Content Hub

Financial Services Risk Transformation For The Next Super Incident

Written by Sabrina McClune | 05 07 22
There are several categories of financial risk that financial institutions prepare for. Over time, firms have developed advanced resilience capabilities for credit risk, market risk, and funding and liquidity risk.

However, with drastic changes in market conditions, technology, and world affairs, non-financial risk is playing a greater role.

Super incidents such as the pandemic, which have wide-ranging cultural, technological, and societal impacts, can present sudden and unexpected risks to business continuity.

The Rise Of Risk Diversification

Whereas financial risks are reflected in a financial institution's assets and investments, non-financial risks can have a significant impact on all business operations.

The COVID-19 pandemic changed how institutions and consumers operate because it affected the core infrastructure and market confidence on which economic activity depends.

For example, in the UK, the average cost of a data breach has grown to nearly £2.7 million. Meanwhile, the Bank of England said UK banks and insurers face climate-related losses of £209 billion to almost £334 billion.

In this environment, risk management must evolve to keep pace with rapidly changing markets, consumer expectations, and business models.

With looming challenges from agile fintechs, institutions’ ability to respond to the changing risk landscape will be a key determiner of success.

Enter The ‘Super Incident’

Super incidents present a new challenge - incidents where the costs cannot be easily borne by the institution, or where the costs have other negative effects.

These can include:

  • Shifting customer or community expectations
  • Breaches of new regulations (e.g., financial crime, privacy)
  • Malicious external attacks (such as fraud, cyber)
  • External events (e.g., the COVID-19 pandemic or climate change)

By 2021, there was an increased focus on operational risk and resilience, including IT disruption, data compliance, resilience risk, theft and fraud, and third-party risk.

The implications of a super incident can be significant and include:

  • Fines
  • Direct financial losses
  • Compensation or remediation costs
  • Reputational damage
  • Business model evolution

Digital Risk

Financial institutions are the leading targets of cybercrime, including extortion, theft, and fraud, accounting for 23 percent of all cyber-attacks.

Financial services firms are, in fact, 300 times as likely as other companies to be targeted.

Such risks are exacerbated by the move to rapidly digitise business models, with new risks emerging, including cyber attacks, IT delivery risks, business-continuity risks, as well as new model risks from AI.

The move to remote working and online services has also expanded the available attack surface that criminals can exploit and changed the conditions for how teams work together securely and efficiently.

Regulatory Risk

Changing regulation focuses on protecting consumers and economies from emerging issues, demanding new approaches from financial institutions.

Climate change and ESG represent a major structural shift in risk profile for financial institutions, touching financing decisions, and measuring the potential impacts of changing weather and compliance with emissions targets.

This also includes the risk from aligning the operational impact of legacy infrastructure within the industry, including communication and document management.

For example, many institutions still rely largely on paper to manage engagement with customers, with 72% of customers still receiving printed documents even if they use a banking app or online banking service as well.

Compliance around data is also a key concern for regulators, with more customers exchanging sensitive information over digital networks.

It’s the responsibility of banks to make sure end-to-end security for all customer channels is maintained in order to protect their interests and avoid fines and reputational damage.

Business Model Risk

The global pandemic saw a large shift towards digital banking services, delineated sharply along the lines of those who could meet the demand.

Incumbents working with robust digital operations as well as fintechs were able to expand their digital footprint and gain new customers as consumers adapted their financial habits.

In the world of super incidents, financial institutions' customer retention and value proposition is dependent on the ability to adapt to changing consumer needs.

If incumbents can’t keep up, it’s likely that there is a digital challenger waiting in the wings to take on their customers.

To keep pace with these changes, financial institutions need systems that can evolve with their market context in order to remain relevant.

Effective Risk Transformation

Effective risk transformation must account for a variety of processes targeted at different business areas and contingencies:

Business area or process capability uplift and remediation: Process, system, and control mapping; process simplification, digitisation, and automation; documenting, decommissioning, and building automated, preventative controls and monitoring.

Risk-type-specific capability uplift: These transformations focus on specific risk types, frameworks and operating-models to solve individual issues.

Risk function operating-model uplift: These transformations are typically driven by the risk function to make sure models can keep up with changing parameters and emerging threats.

Holistic enterprise-wide risk transformation: These efforts focus on changing the general way the business operates to make sure processes are fit for purpose.

Reimagining Resilience

Financial institutions need to prioritise systems that can change to meet the needs of the moment.

This requires a focus on:

  • Cloud data storage and management
  • API-first systems and connectivity
  • Automation to manage data flows between interfaces and platforms
  • Training for teams and customers to engage with new technology quickly and efficiently

Rapid Recovery

To prevent risks from both internal actors and external attackers, institutions need to invest in solutions to accelerate recovery in the event of disaster.

Modern systems and security protocols can reduce the cost of a breach by as much as 72 percent, saving $273,000 per breach.

At an average of 22 incidents per year, these savings add up to potentially $6 million annually for the average firm.

This requires strategies to protect data before, during, and after transmission, as well as systems to store, flag breaches and locate potential threats proactively, including:

  • Specific teams for data and disaster recovery to locate and solve potential threats from technology malfunction, AI integration, human error and external attack.
  • Established data and disaster recovery protocols and backups of essential data off-site that can be restored if an attack impacts business.
  • Documented threat response protocols to standardise your approach to issues and limit the impact of cyberattacks to a disruption rather than a disaster.
  • Encryption for information transfer between stakeholders.

Secure Operations

Engaging with customers is a core competency for financial institutions, but carries a range of risks, including data breaches, cyber security and fraud, as well as operational risks such as process inefficiency and sustainability challenges.

Reducing risk requires an end-to-end communication solution that can protect internal resources and transfer data securely between parties.

Putting Client Communications First

Keeping up with the rapid changes taking place in the risk landscape while maintaining service levels and core systems is one of the chief challenges for financial providers, platforms and intermediaries today.

To maintain competitive positioning, institutions must prioritise solutions that can be implemented across financial and operational processes to reduce risk without impacting either customer experience or efficiency.

Communicate With Confidence

Mailock is a secure email solution designed specifically for the financial services industry that integrates easily with existing systems and processes.

It uses the most secure encryption technology with no disruption to the email recipient experience.

In a click, you can exchange files quickly and securely with advisers, clients, and customers, minimising the need for paper and protecting against interception and fraud.

References:

The Most Significant Data Breaches in the UK, Computer World, 2019

Bank of England: Climate Transition Will Cost Finance System Billions, Bloomberg, 2022

Financial Institutions Are Prime Targets for Cybercriminals, Institutional Asset Manager, 2021

Going Paperless: Cost Savings for UK Financial Institutions, NS Business Hub, 2021

Climate-related Financial Disclosures, Accenture, 2022

Cyber Resilience in Financial Services, Accenture, 2022

Reviewed By:

Sabrina McClune, 05.06.24

Sam Kendall, 05.06.24