Future of Financial Services Workforce

UntitledFinTech disruptors have been finding a way in by focusing on a particular innovative technology or process in everything from mobile payments to insurance. A forte of technologies “AI-ML-DL-NLP-CV” is fueling the FinTech innovations. The large financial services companies can’t be complacent as FinTechs have been attacking some of the most profitable elements of the value chain and as well as areas which were historically subsidized.

Let us refresh our memory on these AI technologies and their relevance to the financial services industry.

  • AI makes machines to learn from experience and perform human-like tasks – AI offers robotic & intelligent process automation (RPA/IPA) of financial processes
  • ML is a specific subset of AI that trains a machine on how to learn – ML is enabling algorithmic trading lead to better predictability and decisions around credit and consumer lending, thereby lowering risk to the bank or financial institution
  • DL is s a type of ML that trains a computer to perform human-like tasks, such as identifying images – leverage big data (customer demographics, consumption records, etc.) to parameterize a DL model that can simulate the likely response to new product/service configurations (e.g. new credit card with cash rewards, moderate interest, zero interest on balance transfers, etc.)
  • NLP is a branch of AI that helps computers understand, interpret and manipulate human language – NLP is shaping the future of banking with voice assistants and ubiquitous computing.
  • CV s a field of AI that trains computers to interpret and better understand the visual world –  CV is transforming financial services by using appealing visuals and new solutions for a new world where seeing is believing

These new-age FinTech developments are leading to a continuous transformation of the financial services workforce. The changing landscape and evolving financial services resource pyramid is presented in the diagram above. I would like to highlight a few trends reshaping the talent of financial services on this blog post.

  • AI automating business-as-usual activities of financial services: Robots and AI already started addressing key pressure points, reduce costs and mitigate risks. Building capabilities to target a specific combination of capabilities such as social and emotional intelligence, natural language processing, logical reasoning, identification of patterns and self-supervised learning, physical sensors, mobility, navigation and more are in swing. The goal is to look far beyond replacing the bank teller. There are whole categories of work that had not been seen as cost effective to automate. However, with lightweight software ‘bots’, workers are freed up to focus on higher value activities.
  • Changing patterns with Human vs Machines foray: Are financial services firms moving to re-shoring of work with talented machines? The answer seems to be, Yes. In the last two decades, many financial firms have ‘offshored’ repetitive tasks to lower-cost locations such as India, China, and Poland. However, relative costs for labor in those regions have started to rise. Combine this with improvements in robotics and AI capabilities and machines are becoming credible substitutes for many human workers. As the capabilities continue to improve and technology continues to drive down the cost of machines, these forces will combine to spur re-shoring, as more tasks can now be performed at a competitive cost on-shore. Even functions that seem dependent on human input, such as product design, fraud prevention, and underwriting, will be affected. At the same time, the need for software engineering talent will continue to expand
  • It is not just automation, Technology is picking high-end work: ML is enabling next-generation algorithmic trading systems are moving from descriptive and predictive to prescriptive analysis, improving their ability to anticipate and respond to emerging trends. And while algorithm trading programs were once limited to hedge funds and institutional investors, private investors can now get access to them too. AI soon automate a considerable amount of underwriting, especially in mature markets where data is readily available. Even in situations where AI does not completely replace an underwriter, greater automation would allow humans to concentrate on assessing and pricing risks in the less data-rich emerging markets. It would also free up underwriters to provide more risk management, product development advice and other higher value support for clients.
  • While building machines, the real focus is on accessing the necessary talent and skills to execute strategies and win markets: Financial services firms lack the internal knowledge and expertise need to implement a customer-centric approach. For example, a mainframe programmer who maintains a core banking platform may not have the skills or interests to learn to code AI applications. Many senior IT executives, non-IT staff-members, and even technical personnel do not have the skills needed to build and operate an effective digital channel offering. Financial institutions are starting to realize they will need talent with very different skills. This might mean finding more industrial engineers for robotics work, or retraining underwriters to do higher value work once AI is used to automate certain existing functions. But the issue runs deeper than developing a different competency model. First, firms to understand what is already working and what needs to be done differently. This might involve changes across the human capital strategy through revitalized recruitment, learning and development, partnering and cultural initiatives.
  • The contingent workforce is creating the talent-exchange mindset: financial firms need to address is the growing preference for flexibility and entrepreneurship among many in the labor force. In the United States, the US Chamber of Commerce has found that 27% of the labor force is currently self-employed, and some believe that this ‘contingent workforce’ could rise to 40% or more within several years. Practically, for this reason alone, financial institutions will need to adopt a ‘talent exchange’ mindset, leveraging part-time and/or self-employed individuals in a creative manner. This may range from bidding out specific tasks or work to expanding the use of seasonal or temporary workers. Of course, this will introduce challenges around culture and quality, and this will introduce new opportunities as well. For example, we might see employers using online platforms to manage confidentiality and legal risks in creative ways.

