Defining our discipline audit
audit and control
After a lengthy period of heady growth and development, it is evident that the
world's business and financial dimate has entered a new phase.The Asian crisis,
difficulties in Russia and South America, and volatility in most of the worlds'
leading financial centres are all symptomatic of a deeper systemic shift. True, the
more extreme forms of market contagion may be contained, and opportunities
for expansion certainly remain, but nevertheless we are now operating in a
dimate of more cautious conservatism.
Resolving issues
Top priorities
Disaster recovery
Providing assistance
Triple-A rating
18 What'sNewS
Issue 11 November 1998
This new climate is clearly reflected on
the regulatory stage. In the Nether-
lands and elsewhere, banking supervisors
are fundamentally shifting their emphasis
from protecting savers to more broadly
ensuring stability of the financial system
as a whole. That means a very real shift
away from quantitative concerns related
to solvency and credit portfolios; more
qualitative priorities pertaining to
administration, internal control, and risk
management are now uppermost.
This shift has added impetus to our
ongoing efforts to upgrade our internal
administrative and operational
infrastructure. While development of this
infrastructure lagged behind during our
period of headlong international
expansion, it is now clear, that if we
wish to provide value to all of our
customers, and thereby consolidate that
commercial expansion, we
will crucially require
reliable administration,
dependable information
and control systems, and
stable transaction
processing. 'These might
not seem like terribly sexy
issues, but it has become
inescapably clear that
resolving them will be
decisive not only to the
further development of the
bank, but also to satisfy
regulators,' warns Henk
Leliveld of control RI. 'One cannot over-
emphasize the importance of this
situation. Banking supervisors grant
operating licenses - but they can also
suspend them, take them away
altogether, levy fines for non-compliance
with directives and recommendations,
and take a much more interventionist
role in what types of business a financial
institution can pursue.'
Non-complacent Rik
van Slingelandt, taking
nothing for granted
What's more, not only have visits
by various regulatory authorities
to important offices ranging from
New York to Sydney turned up a
number of issues of profound
concern, but these concerns have
been communicated to us in
strong and unambiguous terms.
At the same time, our own
internal audits have generated a
substantial list of issues that
remain unresolved. During the
RICO meeting this summer, Rik van
Slingelandt pointed to a serious number
of open items on our audit status report
(ASR) agenda - some of which dated
back to 1995. And these items stand
apart from the equally pressing issues of
the euro conversion and the millennium
bug. Having already directed general
managers throughout the R1 network to
address these issues as a matter of top
priority, management reiterated
its concern at the RICO and
noted that we must address
them quickly and effectively.
A good example of how the
network can react is seen in
Sydney's response to a report
that followed the Dutch central
bank's visit to Sydney, which
stated that there were
insufficiënt contingency plans in
the event of a system
malfunction or unexpected
event, nor were there sufficiently
complete and up-to-date procedures for
the logical and physical security of the
local area network (LAN), for system
development, and for the IT operation
overall. The office was quick to bring in
external consultants, study the problem,
produce a 160-page disaster recovery
plan, and implemented stringent new
security procedures.
Henk Leliveld on our
future performance
More broadly, we have also taken
important steps to address these issues
network-wide. We have implemented an
audit and compliance committee (A&CC)
within RI, appointed a dedicated
executive specifically responsible for
monitoring, developed a number of new
procedures and systems, and created
global operations support (GOS) teams to
provide on-the-spot
assistance in offices where
it is needed. We will soon
complete a study aimed at
finding commonalities in
supervisors' various
remarks that may suggest
consistent patterns that
can be addressed
network-wide. While
roughly a third of the
outstanding issues have
already been addressed,
many challenging ones
remain, and others have arisen to take
their place. There is much hard work still
to be done. And, finally, here is a limit to
what can be done centrally. 'The greatest
challenge confronts offices themselves,'
says Leliveld.
Some weeks ago, 1BCA, one of the world's
leading credit rating agencies reconfirmed
our position as a triple-A rated bank. M
Although this status has yet to be
officially reconfirmed by the remaining
two agencies, Moody's and Standard
Poor's, we nevertheless have every reason
to expect to remain the only non-
governmental bank in the world to enjoy
such a rating from all three agencies. But
the focus has shifted: as markets and
systems become faster-moving, far more
complex, and prone to instability and
periodic shocks, solvency and liquidity
issues take second place to those of
stability. Little surprise that regulators
patience with non-compliance is coming
to an end. 'I would like to stress that we
have no margin for complacency,' says
Van Slingelandt, who chairs the A&CC.
'While we have made progress addressing
some outstanding issues, many more
remain to be resolved. These issues are
top priority, next to the euro and
millennium. Our future performance will
depend on whether all relevant managers
can deliver results in good time.'