Banks’ Risk Exposure Boils Down to Better Management and Better Data

By: Tyler Brown

MAY 7, 2024

To stay in compliance and avoid punitive, public regulatory enforcement, bankers have a lot of work to do beyond the financial safety and soundness of their institution. Broad risks that bankers grapple with, which we’ve covered before, tie back to several fundamental issues: Disciplined management and oversight, the structure of the organization, and the systems, software, and data they depend on to monitor and evaluate risk.

It’s crucial that they set appropriate cultural norms, build the right talent pool, set governance rules, and manage the organization to systematically anticipate and respond to all risks to the bank or its customers.

“Many banks have a tough time understanding, measuring and managing the interconnected factors that contribute to operational risk, including human behavior, organizational processes and IT systems.”? — Bain & Co.

Risk mitigation as part of the ordinary course of business is a lynchpin for a bank’s long-term health. Disorganized or incomplete processes, poor governance, siloed or dated technical infrastructure, and a shallow talent pool all contribute to risk from within the organization. As recent enforcement actions show, compliance failures can be far and wide, and it’s very likely that banks cited for one failure will be cited for others. Issues banks have been cited for recently include:

• Financial management lapses, such as poor controls related to liquidity and interest rate risk, capital planning, and stress testing; highly concentrated assets or liabilities; and unplanned growth.
• Governance failures, including a lax board of directors or ineffective, inadequate rule-based oversight; incomplete or absent strategic planning; or deficient systems and tools for monitoring risks across the organization.
• Sloppy third-party risk management, flagging shortcomings in documentation, reporting, and compliance requirements for vendors; poor due diligence developing products for partners; and insufficient independence of bank leadership.
• Scant IT controls, threatening the ongoing performance and compliance of the software and systems the bank relies on day-to-day for business-critical functions. (As we’ve noted, many banks struggle with their technology.)
• Weak fraud management, including insufficient board oversight, policies, procedures, technology, and staffing to support legal obligations related to anti-money laundering and counter-terrorism financing.

Clear, specific technology and data strategies are critical, according to Deloitte. Effective risk management depends on high-quality and complete data, clear ownership over the data, and knowledge about which systems it resides in. Correct and complete formatting, aggregation, and reporting follow.

Information governance is the umbrella concept bankers should grasp — the procedures, systems, and metrics that emphasize data as an asset and help an organization control and have visibility into its data and set compliance processes. Up-to-date IT and data management systems are fundamental. Banks with legacy or siloed IT systems face immediate problems related to managing risk because effective risk management requires usable data from the bank’s core.

To succeed, bankers need to invest in technical frontiers for compliance — particularly automation and artificial intelligence. Broad technical solutions for risk management include enterprise content management (ECM) solutions and governance, risk, and compliance (GRC) platforms, which help banks manage risk policies, internal controls, cyber security issues, and third-party risk. They also need organizational solutions. Risk needs specific ownership and board oversight within the organization, and leadership needs to focus on breaking down organizational siloes and addressing coordination between different parts of the business.

Fighting Bankers’ Single-Provider Paradox

MAY 9, 2024

By: Tyler Brown

Core Banking, Middleware, APIs

The top factor that drives bankers’ decisions about technology is “overall product suite and functionality,” according to the CSI 2024 Banking Priorities Executive Report. It was rated most important by 24% of respondents. In addition, according to the study, 93% wanted as much technology from one provider as possible. By using only one provider’s products and services, it may feel easy to meet technology needs in one fell swoop. But bankers looking for a comprehensive, modern solution in one place are trying to find a unicorn, and risk getting locked into a walled garden.

Bankers with a single- or minimal-vendor approach are stuck with the “single-provider paradox.” They may find a single vendor that on paper provides all their technology needs. But no single vendor offers the best or most complete suite of products in the face of quickly evolving third-party solutions for a bank’s many needs and functions. In the long run, the single-provider solution causes banks to fall behind the most digitally savvy players. Successfully anticipating the future depends on vendors that enable and encourage diverse options for any function.

As we’ve written, a best of breed strategy sets the foundation for crucial long-term evolution of a bank’s tech stack. But that strategy first demands a shift in leadership’s mindset from a vendor-driven, product-based roadmap to a carefully planned, internally driven innovation strategy. This approach, in which banks are free to add, remove, or upgrade third-party features and services of their choice, depends on a composable core; middleware that abstracts a legacy core; or extensible “over the top” solutions.

Technology shifts can be uncomfortable, but banks need ongoing modernization to thrive. There’s no magic wand. Articulating a specific, measurable, and achievable best of breed strategy is easier said than done. It’s easy to cast too wide a net for technology priorities, be distracted by point solutions, or as we’ve discussed at length, get swept up by buzzy technology trends. It also requires infrastructure partners that rapidly and enthusiastically iterate on their own offerings to stay ahead of the curve.

Moreover, the single-provider paradox occurs not just because working with one provider is easier; banks may feel that’s their only option, given their budget and negotiating power. That conundrum feeds into bankers’ dissatisfaction with their core provider, the struggle to take advantage of new technologies, and nerves about adapting to fintech competition.

With luck, a bank’s legacy core provider will open its ecosystem to third-party solutions, laying the technical groundwork for a best of breed strategy. With the right contract terms in place, bankers may augment their cores with modern, third-party architecture and implement API-based, up-to-date solutions, before potentially converting to newer options. The key, however, is organizational. Best of breed starts with clear business goals and comfort with a vendor-agnostic approach to bank technology.