The demand for IT risk management is rapidly increasing in response to the rise in threats and the unprecedented wave of innovation spreading across the financial services industry.  Now is the time for senior financial services risk professionals to begin preparing for the array of changes that are altering the world in which we live.


With fragmented IT architecture and legacy infrastructure still widespread across the financial services industry, many organisations are already struggling to get IT risk management right. A wave of change is coming that will make this challenge even more complex.

Robotics, Fintech, artificial intelligence, cognitive computing and blockchain are some of the emerging trends that are expected to reshape the financial services industry and have a substantial impact on firms of all sizes and geographical spread.

Current approaches to managing IT risk, developed in an era focused on establishing controls for financial reporting, are no longer fit-for-purpose and need to be redesigned. As technology transforms banking and insurance and shifts the risk landscape, organisations will need to develop an entirely new approach to IT risk management.

Disruptive factors driving change

  • The integrated model is evolving – The emergence of integrated technology platforms will further change the financial services ecosystem, enabling users to consume banking services provided by multiple firms on a single platform, involving more third-parties and moving away from the traditional banking model.
  • Increased regulatory scrutiny – As the financial stability of firms becomes increasingly linked to technology, regulators are taking more interest in the effect of technology transformation on business.
  • Emerging technologies driving innovation – The emergence of new technologies, as well as increased collaboration across the industry and between regulators, is driving innovation like never before.
  • Cost focus at the top of the corporate priority list – Political and economic uncertainties are currently focusing corporate priorities on cost reduction and improved cash flow.

Five emerging themes executives can start to address now

Whilst technology was initially an enabler to the business, it is now a key differentiator in terms of cost, speed, innovation and customer experience. As the role of the Technology function has changed over the last 50 years, the role of those charged with IT risk management has evolved too. The IT Risk function will need to take the lead in driving a coordinated approach to dealing with some of the big issues:

  1. Redefine the accountability model – Consider how changes in the external environment, including changes to business models, further innovation or new regulation, will affect the risk landscape and the blend and balance of controls required. Determine how these changes will affect existing accountability models for risk and control, and how these changes can be embedded within the operating framework.
  2. Rationalise the control framework – Champion risk intelligent design across new systems, technologies and control frameworks. De-layer the control framework with more preventative, automated controls built into systems up front, enabling risks to be identified in real time, rather than hours, days or months later.
  3. Reassess the new risk and threat landscape – Assign responsibility for understanding the risk implications of new technologies to specific individuals who can coordinate the appropriate risk management response.
  4. Leverage opportunities to automate – Define an automation strategy and the principles for process, control, and reporting automation. Consider reducing the time spent on low value ‘risk administration’ activity and increasing time spent on removing layers from the control environment by implementing a consistent and scalable set of automated controls. Identify quick wins to drive adoption and to demonstrate, with little investment, the benefits to be gained.
  5. Rethink the IT Risk talent strategy – Develop and nurture a pipeline of talent with the right skill sets to meet the growing and more widespread demands. Consider the interface with other business risk management teams and how these functions can work better together.

The Opportunity

The financial services industry has never faced the combination of political and economic stresses it is currently facing.
Firms that seize the opportunity to act now and get on the front foot will not only reduce costs, but will also increase their knowledge of front-to-back risk and reduce time-consuming manual interaction and control management activities.
Furthermore, new technologies present opportunities for risk management simplification, improving risk management efficiency and embedding control automation. Tapping into these opportunities will enable firms to redeploy resources they currently expend on reactive ‘risk administration’ activities. Fostering a cultural shift towards forward-looking and business-aligned IT risk management will also better position firms to meet the long-term IT risk challenges that haven’t yet emerged or been identified.

Additional Reading:

Report: IT Risk Management. Disrupted. 


Chris Recchia

Chris Recchia - Partner, Financial Services Technology Risk, Deloitte LLP

Chris Recchia is a Partner within our Risk Advisory practice in the UK with over 15 years’ experience leading global assurance and advisory engagements across clients within the financial services sector. His relationships span across all levels – the board, executive management, 1st and 2nd lines of defence, internal audit, external audit, and the wider extended enterprise. He has a detailed understanding of technology risk management, business processes and IT risk and control environments, with additional specialisms in the execution and delivery of the technology components of large scale regulatory investigations.

Email | LinkedIn

Tom Bigham

Tom Bigham - Director, Financial Services Technology Risk, Deloitte LLP

Tom Bigham is a Director in our Risk Advisory practice with over twelve years’ experience in governance, risk, and control advisory services. Tom leads our IT Risk Management campaign for the UK Firm, and also runs our annual EMEA Financial Services IT Risk survey.
Tom has built up extensive experience in designing and embedding process, risk, and control frameworks, as well as managing complex governance, risk and compliance projects.

Email | LinkedIn

Rob Dighton

Rob Dighton - Senior Manager, Financial Services Technology Risk, Deloitte LLP

Rob Dighton is a Senior Manager within our Technology Risk & Controls team and is responsible for leading the delivery of our IT Risk proposition across financial services. He has 10 years’ experience in delivering large-scale governance, risk and control projects across the financial services sector. His core areas of focus are the design, implementation and enhancement of 1st and 2nd line risk management processes and operating model design for Technology Risk functions.

Email | LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.