Pub. 8 2018 Issue 2

20 www.azbankers.org Mitigating cyber risk The potential for cyber risk has been increasing with greater interconnectedness in the banking ecosystem, rapid adoption of new technologies, and continued reliance on legacy infrastructure designed for a different age. These challenges are generally well-recognized—cyber risk is a top concern for financial services risk managers. 12 Staying ahead of changing business needs and addressing threats from increasingly more sophisticated actors are top challenges for executives. 13 This level of maturity is also reflected in the way cyber risk is current - ly managed at many banks. In particular, funding for cybersecurity continues to increase and there is greater cooperation among banks, counterparties, and regulators, including sharing of information and best practices. Also, many banks have been able to recruit specialized talent into their cybersecurity units. Yet cyber risk is only getting more complex, and in ways that are not fully understood and predictable by many. Hence, there is more to be done to make sure that cyber risk is baked into the bank’s operations ex ante, as opposed to ex post. That begins with building a robust culture of due care across the organization, and ensuring that cyber security is a key consideration in the design of business processes, strategy, and innovation. Since the transformation underway in many banks is largely tech- nology-driven, they should ensure cyber risk is explicitly considered and managed in every aspect of change—whether overhauling legacy systems or adopting new technologies. This focus on cyber risk as a critical element in almost every aspect of business will have numerous benefits. This includes the ability to improve speed to market and the ability to make firms more resilient and responsive to market needs, which is the very definition of agility. In short, cyber risk should be a core decision-making factor in everything banks do to transform and become agile. For example, as automation kicks into high gear through robotic pro - cess automation (RPA) and cognitive technologies, developing cyber security protocol in the design and oversight of these systems will be key. Similarly, as banking inevitably intersects with the Internet of Things (e.g., smart watches, artificial intelligence (AI) devices); cyber risk will have to become a dominant component in every decision. Open application programming interfaces (APIs) are another example of cyber vulnerability that will need particular attention. As it relates to regulations, banks could be leaders by exceeding man - datory state and federal regulatory compliance directives and ensuring robust cyber risk management systems. Fintechs and big techs Fintechs continue to lead innovation in the banking industry by sharpening their focus on customer experience. Banks face a number of choices: replicate what fintechs are doing, respond with equally innovative solutions, become more symbiotic and less competitive, or pursue a mix of these strategies that fit their unique capabilities and market positions. Although fintechs have undeniably made their mark on the banking in - dustry, many would agree that they have “failed to disrupt the competi- tive landscape.” 14 It seems premature to view fintechs and other nonbank players through the disintermediation lens. Incumbents will likely maintain market leadership due to three factors that work in their favor: 1. Regulatory barriers to entry 2. The natural inertia of customers to switch 3. The capital to absorb, partner with, or replicate fintechs However, it should be acknowledged that many fintechs have created innovative solutions that “are setting new and higher bars for user experience.” 15 But what these fintech and other nonbank tech play - ers in the banking space appear to represent is perhaps a changing ecosystem. As for technology behemoths’ acquiring banking charters and posing a threat to incumbents, achieving regulatory compliance and induc- ing customers to switch can be daunting tasks. Instead, these firms will likely be more successful servicing and partnering with banks, especially in the area of data sourcing, data analytics, and cognitive technologies. 16 Learning from fintechs and technology firms could also help banks rethink their competitive benchmarking. As fintechs and other nonbank players encroach on various business lines (e.g., lending, payments, trading, wealth management), it may behoove incumbents to compare with those they consider best-in-class in terms of the capabilities and solutions. This expansive view of competition can make them less vulnerable to future threats. To this point, banks can develop a more nuanced approach to fintechs by disaggregating the impact of fintechs on various business functions, including operations, finance, and marketing. 17 Exploring open APIs can also be important, as open banking would speed the integration into the rapidly morphing fintech-based ecosystem. The all-important byproduct of all of these efforts would be that incumbents become more adept at developing solutions that customers (existing and prospective) want and need. Reimagining the workforce Banks should consider rethinking their workforce strategy given how work is evolving—with increasing automation 18 and greater diversity in the labor pool. There is little doubt that automation is rapidly transforming work, and advances in technologies such as quantum computing will like- ly only accelerate this change. A seemingly natural reaction to the inevitability of an increasingly automated world could be to specu- late about the impact on jobs, 19 yet alleviating “automation anxiety” 2018 Banking Industry Outlook w Continued from page 19