Information Technology Management for Central
Bankers and Supervisors
4-day intensive residential programme, 13 - 16
April 2004
Venue: Cumberland Lodge, Windsor
Course Director: Roy Laverick
Dear Delegate,
Information Technology Management for Central
Bankers and Supervisors
This course is designed to provide a forum for IT
specialists and managers, and senior staff in overall charge of the function
to step back and consider together the key challenges which they face.
It is a practical course, intended to provide possible solutions that
can be applied to concrete circumstances.
Even more than private-sector financial institutions,
central banks and financial regulatory agencies depend on reliable, secure
and robust information technology.
They also face particular challenges.
Diverse and changing public policy roles mean that
specialised systems must be developed, maintained and upgraded in each
area of a central bank's work.
The obligation to maintain confidence in financial
markets means that each of these systems, and especially technology supporting
financial operations and payment systems, must be exceptionally resilient
and failsafe.
This seminar aims to address the two most important
technology challenges faced by central banks and financial market authorities.
First, how the IT function can be managed to deliver most effectively
the potential benefits of robust and appropriate technology. Second, how
to ensure that, as core central bank/regulatory agency functions become
more and more dependent on technology, concurrent security and operational
risks are managed and mitigated.
These interlinking issues have implications
for budgets, training, contingency planning, risk management and the organisation
of the whole institution. Throughout the seminar, these questions will
be reviewed through case studies, examining how large and small central
banks and regulators have, in practice, dealt with these issues.
Another key decision for central banks and regulators
concerns the extent to which they can rely on commercially-available systems
and software. If outside expertise is needed, how can relations with vendors,
consultants and multilateral institutions best be managed?
The seminar meets in roundtable format to allow
an international group of delegates maximum opportunities to learn from
each other. The elite panel of speakers includes Jim Etherington, head
of the IT directorate at the European Central Bank, Chris Piper, head
of information systems and technology at the Bank of England, and Michael
Yorke, vice president of automation services at the New York Fed. All
discussions are held in small groups to encourage lively and informal
debate.
Key sessions examine:
Matching technology to outputs (in particular
payment systems, financial operations and monetary and supervisory analysis)
Security, audit, governance and policy-setting
Outsourcing vs. in-house systems development,
and
Technology risk management and contingency planning
Each topic allows participating supervisors and
central bankers an opportunity to "benchmark" their work against best
practice internationally and to exchange views with their peers in an
informal setting.
Participants learn from "tried and tested" solutions
developed in other jurisdictions. Of course, policy solutions have to
be adapted to specific circumstances and financial/banking systems. There
is no room for "one size fits all" solutions. But equally, there is no
excuse for delay or inaction.
Since 1999, over 550 supervisors and central
bankers have attended roundtable seminars hosted by Central Banking Publications
Ltd, publishers of Central Banking journal.
For more information about the programme, please
take a few moments to look at the detailed course contents presented on
the pages which follow.
We look forward to welcoming you to Cambridge
Yours sincerely,
William Clarke CBE PhD
Chairman, Central Banking Publications
| Tuesday 13th APRIL |
|
ORGANISING
THE IT FUNCTION
Course Chairman: Roy Laverick consultant and former IT audit manager at the Bank of England |
|
Introduction: organising the IT
function Central banks and financial regulatory agencies'
public policy mandates impose special demands on the information
technology infrastructure which supports them. Security and reliability
considerations must be addressed within the context of tight budget
constraints. IT managers must lead the adoption of beneficial technologies,
while also addressing demands of users. When new projects are planned
they must choose whether to "buy or build" and judge whether standard
commercial software can be customised cost-effectively. This session
examines how one of the world's largest central banks, the Federal
Reserve Bank of New York, has approached these trade-offs. One of the key decisions confronting IT managers in
the central bank or regulatory environment is the extent to which
they can rely on external sources of expertise and technology for
the provision and operation of their systems. Outsourcing effectively
represents the delegation to an outside body of some services that
traditionally may have been provided internally. Clearly the possibility
of taking this path requires detailed consideration, particularly
in respect of how outsourcing can be managed, and how it can be
aligned with core institutional aims. This session examines the
implications, costs and benefits of this approach. |
| Wednesday 14th APRIL |
|
GOVERNANCE
AND POLICYMAKING
|
|
Workshop: Using technology effectively
in a central bank/regulatory agency context This panel discussion/workshop builds on the
experiences of participants in their home institutions. Delegates
will be expected to give a short account of their institution's
use of technology, and the key outstanding issues which they face.
