The demand for IT risk management is rapidly increasing in response to the rise in threats and the unprecedented wave of innovation spreading across the financial services industry.  Now is the time for senior financial services risk professionals to begin preparing for the array of changes that are altering the world in which we live.

Context

With fragmented IT architecture and legacy infrastructure still widespread across the financial services industry, many organisations are already struggling to get IT risk management right. A wave of change is coming that will make this challenge even more complex.

Robotics, Fintech, artificial intelligence, cognitive computing and blockchain are some of the emerging trends that are expected to reshape the financial services industry and have a substantial impact on firms of all sizes and geographical spread.

Current approaches to managing IT risk, developed in an era focused on establishing controls for financial reporting, are no longer fit-for-purpose and need to be redesigned. As technology transforms banking and insurance and shifts the risk landscape, organisations will need to develop an entirely new approach to IT risk management.

Disruptive factors driving change

  • The integrated model is evolving – The emergence of integrated technology platforms will further change the financial services ecosystem, enabling users to consume banking services provided by multiple firms on a single platform, involving more third-parties and moving away from the traditional banking model.
  • Increased regulatory scrutiny – As the financial stability of firms becomes increasingly linked to technology, regulators are taking more interest in the effect of technology transformation on business.
  • Emerging technologies driving innovation – The emergence of new technologies, as well as increased collaboration across the industry and between regulators, is driving innovation like never before.
  • Cost focus at the top of the corporate priority list – Political and economic uncertainties are currently focusing corporate priorities on cost reduction and improved cash flow.

Five emerging themes executives can start to address now

Whilst technology was initially an enabler to the business, it is now a key differentiator in terms of cost, speed, innovation and customer experience. As the role of the Technology function has changed over the last 50 years, the role of those charged with IT risk management has evolved too. The IT Risk function will need to take the lead in driving a coordinated approach to dealing with some of the big issues:

  1. Redefine the accountability model – Consider how changes in the external environment, including changes to business models, further innovation or new regulation, will affect the risk landscape and the blend and balance of controls required. Determine how these changes will affect existing accountability models for risk and control, and how these changes can be embedded within the operating framework.
  2. Rationalise the control framework – Champion risk intelligent design across new systems, technologies and control frameworks. De-layer the control framework with more preventative, automated controls built into systems up front, enabling risks to be identified in real time, rather than hours, days or months later.
  3. Reassess the new risk and threat landscape – Assign responsibility for understanding the risk implications of new technologies to specific individuals who can coordinate the appropriate risk management response.
  4. Leverage opportunities to automate – Define an automation strategy and the principles for process, control, and reporting automation. Consider reducing the time spent on low value 'risk administration' activity and increasing time spent on removing layers from the control environment by implementing a consistent and scalable set of automated controls. Identify quick wins to drive adoption and to demonstrate, with little investment, the benefits to be gained.
  5. Rethink the IT Risk talent strategy – Develop and nurture a pipeline of talent with the right skill sets to meet the growing and more widespread demands. Consider the interface with other business risk management teams and how these functions can work better together.

The Opportunity

The financial services industry has never faced the combination of political and economic stresses it is currently facing.

Firms that seize the opportunity to act now and get on the front foot will not only reduce costs, but will also increase their knowledge of front-to-back risk and reduce time-consuming manual interaction and control management activities.

Furthermore, new technologies present opportunities for risk management simplification, improving risk management efficiency and embedding control automation. Tapping into these opportunities will enable firms to redeploy resources they currently expend on reactive 'risk administration' activities. Fostering a cultural shift towards forward-looking and business-aligned IT risk management will also better position firms to meet the long-term IT risk challenges that haven't yet emerged or been identified.

Additional Reading:

Report: IT Risk Management. Disrupted. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.