"The intermediaries’ market is a crowded space and one of the hardest challenges for companies is standing out from their competitors."
FR: When did you take up your position as CEO of ITRS Group? Tell us a little bit about your background and how you came to join the technology industry.
I joined ITRS in 2014, bringing with me more than 25 years’ experience in the financial services and technology sectors. Prior to joining the ITRS team, I was actually a customer of ITRS myself, which is how I came to know the company. In my role as COO of the FTSE Group, I used Geneos to improve the availability of real-time systems and thought it was an absolutely amazing piece of technology.
I started writing software at school and have been interested in the intersection between technology and finance since I started working as a developer. And my background definitely illustrates that interest, working across a checkerboard of firms operating across both industries over the last 25 years.
FR: What are the primary challenges and opportunities facing the intermediaries’ market at the moment?
The intermediaries’ market is a crowded space and one of the hardest challenges for companies is standing out from their competitors. Amongst all the noise, there’s a tendency for firms to spend vast amounts of money to promote themselves, primarily with the aim of appealing to buyers, as opposed to growing their business and services. So, the biggest challenge in many ways is prompting a change in mindset and approach – encouraging firms to prioritise budgeting for strengthening and safeguarding the foundations of the business over marketing.
And in terms of opportunities, the pace with which firms have digitally transformed over the past two years has triggered a wave of new and exciting innovations that are set to continue disrupting the status quo for many years to come.
FR: How do you think the FCA’s new operational resilience guidelines will impact the sector?
Now more than ever, the financial services sector is under extreme pressure to improve margins, which have taken a significant hit over the last few years. As such, any regulations that compel firms to spend more on strengthening their operational resilience will most likely be complied with at minimum cost. In fact, the fact so many firms have failed to use the last year to sufficiently prepare for these changing guidelines makes me think we’re unlikely to see a significant step change in performance in the short term and the FCA will have to fine those firms that fail to meet the expected standards.
The financial services industry continues to act as if technical issues are inevitable, but the hard truth is that they are avoidable, and firms must realise that investing in operational resilience is key, not only to their regulatory compliance, but to their very survival. The reputational damage and customer losses following repeated unplanned failures cannot and should not be underestimated. So, with a longer-term view, I’m hopeful that the FCA’s necessary changes will bring about a sharp reduction in the amount of avoidable downtime we see in the UK market, which by today’s standards are simply unacceptable.
FR: What can banks and financial institutions do to protect their systems against external threats?
To begin with, it’s a common misconception that external threats pose the greatest risk to firms’ operational resilience, often resulting in internal causes of downtime being overlooked. In fact, the most common cause of these kinds of failures come from firms making changes to their IT systems but strengthening internal processes will significantly diminish the chances of this.
In terms of defending against external threats, it is significantly harder to ensure that all means of external access are not vulnerable – particularly as banks’ infrastructures are now more complex than ever, and for many traditional players, suffer from significant siloes.
Preparation and understanding the different types of threat is crucial. Fortunately though, there are a range of tools that can help prevent or identify attacks immediately – ranging from software that can identify more basic cyber-attacks, such as phishing scams, to estate monitoring tools and vulnerability management systems that offer continuous monitoring of systems to alert companies in almost real-time if irregularities are identified.
It is also imperative that staff are educated to ensure they have a sufficient level of knowledge and understanding to detect false emails. Most cyberattacks come through emails – and can be quite convincing, often leveraging information from sources of public information such as LinkedIn. This provides an additional layer of security for companies and empowers them to take responsibility for the safety of their own hardware and software.
FR: What is the most valuable piece of career advice you’ve ever been given?
Make decisions based on strong convictions. Businesses are made by the people who work for them and ultimately, this undeniable fact should form the basis of all your decisions as a leader. If you are willing to stand by your decision, no matter what the consequences may be, you can hold your head high as a leader.
