In a video interview, Maykala Hariharan of Mercer discusses the significance for financial institutions of not addressing the various operational risks they face, and also highlights some ways to mitigate them.
Various incidents over recent years in the financial services industry have caused significant reputational damage to organisations, law suits from investors and large fines by regulators.
Yet these are all situations that could have been prevented if better controls would have been in place, says Maykala Hariharan, senior consultant at Mercer.
For example, it is still common today to find a lack of segregation of duties. She says she comes across instances where multiple departments within a firm fall under the purview of the same person – which can lead to conflicts of interest.
Further, organisations sometimes don’t conduct ongoing back-up checks. As a result, for long-standing employees, she says a firm might not know about any civil, criminal or other litigation pending against them.
The potential consequences, says Hariharan, include financial losses, reputational issues, problems with regulators, and lawsuits from investors.
Higher standards
Global best practice is to do an annual background check on employees. In Asia, however, such checks only tend to take place at the point of hiring.
Managers in the local outposts of global firms will often follow governance practices that are mandated by their headquarters, adds Hariharan. This means they are held to higher standards, in some cases, than local regulators require.
When it comes to cyber-security, meanwhile, financial institutions are quite susceptible, given the volume of data being shared across entities.
Hariharan sees employees as the first line of defence, requiring them to be well-trained in terms of how to spot cyber-security attacks, as well as in the policies in the case of something happening.
Overall, Asia is more vulnerable to cyber-security attacks, she adds, based on historical under-investment in this area. Yet this is changing in line with regulations and companies taking this more seriously.
Senior Consultant at Mercer