Technology risk management in the digital era for financial sector organisations
The technology landscape within the Financial Services Industry (FSI) has widespread issues of fragmented and legacy architecture, business managed IT and inconsistent controls implementation. As technology transforms banking and insurance and shifts the risk landscape, organisations will need to develop a new approach to IT risk management that is pragmatic and linked with strategic business objectives. Some of the drivers for these changes include:
- Emerging technologies driving innovation: The emergence of new technologies, as well as increased collaboration across the industry and between regulators, is driving innovation like never before.
- Digitisation and inter-connections: For the majority of the last two decades, most financial services firms have been creating and distributing end-to-end products and solutions without the need to communicate and connect digitally (specifically in the device-driven world). The sector has now realised the value of data and how it helps to provide the right solutions to customers.
- Increased regulatory scrutiny: As the financial stability of firms becomes increasingly linked to technology, regulators are now taking more interest in the effect of technology transformation on business. Recent regulations like CPS234 and cloud guidance from APRA and Financial Services Royal Commission, exemplify the active role that regulators are playing in the space of information security and risk management.
- Cost focus at the top of the corporate priority list: There is a constant focus on assessing the value delivered by current approaches to IT risk management. The question is asked periodically whether the proposed investment from risk functions relates to business-as-usual capabilities, or the funding of large-scale control remediation programmes. This means IT risk functions must constantly align their approach to remain valid, current and useful in managing organisational risk posture.