B.I.S. Basel II Authoritative Source Content

Document created by Susan Read-Miller Employee on Apr 30, 2018Last modified by Susan Read-Miller Employee on May 18, 2020
Version 7Show Document
  • View in full screen mode

The Bank for International Settlements (BIS) was established in 1930 and is owned by 60 central banks, representing countries from around the world. The BIS mission is to serve central banks in their pursuit of monetary and financial stability, to foster international cooperation in those areas and to act as a bank for central banks.  Its head office is in Basel, Switzerland and it has two representative offices: in Hong Kong SAR and in Mexico City.


Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision.  The efforts of the Basel Committee on Banking Supervision to revise the standards governing the capital adequacy of internationally active banks achieved a critical milestone in the publication of the Basel II text in June 2004.


Basel II intended to amend international banking standards that controlled how much capital banks were required to hold to guard against the financial and operational risks banks face. These regulations aimed to ensure that the more significant the risk a bank is exposed to, the greater the amount of capital the bank needs to hold to safeguard its solvency and overall economic stability. 


The Archer Basel II Authoritative Source contains two documents:


Basel II –  Sound Practices for Operational Risk Management:  The paper Sound Practices for the Management and Supervision of Operational Risk outlines a set of principles that provide a framework for the effective management and supervision of operational risk, for use by banks and supervisory authorities when evaluating operational risk management policies and practices. The paper was published by The Basel Committee on Banking Supervision. The Committee's previous paper A Framework for Internal Control Systems in Banking Organisations (September 1998) was the basis for this paper. This module contains the 10 principles for operational risk management. The full text of the paper is available from the Bank of International Settlements at www.bis.org/publ/bcbs96.htm. This module is based on the version of the paper published February 2003.


COBIT for BASEL II:  IT Control Objectives for Basel II provides a framework for managing operational and information risk in the context of Basel II. This module is based on the COBIT control objectives as published by the IT Governance Institute and addresses three operational and information risk target groups information risk managers, IT practitioners and financial services experts. In applying the framework presented in this publication, financial services organizations are able to apply recognized processes and controls to the IT space. The IT control objectives and management processes outlined address the role of information technology in operational risk. The module is broken into two sections. The first section contains ten (10) guiding principles defined from various sources that outline the principles of Basel II as the regulation applies to Information Technology. The second section is a subset of control objectives from COBIT that ITGI has mapped to the goals and risks associated with Basel II. This subset should be reviewed, as with all frameworks for applicability to the operating environment, and can be supplemented with other control objectives from COBIT as deemed necessary based upon operational risks. The Control Objectives for Information and related Technology (COBIT) framework was created by the Information Systems Audit and Control Association (ISACA) as a set of guidelines to implement effective IT governance in the enterprise. Effective IT governance helps ensure that IT supports business goals and optimizes business investment and appropriately manages IT related risks and opportunities. For IT controls, most companies have elected to use the COBIT framework due to its specific applicability. Each organization should carefully consider the appropriate IT control objectives that will help them achieve their business objectives. This product includes COBIT 4.1, which is used by permission of the IT Governance Institute (ITGI). 1996, 1998, 2000, 2005, 2007 IT Governance Institute. All rights reserved. COBIT is a registered trademark of ISACA and the IT Governance Institute.


Updated: August, 2019 to include the most current version from June 2011 release containing Basel II: Principles for the Sound Management of Operational Risk. 



The Basel II content is available in English only.



Mappings for Basel II to the RSA Archer Control Standard Library are available in the authoritative source content pack.


Content Source

The source of this content comes from the Bank for International Settlements Basel II documentation.


Licensing Restrictions

The Basel II authoritative source content is available with the use of the RSA Archer Policy Program Management, RSA Archer IT Policy Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.


For More Information

To learn more about the B.I.S. Basel II Authoritative Source Content:


For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.