Security and risk management in the age of disruption

Security and risk management in the age of disruption

By Alice Kelly, Head of Research and Production, Center for Financial Professionals (CeFPro)

Technology and innovation across sectors remain a primary focus as advances evolve at a rapid rate. Many institutions are looking to leverage technology for a broad range of uses, in financial institutions the primary factor remains security and risk management when implementing such changes. The risk landscape continues to evolve and with increases in technology, the risk threat continues to escalate. Institutions need to keep a firm grasp on how technology can impact risk management both from a threat and opportunity stand point. Institutions much look to balance innovation with exposure in order to stay ahead of competition, whilst ensuring security as a top priority. Many operate under restrictive legacy systems, difficult to unwind and update but with the evolution of technology, comes the evolution of threats, legacy systems must be updated in order to stay ahead. Integration and cooperation across the enterprise remains key, many institutions still operate in silos with no enterprise security function, integration across business lines and risk management can align best practice and ensure security.
One of the key talking points across the industry continues to be cyber security and resilience. Many are looking to develop practices to improve cyber risk management and level the playing field between criminals and institutions, after all fraudsters only need to be lucky once! Risk management tactics are evolving in order to mitigate the risk of cyber-attacks and although there are limited drastic economic consequences, the threat and severity is real. With increases in technology capabilities, there are both opportunities and threats present, technology if not developed, implemented and monitored properly can open up new vulnerabilities to an institution, however with increased controls and testing some technology advances have the ability to increase security and limit cyber-attacks and the resulting reputational and economic risks. Much of the focus remains on the threat landscape and managing innovation vs. security, however more focus should be paid to resilience, it is vital to understand the landscape, but equally important to understand how to react in the event of a successful cyber breach.
As with any technology and risk management discussion, comes the application to fraud and financial crime departments, many of the risk areas discussed fall within these two departments so advancing technology to ensure security is key. Many across the industry are discussing uses of Blockchain, with little understanding and even less close to application. Many argue the uses of Blockchain to facilitate more areas of the business including that of fraud and financial crime to build customer profiles and better understand behaviour to detect end prevent fraudulent activity. Blockchain is traditionally known for its uses to facilitate crypto currency transfers and digital currencies, but there is increased focus on its potential uses in risk management and strengthening security, but questions remain as to the regulatory standpoint on this, many are reluctant to invest without understanding regulatory implications. The investment level and overall implementation efforts are extreme, with limited understanding of uses and balancing those against risk, many are waiting it out to see where the industry goes, so who will be the first out the traps? Of course, Blockchain is not the only technology application being considered for fraud and financial crime detection, many are looking into machine learning uses to monitor customer activity and enhance KYC. Machine learning tools can be used to access data and detect patterns not detected by humans, it has the capability to run pattern checks and raise red flags and could produce real time pattern detection to mitigate fraudulent activity and act as a prevention. Again, comes the enterprise view however, with limited legacy systems comes limited data sharing, taking an enterprise view on data and using for uses in fraudulent and criminal activity detection allows a broader remit and increase chance or prevention rather than cure.
Finally, in the security and risk management remit, comes that of payments, closely aligned to the above mentioned topics on fraud detection and prevention. Payments infrastructure and innovation in the US is behind that of other parts of the world. With reluctance to move to chip and pin, the infrastructure remains unsecure, relying on banks to detect fraudulent activity in real time in order to have any chance of preventing fraudulent activity. Across the industry we are seeing an increased adoption of digital payments and wallets, what impact will these non-bank products have on the traditional banking market and can both sides offer the necessary security? The US has been hesitant to move to contactless payments as we have seen adopted across Europe, but progress has been made towards adoption and integration. With legacy systems still coming into play in the payments sector, it is increasingly difficult to revolutionize and digitize processes, even more so with real time payment pressures.
Overall, it is an exciting time with new technologies providing new opportunities, product offerings and competitive advantages, but the disruption is not just between competitors, many non-banks are entering the market through open banking and FinTech companies and challenger banks continue to test the traditional role of banks. There is a lot to be done to leverage technology opportunities and further build the financial services industry to join the technology revolution, the future remains unclear as to what the future bank looks like, but competition to keep up allows for consumers to take advantage of offerings available.
Join us in Las Vegas for the inaugural X-Tech: Financial Services and Technology where we discuss moving these technologies far beyond just theory, and look towards use cases, practical implementation and how you can take them back to your organization. Can you afford to not be involved in the technological revolution?

Research ahead of…

Sign up for your free account:

become-a-risk-insights-member-banner-1

Don’t miss out on…

X-Tech 2019