Artificial Intelligence capabilities impacting the financial industry and thereby attitudes toward work continue to change, some of the attributes that have benefitted institutions in the past such as big firm and stable employment are slowly losing their appeal. Refreshing financial firm’s approach to recruiting, learning and development, and culture may offer an effective way to address issues that FinTech has brought into the open market.

Welcome your ideas in further spotting future trends in financial services workforce.

 

Preparing Banks for “Getting to Strong” Regulatory Mantra with robust Vendor Risk Management

“A bank can outsource a task but cannot outsource the responsibility”

Anatomy of Vendor Risks at Banks:

In today’s world it became inevitable for Banks to outsource and integrate external vendors for effective and efficient operations. Banks sourcing arena extended to entire value chain beyond core processing and information technology to accounting, appraisal management, internal audit, HR, sales and marketing, loan review, asset and wealth management, procurement, and loan servicing etc. Most large banks deal with over 1,000 vendors; many have tens of thousands. Besides the large number of vendors, banks use of Global In-house Centers (GICs) and 3rd party service providers increased from very insignificant levels in early 1990’s to almost 10 times higher by the end of 2015. Historical approach to sourcing indicates that the degree of vendor play varies by LoB – Mortgage, Investment Banking, Credit Card, Corporate Banking, Retail Banking and Treasury Services and further by Function within each LoB, ex: for Credit Card LoB – Origination, Servicing, Collections, Fraud, KP, Customer Care and IT. Ensuring outsourced activities are conducted in a safe and sound manner is bank’s board of directors and senior management responsibility. The irony is enforcement actions and fines banks facing as a result of breaches, cyber-attacks, data security running over billions of dollars mounting bank risk exposure. The following are few common risks in sourcing engagements.

  • Strategic Risk: Risk arising from adverse business decisions, or the failure to implement appropriate business decisions in a manner that is consistent with the organization’s strategic goals.
  • Compliance risks arise when the services, products, or activities of a service provider fail to comply with applicable U.S. laws and regulations.
  • Concentration risks arise when outsourced services or products are provided by a limited number of service providers or are concentrated in limited geographic locations.
  • Reputational risks arise when actions or poor performance of a service provider causes the public to form a negative opinion about a financial institution
  • Country risks arise when a financial institution engages a foreign-based service provider, exposing the institution to possible economic, social, and political conditions and events from the country where the provider is located.
  • Operational risks arise when a service provider exposes a financial institution to losses due to inadequate or failed internal processes or systems or from external events and human error.
  • Legal risks arise when a service provider exposes a financial institution to legal expenses and possible lawsuits.
  • Transaction Risk: Risk arising from problems with service or product delivery such as inadequate capacity, technological failure, human error, or fraud, exposes the organization to transaction risk.
  • Credit Risk: Risk that a third party, or any other creditor necessary to the third party relationship, is unable to meet the terms of the contractual arrangements with the organization or to otherwise financially perform as agreed. Credit risk also arises from the use of third parties that market or originate certain types of loans, solicit and refer customers/members, conduct underwriting analysis, or set up product programs for the organization.

