The advent of public cloud and the software platforms that came with it were considered at one point a natural solution to the problem of key man risk in terms of technology. As we have developed our digitised business models, it is apparent this classic business problem is still very relevant in workplaces. While shared platforms are used by multiple people and teams, quite often their hidden architecture is still only understood by those who design it.

The Edinburgh reforms, announced in December 2022, will be building upon the measures that were introduced by the Financial Services and Markets Bill (FSMB) that was introduced to Parliament on 20 July 2022. A key focus of the reforms is in relation to regulatory architecture in the UK, with a particular emphasis on the remit and objectives of the regulators, the FCA and PRA.

Simultaneously to the Chancellor’s announcement of the reforms, the government issued new remit letters to both the PRA and FCA, illustrating direction for how they, as regulators, will be developing their role with a power shift away from the government and to the regulators themselves. One of the key areas of focus areas is technology and innovation.

We are facing the next period of significant change in the regulated financial sector, and we must be prepared. A key area for both operational resilience and SM&CR, both highlighted in the reforms, is understanding, managing and maintaining cloud-based architecture, platforms, and apps and that means ensuring against key man risk.

Microsoft 365 is a great example of a widely used solution that also has the ability to be ‘personalised’ to a specific firms trade and deal flow, depending on their strategy, size and AUM. Atech’s Microsoft Partner Programme provides clients access to functional business solutions like Microsoft’s Power platform, a suite of add-ons designed to digitise data processing and management that can be tailored to suit each fund’s needs. Building tailored app solutions can lead to key man risk, just in a different way to legacy IT systems. If a firm suffered a loss of data or a breach, this may trigger questions from regulators and investors that could be difficult to answer if sufficient controls and governance are not in place to support any integrated systems for clarity of information. Compliance may not understand the IT, and IT may not understand the demands of the compliance team. The risk has not been eradicated. Atech can work with a fund to help develop a system of governance to mitigate the risk.

To solve your key man problem, you’ll first need to identify what critical information certain employees might be responsible for as part of your governance and risk process reporting. Specialised information can be made available to suitable employees using layered security access, allowing only relevant personnel access to operational, investor or regulatory information, but also giving access to that information to different teams who may need it for different tasks; IT and compliance are good examples of this. Most funds also choose to work with a specialist outsourced provider to support their technology stack. Atech are a Microsoft Partner who work with clients building strategic business solutions using a holistic approach to deliver Azure architecture that supports security, risk, compliance, and identity governance as part of its wider IT workplace and consultancy services. By taking a partnership approach to your IT strategy, Atech’s outsourced team can deliver experience that can support your internal operations, providing you with peace of mind as you build your digitised operational model. While this does not negate the funds responsibility as the regulated firm, it does provide a partnership with whom the fund can work with should the worst happen, and you suffer data loss or cyber breach.