IT risk high up on banks' agendas

Banks are putting IT risk high on their agendas, and are paying more attention to assessing vendor risk as a part of overall operational risk, according to a consultant at IDC.

Michael Araneta, senior consulting and research manager, IDC Financial Insights Asia-Pacific, said in the firm's latest report: "Banks have recognized that technology failures, including the failure of technology vendors to deliver, can have dire implications for business continuity and their institution's reputation."

The impetus to examine IT risk has come from both the banks' own initiatives as well as part of their Basel II compliance programs. They are also "forced by the current economic crisis", which has raised concern around the sustainability of some vendors' businesses.

"Banks are going beyond the cursory evaluation of annual reports, but are also looking more closely at other financial and performance metrics. Evaluation of the vendor's corporate governance structure is also being taken more seriously," he said.

Furthermore, with vendors pushed to be more mindful of "fee structures and engagement margins", banks have to watch that service levels are being maintained amid vendors cutting staff and resources.

Other factors named for the increased attention paid to IT risk were mergers among the vendors, and more stringent vendor selection guidelines imposed.

While some vendors have improved their standards of corporate governance and transparency, "it remains to be seen, whether changes are for the long-term or just coterminous with the weak economic climate", added Araneta.