Hence having robust vendor risk management program and stringent oversight is deemed necessary for Banks and Financial Institutions that are striving to satisfy the U.S. “Getting to Strong” regulatory mantra. Large banks are integrating comprehensive risk management into their sourcing governance and mid-tier banks most often managing vendor risks at the transaction level. But according to “2015 Vendor Risk Management (VRM) Benchmark Study” by the Shared Assessments Program and Protiviti, the overall VRM maturity rating of <3 on a scale of 5 is alarming and Banks shall focus on advancing vendor checks and controls. Therefore, the Office of the Comptroller of the Currency (OCC) expects more comprehensive and rigorous oversight and management of third-party relationships that involve critical activities—significant bank functions (e.g., payments, clearing, settlements, custody) or significant shared services (e.g., information technology), or other activities that

  • Could cause a bank to face significant risk if the third party fails to meet expectations.
  • Could have significant customer impacts.
  • Require significant investment in resources to implement 3rd relationship and manage the risk.
  • Could have a major impact on bank operations if the bank has to find an alternate third party or if the outsourced activity has to be brought in-house.

US Regulatory Landscape:

With the pressing need of ensuring appropriate vendor risk management at banks, the key regulatory bodies like Office of the Comptroller of the Currency (OCC), Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC) and National Credit Union Administration (NCUA) is marching in step on the topic. Greater attention on status and progress of VRM programs is demonstrating through consistent follow-ups by Federal Financial Institutions Examinations Counsel (FFIEC).  Financial Stability Oversight Counsel (FSOC) and Presidents Working Group on Capital Markets (PWG). Other standards and coordinating forums bringing emphasis on assessing and mitigating risks which include – ISO 27000 (International Organization for Standardization: Code of Practice for Information Security Management), COBIT (Control Objectives for Information Technology) and NIST (National Institute of Standards and Technology).

The following are key steps for a bank “Getting to Strong” Regulatory Mantra through establishing robust Vendor Risk Management.

First Step is Assessment of Vendor Risks: 

The popular approach to risk assess the vendors is the evaluation of the likelihood and impact of identified vendor risk (Quantity of Inherent Risk) compared with the vendor controls in place (Quality of Mitigating Controls) to derive the Residual Risk rating that determine the degree of risk with each provider.

The Quantity of Inherent Risk inherent with the vendor is determined by evaluating the criticality, access to sensitive data, reliability, and scalability of the vendor. Vendors rated as High or Moderate should then have respective vendor controls evaluated to determine the overall Residual Risk. The key dimensions to consider include, Strategic Risk, Reputation Risk, Operational Risk, Transaction Risk, Compliance Risk and Credit Risk as defined above.

Quality of Mitigating Controls refers to how well risks are identified, understood, and controlled. A rating of Weak, Adequate, or Strong is determined through interviews and assessment with Organization managers. The following table details the dimensions considered in determining the Quality of Mitigating Controls

  • Responsibility: Level of Board and/or senior management involvement with overseeing vendor management program. Training on vendor products and services. Alignment of vendor with the Organization’s strategic goals.
  • Policies and Procedures: Written policies governing the use of the vendor. Operational procedures that provide instructions for activities using the vendor’s products and services.
  • Vendor Selection: Descriptions of the Organization’s expectations and due diligence efforts involved in the selection of the vendor.
  • Contracts: Contract durations, termination, and assignment with vendor including use of escrow agreements, legal counsel involvement, rights and responsibilities, and service level agreements.
  • Ongoing Monitoring: Monitoring policies and procedures that review the financial strength of the vendor, service level metrics, key vendor personnel, and alignment of the vendor with the Organization’s business strategy. The review of the vendor’s internal control environment.
  • Information Security: The protection of confidential information through the review of the vendor’s information security environment.

