Enhancing risk management and regulatory compliance ...€¦ · Enhancing risk management and regulatory compliance capabilities ... End to End Visibility with IBM Enterprise Integration

© 2010 IBM Corporation

Enhancing risk management and regulatory compliance capabilities

Duong Cong Minh – IBM Vietnam SWG


Enterprise Service Bus – Business Integration to Banks

Agenda

2

Why now for integrated Risk Management?

Flexible, Agile Business Connectivity Platform

Customers Reference

Architecture Overview



Agenda

3



Customers Reference




Problem:Incorrect Valuation of Inherent Risk Regarding Financial Innovation

Lost Trust and Confidence of the Customer

Causing…Business Model Uncertainty about How to Create a Sustainable Advantage

Eroding Margins

Increased Regulation

The Banking Industry is Under Stress



25 billion market data messages handled each day, placing the global trading IT infrastructure under extreme stress

80% of Financial services firms say their governance, risk and compliance processes are still not integrated across their enterprise

93% of the 285 million electronic attacks in 2008 were focused on the finance sector,

well over half detected by third parties.

The Need for Action is Clear



Smart risk – Collecting better information, using it quickly and effectively, and minimizing human interaction in routine events

A smarter bank is instrumented, enabling businesses to measure and control data at the atomic level, allowing them to sense and respond quickly and precisely.

A smart bank’s system is built on interconnected data that enables innovation, advances straight through processing and delivers a single source of the truth.

A smart bank enables the rapid, intelligent analysis of a vast mix of structured and unstructured data to inform judgments in order to effectively measure, monitor, and mitigate risk.

INTERCONNECTED INTELLIGENT

+

INSTRUMENTED

=+

BankingSmarter



The current financial turmoil has revealed six key issues

The world has changed and will change how firms manage riskEnough capital is not enoughMeasuring risk is not managing itPerception is value, and risk assessment can

be highly influenced by confidence and reputationSystemic risk management is a collective

responsibilityRisk needs to be managed across

organization…truly

A smarter approach to risk management is needed

Risk management:

The bank expanded the names checked on its anti-money laundering watch lists from 2,500 to more than 40,000 and reduced the number of false negatives and positives by 75 percent.

75% reduction in false results



Banking Benefits from Real-time Insight in Risk ManagementBanks can: Understand market and credit risk exposure

across multiple silos

Secure all transactions and forms of interaction

Proactively prevent increasingly sophisticated internal and external prohibited activities

Effectively manage detected events

Proactively manage internal and external potential risks

Understand and manage increasingly complex compliance requirements at optimal cost



Providing Insight to Risk Management through ConnectivitySmarter Risk Management for Banks

Multiple Information Sources Trusted View

Business Feeds

LOBs

Channels Geographies

• Counterparty• Risk-related• ….

Information Assets

Integrate & Consolidate

Aggregate data from multiple internal and external sources– Internal and external– Structured and unstructured– Real-time and near real-time

Standardize diverse representations of the same information in various sources

Link pertinent risk information across all sources

Reconcile gaps and anomalies in information

Capture lineage and provenance of information stored in the data warehouse

Cognos NowInfoSphere Streams

SolidDBWebSphere Front Office for

Financial Markets WebSphere MQ

WebSphere MQ Low Latency Messaging



IT

Foundational ExtendEnd-to-End Transform Adapt

Dynamically

Business

From Basic to Advanced, SOA Connectivity & Integrationis fundamental for linking business processes,

applications and information together

IBM's Smart SOAPowers Smarter Business Outcomes Across a Continuum



Agenda

11



Customers References



Enterprise Service Bus – Business Integration to VPBank

An Integration Strategy is NecessaryCore Business System Needs Information From Files, Apps, Customers, Partners

Point-to-point, FTP, batch interfaces are brittle, expensive to maintain, and unreliable

I/T can’t help the business innovate and compete because all funding allocated to “maintaining the spaghetti bowl”

Not cost-efficient to optimize existing business process without absorbing the high cost of an application migration

No mechanism to track long-lived process, or alert business users when a process stalls or fails

It’s the natural result when each application implementation project is allowed to pick it’s own integration methodology

Individual projects will usually take the “path of least resistance” – good for the project short-term, bad for the enterprise long-term

Infrastructure built with no blueprint or strategic vision results in a “spaghetti bowl”of interfaces and technology over time



Inflexible, complex operations and silo’d data prohibits banks from focusing on their clients

Compliance Reporting

Account Opening

Anti-Money Laundering

Payments Processing

Customers

Partners

Regulators

3rd Party Service

Providers

Processes



Organizations Leverage SOA Connectivity & IntegrationTo Address Critical Banking Business Needs

“Fast, flexible & reliable access to all transaction and account data”

