7 February, 2019 | Written by: Tony Boorman
Categorized: Financial Services
Share this post:
A customer-focused approach to resilience
Every time a data breach hits the headlines, banks and financial services firms echo their commitment to resilience. But the challenge isn’t going anywhere soon: the likelihood and cost of a data breach is growing year-on-year, with financial services a more likely target than any other industry.
The world is changing, and firms are being forced to up their game when it comes to risk management. In recent years there has been a change in focus: where once firms worked to reduce risks primarily concerned with financial resilience, operational resilience is now an equal priority. It’s an important shift that puts the customer experience right at the heart of resiliency planning to prevent, respond to, recover and learn from disruptions to the financial services people consume.
Operational resilience has always been a focus for the industry, but lately the scale of the challenge has intensified. The astonishing pace of digital innovation has created a paradigm shift in the way services are used, putting consumers closer than ever to their banks. A growing reliance on customer-centric, interconnected technology and outsourced IT services means that traditional banking models are under pressure.
With probability of a substantial data breach in the next 24 months for a typical company globally estimated at 27.9%, it’s not enough to plan for “what if” scenarios; it’s sensible to assume that disruptions will happen sooner or later. The digital nature of the way people interact with banks today creates inherent threats and amplifies risks. The always-on culture means that fixing failures “overnight” is no longer an option. It is increasingly tough for individual banks to shield customers from cyber-attacks and system outages.
Alongside this, a decade characterised by cost pressures and regulatory squeezes has changed the way financial institutions generate revenue, in many cases exposing them to further risk.
Experience has shown that even seemingly minor failures can have major consequences, not only threatening the business viability and reputation of your firm, but harming the customers who count on you and destabilising the financial ecosystem around you.
Banks must rise to the challenge, making sure they have plans in place to respond to disruptions quickly and effectively. This is not only good for business; it’s good for financial stability in general – and, above all, it’s good for consumers.
From the top
Operational resilience can’t be the sole responsibility of the CTO or even the COO. It’s a board-level responsibility. Senior leaders must shift their focus to prioritise the customer, taking responsibility for building resilience into the delivery of business services rather than isolated systems and processes.
Firms should prioritise their most important business services, then gain a comprehensive view of the intricate web of systems and processes that support them – whether internal or outsourced – all of which are vulnerable to disruption.
This service-based approach should complement, not replace, the firm’s existing risk management processes. Any past efforts to secure individual systems and processes form the foundation for this work. Leaders must now take a broader view and map these to critical customer services: if one piece of the puzzle is temporarily missing, how does that impact the customer’s ability to interact with the bank in any given moment? If a service runs successfully 99% of time, what damage is done during the 1% when it fails?
Leaders must understand the complex network of people and processes that underpin the customer’s journey, from the first swipe of the app to the satisfactory delivery of the service, and identify every pressure point in that journey. Only then can they build continuity plans to detect issues before they occur, fix them quickly with limited disruption, and communicate clearly with customers and partners.
This is much more than an IT issue. As well as the obvious business and reputational benefits to providing resilient services, this service-based approach is a much more robust way for banks and financial institutions to honour their corporate responsibility to consumers and to the wider industry.
Firms that have this top-down transparency are more likely to be in control of their operations and better able to prevent harm when disruptions do happen.
Promontory, an IBM company, has the experience and expertise to provide end-to-end support in designing for customer-focused operational resilience. We can unpick the principles of regulation and help boards identify the gaps in strategy, management, governance and technology (and beyond) they need to address.
Talk to us and get started.