Welcome back to our course on FinTech Risk Management We're going to talk today about our third area of FinTech Risk Management IT and Compliance, and Assurance and we have two weeks on this Weeks three and four of our video we're going to talk about IT because FinTech is at least half tech if not more than half tech Finance matters, and we've talked about finance compliance Corporate governance matters, and that's part of risk management But IT can really screw you up and it's an important area or aspect of FinTech Percy is going to take the lead in this discussion >>[inaudible] >>So, why don't you give us an overview of where we're going to go in this the third week of our course >>Okay, thanks, Ted. So, the first focus is going to be business application development So, no matter whatever the software whatever the system that you're developing specifically we're talking about FinTech So, we could focus on the- we discussed before about the controls Then if you want to have controls that we have to reduce the risk, and control so those controls has to be embedded to the system that by the time that you develop the system So, that's very important to make sure that by the time that we develop any FinTech system the controls are in place at the time that we developed it >>Now, a finance person when you hear the word compliance and assurance you think about regulation When you're an IT or technology person you hear compliance and assurance, why is that different? >>So, the basically, the main difference what my focus in this module is going to be like say for example, that we are going to given access to different people of different access right to your system in different information, different data So, we should have different access levels So, we should have different data privacy, data protection the authentication mechanisms something like mobile metrics >>So, we're worried about risk we're worried about control? >>Yes. So by the time when we develop a FinTech system we should make sure that all these controls be embedded by the time we developed system >>But one of the biggest problems in software, and software development software implementation, software risk analysis is doing the wrong thing >>That's true. So, the main issue what I see in the past [inaudible] so by the time the system has been developed they may not think about what are the risks associated with that particular system itself So, also since if they don't think about the risk beforehand they may not thinking about the controls of those risk So, that's very important before we developed a new system we should do the risk assessment first and have an idea what are the possible risks associated with those systems itself plus how can we control or how can we reduce the risk using controls that's very important >>But a part of the risk is doing the wrong thing Not doing software that the customer wants So, not complying with business goals So, this links to our second week where we talk about corporate governance and risk software development has some of that element to it as well >>Yeah, definitely. So, the second thing we're looking at implementation, system implementation So, for example, we might have legal system, the manual system and then we are moving to the- we're developing FinTech so that means we have the we call it as different elements on FinTech like robot training So, we are introducing the robot training So that we have a traditional way of like did customers go to the bank and talk to the person whoever adviser talking? But once we moving to a system itself so we got to be very careful about system change or mechanisms as well That's very important here So that is important here Then, the third thing we're looking at is about what kind of risks associated with software development So, once we start developing systems sometimes doubts from external risks might have it because of economic situations so the senior management may not want you to spend funding on that The same time that some of your competitors may be developing in the middle of your system development process some of your competitors may be developing better system than what are you developing now So, that could be a risk with external risk as shown So, then the next part the part number four we're looking at the system maintenance practice So, no matter which system that we developed nothing is going to be static so changes are inevitable so we need to keep changing So, we might find problems with the system so we call it corrective maintenance We might need to add some new features to the system after system being built so we could add up to maintenance Then sometime system has only English interface but we are rolling into mainland China so we want to change the interface to Chinese so we call it profit to maintenance So, we might need to do some maintenance to the system. So, that's something we could [inaudible] >>We will also have to think about processes for change >>Exactly, so that's very important here Then we will look at the change management process So, when we do the process to develop process make sure that nobody will be able to make unauthorized changes to the system So, it's very important that only the authorized changes may be able to happen to your system So, this keyword is approval and authorization >>That sounds expensive >>Yes usually, but we should have somebody to look into that >>Because if we don't have processes and control it could get more expensive >>Exactly, and then there are a lot surprises comes to you and then probably it's going to be too much for you Then think about change process so it takes longer time to make one change So, when you go for normal change we call it as the authorization documentation, and finally implementation >>We have a process >>Yes. Say, for example you have your e-banking system and it's dulled in the middle of the night >>That's bad >>That's bad. So, we don't have time to go through the normal process [inaudible] >>We need a different process for emergency >>Yes, we call it emergency change So, we should have policies and procedures exist in every organization to be able to do the emergency change >>Wrapping it up, we have something called compliance and sub standard testing >>So, basically what we do in compliance testing and substandard testing testing is to test your system to make sure that your systems controls are good enough So, that's something that we look at >>Is it just the word we use in IT as compliance >>Yes >>It's very different from finance compliance but in FinTech, we have both >>Yes >>So we have to think about finance and IT compliance different views of compliance and assurance >>Yes, so we're going to look that in much detail in the coming weeks to come >>Then we've got another week after that but we'll get to that on our next week after we've been through these seven topics >>Correct >>Thank you >>Thanks, good time of you
