NOVEMBER 20248MY OPINIONINOPERATIONAL RISK AND DIGITAL INNOVATION: TWO SIDES OF THE SAME COIN? Digitalisation is present in many facets of our daily activities, what was not thinkable decades ago has become a basic need today - living without is unthinkable. On the supply side, technology-enabled innovation has led existing market actors to digitalise their services and products. Moreover, new firms have entered the market aiming to offer new services to disrupt former set-ups, while a third category of firms is moving into new segments of the value chain possibly using their network effects. In addition, third-party service providers are increasingly important for all the aforementioned firms by providing specialised services. This article looks at operational resilience in light of digitalisation, also by referring to tools developed for financial market infrastructures.Let me mention three examples of digital innovation in the area of payments: first, the introduction of instant payments which has allowed end-users to make payments in real-time on a 24 by 7 basis with immediate availability of the money for the beneficiary. Second, the international agenda of enhancing cross-border payments to make them faster, less expensive, and more accessible. Third, the use of data analytics possibly empowered by machine learning solutions (AI) for monitoring payments and identifying anomalous transactions (e.g., fraudulent payments). To provide these services and more general payment services, outsourcing to a third-party provider can be very useful. They can for instance allow the outsource to offer an (innovative) service that it may not have been able to develop itself in time or at all, because it may miss the expertise, skills and/or resources. Using a third-party provider can also help to build up and increase operational resilience in the digital environment, for instance, a third-party provider may be able to ensure a higher level of cyber resilience. For each organisation, it is essential that its services and products, whether provided by itself or a third party, are fully reliable and available also under adverse circumstances and scenarios. This is not new but operational risk has become even more pronounced in the digital world. Why? First, because digitalisation has increased interconnections and interdependencies across stakeholders and clients, by making them part of the organisation's digital universe; as a result, an operational problem can propagate even faster across the network wherever it initiates. Second, the probability of operational issues, in particular, due to the enlarged surface for cyber-attacks, has grown. Third, the velocity of propagation of a potential operational event has become higher. For instance, the impact of a digital service disruption, especially if offered around the clock, is swiftly visible, can create knock-on effects and may be swiftly transmitted via social networks. And this is why we now look at operational resilience as an extension to operational risk, being the ability to not only manage operational risks but for an organisation to continue offering their services after an operational risk materialises.By Patrick Papsdorf, Rulebook Development Manager / Senior Adviser, European Central Bank
< Page 7 | Page 9 >