Enterprise Architecture and Risk Management for banks: Aligned?
At the cusp of the New Year, Bank Negara Malaysia (BNM) released the licensing framework policy document for digital banks. Digital bank applicants are to submit their application to start a digital bank business, no later than 30 June, 2021.
This reminds industry observers and players of another policy document released by BNM at around the same time last year, the Risk Management in IT or RMiT. The reason the RMiT is notable and significant, is due to it being foundational to everything else that Bank Negara wants to, and may want to do moving forward.
The current scenario
The high rate of technology adoption in the banking industry is necessary for financial institutions to keep up with increasingly fickle customers, as well as stave off competition from leaner and more agile players from outside the financial sector.
Case in point, is Grab which has become an aggregator of services. Their payment services offering was simply a natural evolution for them.
But how do financial institutions balance the blinding rate of technology innovation and adoption whilst also maintaining the trust that consumers have placed in them? They cannot afford to fail or unwittingly create unpleasant customer experiences.
With this question in mind, the industry turns towards the industry regulator, Bank Negara Malaysia (BNM), to provide frameworks and guidance.
As the industry regulator, BNM has stringent and exacting standards for the industry to comply and adhere to.
As the industry’s regulator also, BNM is tasked with; among other things; promoting the effective use of technology, to overall enhance productivity, efficiency, quality, and competitiveness in the global arena.
The RMiT policy document is one such guidance meant to allow businesses to move forward without worry because risk factors would have been weighed and guidance on how to manage risks, are outlined.
The banking industry looks towards the central bank to trailblaze a way forward for technology to take its place
Within BNM, enterprise architecture (EA) has been identified as the method to deploy technology while ensuring that business and IT objectives are aligned.
Sources close to the matter also shared about the regulator actually embarking upon an EA project to establish a digital foundation within the organisation.
After a readiness assessment, the Digital and Technology department within BNM wanted to leverage EA to address operational issues and gaps. Based upon categorisation of Critical Business Functions (CBF), seven areas were identified to be the initial scope of work for the next phase of the EA project. These would only encompass the business and data architecture pillars.
With further input from business departments, there is very real opportunity to streamline the reporting platform for financial institutions (FIs). For example, five-member teams are required to submit reports about credit to BNM. Data submission is in silos because of the multiple apps that FIs use.
The EA project can potentially improve this process in terms of efficiency and resource optimisation.
EA and RMiT
What does enterprise architecture mean for RMiT?
Chief Architect of of ATD Solution, Aaron Tan Dani, opined that enterprise architecture is important to respond fast and to understand the impact of any action taken.
One of the outcomes of enterprise architecture is a digital enterprise map, a visual of all the applications in the organisation’s IT environment and how they map back to hardware, network, data, and ultimately to the objectives of the business.
There is proper and thorough traceability between each architecture domains (Business, Data, Application and Technology), and troubleshooting of the entire enterprise can be made, allowing strategic business decisions to be made in an agile way.
This Digital Enterprise Map is constructed collaboratively with effort from every department and business unit across the enterprise, enabling a single view of the connected organisation.
In a way, this map can also help organisations to address these questions: Are you able to define your technology initiatives from a business perspective? Are you able to model the strategy and provide the traceability on its execution? Are you able to map the business strategies, objectives and goals to the different capabilities/elements in the enterprise?
If need be, could you tell which capabilities or process is causing the success or failure of a business objective, and how will you be able to make adjustments to correct your course?
Considering the end-to-end visibility that a digital map can enable for an organisation as well as the similar outcomes both initiatives want to achieve, should RMiT efforts be separate from EA efforts? Can they not go hand in hand?