Alyned Thinking

Why new thinking is needed and how we are putting our expertise to work.
Paint roller covered in turquoise colour

8 neue Anforderungen für CIO und CISO aus der MaRisk-Novelle 2016

Vor wenigen Wochen, im Februar 2016, wurde ein Entwurf für die Novelle der Mindestanforderungen an das Risikomanagement (MaRisk) durch die Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) ausgegeben. Sollte der aktuelle Entwurf zur Konsultation so verabschiedet werden, würde dies sicherlich eines der größten regulatorischen Änderungen im deutschen Bankenwesen der letzten Jahre darstellen.

Wie bei jeder neuen regulatorischen Anforderung, müssen verantwortliche Personen in den jeweiligen Fachabteilungen analysieren, welche Bedeutung die neuen Anforderungen für ihre Verantwortungsbereiche haben und welche Maßnahmen zur Umsetzung notwendig sind.

Bei Alyne haben wir diesen Schritt schon einmal vorab für die Verantwortlichen von IT (CIO) und IT-Sicherheit (CISO) in Banken durchgeführt und haben 8 wesentliche Änderungen für diese Bereiche identifiziert.

Read more ...
Multiple arrows pointing in the upward direction on a blue background

How to succeed as a new CISO — Part 1

Congratulations! You have a new job as something like CISO (Chief Information Security Officer), CSO (Chief Security Officer), Head of Information Security or similar. This can be a great gig or it can be your worst nightmare (sometimes more or less at the same time).

I’ve been there and I have the scars and credentials to prove it. So, let me give you some tips for your first days.

Read more ...
Multi-coloured measuring tape

Doing Risk Assessments Right

Most organisations follow a sample based approach to identifying risk or gaining assurance for reasons of cost and practicality. Risk Assessments are already widely used and accepted as a method for risk identification and assurance and can be an extremely powerful and cost effective tool when done right and an utterly useless tool if done wrong. Consider the global practice of filing tax returns as a highly effective way of getting billions of people to declare their income and deductibles through a self assessment process. The previous Safe Harbor scheme, on the other hand, is an example of applying self assessments without any controls or meaningful oversight and using self assessments very poorly.

Read more ...
A typewriter and an old printer on a street next to a park

Can Risk Management and Compliance be digitalized?

Digitalization is a seemingly new buzz word on the agenda in many organizations as well as in pitch decks of savvy consultants. It describes the introduction of digital technology to an organizational process to make existing activities more effective or deliver a new service to the organization. Avoiding manual steps, human intervention and any unnecessary interfaces are commonly a focus point. Over the past decades, the term has been used in various contexts, from actually transforming physical processes like type setting to digital printing or using computer aided design instead of pencil and paper. However, in today’s practice, businesses usually mean leveraging X-as-a-Service offerings to apply flexible and scalable technology to optimize a specific business outcome when talking about digitalization.

Read more ...
Business people walking next to a glass building

Supporting the development and adoption of RegTech

This text was submitted as an answer to the UK Financial Conduct Authority’s Call for Input on Regtech. We’re publishing it also here on our blog to foster wider discussion.

Based on our extensive experience in this field, we have been discussing several RegTech-related ideas here at Alyne (further thinking on this in our blog).

In the tradition of other “-Techs” (such as “FinTech”), we understand RegTech as digitisation of regulatory compliance processes. Digitisation is of course a buzzword itself, but it helps to frame it more in the context of automation. In other industries and topic areas, it is envisioned to completely substitute manual processes at some point or at least augment human capabilities and capacity to rapidly scale and leverage the output of manual processes.

Read more ...