“Trust, management & security for customer account and business risk data”

“Make it easy for the bank to access applications and data across and beyond the enterprise”

Banking Business Needs Common Adoption Patterns

Service Visibility & Governance

ESB Messaging & Enrichment

Extend Connectivity to Partners & Customers



The Power of ESB Messaging and Enrichment for Banking

Customer Centric Integration and Services Branch and Multi-Channel

Integration

Simpler Self-Service Banking Products

Integrated offerings across channels with reliable data

access and movementDistributed Banking Infrastructure offering enriched by access to centralized services

Core Banking Payments System Renewal

Ensure new systems still deliver robust

reliability with end-to-end Data Integrity

Offer new services by easily creating and connecting new, low-cost Web 2.0 apps



A Service:

A repeatable business task

(e.g., check customer credit; open new account)

The Neutral Way to Integrate = SOAChoreograph existing legacy, packaged, and external services

Service Orientation:

A way of integrating your business as linked

servicesand the outcomes that

they bring

Service Oriented Architecture (SOA):

An IT architectural style that supports service orientation

Composite Business Service:

A set of related & integrated services that

support a business process built on an SOA

CheckCustomer

CheckCredit

OpenAccount

CollectFunds

BusinessProcess

Completion

CRM System Financial System Business Partner System Core Banking System



End to End Visibility with IBM Enterprise Integration

Example process: Loan Origination Process

Core BankingLOS Card System eBanking DWH

Leverage WebSphere For all business application integration To optimize existing business process that spans across apps, core banking, and

business partners To monitor business process inside or outside of Bank For reduced risk and lower implementation costs

Create Customer

Loan & Submit

Loan Verification

and Evaluation

Customer Loan

ApprovalRelease

Credit LoanKeep track of Loan & Interest

Liquidate credit

contract

Dynamic cross-referencing, etc

Compensating transactions, etc.

Application Neutral Process Mgt End-to-End Monitoring – Business & Systems

Enterprise Service Bus

Customer RelationshipManagement

Product/ServiceDevelopment

EnablingProcesses

Product/ServiceSupport

Loan Process Management

Gateway System

WebSphere = Middleware market leader



SOA Guidelines for Bank

Evaluate the “as-is” application landscape and the “to-be” application landscape if embarking on a major transformation initiative

– Like walking with a blindfold on without this

Understand the integration strategy and the integration technology needed before starting the application implementation

– One of the biggest mistakes of many implementations

Establish I/T infrastructure “blueprints” and consolidate the number of software vendors

– Without this, the I/T organization will not be an enabler of the “agile enterprise” or be able to help the business innovate

Implement a governance strategy to stay on track and ensure maximum ROI– Near impossible to lower TCO and maximize ROI without governance

Choose a set of core partners who can assist and validate your SOA strategy– Different perspectives are healthy for your business

Think big, Start small, Execute fast

11

33

22

55

44



Enterprise Service Bus (ESB) ESB serves as the “integration highway” between disparate systems / process platforms Establishing Enterprise I/T Governance, Governance bodies, and controls is essential Enforces “quality of service” as data moves throughout the enterprise Provides a common, application independent, backbone

Data Mapping Auditing ValidationAggregation Monitor

Error HandlingRouting Pub/Sub Transaction

Commonly managed by Integration I/T Staff

Enterprise Service Bus

Commonly Managed by Application I/T Staff

Web ServicesRepository &Management

WebSphereProcessServer

App. LOS

PaymentGateway

APP APP

EnterpriseWeb Service

WebSphereAdapter

DWH

MessageQueue

CoreBanking

3rd PartyAdapter

CRM

ISO8583/Socket

Card System

IntranetPortal

MSApp.

MSApp.

PublishSearch

Governance

ServiceRepository

ServiceRepository ESR

Global:



Agenda

20



Customers Reference




Customer Example: SilverLake Integration – BIDV



Customer Example: SilverLake Integration – BIDV



Customer Example: SilverLake Integration – VietinBank

Legend

Syslog

10.10.2.67:80Silver Lake

Core banking

PC

Web Service Consumer

Web Service Provider

External System(Partners, Core

Securities)

DMZ (Test)

LAN

10.10.2.86

Flow 1: ISO8583/TCP

Flow 2: Web Service Query of Investor's account.

Provided by IBM

MQ: MQT21AMQ

Syslog

DataPower XI50

FW1443

192.168.9.2

FW22080

192.

168.

6.10

0:20

80

192.

168.

5.1

Mask: 255.255.255.0

GW: 10.10. 2.1

10.10.2.67

Mask: 255.255.255.0

192.

168.

