Both fintech startups and traditional banking institutions that are embracing innovation face unique operational risks in the financial technology space - and particularly heightened risk in the areas of information technology and third parties.
In 2018, the U.S. Treasury Department issued a report calling for a “more streamlined and tailored oversight” of innovations in the fintech sector. You could almost hear champagne corks popping at fintech startups from coast to coast. Meanwhile - tech advances are already pushing more banking activities online - traditional banks, with charters dating back decades, greeted the news with a collective groan. Competition is stiff, and technology is an advantage.
But no matter how fast you grow, it’s impossible to innovate strategically without managing operational risk is managed. A careful approach helps financial companies to clearly identify their risk appetite, analyze and assess, implement controls, and collect lessons learned.
Speed is also the operative word for managing risks associated with digital innovations and third-party providers. That’s due in part to the increasingly critical role third parties play in business processes: like billing or email communications, data analytics, even data security.
Compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule helps protect customer information, but that compliance has limitations. It protects but doesn’t prevent. Risk management addresses that uncertainty.
Use data to bring departments together
Roughly 75% of employees at financial institutions work in operations or are responsible for profitability with the next largest segment dedicated to compliance management. IT risk management and third-party risk - the two areas most impacted by the Treasury Department’s 2018 report - are the least staffed. To embrace or fend off fintech, banks have to expand capabilities in managing IT risk and third parties, not to mention bridge the divide that exists between departments that prevent the sharing of data.
For a holistic, integrated approach to risk, fintech functions must share data.
“Finance has traditionally enjoyed unique access to enterprise-wide data but has used this solely for financial reporting, concentrating on the profit and loss for management reporting to the business.
"... Meanwhile, the risk function has concentrated on assessing risk to the balance sheet—an area of focus for regulators as well as shareholders,” according to Risk.net.
Integrating risk and bank roles are essential for sharing enterprise-wide data that benefits both finance and risk. This is done successfully with automation technology – usually a governance, risk management and compliance (GRC) platform designed for integrated risk management. A unified platform gathers data dynamically via API and correlates it with other data like compliance, controls and policies. Using automation, it’s possible to use regulatory changes to automatically trigger policy reviews. Among other benefits, it unites departments around a “single source of truth.”
Banking on fintech? Better get up to speed
The U.S Treasury Department’s report that signals aligning the regulatory framework to promote innovation is a clear indicator that new fintech competitors will enter the banking picture, as well as new opportunities for both banks and fintech providers.
No institution can remain competitive emailing spreadsheets around. Trusty office tools excel with individual users and individual departments, but in a highly competitive and risky world, operational risk must be taken seriously.
