By Richard Harmon, VP, Global Financial Services Industry, Red Hat
Digital banking must now go well beyond the plain capabilities of displaying account credits and debits. In the digital age, customers expect their primary mode of engagement with banks to be digital, including a full set of value-added services. In addition to these new customer expectations, rising financial services regulations such as DORA (Digital Operational Resilience Act) continue to point the way for institutions to improve security and resilience and be adaptive to comply. The role of technology in banking has been growing along the past decades, reaching to a point that is key not just for digital customer experience and operational efficiency, but now also at the center of banking resiliency and overall risk management.
As banks remove expensive and risky manual processes along their digital transformation journey, they must also retain the ability to quickly adjust business processes based on the needs of customers and regulators. While many players in the financial sector are increasingly adopting IT automation to reduce costs and eliminate the time and errors associated with manual operations, there is an industry-wide need to elevate IT automation at the center of the IT strategy to be more resilient and bolster operational efficiency.
Increasing regulatory compliance risks
Digital risk management is becoming a top priority in this era of growing cloud usage in the financial industry. Governments and regulators are increasing their focus on cloud concentration risk, which is the systemic risk associated with outsourcing common business-critical functions such as payments or clearing to a single cloud provider. Compliance requirements are continuously being tightened to avoid a major disruption or vulnerability that could occur if multiple financial institutions are reliant on that service provider without sufficient redundancy. For example, a disruption of service in one of the biggest cloud services providers has the potential of disrupting – as a consequence – the financial institutions that rely on that vendor, hence affecting individuals, businesses, or even economies.
In the EU, DORA is a recent example of these heightened compliance measures. The new DORA regulation, passed in 2022 but to come into force in 2024, at the latest, obliges financial companies to ensure the resilience of their operations with customers, with particular focus on vendor risk management and cyber risk. The new DORA framework does not only affect large banks, but applies to all types of financial companies, from credit and payment providers to investment and insurance companies, cryptocurrency exchanges and crowdfunding platforms.
Following the EU’s lead, many regulators in other parts of the world are creating regulations similar to DORA in terms of content. For example, the Bank of England in the UK has a similar approach to assess resilience of processes relying on cloud hyperscalers. The US Federal Reserve, Congress and other US policymakers are looking at whether regulators are adequately equipped to deal with cloud risks. And in Singapore, Hong Kong and Australia, banks are required to conduct varying degrees of due diligence on technology partners to demonstrate that they have adequate safeguards and response plans in place in the event of a disruption.
Globally, technology companies are already critical for the right behavior of the financial system. That’s why regulators and supervisors are including specific requirements in order to protect individuals and businesses, such as ‘exit plans’ for critical IT vendors or even regulating non-financial entities that have a role in the financial system. As financial institutions prepare for this new age of resiliency, many are turning to IT automation to streamline processes, reduce costs, and improve security—making room for increased innovation and growth.
Automation boosts operational efficiency
Financial institutions need automation capabilities to streamline repetitive processes or tasks, such as deploy applications, patch software, and repeat configurations. IT automation allows banks to handle both simple tasks and complex scenarios with less, if any, human intervention. As a result, financial institutions can respond to unexpected events faster or streamline planned deployments and migrations, for instance. Adding a flexible IT automation platform to a bank’s existing technology enables organisations to operate legacy and new applications in a more resilient manner by automating across their infrastructure, improving speed, efficiency, and consistency. The value of an IT automation platform resides not only in the efficiency – cost and speed – but also in elimination of risk inherent to manual operations errors.
We saw the benefits of increasing automation in banking during the early stages of the COVID-19 pandemic, when automation helped banks respond more quickly to changing conditions and circumstances. With the improved efficiency of back-end processes, banks were able to save time and resources while also increasing their digital banking services for their customers. Today, banks are now leveraging automation to enhance customer experiences and differentiate themselves from their competitors. This encompasses all disciplines in banks including but not limited to, customer relationship management, KYC risk analysis, fraud analysis, next best sale, application deployment, and response to cyber-attacks.
Operational efficiency gains can be derived in almost any business process that financial services firms conduct on a daily basis. Many banks use artificial intelligence (AI) across their institutions to analyze payments, evaluate risks in opening accounts, and solving basic customer service requests. They can even use available customer insights to predict the services that customers will most likely buy, allowing banks to personalize offers to their customers and determine other possible actions to take in the future.
IT automation has the potential to make a huge impact on organisations’ efforts to detect and respond to financial crime by helping them maintain compliance with security and regulatory policies. For instance, suspicious activity in customer’s products might trigger automated actions to verify the customer identity in those activities, and make automated decisions on how to proceed – whether they should authorize, reject, or block. All processes in banking automation platforms should be designed with security in mind, rather than as an after-thought or separate activity. A good automation platform should also enable an institution to define security, compliance, and risk management policies, enforce them, and remediate issues by building them as automated steps throughout your infrastructure. Reduction of fraud protects the bottom line, allows for increased revenue opportunities and improved productivity, all of which are key factors in operational efficiency.
Though automation has proved valuable for financial institutions, a successful automation strategy still requires the right people and processes to be in place to scale. In other words, the right automation platform provides the capabilities, but people decide what to automate and how the automated tasks integrate into broader processes. While IT automation tasks have traditionally been human initiated, the sheer volume of platforms, application components, configurations, deployments and changes associated with digital transformation the need for teams to integrate best practices, tools and processes is greater than ever. Given that financial companies’ systems don’t work in isolation but are connected to an ecosystem of providers, it’s important that strategies are created holistically so that there are less vulnerabilities and room for error.
While the promise of enterprise-wide IT and business automation is appealing, without well-defined tooling and streamlined processes, benefits are quickly eroded by constant change and lack of clarity. For greater operational efficiency, financial institutions need to implement an agile IT automation strategy with predictable workflows and rich auditability, which requires accountability, governance, security, and standards from the onset.