Cybersecurity & Regtech: Defending The Bank

May 15th, 2018

How can financial institutions proactively combat the risks facing the industry today? The 2018 Risk Survey—presented by Bank Director and Moss Adams LLP—compiled the insights of directors, chief executive officers and senior executives of U.S. banks with more than $250 million in assets. According to the survey, the worries keeping top executives awake at night align with the key priorities that banks commonly hear from banking regulators: cybersecurity, compliance and strategic risk.

Cybersecurity
Cybersecurity was the biggest concern by far, reported by 84 percent of respondents.

The survey addressed the confidence that executive and directors have in their institutions’ cybersecurity programs, with an emphasis on staffing and overall effectiveness. Access to the proper talent—in the form of a chief information security officer (CISO) or a strategic partner with the necessary skill set—and associated costs are key to a successful program, and 71 percent of respondents revealed their bank employs a full-time CISO.

While technical skills are valuable in today’s business environment, financial institutions must overcome their dependence on skilled technicians who don’t necessarily have the ability to strategically look at the changing technological landscape. The CISO should build an appropriate plan by taking a full view of the bank’s technology and strategy. Without this perspective, a bank could provide hackers with an opening to breach the institution, regardless of size or location.

Institutions building the foundation of a robust cybersecurity program should also focus on three key areas:

  • Assessment tools: Is the institution leveraging the proper technologies to help maximize the detection and containment of potential issues?
  • Risk assessments: Has management identified current risks to the organization and implemented proper mitigation strategies?
  • Data classification: Has management identified all critical data and its forms, and addressed the protection of this data in the risk-assessment process?

Compliance
Compliance was the second biggest area of concern, identified by 49 percent of respondents. It’s an area that continues to evolve as new regulators have been appointed to head the agencies that regulate the industry, and technological tools—dubbed regtech—have entered the marketplace.

More than half of survey respondents indicated that the introduction of regtech has increased their banks’ compliance budgets, demonstrating that the cost of solutions and staff to evaluate, deploy and support these efforts in an effective manner is a growing challenge.

Because the volume of available data and the ability to analyze that data continues to grow, respondents may have felt this technology should have effectively decreased the cost of operating a robust compliance program.

Executives looking to decrease costs may want to consider the staffing required to operate a compliance program and whether deploying technology would allow for fewer personnel. When technology is properly used and standards are developed to help guarantee efficient use of it, the dilemma of acquiring technology versus adding staff can often be more easily solved.

Strategic Risk
Strategic risk was the third largest area for concern, identified by 38 percent of respondents. Many directors and executives are wrestling with what the future holds for their institutions. The debate often boils down to one question: Should they continue to build branches or invest more in technology—either on their own or by partnering with fintech companies?

Fintech companies are a growing player in lending and payments segments, areas that were historically handled exclusively by traditional institutions. That, coupled with clients who no longer value personal relationships and instead prioritize being able to immediately access services via their devices, increases the pressure to deliver services via technology channels.

Financial institutions have entered what many would call a perfect storm. Every institution will need to make hard decisions about how to address these issues in a way that facilitates growth.

Assurance, tax, and consulting offered through Moss Adams LLP. Wealth management offered through Moss Adams Wealth Advisors LLC. Investment banking offered through Moss Adams Capital LLC.

csanders

Craig Sanders is a partner with Moss Adams. He has been providing audit and IT security services since 1999. Craig works with clients in the financial services industry to implement core business systems, Internet banking and cash management platforms, business continuity and disaster recovery planning and programs, GLBA compliance, and telecommunications and security systems.