In the financial services industry, we never stop navigating, and adapting to, disruption and change. In today’s highly interconnected and digital world, both disruption and change can have far-reaching implications with the potential to undermine the safety, stability and integrity of an individual firm or, more broadly, the global financial system. As the nature of risk has evolved over time, this reality has taken on greater significance for market participants and the regulatory community.
Now more than ever, financial institutions are reliant on IT systems and automation to deliver critical business functions. Technology resilience is a key enabler of business resilience, and IT departments must deliver solutions that increase service uptime and keep their business lines operational.
Here are three reasons to prioritize efforts to modernize your resilience capabilities:
- The growing frequency, sophistication and complexity of cyberattacks have significantly changed the nature of systemic threats.
Cyber risk consistently has been ranked as the number one concern by respondents to DTCC’s Systemic Risk Barometer Forecast 2022 since the inception of the survey in 2013. The ever-increasing sophistication and frequency of cyber threats only intensifies concerns over their potential impact. Existing strategies like data replication – designed to protect against physical disaster – could end up worsening the impact of a cyber-attack by rapidly spreading malicious code or compromised data across datacenters. Firms should plan for data corruption and destruction by leveraging an immutable data protection solution for key business processes.
- Increased automation and expanding interconnectedness of the financial ecosystem has heightened its vulnerability to disruption and contagion.
Economies of scale in the financial sector have generated tremendous efficiency gains, resulting in substantial industry-wide cost savings. However, these advances have also reduced the number of critical service providers, which creates significant consolidation and increases concentration risk. This concept, and others, is discussed further in DTCC’s Interconnectedness Revisited white paper. Furthermore, greater automation and continuous advances in IT systems have increased reliance on technology and accelerated the speed at which the impact of a disruptive event can spread. Additionally, increased interconnectedness between IT systems of financial institutions and third parties has further heightened the potential for contagion. Focus designs on smaller, independent components within the business functions to isolate failures and provide faster recovery processes.
- Resilience requirements have evolved and must be built-in at the application level.
Applications based on monolithic architectures that solely rely on infrastructure for availability and recovery are no longer sufficient to support modern application failure modes. Today’s applications are built on microservices and require designs that deliver granular protection and recovery processes that also mitigate the effects of failures on dependent services. Resilient capabilities need to be built in at the application level and designed from the ground up.
As firms modernize, IT departments should keep technology resilience at the center of everything they do by identifying and defining resilience considerations that should be applied across infrastructure and applications during the delivery lifecycle. For additional information on how to develop common reusable patterns made up of standard capabilities, components, and service to deliver consistent resilient solutions, I encourage you to read The Power of Technology Resilience: A Framework for the Industry white paper.