Over the last several years, financial services institutions have adapted to and addressed new and sophisticated cybersecurity threats, increased political instability, more unusual weather events, emerging competitors, rising customer expectations, and a more rigorous regulatory environment.
There’s a well-worn playbook for this sort of rapid change: see it, solve it. When an issue or opportunity emerges, teams spring into action to assess the situation and strategize the next steps. Often, they either buy or build a single-point technology solution to address the issues. And while that approach can work, over time, the complexity attributed to multiple siloed solutions results in technical debt. Ultimately, the “see it, solve it” approach leads to a disconnected collection of one-off tools that are often expensive and hard to maintain.
But it’s not just the hard costs of tool sprawl that add up; it also has a major impact on people. Teams find themselves manually toggling between tools to do their jobs. When other issues arise, teams respond by deploying even more technologies or adjusting processes. Thus, the learning curve for employees starts to feel like a roller coaster. And if employees experience change fatigue, it’s likely that the new technologies and processes will fail.
We’re never going to stop the onslaught of change in financial services. The industry will still have to navigate everything we see today, while also preparing for future change. But there is an opportunity to build on the “see it, understand it, recover” approach and embrace always-on digital resilience.
Always-on digital resilience means building the capacity and capability to adapt to any unexpected event. Change stops being a standalone project, and systems and processes endure and adapt to that change as part of normal, day-to-day business. In short, change and agility become a way of life. With that mindset, financial services institutions can focus less on trying to predict what’s coming down the regulatory pipeline or when the next headwinds will hit and, instead, fortify their ability to adapt to anything.
Regulation raises stakes for digital resilience
Digital resilience is more than just a nice-to-have for financial services institutions. A dearth of industry regulatory compliance mandates keep it at the top of the agenda on a global scale.
The EU’s Digital Operational Resilience Act (DORA), for example, focuses on maintaining the security and availability of critical business services so that the financial services industry continues uninterrupted, even when issues are faced The regulation has broad impacts including how institutions will manage information and communications technology (ICT) risks, report incidents, share information, and bolster operational resilience.
The EU is not alone. From the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), and Bank of England (BoE) in the UK to the Money Authority of Singapore (MAS), regulators around the globe are mandating operational resilience in financial services’ systems and processes.
But for financial services, operational resilience is about more than just compliance. It also affects the speed of everyday business and customer experiences. A prime example comes from the U.S. Securities and Exchange Commission (SEC), which adopted T+1 in 2023, requiring settlement of stock trades in one day instead of the previous norm of two days (T+2). While initially, the T+1 rule may not seem like a monumental shift, in reality, it fundamentally transforms stock trading operations. Financial institutions, with average daily trade volumes in the millions or higher, now have to complete those same transactions in half the time. There’s no longer time for manual intervention. And if something goes wrong, they must know right away if any trade is at risk of failure.
To meet these new SEC mandates, financial institutions need a well-oiled system of operational resilience, which includes advanced automation, observability, and accelerated cloud adoption, along with tight alignment between people and processes.
Meanwhile, the SEC is considering moving to T+0, which aims to achieve same-day settlements. This change might arrive just as organizations become acclimated to T+1.
If anything, that means that all financial services organizations will need to ramp up operational resilience strategies and act with the future in mind instead of reacting to the here and now because the next shake-up is already on the horizon.
Laying a foundation for always-on digital resilience
Change and unexpected events are inevitable in the financial services sector. And when the next shift comes, I believe financial institutions can be ready. To do this, they must move beyond point-by-point compliance strategies though. This is especially true for international institutions that must manage regulations in multiple regions.
A forward-looking operational resilience strategy requires financial services institutions to focus on:
- Building cyber resilience in an evolving threat climate.
- Keeping systems and applications up and always running.
- Maintaining preparedness for whatever’s next — from regulations to opportunities to threats.
Operational resilience requires organizations to think holistically about their environment. It also means investing in the right technologies to monitor end-to-end business processes and act swiftly and with confidence every time. This means consolidating tools and bringing relevant data to one place, accelerating issue detection, investigation, and response.
I have no doubt that financial institutions have what it takes to thrive, but they must prioritize operational resilience. Only by doing this can they build an agile foundation for the future that lets them adapt to adversity and be ready for anything.
For more insights and perspectives from security, IT, and industry leaders delivered straight to your inbox, sign up for our monthly newsletter.
