The significance of IT services and information systems in a modern financial institution such as Bank, Insurance Association PTE, TFI and others is indisputable and continues to grow over the years. The position of IT services is mostly the outcome of how the modern financial organizations are dependent on IT tools which support the ongoing implementation of processes. Nowadays, without the automatization of proccesses of information systems the organization could not carry out its core business activity.

The Financial Supervision Commission which serves as the financial sector regulator, sees the enormous impact of IT sector on the organization's functionality. Through the Revised Recommendation D / IT guidelines, the regulator presents to the financial institutions the guidelines on managing risks associated with information systems. The Revised Recommendation / IT guidelines introduced new and significantly changed requirements in the area related to the information processing, giving the institutions just two years for its full implementation. 

 

Before taking any actions that address the requirements of the Financial Supervision Commission, it is important to keep in mind that implementing the Recommendation D:

• Is not only the IT service obligation, but also the whole Organization such as Bank, TU, PTE or TFI
• Should be based on the principal of proportionality as well as on the results of risk analysis.

 

Based on the KPMG experience, the biggest challenge for the institution will be to ensure the compliance with the following recommendations:

• Managing the data quality (Recommendation 8)
• Managing the access rights to IT systems in accordance with the Segregation of Duties (Recommendations 5 and 11)
• Managing the end-user software, Recommendation 17
• Managing the security breach incidents (Recommendation 20)
• Scheduled and independent audits of the IT environment (Recommendation 22).

Due to the huge complexity of the recommendation D requirements and the short period of time remaining for its full implementation, the institutions should take immediate actions in this area. The KPMG support will allow you to complete these tasks in a pragmatic, time and cost efficient way.

 

Potential benefits for the client:

• The independent defining/ confirming the degree of compliance with the requirements of recommendation D by the institution
• Rapid and resourceful gap identification between the current situation and the requirements defined by the Regulator
• The use of rich experience and interdisciplinary KPMG team in terms of planning and implementing the remedial actions in accordance with the principle of proportionality defined by the Regulator
• Properly designed control environment in the areas covered by the recommendation.