THE audit must include high-level executives—the CEO, chief legal counsel, boards and high-ranking information-technology (IT) professionals. It is crucial to take a deep dive to discover cyber exposures. The meetings should focus on where (and how safely) the bank’s customer/client data and the business’s own financial information and other sensitive intellectual property, are stored.
Areas of considerations of risk include a solid understanding about the extent and usage of employee mobile devices that store and transport company information. Questions should be posed regarding whether the business uses cloud-storage strategies.
Greg Bell, KPMG leader for cyberservices and information protection, recently suggested that the focus of attacks in the past was on such areas as theft of credit-card numbers that were later sold. But KPMG has been tracking more cases involving destruction or modification of data as a mean to simply disrupt and harm business activity.
The fallout of that kind of activity adds pressure to make significant changes to security culture at companies, enhance training and education programs, clearly articulate response plans, increase threat-intelligence capabilities and buy-in from the board of directors. “As opposed to saying just deploy this new technology or new process, we really will have to think more broadly about whether we have the right strategy or approach,” Bell said.
Picking up the pace
The underpinning of the entire effort of picking up the pace in banking’s transformation is the ability to change behavior—getting people ready, willing and able to deliver sustainable business benefit.
In example of our work with financial institutions, we have learned that tools and processes are only things, and that the true differentiators in these programs are the people involved.
Large-scale transformation programs are inherently high-risk, and the probability of failure increases if individual and organizational resistance to change is not proactively handled. Failure to manage people well during the change programs is one of the major reasons for falling short of original goals. Examples include:
- Underestimating the intensity of effort and resources required;
- Conflicting interdependent change initiatives;
- Complacency or lack of individual or organizational motivation to change; and
- Mixed messages, lack of consistency and supported messaging of leadership.
When these programs make progress, they show evidence of strategic alignment, where organizations have a clear understanding of the business’s long-term strategy, given the current and expected market conditions. They also have undertaken the critical analysis that identifies “how” to link the programs to the strategy, and they also have thought ahead about how they would pivot to help confront the inevitable shift in market forces.
Because change of this magnitude is complex and affects the entire organization, employee involvement at all stages is critical. People perform best in an environment they have been part of designing. That buy-in can increase the possibility of sustained change, which is the primary objective of any change program.
****
This is the fourth and last part of a series of articles taken from KPMG’s 2015 publication entitled Picking up the pace: Accelerating banking transformation for growth and customer connectivity.
R.G. Manabat & Co., a Philippine partnership and a member-firm of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
For more information on KPMG in the Philippines, you may visit www.kpmg.com.ph.