4 minute read 3 Jun 2024
Indian BFSI GCCs

Acceleration of technology risk function at Indian BFSI GCCs

Raghav Seksaria
By Raghav Seksaria

Partner, Technology Risk Consulting, EY India

Seasoned consulting professional; technology risk specialist; trusted advisor

4 minute read 3 Jun 2024
Related topics Consulting Workforce Technology Digital Risk
Upvote

Show resources

The technology risk function of Banking, Financial Services and Insurance (BFSI) GCCs brings talent, scale and innovation, along with the commercial leverage of a global business model. 

In brief

  • Banking, Financial Services and Insurance (BFSI) GCCs have transformed and are now driving FinTech innovation
  • 59% of GCCs established technology risk functions in this period, contributing to client business transformation
  • Technology risk functions within GCCs ensure resilience and aid growth

Over the past few years, the Global Capability Centers (GCCs) in the Banking, Financial Services, and Insurance (BFSI) industry in India have undergone a transformative journey. They have evolved from mere 'proof of concept' entities to 'centers of strategic importance'. These centers have ascended significantly in the value chain, positioning themselves as Centers of Excellence (CoE) for innovation and champions in driving digital mindsets, revitalizing the Financial Technology (FinTech) sector.

One of the standout aspects of this evolution is the proactive role of the technology risk functions within these centers. At BFSI GCCs, the technology risk function plays a crucial role in identifying, assessing, and managing potential risks associated with technological advancements and digital initiatives. This function works proactively to ensure that technology-related risks are effectively mitigated to safeguard the integrity, security, and resilience of the banking, financial services, and insurance sectors. By monitoring emerging threats, implementing robust controls, and fostering a culture of cybersecurity awareness, the technology risk function helps BFSI GCCs navigate the evolving landscape of technology risks while enabling sustainable growth and innovation. Technology risk function of BFSI GCCs brings in a blend of talent, scale and innovation, along with the commercial leverage of a global business model.

In the past few years, BFSI GCCs have been seeking to evolve the risk and control function from a tactical, regulatory-driven approach to a more sustainable and innovative one. These GCCs have been successful in building use cases for innovation in cybersecurity engineering, digital risk, control automation and emerging technology risk.

Top drivers of technology risk offshoring

The majority of cyber and technology risk functions operated from Indian GCCs are at the center of the ‘future working models’ of global BFSI organizations. Below are the top drivers of offshoring these functions to India, based on surveyed GCCs:

Top drivers of technology risk offshoring
  • 86% of GCCs, along with 80,000 to 85,000 digitally skilled graduates, believe that ‘skills’ are the primary driver.
  • In 2020, 74% of GCCs compared to 52% in 2018, believed that cyber and technology-related risks should be managed across different time zones. The ‘Round-the-clock’ driver has gained 22 points since 2018.
  • In 2020, 61% of GCCs believed that the ‘cost arbitrage’ driver makes managing functions from India much more efficient.
  • 44% of GCCs consider faster innovation and research and development as key drivers.

In their contemporary roles, these GCCs have surpassed traditional boundaries by actively engaging in delivering high-value activities, such as automation, risk data aggregation, cloud security, and governance. Serving as strategic partners, these centers have established CoEs for niche capabilities, acting as catalysts for innovation across the entire enterprise.

Services provided by cyber and technology risk functions of BFSI GCCs in India

With 41% of GCCs in India having at least a quarter of their information security staff located in India as of 2020, the number of security services provided and managed through India GCCs has only grown. Due to the complex nature of these services, the majority of the organizations now even have their cyber and risk leadership based out of India's GCCs only. Apart from the traditional services such as cyber strategy and governance, risk assessment, threat response and crisis management, BFSI GCCs have started to perform new-age functions due to emergence of new digital risks. The top five ‘Next gen’ cybersecurity functions being delivered from BFSI GCCs in India include emerging technology risk, cyber resilience, cloud security, cybersecurity operations and cybersecurity product management and automation.

Technology risk and cyber GCC function-wise spend

BFSI GCCs, over the years, have been delivering core functions, aligned with priorities and budget allocation of their global majors. However, it is interesting to note that not all cyber GCCs prioritize the same functions. This could be due to varied organizational and budget priorities. 

Global Capability Centers

As Global Capability Centers (GCCs) are evolving from being a source of cost arbitrage to becoming Global Value Organizations, the EY GCC Advisory practice is supporting the GCC community in India to drive digital transformation and innovation.

Know more

Technology risk and cyber GCC function-wise spend

Whether we attribute it to the pandemic effect or something else, digitization in BFSI GCCs has shown exponential growth across the value chain and has also brought its own challenges. Addressing cyber and technological risks is at the core of global organizations’ key priorities to ensure business continuity and resilience. 

How EY can help

Digital Transformation services

We help companies thrive in the transformative age by refreshing themselves constantly, experimenting with new ideas and scaling successes.

Read more
Capability Center-as-a-Service: How EY can help build your Capability center in India

The Global Capability Center (GCC) landscape in India is transforming. Organizations are increasingly looking at GCCs to drive growth and innovation for a sustainable future. EY’s Capability Center-as-a-Service (CaaS) is a one-stop solution to address your GCC needs starting from setup to scale to transformation.

Read more
Technology transformation

Organizations must consider foundational transformation rather than quick fixes and ad hoc investments to give them the agility to adapt.

Read more

Summary

The BFSI Global Capability Centers (GCCs) in India have evolved from mere proofs of concept to strategic hubs. Through a unified view of risk and controls in an organization across geographies, managing the technology risks at GCCs has become paramount and, in turn, is helping leaders to make better, faster, and more confident decisions that aid business performance transformation. 

About this article

Raghav Seksaria
By Raghav Seksaria

Partner, Technology Risk Consulting, EY India

Seasoned consulting professional; technology risk specialist; trusted advisor

Related topics Consulting Workforce Technology Digital Risk
Upvote