FCA/PRA regulated businesses are more than familiar with the term ‘Operational Resilience’. With growing emphasis being placed on the associated risks that come with any outsourced work (3rd parties) and processes, understandably firms are feeling the pressure to make sure their processes are watertight and meeting regulators expectations.
We automate Darlington Building Societies (DBS) customer payments and therefore play a pivotal role in their overall payment structure; not only are we classed as a 3rd party, but we are also a ‘critical partner’ to business continuity due to supporting the societies ‘Important Business Services’.
In this case study, we discuss how we have helped solve DBS’s Operational Resilience payment challenges through automation, better payment controls and improved visibility.
A Key Partner to Operational Resilience
AccessPay played a pivotal role in DBS’s Operational Resilience assessment by helping to reduce risk across their payment infrastructure. We automate what are typically manual tasks and remove the ‘people risk’ element attached to payment processes.
But like any risk assessment, there had to be further considerations. For instance; what if the AccessPay platform went down? What would be the business impact? How long would it take before it caused a negative impact that was beyond tolerance?
In the case of DBS, they process faster payments daily that must be made within 48 hours of a payment being processed. If, for any reason, the AccessPay platform went down, how would these payments be impacted? If this was negative, the processes wouldn’t be classed as resilient, so DBS had to mimic this scenario in a safe environment to test the outcome.
AccessPay SLA falls within DBS’s impact tolerances as, if for any reason, the platform did go ‘down’ we have a 3-4 hour incident response time, which shows we have the correct support infrastructure in place to act quickly. DBS have a high level of assurance that, even with any downtime from AccessPay, it will be remedied within the 48-hour period. Without, DBS’s savings support team would be manually processing the payments instead. The Operational Resilience assessment would then require them to map these risks across people, not software. Relate this to the previous scenario around faster payments and the 48-hour turnaround time; clearly, there would be an increased demand for staff to step in and make these payments to meet this threshold, which would in turn mean the need for additional staff. They would probably need to make quick hires, which could be costly and hugely inefficient in a crisis.
We spoke to the Head of Change and Procurement at DBS and they commented:
As AccessPay aided our Operational Resilience assessment, this became one of the main drivers why we went out to tender in the first place. We see AccessPay as a key partner to our overall Operational Resilience.
Improved Payment Controls
Another key driver for DBS was finding a solution which would allow their back-office to talk directly to their bank, in a controlled environment:
We needed a solution that could speak to our banks, almost a translation mechanism between our back-office system and the bank. The AccessPay solution did this. We also really liked that it could manage our approval and mandate workflows.
Previously, the process between the back -office and the bank was heavily manual and they needed a more risk-averse way of making payments whilst controlling the validation and approval of payment files. AccessPay enables them to make these payments in a controlled environment and is therefore easily auditable, at any time.
We needed something that reflected our controlled environment, with an additional layer to flag that there is no risk of fraud. Previously this was a manual process and meant there was nothing stopping someone from logging in and adding miscellaneous bank account details, for example. The payment approval process controls in AccessPay helped reduce this risk.
Supporting Risk & Compliance Colleagues
DBS explained that their risk and compliance colleagues like the dual authorization feature too as it guarantees a controlled structure and mechanism for what was previously a time consuming, but an essential process;
They can set up mandate structures, and then if anyone makes a change this is automatically flagged to the application support team, who will then make the change. It can’t be approved without their authorization which has been great for our controls infrastructure.
DBS explained they have “halved their time to process”. Like many financial services firms, Darlington Building Society needed to find a way to achieve Operational Resilience across their business infrastructure, including their 3rd parties and critical partners, and we have helped them achieve this.
Using our trusted technology, they have not only automated manual processes and reduced people risk, but they have created standardised automated, PRA reports to ensure they are always audit-ready and have better control of their payments and approval process.
If you’re looking for ways to reduce risk in your firm, find out more about how we can help you achieve operational resilience across your financial processes here.