Digital Banking is growing fast, with some banks self-declaring themselves as technology companies and new digital banks significantly growing customer numbers. I have been working at the intersection of Technology and Risk within teams in Financial Services for the last few years, at both established firms and startups. During this time I have met very few people who understand both risk and technology well, particularly to the extent that they can make sense of both languages.
Even Senior Executives who are responsible for making important decisions relating to technology and risk often do not understand these in detail. Under the Senior Management Regime, individuals in banks have personal accountability for risk being taken in different areas of the business. This means people can have enforcement action taken against them if they do not act responsibly. So as it becomes harder to make sense of the risk from technology, it is more important to do so.
In the past, when most of the technology which banks used was backend systems, the responsibility for technology risk was typically delegated to IT teams. Risk was managed by defining processes and controls which all teams had to follow — architecture review, security testing, performance testing — giving rise the to ‘tick box’ mentality where teams see their objective as jumping through all hoops required to go live rather than understanding and taking ownership for the risk in the technology they are releasing.
With the rise of agile technology delivery and teams wanting to work more autonomously, this model breaks. It also makes it very difficult for Senior Managers to take informed risk when it relates to technology as it becomes virtually impossible to understand the implication of going live without a particular tick-box checked. They can either play it safe by not going live with anything which has not been through all waterfall controls and governance, potentially losing time to market, or they take accountability for risks they do not properly understand.