Financial organizations are facing volatility and opportunity at an unprecedented scale. The pressure to maintain operational efficiency and customer focus is now further exacerbated with the need to keep up with the constantly changing regulations. And while winning business is priority number one, a close second is not falling prey to any lapses in compliance requirements under fear of substantial monetary fines and damage to the brand’s reputation.
Every financial business leader knows – they need to ensure compliance & security while adhering to a rapidly changing regulatory & threat landscape in a highly disruptive industry. But the “how” is not as clear. The financial industry has been at the forefront of adopting digital technologies, digital intelligence, data, and analytic tools in their products and offerings. And while this has opened Fintech as a whole new sector, it has also widened the threat landscape significantly.
This is precisely why Digital Transformation has become a top priority for financial institutes across the world. But this is only possible by beginning with a clear picture of the challenges that lie before them. With innovations in automation, machine learning, and analytics, organizations today can now make informed decisions as they reduce operational risks and meet compliance requirements.
Risks and Challenges for Financial Service Organizations
There is no doubt that Fintech start-ups will become a significant force in the future. Even large banks have endured this reality and taken on a more aggressive posture to remain competitive. And while large institutions have adopted new technologies, like many incumbents, they have only been able to make marginal improvements at high investments while remaining confused about their focus.
The last few years have further proven this reality as operations have become increasingly complex in the face of rising regulatory requirements. Of course, the need for these regulations isn’t surprising when we consider recent incidents in the industry. Nearly everyone in the industry has followed the headlines, shocked by the news of major global banks falling victim to money laundering practices and other crimes. This has resulted in these very banks being fined and penalized hundreds of millions of dollars.
Just a few recent examples include - a major Dutch bank with nearly 40 million customers across 40 nations being fined nearly $1 billion for failing to enforce anti-money laundering (AML) precautions within their company; a British multinational banking being ordered to pay $1.1bn (£842m) by US and UK authorities to settle allegations of anti-money laundering controls and breaching sanctions against countries, and an American multinational investment bank and financial services corporation fined £44m over poor financial information for “below-expected standards” of oversight and governance.
Uncharacteristically, even one of the largest banks in the Nordics was found at fault and is expected to pay billions in fines due to lax anti-money laundering practices. But the fines were just the beginning as the bank’s market value fell by half soon after. And perhaps even more surprising was when a major Swiss bank was penalized $4.2 billion for their anti-money laundering lapses. As we can see, the breadth of instances illustrating the dire need for a comprehensive and integrated solution is only rising and ever prescient.
Apart from these instances of regulatory negligence, we’ve also seen major lapses in enterprise security over the last few years as well. In 2019 alone, we witnessed numerous cybersecurity incidents, such as the Toyota data breach, when hackers stole over 3 million customer records in Japan and the American Medical Collection Agency breach when more than 8 million records of customer data and records of 12 million patients were exposed. Both of these incidents pale in comparison to the security breach at First American, a real estate and title insurance firm, which exposed 885 million customer financial records due to security lapses.
Given the wide extent of risk that is evident in the market, no organization, especially a financial one, can afford to remain complacent. As a result, these changing times are forcing financial institutions to seek out integrated risk management (IRM) technology solutions that not only secure them against penalties but also enable them to do better business.
Integrated Risk Management – An Ongoing Journey
Historically, banks and other financial institutions have always made every effort to ensure their compliance obligations. However, the nature and intensity of risk in the global market have outpaced traditional and legacy solutions. Under such conditions, financial firms must find ways to strengthen their defenses and address the dual challenges of persistent threats and an ever-changing regulatory landscape.
For organizations seeking to advance globally, ensuring robust integrated risk management is not only about meeting GRC needs, rather it is a matter of competitive advantage. In this scenario, the digital transformation needs to help organizations assess risk for better decision making. And while banks have always adopted the best tools and solutions for their compliance systems, the way they have been implemented is far from perfect.
However currently, most global financial firms implement their risk management solutions as highly discreet systems that are problematically disconnected from each other. In most cases, financial institutions with a global presence across dozens, if not hundreds of locations, act and operate as individual banks. So, while the bank may have global operations and a global brand, each country operates as a separate bank.
