Building Resilience in Transformation and Change...
3 Risks Investment Banks Face on IPO Day
How Automating Regulatory Reporting Can Increase Human...
Why Do You Need to Improve Your Enterprise Change...
What is Enterprise Change?
Why You Need to Rethink the Way You View Resilience
OCC Risk Perspective Shows Link Between Change Management &...
Is Treasury Committee Banking Inquiry Missing Root Cause of...
February 5, 2019
Mark Heywood: Do you think the regulator could do more? Should we be encouraging ourselves to look more at change and improving change?
Richard Bell: I quite like the regulator's position on resilience. The recent paper on resilience made it very clear that although organizations are moving more and more towards automated, systematized responses to resilience-type situations, the accountability is always going to sit with a human being and I think that was quite a sobering point in that paper that you can do whatever you want to to systemically prepare, but ultimately an individual will be called to account for what happens to the organization. I think on the other side, the PRA side of things, the whole conduct risk piece was probably more relevant to the change rather than the resilience that says change needs to be carried out with integrity on the basis that change failure has an adverse impact not only on clients, but also on employees. It's a bad experience for both and therefore key decisions around change and transformation need to be taken at a senior, accountable level in an organization.
Mark: I completely agree with that. If I go back to the crash and a regulatory segment that came out or a regulatory exercise that came out of that - the "Dear Chairman" letter which went to a number of the big lenders in the UK. It specifically asked a question that had not been asked before and that was "at board level, how can you convince yourself that you have the right operations and technology skills on your board to know what is going on in your organization?" To your point - stop pushing it down the organization, stop the middle and junior management having all of the risk and let's raise the level of debate and I think the only way to do that is to define the impact of disruption in terms that the customer would understand. And to your point about employees, banks shouldn't forget that the majority of their employees are also by connection clients and customers of the organization as well as being employees. And I think we've learnt a huge amount about that so it was great to see last summer's statement about disruption and about having a senior person in control which kind of brings us back to the debate about - you can't put technology or a machine on the stand and ask them questions, it has to be about humans. So despite how much automation goes on it will always be a human being making that decision. The Treasury Select Committee have just launched an inquiry into this sort of thing, do you - and again just to touch on whether you think the regulator is doing enough - to me it feels a little bit like they're looking at incidents rather than the root cause, is that fair?
Richard: I think the Treasury Committee's brief to focus on these major outages which everybody believes are becoming more frequent and having more and more significant impacts on clients and particularly getting access to their funds is a really important thing to take a look at now. But I think this is less about how banks respond to the outage and probably more about the root cause. 80% of all major incidents have their root cause in some kind of planned change. I think this inquiry has a real opportunity to get an appreciation of the complexity and the demands that banks are working under.