Casestudy Of Governance In The Financial Sector
21 Pages5669 Words21 Views
Added on 2021-02-19
Casestudy Of Governance In The Financial Sector
Added on 2021-02-19
ShareRelated Documents
DEVELOP AN
INFORMATION
GOVERNANCE
POLICY FOR PFJ
BANK
INFORMATION
GOVERNANCE
POLICY FOR PFJ
BANK
Table of Contents
EXECUTIVE SUMMARY.............................................................................................................3
Overview..........................................................................................................................................3
Purpose.............................................................................................................................................3
Scope................................................................................................................................................3
Information security: Confidentiality, Integrity, Availability................................................3
Information Governance in the financial sector.....................................................................4
Financial conduct authority: ..................................................................................................4
Prudential regulation authority: .............................................................................................4
Policy..............................................................................................................................................5
Cyber security: .......................................................................................................................5
Related Standards, Policy and Processes.........................................................................................6
Financial services and markets act, 2000: .............................................................................6
International organisation for standardization (ISO): ............................................................6
National institute for standard and technology: .....................................................................6
Control objectives for information and technology: .............................................................7
Critical analysis and suitability: ISO Framework............................................................................7
Risk Management Process and Threat Modelling...........................................................................9
Implementation Plan......................................................................................................................11
The Policy......................................................................................................................................12
Introduction..........................................................................................................................12
Purpose of the Policy............................................................................................................12
Organization Approach to Information Governance............................................................12
Procedures............................................................................................................................13
Controls and Staff Guidance................................................................................................14
Risk Management.................................................................................................................14
Responsibility and Accountabilities.....................................................................................15
Conclusion.....................................................................................................................................15
REFERENCES..............................................................................................................................17
EXECUTIVE SUMMARY.............................................................................................................3
Overview..........................................................................................................................................3
Purpose.............................................................................................................................................3
Scope................................................................................................................................................3
Information security: Confidentiality, Integrity, Availability................................................3
Information Governance in the financial sector.....................................................................4
Financial conduct authority: ..................................................................................................4
Prudential regulation authority: .............................................................................................4
Policy..............................................................................................................................................5
Cyber security: .......................................................................................................................5
Related Standards, Policy and Processes.........................................................................................6
Financial services and markets act, 2000: .............................................................................6
International organisation for standardization (ISO): ............................................................6
National institute for standard and technology: .....................................................................6
Control objectives for information and technology: .............................................................7
Critical analysis and suitability: ISO Framework............................................................................7
Risk Management Process and Threat Modelling...........................................................................9
Implementation Plan......................................................................................................................11
The Policy......................................................................................................................................12
Introduction..........................................................................................................................12
Purpose of the Policy............................................................................................................12
Organization Approach to Information Governance............................................................12
Procedures............................................................................................................................13
Controls and Staff Guidance................................................................................................14
Risk Management.................................................................................................................14
Responsibility and Accountabilities.....................................................................................15
Conclusion.....................................................................................................................................15
REFERENCES..............................................................................................................................17
EXECUTIVE SUMMARY
The following report focused on corporate governance policy of PFJ retail banks and their
operations. It also emphasised the importance of cyber security and the principles followed by it.
Various acts have also been included like financial services and markets act, 2000 and prudential
regulation authority act that regulates the working of financial companies, investment banks and
insurance companies. The main objective of these acts are to ensure stability in the financial
markets of United Kingdom. Also, various ISO acts have been mentioned and their importance
has been stated in regulating the framework of all the companies of small, large and medium
scale.
Overview
PFJ is an European retail bank that mainly deals with investment banking and
consultancy service (Cherupelly, 2016). Headquartered in United Kingdom, the bank has
established a brand image mainly because of its safety and protective measures regarding the
information of their clients.
Purpose
In this digital environment, it has become imperative for every organization to protect their data
and information therefore for this purpose various acts and standards have been set up by the
government of United Kingdom to ensure smooth working of the companies. Various cyber
security principles have been established that emphasize on protection of intellectual data of an
organization and make sure that there are no unauthorized access into the website or digital
accounts of the company. The current study will highlight on the information governance policy
of PFJ bank, their strategy and other cyber security principles to protect the privacy of
intellectual and digital data of clients and customers.
Scope
Information security: Confidentiality, Integrity, Availability
Information security is concerned with protection of computer data and information from
viruses and hacking. It maintains the confidentiality, integrity and availability of data through
encryption and by using other security measures. The information security is widely used in
banks, financial institutions and stock exchange in order to protect the authenticity of data. For
3
The following report focused on corporate governance policy of PFJ retail banks and their
operations. It also emphasised the importance of cyber security and the principles followed by it.
Various acts have also been included like financial services and markets act, 2000 and prudential
regulation authority act that regulates the working of financial companies, investment banks and
insurance companies. The main objective of these acts are to ensure stability in the financial
markets of United Kingdom. Also, various ISO acts have been mentioned and their importance
has been stated in regulating the framework of all the companies of small, large and medium
scale.
