IERP® Team No Comments

Given how extensive technology has shifted our world today, being tech-savvy is no longer reserved for the younger generation, but a crucial requirement for today’s enterprise risk managers, said Bank Negara Malaysia (BNM) assistant governor Donald Joshua Jaganathan (pic).

For technological advancements are able to not just shape the world and business environment, but also render its users or institutions vulnerable to online threats.

As such, Jaganathan said there is a greater need for savviness for two main reasons: to harness operational efficiency and to quickly identify and respond to new sources of risks arising from these advancements.

Jaganathan, who is responsible for BNM’s supervisory function, said this in his keynote address at the 4th Institute of Enterprise Risk Practitioners (IERP) Global Conference 2017 in Kuala Lumpur yesterday.

On the positive side, technology is a tool for making business decisions, as seen in the application of big data, artificial intelligence and analytics, which can assess and predict human behaviour, said Jaganathan, citing the automotive and motor insurance industries as among the applicants of such modern technology.

“In the US, General Motors has been using mileage and driving behaviours captured through in-vehicle telecommunication devices or telematics that enable the incorporation of personalised information distinct to the policyholders, who are then rewarded for maintaining good driving standards,” he said.

But investments in technology can be expensive and the returns may not be immediate. However, not innovating should be seen as a lost opportunity [for business growth] which in turn leads to risks to your business, which can be rendered obsolete, warned Jaganathan.

He also highlighted that relying on outdated technology can be detrimental to the data-heavy finance industry, in which competition and operations are affected by technological complexities.

“Business transactions in financial services are becoming more digitised and reliant on the Internet. Alongside this, the extent of technological risks and the level of sophistication of cyberattacks are rapidly expanding. [So] there is a need for risk managers to be quick in identifying and, more importantly, recognising that a company is under attack and being able to respond to these risks,” he said.

The vulnerability of major organisations, he said, was “laid bare” by the recent WannaCry ransomware attack, which affected some 300,000 computers across 150 countries, including Malaysia.

Another major cybersecurity breach took place earlier in 2014, when Yahoo! Inc saw at least 500 million user accounts hacked and their owners robbed off their personal data, Jaganathan recounted.

“In the months following the hacking, over US$5 billion was wiped out of Yahoo’s market capitalisation. This is not an isolated incident — many more companies can fall victim to cyberattacks,” he said.

“Last month, a report by cybersecurity consultancy CGI Group estimated that cyberattacks have cost shareholders losses exceeding £42 billion since 2013, mainly due to falling share prices. This does not include impact on consumer confidence, which is not easily rebuilt,” he said.

He revealed that Malaysian banks’ capabilities in managing online threats were put to the test in March this year when the central bank conducted a national cyber drill exercise. “The result of the exercise found that the millions of ringgit invested in modern security countermeasures have paid off, with our banks remaining resilient,” he said.

However, he said there is no room for complacency where cybersecurity is concerned. Hence, BNM launched the Operational Risk Integrated Online Network to enhance the standards of operational risk management within the financial sector.

This, Jaganathan said, is a surveillance system which consolidates information on operational risk incidences to strengthen BNM’s ability to perform system-wide monitoring and early detection of developing trends in cyberattacks and frauds within the sector.

BNM is aso in the midst of conducting a comprehensive review of guidelines on technological risk management, to raise the bar for technological risk management standards among financial institutions, with more emphasis on the roles of the board of directors and senior management in this particular area of management, he added.

Businesses must deal with disruptions proactively to be able to forge ahead, said IERP’s board of governors chairman Ramesh Pillai.

“If you are only embracing incremental changes and not disruptive changes, your path becomes narrower. By the time you’re at the end of the path, your customers have forsaken you,” Pillai said when presenting his opening remarks.
“For disruptive thinking, don’t start with reasonable prediction. Give yourself and your business the permission to be wrong so you can see the right governances at the end,” he added.

As originally printed in The Edge Financial Daily on May 24, 2017.