COVID-19 has created an incredibly difficult period, dramatically changing the entire social and business landscape across the world. A global health crisis, lockdown, and recession have put us in unchartered waters. At the same time, however, a positive development has come from this – that is, an acceleration of the digital transformation that was already underway. New data and technology capabilities have shown their power by enabling governments and authorities to track the virus and take steps to try and stop it from further spreading. We have also seen an increased adoption of technology in many other areas of the economy, including financial services where there was a quick transition to cashless payments as more people began working remotely. Now we must ask if we are prepared to understand and manage any potential risks that might emerge given the accelerated pace of technological change. To address this, the European Risk Management Council hosted a RiskVirtual meeting on July 22, 2020 for senior executives in Europe, APAC, and the U.S. entitled Post-COVID New Normal in Digital Transformation and Risk Management. It was a round table format featuring a number of respected speakers from across different firm types and geographies in financial services. Below is a summary of the key themes and issues that were covered.
A Few Opening Questions for Attendees
The session opened by asking attendees to respond to two questions:
- In light of the digital transformation, what are the most challenging areas for your organisation?
- What are the biggest constraints facing your organisation in its digital transformation?
Seven responses were possible for the first question, and attendees could choose more than one. The number one response was cybersecurity (24% of attendees), followed by data and management information (19%), and operational resilience (18%). Eight responses were possible for the second question, and attendees could choose more than one. The number one response was available budget (22%), followed by infrastructure capability (21%).
It was not surprising that the poll showed cybersecurity to be a major concern given the very fast rate of technology adoption that is taking place because of COVID-19. This is increasing the risk of cyber theft if things are not done in a comprehensive way. Available budget was not a surprising answer, as well, since a digital transformation often calls for experimentation, which requires sufficient funding to pursue a range of avenues.
Initial Thoughts on Digital Transformation from the Round Table Speakers
Looking at European capital markets, the industry and individual firms were already at an inflexion point prior to the COVID-19 pandemic. There were clear technology trends taking shape and firms were assessing them in the context of their specific businesses. Significant investments had already be made in areas such as cloud computing, the implementation of artificial intelligence (AI) and machine learning, and the use of data science. The pandemic further emphasized the need for this technology transformation. It also put a sharp focus on new priorities, such as leveraging technology to enable employees to work efficiently from home and taking steps to support resilience and cybersecurity for remote locations. COVID-19 is leading to an extension and re-evaluation of some of the investments that had been made.
COVID-19 will likely light the flame of AI in banking, for three main reasons:
- Changing public opinion. Many people have felt that robots were negative and would steal jobs. This idea has now changed, as people see robots protecting them from getting the virus. So, there has been a major reversal in public opinion towards robotics and AI.
- The ability to provide operational resilience. A new place for robotics and AI in financial services is emerging to help minimize chances for human error.
- New capabilities. Firms are finding new digital and robotic implementations that would not have been possible prior to COVID-19. Plus, the financial services industry is reaching a point where it is getting an understanding what needs to be in place from a risk management perspective for the safe and effective implementation of AI.
COVID-19 is both the best and worst thing that has happened to technology. It is the best because it is providing justification for doing extensive infrastructure work by demonstrating the dire need for having the pillars of a digital bank in place. After all, we have gone from people physically signing papers in a bank, to many working at home. It is also the worst thing that has happened, as firms are putting digital capabilities in place at a breakneck speed. This raises questions as to whether it is being done correctly, and if proper governance issues are being considered.
A fully-digital bank with no branches needs to balance three elements: (1) technology that is flexible and cloud-based, (2) governance and risk management frameworks to meet the needs of regulators and customers, and (3) purpose and passion to show things can be done differently from traditional banks. A digital bank can respond quickly to customer needs in trying times with mobile check deposit, the issuance of separate credit cards for caregivers, and more.
