A Risk Management Viewpoint on Lessons Learned During Lockdown

In light of Covid-19’s rapid spread, risk management and digital banking solutions were put to the test in a way that banks had never done before, both in terms of the potential for new or increased dangers and the efficacy of controls and business processes in an entirely new environment.

Because of the absence of a ‘physical’ working environment, traditional operating controls and influencing employee behavior (such as supervision and reviews) were rendered ineffective or ineffective.

Most financial services professionals are concerned about the sturdiness of the essential processes and services that impact their users and clients, such as Oracle digital banking experience (OBDX). They are paying careful attention to developing dangers to data security and cyber security in particular.

While lockdown(s) have persisted, a shift in priorities has happened, and some firms have shown their ability to function well under remote working conditions.

A year after the first lockdown in the United States, there is an opportunity to reflect on the lessons that may be learned and how banks can use them to progress risk management techniques.

Is there anything noteworthy that we’ve seen thus far?

An example of perseverance. 

COVID-19 and the move to remote working have little effect on operational risk, according to an ORX study of the most significant losses due to operational risk.

The bulk of ORX’s most significant losses in the recent year has been attributed to ‘Inappropriate Market and Business Practices’ and ‘Suitability, Disclosure & Fiduciary’ failures. Even though most of the hazards, the fines were not directly related to Covid-19 or remote work, they raise questions about the effectiveness with which the threats have been and will be handled in the future.

Because of the increasingly difficult economic climate, the combination of financial and physical isolation has created a potentially dangerous set of circumstances that may motivate and allow employees to engage in or continue to engage in improper market and commercial operations, putting them at risk of being fired.

Because of the complexity of Covid-19, it will be challenging to conclude operational risk exposure just based on ORX losses, although their nature and causes are difficult to determine. Given the operational risk perspective on a digital banking platform, measuring and identifying “minor” losses, business interruption costs, and other potential opportunity costs that may have occurred during this period may be challenging to do.

Concentration on data and cyber-threats

The absence of big data and cyber-related losses in the financial services industry has been strikingly consistent across this time.

Over the past few years, investments in data and cyber security measures have shown to be a profitable endeavor.

According to the study, the use of remote working and dependence on a physical “office” working environment had no substantial influence on data and cyber security protections.

The absence of significant losses, on the other hand, may have understated the rise in data and cyber-related risks throughout this period. As an illustration:

  • In the United States alone, it is expected that 65,000 ransomware attacks will take place in the year 2020. (From the Financial Times, with permission.)
  • There have been several significant data breaches at non-financial organizations, such as Amazon’s live-streaming platform Twitch, resulting from cybercriminal activity.

Although the shift to remote working has not directly impacted data and cyber risk exposure for financial services firms, it is still a top issue for any organization to manage effectively.

Employees will get greater individual attention.

Employees’ opinions about remote work have shifted considerably during the past 18 months.

Many employees have already embraced the concept of working remotely or in a hybrid environment, and they are campaigning for it to be broadly adopted in the future. Many individuals, at least in the United Kingdom, are opting to abandon the rush and bustle of city life in favor of the serenity and quiet of rural living. Even while rural getaways and remote work arrangements have proved beneficial to specific employees, many others have been ready to return to their former routines, resulting in a more distinct division in the working habits of different employees (often dictated or predicted by employee demographics).

Remote work may be contributing to the decline in many people’s mental and physical health and well-being during the previous 18 months. Employee morale and risk management have prompted a transformation in how businesses interact with their employees and workers. 

Taking a look forward 

The long-term consequences of Covid-19 remain uncertain at this time, but what has become evident is that firms now can adapt and provide their workers with more flexible working arrangements. There are solid arguments for a more permanent transition away from traditional office environments, including the possibility of cutting office overhead expenses and recruiting and keeping people from an expanded pool of talent.

However, although adopting a more permanent move to hybrid and remote working is operationally successful and relatively low risk (at least in the near term), it creates essential reliance on Third-Party software providers such as Microsoft Teams and Zoom. However, even though this dependence is likely to exist already, the concentration risk associated with this limited number of suppliers will shortly generate a new risk dynamic.

Regulatory response to the predicted long-term transition to remote or hybrid working has also been triggered as a result. Securities and Exchange Commission (SEC) in the United States has reacted by stating its expectations for remote or hybrid working. “Ultimately, it is critical that any kind of remote or hybrid working implemented does not put the company’s capacity to follow all rules, regulatory standards, and duties at risk or damage the business’s ability to fulfill those obligations, or causes the firm to fail to meet those obligations.” To achieve these “expectations,” organizations who fall short of them and those who will experience obstacles in demonstrating their capacity to meet them must take steps to address the situation.