There are perhaps more different types of risk threatening businesses in 2017 than ever before. Everything from cyber-attack to currency volatility, and political uncertainty to data breaches can keep risk managers awake at night, and due to the confidential nature of banking and Financial Services (FS), those risks are heightened for organisations that operate in that sector.
In particular, it feels like cyber attacks especially have grown in volume, profile and severity over the past two years. Due to the nature of the data and information they hold, FS firms are amongst the most regularly targeted businesses by cyber criminals. The last few years have seen a number of high profile cyberattacks, where the ability, professionalism and organisation of hackers has far outweighed a company’s ability to defend itself.
Security firm ThreatMetrix released data that showed cyber attacks against online lending companies and alternative payment systems increased 122% in 2016, with the fraud estimated to have cost consumers around £8bn. As well as being unable to defend against such attacks, many organisations also struggle to quantify the impact of such risks, leaving them more vulnerable than ever before.
But perhaps the greatest threat to FS organisations currently is a little closer to home – employees and the human risk they pose. It is generally easier to target a firm from within, and disgruntled employees are stealing data, abusing customer records and much more besides. What is behind this rise in human risk and how can technology be deployed to mitigate effectively against such a threat?
2008 – the global financial crash
In every service industry, there is always the possibility of human error. In FS, frontline bank employees and call-centre staff service in particular are vulnerable to this, possibly dealing with a difficult customer at the end of the day, or perhaps having a small but significant gap in their knowledge that causes poor service of some sort. Mistakes happen, and while they can be minimised, they will always occur on occasion, even when employees are using the latest and smartest technologies to support their role.
Human risk is different however, and is based on actions that employees choose to take. This could be anything from feeling demotivated, just not in the right mood that day and therefore not working or concentrating as hard, or something more impactful, such as someone going out of their way to steal some company or customer data. There has been a significant increase in such behaviour since the global financial crisis of 2008, according to a study by The University of Applied Sciences Western Switzerland (Hes-so).
The study involved the research team interviewing executives from European private banks, and found evidence of a rampant neglect and of a lack of leadership, which had led to a toxic corporate culture. Many employees felt dissatisfied and hungry for revenge against those they perceived to be responsible.
The five most common acts of revenge were:
- Stolen data
- Abuse of internal or customer accounts
- Manipulation of wage components
- Unjustified charges applied to customers
- Abuse of money-bearing advantages and repayments from customer transactions are abused
This rise in human risk can be attributed at least in part to the many restructures in banking since the global financial crisis of 2008. The changes that banks in countries all over the world felt forced to make - merging, outsourcing or suppression of activities, recruitment freezes and downsizing - led to declining margins and higher regulatory costs and to address this, banks pushed their staff harder and harder, bringing occupational stress and career disenchantment.
This manifested itself in behaviours such as lower service quality, the loss of decades worth of experience with the departure of employees seeking different career challenges and a significant increase in absenteeism. This in turn increased the likelihood of stolen data and fraud, endangering both a FS firm’s reputation and bottom line.
Weak signal amplification
Most FS firms will suffer from human risk, but generally speaking, it is far harder to mitigate against than other firms of risk. This means that banks and other FS organisations need to adopt a more pro-active approach to mitigating human risk, and identify issues before they arise.
But in a large, multinational FS firm, with tens of thousands of employees spread over many locations in many countries, that is a major undertaking. That’s where technology can play a pivotal role, helping to identify and amplify the weak signals in such an organisation. Because of the sheer volume of information in modern FS, it can be extremely difficult to notice patterns or trends. They might come from some seemingly throwaway comments by an employee on social media, or perhaps a small comment in a customer service interaction.
These weak signals are incredibly difficult to spot and even harder to take insight from, because they are often isolated snippets of information, and furthermore can be ambiguous, not fully developed or lacking meaning without being able to see the wider context. That’s why the team at Hes-so is teaming up with OXIAL to work with leading financial organisations on a project that will amplify those weak signals, and allow a business to spot trends in employee behaviour, and prevent human risk from causing too much damage.
Both organisations feel that human risk is a highly significant factor in whether or not a bank achieves its business objectives, and also recognize how hard human risk is to discover and that it is even harder to mitigate against.
The Hes-so and OXIAL are seeking forward-thinking banks to become part of the upcoming project, benchmarking real-life situations with the partner. While traditional Enterprise Risk Management (ERM) is formal and based around engineering principles, the university research team at Hes-so will use an anthropological approach, based on amplifying weak signals to identify ill feeling and employee disenchantment that could lead to a threat.
Such a partnership that amplifies the weak signals within a bank that could signify the threat of human risk, adding quantitative and qualitative measures to the established framework from Hes-so’s previous studies. Human risk is a significant and growing problem for many banks around the world, and technology will be a key tool in addressing that – this is why it is time to get serious about finding weak signals and amplifying them to spot trends and patterns in behaviour.
Eric Berdeaux is CEO of OXIAL
Image Credit: Number1411 / Shutterstock