The financial services industry is going through a major reconstruction as it continues to climb out of the financial crisis. With increased regulatory pressure, particularly when working with international suppliers, those within the industry have grown accustomed to keeping alert and on their toes. However, there are several aspects of risk management that are often overlooked.
Here are five practices that could be putting financial services companies at risk:
1. Unclear Understanding of Data Security
Increasingly, financial services companies are shifting their data to the cloud while also outsourcing processes that help cut costs. With this comes a greater risk for data breaches, particularly when dealing with customer data.
According to ISG, “The regulators know that suppliers are the soft underbelly for cyber-security and privacy risks. The legal and operational control environment must ensure the supplier (and secondary suppliers) are applying the company’s own level of data security protection, and are able to adjust to system threats and intrusions.”
2. Decentralized Data Management
While it’s important to have a diverse set of suppliers, all of the M&A activity in the financial services industry can make data bigger and more complex. Implementing consistent, centralized processes that offer an enterprise-wide view of spend activity allows companies to ensure they are positioned for better performance.
3. Reliance on Legacy Systems
Innovation is key for the financial services industry and this means upgrading out-of-date technology, which is naturally higher in cost and often more susceptible to complications. While many are choosing to outsource systems to third-party suppliers or partners, rather than building systems in-house, working with vendors comes with its own set of risks, such as transparency and compliance.
4. Inconsistent Audits
It’s impossible to manage risk without knowing the status of a third-party supplier or sub-service organization, including insight on current financials, mergers/acquisitions and press mentions. Unfortunately, this is a step often skipped. In fact, according to Ernst & Young’s, Financial Services Supplier Risk Management Survey, 27 percent of respondents said they have identified, but not yet addressed or monitored sub-service organizations. Further, only one-fifth said they review sub-service organizations the same way they review their suppliers.
5. Lack of Communication with Employees
Due to the breakneck pace that regulatory requirements are changing, it’s critical that operational staff have a clear understanding of the policies put in place to manage suppliers and vendors—and that they’re actually being followed. Further, these standardized processes should have clear ownership and accountability to ensure efficiency.
Those who stay on top of new technologies and changing regulations, while also addressing top-down pressures to reduce expenses and improve cost containment, will be able to achieve growth, as the financial services industry continues to evolve.