Digital Transformation: Angel or Devil?
Digital is here to stay and will continue to grow aggressively. A recent report identifies four key drivers of this transformation:
- Exponential growth of smart devices for banking clients
- Changing customer expectations and demographics
- Increased penetration of internet access, and faster internet
- Technological innovations and a desire to harness advanced technology
It is for these reasons that financial institutions are also investing heavily in digital, whether it is digital banking to reach more customers more of the time, Robotic Process Automation to improve obsolete financial models, or machine learning for case management solutions. The hope is that by investing in these solutions, financial institutions will improve customer experience, reduce risk through better data management, and reduce costs, to name only three benefits. With these benefits, however, comes the possibility of data breaches, system outages, and more, that pose operational risks to them.
How will digital affect operational risk: will it be detrimental or beneficial?
The Digital Dilemma
What do we think? No doubt, financial institutions will continue to face ‘classic’ operational risks stemming from compliance, regulatory, and market risk areas but new digital operational risks are establishing themselves, demanding more and more attention. We all know C-suite executives, from the Chief Risk Officer to the Chief Information Officer, who increasingly spend their time and resources preventing and detecting cyber-attacks, compromised data and financial losses due to errors of un-reviewed models. Added to this, operational risks may increase further due to the misuse of proprietary digital tools. Whether these risks have materialised because of inadequate internal measures and processes, poor IT training and user awareness, or a lack of breach notification mechanisms, they are not going to be completely eradicated.
Harnessing Digital for Good
Yes, operational risks exist. And the consensus is that it is not going away. However, organisations cannot overlook the opportunities that moving to digital will bring them – improved customer experiences, increased revenue, simplified service delivery, and decreased costs – have become increasingly compelling to them. Organisations cannot afford to shun digital transformation as their competitors will embrace digital and those who don’t incorporate digital will be left behind.
In conducting a digital transformation, financial institutions must also transform their risk management regimes to meet the digital risks that arise. To manage risks from digital, financial institutions need to be aware that risks in the digital realm do not respect business boundaries. This means that a data breach, for example, could be three risks at once: a cyber incident risk, a third-party risk and a data privacy risk. For financial institutions, this means that the risk needs to be addressed on all these levels, as well as across business and IT lines. To enable this, it is necessary to view risk management as business-driven security: putting IT events in a business context, so that you are able to consider them from the perspective of the business impact they exert and the business cost they exact—and vice-versa.
In summary, we believe digital transformation will improve risk effectiveness and efficiency—especially via process automation, decision automation, and early warning systems – and bring overall business efficiencies. To harness the benefits and avoid the pitfalls, risks need to be managed differently. And here is the nub of the issue – risk management. Digital transformation and technological change will transform the banking landscape, but it will demand changes in risk management and more attention from the oft-beleaguered risk manager. Only time will tell how digital risks fully manifest themselves, but the bigger picture is that the benefits brought by the digital era will be considerable, requiring the risks to be managed to avoid being left behind.
It is our belief that despite the risks that will come from a digital transformation, they are not insurmountable and with prudent controls in place financial institutions stand to gain much from digital transformation.