, sports medicine and Texas real estate.

Eric Armstrong is Controller and Compliance Manager of Virdatint, Inc., a Dallas-based software company that provides a comprehensive distributed data virtualization, federation, integration, master data management, analytics and security platform where the data remains in its original source and format.

The recent global financial crisis has led to the recognition that major financial institutions — both domestic and international — need to better understand and inform their management and directors about the enterprise’s aggregate risk exposure. Emphasis on key features — including the development of appropriate corporate governance, infrastructure, reasonable cybersecurity, the ability to provide management and regulators with accurate, timely and useful reports and overall supervisory review – serve as the foundation upon which the Bank of International Settlements (BIS) implements Basel III.1 The Federal Reserve has followed suit in mandating enterprise risk management programs that provide similar required identification, assessment, quantification and aggregation of key organization-wide risk.2

Since the majority of international financial transactions are consummated through BIS, “globally significant” U.S. banks that participate in this type of transaction will be subject to these Basel III directives. Among them is the requirement that the bank design, build and maintain its data architecture and information technology in a manner that fully supports the required quality of risk aggregation. Following this mandate, U.S. financial institutions must obtain both a baseline of the organization’s current and desired risk profile to implement and maintain those proactive steps that would bring the baseline risk into compliance with the enterprise’s desired risk profile.

Read Complete Article

Leave a Reply

ten − three =