If banks and credit unions didn’t understand the importance of Risk Management before, they all got quite the wakeup call during the financial meltdown of 2007-2008.
After that catastrophe, banks tightened the reins due to massive losses. At the same time, regulators became far more diligent, and were suddenly armed with thousands of new rules to enforce. Talk about a Risk Management mandate.
The definition of Risk Management for banking is pretty straightforward: you find the risks, assess them, and then prioritize. Once so defined, you figure out what resources you need to monitor risks, and minimize the chances that risks turn into harm.
This planning process should encompass finance, IT, auditing, business operations and top executive staff.
For IT, there are two burdens. First and foremost, IT has specific issues it must address relative to security and protection of computing assets and the data these assets contain. At the same time, IT must support higher level risk management issues that executives and the boardroom are concerned with.
The work of Risk Management for IT is complex. Risks IT must tackle include:
- Denial of Service attacks
- Internet banking failures
- Re-routed financial transactions
- Stolen data
- Unauthorized access to bank systems
While compliance is critical, the real reason to conduct proper Risk Management procedures is to protect the business from unnecessary losses or damage. This is far more serious than even the heftiest fines bureaucrats can levy. The results of poor Risk Management can be financial losses due to bad decisions, theft of personal customer information hurting the bank’s reputation, and violating laws and suffering from very public prosecutions or fines. This is where the intersection of great IT security practices and business strategy comes in – working in unison to keep risks to a minimum.
Let’s look at some Risk Management challenges and their solutions.
One major risk challenge is the changing nature of banking technology. Your Risk Management processes must encompass your existing technology, as well as new technologies coming onboard.
Tackling Tight Margins
Banks used to build profits by growing – simply bringing in new business. With the influx of new players, that stream has largely dried up. Instead banks must become leaner, maximize all financial flows, and create new services that suit existing customers. In short, banks have to do more with less.
IT plays two roles here. First, it must harness technology to help the bank operate in that lean, efficient and agile manner. At the same time, IT must itself be lean, efficient and agile even as it keeps the organization from making mistakes and failing to protect itself against risks.
Grappling with Regulations
The fact that there are so many strict banking rules brings discipline to banks’ Risk Management practices. Unfortunately, these regulations take up a great deal of IT time, making them less efficient. With this in mind, banking IT pros must find ways for making up for this lost time – they need to manage risk from a technology standpoint and have enough time to be proactive in defining new approaches to Risk Management.
One solution? IT automation which lifts a huge load from banking IT pros’ shoulders.
And IT has to continue to keep the banks in compliance which it does through strong security, system auditing and event logging, and deep and real-time reporting.
More Good News
One huge piece of good news is that Risk Management in banking is far more mature than in other industries. That’s means there is a wealth of material on best practices for banks of all sizes. Let’s face it, ever since the early days of banking in the Middle Ages, how one managed credit risk defined success or failure.
IT benefits from this maturity, as there are well-established best practices and solid solutions that help IT defend against risk.
Honing Your Efficiency
It is not enough that the Risk Management program keep the bank in full compliance – it has to be highly efficient as well both economically and in how fast the bank can react to problems or new issues.
“Banks need to think big and set efficiency and effectiveness targets at 30% and up by integrating capabilities, centralizing services, eliminating redundancy, removing duplication, outsourcing/offshoring non core capabilities and establishing a common set of fit-for-purpose tools and services,” wrote Ernst & Young analysts Pierre Pourquery and Richard Powell in Banking Tech. “Banks must focus spend only on prioritized initiatives aimed at bolstering prioritized capabilities adopting an optimal granularity approach to ensure all change and expenditure is both necessary and sufficient; and no more.”
What to do
Chances are you are already doing your darndest to manage risk. More can always be done, and requires IT to help by aligning with the bank’s business initiatives.
Think of risk when you create or rollout new services: Banking is a highly competitive world, especially with online only banks such as Ally and Financial Tech (FinTechs) firms entering the market. That increases pressure to release new products and services. Make sure risk is fully accounted for in the development and launch of these services.
Balancing risk: Risk Management is all about managing risk, not avoiding it entirely. When it comes to new services, the upside may be worth taking a greater risk than you would otherwise. This is known as positive risk. IT, with its security expertise, can shift the balance so that more risks can be managed to give more new service plans the green light.
Risk Management is not a one-shot deal: Even when there are regular evaluations of Risk Management to assess plans and make improvements, the work really never stops. The processes and IT solutions you establish and employ must be constantly maintained. Just as important, you must constantly measure and monitor your Risk Management execution and be always on the lookout for new threats and build protections against them.
Get all aboard the Risk Management train: Risk comes from many sources, including insiders. Make sure you have a culture of minimizing risk from the IT department down to the tellers.
Harness IT automation: Smaller banks and credit unions know what they need to do to keep the network secure, compliant, and in proper Risk Management standing. Too often they handle all the involved processes manually, whether it is providing access privileges, keeping antivirus/anti-malware up to date and installed on all relevant machines, or spotting and then dealing with anomalies.
How Kaseya can Help you Tackle Risks through IT Automation
The good news is that core IT security functions can be handled automatically with endpoint management software and other tools.
Kaseya has these solutions in world-class form, and they can make your Risk Management IT operations far more efficient and effective. For more tips and how IT automation applies to you, check out our Automation Cheat Sheet white paper.
You can also learn more from our eBook Best Practices: How to Manage Risk Like a Big Bank (Without a Big Bank Budget).