Operational resilience continues to be a key focus area for the Financial Conduct Authority and other regulators. Risks facing a bank’s operations have escalated as the cyber landscape continues to evolve. With many financial institutions still sitting on legacy systems that may be more vulnerable to attack or disruption, it is becoming exceedingly more difficult to maintain critical services.
Outages could not only result in substantial regulatory fines and business downtime, but also reputational damage. Banks that achieve real resilience in their operations and core services, even amid disruptions, will enjoy a competitive advantage and long-term sustainability in the years ahead. To achieve this it’s crucial banks shift their focus from investing only in fintech innovation on the revenue side of their business to also bolstering their regtech (regulatory technology) capabilities on the cost side.
Regtech helps organisations to digitalise their traditionally manual processes where spreadsheets and endless email chains have long reigned. Through the adoption of smart technology, such as machine-learning and cloud computing, which banks are already implementing to offer savvier fintech products, they can address compliance requirements while supporting their cost-cutting efforts to boost profitability.
“There has been a lot of innovation on the revenue side of banks, but not so much on the cost side,” says Karl Viertel, chief executive of regtech firm Alyne. “Fintech began in traditional areas like payments then moved into services, such as portfolio management or algorithmic trading, which also help enhance the revenue side. How can we defend our position as a bank? How can we leverage fintech to increase our revenue capability?
“Meanwhile, there have been massive costs with which banks have had to contend. Every time a new regulation pops up, banks hire someone new, usually a consultant, who would build yet another spreadsheet and things just get bloated. It is now time to take all the proven capability we’ve seen transform the revenue side of banks and bring it to the back office. It’s a much less sexy side, but it’s where the bank’s profitability really lies at the moment.”
While financial institutions may previously have gained an understanding and generated data around specific risks or resiliency of their individual systems, there was less focus on understanding what makes an entire service operationally resilient and how executives can make informed decisions on maintaining that resilience.
When banks use more service providers and outsourcing, the ability to ensure the stability of the financial system is paramount in allowing payments and other financial products to be accessible by customers at all times. Operational resilience becomes even more important as banks increasingly work with fintechs because the depth of value delivery drastically decreases.
“We’re no longer in a time where we are challenged to obtain data,” says Mr Viertel. “Banks have tons of systems delivering enormous amounts of data. However, to strengthen operational resilience, so that stakeholders can make smart decisions to retain the resilience of their services, you need information. That’s where regtech comes in.”
Alyne combines critical data to make information available to all its stakeholders and leverages next-generation technology to make financial institutions more agile, from prevention to response and recovery planning. It can take operational risk key performance indicators and new regulatory requirements around operational resilience, understand them in the context of the organisation, its processes and applications, and present relevant information to the stakeholders who need to make a decision.
This capability is provided by Alyne through software as a service, which quickly and objectively evaluates criticality of assets, services and processes for any organisation. It automatically analyses requirements, standards, laws and regulations, and understands how they are relevant to maintaining compliance and operational resilience. Alyne’s solution also enables firms to quantify the operational risks to the resilience of their services.
Operational resilience is just one example of how regtech is assisting banks. It is also helping them to identify customers through know-your-customer processes, preventing money laundering or terrorist financing by using artificial intelligence to detect suspicious patterns. Regtech provides new ways to influence employee behaviour so they’re making smart decisions, acting in a compliant way and not endangering information assets. However, it is operational resilience that will be the greatest differentiator in the years ahead.
Regtech leverages next-generation technology to make financial institutions more agile
“If you look at any financial statement of a bank, the cost side is going to be drastic, especially on IT and compliance, compared to the gains you can make on the revenue side,” says Mr Viertel. “Our customers have achieved cost-savings of 60 to 70 per cent depending on the process. Though it may be harder to quantify, risk transparency is equally as important in terms of value to banks, giving them better insights and understanding of their risk exposure and therefore avoiding regulatory fines.
“By embracing regtech, banks can also enable their people to be more productive and do smarter things. Banks hire incredibly smart, well-trained and expensive resources in risk, security and compliance roles, but a lot of the time they just end up massaging data because that’s the tooling they have available. Compliance and risk may not be directly revenue driven, but it’s obvious that having expensive people massage spreadsheets is not the best bang for your buck. Regtech upgrades their capabilities and enables them to focus on core bank solutions.”
With most banks currently in the midst of digital transformation, it’s important they leverage the full capability of regtech solutions, rather than for only one or two use-cases. Every digital transformation strategy involves creating a large data lake of information to draw upon. The data is there and the regtech solutions are there, but too many banks are struggling on the people, culture and change management side.
“Banks lack the mature capability or have poor resilience targets. They are drowning in a sea of data, with no accurate sense of how resilient they really are,” says Mr Viertel. “It’s not enough to just provide new technology, you actually have to help people along on this change journey, embracing new technologies and doing things differently.
“A lot of what’s happening in compliance and risk is detective in nature; banks put capabilities in place so they can realise when something has gone wrong and then put out fires. Regtech will enable them to move into a more preventative approach and it’s vital they reach this phase quickly because in my view regulators will soon require organisations to prevent non-compliance actions happening via technological measures. That’s the product vision of Alyne.
“We want to help people and organisations make smart and informed decisions, and at the same time consume that information in real time to detect and prevent non-compliant or risk-increased behaviour from happening.”
For more information please visit alyne.com