Information Technology Management for Central Bankers and Supervisors
4-day intensive residential programme, 10 April-
14 April 2005
Venue: Cumberland Lodge, Windsor
Course Director: Roy Laverick
Consultant and Former IT Audit Manager at the Bank of England
INFORMATION TECHNOLOGY MANAGEMENT FOR CENTRAL BANKERS AND SUPERVISORS
Even more than private-sector financial institutions, central banks and financial regulatory agencies depend on reliable, secure and robust information technology. They also face particular challenges.
Diverse and changing public-policy roles mean that specialized systems must be developed maintained and upgraded in each area of a central bank’s work.
The obligation to maintain confidence in financial markets means that each of these systems, and especially technology supporting financial operations and payment systems, must be exceptionally resilient and failsafe.
This seminar addresses the two most important technology challenges faced by all central banks and financial market authorities. First, how the IT function can be managed to deliver most effectively the potential benefits of robust and appropriate technology. Second, how to ensure that, as core central bank/regulatory agency functions become more and more dependent on technology, concurrent security and operational risks are managed and mitigated.
These interlinking issues have implications for budgets, training, contingency planning, risk management and the organization of the whole institution. Throughout the seminar, these questions will be reviewed through case studies, examining how large and small central banks and regulators have, in practice, dealt with these issues. The seminar meets in roundtable format to allow an international group of delegates maximum opportunities to learn from each other. The elite panel of speakers includes Jim Etherington, head of the IT directorate at the European Central Bank, Chris Piper, head of information systems and technology at the Bank of England, and Michael Yorke, vice president of automation services at the New York Fed. All discussions are held in small groups to encourage lively and informal debate.
Each session of the seminar allows participating supervisors and central bankers an opportunity to“benchmark” their work against best practice internationally and to exchange views with their peers in an informal setting.
Participants learn from “tried and tested” solutions developed in other jurisdictions. Of course, policy solutions have to be adapted to specific circumstances and financial/banking systems. There is no room for “one size fits all” solutions. But equally, there is no excuse for delay or inaction.
Since 1999, over 700 supervisors and central bankers have attended roundtable seminars hosted by Central Banking Publications Ltd, publishers of Central Banking journal.
For more information about the programme, please take a few moments to look at the detailed course contents presented on the pages which follow.
I look forward to welcoming you to Windsor.
Yours sincerely,
William Clarke, PhD, CBE
Chairman, Central Banking Publications
Chairman: Roy Laverick, Consultant and former IT audit manager at the Bank of England
Introduction:
organising the IT function
Michael
Yorke
Executive Vice-President, Automation
Services, Federal Reserve Bank of New York
Central banks and financial regulatory agencies’
public policy mandates impose special demands on the information technology
infrastructure which supports them. Security and reliability considerations
must be addressed within the context of tight budget constraints. IT
managers must lead the adoption of beneficial technologies, while also
addressing demands of users. When new projects are planned they must
choose whether to “buy or build” and judge whether standard
commercial software can be customized cost-effectively. This session
examines how one of the world’s largest central banks, the Federal
Reserve Bank of New York, has approached these trade-offs.
Workshop: organising the IT function
Roy
Laverick
This workshop builds
on the experiences of participants in their home institutions. Delegates
will be expected to give a short account of their institution’s
use of technology, and the key outstanding issues which they face. Delegates
will each introduce themselves, and speak briefly on their main challenges
and their experiences in tackling them. Through discussion, delegates
will have an opportunity to benefit from each other’s expertise
and experience.
Management information systems
William A. Barouski
Senior Vice President, Customer
Relations & Support Office,Federal Reserve Bank of Chicago
All central banks now understand the critical
role of computer based accounting and management information systems.
IT professionals need to establish standards for hardware, software
and data structure in any MIS. In addition they must analyse, design,
develop, test and implement these systems - and provide system support.
However successful implementation of an MISis as much an organisational/management
issue as it is a technical one. This session examines how technology
departments should approach the creation, expansion or redesign their
institution’s MIS.
HR for effective IT in a central bank
Chris
Piper
Head of Information and Market Systems
Division,Bank of England
As central banks and regulatory authorities rely
increasingly on technology the number of staff devoted to the function
grows correspondingly. Making the IT function successful depends critically
on how the human resources of the IT department are managed. This not
only encompasses training, motivation and staff development, but also
strategic issues. Technology departments must maintain capabilities
even if functions are outsourced. Similarly, new systems must be developed
in the light of a realistic assessment of the current and future staffing
environment. The speaker draws on his experience of managing the IT
function of the Bank of England.
