Risk and Fintech
Bank on risk if banking on Fintech
The U.S. Treasury Department released a major report on July 31st that called for a “more streamlined and tailored oversight” of innovations in the fintech sector. You could almost hear champagne corks popping at Fintech startups from coast to coast. Meanwhile, traditional banks, pillars of the community with their Roman columns and charters dating back decades, greeted the news with a collective groan. Change has come to banking and, along with increased competition and opportunity, comes risk.
Whether you’re a traditional bank embracing innovation or a fintech upstart trying to shake things up, you’re going to face additional risk, especially risks from information technology and third parties. Both risks are more challenging to manage and can interfere with or interrupt operations.
As you embrace innovation, you also need to evolve in how you manage risk. Optimizing an approach to risk management enables financial companies to clearly identify their risk appetite and how much actual risk they are accepting.
Speed up compliance and risk processes
Most financial institutions take weeks or months to update compliance documents. Preparing a report? For many, it takes a 40-hour work week to research, analyze and prepare for the review.
With oversight streamlined to spur innovation, banks will face more regulatory change. How quickly can you adapt to new compliance requirements? More nimble competitors won’t take weeks or months. They’ll quickly adapt and get back to the business at hand.
Speed is also the operative word for managing risks associated with digital innovations and third-party providers. Cyber incidents occur daily, and assets like servers require 24/7 security. If a data breach occurs, time is of the essence. The breach needs patching, and decision-makers require notification. If there’s a sudden rise in risk with a third party, knowing about it gives higher-ups time to act, like shifting to other resources or addressing the issue head-on with the singled-out vendor.
Your institution’s compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule helps protect customer information. However, it’s wise to remember that compliance has limitations. It protects but doesn’t prevent. Risk management addresses that uncertainty and benefits from speed.
Integrate disciplines within the bank
At most banks and institutions, roughly 75 percent work in operations or are responsible for profitability with the next largest segment dedicated to compliance management. IT risk management and third-party risk, the two areas most impacted by the Treasury report, are the least staffed. To embrace or fend off Fintech, banks will have to expand capabilities in managing IT risk and third parties, not to mention bridge the divide that exists between departments that prevent the sharing of data.
According to Aris Kossoras with KPMG’s financial services, “Finance has traditionally enjoyed unique access to enterprise-wide data but has used this solely for financial reporting, concentrating on the profit and loss for management reporting to the business. Meanwhile, the risk function has concentrated on assessing risk to the balance sheet—an area of focus for regulators as well as shareholders.”
Integrating risk and bank roles are essential for sharing enterprise-wide data that benefits both finance and risk. That’s easier done when using a governance, risk management and compliance (GRC) platform designed for integrated risk management processes. Such a platform brings in data from scanners and assessments and correlates it with other data like compliance, controls and policies. Audit, compliance, risk management, all have password access to the data for analyzing, acting upon or reporting. Regulatory changes can automatically trigger policy reviews. Departments can work more efficiently and effectively using shared data and better manage the new challenges presented by Fintech.
Banking on Fintech? Better get up to speed
The U.S Treasury Department’s report that signals aligning the regulatory framework to promote innovation is a clear indicator that new Fintech competitors will enter the banking picture, as well as new opportunities for both banks and Fintechs.
To compete and win, you’ll have to learn to pivot and react fast. No institution can if you are emailing spreadsheets around or using a shared drive. Trusty office tools excel with individual users and individual departments. The minute you need to pull in data from many places and make it accessible and actionable across departments and with key individuals, the process slows. A GRC platform, on the other hand, allows you to streamline processes and automate many tasks. It’s faster, yet also effective. Many banks waste a lot of time and effort managing compliance and risk when an easier approach, a GRC platform, exists.
Ever since the first bank established in 1791, the passage of time has been celebrated in the financial world. The more time, the better for deposits and investments. In 2018, for banks to be successful, they need to see time differently, saving it and getting up to speed with Fintech.
Learn about CIS’s first five controls and examine what each control addresses.
Learn about how privacy programs and the importance of being prepared for a breach.
Learn about the constant vigilance of continuous security monitoring.