Technology Risk: Balancing innovation and risk
29 January 2019
Today’s technology risk landscape is an intimidating one – sector disruption and emerging technologies are transforming the Financial Services (FS) industry – and it’s up to the technology risk function to make sure that the risks associated with that transformation are being managed and mitigated appropriately.
The rapid escalation of innovation in FS, particularly artificial intelligence (AI), robotic process automation and cloud technology, has radically altered how firms carry out their business, and the experience of their customers. But what does it mean for risk?
For example, AI may bring exciting opportunities but it also brings its own unique hazards. Some of those have become painfully apparent in recent months – the ‘flash crash’ of the Dow Jones at the beginning of 2018, when the Index dropped by 700 points in five minutes, was blamed on a domino effect created by the algorithms that power high-frequency trading. Social media algorithms have been shown to be vulnerable to manipulation and outside intervention, with profound societal consequences. In addition, a number of AI-driven programmes have shown their vulnerability to human bias and prejudice.
Innovators in the FS sector are in a race to reap the financial benefits of AI and other emerging and disruptive technology in order to remain competitive, sometimes at the expense of control and data. The technology risk function is at the front line when it comes to the consequences of innovation. However, there is a careful line to tread. The risk function should not be an inhibitor to innovation, but on the other hand the time to consider risk and controls is not the moment that a driverless car is launched onto a public road for example.
The answer is to encourage those developing new technology to consider risk and controls while they innovate. Technology risk functions should be a fundamental part of the innovation process, enabling those directly involved to think about risk at an early stage.
At our recent Financial Services Technology Risk Annual Leaders Conference, one speaker raised that the fundamentals of risk management have not changed for more than a century, so there is no reason to reinvent the wheel when it comes to emerging technology. The first ever bank robbery was carried out in Wall Street in 1831; robbers got hold of a key, took an imprint and let themselves into the bank overnight. On a basic level, the questions that could have prevented that robbery are no different from the questions we ask about cloud technology today: Who has the key and how can they get access to what we care about?
Risk functions must evolve as emerging technology evolves, but the fundamentals are the same. What is different is the detail. Addressing these problems will require joined-up thinking, a solid foundation of controls, and collaboration between those developing innovative solutions and those who must manage the risks once they come into play.