Overview
PFJ is an European retail bank that mainly deals with investment banking and
consultancy service (Cherupelly, 2016). Headquartered in United Kingdom, the bank has
established a brand image mainly because of its safety and protective measures regarding the
information of their clients.
Purpose
In this digital environment, it has become imperative for every organization to protect their data
and information therefore for this purpose various acts and standards have been set up by the
government of United Kingdom to ensure smooth working of the companies. Various cyber
security principles have been established that emphasize on protection of intellectual data of an
organization and make sure that there are no unauthorized access into the website or digital
accounts of the company. The current study will highlight on the information governance policy
of PFJ bank, their strategy and other cyber security principles to protect the privacy of
intellectual and digital data of clients and customers.
Scope
Information security: Confidentiality, Integrity, Availability
Information security is concerned with protection of computer data and information from
viruses and hacking. It maintains the confidentiality, integrity and availability of data through
encryption and by using other security measures. The information security is widely used in
banks, financial institutions and stock exchange in order to protect the authenticity of data. For
3
instance, it prevents modification and manipulation of messages before they reach the intended
recipient thus preserving the original information. PFJ bank uses digital signatures to improve
authenticity and prompts all the customers and staff members to prove their identity before they
are granted access to the confidential data. Thus, in this manner the privacy and confidentiality
of computer information is maintained.
Information Governance in the financial sector
Information governance is concerned with providing reliable data to a financial sector as it
would help them in making business decisions. It helps a business in identifying their goals and
objectives, role of employees in achieving it and their responsibilities as part of implementation
and integration of program. Information governance is widely used in the financial sector like
banks, accounting companies and consultancy firms (Bossong and Hegemann, 2016). PFJ banks
uses information governance to store, access and filter the data of its business clients which
further helps them in management of information systems. Information governance and cyber
security principles are an important aspect of every business. While information governance is
concerned with authenticity of data, cyber security principles focus on protection of the data.
Financial conduct authority:
The financial conduct authority is a financial regulatory body in the United Kingdom. It
is an autonomous body that regulates and controls the activities of financial companies and
ensure smooth working in the financial markets of the country. The major objectives of FCA
include protecting the rights of consumers, market integrity and promoting fair competition in
the financial market. The activities of PFJ banks are monitored and regulated by the FCA to
ensure that fair business activities are adopted by the banking company.
Prudential regulation authority:
The PRA is a successor of financial services authority (FSA) and its main objective is to
supervise the working of banks, financial institutions,, credit unions, investment firms and
insurance companies. The PRA supervises the financial companies on the basis of three factors
like
Judgement based approach: The judgement based approach states that whether the
financial companies are safe and sound which means that whether the organisations are
economically stable to provide facilities to the clients and policy holders.
4
recipient thus preserving the original information. PFJ bank uses digital signatures to improve
authenticity and prompts all the customers and staff members to prove their identity before they
are granted access to the confidential data. Thus, in this manner the privacy and confidentiality
of computer information is maintained.
Information Governance in the financial sector
Information governance is concerned with providing reliable data to a financial sector as it
would help them in making business decisions. It helps a business in identifying their goals and
objectives, role of employees in achieving it and their responsibilities as part of implementation
and integration of program. Information governance is widely used in the financial sector like
banks, accounting companies and consultancy firms (Bossong and Hegemann, 2016). PFJ banks
uses information governance to store, access and filter the data of its business clients which
further helps them in management of information systems. Information governance and cyber
security principles are an important aspect of every business. While information governance is
concerned with authenticity of data, cyber security principles focus on protection of the data.
Financial conduct authority:
The financial conduct authority is a financial regulatory body in the United Kingdom. It
is an autonomous body that regulates and controls the activities of financial companies and
ensure smooth working in the financial markets of the country. The major objectives of FCA
include protecting the rights of consumers, market integrity and promoting fair competition in
the financial market. The activities of PFJ banks are monitored and regulated by the FCA to
ensure that fair business activities are adopted by the banking company.
Prudential regulation authority:
The PRA is a successor of financial services authority (FSA) and its main objective is to
supervise the working of banks, financial institutions,, credit unions, investment firms and
insurance companies. The PRA supervises the financial companies on the basis of three factors
like
Judgement based approach: The judgement based approach states that whether the
financial companies are safe and sound which means that whether the organisations are
economically stable to provide facilities to the clients and policy holders.
4
Forward looking approach: It means that the PRA evaluates the PFJ retail bank not only
against the current risks but also against the potential future risks (Zhang, 2019).
Focused approach: The major focus of PRA is on the companies that possess a great risk
on the stability of the UK stock market and can affect the economy of the country.
Policy
Cyber security:
Cyber security refers to technology and software designed to protect the devices,
networks, information and data from damage and unauthorized access. Cyber security is
important in all the sectors related to finance, medical, defence and education. Principles and
practices of cyber security include
Advanced access management: The cyber security involves use of two factor authentication in
order to allow access to the accounts and websites. The two factor authentication involves a
combination of username-password with one time password (OTP) or SMS in order to verify the
system.
