A revolution is well underway in financial services – a digital transformation - encompassing systems, skill sets, customer experience, agile working (employee experience), use of AI, Big Data and analytics.
The revolution had been rumbling quietly along inside institutions – with five-year plans, three-year, one-year plans, special projects – improving efficiency, building growth and resilience - prodded in part by the rise of fintech operations disrupting the status quo and proving the value of digitalisation.
Then Covid-19 struck and, almost overnight, the landscape – and the speed of rollout - changed.
I’ve built my specialism inside the financial services recruitment landscape over the past six years working exclusively within change and transformation. It’s a fascinating and exciting specialism to work in, sourcing programme directors/programme managers, building teams underneath them with the right skillsets to successfully implement change. Change and Transformation have never been more pertinent than now, helping organisations successfully navigate the storms and fallout of this global pandemic. Every firm in the world is having to implement a change of some form or another and it’s fascinating helping them navigate these unchartered waters.
Benefits of Digital Transformation
The benefits of digital transformation, “Innovation’s holy grail” (BDO's 2019 Middle Market Digital Transformation Survey), are well-rehearsed.
In that 2019 survey, which talked about the ROI from digital transformation, two of the top three business goals were improving the customer experience and operational efficiencies (over 80%). Bolstering cybersecurity and upgrading legacy IT systems were low priorities even though only 10% of those surveyed from financial services estimated their IT infrastructure as ‘excellent’ for the digital transformation revolution.
The same BDO survey article did include two chapters on:
The challenge of strong governance (proliferation of regulation, the need for a rise of RegTech)
The need for cyber and data privacy to be more of a priority.
Well, we’re now in 2021 and times have changed beyond recognition.
There’s a growing recognition, in my experience, across financial services about the need to build good structural relationships between digital transformation and risk functions - to protect organisations from cyber, data and AI application risks, as well as the potential for human error from the reliance on remote working.
What Questions Should We Be Asking?
The key questions, it seems to me, are:
What are the implications across risk and operational resilience of rolling out digital transformation so fast? Is this likely to lead to vulnerabilities within the networks putting the organisation at risk of falling victim to criminals?
Who should take on the mantle of steering the ship as businesses embark on this journey?
There are many possible answers to these questions.
Here, at Broadgate Search, we are a financial services recruitment agency that specialises in risk, governance, compliance, cyber, audit and fintech. We discuss and think aloud about how best to support our clients to ensure their processes are resilient, robust, and fit for purpose – to protect the organisations and help them to thrive and grow. We know that every client is different and needs bespoke solutions. We also know there is an awful lot of overlap between the verticals we cover and that puts us in a fantastic place to be able to support businesses through these uncertain times.
While I’m sure there is no one-size-fits-all answer, I have found McKinsey’s recent survey, illuminating on the ‘where are we now’ question and potential solutions.
Their survey of 100 digital and analytics transformation leaders globally (not just in financial services) identified that “risk challenges often remain hidden”.
The report finds the following:
Risk management is not keeping pace with digital transformation
A gap is opening that can only be closed by risk innovation at scale
Covid-19 has exacerbated the gap between risk demands and capacity to fulfil/protect
A lack of leadership buy-in to the issues of risk
A lack of security policies and training to deal with remote working & new cloud-based AI
Siloes remain – legal, IT transformation and risk teams separate - so digital transformation risk which, arguably, should be inside the remit of a specifically skilled risk team left in the hands of its IT creators
To quote McKinsey: “Many projects have minimal controls designed into the new processes, underdeveloped change plans (or none at all), and often scant design input from security, privacy, and risk and legal teams. As a result, companies are creating hidden nonfinancial risks in cybersecurity, technical debt, advanced analytics, and operational resilience, among other areas”.
These risks include soft factors like skills, mindsets, ways of working, as well as hard factors like technology, infrastructure, and data flow – all with the potential to cause financial costs arising from correcting structural mistakes, regulatory fines, and the fallout from reputational damage.
So, just who should be steering digitalisation and risk?
Chief IO / CDO?
Digital Transformation leaders?
Risk management teams?
All of the above?
McKinsey found no consensus among those they surveyed. “For more than 40 per cent of respondents, the task falls to the digital and analytics transformation leads themselves. Unfortunately, these individuals often lack a detailed understanding of embedded risk factors and are given incentives to 'get the transformation done'.”
Completing the project, the survey found, is the top priority, even for individuals who are focused on the risk management perspective.
Nearly a third of respondents blame senior management for a lack of focus on digital risk, citing “a lack of sponsorship or buy-in from executives or other stakeholders in prioritizing risk-identification and management activities”.
Meanwhile, leaders say that their biggest challenge around managing digital risks is “simply identifying them”.
McKinsey’s article suggests working with enhanced ERM infrastructures “typically used for financial and regulatory risks but can be modified to be more agile and adaptable to meet the risk-management demands of digital and analytics transformations.”
With a potential cross-departmental structure as follows:
Digital and analytics transformation lead accountable for delivering the digital and analytics transformation activities
Digital and analytics transformation risk owner responsible for all transformation risks.
Transformation risk manager specialising in change risks and risks from digital and analytics transformations. Working with transformation teams on the front line and helping design risk controls from the early transformation planning stage
Transformation working teams working agilely with risk management resources assigned
ERM and Enterprise-risk-management and individual control partner groups working with Transformation risk leads to ensure transformation risks accounted for at enterprise level and enterprise risks considered at the transformation level.
Transformation sponsors: The sponsors of the overall transformation should be on board during the entire change process.
In short, a new model of collaboration centred around a “working with” partnership between transformation and risk teams, supported from the top.
Additionally, a risk-focused culture will need to be embedded – with upskilling and cultural change built across all operational levels - described by Deloitte as long ago as 2016 (which feels like a century away) as the need “to rewire organizational DNA.”
In summary: We know the rapid deployment of digital transformation during the pandemic has been a saviour for customers and employees alike. However, in the Spring of 2021, there’s a new conversation gaining traction across financial services - about digital risk and protecting operational resilience. Or, to put it another way, organisations are asking themselves – who should be responsible for taking charge of the associated risks of leading and embedding a digital transformation journey for the organisation, and how? Is it as we want it to be? And how could digital transformation and digital risk be reinforced or re-structured to carry on producing returns and efficiencies without threatening organisational stability?
Rick Seivewright is a subject matter expert within Change and Transformation resourcing with a strong track record of advising and supporting clients through all manner of change projects. Through his extensive network of Change resource, he’s supported financial services adopt and embed change for the better.
Rick’s available to discuss any challenges organisations are facing with adopting change and would be all too happy to help your business through these unchartered waters and into brighter times. Reach out to Rick at firstname.lastname@example.org
Broadgate Search is an award-winning, international financial services recruitment specialist focused on all areas of Governance, Finance, Change, Cyber and Front Office. We offer roles across the UK, Ireland, DACH, Benelux and the US at mid-senior level on a contract/permanent basis in financial services & other regulated sectors.
Broadgate Search is part of Trinnovo Group; we aim to build diversity, create inclusion and encourage workplace innovation.