Balancing Act: Risk management in the age of bank modernization

  • February 27, 2024

A strong foundation is crucial for any evolution. As humans have literal backbones, architectural and banking modernization requires a robust risk and compliance framework. It's imperative to incorporate risk and compliance considerations from the beginning, starting with the requirements and design phase, so that new platforms are built with the necessary controls and audit structures. Risks, controls and compliance shouldn't be an afterthought; they should be integrated into the core design, both from a regulatory standpoint and a practical execution perspective.

The benefits of modernization

Before moving forward, let's clarify the concept of "modernization." Platform modernization refers to the process of transferring or transforming data from legacy or in-house systems to more advanced platforms, such as cloud-based structures like Azure, AWS, and so on. When executed correctly, this modernization endeavor offers several significant benefits, including:

  • Enhanced efficiency: Streamlining processes and implementing modern technology can increase operational efficiency. For example, strong data control can increase the likelihood that required data is brought over to properly archive in an accessible format in case regulators are looking down the line. On top of that, it also informs what data needs to come over, minimizing the amount of data that needs to be converted and maintained.
  • Cost reduction: Modernization can help automate repetitive tasks, reducing manual labor and associated costs.
  • Improved customer experience: Upgrading systems and offering a digital banking solution. For example, it can enhance customer satisfaction by providing convenient and personalized services.
  • Optimized security: Advanced security measures as part of a modernization effort, help protect sensitive customer data and financial transactions from cyberthreats and bad actors.
  • Regulatory and risk management: Upgrading systems will help meet regulatory requirements, support compliance with new and evolving standards and allow more sophisticated risk assessment and management tools.
  • Better data insights and analytics: As data is moved into a more centralized platform, it enables better quality of data collection that can help better business decision-making as well as improve risk intelligence.
  • Increased agility: Modernized systems are more agile and responsive to market changes, enabling organizations to adapt to new trends, sanctions or regulations.

The crucial role of risk and compliance in building secure and efficient modernization platforms

By incorporating risk controls into modernization program requirements and the design phase, new platforms are constructed with appropriate controls and audit structures in place. For example, automated KYC and AML functions are vital in onboarding new and existing clients to new platforms. Controls should be at the table, helping to define the requirements such as third-party checks, PII data collection required vs not required and suitability checks.

Too often, product teams define elegant onboarding workflows only to face resistance from risk and compliance teams who may have different priorities. This lack of focus can hinder the deployment of solutions. Furthermore, the impact on current risk and compliance operating models shouldn't be overlooked, as they may require adjustments to accommodate future needs. This could involve reevaluating staffing levels, refining processes or adopting new technologies. Additionally, existing risks and controls must be considered, as they may need to be updated to align with the changes associated with bank modernization. It's crucial that regulatory requirements, such as anti-money laundering (AML) and Bank Secrecy Act (BSA) compliance, are upheld throughout the modernization process to uphold the continued protection of the bank against financial crimes.

Arsen Aslanyants, leader of NTT DATA’s Risk and Compliance practice, offered this, “With bank modernization, similar to a merger/acquisition/large-scale transformation, the potential changes in people, process, and technology have a material impact on the risk and compliance functions in an organization. These functions must stay dynamic and evolve to support target operating models and continuously evaluate emerging internal and external risks.”

To-do list: Risk and compliance considerations for bank modernization efforts

  1. Involve R&C from the outset: Ensure that risk and compliance teams are actively engaged in the requirements and design phase of modernization programs. Their expertise will help build new platforms with proper controls and audit structures in place.
  2. Define onboarding requirements collaboratively: R&C should be at the table to help define onboarding requirements, such as third-party checks, PII data collection and suitability checks. This collaboration encourages the integration of necessary risk and compliance measures throughout the modernization process.
  3. Prioritize automated KYC and AML functions: Implement automated KYC and AML functions as key components of onboarding new and existing clients to new platforms. These functions enhance risk mitigation and compliance efforts.
  4. Evaluate and adjust the risk and compliance operating models: Assess the current risk and compliance operating models and determine if they align with the future needs of the modernization efforts. This evaluation may involve adjusting staffing levels, refining processes or adopting new technologies..
  5. Conduct regular risk assessments: Perform regular risk assessments to identify potential vulnerabilities and gaps in the modernization process. This proactive approach allows for timely mitigation of risks and reinforces compliance with regulatory requirements.
  6. Implement robust data protection measures: Strengthen data protection measures to safeguard sensitive customer information during the modernization process. This includes implementing encryption, access controls and data privacy protocols to mitigate the risk of data breaches.
  7. Engage external experts if needed: Consider engaging external experts, such as consultants or auditors, to provide independent assessments of the modernization efforts and sustain compliance with industry best practices and regulatory requirements.
  8. Monitor and adapt: Continuously track the effectiveness of risk and compliance measures implemented during the modernization process. Regularly assess and adapt these measures to address emerging risks and evolving regulatory landscapes, ensuring that requirements, such as AML/BSA compliance, are followed and that financial crimes functions continue to protect the bank.

Mitigating risks, upholding compliance: A prerequisite for effective bank modernization

The symbiotic relationship between risk and compliance and banking modernization embodies a dynamic journey toward enhanced efficiency, customer satisfaction, and regulatory adherence. As financial institutions navigate the evolving landscape of technology and regulation, innovation and compliance remain a paramount focus. By embracing modernization while upholding rigorous risk management and regulatory standards, organizations can thrive in today’s environment and create a path toward a more resilient and sustainable future.

If you want to learn more about NTT DATA’s Risk and Compliance capabilities, contact us.

Subscribe to our blog

Eli Grossman High Res Headshot.JPG
Eli Grossman

Eli Grossman is a consultant in the Financial Services & Insurance practice at NTT DATA. Currently, Eli is combining his knowledge and skillset in both the wealth and risk management space. Internally, Eli is developing Third Party Risk Management solutions, specifically in the healthcare and insurance space. In his free time Eli enjoys reading and exploring all that Charlotte has to offer.


Related Blog Posts