Operational Resilience: Protecting Fintech Digital Platforms
As new technologies find their way into the financial services industry, ensuring their correct implementation is vital to mitigate operational failures and outages, boost resilience and temper cyber risk.
In recent months, the importance of fully functioning technologies – 24/7 – has been laid bare, with high-profile outages such as the CrowdStrike bug proving our reliance on technology is constant. Instances such as these remind us that correct implementation is a must.
The financial services industry is no stranger to these issues either, with recent software bugs delaying UK banking customers of Nationwide, HSBC and Virgin Money from receiving payday and pension funds.
Payments too has seen issues with contactless payments capabilities going down at several leading retailers.
The question remains: what can fintechs do to ensure their technologies are correctly implemented and secure?
The Importance of robust infrastructure
Sara Cass, Chief Compliance Officer at IFX Payments, emphasises the significance of a resilient IT system in fintech operations. "Fintechs across the world are always looking to get ahead of their competition and deploying new technologies is a great way to gain an edge.
“It is also increasingly important to have the tools needed to cope with the pace of digital transformation in financial services," she says.
Relying on outdated technologies and legacy systems can be detrimental, particularly for legacy banks, with three in four US banks losing revenue annually due to poor data processes.
New technology is a must and so is implementing it correctly. Sara suggests a multi-faceted strategy around implementation, which includes employing cloud services with high availability, redundancy and failover mechanisms.
"With these failsafes in place, the risk of critical operational failures is reduced and organisations are freed up to focus on day-to-day activities," she says.
Establishing what your infrastructure is is just one part of the puzzle, though. It must be thoroughly checked using unit, integration and stress testing to identify weaknesses and ensure compliance with relevant regulations.
Advanced monitoring tools can track system performance continuously, detecting real-time anomalies and identifying issues before they escalate. Sara emphasises the importance of focused training to embed a culture of resilience within the business, ensuring teams are prepared to manage operational failures effectively.
No one-size-fits-all approach to resilience
There is no silver bullet to prevent technology outages and cyberattacks. Every organisation is different and must innovate according to its individual needs. Operational resilience is all the more complicated when attempting to introduce new technologies simultaneously.
Simona Covaliu, Chief Risk Officer at PayU GPO, says: "There’s no simple solution to operational resilience, especially when trying to innovate or incorporate technical innovation in day-to-day operations.
“There are plenty of recipes for how to achieve it – for example, DORA describes in detail what regulators think needs to be done to be operationally resilient from a technology point of view.
“They all have similar ingredients: identify critical assets with their upstream and downstream dependencies, monitor key risk indicators, formulate resilience scenarios, recovery strategies and exit plans and test those comprehensively.”
These activities allow fintechs to anticipate and prepare for potential crisis events before they occur. Indeed, if trained to respond quickly to technological setbacks, organisations can turn potential setbacks into opportunities for growth and innovation.
Each organisation’s challenge is unique to them and so is the solution. With the right infrastructure, financial institutions can combat these challenges with greater competency.
Compliance is key to fintech resilience
Of course, to remain resilient organisations must first ensure onboarded new technologies are compliant. This is particularly true as regulations evolve to keep pace with new technologies implemented.
“Non-compliance with regulations poses significant risks for industry players in both the B2B and B2C sectors," Sara warns. “Financial regulators can impose financial penalties, which can strain resources and impact profitability.
“More importantly, non-compliance can erode consumer and business trust, leading to a loss of customers and diminished brand reputation.”
There are compliance tools out there for financial institutions to leverage, such as automated monitoring tools, which identify potential regulatory issues before they escalate.
"It's crucial to foster a culture of compliance within the organisation long term, engaging employees with regulations and their requirements to help avoid breaches," she adds.
For Simona, compliance teams must be sufficiently staffed, both in terms of manpower and in the skills required, the right expertise and a good network of local legal counsels for global coverage to best combat risk.
"Ensuring compliance with those requirements is a different matter: to be able to easily absorb these changes, an organisation should strive to operate day-to-day processes that are compliant by design," she advises.
Brandee Sanders, CMO of Apromore, highlights the role of technology in maintaining compliance and operational integrity. "It is crucial to ensure systems are robust and ready for increased financial activities," she says.
Vendor Management and Data Protection
As digital ecosystems flourish as a result of third-party data sharing (Open Banking), vendor management becomes increasingly important. Fintechs must ensure compliance across the board with their partners, particularly when sharing customer data with third parties.
Just as partners can innovate with one another’s data, they are also custodians to ensure consumer data is secure.
“Fintechs can ensure compliance through a variety of measures, including rigorous vetting processes and thorough due diligence on all potential business partners," suggests Sara.
“They should evaluate a partner’s data protection policies and compliance with relevant regulations. This involves assessing the partner’s security infrastructure, data-handling practices and historical compliance records.
“Operational resilience is a key theme for regulators and ensuring you understand which providers support your important business services and how you mitigate the supply chain risk is critical.”
Sara underscores the importance of detailed contractual agreements to establish responsibilities regarding data security and enforce adherence to applicable data protection laws. "Putting this framework in place can help persuade partners to prioritise their data management and help avoid fines or even legal battles," she adds.
For Brandee, vendor due diligence is also key. “Thorough due diligence on vendors, focusing on their security practices and compliance centre records, ensures smooth operations during this critical time.
“Clear contractual agreements, regular audits and strong collaboration help maintain compliance and protect customer data through the fiscal year end.
"Engaging with regulatory bodies and industry forums provides timely insights, helping firms adapt swiftly to any end-of-year regulatory changes," she adds.
Simona emphasises the complexity of managing international partners and vendors to maintain a competitive advantage. "Implementing and running a strong, scalable vendor risk management process is more important than ever," she concludes.
To read the full story in the magazine click HERE
**************
Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series - FinTech LIVE 2024
**************
FinTech Magazine is a BizClik brand
- Saudi Arabia: The Path to Becoming a Leading Fintech HubFinancial Services (FinServ)
- MoneyLIVE Summit: Tink on PSD3 and API StandardisationFinancial Services (FinServ)
- US, OCC: Banks Should Manage Fintech Partnership RisksRegTech & Compliance
- Non-EU Crypto Firms Face Tight Limits on Bloc OperationsCrypto