Accounting for technology risk

COLUMN | August 18, 2023

Accounting for technology risk

Banks are transforming themselves to better meet the latest challenges and risks, yet a new survey of global banking executives reveals there’s still a lot more to do

By Simon Cox, Workflow contributor

Risk runs deep in banking. It’s the language banks speak. It’s woven into the industry’s DNA—core to its very existence.

Perhaps the greatest risks banks must navigate today relate to technology. Whether it’s an established bank undergoing a digital transformation or a born-in-the-cloud fintech, the way an institution handles technology risks affects its ability to compete in the marketplace.

My team at ServiceNow and I set out to determine how banks are faring in managing technology risks. We wanted to dig into topics like compliance, resilience, and preparedness for the future. So, we surveyed 750 banking executives from around the world on this topic, and we recently released a report of the findings.

I’m no stranger to the immense and growing pressures faced by banks, having spent 25 years as a technology leader in financial services. But after reviewing the results of our survey, I was both surprised and reassured.


Conquering technology risk in banking

The survey indicates that banks are addressing technology risks in similar ways. They’re prioritizing being able to trust their data. Many have made considerable progress with data management, governance, and technology, and plan to continue investing in these areas for at least the next couple of years.

This should give us all confidence. The banking industry is highly interdependent, with the largest banks critical parts of national infrastructures. Banks need to speak the same language and operate in similar ways to avoid creating ripple-effect problems.

At the same time, those banks that are less mature in technology risk management collectively have a good deal of catching up to do. The majority of those categorized as “beginners” in our survey are focused on cybersecurity, as well as compliance, IT operations, and cloud migration. Meanwhile, “leaders” have graduated to priorities like adopting innovative and safer business models and products and services. It will become increasingly difficult for beginners to close the gap with banking leaders as the pace of innovation accelerates. Which brings me to my next point: It’s time to roll our sleeves up for some heavy lifting.

The past few years have been defined by the pressing demands of a global pandemic, which forced longer-term risk planning to the back burner. Now we have the capacity to prioritize it once again, particularly as financial regulatory bodies around the world become increasingly active.

Risk has always been a central driver of change in the banking industry. Yet it is not being addressed as assertively as it must be to stay ahead of threats and regulatory requirements.

And banks face proliferating risks, not least of all new technologies such as cryptocurrency and AI that are radically changing the dynamics and landscape of the industry.

Yet only 64% of bank execs surveyed agreed that accelerated digital innovation is driving the need to improve tech risk management and resilience. This figure is far lower than it should be. When banks digitize and transform, the way data flows changes, as does the way people interact with technology and data. All of this necessitates a shift in how risk is assessed and managed.

At the same time, only 45% agreed that effective tech risk management requires IT, risk, and cybersecurity functions to work well together. I’ve seen firsthand—both in my days in banking and in my work with ServiceNow customers—the incredible benefits that accrue when you break down cross-departmental silos and adopt processes and tools that enable collaboration and democratization of information.

I would urge bank executives to reconsider their positions in these areas. From my vantage point, executives must get ahead of what is coming from regulatory bodies and focus on maturing fundamental risk management capabilities. This means acting in these areas:

  • Organization and culture: Embrace strong risk identification and management across the enterprise so that everyone considers themselves a risk officer. Shared stewardship engenders a better risk posture and helps employees feel more engaged and empowered.
  • Process and integration: Take a consistent approach to risk, everywhere. Use integration to codify risk frameworks and simplify adoption. These practices also make it easier to scale and extend frameworks as needed.
  • Governance: Ensure technology risk is a board-level conversation, not left solely to the CIO to manage, and that it is integrated with your broader business-risk view. Explore how new approaches to data sharing and internal reporting can support these efforts.
  • Data: Speaking of data and reporting, it’s key to identify sources of truth for your risk positions and build trust in them. It’s hard to have strategic, effective conversations about technology risk if you don’t have common interfaces for accessing vital data.
  • A single risk platform: Underneath those interfaces, there should be a unified platform that can host policies, risks, and controls, and aggregate enterprisewide data sources to enable real-time intelligent views of the risk and resilience of your organization.

Risk has always been a central driver of change in the banking industry. Yet in this moment of transformative technological change, technology risk is not being addressed as assertively as it must be for the industry to stay ahead of threats and regulatory requirements.

However, as our research shows, even though there is substantial work that individual banks must do, the banking community as a whole must be tightly aligned to ensure the system remains resilient and trusted by the public.


Reframing ESG

Related articles

How banks can conquer technology risk
How banks can conquer technology risk

Rapid digital innovation in the financial services sector can expose new vulnerabilities. Addressing them intelligently drives competitive advantage


Making Risk Pay
Making Risk Pay

In an uncertain world, security is a growth driver


How risk becomes reward
How risk becomes reward

Asia’s banks are increasingly approaching risk management as the common denominator for linking historically siloed operations. What will make their strategy pay off?



Simon collaborates with companies to leverage the ServiceNow platform.

Loading spinner