Data encryption: Data encryption is a widely used practice by cyber security and it involves
encoding of data and information which can only be decoded by the receiver of that information
or the concerned user. The PFJ bank and other financial companies widely use data encryption
service in order to prevent theft and breach of security.
5
Illustration 1: Cyber security technology
against the current risks but also against the potential future risks (Zhang, 2019).
Focused approach: The major focus of PRA is on the companies that possess a great risk
on the stability of the UK stock market and can affect the economy of the country.
Policy
Cyber security:
Cyber security refers to technology and software designed to protect the devices,
networks, information and data from damage and unauthorized access. Cyber security is
important in all the sectors related to finance, medical, defence and education. Principles and
practices of cyber security include
Advanced access management: The cyber security involves use of two factor authentication in
order to allow access to the accounts and websites. The two factor authentication involves a
combination of username-password with one time password (OTP) or SMS in order to verify the
system.
Data encryption: Data encryption is a widely used practice by cyber security and it involves
encoding of data and information which can only be decoded by the receiver of that information
or the concerned user. The PFJ bank and other financial companies widely use data encryption
service in order to prevent theft and breach of security.
5
Illustration 1: Cyber security technology
Related Standards, Policy and Processes.
Bank regulations are designed and framed by government which allows commercial banks like
PFJ to operate in a certain environment and follow some guidelines and rules and regulations. It
also creates transparency between banking institutions and the parties with whom the business is
conducted. Regulatory framework includes various frameworks and code of conduct in order to
clarify the gaps between actual and standardized working.
Financial services and markets act, 2000:
The financial services and markets act, 2000 created the FSA and it regulates and monitors the
financial firms, investment banks and insurance companies to ensure smooth working of the
businesses. The benefits of the act includes reduction in financial crimes by people, maintaining
the confidence and trust of general public in the financial market and also it promotes the
understanding of public in the financial system of the United Kingdom. On the other hand
TRIPUNOSKA (2019) argues that, the weakness includes slow investigation of the cases that
further leads to loss of funds for the general public and also it causes negative impact on
companies like the act restricts the flexibility of the organisations to operate freely and
sometimes intervention.
International organisation for standardization (ISO):
The ISO is an international body that provides documents which state that the products are fit to
use for the purpose specified. In the view point of Nielsen ( 2016), the ISO standards are
extremely beneficial not only for consumers but also for the businesses as it helps businesses in
increasing customer satisfaction by providing good quality products and services. As a result, it
improves brand image of the company and makes it easy for them to access new markets
whereas the Nedzel (2018), argues that ISO standards cannot be reliable because it is an
autonomous body and not government owned therefore it cannot be completely relied upon.
National institute for standard and technology:
The NIST is a non-regulatory body of the United States that focus on promoting innovation and
increasing the level of competition among various industries. The main objective of NIST is to
develop information security standards and guideline. Providing customized cyber security
services according to the needs and wants of company, managing the risks associated with the
security services and taking actions accordingly are some of the benefits of NIST.
6
Bank regulations are designed and framed by government which allows commercial banks like
PFJ to operate in a certain environment and follow some guidelines and rules and regulations. It
also creates transparency between banking institutions and the parties with whom the business is
conducted. Regulatory framework includes various frameworks and code of conduct in order to
clarify the gaps between actual and standardized working.
Financial services and markets act, 2000:
The financial services and markets act, 2000 created the FSA and it regulates and monitors the
financial firms, investment banks and insurance companies to ensure smooth working of the
businesses. The benefits of the act includes reduction in financial crimes by people, maintaining
the confidence and trust of general public in the financial market and also it promotes the
understanding of public in the financial system of the United Kingdom. On the other hand
TRIPUNOSKA (2019) argues that, the weakness includes slow investigation of the cases that
further leads to loss of funds for the general public and also it causes negative impact on
companies like the act restricts the flexibility of the organisations to operate freely and
sometimes intervention.
International organisation for standardization (ISO):
The ISO is an international body that provides documents which state that the products are fit to
use for the purpose specified. In the view point of Nielsen ( 2016), the ISO standards are
extremely beneficial not only for consumers but also for the businesses as it helps businesses in
increasing customer satisfaction by providing good quality products and services. As a result, it
improves brand image of the company and makes it easy for them to access new markets
whereas the Nedzel (2018), argues that ISO standards cannot be reliable because it is an
autonomous body and not government owned therefore it cannot be completely relied upon.
National institute for standard and technology:
The NIST is a non-regulatory body of the United States that focus on promoting innovation and
increasing the level of competition among various industries. The main objective of NIST is to
develop information security standards and guideline. Providing customized cyber security
services according to the needs and wants of company, managing the risks associated with the
security services and taking actions accordingly are some of the benefits of NIST.
6
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Information Governance and Cyber Security : Assignmentlg...
|16
|5097
|158
Developing a security program in Banks of Americalg...
|14
|3858
|413
Information Security Management: Guidelines for Risk Management and Certificationlg...
|14
|3312
|209
Importance of Cyber Security Risk Management in E-commerce Companieslg...
|4
|729
|432
Implementation of CIAlg...
|4
|768
|382
Report | Concept of Information Securitylg...
|20
|4544
|57