How to Build Conjunction between Operational and Cyber Risk Frameworks

More than ever, organizations need to align their traditional operational risk frameworks with cyber risk. RMA’s recent installment of the Governance, Risk, and Compliance Audio Conference Series offered insight into how to integrate operational and cyber risk. 

Guarav Kapoor, COO, MetricStream shared five key points to consider:

  • Disruption is the only constant. Kapoor advised predicting disruptions and being prepared to respond to both the known and unknown. IT disruption is the biggest threat and can result from breaches in data protection, third-party oversights, and lapses in governance and controls.
  • Harmonization of digital data is key. The use of digital information across the enterprise has led to data being stored in multiple sources. Different types of data are too often collected, stored, used, and purged across the enterprise without a harmonious strategy. Kapoor recommended creating an agile master data management approach of process, risk, control, and assets. Aggregating data from multiple sources will provide contextual insights and guidance.
  • Engaging the front line is critical. Fraud and theft are now concentrated in the digital realm. The digital enterprise together with the front line’s lack of expertise in understanding cyber risks provide ample opportunities for breaches. It’s essential to educate the front line about risk culture and empower them with information to make decisions.
  • Foresight is a competitive advantage. Kapoor stressed the importance of foreseeing risk events using digital information and the power of artificial intelligence. However, institutions should be aware that their use of automated decision-making faces increasing regulatory scrutiny. Human assistance is necessary to ensure accuracy, governance, and lack of bias in automated decision making.
  • Outcome-driven, agile programs are an important future strategy. Institutions that adopt new ways of doing business without the proper control environments create vulnerabilities. Kapoor recommended building an integrated operational risk program that can adapt to ever-advancing cyber risks and make continuous change without disruption.

Washington, The Week Ahead - June 1-5, 2020

Read More

1Q 2020 Credit Trends in Commercial Lending

Read More

Hire a Hacker? How an Ethical Hacker Can Protect Your Financial Institution

Read More

comments powered by Disqus