Jason Harrell, DTCC Managing Director of Operational and Technology Risk and Head of External Engagement, joined a panel of industry leaders in Toronto at Sibos 2023 to discuss the top risks facing the financial industry and what it takes for financial institutions to effectively managing existing and emerging risks with the rising use of new and emerging technology.
Joining Harrell on the panel were Peter Dodic, Chief Risk Officer, Payments Canada, Susan Hawkins, Senior Vice President, Enterprise Payments, TD Bank Group and Erwin Kulk, Head of Service Development and Management EBA Clearing. The panel was moderated by Matt Devine, Partner, Financial Services Risk Consulting Leader, PWC.
Risks to the Financial Services Sector
During the panel, the audience was asked to identify the top risk management concerns facing their business today and attendees overwhelmingly cited cybersecurity.
The continued maturation of the industry’s use of supply chains and technology has fostered the growth of new financial products and services and drove changes to existing financial products services. This maturation has also increased the interconnectivity of the global financial markets creating a highly effective financial ecosystem. However, these financial market changes have created an ecosystem that can permeate risks across the financial services sector.
- Third-party and Supply Chain: As financial institutions become better with implementing cybersecurity controls, the risks are moving farther out into the supply chain, prompting financial authorities to update third-party guidelines to address the changes to the threat landscape.
- Emerging technologies: Integrating new technology solutions into the financial markets presents the opportunity to introduce new risks within the environment that must be managed.
- Interconnectedness: “The combination of third party, emerging technology, and interconnected risks creates an opportunity where an incident in one jurisdiction could impact multiple jurisdictions,” Harrell noted, adding that policymakers across jurisdictions are analyzing this, including the Financial Stability Board and CPMI-IOSCO.
Harrell added that “It could be a powder keg as the possibility of an incident impacting multiple financial institutions has moved from probable to inevitable.” Harrell, who is also Vice Chair of the Cyber Risk Institute, cited that the financial industry has developed the Financial Service Profile. The Profile can be used by financial institutions to align their cybersecurity programs with their compliance obligations and develop programs that increase their resilience.
Leveraging Technology for Improved Risk Management
The current operational and threat landscape is a melting pot of activity. New and emerging technology solutions such as artificial intelligence (AI) and cloud have aided financial institutions with being more resilient. AI can detect changes to normal patterns, identify variations to existing malware and fight fraud. Cloud solutions increase resilience by diversifying processing locations, creating a consistent operating environment, and facilitating the quick deployment of patches and security fixes. However, Harrell stated, these technologies like generative AI can also be used to develop better ways to attack the financial services sector.
Balancing Act
Harrell concluded that companies should prepare for a range of risks not previously encountered. “The Basel Committee set out a good framework in the Principles of Operational Resilience on how firms can increase their operational resilience through identifying critical operations, building process maps, discovering common points between critical operations, conducting drills, and finally, establishing accountability for implementing resilience enhancements.”
Jason Harrell (m) shares insights and comments with fellow panelists Susan Hawkins (l) and Peter Dodic (r).