By law, every financial institution in the United States is required to have efficient strategic plans to prepare for business continuity, third party management, and incident response. Traditionally, financial institutions tend to push these operational risk management tasks aside to allocate more time towards return on investment tasks. Resources are valuable and it is often difficult to justify investing them into something that isn’t needed every day. Because of this, financial institutions often throw operational risk management in as another job task in the already existing long list of duties of one busy employee. As a result business continuity plans, managing third party risk, and responding to incidents were recorded manually and left in a binder on the shelf to be forgotten. This binder may have been sufficient enough for regulators five years ago but today financial institutions could be in jeopardy of fines, penalties, or default.
Some institutions have prepared for this challenge by investing in nominal automated systems that make them look good for the regulators but are basically serving the same purpose as the binder. The information was put into the system at one point and remains sitting there for something to satisfy the auditors. The systems that are currently in the market are clunky, hard to use, difficult to maintain, and too expensive to justify which leads them to resort back to their manual process. Some financial institutions invest in several different systems from different vendors resulting in further complications. The problem leads back to the lack of resources to maintain the systems for their fully intended functionality.
Within the past 15 years, worldwide events have scared institutions into investing a greater focus into operational risk management. In 2001 the World Trade Center was attacked and in 2005 Hurricane Katrina devastated the entire southern region. More recently, terrorist attacks are occurring all over the world and cybersecurity threats are at an all-time high. Regulators are taking notice and are more vicious than ever. These institutions might have a plan or process that they can reference but will likely be insufficient when a disaster strikes in their back yard. These occurrences have left us wondering why financial institutions to this day still do not have sufficient systems to minimize these risks.
To alleviate the frustrations associated with maintaining an effective operational risk management program, we recommend consolidating your risk management needs into an all-in-one web based suite. A single solution for business continuity planning, vendor management, incident response, and alert notification will effectively and efficiently resolve the issues associated with maintaining operational risk management tasks. A suite with one centralized area to easily update and maintain all operational risk management criteria will satisfy the regulators and effectively prepare your IT and compliance personnel for any inevitable disruptions.
About The Author
Marc Riccio, President of Specialized Data Systems, Inc., has over thirty years of experience providing software solutions to the financial industry. Marc is known for his forward thinking and vision of introducing new and innovative technologies including “rules-based” Loan Origination software, COLD/Document Image Systems, Internet Security Services on Demand, Cloud Computing and now Operational Risk Management software. Prior to founding Specialized Data Systems in 1989, Marc worked for several technology companies as a Systems Analyst, Account Manager and Sales Manager. Among his significant previous positions, Marc served as Senior Marketing Representative for FiServ-Connecticut and worked in the Retail Banking and Systems group for Bank of America.