Insights on modern technology risk management, technology resiliency, and operational resiliency
As the adoption of cloud, e-communication technologies and platforms, and digital tools grows along with the numbers of related service providers, regulators warn of potential risks, including information security incidents, cyberattacks such as ransomware or malware, and service outages.
The robustness of a company’s modern technology risk management program will be of continuing focus for the regulators; heightened attention will be directed to significant operating changes using new technology innovations (e.g., cloud, AI, digitalization of risk management processes). Key areas will include:
Financial companies will be challenged to demonstrate:
Regulators will look to technology resiliency and continuity plans within both legacy and newer-adopted technology and cloud systems. Regulators’ focus will include:
Companies should consider application of these elements throughout the technology development lifecycle, including:
In addition to technology risk management and resiliency, regulators will look to the comprehensiveness of resilience practices and standards to include governance, operational risk management (including cyber risk), third-party risk management, scenario analysis, surveillance and reporting, and the connection with business continuity and disaster recovery planning. IT asset management continues to be a dominant theme with regard to an inventory of assets mapped to critical services.
Companies must ensure robust operational resiliency risk programs, including:
Our governance and risk management around key areas, such as our public communications, our customers’ data and our company’s technology and infrastructure is one of our highest priorities and of great strategic importance. Even as existing and emerging risks increase, we look to continuously improve our control environment while demonstrating our ability to address critical challenges—it is a commitment we prioritize and focus on with diligence every day.
Senior Vice President and Global Chief Compliance Officer, AIG
☑ Set criticality standards and methodology
☑ Measure asset risk exposure
☑ Provide transparency to board/management
☑ Automate security incident escalation and response; build feedback loops
☑ Clearly delineate responsibilities
Ten Key Regulatory Challenges of 2023
Read our report for client perspectives, regulatory recaps, and actionable steps to help mitigate risk.Download PDF