Finally Residual Risk Rating of the vendor is determined by comparing Quantity of Inherent Risk) with the vendor controls in place (Quality of Mitigating Controls).

Second step is Understanding Bank’s Risk Appetite and Segment the Risks:

After determining the residual risk rating of Vendors, bank has to evaluate its own Risk appetite which is one of the essential concepts that must be understood and consistently applied to be able to reap the strategic benefits out of this emerging perspective on governance and risk management. Risk appetite is the amount and type of risk that a bank is willing to pursue or retain (ISO/IEC guide 73:2009). Similarly, the COSO’s Enterprise Risk Management Framework defines risk appetite as the “amount of risk an entity is willing to accept in pursuit of value” clearly recognizing the opportunity dimension. The COSO framework also recognizes that is reflective of the entity’s risk management philosophy, which in turn influences the entity’s culture and operating style.

Risk appetite is about establishing a strategic boundary between the amount of risk that a bank is willing and able to take as an integral part of its business model / profitability on one hand and the level at which it wants to expose itself to “bad things happening” on the other, together with a set of strategic, financial and operational risk parameters and tolerances.

Regulator’s perspectives on risk include both institution-specific and systemic risk arising from risk concentration. So risk segmentation is an important phenomena for a bank that goes in tandem to measuring risk appetite to define VRM measures aligning with criticality of the sourced services. By overlaying risk appetite and vendor residual risk rating, the risk segmentation of bank’s services typically fall into one of the following three major clusters.

  • Tier I services (or vendors) are critical activities that warrant individual focus and dedicated resources to asses and manage risks, including specific actionable plans for key risk exposures
  • Tier II services are typically those activities with lesser-value exposure and operational sensitivity. These services require moderate time, attention and resources
  • Tier III services are low-risk activities, which may be managed as a group or on an exception-basis only

On a Ongoing Basis Taking a Life Cycle Based Approach to Vendor Risk Management:

The OCC expects a bank to have risk management processes that are commensurate with the level of risk and complexity of its third-party relationships and the bank’s organizational structures. An effective third-party risk management process follows a continuous life cycle for all relationships and incorporates the following phases:

  1. Planning: Developing a plan to manage the relationship is often the first step in the third-party risk management process. This step is helpful for many situations but is necessary when a bank is considering contracts with third parties that involve critical activities.
  2. Due diligence and third-party selection: Conducting a review of a potential third party before signing a contract5 helps ensure that the bank selects an appropriate third party and understands and controls the risks posed by the relationship, consistent with the bank’s risk appetite.
  3. Contract negotiation: Developing a contract that clearly defines expectations and responsibilities of the third party helps to ensure the contract’s enforceability, limit the bank’s liability, and mitigate disputes about performance.
  4. Ongoing monitoring: Performing ongoing monitoring of the third-party relationship once the contract is in place is essential to the bank’s ability to manage risk of the third-party relationship.
  5. Termination: Developing a contingency plan to ensure that the bank can transition the activities to another third party, bring the activities in-house, or discontinue the activities when a contract expires, the terms of the contract have been satisfied, in response to contract default, or in response to changes to the bank’s or third party’s business strategy.

In addition, a bank should perform the following throughout the life cycle of the relationship as part of its risk management process:

  1. Oversight and accountability: Assigning clear roles and responsibilities for managing third-party relationships and integrating the bank’s third-party risk management process with its enterprise risk management framework enables continuous oversight and accountability.
  2. Documentation and reporting: Proper documentation and reporting facilitates oversight, accountability, monitoring, and risk management associated with third-party relationships.
  3. Independent reviews: Conducting periodic independent reviews of the risk management process enables management to assess whether the process aligns with the bank’s strategy and effectively manages risk posed by third-party relationships.