Managing Director, MetricStream, India shares details of the industry scenario, risks & advanced technology solutions:
The banking and financial services sector in India are undergoing rapid digital transformation. Remote and hybrid working models, amplified digitization efforts, cloud computing, and growing dependency on third-party service providers are creating new risk avenues. In addition to this, regulators are bringing in various regulatory and supervisory measures to improve operational resiliency for banks, monitor capital adequacy, and manage liquidity, risk, and cyber security. All this has brought GRC back into focus.
Cyber-Attacks & Digital
Transformation As per Shankar, banking and financial service firms had to accelerate the pace of digital transformation expeditiously. In this new, digital-first operational environment with hyper-connected businesses, the cyber-attack surface is continuously expanding, and new cyber threats are constantly emerging.
Indian banks mostly outsource non-core services. This includes conserving and managing software and hardware, maintaining data centers, supporting software applications, disaster management, and smooth execution of ATM networks across the country. Non-core support services such as help-desk support, callsupport services, credit card processing, ATM Cash replacement, loan servicing, data mining, etc., are taken care of through outsourcing. Shankar says: “With outsourcing as a business strategy, most banks have complex extended ecosystems. These comprise vendors, business consultants, contractors, payment gateways, and service providers. This introduces several governance and risk management challenges, such as those stemming from non-compliance, unethical practices, and financial risks.” He further adds: “Vendor bankruptcy, exposure to tier 2 vendors, legal issues, and access to confidential data are emerging as risks. It becomes imperative, therefore, to proactively identify these risks and implement the appropriate controls to manage the supplier network effectively and keep the associated risks in check.”
AI-Enabled Connected GRC
For any organization, the goal of implementing a GRC program is to be future-ready and resilient when faced with any disruption or risk event. MetricStream has an integrated GRC solution that will cut across organizational silos, eliminate redundancies and duplication of efforts, enhance visibility into top risks and efficacy of controls, and ensure alignment between head offices and local branches, thereby enhancing overall efficiency. Shankar explains: “Artificial intelligence (AI) enabled software solutions can empower banks and financial services firms to pursue an integrated approach to GRC. ConnectedGRC is a single platform that can help ensure collaboration between risk, compliance, audit, cybersecurity, and sustainability teams.” He adds: “A collaborative approach like this will enable banks to better identify, assess, manage, and mitigate strategic risks, operational risks, IT and cyber risks, third-party risks, compliance risks, and ESG risks.”
Automate workflows & risk
management systems Banking and financial organizations around the world are required to adhere to the regulatory requirements regarding Capital Adequacy Ratio (CAR) and impact tolerances. While CAR helps to ensure that banks can absorb a certain number of losses, setting impact tolerances to provide a better understanding of their critical business functions helps to identify areas that need improvement. Shankar shares: “Automating workflows and risk management systems using advanced technologies, such as artificial intelligence, machine learning, etc., can considerably improve the risk foresight of GRC professionals. It can provide them with timely and actionable risk insights for making risk-aware, data-driven business decisions. Leveraging these nextgeneration technologies is a must for banks today.”
Quantifying risks in monetary terms allows the CISO to better assess and prioritize risks and can help determine how much to spend on each control. It also helps with conducting scenario planning and stress testing drills that empower risk teams to not only identify early warning signs but also tackle risk events swiftly, confidently, and efficiently.
According to Shankar, engaging frontline employees in GRC activities and encouraging them to proactively report any anomalies or issues, such as those related to non- compliance, suspicious transactions, etc., can go a long way to help banking and financial service organizations safeguard their operations.
Organizations today are being increasingly held accountable for their ESG programs and metrics. Shankar shares details: “ConnectedGRC can help banks simplify and streamline management of all organizational requirements relating to Environmental, Social, Governance, Risk, and Compliance (ESGRC). It can enable a systematic approach to defining and managing ESG standards, frameworks, and disclosure requirements. The platform can help capture environmental and social metrics, automate assessments, monitor suppliers, and create board-level reporting.” The banking and financial services sector showed tremendous resiliency in the wake of the pandemic. However, customer behaviors and expectations have continued to evolve. To keep pace with the changing risk and governance landscape, adopting next-gen technologies, such as artificial intelligence and machine learning into the overarching GRC management framework, is an absolute necessity today.