Information technology risks in financial services
What board members need to know — and do
Boards’ risk-related responsibilities at financial services companies have intensified, with governance of Information Technology (IT) risk becoming increasingly critical. However, IT risk may be the one risk that the typical financial services board member may be least prepared to oversee.
Consider that at the heart of a financial institution lies, in essence, a technology company. Technology enables virtually every activity in financial services and consumes a huge portion of capital investments and operational expenses. A financial institution’s performance depends on the reliability and security of its technology.
System downtime can hobble an institution and its customers. The business relies on accurate and timely data. The changing technology landscape requires institutions to make strategic decisions on which technologies to adopt, and which to avoid. Weak controls in technology can lead to processing errors or unauthorized transactions. And regulators around the globe continue to focus not only on safety and soundness but also on compliance with country-specific laws and regulations.
Boards are as accountable for overseeing IT risk as they are for other risks. Ultimately, the effective management and governance of IT risk depends on both the senior executive team, including the chief information officer (CIO), chief risk officer (CRO), and chief technology officer (CTO), as well as well as a broad set of accountable managers from across the company. All financial organization leaders must understand IT risk and the levers available to ensure it is being adequately addressed. This paper highlights select IT risks for boards of financial institutions to consider, and suggests strategies they can employ to better oversee them.