We’re witnessing the digital transformation of risk and resilience driven by multiple tailwinds. There’s an increase in regulatory attention and matrixed requirements for firms to consider. Factoring in digital business acceleration, an expanding vendor ecosystem, and emerging risks, building and demonstrating resilience is increasingly complex.
In Fusion’s latest roundtable, executives from top financial services firms came together to discuss and share their experiences on their resilience journey. What’s keeping them up at night? How are they tackling common challenges?
From the discussion, four common themes arose:
1. The risk landscape is shifting, and proving resilience is fundamental
Years ago, risk and resilience programs were there to tick a box. But the risk landscape is rapidly changing, and expectations of these teams have increased. Some of the top risks (with increased complexity) that executives are concerned with include but are not limited to: cyber-attacks, grand resignation, and third-parties. As these risks evolve, resilience teams are being asked new questions and must provide the answers. In order to do so, they’re considering how to proactively identify and collect necessary data and analyze that data to provide insights on demand. But with the increase of top-down support, the transformation of these programs is possible by investing in tools to support that transformation.
2. Finding the balance between leveraging data and proving preparedness
While there is a shift towards a more dynamic, data-driven approach to resilience, regulators still expect runbooks and checklists, so firms are working to find that balance between data and incident management plans. A growing set of data needs to be interrelated and support the plans shown to regulators; through data, firms can better prove resilience and demonstrate continuous improvement.
3. Merging taxonomies and finding common ground on continuity and risk processes
Firms are facing the challenge of pulling together many dimensions. Operational risk and business continuity need to be blended, and a vital part of that exercise includes creating a common taxonomy. Once there is alignment and consistency in describing the business, teams can align and find common ground on processes. Firms can strategically merge taxonomies by setting their scope, getting executive buy-in, building cross-functional teams, making it relatable, and tying it back to value.
4. Planning data recovery as it pertains to resiliency
When discussing resilience in general, having foundational data is key – but another side of the coin is data resilience. Let’s say there is a malicious attack – how can risk and resilience professionals, across an integrated risk management environment, plan for data recovery and mitigate impacts? Beyond setting up testing environments and knowing a database can be recovered, there is a need to map and understand the critical application and processes that are dependent on that data. There is also a need to obtain information from vendors that are demonstrating recoverability.
Are you looking to digitally transform your program? Contact Fusion today!