This makes them fragmented and disconnected from each other, depriving them of any overarching mesh of data and digital intelligence. The key to addressing this issue lies in adopting integrated solutions that are loaded with practices and are agile enough to be adapted to changing requirements. Modern integrated solutions require agility driven IRM programs and technology solutions that are responsive to changing regulatory requirements and stakeholder expectations.
So even as changes in regulatory requirements appear to be never-ending, from GDPR to CCPA and from MiFID II to BASEL reforms, the solutions need to be integrated and harmonized across the entire enterprise. In fact, between 2009 and 2012 alone, there were more than 50,000 regulations across G20 nations alone, with another 50,000 regulatory updates by 2015. In their attempts to keep up, the GRC spend of these institutions has continued to rise, with Bain & Co. estimates that it consumes nearly 20% of “run the bank cost” and 40% of “change the bank costs”.
In the face of persistent change financial firms have no choice to adopt an integrated Risk Management solution across their operations. This is especially true if they wish to foster greater transparency and proactive protection against threats. To achieve such integration for the future, risk and compliance technology solutions need to be based on integrated risk management solutions that are more agile than ever before by leveraging next-generation systems and frameworks.
Securing the Future: Integration and Agility in GRC Adoption
An organization's IRM evolution needs to be kicked into overdrive and address the three core dimensions of digital transformation – people, technology, and processes. These organizations need an IRM solution that can automate and integrate their discreet technologies while also advancing their IRM processes to ensure an optimal risk-driven decision-making process. By investing in IRM programs and technology solutions along with enterprise-wide standardization, organizations can ensure that they are not caught off guard with any operational or regulatory blind spots.
However, given the complexity and intricate makeup of financial institutions, organizations can’t operate a solution that is rigid and inflexible. An agile IRM program, in this case, needs to adapt to the needs and ways of working within the organization. But this doesn’t mean that organizations don’t require a certain degree of change themselves.
It is also very important to recognize that IRM systems need to be easy, simple and intuitive. Business change management becomes more cumbersome when we expect 1-line business users to spend their time navigating a complex solution. That’s where agility can be a game-changer by adding intuitiveness and user experience.
Imagine a 1-line business user notes a loss event in the course of their work and solution would have proactive features such as informing the officer the potential areas of impact as they input the category of the loss event, and in some cases even auto-populate parts of the entry in an intelligent way. Therefore, the right solution needs to possess a fine balance of agility and best practices.
It’s fair to say that a comprehensive IRM program inevitably becomes a process transformation program. Simply put – it’s not enough to implement a solution without educating the people using it. Ensuring that users are confident to use the new technologies/platform that will be deployed, and work in the new model that aligns with IRM ways of working – both acceptance of the new processes, technology, and adoption of the IRM processes. It’s not enough to simply adopt a new system without changing the institutional mindset and organizational processes that shape the minds of the people using that tool.
HCL in action to enable IRM
Recently, a multinational insurance giant approached HCL seeking a major transformation in the standards of their corporate compliance systems. The organization had started an initiative that sought to oversee its entire governance program, and they needed our help in making it standardized, efficient, and transparent.
In our work with the insurance major, we identified the key process and system changes that they needed. Everything from consolidating multiple independent approaches and tools to streamlining their reporting system. HCL worked in setting up an IRM solution that would provide a globally consistent platform across 3 lines of defense.
Our approach started with a ground-up assessment of their existing processes and technology investments. We began the documentation processes across key Integrated Risk Management issues like operational risk, audit, compliance, business continuity, regulations, and much more. With all this assessment we were able to propose and implement an IRM Strategic Roadmap.
HCL also enabled transformation from existing waterfall methodology to an agile flow over gradual iterations to achieve a highly effective enterprise solution.
As our experience has shown, the challenge to ensure comprehensive risk management isn’t an easy one. But it can be achieved when the right technology solutions combine forces with the right people and the right processes. Given the dynamic state of change facing the financial sector, organizations can no longer afford to be hesitant or ambivalent. HCL’s Integrated Risk Management program can help global financial institutions identify and address the challenges that lie before them so they can focus on their core business unhindered.