Formulating IT security policy
Dr
James Backhouse
Computer Security Research Centre,
London School of Economics
For central banks and market authorities, formulating
an effective security policy raises a host of practical and managerial
questions: how should the formulation process be driven? To what extent
should users and consultants be involved alongside technicians? What
are the budgetary implications, and how can the inevitably conflicting
needs of security and financial stringency be addressed? This session
also considers how the policy can be disseminated to staff at the cutting
edge (both technical and non-technical), and how it can subsequently
be policed.
The control and audit of infrastructure
providers: a case study
Phil Kenworthy
Director, Group Audit, CLS Group
Central banks and regulatory bodies are increasingly
becoming involved in overseeing a variety of critical IT market infrastructure
systems that embrace a wide range of external players, both as users
and service providers. The most recent of these is the Continuous Linked
Settlement System (CLS) which is responsible for the daily settlement
of over $1.5 Trillion of FX trades and which is regulated by the New
York Federal Reserve on behalf of those Central Banks linked to the
system.
Such systems raise a number of challenges for both the authorities and those internal to the organisation in ensuring appropriate levels of security, resilience and consistent Corporate Governance practices. In particular, the geographical distribution of the systems across different jurisdictions and the reliance on disparate infrastructure providers, who are based in the commercial sector, can make it difficult to implement unified policies and raises problems in monitoring their success. This presentation will detail the key challenges that confronted CLS' Auditors' in these areas, together with the solutions that were employed to address them.
Security case study: internet protocols
for high-value payments
William A. Barouski
Senior Vice President, Customer
Relations & Support Office, Federal Reserve Bank of Chicago
As electronic payments and the growing
use of electronic commerce continue to displace paper-based payment
instruments central banks are increasingly considering adopting internet
protocols for large-value payments. Despite improved encryption and
resiliency, this nonetheless poses a particularly acute case of the
general security challenge caused by the interaction of powerful computing
devices and interconnected networks. This session examines the Federal
Reserve’s current project to move large-value payments onto internet
platforms, and considers in particular the security implications and
challenges of this transition.
Delivering security
Syndicate group discussion
For central banks and regulatory authorities,
control of reputational and operational risks are high priorities. However,
security concerns must be addressed within the context of limited budgets
and the need for the organization’s day-to-day work to continue
as efficiently as possible. Necessarily this involves compromises, forcing
IT specialists to deliver an appropriate trade-off between security
concerns and other factors. In this session, delegates will split into
a number of syndicate groups to explore where and how different organisations
have chosen to draw this line.
Contingency
planning
Jim
Etherington
Head of Information Systems Directorate,
European Central Bank
Testing contingency plans
Manager, Business Continuity Division, Bank of England (invited)
The cornerstone of risk management and effective contingency planning is testing. Only by playing out the scenarios envisaged in risk management planning can IT managers ensure their practicality. However, a balance must be achieved between robust testing of the provisions and minimising the disruptionto the organisation. In addition, the dissemination of the contingency plan involves its own risks: making it vital that users understand not only their duties, but also the importance of maintaining confidentially.
Managing risks in central bank IT
Syndicate group discussion
Risk management in a central bank goes far beyond the existence of a contingency plan. IT risks must be monitored and managed. This raises the question of who should be responsible for performing this ongoing role, and what are the essential elements of the function. If security or operational failures are detected sanctions must be available, and senior management notified. Finally, there must be mechanisms to ensure that,where weaknesses are identified, enhancements are made quickly.
Legal issues
in central bank IT
Speakers to be confirmed
Ensuring the security and integrity of information
and networks raises many legal and policy questions. Breaches in information
security create the potential for law suits by counterparties and others.
This session focuses on a wide array of legal and regulatory issues of
which managers, IT professionals, and others should be knowledgeable.
Topics include: e-contracts, digital signatures, the ownership, protection,
and exploitation of intellectual capital, regulatory issues, ISP and website
liability,including defamation and copyright infringement, securities
regulation, and policy issues including privacy rights, security and encryption,
and obscene materials online.
Problem surgery and course conclusion
Roy Laverick
The day and course concludes with a discussion led
by thechairman. This provides a chance for delegates to share viewsand
experiences gained during the four days of the course anddraw conclusions
and action plans which they can take back totheir home institution.