Skip to content
Thomson Reuters
Fintech

Technology: the good, the bad and the 3 lines of defense

Ellen Davis

11 Nov 2016

A technician is silhouetted as he works on power lines supplying electricity in Karachi July 30, 2011. REUTERS/Athar Hussain (PAKISTAN - Tags: SOCIETY EMPLOYMENT BUSINESS ENERGY IMAGES OF THE DAY) - RTR2PGSP
REUTERS/Athar Hussain

Nothing polarizes opinion in organizations quite like technology. You may view technology as a risk or an opportunity, but should it depend on which line of defense you sit in?

A new survey from Thomson Reuters on FinTech and RegTech for financial services organizations highlights something already suspected — that technology has a way of bringing out dualistic thinking.

The problem of technology being perceived either as “good” or “bad” is not limited to any one type of organization.

All industries today are caught between the promise of technological advance and the sheer terror that these evolutionary steps can evoke.

Download white paper — FinTech, RegTech, and the Role of Compliance

Lines of defense

As a case study, the financial services industry is particularly interesting.

The survey shows globally that these organizations are beginning to fall into two camps — those who are embracing FinTech, and those who are ignoring it.

At one end of the spectrum are the 21% of organizations whose risk and compliance functions have fully engaged with FinTech.

At the other end are the 16% of compliance and risk practitioners who reported that they did not need to be involved with assessing the implications of FinTech to their business.

It’s common for things like FinTech — and the equivalent in other industries — to be the provenance of the first line of defense alone.

understanding-the-three-lines-of-defense-understanding-the-three-lines-of-defense-infographic2
After all, it’s the business that is at the coal face every day that can “justify” technology spend to drive profits — on “good” technology.

Data breaches

It’s easy for the second line of defense — risk and compliance executives — to bury their collective heads in the sand when technology can seem so very “bad”.

Many of the negative headlines that we read about focus on how technology has damaged an organization, its customers, employees, and shareholders.

And it is often risk and compliance people who have to sweep up the mess afterwards.

Data breaches are a case in point.

technology-good-bad-3-defense-infographic-small

Download the full Data Breaches infographic

Our infographic shows that while 42% of data breaches are due to a malicious or criminal attack, an additional 30% are the result of human error.

Often this human error is entirely preventable with the right education and training in place. Suddenly ignoring technology seems like a less viable strategy for the second line of defense.

IT understanding

If ignoring technology is not a good idea for compliance and risk executives, it’s even less of a good idea for the third line of defense — internal auditors.

Another survey by Thomson Reuters shows that 39% of internal auditors — across industries and around the globe — feel that their departments only have a basic understanding of their organization’s IT environment.

A further 15% reported insufficient or limited knowledge of that environment.

The second and third line of defenses are just as bad at considering technology that could help them do their jobs better.

Some 62% of internal auditors considered their own use of technology to be basic, limited, or insufficient. Nearly one-quarter of compliance executives said their firms lacked the budget for RegTech solutions.

Download white paper – How mature is internal audit? A real-world analysis

Technology solutions

Applying a governance framework to technology — the Future Challenges for Compliance report on RegTech offers one best practice example — is one step the lines of defense can take to improve their approach to technology.

Such a framework, with its multiple perspectives and touch points for evaluation, moves technology away from being either “good” or “bad”.

Instead, it helps organizations explore how FinTech and RegTech, and other technology solutions, can be a part of their own, ongoing evolutionary story.

Learn more about how Thomson Reuters can help improve your organization’s approach to technology through better regulatory change management, compliance training, and internal audit.

compliance-learning-discover-more-cta-banner

The digital future of wealth management Meet Canada’s top 40 social influencers in finance, innovation and risk Artificial Intelligence: Is it actually intelligent? Moving into the cloud to reduce your data TCO Regulatory reform is no barrier for Asia firms Eikon App Studio: How we built our B2B app platform MiFID II countdown: Will markets be ready? Collaboration and the power of an open platform How can RegTech ease the risk management burden? The buy-side answer to shrinking balance sheets