Operational Risk Management: A Competitive Advantage for Fintech

Mike Ogden

Both fintech startups and traditional banking institutions that are embracing innovation face unique operational risks in the financial technology space - and particularly heightened risk in the areas of information technology and third parties.  

In 2018, the U.S. Treasury Department issued a report calling for a “more streamlined and tailored oversight” of innovations in the fintech sector. You could almost hear champagne corks popping at fintech startups from coast to coast. Meanwhile - tech advances are already pushing more banking activities online - traditional banks, with charters dating back decades, greeted the news with a collective groan. Competition is stiff, and technology is an advantage. 

But no matter how fast you grow, it’s impossible to innovate strategically without managing operational risk is managed. A careful approach helps financial companies to clearly identify their risk appetite, analyze and assess, implement controls, and collect lessons learned. 

Speed is also the operative word for managing risks associated with digital innovations and third-party providers. That’s due in part to the increasingly critical role third parties play in business processes: like billing or email communications, data analytics, even data security. 

Compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule helps protect customer information, but that compliance has limitations. It protects but doesn’t prevent. Risk management addresses that uncertainty. 

Use data to bring departments together

Roughly 75% of employees at financial institutions work in operations or are responsible for profitability with the next largest segment dedicated to compliance management. IT risk management and third-party risk - the two areas most impacted by the Treasury Department’s 2018 report - are the least staffed. To embrace or fend off fintech, banks have to expand capabilities in managing IT risk and third parties, not to mention bridge the divide that exists between departments that prevent the sharing of data. 

For a holistic, integrated approach to risk, fintech functions must share data. 

“Finance has traditionally enjoyed unique access to enterprise-wide data but has used this solely for financial reporting, concentrating on the profit and loss for management reporting to the business.

"... Meanwhile, the risk function has concentrated on assessing risk to the balance sheet—an area of focus for regulators as well as shareholders,” according to Risk.net. 

Integrating risk and bank roles are essential for sharing enterprise-wide data that benefits both finance and risk. This is done successfully with automation technology – usually a governance, risk management and compliance (GRC) platform designed for integrated risk management. A unified platform gathers data dynamically via API and correlates it with other data like compliance, controls and policies. Using automation, it’s possible to use regulatory changes to automatically trigger policy reviews. Among other benefits, it unites departments around a “single source of truth.” 

Banking on fintech? Better get up to speed 

The U.S Treasury Department’s report that signals aligning the regulatory framework to promote innovation is a clear indicator that new fintech competitors will enter the banking picture, as well as new opportunities for both banks and fintech providers. 

No institution can remain competitive emailing spreadsheets around. Trusty office tools excel with individual users and individual departments, but in a highly competitive and risky world, operational risk must be taken seriously. 


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.


What is Integrated Risk Management?
Top Experts Answer Tough Questions about Conflicts of Interest

It’s Not Whether You Win or Lose but How You Steal the Game

The Houston Astros’ reputation is benched for the foreseeable future. The real story, however, for ethics and compliance professionals is how severe the sign-stealing scheme became compared to how acceptable it was when it started. Let's discuss. 

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Data Privacy Is Not a Law, It’s a Lifestyle

With a myriad of data privacy regulations popping up around the world, cavalier data management no longer holds water. Organizations are expected to live and breathe "privacy by design." 

 

 

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.