Financial services institutions made a fast switch to remote working when the pandemic forced widespread lockdowns across the globe. The adoption of remote working was nascent in the industry, and there was a need for a fast pivot by both the organisations and employees (Figure 1).
However, this has also exposed the industry to technology-related risks. Ecosystm Principal Advisor, Gerald Mackenzie says, “The move to a more virtualised working environment has been a trend taking shape for many years and like so many trends, it needed an impetus to make it a norm; in this case COVID-19.”
“Many, if not most, financial institutions have been shifting to more cloud-based and modularised Banking-as-a-Service (BaaS) models and these trends will only accelerate as we need to manage risks inherent in conducting financial services via remote working environments. For example, critical capabilities such as Advisor to Client communications need to be verifiable and auditable whether they are happening inside or outside of the office and I predict regulators will be pushing financial institutions to ensure these standards become the norm rather than the exception.”
Singapore Addresses Risk in the Financial Industry
To manage and mitigate risks that could emerge from the extensive remote working adoptions by FIs, The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) jointly released a paper titled Risk Management and Operational Resilience in a Remote Working Environment. This is also in line with the previous collaboration between MAS and ABS in May 2020 to establish the Return to Onsite Operations Taskforce (ROOT). ROOT sought to strengthen and implement safe management and operational resilience measures as well as endorsement of industry best practices.
The paper seeks to create awareness amongst financial institutions on key remote working risks in the domains of technology, operations, security, fraud, staff misconduct, legal and regulatory risks. MAS encourages them to take pre-emptive measures to adopt good practices on managing risks.
Mackenzie adds, “Of course, some of the issues are difficult to solve. For example, staff accessing client data from their homes creates inherent vulnerabilities and the ways to ensure staff have suitable ‘in-home’ working environments to effectively manage these risks can be challenging and expensive. There are great opportunities for innovators to adapt solutions to solve these problems in what will undoubtedly be a growing investment area for many Financial Institutions.” The paper also examines various controls on the people and culture leveraging examples drawn from the experiences of ABS member banks to address evolving risks. For instance, FIs can implement security controls on staff infrastructure including their personal devices, verify in-person meetings against original documents, timely response strategies for recovery teams, legal risks and more.
To keep pace with the changing trends in technology deployment, risk management, and cybersecurity, MAS has been regularly working and engaging with experts to introduce guidelines, principles and best practices for financial institutions. In February, MAS issued a consultation paper proposing revisions to enhance the current requirements for enterprise risk management, investment risk management and public disclosure practices for insurers. Similarly, in January, MAS issued risk management best practice and standards to guide financial institutions in managing technology risk and maintain IT and cyber resilience.
Get insights on the technology areas in the Financial services industry that will see continued investments, as organisations get into the recovery phase.