Digital transformation is undoubtedly streamlining and simplifying financial services processes, however the downstream impact of the change from the technology can reach across multiple processes and functions, changing your operating model and infrastructure.
This can change not only the risk profile and risk appetite within your processes, but also the controls, KRI and KCI that are needed to manage the risk.
Based on our experience of assessing and managing digital transformation risk in organisations, some of the key areas of impact that management should consider are:
- Concentration and management of Cyber Risk
Many of the risks within the processes (e.g. fraud, data protection, cyber, info security, regulatory) are there regardless of whether the processes are manual or automated. However, with the implementation of digital technology, you may find that the risk profile changes (either increases or decreases). This is particularly prevalent with the increased cyber risk within the automated processes. It is critical that cyber risk subject matter expertise is used to assess this risk and implement appropriate controls and testing.
- Risk and control assessment of each step of the customer journey
It is essential to understand all the steps of each possible customer journey and pivot your risk management framework to accommodate. The interfaces and the method of interaction for your customer will change with digital implementation. You need to ensure you have the appropriate controls in place around each interface and each potential outcome. The best way to achieve this is by undertaking a process risk and control assessment by each customer journey.
- Have manual back up processes ready
Whilst digital automation results in faster processes, this unfortunately also means that when things go wrong, this can happen in a far shorter space of time.
A breakdown in controls in the automated processes may result in reverting to a manual process. These processes need to be ready, secure, tested, staff trained, and functionality available – a delay in service can result in significant reputational damage, and regulatory action.
- Have social media process and strategy in place
In an age of social media – maintaining the appropriate level of service and customer satisfaction is acutely important. Any dissatisfaction from the automated processes, delay or breakdown in service can very quickly be reflected in social media, resulting in reputational damage.
Organisations should be prepared and have processes to continually review social media for negative (or positive) comments, and swiftly react with appropriate communication strategies.
- Skill set change required for risk managers
With digital transformation exposing organisations to new risks and changing risk profiles within an ever-evolving regulatory framework, and risk committees increasingly dominated by cyber risk conversations, risk managers need to continually adjust their skill set and knowledge in response and adapt the operational risk framework, KRI and reporting.
1st Risk solutions can help your organisation quickly and effectively navigate the changes digital transformation will have on your operational risk management processes, and ensure a fit for purpose framework remains in place.