Jim Fries, co-founder of CRINdata, sits down with John Maher to talk about why banks need a risk management solution.
Transcript
John Maher: Hi, I’m John Maher, and I’m here today with Jim Freis, co-founder of CRINdata, a fintech startup supporting financial institutions and their service providers. Welcome, Jim.
Jim Freis: Thanks, John. Great to be here today and tell you a little bit about what we’re doing at CRINdata.
What Areas of Risk Management Does CRINdata Address?
John: Absolutely. So today our topic is why banks need a risk management solution. So what areas of risk management does data solution address?
Jim: CRINdata is trying to help banks focus on something that’s actually core to their safety and soundness requirements and that is making sure that banks are aware and acting appropriately with their critical dependencies on external service providers that increasingly are helping banks in their core business functions, delivery of products and services to their customers as well as some of their internal risk compliance, accounting, and basic management functions.
Why Should Banks Focus on Risk Management?
John: And why is it that banks should really be focused on this now? What’s going on today that makes it so that banks really should be focused on this?
Jim: There’s a couple of drivers in this regard. One is that, compared to the past, banks have always been driven by technology and telecommunications developments. But more and more, the IT universe is evolving so quickly banks are increasingly using external software providers, software as a service, cloud solutions, external data management, so the IT dependency is evolving more and more to relying on external service providers for critical functions.
But in addition to that, and it’s important to emphasize that the banks are also increasingly relying on external relationships, external partners to help them in offering products and services, that can be white labeling in the classic sense where the bank’s name goes out on a service that is delivered directly to a customer or a consumer by an external party, or it could be a way of the bank leveraging its outreach to other parties to finding customers through intermediaries.
So both from a business side as well as an IT side, although the concept is not new of relying on external service providers, as a factual matter, banks are more and dependent on external service providers, including, again, for aspects that are critical to their very business operations.
The Regulatory Environment for Risk Management
John: I understand that you’re a former regulator. How do you see this from a regulatory perspective? And what’s going on today in terms of regulations that might make banks realize that this is something that they need either now or in the short term?
Jim: Regulators are focused on risks, and if you have a risk-based approach, and as I’ve just explained, banks have increasing dependencies on external service providers, that means that the risk profile of the dependency has gone up. That means the regulators will expect the banks to have taken this into account in their risk mitigation measures. And it cannot be emphasized enough in this regard that, although the service might be provided by an external party, the responsibility for risk awareness, risk management, and risk mitigation remains with banks.
And this is something that the regulators are driving home. They are both reacting to the changing reality of increasing focus on the external service providers and they’re also increasing their regulatory expectations. So that’s something that has not been necessarily at the forefront of bank management focus, is getting appropriate attention at the executive level and including at the Board of Directors level.
2021 Changes to Bank Regulations
John: And is there anything going on now in terms of regulations with the government or something like that that’s bringing this all to the forefront right at the moment?
Jim: Currently, in the course of 2021, the U.S. banking regulators have done two things. One, put out revisions to their guidance on outsourcing and third-party risk management that consolidates across the regulators. That’s an important thing. They’re saying that this issue should not be interpreted differently because of charter type, but rather that this is something that universally needs attention across the financial industry.
And second, the regulators have proposed more streamlined notification requirements that get to the notion of incidents will happen and there will be issues that arise with your service providers, so it’s a good thing to be prepared. But part of preparation is that you can react when there is a disruption in your services. And this is an area where the regulators have put out a call for proposed comments and essentially notices to the industry that they expect more to be done in a structured fashion. And in both areas, CRINdata is anticipating those needs and trying to help financial institutions meet those regulatory goals.
What Type of Critical Incidents Does CRINdata Focus on?
John: And the C-R-I-N in CRINdata stands for critical incidents. What aspects of CRINdata’s focus really set you apart from just general risk management efforts?
Jim: What CRINdata is looking to do, and the very notion of critical incidents is focusing on those third-party service provider relationships that are deemed critical, which is a regulatory recognized term meaning that it could cause financial losses or a significant disruption to the financial institution’s operations that have an impact or potential for significant impact on their customer or consumers.
So we’re not necessarily looking at the universe of every contractual counterpart of the financial institution, but rather those that should be at the top of the radar screen of the executive management and the Boards of Directors. Put it another way, we’re helping financial institutions to prioritize where it can have an impact on their bottom line.
And one aspect that we see in this regard is that it’s a lot of work bilaterally for individual banks to keep on top of these multitude of relationships that they have. But when this incident occurs, this critical incident, meaning a disruption to something that really gets to the core of the banking services, then it’s too late to stop and think, “Oh, who do we call? What is our backup plan?” You need to have those in place. You need to maintain those in real time. And what CRINdata is looking to do is help banks get ready for that eventuality, and when that case occurs to help the banks focus on resuming their operations not on the administrative aspects, but they’re ready to react in the best interests of their institution and their customers.
Why Is Now the Right Time for Risk Management?
John: All right, any final thoughts on banks and risk management solutions and, again, why they need them and why now is the right time?
Jim: One of the aspects that CRINdata is offering to the banks is the ability to leverage the commonalities across the industry in terms of the concentration of dependencies that they have by providing a cloud solution and a platform with software as a service. We can help banks become aware of these risks that still leave them to make the decisions as their own risk tolerance, but also share some of the effort to be prepared and to gather information and to have business continuity systems ready when needed when that critical incident occurs.
So in that sense, by relying on this external service provider, CRINdata, you can have more comfort in your ability to react to potential disruptions to the broad universe of service providers that support your business.
Contact CRINdata to Minimize Your Risks
John: All right. Well, that’s really great information, Jim. Thanks again for speaking with me today.
Jim: My pleasure, John.
John: And for more information, you can visit the website at crindata.com. That’s C-R-I-Ndata.com.
