By Laura David, Head of Operational Risk Controlling, Raiffeisen Bank
Laura will also be speaking at the upcoming New Generation Operational Risk: Europe 2019 Summit in London (12-13 March).
For more articles and insights like this, become a member of the Center for Financial Professionals by making your free account here.
Laura, can you please tell the Risk Insights readers a little bit about yourself and what your current professional focus is?
I’m in banking industry for more than 15 years, sitting in different positions in sales and risk management. During this time I’ve been part of many changes in the bank that helped me to developed professional expertise; however the digital revolution is by far the most challenging one.
What, for you, are the benefits of attending a conference like the ‘New Generation Operational Risk: Europe’? What can attendees expect to learn from your session?
Participating to the events offer the chance to meet professionals in our field with different expertise, willing to discussed openly about their challenges or methods they applied to overcome them.
It’s an intense learning experience but also a unique networking opportunity.
PSD2 and open banking, as a major component of the digital transformation in banking sector, brings a lot of challenges for business and also risk management. We all need to reinvent our working model, collaborate much closely, share knowledge and build expertise in this new field. These are essential for achieving the objective of a successful digital transformation, offering a personalized customer experience, aligned to the regulations requirements.
In your opinion, how can we look to effectively keep check of where data is being used?
In today’s connected world, personal data is being collected at an unbelievable rate and constantly exchanging between companies. The Economist called personal data “the world’s most valuable resource’ ahead of oil, because of how much it now drive the way companies communicate with their customers and how it impacts customer experience.
From an individual perspective, the introduction of GDPR offers a method to gain more control over how the personal data is collected and used – including the ability to access or remove it – in line with their right to be forgotten. So, be very careful to whom you consent to collect and use your data!
From a company perspective, the regulation requires closely tracking and organizing personal data and this objective can be achieved only with strong data governance but also data classification and lineage tools properly implemented.
What are the key considerations that need to be made when ensuring system preparedness with the increase in volume through API?
PSD2 regulatory requirement is that European banks open their data and infrastructure. Even though the perceived focus of PSD2 is on payments and access to accounts, it’s more than that, as many banks will want to go for platform approach by adding third-party capabilities to their core business offerings via APIs, for a personalized customer experience.
At the most basic level, the API Layer will sit on top of a bank’s existing core banking applications and process API calls. However, implementing this in practice so that it can deal with the high volume of transactions/calls per second, that most banks receive, is harder. Challenges like security, availability of data and redundancy of the systems will have to be considered alongside the customer experience when using banking services.
Availability requirement will be critical; banks will also have to scale up the volume of transactions that their systems are able to handle. In addition, API Layer will be on existing back-end complex infrastructure that was not build with API-based designs in mind. So, looking at the infrastructure behind this API Layer and how the architecture will accommodate future services and growth is essential.
How can we best manage the impact of Siri and Amazon open banking licenses on Banks?
The emergence of new players is increasing the level of competition, the over-the-top players, like Google, Amazon and Apple, and new TTP -third party providers, are changing the traditional context of the banking.
These players know how to win in a digital world. But traditional banks can win, too. It’s about how to utilize their assets alongside advanced digital capabilities: product innovation, technology innovation, relationship change; incubate, partner, venture, acquire.
Looking ahead, what operational / emerging risk do you think will keep people up at night?
As operational risk professional I see a lot of uncertainty coming from the new business model driven by innovation and digital transformation.
The main concerns are related to legacy infrastructure, people expertise and increased dependency on third party providers. Any sideslip could jeopardize meeting performance expectations related to quality, speed, cost and innovation as well as our customers.
In addition, the preparedness of the organization to deal with cyber threats with proper resources and technology is also important and banks are working to strengthen the security position.
The adaptability of the organization and the robust risk culture is essential to deliver fast and safe, so risk awareness remains a focus.
In the end regulatory change and increased regulatory scrutiny concerns persist considering the significant impact of recent regulations like PSD2 and GDPR.
