As social distancing is bringing in a new behavioral change in consumers and businesses, it is ensuring that the payment ecosystem – supported by banks, businesses, and intermediaries- is rapidly shifting to digital platforms. Accompanying this shift is a plethora of risks such as technology, cybersecurity, outsourcing, operational, regulatory, and legal that financial institutions must address if they are to continue delivering the safest experiences to their customers.
In this regard, one of the foremost grounds to cover is that of digital compliance and cybersecurity. Laws and regulations are continually being put in place, which banks and other financial institutions must prioritize compliance with, to ensure that they can detect and prevent fraudulent activities and continue to deliver regulatory compliance.
To ensure customer satisfaction while optimizing resources, financial institutions are outsourcing all or part of their digital strategy to technology and other third-party vendors. However, the underlying financial institutions remain ultimately responsible for financial activities, whether they are performed within their organization or through an external organization. Therefore, financial institutions must ensure that supervisory considerations for the outsourcing of services are fulfilled through verification of vendor compliance with IT, cybersecurity, data governance, and structural organization.
Financial institutions can enhance their ability to manage various operational and security risks through appropriate placing adequate system architecture and security protocols. Financial institutions carry the risk of choosing an inappropriate system design or technology which may result in an investment loss for the bank along with inefficient service. Increased online transactions can make identity verification more difficult resulting in an increased risk of synthetic identity fraud, traditional identity theft, and account takeovers. Additionally, financial institutions need to keep updating their systems and regularly train their staff to keep them abreast of new technologies in the rapidly changing landscape to avoid any gaps in their security system. Experienced institutions strive to make this a stable reality and while low market barriers foster innovation, they also leave novice service providers responsible for mitigating substantial financial crime risks.
There is a lack of prescriptive regulation on the latest financial technologies being used by banks in their effort for digitization such as – using APIs, biometrics, AI, ML, Robo advisory, and blockchain. Financial institutions are also adopting various open banking initiatives for faster transactions. However, they must be cognizant of the risk arising in adopting these technologies from a regulatory perspective as vendors and third parties providing these technologies may not be regulated consistently across geographies. Risks such as a system or product not functioning as intended, deficiencies in the system leading to security breaches, and/or communication issues that hinder the customer’s understanding of processes and policies damage both consumer trust and could result in losses for the bank. Further, failure to optimally deliver results to customers due to the adoption of these technologies may lead to various legal implications for banks.
An inability to perform these critical functions or divergence from the expectations of its customers poses a risk of loss of reputation for banks. This eventually leads to either a loss of funding, customers, or both. With the growth in Mobile Banking, consumers are prone to download unsecure third-party apps, use unsafe wireless networks, and click on links on their mobile or emails that may invite trouble, maybe even lose complete access to their mobile devices. This behavior is creating a suite of vulnerabilities that many fraudsters are eager to take advantage of. In the second wave of the pandemic as more banks and financial firms go for digital, it has become essential to manage such risks or face being crushed by the competition.
Despite all the risks its novelty brings, geographical reach does increase due to digital banking, and the expansion may even go beyond national borders. This can be an exciting opportunity for many banks and financial institutions, but it too is not without its risks. Cross-border risks are essentially the above-mentioned legal, operational, and credit risks exacerbated by a few factors. There is a possibility of uncertainties regarding the legal requirements in certain countries and jurisdiction ambiguities of different national authorities. There is room for incorrect transaction processing, compromises in the integrity of data, data privacy, and confidentiality, unauthorized access to the bank’s systems, and other such transactional risks when the bank uses a service provider located in a different country. It is difficult to appraise an application for a loan from a customer in a different country, and the current pandemic situation makes these credit risks even more pronounced.
Throwing light on the various risks posed by this shift in the financial world is not meant to sow mistrust surrounding the digitization of banking activities. Rather, it is to bring a sense of awareness both in the minds of the consumers as well as the service providers regarding the dynamic elements of this change, to collectively cross hurdles seamlessly and continue to have justifiable faith in our institutions.
By Dipesh Doshi, Managing Director, Financial Services, Protiviti Member Firm for India