9.4

MQ user name: Q.LOCAL.XI50

Request/reply queue:

Q.LOCAL.XI50.REQUESTQQ.LOCALXI50.REPLYQ

MQ

WS-Security withSOAP/HTTPS

SOAP/HTTPS

Message Broker10.10.2.70:80

VietinBankSWITCHISO8583/TCPVNPay


10.10.2.202 ISO8583/TCP

ISO8583 transformation

WebSphere Transformation Extender

ISO8583 mapped file

MQ

Services

WS-Proxy•XML Threat Protection•XML Data Validation•Load Balancing•SSL Channel Security•Auditing•Authentication•Authorization•Others:•Service Level Management

ISO8583/HTTP

TCP Repeater


Let’s Build a Smarter Planet

Asia Commercial BankMulti-Channel Bank Transformation

IBM Confidential



Agenda

25



Customers Reference




26

System Context Diagram

BankESB

External Partners

Internet Banking

Bank Core Banking

Card Sys Gateway

MQ / Web Services

Web Services

Sock

ets

–IS

O85

83

Web Services

MQ

Web Service Client

Web Services



Legend

Logical Architecture

Syslog

PC

192.168.6.84:8232System X

192.168.6.82:8232System X

WAS: wast12

WAS: wast21Web Service

Provider

Web ServiceProvider

PC


Web Service Provider Web Service

Consumer

External System

(Partners, Core Securities)

DMZ LAN Branch Office Collection System

192.168.5.44

Flow 1: Web Service Query of Branches’Payable

Flow 2: Web Service Query of Household Loan Installment.

Flow 3: Web Service transformation of MQ interface.

Provided by IBM

MQ: MQT21A


WAN

SOAP/HTTP

MQ

Syslog

WS Message BrokerDataPower XI50

FW1443

192.168.9.2

FW22080

192.

168.

6.10

0:20

80

192.

168.

5.1

Mask: 255.255.255.0

GW: 192.168. 201.3

192.168.201.134

Mask: 255.255.255.0

192.

168.

9.4

SOAP/HTTPS

WS-Security withSOAP/HTTPS

172.23.84.41

SOAP/HTTPS

Core Banking

Message Broker

WS-Proxy•XML Threat Protection•XML Data Validation•Load Balancing•SSL Channel Security•Auditing•Authentication•Authorization•Others:•Service Level Management



IBM SOA banking architecture for reference

WebSphere Message Broker (ESB)

Cognos Loans Origination Risk Mgmt

Core Banking

CRM and others..

DWH ODS

ETL

PortalMBTT

Branch Mobile Internet

Customers

Message

Queue

DataPowerfor B2B

Partners

Securities Customs Tax Payment



TCO Reduction Pricing advantage Time to Deploy Cost to manage and maintain

Risk Mitigation Interoperability with Core Banking

and other applications Market-proven platform

Improve Business Innovation Process-driven (model, execute,

monitor, adapt) Leverage VPBank for standardized

business processes Leverage SOA for strategic

differentiators

Advantage of IBM TechnologyLower TCO, mitigate risk, and improve the business

1

2

3



Benefits of Adopting an Enterprise Service Bus (ESB)

Reduced development costs and speed of deployment– Robust ESB products allow for graphical assembly of interfaces between

applications

Lowers costs to maintain post-production– Interfaces are far more flexible to changes in the application landscape– Robust management, monitoring, and reporting facilities– Graphically oriented integration flows easily understood by someone other than the

person who developed it

Lowers cost of future development– All interfaces are inherently reusable and become “corporate assets”– Interface descriptions can be stored, searched, and loaded from a universal service

repository– Service repository can also govern security standards and lifecycle

Supports Real-time, Near-real-time, and batch oriented interfaces; allowing I/T to move data at an optimal efficiency for the business demands

Service Oriented Methodology Enables Option for True Business Process Optimization & Monitoring in the Future


Thank You



Connect & Save with ESB Messaging and EnrichmentIBM ESB Messaging and Enrichment Portfolio

WebSphere MQ: providing a messaging transport on distributed platforms to connect virtually any commercial IT system, extendable with WebSphere MQ File Transfer Edition

WebSphere MQ LLM: high throughput transport optimized for speed for your SOA

WebSphere Message Broker : built for universal connectivity and transformation in heterogeneous IT environments

WebSphere ESB: optimized with WebSphere Application server for an integrated SOA platform

WebSphere DataPower Integration Appliance XI50: purpose-built hardware for simplified deployment and hardened security

WebSphere DataPower LLM: predictive, low latency messaging and routing for data distribution in a purpose-built, hardware appliance

Documents

Enhancing risk management and regulatory compliance ...€¦ · Enhancing risk management and regulatory compliance capabilities ... End to End Visibility with IBM Enterprise Integration