Financial Services Compliance Blog - Thistle Initiatives

What are the regulatory risks for firms in implementing technology? - Thistle Initiatives

Written by Thistle Initiatives - Compliance consultancy | Feb 19, 2021 12:00:00 AM

A new FCA multi-firm review, published in February 2021, looks at how firms implement technology change, the challenges caused when those changes fail, and steps firms can take to protect consumers from harm and disruption in the market.

The review, which is available here, analysed over one million production changes implemented in 2019 by a sample of firms using different business models at varying scale. Each firm had deployed 35,000 production changes on average. This represents significant activity and highlights the complexity of translating business or regulatory initiatives into technology change.

What is happening?

This review reveals that failed technology changes are one of the main causes of operational disruption within firms, accounting for a quarter of all high severity incidents that cause harm to consumers and the market.

Based on the data analysed in this review, it was found that firms that had higher change success rates had these common characteristics, summarised in the graphic below, and specifically that;

    • Firms with well-established governance arrangements have a higher change success rate,
    • Relying on high levels of legacy technology is linked to more failed and emergency changes,
    • Firms that allocated a higher proportion of their technology budget to change experienced fewer change-related incidents,
    • Frequent releases and agile delivery can help firms to reduce the likelihood and impact of change related incidents, and
    • Effective risk management is an important component of effective change management capabilities.

Based on the data analysed in this review, some areas were identified which could lead to increased operational disruption when carrying out change activity:

    • Most firms do not have complete visibility of third-party changes,
    • Firms’ change management processes are heavily reliant on manual review and actions,
    • Legacy technology impacts firms’ ability to implement new technologies and innovative approaches, and
    • Major changes are twice as likely to result in an incident than standard changes.

Overall, the FCA found that changes made by firms with strong governance and risk management strategies are more successful, that robust testing is an important part of the change process, and that while testing automation has benefits, it also presents challenges. It was also identified that pairing subject matter expertise with a clear understanding of a firm’s strategy is vital.  Firms that had governance arrangements in place for more than a year experienced a lower proportion of incidents resulting from change when compared to peers with newer arrangements.

The report is intended to support discussions on how to reduce the frequency and severity of disruption due to technology change activity. Firms are asked by the FCA to consider the findings when assessing their future technology changes.

How can we help you?

If you’d like to know more about how we can help you with your technology governance and risk management approach, or any other aspect of FCA compliance, our expert team is here to help. Contact us today on 0207 436 0630 – or email info@thistleinitiatives.co.uk.