Increasing regulations amplify pressure on banks to revamp compliance framework



Earlier this year, the UK’s banks and financial institutions were encouraged by the Bank of England and the Financial Conduct Authority (FCA) to achieve better standards of operational resilience. The need to boost operational resilience has intensified against the backdrop of growing cyber security concerns and the rapid technological advancement disrupting the industry at present.

Managing risk and meeting regulatory requirements is a complex task, exacerbated by emerging risks and regulations. As a result, banks and financial institutions can develop more sophisticated responses by taking advantage of the technology and analytical tools at their disposal, with a more robust response required than that needed to manage traditional risks.

The viral nature of new age digital risks demands that institutions identify early-warning mechanisms in order to flag where problems may emerge before risks materialise. While doing this, banks and financial institutions need to also look beyond the current IT siloes across business units and corporate functions, to ensure a seamless cross-department regulation and risk management strategy.

Shifting from defence to offence

To begin with, banks and financial institutions have to stop treating regulations as a last minute checklist, simply ticking off the minimum compliance required to avoid fines. The problem with this approach is that it lacks sustainability, and the institutions will find themselves immersed in checklist after checklist, without visibility or the means to reflect on the impact of each regulation they have to comply with. Instead, banks and financial institutions need to be more forward looking, playing the role of a technician, a strategist and a forecaster, all at the same time. There must be constant assurance that these institutions have a robust and secure IT infrastructure to not be susceptible to hackers who are becoming more sophisticated in their tactics. This involves a deep understanding of legacy IT infrastructures and associated business processes, before implementing new technology, to ensure both will be able to work with each other without causing planned or unplanned risks.

Earlier risk-management functions involved simple risk models and frameworks to quantify risk and ensure organisational resilience and compliance. Over time, these frameworks emerged out of their IT siloes and translated into good risk management habits, embedded in the company’s culture. In today’s complex and ever-changing market, the focus also needs to include mitigating emerging risks. While the combined benefit of predictive analytics, scenario and trend-impact planning can be used to deliver more accurate predictions, banks and financial institutions need to identify threats and develop long-term strategies that balance risk and reward. This will lead banks and financial institutions to replace their current defence-oriented approach with a more holistic, proactive strategy.

Crafting a digital model for risk management

To ensure the smooth implementation of a change strategy, banks and financial institutions have to orchestrate a digital model aimed at aligning risk priorities with controls and metrics to scale and deliver. This will allow them to meet market and transaction dynamics while achieving an optimal level of business performance. Where formerly security practices and systems were segmented across business functions, the digital model must have an integrated approach. Banks can achieve greater levels of efficiency by centralising risk processes for reporting and transaction management. This can promote best-practice adoption, competency development and enterprise standardisation. They also enable the provision of other critical functions to be developed, such as the rollout of early-warning mechanisms and comprehensive risk reports with consistent standards across the organisation.

In order to reap the full benefits of risk strategies, banks and financial institutions must ensure that the compliance infrastructure is keeping pace with the increased complexity of regulations being introduced into the market. A variety of third-party platforms have been developed that are easy to use and will integrate well with a variety of data infrastructures. These third-party solutions not only help fast track major technological augmentation, but also provide much needed real-time visibility into threats and organisational readiness in the digital world.

Ensuring employee engagement

To ensure the compliance framework is embedded across day-to-day operations, it is imperative that organisations ensure they foster strong employee engagement and buy-in across the board. This involves ensuring all employees have visibility across the risks involved with every new technology or business process on-boarded, and the know how to embed risk mitigation into all their interactions.

In addition, training frontline workers on how to use and work with technology by taking full advantage of all it has to offer while ensuring the minimal risk of a failure like cyber security is imperative. Banks and financial institutions must spend time promoting digital literacy across the enterprise. Training and awareness becomes all the more important when companies realise the central role employees play in risk mitigation and compliance.

As banks and financial institutions report their exposure to risks and the measures they are taking to manage them, they should already be thinking about the next regulations, as well as the broader framework. Through creating the right roadmaps, educating their workforces and developing the right compliance frameworks, banks can come out on top in the face of increasing regulation. This will also increase the level of confidence within banks and financial institutions for managing cyber security risks and protecting themselves against any future vulnerabilities.

The stakes are incredibly high for banks if assets or sensitive information are exposed as a result of a recent breach or data security compromise. For many organisations, the need to protect themselves has become one of their top priorities. Banks and financial institutions must act now and adapt a business service-based, operationally-resilient model to absorb the impacts of expected and unexpected events while delivering normal services uninterruptedly to remain compliant as well as to drive sustainable competitive advantage in the digital world.


Kapil Lodha is head of banking and financial services consulting at EXL. He can be contacted on +44 (0) 20 7767 3500 or by email:

© Financier Worldwide


Kapil Lodha


©2001-2019 Financier Worldwide Ltd. All rights reserved.