With global clients upon whom the world’s economic wellbeing depends, Finastra recognizes the importance of always maintaining a state-of-the-art operational risk and resilience program. In 2020, Fusion Risk Management began working with Finastra to extend this program.
The challenge the company was faced with was streamlining reporting and sharing information across various risk disciplines. After thorough research, Fusion was chosen due to its versatility around different risk disciplines. Implementing the Fusion Framework® System™ was the next step in the evolution of Finastra’s in-house risk program so that they could share information across all of the different components of the program. Finastra’s risk team now leverages Fusion for enterprise risk management (ERM), third-party risk management (TPRM), and business resilience.
The Mission: “Balanced and Accountable Risk Taking”
Finastra’s Risk Leadership Team is committed to promoting a proactive risk culture that is guided by balanced and accountable risk taking. The company’s ultimate vision is to be an agile and trusted business partner, embedded in Finastra’s strategic value creation.
The Risk Leadership Team had specific strategic priorities for its operational risk and resilience program:
- Enhance resiliency by increasing Finastra’s capability to properly identify, mitigate, and respond to business interruptions
- Drive continuous improvement by digging beneath the surface to understand operational outcomes and foster a learning culture
- Use data-driven insights to curate a learning culture and leverage risk data to drive program objectives and a strategic outlook
- Employ a customer-centric outlook to conduct risk governance activities through the lens of Finastra’s customers and partners
To meet these priorities, Finastra approached its program from both operational risk and resilience perspectives. The operational risk portion of Finastra’s program is built on components, including threat analysis, risks and controls, vendor service compliance, vendor onboarding, issue management, ongoing monitoring, operational learning, and stakeholder management. Components in the resilience portion of the program include threat intelligence, process and impact assessment, continuity planning, crisis management, testing and simulations, and event response.
Empowering Data-Driven Decisions with Fusion
The Finastra team worked closely with Fusion’s skilled professionals to deploy the Fusion Framework System platform, ensuring the values of its mission and vision are carried through every part of the Finastra resiliency program.
Finastra’s Risk Leadership Team understood that it needed real-time data to inform its operational resilience journey, just as Finastra’s financial services clients rely on vast quantities of real-time data every day. The company’s central role in the financial services industry requires it to anticipate risks (such as market disruptions or geopolitical events) and respond to any incident or disruption within minutes – not days. Thus, it needs robust impact analysis for any given risk that can be addressed in the business continuity plans of every unit within the organization – all while providing visibility to other units and across the entire company.
After a competitive evaluation, Finastra selected Fusion based on its proven ability to help companies make data-driven decisions with a holistic, agile approach to resilience that allows any business to continuously deliver through disruption. Fusion has been helping companies for over 15 years foster a universal view of risk and resilience as well as break down silos in which business units often operate so that each unit has holistic visibility into the risk program.
At each stage of Finastra’s resilience-building program, the Risk Leadership Team engages personally with the heads of the business units involved. The team stresses that ‘change management’ is critical to the program’s success. Finastra’s Risk Leader said, “We didn’t buy into Fusion because it was a cool new product that only a few of us would use. We needed the buy-in of our business continuity champions, our vendors, and our third-party risk owners.”
By working with Fusion, the Risk Leadership Team evaluates the impact of proposed changes on each business unit, then designs a resilience program that demonstrates the ‘future state’ of the unit that will be implemented only when there is full agreement from all partners. Once implemented, the Risk Leadership Team regroups with the business unit to assess what is going well and what needs improvement, carry forward lessons learned, and aggregate data derived from each business unit’s implementation to help inform the process for the next unit’s implementation.
Reporting and Monitoring Risk 24/7
Finastra utilizes a ‘Lines of Defense’ model for its risk management program. The First Line of Defense (at the business unit level) leverages Fusion’s rich platform and highly organized components to ensure risk ownership, including identifying and assessing risks, continuous monitoring, and maintaining internal controls. The Second Line of Defense is embedded in the risk oversight units of the organization, including enterprise risk management, operational risk management, resilience, and others. Their roles include defining risk appetite and tolerance, setting guardrails, advising business units, and reporting to executive management and the board. The Fusion Framework System’s automated and prioritized risk assessments help the Second Line to differentiate critically important issues from the less trivial ones. The Third Line of Defense, performed through internal audits, provides independent and objective assurance to the board and senior management on the organization’s overall risk and resilience program.
Of course, the best-designed and implemented resiliency programs need the buy-in of executive leadership to become effective organization-wide. Embedded within the Fusion Framework platform is data from a plethora of programs, including business continuity, crisis management, enterprise risk, operational risk, third-party risk, and Internet connectors. Using this data in concert with the Fusion Framework platform, the Risk Leadership Team designed a series of dashboards for the C-suite that display risks, vulnerabilities, and solutions – using the data-driven approach so valued by the organization. The dashboards rate regional and country risks, threat intelligence, live threat monitoring, COVID-19 issues, and many more, giving the C-suite complete visibility into the status of any risk or threat issue 24/7.
Creating a Culture of Resilience
By working with Fusion, Finastra’s Risk Leadership Team was able to achieve its strategic priorities, create a culture of resilience across the firm, and leverage one cost-effective and efficient platform to support all lines of defense. Fusion enables a consolidated viewpoint of risks across the organization by breaking down historical silos and streamlining processes. With the visibility to make data-driven decisions as well as take advantage of continuous reporting and monitoring, Finastra now has the agility and flexibility to deliver on their brand promise through any business disruption.