Are risk mitigation systems really up to the task of protecting business?
The U.S. sub-prime mortgage crisis and the global economic problems that followed may or may not be responsible for creating conditions that led to the recent scandal at Soci??Â«t??Â« G??Â«n??Â«rale, France's third largest bank.
Regardless, the mortgage crisis and the trading scandal at Soci??Â«t??Â« G??Â«n??Â«rale do have some similarities. In each, risk management and compliance issues seem to have been the culprit, and the question in each scenario is whether software or human error is to blame.
The trading scheme cooked up by rogue trader J??Â«r??me Kerviel caused Soci??Â«t??Â« G??Â«n??Â«rale to lose more than $7 billion in investor funds, the largest investor loss in France's history. Rivals are circling the quarry as a potential acquisition target; Soci??Â«t??Â« G??Â«n??Â«rale's chairman, Daniel Bouton, is on the verge of being ousted, and the French police have stormed the bank's headquarters.
Could GRC (governance, risk and compliance) software have helped thwart these debacles?
Two fierce competitors in the enterprise applications space, Oracle and SAP, have spent millions to acquire companies-including I-flex, Interlace Systems, LogicalApps, and Business Objects-with GRC and risk mitigation technology, particularly for the financial services vertical.
According to financial service consultants and GRC vendors, while risk management systems are increasingly sophisticated, the systems are only as good as the people that run them.
Moreover, many financial institutions simply don't have the organizational will to take GRC seriously.
"It's a practical matter. The risk management process is one of lowering risk, not eliminating it," said Richard Speer, CEO of Speer & Associates, a strategic planning and risk mitigation consulting company for the banking industry.
One risk manager with extensive experience at several large international banks offered a much blunter assessment. "It costs a lot of money to really implement these systems, and a lot of these firms are unable or unwilling to implement this level of control. And it's not just systems, but teams of people running these systems and managers spending time doing the reviews," the manager said. The manager spoke to eWEEK on condition of anonymity because he is not authorized to discuss these matters with the press.