CIOZone.com - Professional Network for CIOs and IT Professionals

THE OPERATIONAL RISK MANAGEMENT PLATFORM

In April of 2005, SocGen, however, announced that the IT organization of its corporate and investment banking arm (CIB) had also chosen Tibco to provide its core business integration and SOA enablement platform. Said CIB IT Strategy Manager Laurent Avent, at the time, "In our business environment where a delay of a few milliseconds in a process or transaction can have a considerable negative impact on profitability, it is critical to ensure that all processes are tightly integrated and managed."

In 2005, Tibco also rolled out its version of Complex Event Processing (CEP). Stanford University Emeritus Professor David Luckham, who is generally considered the father of CEP, explained to CIOZone that CEP is a defined set of tools and techniques for analyzing and controlling the complex series of interrelated events that drive modern distributed information systems. It helps IT professionals to understand what is happening within the system and quickly identify and solve problems. It also, Tibco claims, enables an organization to accelerate the identification of threats and opportunities, such as those later experienced by SocGen. Tibco pitched its major customers including SocGen on CEP under the brand name BusinessEvents, according to a source who asked not to be named, but SocGen did not become a CEP user.

That may have been a costly decision. Alan Lundberg, Tibco's senior product marketing manager, wrote in a January 24, 2008, company blog: "When I first started talking to clients and prospects about Tibco BusinessEvents and CEP, I used to present the case study of Barings Bank, the hallowed British bank that was essentially bankrupted by the extracurricular activities of a rogue trader in their Singapore office by the name of Nick Leeson. After hearing me out, one of their suggestions was that the case occurred so long ago and banking security systems are so much better that the case really doesn't apply these days. But today's news about the $7 billion French bank fraud from a trader employee suggests that the topic is still quite relevant...When you think about it, given the recent advances in CEP, banks can now deploy off-the-shelf CEP tools for internal fraud and compliance-correlating positions and trading events in real-time to get an overall 'situation assessment' of the banks' trading position, and generating the necessary events in order to prevent these situations before they are able to...um...deux a Nick Leeson."

Asked in an email from CIOZone if SocGen was one of the customers to whom he mentioned Nick Leeson, Lundberg didn't respond.

In 2005, SocGen also selected Accurate Software's operational risk management platform, Accurate NXG, to automate the processing of its cash transactions across the departments at its Paris headquarters. Accurate's then head of solutions management, Robert Hanbury, in a press release, said the bank also applied NXG to its risk management requirements for building up an operational risk profile for Basel II regulations created by the Basel Committee on Banking Supervision, whose membership is composed of senior representatives of bank supervisory authorities and central banks from the G-10 countries (Belgium, Canada, France, Germany, Italy, Japan, the Netherlands, Sweden, Switzerland, the United Kingdom and the United States.) The purpose of Basel II, which was initially published in June 2004, is to create an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face.

With the improved management reporting available via Accurate NXG's business intelligence dashboard technology, senior management could be constantly alerted to critical areas of potential loss. Accurate's dashboard can intelligently display a wide variety of business metrics, which can be instantly accessed online throughout the organization. Essentially, NXG is an integrated software suite that manages the deal life cycle of both physical and financial transactions across a variety of markets.

Accurate also claimed the centralization and standardization provided by the NXG platform push allowed the bank to turn off a number of standalone systems, including two instances of Smartstream's Corona, a modular solution for the reconciliation and exception management of accounts, payments and securities as well as FX (Forex or currency trading), money market and derivatives. Accurate was subsequently acquired by CheckFree. In turn, CheckFree was acquired by Fiserv, a processor of financial data, on Dec. 4, 2007. "We still sell the solution Accurate NXG as part of our solution suite of products in the reconciliation and exception management/operational risk management area," said Gillian Clare, senior product marketing manager at CheckFree (which is now part of Fiserv), in an e-mail. Clare, however, did not respond to questions inquiring if SocGen was still using NGX.

At about the same time it went with the Accurate NXG platform, SocGen chose to deploy SAS OpRisk Monitor from SAS Institute, the risk management and business intelligence software vendor. The OpRisk Monitor is designed to automate the processes for managing all internal risk information—not just deal cycles—through what SAS describes as a user-friendly process with a single system. "The software facilitates the entry, collection, transfer, storage, analysis, tracking and reporting of operational loss events, key risk performance indicators, risk assessment results and control assessment drawn from multiple locations across an organization," SAS says.

In a SAS press release, Martine Tribulet, project manager for the bank's Basel II/ operational risk initiative, touted the benefits of SAS OpRisk Monitor. "Effectively monitoring and controlling internal operational risks is a strategic issue for us," she said. "We are working closely with SAS on developing an integrated solution that fully supports our quantitative and qualitative approach to the management of operational risk."

In the third quarter of 2006, however, SocGen and SAS parted ways. "It was simply a matter of SAS going one way and SocGen another," a SAS spokesperson says. Ironically, SocGen would later be criticized for lacking the kind of holistic business intelligence capabilities that are integral to SAS's operational risk management offerings. Again, for whatever reason, SocGen decided against selecting a business intelligence-based risk management solution that could have provided a holistic picture of the risks Kerviel presented with his rogue trades.