Our June ISV Spotlight series features Yields.io, a model risk management software company based in Brussels, Belgium. Recently, co-founder Jos Gheerardyn sat down with us to talk about the IBM Financial Services Validated certification process, how they got started, and how he feels it benefits clients.
Overview
For over 6 years, Yields.io has been building software for model risk management, or the risk an organization takes when they use a mathematical model. Co-founders Jos Gheerardyn and Sébastien Viguié both started their careers in quantitative finance, and always did quantitative analysis for modeling or deploying models in high-risk environments. Soon they discovered it gradually got easier to build complex models to do these kinds of activities. The challenge was how to make those models reliable and ensure these algorithms are working 100% of the time.
After witnessing financial institutions’ growing dependency on decision-making models, and the challenges of adding advanced analytic techniques, like machine learning and AI, Gheerardyn and Viguié founded Yields.
“There are hundreds, sometimes thousands of models used to estimate risk. If these models do not work as expected, then all kinds of accidents can happen.” Jos explained, “For instance, the credit crisis was one example of a model risk event. Banks were relying on overly simplified models to make pricing decisions, so they were blind for certain types of risk. Because of all these incidents, regulators across the globe are requiring that financial institutions have proper model risk management procedures in place.”
A “quite intense” certification process
BNP Paribas was the catalyst for Yields’ introduction to the IBM Financial Services Validated (FSV) program. BNP wanted to deploy Yields’ software, but would only agree to do so if Yields became IBM Financial Services Validated.
Jos characterized the journey to becoming an IBM Financial Services Validated ISV as “a quite intense period.” Yields’ technical team worked with IBM engineers to review their architecture and their security set up. Once these analyses were complete, they moved into a remediation period. Yields had to remediate some of the points that had been identified during the validation. “We were fairly familiar with this process, of course, because many of our clients have information security requirements already.” Jos elaborated “We are also ISO 27001 certified, so luckily there was quite a lot of evidence that we already could put forward.” The final phase of the process included learning about the specific aspects of the IBM FS Cloud. IBM’s engineers worked closely with Yields.io to ensure they identified the unique features of the IBM framework.
Focus, client community, and scalability
Yields.io has found the IBM FSV program to be beneficial on multiple levels. “First, since we are smaller, we have limited resources, we focus our attention on where the clients ask us to focus our attention.…Now, on top of that what appeals to us is the fact that you (IBM) are building this community of financial services (institutions) who are interested in using that IBM FS Cloud Framework. This, of course becomes an interesting community for us to get closer to, as these are quite often the financial organizations that could potentially benefit from our solutions. “
Having standardized information security requirements are also a key advantage. “…what happens now is that every financial institution has their own framework, therefore the type of controls that are required are different for each of our clients. It makes it quite complex to manage all these simultaneously.” As more and more financial institutions become part of the IBM FS Cloud initiative, they will have the same requirements. Yields.io sees this as a win-win as it simplifies the management of the project for them and their clients. “It makes things much more scalable, but it's definitely also very valuable for our clients, because then we put less effort in ensuring we are compliant against all the controls and instead, we can put more time in developing our product faster.” Jos added.
Clients benefit from compliance and efficiency
So how do Yields.io’s clients benefit from their IBM FSV certification?
First, in terms of information security, their clients can have confidence that Yields.io is compliant with IBM FS Cloud security requirements, and they will be able continuously monitor that.
Secondly, clients have the confidence that IBM FSV certified ISVs like Yields.io will remain compliant with the IBM FS Cloud framework over time. Since this framework is updated continuously, clients are assured their own information security policies are in line with whatever regulators ask globally. As Jos emphasized, this is a vast improvement over how it was done in the past. “This is a big difference from say, a more traditional approach, where the financial institution would send us a questionnaire asking for all the controls that are in place and then later do an ad hoc audit to verify that we are indeed compliant. So here, they get that information in a standardized way on a continual basis.”
Finally, validated ISVs can make the onboarding process much faster. If the client is already familiar with the IBM FS Cloud certification process and has mapped all the requirements to their own information security policies, then an IBM FSV certified ISV can onboard their solution more quickly than a non-certified ISV.
If you would like to contact Jos Gheerhardyn directly about Yields.io solutions and benefits, you may email him at Jos@yields.io.
To learn more about Yields.io visit http://yields.io
To learn more about IBM Cloud for Financial Services visit https://www.ibm.com/cloud/financial-services
#ISV#fsvalidated#financial-services#Spotlight