Usually, banks have robust risk management and business continuity framework to deal with eventualities courtesy stringent guidelines from regulators ( Note: one can’t have any kind of plan for malpractices)
But having experienced that majority of Fintechs and startups have very poor risk management and BCP… rightly so because their focus primarily remain to get business going and scale, and at times on their survival; and then strong risk management costs you too
It is not that the bank gets into trouble every day, but disaster can have different forms and can come from any corners…We have seen various incidents taking place against which one may not have controls, but to watch and react. Events could be
- Government changing regulations or introducing new policies detrimental to one’s business
- Any kind of pandemic which may restrict human movement
- Service disruption at cloud service providers
- Major technology failure at Partner’s end
- Data theft incident or significant cybersecurity attack on operations
- Many more
Now, it could be time to put some focus and money on this side of the business too. An integrated security and continuity assurance program should be put in place. This unified framework needs to be built on the model of continuous improvement.
The model should take into factors of all startup level security and continuity requirements, and a four staged model can be adapted as mentioned below:
Fintechs & Startups need to put the framework to
- Initiate & Transition: look into continuity and security risks which could derail their business
- Implement: Put mitigation plan for each which could mean placing technology, operational controls in place
- Operate: Do regular stress tests on their operations through drills and check
- Evolve: Continue to review your business processes and improve upon
Shashank Shekhar
Head of Consulting, The Digital Fifth