The digital revolution in general and in banking in particular has changed the way we do business. Billions of dollars are transferred at the click of a button and business has become global in the true sense of the term. Digitization also brings with it an increased risk in transactional banking. Risk Management in such a digitized world has become paramount.
There are many types of risk that exist in banking – Operational Risk, Reputational/ Franchise Risk, Regulatory Risk, Market Risk to name a few.
With the increased use of technology, we now see a new risk emerging – Technology Risk. This report deals with the increasing dependency on technology in transactional banking and the need to have a strong line of defense to guard against Technology Risk.
The Basel committee on banking supervision has cautioned on risk arising due to e-banking activities. While the existing risk management principles remain applicable to e-banking, these need to be tailored to face the challenges arising out of e-banking activities. The Basel committee report specifies the below areas under Risk Management Principles.
Board and Management Oversight
Legal and Reputational Risk Management
Technology Risk Management has some unique challenges due to the very characteristic of e-banking (I use this term to cover all banking, whether done through a laptop, smart phone or using social media platforms)
One – speed of change. Technology is ever changing and that means risk is ever evolving as well! So there is less time for product testing and even less time for a strategic risk assessment before the actual rollout.
Two – technical complexity. Traditional banking has relied on integrated systems and end to end linkages with the banks’ core platform. With the advent of newer platforms, there is an “organized chaos” Banks are now looking at integrating multiple platforms with their traditional databases. The internet’s open architecture only complicates matters further!
Finally – dependence on third party service providers. With new platforms and rapidly changing technologies, banks can no longer look at investing in internal technology development teams. They would be forced to rely on applications developed by third party providers, which would increase the associated risks.
At the risk of putting my head on the line, I present below some pointers as to how banks can better manage these risks. I do understand and appreciate that what is presented below is but a miniscule portion of the whole and is only presented for the purpose of further discussion and deliberations.
Standards and Frameworks: Use of recommended standards and technology frameworks is extremely important when designing banking systems. Given the huge volume of customer specific data that passes through the systems, it is extremely important that the infrastructure used in as per the standards. This also ensures that banks get the desired hardware and software support from the vendors.
IT Governance strategy: Most banks have a robust Governance strategy when it comes to managing risk. However where they lack is in having an IT Governance strategy in place. It is important to put in place a risk mitigation strategy for Technology Risks. This strategy needs to be designed closely in conjunction with the IT managers to ensure that all aspects are covered and there is no room for any gaps. This also ties in with the Basel recommendation of having a clear Management oversight.
Future proofing: Given the pace at which technology keeps changing, it is equally important to have a future looking IT Risk mitigation strategy. This also means that the Governance strategy would be subject to regular changes to map new trends and plug risks accordingly.
Advanced Data and Analytics (ADA): Banks are increasingly using ADA to create value for their customers, optimizing their solutions and making important risk related decisions. Bankers were, and to an extent still are, hampered by the lack of critical data that they could use to analyze customer behavior. Things are changing with the advent of credit bureaus and banks and financial institutions sharing more data between them. ADA is also a critical tool in digital risk management since it provides deep insights into customers’ online behavior and helps map the same to identify risk parameters.
Cooperation and collaboration: Banks have traditionally worked in silos when it comes to their customers’ data. While it is still important to safeguard customer data in the digital age, it is becoming important to share data on fraud patterns, risk trends, etc. given the huge amounts of digital information being transmitted between banks. Consumers are using all kinds of platforms for their banking needs, be it the social media (Facebook, Twitter) or the latest smartphones with banking apps. The more the platforms used, greater are the risks of compromising customer data and even greater are the fraud risk. Given that hackers are far ahead in terms of data sharing and in terms of their awareness of technology loopholes, banks need to be on their toes. Sharing information on security loopholes will only help the industry as a whole tackle this menace better.