Without question, the pace of digitization in financial services has accelerated. Financial institutions (FIs) around the world are rapidly adopting emerging technologies to boost productivity, enable new ways of working and meet evolving customer expectations. This increased digitization is adding to the complexity of the financial services ecosystem, highlighting the need to further build digital trust and resilience.
While significant business value can be created through these efforts, it's important to recognize the new or heightened risks or considerations that come along with them, such as data residency, data leakage, responsible artificial intelligence (AI), algorithmic biases and cybersecurity threats related to remote work. These newer risks are often more technical in nature and can be hard to grasp, let alone properly manage. Individuals across all three lines of defence need to understand and be able to mitigate these new risks.
At the same time, we’re seeing a mindset shift acknowledging that disruption will happen, which requires an increased focus on resilience. In this context, building digital trust and resilience in technology and operations is becoming an increasingly important topic.
Building trust by managing new risks
Within the adoption of cloud technologies, cybersecurity is a top concern and focus. It’s important to also consider other key risks, including disruption and recovery, third-party risk management, regulatory and jurisdictional requirements and data management.
We are also seeing an increased adoption of intelligent automation tools like robotic process automation, AI and machine learning without an enterprise policy or governance structure. At times, we see different lines of business adopting their own tools and approach to automation without fully considering foundational control elements like enterprise policies and governance, development and testing controls, security to restrict access to the programmed logic and information management and privacy. Protecting the organization requires a more integrated approach.
It is important that FIs understand the new risks these technologies present and manage them throughout the adoption journey. This will ensure they get the full benefits for their organizations while building digital trust with key stakeholders, like customers, employees and regulators. As both the adage and experience continue to show, it takes years to build trust and only moments to lose it.
Balancing protection and response to enable resilience
Having faced cyberattacks and now the reality of a pandemic, a mindset shift is taking hold that recognizes that in this digital world, disruption is going to happen. This requires a balance between protection and response to enable resilience.
Resilience isn’t simply about having better business continuity or disaster recovery plans. It’s about determining and protecting what matters most to your customers and markets as your first priority. It represents a shift in thinking and approach from the traditional practices many organizations have in place today.
This new mindset requires organizations to build resilience into how they plan or reimagine their operating models and the technology that underlies them. It’s not about fixing after a failure but instead is about embedding alternative ways of operating right into the processes and technologies themselves.
Shifting to a digital resilience mindset
For FIs to maintain a competitive advantage, meet increasing customer expectations and navigate regulatory complexity, it’s important to shift longer-term execution road maps towards digital and functional resilience and away from traditional system business continuity and disaster recovery.
This includes cybersecurity, an area in which detection and response capabilities are becoming even more critical as experience continues to show that even the most secure companies are still several steps behind attackers. The pandemic has also introduced new considerations, such as expanding the operational environment to include remote work, an increased focus on employee wellness and changing safety protocols. This only reinforces the fact that an effective resiliency strategy must incorporate multiple scenarios into its design.
Regulators around the globe are increasingly focused on this topic as well, including through the Basel operational resilience working group. For example, in Canada, the Office of the Superintendent of Financial Institutions participated in the Basel Committee on Banking Supervision’s operational resilience working group. Following the publication of a consultation paper published in August 2020, guidelines expected in mid-2021 are likely to include:
- Operational resilience framework and requirements;
- Measures and metrics for resilience; and
- Capital requirements for resilience.
Creating new value with speed and confidence
As digitization of the financial services industry continues to accelerate, managing new risks will become harder to navigate. FIs should assume failures are unavoidable and prepare to continue to provide critical services when they happen. By taking a holistic integrated approach to digital trust and embedding operational resilience into overall business outcomes, FIs can be confident their technology can support the business through disruption and focus on what matters most: the customer experience.
For more on the importance of digital trust and how PwC can help your financial organization prepare for the future, read our Global Digital Trust Insights report and survey. Canadian results and analysis are also available.