Pressured by technological disruption and regulatory requirements, businesses are building operational resilience to continue delivering services even in the most adverse circumstances.
The past two years have highlighted the need for organizations to increase their level of resilience in the face of a scenario of increasing uncertainty and constant change. It is a process that is experienced with particular intensity in the financial sector, where entities face the challenge of extending this concept to cover different dimensions, from operations and leadership to brand reputation, customers and financial plan.
Recognizing this need, regulators around the world have put in place a series of mechanisms to ensure operational resilience. In this way, organizations must be able to continue providing their services even in adverse circumstances, either because they have suffered a cyberattack or because an unexpected event has occurred. These aspects were discussed during the Building Digital Resilience in Financial Services meeting, organized by EXPANSIN in collaboration with Red Hat.
Complexity
“Financial institutions are seeing increased complexity as they adopt new cloud technologies and infrastructures, and want to reduce their strategic reliance on third parties,” said Richard Harmon, vice president and global head of financial services. at RedHat. Operational resilience is at the center of concerns, not only in Europe but globally. This was noted by Harmon, who added that “many financial institutions are reviewing their contracts with critical technology vendors to ensure they have an output if needed, whether due to service disruption, a loss of quality or a monitoring requirement”.
From the point of view of the entities themselves, “operational resilience is essential to build and maintain a relationship of trust with our customers, and also to allow us to adapt quickly to new contexts in order to continue to offer value” , assured José San Román, director of technology ING. With the strategy of transforming its platform towards a modular architecture entirely operated in the cloud, the ING boss stressed that “we must treat regulation as an opportunity to go further to protect our customers and offer better services”.
Along the same lines, “the importance of operational resilience is not new to the financial industry; what’s changing is the complexity of the ecosystem we’re facing right now,” said Vctor Espinosa, Global Head of Engineering for Client Solutions at BBVA. Among the keys for an entity to take the appropriate measures in this regard, Espinosa pointed out that “there must be commitment from senior management and it is necessary to think of the customer when designing resilience”.
As part of these digital resiliency strategies, “it is important to keep in mind that recovery time is crucial in the event of an incident, but it is also essential to balance the importance of having robust and secure systems that are at the same time flexible and enable agile business operations”, warned Christophe Mario, Chief Information Officer of Mutua Madrilea. Likewise, Mario added that the company is working on operational resilience under all its aspects “to continue to provide our services to customers in all adverse circumstances”, as has happened during the pandemic.
In the case of Europe, Brussels has been working for years on the development of the Digital Operational Resilience Regulation (DORA, for its acronym in English), which is scheduled to come into force in 2023. The regulation will mean a and a post in the Community Scope for the sector, including vendors and technology partners in control frameworks.
Jos Valio, technical director of Abanca, underlined “the sense of proportionality of DORA: it is essential that the costs are distributed and that the regulations evolve naturally so as not to lose competitiveness”. This is a factor that organizations keep in mind, as regulatory compliance comes to represent between 30% and 40% of their annual technology expenditure. However, Valio felt that “DORA could be a good opportunity” at a time when it is difficult to undertake new investments.
For her part, Julia Bernal, country manager of Red Hat in Spain and Portugal, agreed that “the arrival of DORA will mean new challenges for both banks and insurers”. Drawing on Red Hat’s experience working with financial industry companies around the world, Bernal concluded that “open source technology and a hybrid cloud approach can help meet regulatory obligations, reduce reliance on respect to technology providers” and to facilitate exit plans if necessary.
What the experts say
- Richard Harmon, Vice President and Director. Red Hat Global Financial Services | “Financial institutions perceive an increase in complexity and want to rely less on third parties”
- Victor Espinosa, resp. Global Engineer BBVA Client Solutions | “There needs to be a commitment from senior management, thinking about resilience from the customer’s perspective”
- José San Román, Chief Technology Officer at ING | “We must see regulation as an opportunity to further protect our customers and provide better services”
- José Valio, Chief Technology Officer at Abanca | “DORA’s sense of proportionality is fundamental, in order not to lose competitiveness”
- Christophe Mario, ‘information director’ of Mutua Madrilea | “It is critical to find the balance between robust yet flexible systems that enable agile business operations”
- Julia Bernal, country manager of Red Hat in Spain and Portugal | “Open source technology and a hybrid cloud approach help meet regulatory obligations”