As financial systems become more interconnected, industry players need to be more aware of the growing risks as they pursue opportunities in fast-changing markets.
The Depository Trust & Clearing Corporation (DTCC), a post-trade services provider, has published a new white paper highlighting recent developments that require heightened scrutiny among risk managers.
This includes the financial industry’s growing reliance on third-party vendors, particularly when it comes to fintech requirements.
According to the report, Interconnectedness Revisited, banks are increasingly relying on third-party organizations for many of their operational needs, including core bank processing, IT, accounting, human resources, and compliance, as well as to provide their customers access to products and services through third-party platforms.
Because these third-party organizations can offer quick and relatively inexpensive access to new innovations, human capital, and other competitive advantages, banking institutions are likely continue growing their relationships with such third parties.
Interconnectedness of banks with parties within and external to the financial sector is deepening as large parts of bank IT systems are now provided not only by third parties, but also by fourth parties.
This type of risk is particularly hard to manage for two reasons, DTCC says. First, the lack of contractual agreements or direct operational arrangements between a financial institution and its vendors’ subcontractors makes it hard to identify, oversee and control fourth-party providers. Second, the sheer number of fourth-party providers that a financial firm may have makes effective risk management even more difficult.
Meanwhile, the financial services sector’s reliance on an increasingly complex and interconnected IT infrastructure increases concentration risk. Concentration risk emerges when an increasing number of financial services firms rely, either directly or indirectly, on the same third-party service providers or products that have a substantial market share, the report says.
For example, concerns have been raised about the rapid adoption of cloud computing and the high degree of concentration among major cloud-service providers.
While cloud computing provides substantial advantages compared to data centres that are located on-premises, a single prolonged operational outage within a cloud provider could affect a wide array of financial firms. Without appropriate back-up and recovery plans, this might have far-reaching, if not systemic, ramifications, according to the white paper.
Also, the continued proliferation and the ever-increasing sophistication of cyber attacks require financial services firms to keep enhancing their cybersecurity initiatives.
“Cybersecurity has been a major concern for financial firms for many years and the growing role of state-sponsored cyber actors has increasingly been recognized,” the report says. “The rise in cyber-related concerns following Russia’s invasion of Ukraine illustrates how malicious cyber capabilities and geopolitical tensions – traditionally two of the top risks cited in DTCC’s Systemic Risk Barometer surveys – can come together to create a combined threat to financial firms and other organizations.”
While considerable investments in cybersecurity programmes may have protected the financial services industry from a successful large-scale attack so far, the rise of ransomware and other types of cyber attacks underscores the need for continued vigilance.
According to the report, 45% of large financial services companies have experienced a rise in cyber-attack attempts since the onset of the Covid-19 pandemic, and financial services firms are 300x as likely as other companies to be targeted by a cyber attack.
DTCC also raises concern over the growing role of cryptocurrencies in the financial ecosystem. The total cryptocurrency market capitalization surged from just US$17.7 billion at the start of 2017 to slightly over US$3 trillion in early November 2021, before falling back below the US$2 trillion mark in early 2022.
“The use of blockchain technology to record and transfer ownership of assets doesn’t create additional risk in and of itself and may provide several benefits,” the white paper says. “However, the pace at which the cryptocurrency market capitalization has grown over the last few years warrants attention, especially given that cryptocurrencies differ from traditional financial instruments in several other respects that are important from a risk management and financial stability perspective.”
It notes that almost 95% of cryptocurrencies, including bitcoin, have no intrinsic value as they are not backed by underlying assets. Also, cryptocurrencies are largely unregulated and, as such, raise concerns around investor protection, law enforcement and market integrity.
More importantly, cryptocurrencies are becoming increasingly interconnected with the more traditional financial system. Several financial institutions have started offering their customers access to crypto exchanges through their apps and are developing exchange platforms themselves.
While banks’ activities in this area have been largely focused on providing agency services (such as custody and trading platforms), some banks are planning to offer broker-dealer services and may thus become directly exposed to cryptocurrencies, the report says.
“An interconnected ecosystem is both beneficial and challenging,” says Michael Leibrock, DTCC managing director and chief systemic risk officer. “While interconnections can provide firms operational efficiencies and other benefits, it’s important to recognize that they may also pose certain risks. Given the increasing complexity of the global financial system, it is more crucial than ever that firms continue to evolve their approach to managing risk, ensuring they’re taking a holistic, comprehensive view of all the relevant factors.”