Did you ever grab the wrong screwdriver for a project and try to make a go of it anyway?
You have a flat-head when you really needed a Phillips head. Or, you’ve got a Phillips head but it’s just a little too big for the screw. If you push hard enough and turn your wrist in just the right way, you can (sort of) get it to work. But—oops!—now you’ve stripped the screw. You’ll need power tools to straighten or remove it. The job is done, but at what cost?
Having the right tools matters. It makes your work quicker and more accurate so you can move on to other projects (because there are always plenty of other projects needing your attention).
In a perfect world there’d be a universal tool good for everything—but we don’t live in a perfect world. We live and work in a world of specialization and specificity. Every industry has its own way of doing things, its own jargon, and its own rules to follow.
You can’t transplant a bank compliance officer in a hospital and expect them to understand the ins and outs of HIPAA and Medicare compliance. It’s also unreasonable to expect the board of directors at that hospital to understand a Bank Secrecy Act (BSA)/anti-money laundering (AML) risk assessment.
Then why do we expect risk management tools designed for other industries to work for financial institutions?
The problems with risk management software not designed for financial institutions
Generic solutions might work for some industries, but not for financial institutions. Financial institutions are among the most highly regulated organizations in the country. Regulatory agencies and examiners have very specific expectations when it comes to risk management and compliance—including vendor management, business continuity, audit management, findings, and cybersecurity.
They expect you to follow their rules and speak their language, even when that language is dense, vague, complicated, or otherwise hard to understand.
That makes solutions designed specifically for financial institutions a great value. Why? Here are four reasons.
1. One-size-fits-all software isn’t built to comply with your regulatory expectations. Does your financial institution care about HIPAA? Have you heard of FISMA? Probably not. Then why should you buy a solution loaded with rules, regulations, risk assessments and controls that don’t apply to your industry and can only confuse you.
Short answer: You shouldn’t.
2. Companies that lack a focus on FIs don’t invest exclusively in your industry’s needs. Banks, credit unions, and mortgage companies aren’t like other organizations. It takes a specific mindset to build solutions that work specifically for financial institutions. Solutions that aim to be everything to every industry have to spread their resources across numerous industries—or make their solution so broad that it can encompass everyone.
When a solution is just for financial institutions, it’s not distracted by competing interests. It invests serving financial institutions—and keeps investing.
3. Hiring banking experts is not a priority. When solutions laser focus on a single industry like financial services, all a company’s resources are invested in serving that market. They see the value in hiring employees that have worked at financial institutions.
These employees are key--not only do they have specialized knowledge that help guide product development and implementation, they understand the mindset because they’ve actually worked in risk management, compliance, operations, cybersecurity, BSA/AML, and lending compliance. They don’t just know the rules. They know the challenges, and they are working to solve them.
4. Generic software solutions don’t speak your language. Financial institutions have vendors, not business associates. They care about protecting “nonpublic personal information (NPI)” not “protected health information (PHI).” Supply chains aren’t a major issue, but data and information security are.
Solutions geared towards financial institutions know the difference—and often let you customize that language further because not every institution uses the same terminology (i.e., significant vs critical vs Tier 1 vendor).
Just as you wouldn’t use a Phillips head screwdriver to tighten a flat screw, you don’t want to get stuck with software that isn’t designed for financial institutions. Insist on solutions that will work for your needs, so you can do the job right the first time.
Check out this related article on the 6 features of an
effective risk management solution!
Subscribe to the Nsight Blog
Share this
Operational Risks
Ask the Author: Where Does Risk Management Go Wrong?
