How a 3-year technology plan helps control risk, drive growth
Aligning your board, your strategy and your technology
INSIGHT ARTICLE |
Regulators have required financial institutions to develop technology plans for several years. Unfortunately, many financial institutions have viewed this as primarily a regulatory compliance exercise and simply took an existing technology plan template and put their name on it. This satisfied regulatory compliance, but offered little value to the organization.
The lack of a true long-term strategy has become a bigger and bigger concern, especially as information technology (IT) spending continues to increase due to regulatory pressures and competitive necessities. For many financial institutions, IT spending has increased more quickly than profit margin growth, making it the largest budget line item for most financial institutions; nor is an increasing budget a board’s only IT concern. Regulators expect boards to provide educated and active oversight over all areas, including IT. In addition, board members now face civil and criminal accountability regarding cybersecurity. Boards must now be more directly involved in IT planning to effectively address these risks and concerns, but it can be difficult for a board to meet these oversight expectations if the board is not tech savvy, or doesn’t understand their role in the technology management process.
Why develop a 3-year technology plan?
Financial institution IT leadership often struggles on how to educate the board on information security demands and on how IT aligns with and helps to drive the institution’s strategy. If the board does not understand the business case for new technology initiatives, it can be a battle to get necessary IT spending approved.
Establishing a meaningful three-year technology plan can provide three key benefits for your institution:
- It provides the necessary business case for your technology spending, which helps prevent budget battles with your board.
- An educated board is more likely to provide effective governance and oversight.
- Better alignment between financial institution leadership and the board minimizes risk for the financial institution as a whole.
Why a three-year plan? A three-year plan helps address both your current and projected needs. The goal is to move past looking at IT initiatives on an ad hoc basis and instead to help push the financial institution toward an integrated technology approach that is focused on long-term strategy instead of short-term needs.
In order to ensure buy-in and support for the final document, engage your board during the creation of the plan. Keep the plan simple and don’t make assumptions about what the board knows or understands. Technology definitions and explanations should be included to prevent unnecessary pushback and establish more productive conversation.
The final plan should include:
- A summary of your financial institution’s organizational structure, business positioning and vision
- A statement on how the financial institution defines “technology” (since no organization defines technology in the same manner)
- A strategic statement, current state summary and proposed future state to help the board understand the journey
- Discussion of the following key areas:
- IT governance: define role of the IT steering committee and board
- Data center strategy: include cloud vs. on-premise considerations
- Infrastructure: network communications and computing platform
- IT department staffing: outsource vs. in-house support
- Enterprise applications: core and noncore applications
- Electronic and virtual banking: strategy for online customer experience
- Information security and cybersecurity: posture and maturation
- Disaster recovery and business continuity: ensure all data and necessary financial institution functionalities are included
- Vendor management: risk management and dependencies
- Network architecture diagrams
- IT steering committee charter
- Detailed three-year project plan with budget and timeline
A three-year technology plan is not a one-and-done process, but instead must constantly evolve to meet emerging needs. Events that could drive changes to your plan include:
- Changes in regulatory expectations
- Acquisitions or mergers
- IT support model changes
- Competitive pressures
- Cybersecurity risks and newsworthy events
- Availability of new technologies
Outside advisors can be valuable
Many financial institutions use outside advisors as part of the planning process. A qualified advisor will offer extensive experience working with other financial institutions and even other industries, providing a wider perspective on your IT challenges and the full spectrum of available solutions. Because they are an objective, outside party, they also can help to facilitate conversations among departments and service lines, which can help to minimize political issues. They can also provide the resources necessary to get the detailed work done so that your internal resources can continue to focus on keeping your operations running. Finally, as you look to implement your plan, they can provide resources that understand your solutions and that can deliver the bandwidth to get discrete projects done quickly and effectively.