The aim of the Digital Operational Resilience Act is to establish a regulatory framework that ensures the financial sector of the European Union, along with crucial third-party providers of ICT-related services, have the necessary capacity to guard against and lessen the impact of cyber threats. But it falls short of a few practical guidelines.
Below you can find a few guidelines that provide a strategic approach to managing IT infrastructure for financial service providers:
As a financial service provider, streamline your operations by deploying code-based procedures for standard and repetitive tasks. For instance, automate reconciliation of transactions or daily NAV calculation for mutual funds. Embrace an iterative approach to process improvement; regularly review your processes for areas of optimization, perhaps by automating compliance reporting or risk management processes. Anticipate potential operational issues such as market volatility affecting investment performance or regulatory changes affecting your compliance posture. Learn from every operational incident, whether it's an IT system outage or a failed compliance audit.
Security should be a priority. Always ensure that access to your systems and data is on a need-to-know basis, for example, ensure only authorized portfolio managers can make changes to fund allocations. Maintain real-time monitoring and audit trails for actions, particularly for sensitive actions like fund transfers or changes to account details. Consider using multi-factor authentication for critical operations. Ensure that all communication and data, both in transit and at rest (like customer data in CRM or transaction data in trading systems), are encrypted. Plan for security events by conducting regular security drills and keeping your incident response plan up-to-date.
Design your systems to recover from failures automatically. This could mean using redundant systems for critical operations like trading or real-time pricing. Regularly test your disaster recovery and business continuity plans. For instance, simulate an IT system outage and test whether your backup systems take over seamlessly. Rather than one large monolithic system, consider using a set of smaller, loosely coupled systems. For example, instead of one large CRM, consider having separate systems for sales, marketing, and customer service. Manage change in your IT infrastructure through automated systems.
Adopt a consumption model for IT infrastructure, where you pay only for what you use. For instance, use cloud resources to scale up during high trading volumes and scale down during off-peak hours. Measure the efficiency of your investments by calculating the ROI on your IT systems and comparing the costs to the business value they generate. For example, calculate the cost savings from automating the client onboarding process and compare it with the cost of implementation. Make use of shared services to reduce costs, such as using a shared trading platform instead of building one in-house.
Understand the environmental impact of your IT infrastructure. Establish long-term sustainability goals and strive to reduce your energy consumption and waste. For instance, consider using cloud providers who use renewable energy. Make use of managed services to reduce the energy required for running your own data centers. Continually monitor and evaluate more energy-efficient hardware and software offerings.
Always prioritize your customers’ needs. This could mean offering an easy-to-use web portal for customers to manage their investments or providing personalized advice based on their risk profile and investment goals. Strive to make every interaction with your customers as smooth as possible. For example, consider using AI chatbots to provide instant responses to customer queries. Always collect and analyze feedback from your customers to make continual improvements to your services.
These guidelines provide a strategic approach to managing your IT infrastructure in a way that maximizes value, ensures security, improves reliability, optimizes costs, promotes sustainability, and enhances customer experience. By following these guidelines, you can create a robust, efficient, and customer-friendly IT infrastructure for your financial services.