24 Oct Top 5 Risks in Financial Services
Top Five Risks in Financial Services
Within the financial industry, we’re seeing a balance struggle to provide a smooth and automated experience to the customer while simultaneously maintaining a high level of security.
Below are the top five risks we’ve identified in the financial sector that will be prevalent through 2020 and beyond.
Damage to Company Reputation
Perhaps more than most industries, financial institutions need to be cognizant of their reputational risk. Reputation carries a lot of weight when it comes to customers trusting an organization with their money and personal information.
Wells Fargo, for example, has paid millions of dollars in fines and settlement agreements with customers. We’ve seen them attempt to manage PR with the replacement of CEO and other senior leaders, to little impact. Mary Mack, who runs Wells’ consumer bank, reports that their damaged brand image has shown a significant impact on gaining new customers, who often choose a competitor. A 24/7 Wall St article cites the company as “listed as the worst of any U.S. company in a major study of corporate reputations.”
It can be difficult to predict just how much impact an event can have on an organization, but as demonstrated with Wells Fargo, we know it can be significant. In an age where news travels fast and customer opinions carry weight and spread like wildfire, reputational risk is nothing to ignore.
With cybersecurity breaches becoming more frequent, it’s easy to forget the physical security aspects of data protection. However, to fully protect financial information, these physical security aspects are just as essential and require just as much consideration.
For example, the Federal Financial Institutions Examination Council (FFIEC) is responsible for establishing reliable guidelines and uniform practices for financial institutions and expectations for compliance. Among other requirements, they urge and regulate physical security for detective, preventative, and corrective controls. When you think of physical security, this would include security cameras in crucial areas such as ATMs and banks, access controls to restricted areas or computers, and having an actual security guard on premise of high risk locations such as vaults and teller areas.
The banking sector is the single most targeted area due to the biggest opportunity for reward. With people making purchases over numerous IoT devices and an ever-expanding amount of data scattered across the web, security is crucial. Gartner analysts expect that number of devices to reach 20.4 billion by 2020.
While Chip technology has significantly reduced in-person fraud, its quickly becoming outdated and does not address digital threats. Promising solutions include machine learning and predictive analytics, which can effectively detect network intrusions, secure user authorization, and analyze your virtual environment.
Biometric technologies also help tackle security and privacy issues, preventing fraud and theft with great success – and it’s supported! In a study performed by Visa, they found 86% of consumers were interested in using biometrics to verify their identity or to make payments.
As banking processes and technology evolve, so too do regulations and standards to help guide that change. Compliance to these regulations can be difficult and time consuming, requiring systems and processes to be put into place to meet regulatory requirements, which isn’t always cheap. Organizations are faced with the risk of not meeting compliance and facing the resulting fees. Organizations looking to save money with security efforts also gamble the extra risk of an event occurring, and the resulting fines for non-compliance.
Regulations are monitored by the FDIC, FFIEC, NCUA, SEC, and FHFA, among others. These governing bodies oversee compliance to regulations such as The Sarbanes-Oxley Act, which mandates security regulations and penalties, or the Bank Secrecy Act/Anti-Money Laundering, which requires a strong anti-money laundering compliance program.
Third Party Liability
Third parties are often necessary to support business functions, but can often introduce added risk of business disruption and data loss. Third parties become a large concern when financial organizations realize that they themselves are held responsible for the actions or shortcoming of vendors. At this realization, third party risk management becomes a focal point in their risk strategy.
FDIC dictates how institutions are responsible for activities through third parties and how these are often the same underlying risks that the company would have if they performed the task themselves. The involvement of a third party often increases the risk if proper precautions aren’t taken. Largely, these partnerships often require sharing confidential information to some degree. A survey conducted by Ponemon Institute showed that 59% of companies experienced a third-party breach in the previous year. The percentage shows the difficulty in managing security.
A Risk Solution
Risk management doesn’t have to be highly complex, and the cost of it shouldn’t break the bank (pun intended). Utilizing an effective risk management solution ensures that you’re not faced with the unwanted repercussions of an event. RiskWatch solutions help you stay prepared with over 35 regulations and standards at your disposal, and the option to create your own custom content.
Use RiskWatch for all of your financial services risk and compliance management.