Celent Model Bank Awards: Fraud, Risk Management, Process Automation and Flub-Free

Celent Model Bank Awards: Fraud, Risk Management, Process Automation and Flub-Free

It is my privilege to be part of the judging panel for Celent Model Bank Awards for 2017 for the following three categories:

  • Fraud Management and Cybersecurity – for the most creative and effective approach to fraud management or cybersecurity.
  • Risk Management – for the most impressive initiative to improve enterprise risk management.
  • Process Automation – for the most effective deployment of technology to automate business processes or decision-making.

A common theme across this year’s submissions for the above categories is the importance of agile technology, digital process automation, and consistent and focused practices across the organizations. A large number of the entries show that a streamlined and automated operational risk framework is critical to run a successful risk management program. Everything connects and has a consequence and unless banks can join the risk dots across their ecosystems, they will continue to spend at a very high rate with unsatisfactory and, at times, devastating results.

Improved data analysis and machine learning capabilities also featured prominently in the winning case studies. A central data platform, automated processes and improved insights have produced notable increases in efficiency, better control of costs, reduced resourcing requirements, reduced errors and false positives and have made it easier for the banks to adapt to their digital footprint, an expanding cyber threat landscape, and intense and complex regulatory obligations.

Hopefully, no flubs on the big day

Without exception, every submission is of a high-quality and we found it a daunting task to pick the most worthy award recipients. In the end, we are excited and confident about our selection of winners in the above categories, yet we are sorry that we could not recognize so many others that clearly also deserve recognition.

At the moment we are staying tight-lipped about who won the awards. We will be announcing all winners publicly on April 4 at our 2017 Innovation & Insight Day in Boston. In addition to presenting the award trophies to the winners, Celent analysts will be discussing broader trends we’ve seen across all nominations and will share our perspectives why we chose those particular initiatives as winners. Make sure you reserve your slot here while there are still spaces available!

 

Stop Throwing Money at Cybersecurity

Stop Throwing Money at Cybersecurity

cyber-operational-risk-150x1501 Most cyberattacks succeed because of weaknesses in people, processes, controls and operations. This is the definition of operational risk. Therefore, it makes sense to tackle cyber risk with the same tools you use to manage operational risk.

We continue to prove that the approach of the IT department managing cybersecurity is not working. Cyber risk is typically treated in parallel with other technology risks; the IT department is motivated to focus on securing the vulnerabilities of individual system components and proffers a micro view of security concerns.

My new Celent report on Treating Cyber Risk as an Operational Risk: Governance, Framework, Processes and Technologies”, discusses how financial institutions are advancing their cybersecurity practices by leveraging their existing operational risk frameworks to centralize, automate and streamline management, technologies, processes, and controls for a sounder and more resilient cybersecurity.

The report identifies and examines the steps required to achieve a risk-based approach to a sustainable and, ultimately, a measurable cyber risk management strategy:

1. Establish a long-term commitment to drive a top-down, risk-based approach to cybersecurity.

2. Recognize that the traditional approach of the IT department managing cybersecurity is limited and that most cyber risks are weaknesses in people, processes, controls, and operations.

3. If you have not already, consider deploying the NIST cybersecurity framework and tailor the framework to fit your individual cybersecurity requirements. The framework lets you take advantage of your current cybersecurity and operational risk language, processes and programs, industry standards and industry best practices. Both cyber and operational risk should be informed by and aligned with the institution’s enterprise-wide risk management framework.

4. Move your organization along the cybersecurity maturity curve by building dynamic risk models, based on shared industry data and assumptions, to measure and monitor cyber threats and pre-empt those attacks.

5. Stop throwing money at the problem. Educate decision-makers on why and how breaches happen. Do not purchase in siloes or under pressure, select the right expertise to identify the issues and carry out due diligence on products.

6. Use the NIST’s five functions to navigate and manage cybersecurity technology requirements and purchases.

7. Know what technology you want from your vendors; know what advice to seek from your consultants.

8. Acknowledge that cybersecurity is the responsibility of every employee and human behavior is the most basic line of defense. Institutions cannot hesitate in the goal to educate their employees, third parties and customers.