5 Key Takeaways from Banking Risk Management

Tweet  

  

 delicious  

  

As more and more transactions and business processes move online, managing technology risk has become a key component to business success.

For industry leaders who want to improve their technology risk management, the banking industry is a good model to learn from. Risk management is more mature in banking than it is in other industries.

What motivates banks to use such advanced risk management techniques? Let's take a look at some of the factors that make banking so risk-oriented:

• Banks have been managing credit risk since the Middle Ages and have enterprise risk management expertise built into the foundations of their organizations.
  
  
• Banking is more highly regulated than other industries and must demonstrate truly effective management of risks to bank examiners.
  
  
• Banks handle extremely sensitive personal financial information and customers expect a high level of security.
  
  
• Today banks are completely dependent on technology and must manage technology availability risk, as well as have back up plans and redundancies in place to resume business as quickly as possible.
  
  
• What banks sell to customers is security and trust. Managing reputational risk is integral, as a loss of reputation can be a deathblow in the banking industry.
  
  
• Failure is simply not an option for banks. The customers, shareholders, and regulators of banks have zero tolerance for unmanaged risk.

Now that we've covered the reasons for banking's strong risk management programs, we can delve into some of the industry's best practices that contribute to successful risk management. Here' are five takeaways about risk management in the banking industry, which leaders in other industries can learn from:

1. Treat risk management as a continuous process
Among industry leading banks, technology risk management is a continuous process.  It is not an exercise that is performed once a year and then shelved.  Risk is constantly monitored, measured, and acted upon, because banks know that vulnerabilities change and new threats evolve. If leaders in other industries began to view technology risk management as an ongoing activity rather and an annual chore, they would realize more benefit from it.

2. Integrate risk analysis into product development
Banks integrate risk management is into the technology service life cycle. Risks are analyzed in the development stage and risk mitigating controls are built in into products and services from their inception.  If leaders in other industries managed risk proactively instead of reactively, they would save the time, effort and money expended on future risk mitigation.

3. Take a customer-centric approach to risk
In banking, the customer is a primary stakeholder of technology risk management.  Because customer trust is so critical to its business, banks look at their own potential losses as well as potential losses for customers. If leaders in other industries utilized a customer-centric risk management approach, they could engender a similar level of customer trust. 


4. Embrace positive risk
Just because a new product or service is risky, that does not mean a company should shy away from it.  Industry leading banks are not afraid to take risks.  One example is Chase Bank's new Quick Deposit product. Chase was not afraid to roll out this new feature and most likely analyzed the level of risk during product development, to be sure it was at an acceptable level. By embracing an acceptable level of risk, they were first to market with a new solution that has been wildly successful.

5. Support a culture of risk management
Bank executives give risk management leaders a seat at the executive table, provide them with the support they need and incorporate their suggestions into business decision making. If leaders in other industries committed the  resources and talent necessary to build an in-house culture of risk management, they would likely see a positive return on investment from effective technology risk management.

As you can see from these banking industry best practices, it pays to be proactive, rather than reactive about risk management. If leaders in other industries really take the time to build risk management into existing businesses processes, they'll have the technology risk infrastructure in place to lead in product development and customer service.

How might some of the banking industry's best practices inform your risk management policies?

About the Author: Bradley J. Schaufenbuel, CISSP, CRISC, is Senior Vice President and Chief Information Security & Privacy Officer at Midwest Bank – Now Part of FirstMerit Bank, N.A.  He is a regular speaker at industry conferences and has authored numerous books and professional journal articles on topics related to information security and I.T. risk management.

Learn more about critical steps to safeguard your business relationships from risk.

Download Third Party Risk Management: Critical Steps to Safeguard Your Business Relationships.   In this educational white paper, you’ll learn how new risk intelligence systems are helping companies mitigate the risk of their distribution channels.