Delegates will each introduce themselves, and speak briefly on their
main challenges and their experiences in tackling them. Through
discussion, delegates will have an opportunity to benefit from each
other's expertise and experience. The role of the IT department Chris Piper, The
IT Department stands within the core area of a central bank or regulatory
body, and performs a major function as "facilitator" in most of
the institution's activities. IT managers must provide appropriate
technology to support economic analysis, payment systems and financial
market operations. This session examines how these challenges are
met at the Bank of England, and how the IT department interacts
with and contributes to the Bank's core functions. Frequently, upgrading information systems is
just one part of larger restructuring in an organisation. This complicates
the purely technical issues, and underscores the extent to which
IT issues are often as much managerial as technological. Drawing
on the speakers' experience of managing change at a series of central
banks, this session also calls on delegates to contribute and learn
from each other's experiences in this area. Financial supervision is one of the most data-intensive
functions undertaken by central banks or supervisors in both industrial
and developing countries. Often, dozens of technicians are involved.
New demands for increased controls over money laundering require
increasingly sophisticated manipulation of supervisory data. Once
again, IT professionals as well as banking supervisors are under
pressure. This session draws on the experience of the Gibraltar
Financial Services Commission in developing a leading-edge system
to support financial sector supervision. |
| Thursday 15th APRIL |
|
SECURITY,
AUDIT AND CONTROL
|
|
IT audit Central banks rely on their internal auditors
to provide an assessment for senior managers of the adequacy with
which system controls are functioning. To gain the maximum benefit
from this process it is essential that the auditors' activities
are focused on the most critical areas, and that their findings
are presented in a manner that allows shortcomings to be addressed
satisfactorily. This session will examine the ways in which these
objectives may be realised in the context of complex IT-based operations. For central banks and regulatory authorities,
control of reputational and operational risks are high priorities.
However, security concerns must be addressed within the context
of limited budgets and the need for the organisation's day-to-day
work to continue as efficiently as possible. Necessarily this involves
compromises, forcing IT specialists to deliver an appropriate trade-off
between security concerns and other factors. In this session, delegates
will split into a number of syndicate groups to explore where and
how different organizations have chosen to draw this line. For central banks and market authorities, formulating
an effective security policy raises a host of practical and managerial
questions: How should the formulation process be driven? To what
extent should users and consultants be involved alongside technicians?
What are the budgetary implications, and how can the inevitably
conflicting needs of security and financial stringency be addressed?
In addition this session will consider how the policy can be disseminated
to staff at the cutting edge (both technical and non-technical),
and how it can subsequently be policed. Maintaining security requires much more than
the existence of a plan. It must be put into action and monitored.
This raises the question of who should be responsible for performing
this ongoing role, and what are the essential elements of the function
(e.g. a clear security policy, availability of technical staff,
acting within an acceptable timescale). If security breaches are
detected sanctions must be available, and senior management notified.
Finally, there must be mechanisms to ensure that, where security
weaknesses are identified, enhancements are made quickly. |
| Friday 16th APRIL |
|
CONTINGENCY
PLANNING AND MANAGING IT RISKS
|
|
Contingency planning As operators of national payment systems, and
as key players in financial markets, central banks have long understood
the need for contingency planning to ensure that critical systems
can continue to operate in all conditions. This session examines
some of the key elements of a contingency planning strategy, including
how to balance the financial cost of contingency provisions and
the losses associated with the contingency materialising. Also addressed
is the methodology for identifying acceptable system "down time"
before alternative provisions must be made available and the methodology
for identifying the level of service which is acceptable when a
contingency situation arises. Around the world, dozens of central banks are
undertaking or planning payment systems reform, often with the goal
of implementing real-time gross settlement systems. This session
examines some of the wider institutional implications of this type
of project, looking in detail at new generation systems to support
RTGS, the typical life cycle of such a project and the interaction
between the IT and more general demands of this type of undertaking. The cornerstone of risk management and effective
contingency planning is testing. Only by playing out the scenarios
envisaged in risk management planning can IT managers ensure their
practicality. However, a balance must be achieved between robust
testing of the provisions and minimising the disruption to the organisation.
In addition, the dissemination of the contingency plan involves
its own risks: making it vital that users understand not only their
duties, but the importance of maintaining confidentially. A chance for delegates to share views and experiences gained during the four days of the course and learn from each other. |