SARIM

The goal

SARIM is a project which aims to define a common framework for the various key players of the digital economy in terms of risk management. It will therefore help to improve the quality and security of IT services and contribute towards improving the competitiveness of Luxembourg's economy.

The project and methodology

Luxembourg has been heavily investing in its IT ecosystem over the past few years. There is a threefold goal. It involves meeting the financial market's growing need for high-level IT services. But it also involves diversifying the economy through attracting companies which work in high-growth sectors such as e-commerce and gaming while also developing an ecosystem which is conducive to innovation and the emergence of start-ups. For this ecosystem to be high-performance, secure and attractive, the Grand Duchy must also meet the highest international requirements with respect to governance and risk management. Different bodies oversee this regulation, such as ILNAS (Luxembourg Institute for Standardisation, Accreditation, Security), ILR (Luxembourg Institute of Regulation and Quality of Products and Services), CNPD (National Commission for Data Protection), INCERT or CSSF (Commission for the Supervision of the Financial Sector).

In terms of regulation, Luxembourg goes beyond European requirements. Each of the bodies is involved within the framework of its overall mission. But it is necessary to harmonise the different approaches, to gain a better understanding of the ecosystem of companies, and to integrate risk management into relations between the players. This is the goal of the SARIM project, which began in January 2014 for a two-year period. 2014 was dedicated to mapping out the ecosystem in order to identify any interdependencies, system weaknesses (the risks), and critical structures. "The companies which make up Luxembourg's IT ecosystem are very interdependent. The IT ecosystem is consequently a real puzzle. But with our systemic-analysis tools, we must highlight any redundancies and risks which could block the system. In addition to the need to visualise these risk chains, our goal in 2015 is to set up and test a systemic-risk-management model which is applicable to all of the ecosystem and a common standard which all regulators can refer to", explains Sébastien Pineau from LIST. A case study led with POST Luxembourg is already taking place.

Impact

There are many advantages to SARIM. Firstly, through adopting a common standard and organising data exchange, the players will assist with perfecting the reliability of their services and thus enhance their international attractiveness. Secondly, having a clearer concept of the risks which are involved within the framework of the customer-supplier relationship (which is the focus of a specific study within the project) will promote the drafting of contracts which include more guarantees in terms of risk. Thirdly, regulatory convergence is also a source of income and administrative streamlining for companies at a time in which statutory inflation, particularly in Europe, is generating new expenses. SARIM can therefore boost the competitiveness of the national economy.