Digital resilience can be improved by building in the right automated controls from the outset. Continuous monitoring capabilities, for example, can be embedded during the process design phase. This can aid processes such as risk and control testing by allowing banks to test more, instead of sampling sporadically, and to increase consistency through the reduction of manual approaches.
But banks should spend time on developing a coherent control strategy to enable digital transformation and modernization. They should carefully select the right controls and not fall into the trap of simply adding more controls; after all, controls can be time-consuming and costly to implement. Similarly, just because you can automate a control doesn’t mean that you should. Banks should start by defining the necessary process – and simplifying the process where they can – before embedding the most appropriate control. CROs can add value here, but only if they are part of the conversation from the get-go.
While senior executives in marketing, product development or technology may feel under pressure to launch a new digital process, tool or product quickly and at scale, it is not in the interest of the business to do so without involving risk teams as early as possible. This requires something of a cultural shift, but if risk teams get brought in after a new tool or product has been offered to employees and customers, it may be too late.
Risk managers need to raise their game
Digital resilience is predicated on risk management functions evolving too. And that is both skill and mindset. With the scale and pace of change happening across organizations, they must get to a point where they are able to move fast enough to keep up with other departments.