This blog post will briefly explore operational, strategic, and regulatory considerations related to the use of financial technologies by financial institutions in the COVID-19 era.
We specifically view these considerations through the lens of two nearly contemporaneous events from earlier today:
- Our law firm’s publication of a Client Update, authored by Youssef Sneifer, regarding the movement of the financial services industry from digital transformation to digital optimization and acceleration, as a result of changes brought about by the COVID-19 pandemic; and
- The issuance of COVID-19 supervisory guidance from federal and state regulatory agencies to financial institution examiners regarding, in pertinent part, the manner in which the use and deployment of technology should impact a financial institution’s supervisory rating.
Two events occurred today that we believe demonstrate how important it is for all stakeholders in the financial services industry—financial institutions, regulators, fintech companies, and third-party service providers—to work together to manage operational risk in as efficient of a manner as possible, and to use financial technologies to efficiently and effectively deliver financial products and services to customers.
First, our law firm published The End of Digital Transformation in the Financial Services Industry: Moving From Transformation to Digital Optimization and Acceleration, a Client Update authored by Youssef Sneifer. This publication explained how the COVID-19 pandemic forced financial institutions to rapidly integrate financial technologies into every aspect of their operation, resulting in what Mr. Sneifer describes as the completion of a phase of “digital transformation” that began long before the start of the pandemic. On an overnight basis (almost literally), the use of technology in banking and financial services went from being an important strategic consideration, with a somewhat longer-term horizon, to being one of the most material considerations for the continued viability of many firms. The scope and scale of this re-prioritization of financial technologies will require all industry stakeholders—financial institutions, regulators, fintech companies, and third-party service providers—to work together to optimize and accelerate the use of technological applications in the delivery of financial services to customers by:
- Reimagining the new operating model for a financial institution;
- Reassessing engagement with third-party technology providers;
- Reasserting a commitment to compliance and the effective use of “RegTech”;
- Reexamining cybersecurity controls;
- Reassessing and updating business continuity and data recovery plans; and
- Practicing co-evolution, a process that emphasizes collaboration over competition.
Second, several federal and state bank regulatory agencies—the Federal Reserve Board, the FDIC, the OCC, the NCUA, and the state financial regulators—issued their Interagency Examiner Guidance for Assessing Safety and Soundness Considering the Effect of the COVID-19 Pandemic on Institutions. This guidance identifies COVID-19 related factors that should be taken into consideration by examiners when assigning a supervisory rating to a financial institution in accordance with the applicable rating system (i.e., CAMELS or ROCA ratings, or equivalent ratings for holding companies). The regulators, in pertinent part, identified the response of management to operational risk arising as a result of the pandemic, stating that:
In response to the COVID-19 pandemic, many institutions have quickly adapted certain operational processes and technology systems to ensure continued delivery of financial services and manage significant volumes of transactions due to government stimulus programs. Rapid changes in operational processes and increasing fraud and cyber threats may result in a heightened operational risk environment. Examiners will review the steps management has taken to assess and implement effective controls for new and modified operational processes. Examiners will assess actions management has taken to adapt fraud and cybersecurity controls to manage heightened risks related to the adjusted operating environment. Examiners will also review how management has assessed institutions’ third parties’ controls and service delivery performance capabilities post crisis. Additionally, examiners will consider the impacts on the control environment from instances of imprudent cost cutting, insufficient staffing, or delays in implementing needed updates in their assessment of the institution.
While the regulatory language and vocabulary in the examiner’s guidance does not use the specific words “digital optimization and acceleration,” we believe that the substance of these concepts is clearly reflected in the guidance of the bank regulators. Further, we believe that any debate about the central role of technology to the delivery of financial services is over—the financial services industry has been digitally transformed, and that will not go away even if the COVID-19 pandemic were to come to an abrupt halt. Our view is that now is the time for the industry to turn its attention to the deployment and continued integration of financial technologies in a manner that is as effective and functional as possible.