No one knows how long the threat of COVID-19 will last. But most agree that few things will go back to the way they were. Instead, we’ll see a new normal created under a new risk landscape, and both will continue to evolve.
This future creates the need for a COVID-19 Executive Readiness Test. Such a test can help executives risk-rate their institutions in eight specific categories to get a better handle on their gaps and confirm their strengths. Typically, C-level team members bear responsibility for adapting their institutions’ strategies and protecting their institution’s assets, brands and health.
Dozens of articles have predicted how everything in banking will go digital, eliminating the need for physical branches and potentially even leading to the end of cash. COVID-19 has been accelerating this trend. But how long will the transition take? Nobody really knows. Many people, including seniors, have moved to digital channels in this period. However, a large percentage of people using financial institutions still prefer interacting with other people. So the immediate future looks like a blend of digital channels with traditional channels, although business done in the latter may look somewhat different. Institutions must be prepared for both. This leads us to the Executive Readiness Test.
The following eight categories form a framework that executives and their teams can use to review their risk ratings, evaluate their readiness, and devise their COVID-19 plans going forward. Over time the importance of one point over another may change, as conditions evolve.
1. Reviewing and Tweaking Business Continuity Plans, Pandemic Plans & Procedures
Most business continuity plans fell short as the coronavirus situation unfolded because they had covered nearly everything except a pandemic. Sure, most institutions had a plan for dealing with a flu epidemic. But coronavirus threw everyone a curve ball because of the virulence of the disease and the extraordinary and unprecedented measures that governments worldwide took in an attempt to forestall its spread.
Many lessons can be learned from the recent past, which can help in building on this first element of future planning. In this category factors like developing the ability to expand and contract an institution’s workforce play a part, as does the need to be ready to shift to 100% work-from-home capabilities.
Readiness to implement and maintain social distancing procedures should all be readdressed and updated.
2. Accounting for Pandemic-Specific Equipment and Processes
In this category, equipment analysis and processes to be safe and operational should be reviewed and possibly implemented, not just for the short term, but as part of long-term readiness.
This includes new equipment that was previously not utilized in financial institutions’ physical space, including both branch and operations centers. Some examples of such equipment include fever detection technology, video analytics, disinfection policies, and use of ultraviolet light to sanitize branch and operations center equipment. It even includes having a supply of good old plastic sneeze guards on hand.
3. Institutions Must Adopt State-of-the-Art Remote Technologies
Much of this technology has been available, but in many cases those who had not invested could not meet public demand for such alternatives. Those who had made the investments were extremely thankful they had.
Interactive teller machines, secure video banking and lending, and even functional pneumatic tube systems allowed many banking operations to address consumer safety concerns.
- Mobile Banking: Financial Institutions Must Clean Up Their Apps
- How to Keep Seniors Coming to Digital Banking After America Reopens
4. Networking and Automation Readiness Serves Financial Institutions Well
“Network compatible” has always been a scary term, and ties into points 5 and 6, but those who were ready on this front were glad of it.
Alarm, video and access control are just a few examples to review on the list. Plus, there is a long laundry list of automated functions that do not require onsite staff.
5. Managed Services Maximize Use of Channels’ Capabilities
Using inhouse or outsourced managed services helped many prepared institutions continue to provide key services during the height of the COVID-19 period. Using these techniques, for example, often enabled ATMs to be diagnosed and fixed remotely.
Institutions without managed services often depended on vendors who could not mobilize in a timely way. Looking ahead, institutions without this advantage must re-evaluate this area and should reevaluate vendor due diligence overall.
6. Cybersecurity Risks Can’t Be Ignored
Phishing attacks immediately increased when many Americans began working at home during the outbreak. New scams developed as well.
With moves to work remotely, cybersecurity becomes even more important. Providing cybercompliant equipment and services — and working with your third-party vendors to ensure their compliance — become extremely important as unprotected endpoints can allow dangerous access into your network.
Coordination plays a major role here. Multiple layers of protection like patch management, virus and malware protection, firmware updates, and increased penetration testing need continual rethinking and review.
One of the biggest blind spots is traditional vendors (boots on the street or managed service) that do not use SOC 2 Type 2 Control Audits. (SOC stands for “system and organization controls.”) It is time to rethink and update your vendor due diligence program.
7. Equipment Maintenance and Service Can’t Slip
Much of this section of the review consists of traditional maintenance to keep essential equipment functional. ATMs, ITMs, Teller Cash Recyclers, video, security, HVAC (heating, ventilation and air conditioning) and even traditional drive-ups and locks working.
It is one thing to make sure you have these services — it is another to also perform due diligence from point 6 above. Recall that Target’s data breach of a few years ago resulted from an HVAC vendor’s laptop connecting to the company’s systems.
8. Digital Platforms Will Be the Industry’s Future Foundation
Beyond question, use of digital channels will accelerate and become a larger part of all financial institutions’ strategy. There’s the obvious advantage of being able to appeal to people’s desire to be safe via online and mobile banking services.
But there are also enormous efficiencies to be gained. This list can be extensive, but some highlights are easy account opening, appointment-setting functions used during closures that can be expanded on, high mobile app ratings, and overall platform creep reduction to tap into open APIs.
Moving Forward with Executive Readiness Testing
Out of the eight factors reviewed above, if we had to weight any part or parts, 8. Digital and 6. Cybersecurity would be the anchors. But all elements in the list rank highly.
By realistically digging into each of these eight categories and being realistic with where your rating is as an institution, you will identify your gaps, establish areas to focus on, and be able to build your plan for improvement.
That plan may take some time and resources, but to survive and evolve, it is necessary for financial institutions to be honest with themselves.
Putting your head in the sand or wishing things will go back to pre-COVID-19 conditions is not a plan. Rather, it is the road to extinction.
For many, the coronavirus pandemic was a wakeup call. Not everyone will learn from the experience. But by not waiting and taking the time to perform your executive readiness test, you can establish your strategy, build your plan, be operational and most importantly keep your employees and patrons safe.