e-Finance Trends: How can we explain tech landscape from risk perspective?

We are witnessing unprecedented change in Technology. There are new solutions being implemented at feverish pace, new delivery channels getting added and new requirements coming up too frequently warranting software amendments.

All of these have their own risk dimension to be taken care of. We need to have proper change management procedures. We need to have proper process in place for solutions from understanding the requirements, documenting, and rigorous end to end testing.

The statistics show that only one out of four projects complete their journey. We can imagine the resources wasted in monetary and man days terms, on account of such failures. We need to have our processes in place to guard against this risk, which is primarily an Information systems governance risk.

We are already a part of global network, a distinct shift away from propriety networks of last decade. Opening up our network on any time anywhere basis has a risk dimension too which needs to be addressed. Threat of unauthorized access to system is real today.

The growth in the field of hacking perhaps matches the positive growth and we need strong vigilance. We need to guard our systems from all sorts of global network attack like hacking, eavesdropping, denial of service, spoofing, system based password cracking, password theft and so on. We need to have proper discipline enforced in organization to only use legal software.

Unauthorized software is potential carriers of malicious software like viruses, Trojan horses. This has potential of damaging enterprise systems considerably. We need to have proper intrusion detection systems addressed at all levels - policies, procedures and technology implementation. We need to have proper technology and operational controls against cyber crime and electronic fraud.

What about risk associated with our technology inventory mix? Invariable, we can find a mixed baggage from legacy systems to latest web based banking front ends to mobile based cutting edge features.

This is in spite of our serious intentions to limit our self to limited set of platforms, vendors and solutions. There is a risk dimension to this status which needs to assessed and managed.

How can we describe our technology inventory? It will typically showcase the development that has taken place in Banking technology during last two decades. That is natural due to many reasons.

One, we can not implement all systems together and systems are implemented during various points of time. Two, we try to stretch the longevity of our systems much beyond its capacity, so we have systems running for 15-20 years. Three, many times over we are forced to violate our own intention of keeping only standard set of platforms, solutions or vendors.

This is because, we come across solutions which best fits our requirement, and our existing set of solutions vendor can not match it. Solutions market has developed so much of niche. All this would result in multiple silos of systems. We have IVR, customer service centers, WAP, customer information, Trade finance, front end delivery systems, multiple self servicing system, application database, and desktop applications and so on.

Then we have organization re-structured to address the market more effectively. This is inevitable due to increased competition, cost constraints, customer de-mand for better services and explosions in delivery channels. We have functions like direct banking, direct sales, mass marketing, and sales tracking and so on with their own set of information needs.

Considering above environment, how does the risk profile of technology look like? There are multiple visible and not-so-visible dimensions of it. One big risk an organization is facing is unchecked growth of system silos, with every new delivery channel, or solution being added.

There could be risk due to multiple interfaces, multiple platforms, maintenance costs, rigidity in system enhancements and spiraling cost of maintenance. This risk can only be managed by creating an integrated delivery platform. This has many benefits. We can provide same set of features through all delivery channels.

Cost of adding a new delivery channel or adding a new feature across delivery channels gets rationalized; CRM analysts can get a consolidated view of customer interaction across multiple touch points and so on.

At management front we still have banks where senior management does not fully understand what this animal is which does not remain static at all. And to top it all, Technology and operations have never been analyzed seriously from risk perspective, and it was always assumed that there will never be operational risk.

The subject has come to forefront only recently, though we have been talking about the need for more serious treatment for quite some time. It needs to be addressed at management, policy, and procedure and implementation level.

There has to be a proactive management ownership and perhaps, it is not a question of choice anymore.


The author is Assistant Ganeral Manager of Doha Bank.