Many banks are experiencing a digital transformation in this environment due to necessity. In addition to supporting mobile deposits and similar activities, digitization is also critical to support how banks interpret the extensive data they have available for regulatory purposes. For example, under COVID-19 the interpretation of data for loan loss provisions has been quite different across banks that have comparable loan pools. This is causing a misalignment of standards, as well as capabilities, for interpreting data. Digitization is critical to help get this right.
Hacking has increased substantially as digitization has accelerated and many employees have been working from home without adequate firewalls and back-up protection. Firms across industries have seen their systems breached as cyber thieves have tried to take advantage of a crisis situation. Banks have also seen a rise in cyber risks. Good governance will be essential for handling the management of cyber issues. Strong cyber security will also be important to show customers that steps are being taken to avoid hackers and keep their data and money safe. In addition, with credit risk being a major concern for financial services, it will be important that cyber security does not fall down in the list of priorities, but stays front and center.
Two Additional Polling Questions
A third question was asked of attendees: What digital technologies will more likely become vital for risk management in the post COVID-19 world? Six answers were possible, and attendees could choose more than one. The number one response was AI and machine learning (30%), followed by big data (22%) and cloud computing (22%).
One speaker questioned why AI and machine learning was the top answer, saying that data cleanliness should be the priority before looking to technologies to use the data. It was pointed out that many firms are already using AI and machine learning for risk applications, financial crime tools and, to a lesser extent, the analysis of credit risk. It is possible to carve out a chunk of data, most of which is low dimensional without a lot of features, for these purposes. The more important question, however, is not how AI is used for risk management, but how firms manage the risk of using AI as it gains acceptance and use across an organization.
A final question was asked of attendees: My organization plans to stop the widespread remote working practice and bring people back to the office at this date. Four answers were available, and attendees could choose one. Overwhelmingly, they felt that a flexible working option would stay indefinitely (60%), followed by October 2020 (14%) and January 2021 (14%).
The speakers also agreed that flexible working will be permanent, but the word flexible needs to be defined. If it means a combination of at home and at work, it has implications for expenditures on office space and where firms and individuals may ultimately choose to locate. Timing for any return to an office environment may also depend on when a vaccine becomes available, plus a growing concern about the negative impact of reduced social contact. Firms may also need to be flexible to attract and retain talent, especially for technologists who often have more flexible work situations.
So far through this pandemic, both retail and wholesale financial services have remained resilient, showing that the digital transformation was already underway. Firms can now rethink their model in a wider sense and evaluate new priorities in the risk arena. For example, capital markets compliance will require new technology tools to monitor high-volume traders. Firms may begin to differentiate work at home policies depending on an individual’s responsibilities and needs for oversight.
Possible Changes on the Regulatory Front
The speakers agreed that regulators are turning their attention to systemic issues and firms that are outside the industry but key suppliers to the industry, such as cloud services providers. Regulators may also begin to look at resilience testing for the entire financial system, not just the cyber hygiene of one company. In addition, regulators will need to continue learning about the technology that is available in the banking industry so they can adjust their oversight practices accordingly. There may also be more of an emphasis on the fair treatment of customers in financial distress, given the increased volume of non-performing loans because of the pandemic.
It is clear that technology can offer a wide range of benefits if introduced and managed properly. Some aspects, such as AI, are becoming more accepted and seen as an enabler versus a threat. COVID-19 has accelerated the digital transformation within financial institutions and for the large employee base that works in the industry. Flexible work environments look like they are here to stay, but firms need to evaluate their control and security to avoid possible breaches. New and updated regulations will also be needed to keep pace with the times, with regulators embracing technology for what is becoming the new normal.
 “Loan loss provisions at the largest European banks”, S&P Global Market Intelligence, July 2020.
 WHO reports fivefold increase in cyber-attacks, urges vigilance”, April 23, 2020, World Health Organization, www.who.int/news-room/detail/23-04-2020-who-reports-fivefold-increase-in-cyber-attacks-urges-vigilance.