Program to be released during event organized by the Brazilian Banks Federation (Federao Brasileira dos Bancos - FEBRABAN)
During the 4th Febraban Congress on Internal Auditing and Compliance, Modulo Security S/A, the leading information security company in Latin America, will launch Risk Manager™ Banking (www.modulo.com), the first Brazilian software program for IT risk assessment and Information Security knowledge management. The event will be held on November 27 and 28 at Novotel So Paulo Center Norte.
Risk Manager™ Banking is directed towards a wide-ranging public, comprising professionals from the technology, information security, auditing, risk management, compliance and legal areas of financial institutions. The tool supports the organization in complying with requirements regarding IT risk management and implementation of controls, according to national and international laws, regulations and standards, such as Basil Accord II, which determines operation rules for financial institutions and Central Banks around the world, providing guidelines on how to treat operating risk, and American Sarbanes-Oxley Act, which requires implementation of internal controls in all companies that trade in U.S. stock markets (including Brazilian companies' ADRs).
As to Brazilian laws, regulations and standards, Risk Manager™ Banking assists the financial institution in meeting the information security and secrecy rules issued by institutions like the Brazilian Central Bank, the CVM (the Brazilian equivalent to the American Securities and Exchange Commission - SEC), and the Federal Government, as well as in conforming to the New Brazilian Civil Code liability requirements. "There has been a strong increase in the sector's regulations during the last few years, which has changed the way information security is understood in banks. Nowadays, it's not enough to just be secure, you have to show you are secure", says Fernando Nery, founding partner of Modulo.
The tool
Risk Manager™ Banking complies with ISO 17799 standards and assesses risks in the Information Technology environment, taking into consideration technology, processes and people.
It also issues detailed executive and technical reports, used both to implement a higher level of security and to generate evidence for regulating agencies such as the Brazilian Central Bank, the Comisso de Valores Imobilirios - CVM (the Brazilian Securities and Exchange Commission) and the U.S. Securities and Exchange Commission (SEC), as well as for external audits and legal suits. "In addition to protecting the environment, information security actions increasingly have to comply with laws and regulations", says Fernando Nery, founding partner of Modulo.
Modulo's new tool integrates information technology with the business environment, and issues detailed executive and technical reports showing the risks connected to the main threats to the business, what to do to reduce operating risks, and other assessments. "The new Basel Accord requires banks to allocate capital to treat operating risk; the lower the risk, the less capital can be allocated, and therefore the more resources can be invested by the bank. Thus, for the first time, information security can be effectively relevant to the business, since the better the bank's security is, the more capital it can use in the market", complements Nery.
The event - 4 Febraban Congress on Internal Auditing and Compliance
During the event, on the 28th, Modulo will present a speech on "How to Deal with the Regulatory Aspects of Information Security in the Financial Segment (starting the reflection with COBIT and ISO 17799)", by Fernando Nery. Among the issues that will be addressed during the presentation, Nery will talk about Information Security and the regulating agencies, international laws, and how to integrate Information Security with Risk Management. "There's a need for clear evidence and internal policies, demonstrating that a financial institution's higher management has taken the necessary precautions to protect information on the bank and its account holders, preserving the security of the institution, as well as bank and fiscal secrecy", states Fernando Nery.