Author: Dave Foss, dfoss@profitstars.com
Ten or fifteen years ago, losing a key IT employee might have put some projects at risk, but not the entire bank. The stakes of this game are rising, however, because of increased sophistication of cyber-attacks, regulatory scrutiny around how banks are managing IT environments, and the growing number of governing entities with their fingers in the compliance pie. As an example, the governor of New York State recently directed his Department of Financial Services to conduct targeted cyber security preparedness assessments for all state-chartered banks and other banks “based” in the state. This may be the beginning of a new trend where state regulators move beyond their traditional role to become increasingly involved in banking cyber security. The more people you need to answer to, the more essential it becomes that all of your processes and procedures are sound and managed by a competent team.
For bankers today, compliance and security concerns have grown far beyond the baseline federal standards, and rightfully so. Bankers have seen firsthand the dangers of security breaches and express heightened concern about protecting their customers, members and reputations from cyber criminals. Today, a proper IT risk management infrastructure has a direct impact on the character and value of a financial institution which places an unprecedented value on key IT employees.
Many of the CEOs that I meet express a well-founded concern about their contingency plans for the turnover of their compliance, security and technology masterminds. As our economy strengthens, this concern for the future roles of CIOs, CTOs, CISOs, and Heads of Technology grows. Liberum Research reports a slight increase in executive turnover in 2014 for roles like this, seemingly correlated with the nation’s improving stability and job growth. The company goes on to state that banking is one of the top three sectors for turnover, accompanied by drugs/biotech and energy.
As a partial mitigation strategy to this “key man” risk, many financial institutions are considering outsourcing to offset the possibility of turnover. Contrary to some myths, outsourcing is not just about the core, nor about cost savings, nor only for small banks and credit unions. Moving your IT infrastructure to a private cloud may offer the opportunity to support your security, compliance and reputational concerns more effectively. Most notably, a move to a hosted environment can help you:
Outsourcing these ever-moving targets gives your IT resources the opportunity to focus on strategic growth and customer-facing initiatives. Delivering progressive solutions that impact your financial institution’s bottom line can also help to improve job satisfaction (and the longevity) of your IT heavyweights.
I would be remiss to discuss outsourcing today without mentioning vendor management. If you are considering outsourcing your IT network services, the FDIC, OCC and NCUA all emphasize the importance of due diligence in vendor selection and security initiatives. This should not cause any difficulties if you are partnered with a trusted and stable company, one that is experienced in both outsourcing and banking security. If you set expectations and communicate clearly, these regulations will continue to operate as a baseline from which your infrastructure can launch.
Regardless of your infrastructure approach, solid IT talent is one of our industry’s most valuable assets. Banks and credit unions of all sizes should have a plan, and a contingency plan, to protect their security and their brand and a seasoned team of IT experts should be a key component of that plan.
Stay up to date with the latest people-inspired innovation at Jack Henry.
.svg)
