Since the onset of the pandemic, the ‘resilience imperative’ has been emphasised for the global business community, spurred by sustained periods of forced closure and COVID-induced operational wind-downs. The level of adjustment for enterprises will have varied greatly, and likely included migrating from physical-based architecture to cloud-based; bolstering online payments infrastructure and e-commerce capabilities; or revamping IT systems to enable seamless remote working arrangements.
None of these activities should be hastily executed, and must be viewed through the prism of Digital Operational Resilience (DOR). With growing appreciation at board level for the far-reaching benefits of enhanced resilience, we could well see the addition of a Chief Resilience Officer role to the traditional C-suite roster over the next 12 months. In this new regime, expect to see legacy processes being redefined by exciting deployments of A.I, M.L and Fintech solutions, setting enterprises on the optimised path to success in an increasingly regulatory-sensitive environment.
As illustrated by the research findings in Expleo’s Digital Resilience: The New Heart of Operational Risk report, an unprecedented phase of operational recalibration is underway. Let’s now explore some of the specific technology trends that are powering this wave of innovation.
Expedited digital transformation timelines
At a high level, perhaps the most pronounced trend we’ve collectively seen is the dramatic acceleration of digital transformation initiatives across the industry spectrum. Adopting a ‘digital-first’ corporate mindset is now very much in vogue, and can manifest itself in many forms – from an overhaul of workplace practices, to increased automation and cross-party intelligence sharing. In a rapidly evolving landscape, organisations are feeling the need to become increasingly agile and adaptable, while ensuring any fast-paced innovation is managed with tact and falls within regulatory checkpoints.
Depending solely on siloed business data for the purposes of improving customer profiling capabilities is an antiquated strategy. With innovations in Privacy-Enhancing Technology (PET) such as Zero-Knowledge Proof (ZKP) cryptography, partner organisations, or even competitors can engage in data-driven collaborations to uncover new actionable insights on customers. This is happening more and more, and can be conducted in a regulatory-compliance setting. For instance, competing retailers can use ZKPs to identify overlapping customers, and use this intel to conduct hyper-targeted customer outreach, without incurring any regulatory reprimands.
Growing prevalence of cyberattacks
At a time of heightened vigilance around data security, the growing prevalence of cyberattacks is a pressing concern for businesses across a range of industry verticals. Our report shows that 100% of firms with technologist board members have an enhanced focus on Digital Operational Resilience – perhaps recognising this higher level of risk regarding cyberattacks. However, the risk isn’t shared equally, as banks are actually three times more likely to be involved in a cyberattack than any other industry, and the incidence of cyberattacks has grown dramatically over the past two years. For all businesses, not just banks, developing a proactive defence strategy is essential, covering audits, addressing vulnerabilities, and rapidly re-testing to ensure new configurations are properly supported. The human capital required to carry out audits and system reviews of this nature can be substantial, a challenge that Machine Learning and A.I deployments can play a key role in resolving.
DORA implementation ambiguity
When it comes to regulatory preparedness, perhaps the most difficult hurdle is framework uncertainty – in which fundamental compliance requirements remain undisclosed. In fact, Expleo’s report indicated that only 20% of firms recognised the Digital Operational Resilience Act (DORA), while only one company is looking to take direct action as a result. Once unveiled, the UK has committed to implement the legislation, but as it’s still going through the legislative process in Europe, the final outcome is still unknown. It is not implausible that there could be certain nuances around what UK based organisations need to do to achieve compliance. As if that wasn’t confusing enough, the Brexit backdrop further muddies the waters. While DORA is a European initiative, it was actually drafted originally by the FCA and the PRA. In its current iteration as a European initiative, there’s still widespread debate about what implications there are for organisations in the UK compared to their European counterparts.