With Basel II banks and other financial services are required to examine all possible risk factors before grating loans to companies and organizations. In theory, at least, these include IT security and IT compliance. However, most banks lack quaified personnel to perform such checks. What must banks do to make sure they aren't overlooking important risks? How can companies increase their credit worthiness by investing in IT security and identity management?