I read with interest the most recent report from the FCA on implementing technology, which ‘talks to’ the FCA’s agenda on Operational Resilience. It seems that since Nikhil Rathi has arrived as CEO, there has definitely been an increase in activity and focus on RegTech, which as a technology provider we welcome wholeheartedly.
Interesting though, having read through the report that was published on the 5th February, that not much has been said in the financial press about it. If you missed it as a result, lets take a look at what they found and consider that in the context of the services we provide to firms.
The FCA decided to conduct this review as they noted that a number of significant IT failures in the last 10 years have led to the need to look closer at technology in the context of Financial Services. The report focuses on trying to help firms prevent, respond to, recover and learn from operational disruptions.
The research that underpins the report is impressive. The FCA analysed over 1 million production changes implemented by firms in 2019 through a sample of FS companies. In addition, there were questionnaires for the board and qualitative questionnaires and workshops for the wider business.
As I read through the report, it felt to me that some of the feedback was of such a basic level that I really questioned whether firms really didn’t know these things already. That said, if the FCA feel the need to undertake this detailed research and provide a comment paper, they must be confident that there is a need!
The FCA found 5 key areas that contributed to managing IT change successful which were:
- Well established governance arrangements mean the firm has a higher chance of success with technology change
- Relying on high levels of legacy technology is linked to more failed or emergency changes
- Firms that allocated a higher proportion of their technology budget to change experienced fewer changes related incidents
- Frequent released and agile delivery can help firms to reduce the likelihood and impact of change related incidents
- Effective risk management is an important component of effective change management capabilities.
On the reverse, the FCA found 4 key areas that contributed to change management failure were:
- Firms not having visibility of third-party provider changes
- Firms change management processes being heavily reliant on manual review and actions
- Firms having legacy technology which impacts their ability to implement new technologies and innovative approaches
- Finally, and not unsurprisingly, major changes were twice as likely to result in an incident when compared with standard technology changes
Even though I work for a tech firm, regulation is my thing. However, when I take a step back and look at these items, it doesn’t sound like rocket science to me! On reflection however, when working with lots of customers over the years, large and small, on projects of all sizes, many of these findings do ‘ring bells’.
Having said that, in a recent survey of firms about management of SM&CR, 67% of those polled said that they manage all components of their SM&CR regime via Word documents and Excel spreadsheets.
So, on the one hand, we have risks associated with implementing and making change in IT, whilst on the other we have firms living with the risk of using the most manual of methods to manage key regulatory processes.
On the balance of risk, I do wonder when some firms will “get with the programme” and see that an investment in RegTech does save time, money and reduces risk both in the short, medium and long term.
But as the survey shows, only if you choose the right supplier and adequately resource implementation and change projects so they are successful.
For more information on how Worksmart’s RegTech suite could help your form, contact our friendly and knowledgeable team on: 01908 613613 or email us on: firstname.lastname@example.org