To read the full version of this content please select one of the options below:

A probabilistic approach to IT risk management in the Basel regulatory framework: A case study

Semir Ibrahimovic (Department for Management and Information Technologies, School of Economics and Business in Sarajevo, Sarajevo, Bosnia and Herzegovina)
Ulrik Franke (Swedish Institute of Computer Science, Stockholm, Sweden)

Journal of Financial Regulation and Compliance

ISSN: 1358-1988

Article publication date: 8 May 2017

Abstract

Purpose

This paper aims to examine the connection between information system (IS) availability and operational risk losses and the capital requirements. As most businesses today become increasingly dependent on information technology (IT) services for continuous operations, IS availability is becoming more important for most industries. However, the banking sector has particular sector-specific concerns that go beyond the direct and indirect losses resulting from unavailability. According to the first pillar of the Basel II accord, IT outages in the banking sector lead to increased capital requirements and thus create an additional regulatory cost, over and above the direct and indirect costs of an outage.

Design/methodology/approach

A Bayesian belief network (BBN) with nodes representing causal factors has been used for identification of the factors with the greatest influence on IS availability, thus helping in investment decisions.

Findings

Using the BBN model for making IS availability-related decisions action (e.g. bringing a causal factor up to the best practice level), organization, according to the presented mapping table, would have less operational risk events related to IS availability. This would have direct impact by decreasing losses, related to those events, as well as to decrease the capital requirements, prescribed by the Basel II accord, for covering operational risk losses.

Practical implications

An institution using the proposed framework can use the mapping table to see which measures for improving IS availability will have a direct impact on operational risk events, thus improving operational risk management.

Originality/value

The authors mapped the factors causing unavailability of IS system to the rudimentary IT risk management framework implied by the Basel II regulations and, thus, established an otherwise absent link from the IT availability management to operational risk management according to the Basel II framework.

Keywords

Acknowledgements

U. Franke was supported by the Swedish Civil Contingencies Agency, MSB, agreement no. 2015-698.

Citation

Ibrahimovic, S. and Franke, U. (2017), "A probabilistic approach to IT risk management in the Basel regulatory framework: A case study", Journal of Financial Regulation and Compliance, Vol. 25 No. 2, pp. 176-195. https://doi.org/10.1108/JFRC-06-2016-0050

Publisher

:

Emerald Publishing Limited

Copyright © 2017, Emerald Publishing Limited