Dealing with disruption is an everyday requirement for financial services firms.
While most are well-equipped and capitalized to manage financial shocks, having honed this muscle following the global financial crisis, they can’t be complacent. Despite much innovation, financial services firms actually have some of the most archaic infrastructure and the highest levels of volatility.
This comes as non-financial risks – including cyber, IT, third-party and operational risks – continue to proliferate. The threat of cyberattacks, in particular, are increasing and with more FS mergers and acquisitions expected, bad actors will use those moments to test banks’ new perimeters.
The critical thing for banks and insurers to remember is that they don’t know and can’t predict where the next risk is coming from. Thus, the best way to manage risk is to get better at resilience.
Resilience is the key
The word ‘resilient’ used to mean impregnable and capable of withstanding all challenges. Today, resilience is not about invincibility and more about identifying and planning for threats, having the agility to adapt and respond swiftly, and potentially benefiting by emerging wiser and stronger.
Resilience can deliver its greatest value in times of disruption, with Accenture’s analysis of 1,600 companies around the world showing that the most resilient organizations outperform their peers during high-stress periods, with faster revenue growth and higher profit margins.
There are four key pillars that banks, insurers and capital markets firms have to consider as they strive to build enterprise resilience:
- Operational resilience: FS firms have significantly altered their supply chains over the years and now rely on a vast number of outside partners to provide critical infrastructure services. This includes software-as-a-service, which while innovative and efficient, also comes with heightened risks as these firms often prioritize new features over security. In drawing up the Digital Operational Resilience Act (DORA), the EU’s regulators have provided prescriptive guidance for FS firms, spelling out what needs to be done from a technology standpoint to achieve operational resilience. As a result, banks’ cores need to be architected to allow for firebreaks between these different components to create reliable and resilient systems. This strategic optionality across the operational supply chain is critical to manage risks. And for all the focus on banks and insurers’ perimeter expanding via third parties, these organizations can’t overlook the need to spend time testing for recovery. Will they be ready to quickly respond and confidently restore the minimum viable company in the event of a cyberattack or outage? This can often be one of FS firms’ biggest weaknesses.
- People resilience: It’s not enough to have the employee skills and mindset, and the workforce structure, that’s fit for today’s requirements. You also need the agility to accommodate unexpected changes, and employees who relish the challenge and opportunity of constant disruption. FS firms should strive to build flexible, AI-augmented workforces that embrace innovation, change and collaboration. These employees need to be bold but also good at managing risk and understanding what risk is. This doesn’t require a compliance mindset, but rather, the ability to take calculated risks. Banks and insurers should also consider whether they have the needed depth of talent in various “cliff skills.” For example, the pool of employees that know how to operate in mainframe environments is shrinking as these professionals near retirement. Younger technologists haven’t been trained in these skills but banks – having been some of the earliest adopters of the mainframe – remain critically dependent on them or they risk falling off the proverbial cliff. Financial services firms need a culture that’s capable of adapting here, and quickly.
- Commercial resilience: Customers’ perceptions and demands remain ever changing. Accenture’s Consumer Pulse Survey surveyed 18,000 consumers across 14 countries in January and found that 54% of consumers feel ‘unusually high levels of uncertainty’, twice as many as last year (24%) and three times as many as in 2023 (18%). This matters because a loyal customer base is an invaluable defense against sudden shocks. FS firms must identify the customers and revenues that are most at risk during periods of disruption, supporting them as much as possible while monitoring risks to exposures.
- Technology resilience: This begins and ends with a strong digital core: a strategic blend of technologies and practices that includes digital platforms, integrated data, AI and built-in security. Cybersecurity is especially important for FS firms, which become prime targets in volatile times. The integration of gen AI capabilities into core business processes paired with agentic architectures to enable autonomous decision-making will also be critical to create a strategic technology advantage and drive productivity. Lastly, while more relevant outside of the U.S., digital sovereignty – the ability to have control over the data, hardware and software that you rely on and create – is increasingly important as geopolitical conflicts escalate. It won’t be easy to accomplish with banks operating in a SaaS world, but as they look to bolster their resilience against bad actors it’s important to consider.
This may sound like a lot to take on, but companies don’t have to do it alone. Many fintechs are helping FS firms bolster their resilience. Reality Defender, Feedzai, Darktrace and CyberDAVA, for example, offer advanced cyber security solutions, unified platforms and deepfake fraud detection tools. And when it comes to operational efficiency, DeepSea.ai is one of several fintechs helping clients eliminate regulatory risk, streamline operations and enhance customer interactions.
Winning through resilience
When we think of motorsport we think of speed. But there’s so much more to winning than having the fastest car – it also has to be nimble, reliable and safe. The engineering team must be ready to respond instantly to innovation by rival teams. The pit crew can’t afford to drop a spanner. And of course, the driver has to be willing to take risks at the right times and hold back at others.
That’s how I think about resilience. It demands an orchestrated effort across the business, including operations, technology and risk management. It also demands looking thematically across risk instances to determine the root causes of resilience failures. As every competitive driver will tell you, one small lapse can make the difference between taking the checkered flag and making the long walk back to the pits.