With business operations ever-expanding globally and data held growing exponentially, the sub-sequential challenges on financial services firms are all too familiar. Combine this with the hurdles we have had to jump through with social changes through the pandemic, ever-increasing regulation, and disruption to the geopolitical landscape; unsurprisingly, many firms are concluding it timely to review their business continuity policies and procedures.
The value of centralized, reliable, and robust data has long been recognized as a key component to delivering competitive advantage, so with a widely dispersed workforce, dangers to regional security, and increases in cyber threats, how do we now determine the best practice for business continuity?
How do we ensure the readiness to react, restore and recover data is speedily deployed in case of emergency to protect our operations and client relations?
Business continuity in the banking sector
At its most basic delineation, business continuity can be defined as the processes, procedures, decisions, and activities to ensure that an organization can continue to function through an operational interruption. It is focused on creating the blueprint enabling the organization to navigate new and complex difficulties, disasters, and challenges that the business environment decides to throw at it while maintaining “business as usual.”
Recommended: Daily Fintech Series Roundup: Top Fintech News, Analytics and Insights
Business continuity is often divided into two distinct areas: planning and management. Here we focus on the management side, intending to ensure that the organization experiences the minimum possible day-to-day disruption.
Europe has widely accepted the FSA’s (Financial Supervisory Authority) regulations, meaning data must be stored inside the EU. The US has similar relative policies, as do many Middle Eastern countries and Singapore, to name a few. This presents a myriad of operational conflicts and the necessity for pragmatic compromises to maintain fluid and frictionless operations for many firms. There has also previously been a dialogue about whether each country will force the banking sector to store data only inside the organization’s operational country.
One of the logical key questions this leads firms to ask is, “how efficiently and effectively can recovery be done to a new, safer location with minimum disruption for our business?”
Read Fintech News: TRM Labs Acquires UK Crypto Investigations Training Company CSITech
With this in mind, what do we recommend to check today when choosing software for your business?
Precise Data Location & Underlying Infrastructure
What is the true operational footprint of the IT provider you are looking at? While the immediate discussions may be held in country A, often, data centers are located in country B (or even C, D and/or E!). Understanding the data flow in your organization is essential for managing the supply chain risk, as well as complying with ever-increasing regulatory demands. Understand relationships between any sub-processors and their vendors. A good provider of Investment Systems will be able to provide a transparent overview of your data footprint.
Geo-replication & [v2] Data Transfer
It is a good idea to understand the resilience of your suppliers’ recovery procedures to not only ensure the protection but also the timeliness of the replication of your contingency source to a safe alternative location.
When considering an Investment platform, the plan for maintaining and managing the platform has to be taken into consideration. Having your system fully patched and adequately maintained are success criteria for safe operation. However, software-as-a-service («SaaS») solutions are more resilient than traditional on-premises systems, as it also includes managed updates and maintenance.
Read More: Forming Strategic Partnerships with FinTech Providers that Offer Options
Business Continuity Planning Reactive to External Environment
A Business Continuity Plan will need to be reactive to the dynamic and fast arising challenges we experience in the business environment today. When evaluating investment systems, considering the agility of your vendors to react quickly in the best interests of your data is important to investigate. Cyber attacks are making headlines globally with devastating consequences; ensuring vendors are up to date with the latest Penetration tests is one thing; ensuring they are practically set up to react fast is another.
Recognizable Certification
Evaluation of any new systems will, of course, involve the checking of globally accepted accreditation (ISAE, ISO etc), whilst this can be a good box-ticking exercise and sometimes used as an ability to jump to the next stage of the evaluation process, it is always worth understanding the latest audits the vendor ran and any recommendations that were suggested.
Remember the human element
Companies need to be prepared to be asked also how quickly they can move their personnel into another location. Remote working has created new challenges for the security of connections, data transfers, downloads, and printouts, to name a few.