The USA PATRIOT Act might have been developed to combat terrorism and money laundering, but its stipulations for record keeping,…
The security and availability of banking services are often taken for granted by customers. Behind the scenes, strict legal mandates actually make data security and availability a necessity. Basel II in particular sets a high standard for international banking. Here we take a look at how Basel II redefines the necessity of both high availability (HA) and disaster recovery (DR).
Who Is Affected by Basel II?
Basel II affects the world’s larger banks. Those that operate on an international or global scale in particular will be affected by the Basel II accords. However, these standards to keep customers’ assets secure and available should be seriously considered as guidelines for any financial institution.
The data management practices mandated by Basel II specifically revolve around e-banking, which in today’s world represents the majority of banking practices. There are two aspects of Basel II that particularly target banks’ data management practices: the requirements regarding risk management, and mandatory disclosure.
Companies that abide by Basel must have effective incident response mechanisms to mitigate operational and legal consequences from unexpected interruptions of service. These interruptions include anything that affects the provision of e-banking systems and services, like internal and external attacks, disasters, and even simple hardware failure. In light of this, Basel specifically states that “to meet customers’ expectations, banks should therefore have effective capacity, business continuity and contingency planning.” In other words, business continuity with high availability (HA) solutions is key for meeting compliance.
In regards to appropriate disclosure, companies must ensure that their data is secure, reliable, and accessible so that you can make reports whenever necessary – even on a moment’s notice.
More key points to consider include:
- Defining logical and physical access controls
- Arranging clear and accessible audit trails for e-banking transactions
- Establishing appropriate authorization privileges and authentication measures
- Assessing the security of third party vendors who also provide services for your company
What You Need To Be Compliant
Basel makes two key demands for your company’s data: that it is secure and available.
First of all, the Basel Committee on Banking Supervision (BCBS) specifically mandates that banks “…have the ability to deliver e-banking services to all end-users and be able to maintain such availability in all circumstances.” This means that all relevant applications and data must be both accessible and useable. To achieve this, you will need high availability (HA), partial failover, and disaster recovery (DR) solutions in place.
While HA will keep your business operations continuous in the face of a disaster, partial failover will allow you to tailor your availability for when only a subset of applications go offline. Since system failures are inevitable, Basal recognizes that companies will need to rely on HA and partial failover, stating that banks “…must have the ability to deliver e-banking services to end-users from either primary (e.g. internal bank systems and applications) or secondary sources (e.g. systems and applications of service providers).” Finally, DR solutions will protect you from data loss, which would be a more serious issue entirely.
In this series we outline how 5 of today’s biggest regulations affect your company’s information security and availability.
If you’re interested in seeing how other regulations affect your data, check out:
- The Gramm-Leach-Bliley Act (GLBA)
- The Sarbanes-Oxley Act (SOX)
- The USA PATRIOT Act
For more information on how to keep your data secure, available and compliant for regulations like Basel II, contact us today at 317 – 707 – 3941 or use the form below.