Customers want to be able to carry out banking transactions regardless of where they are based. In order for FSIs to offer the complete range of online and offline services to make this happen, they need to ensure regulatory compliance across multiple countries. In some geographies, this may mean security controls may be required to redirect traffic to ensure that it stays local.
Implementing a security framework that provides localized and regionalized content to meet the different regulations goes beyond the need for compliance; it also helps to reduce the possibility of and minimize the cost and impact resulting from data breaches. Thus, FSIs need to look beyond just meeting regulatory requirements, but instead plan their security frameworks as part of a greater unified risk management strategy in order to offer their customers a trusted, reliable and secured banking experience.
3. Ensuring business continuity
Whether on the traditional or online platform, there is a possibility for any component of an FSI's IT infrastructure to experience service outages. From revised regulations resulting in the need to relocate data centers across borders to virus attacks and physical disasters, to even a routine as ordinary as scheduled maintenance, FSIs need to safeguard their existing infrastructures to meet their real-time business objectives while minimizing any cost or negative repercussions on customer experience.
This need is further exacerbated by the increased number of organizations moving their business processes to the Web to enjoy cost and time efficiencies, alongside their customers' greater acceptance and demand for online services for greater convenience and ease of access. According to a McKinsey survey on personal financial services in Asia-Pacific, the markets in the region witnessed clear increases in the use of digital channels to access banking services - a 39% jump in emerging Asian markets and a 36% jump in developed markets between 2007 and 2011.
From a compliance perspective, regulatory boards are also taking a more stringent approach in ensuring that FSIs put in place an effective framework around technology risk management. For example, in June 2013, the Monetary Authority of Singapore issued a Notice to Banks in Singapore which requires that any critical system within the bank's operations or services must not exceed a total of 4 hours of unscheduled downtime within any period of 12 months, and a recovery time objective of not more than 4 hours for each critical system.
An inability to deliver consistent services means a substantial amount of financial penalties for an FSI, it also significantly impacts their brand equity and customer loyalty. Furthermore, Web sites downtime can cost millions of dollars in lost revenue and productivity.