Digital Twins, Virtual Twins in Financial Services?
Digital twins are remaking the world of manufacturing, aerospace and defense in general. Dassault Systemes has customers using our 3DExperience platform, to make a comprehensive, virtual replica of an aircraft. At Dassault Systemes, we call these “Virtual Twins” and they are driving tremendous operational efficiencies and regulatory compliance across multiple industries.
For example, modeling in the virtual world enables aerospace and defense firms to optimize designs before building them in the physical world. All aspects of the end product, from aerodynamics to electronics are replicated in the virtual twin. These virtual replicas can be continuously enriched based on real time production and supply chain data; helping firms anticipate issues, and adjust the model to optimize processes.
The virtual twin runs in parallel with the production environment and is updated with real-time reporting on KPIs for every operation in the aircraft’s complex systems. Having the virtual twin enables the designers and manufacturers and suppliers to assess and test specific designs or changes before the aircraft is made. The virtual twin also helps optimize parts and material supplies over the entire value network.
Some say these “virtual twin experiences” could only apply to physical products; planes, cars and packaging. We think that is shortsighted. We believe virtual twins can be just as revolutionary for financial services. In fact, we argue that given the regulatory environment, virtual twins are becoming essential for large financial service organizations.
How do Virtual Twins drive regulatory compliance in Financial Services?
Global regulators are converging around the need for financial service companies to go beyond “Disaster Recovery” or “Business Continuity”. Now they are requiring firms to ensure they are operationally resilient. In the UK and US, the regulation is called Operational Resilience. In the EU, it’s called DORA (Digital Operational Resilience Act). Regulators in Canada, Australia and elsewhere are focused on the concept too. The regulations vary a bit by jurisdiction, but they all require firms identify important business services (e.g. bill payments or claims processing) and critical third parties, map those services and dependencies, then stress test them to ensure they stay up and running to ensure business continuity planning.
Building the virtual twin of an entire operational ecosystem enables financial services firms to map and to model these services, getting a real-time understanding of their inner workings, dependencies and interconnected processes. By using virtual twin technologies, large and complex organizations can run operational resilience’s what-if scenarios in real time, identifying gaps or disruptions that potentially occur during their daily operations. This enables them to mitigate potential risks before they occur in production and ensure business continuity for their customers.
What are the 5 pillars of DORA?
- ICT (Information & Communication Technology) Risk Management & Governance
- Incident Reporting
- Digital Operational Resilience testing
- ICT (Information & Communication Technology) third party risk
- Information Sharing
What are the requirements of Operational Resilience in the United Kingdom?
The UK has set Operational Resilience Requirements deadlines for March 2025, in order to strongly encourage companies to better identify and prepare, respond and adapt, recover, learn and report about their activities.
- Identify important business services. Which services, if disrupted, could cause severe damage? (Deadline March 2022)
- Set impact tolerances for each important business service for “severe but plausible” disruptions. (Deadline March 2022)
- Carry out a mapping exercise that includes people, processes, technologies, facilities and third parties that are critical to each important business service. (Deadline 2025)
- Carry out appropriate scenario testing for each important business service to assess whether they remain within the impact tolerances set. All tests must document lessons learned and any updates made as a result. (Deadline 2025)
- Complete the Operational Resilience Self-assessment documentation as required. (Ongoing)
Do you really know what you have and how it works?
Seems like a pretty simple question for a CTO or any senior manager within IT in a bank or investment manager. But when you think about the complexity of large financial services organizations – spanning multiple businesses across different geographies, various regulatory regimes, encompassing an array of diverse applications, data feeds, and interactions with third party interfaces – you realize that no one can really understand everything they have and how it works without substantial assistance.
You need more than a static flow chart.
You need a full blown model of how everything fits together—like the components of an airplane, you need to know what each part does, where it comes from and how it fits into the larger manufacturing process. Like an airplane, you need to be able to test and simulate changes before you implement them.
You need a comprehensive model that can capture complex systems of systems.
You need a robust methodology to describe what everything is and how it works in a consistent way across the organization.
In Engineering speak, you need Model Based Systems Engineering (MBSE) to ensure digital continuity and optimize operational efficiency.
The Virtual Twin of a bank
Imagine what you could do with an accurate, comprehensive virtual twin of your operational ecosystem. Not just a flow chart. A twin that is fully connected end-to-end. No silos, no breaks. A twin where you can digitally track and monitor each operation, what it depends on and what it delivers downstream to the broader ecosystem. Think of it as a completely accurate Development or “Dev” environment. One that precisely mimics your Production or “Prod” environment. Not only would you meet the regulatory requirements to map and model your important business services, but you would also meet the requirement to test them. You could simulate various scenarios and see where your vulnerabilities lie; ultimately reducing downtime and increasing resilience. Financial Service companies can leverage a virtual twin to improve the production environment making it more robust and efficient.
Recent digital payment outages in US banks provide a perfect example of an important business service that was not resilient; and where a virtual twin might have helped. One bank in the U.S. experienced digital payment outages for a few days in January and another bank experienced something similar with the same digital payment provider at the end of July. We believe a virtual twin could’ve helped both banks avoid the outages and the reputational risk they created. With a virtual twin modeling exactly how each system and interface works and what each process depends on and feeds downstream, these banks could have tested any change, patch, upgrade or reconfiguration in the virtual twin before it was implemented in production. Leveraging the same methodologies as the aerospace and defense sector, these banks could have “seen” the outage and prevented it before it inconvenienced hundreds of customers.
How will you meet the requirements of Operational Resilience/DORA regulations?
Operational resilience has garnered considerable attention as of late, driven by various regulators in the finance and banking sectors. However, a 2023 survey conducted by the Business Continuity Institute (BCI )1 shows significant growth across all industry sectors. More than three-quarters (76.6%) of surveyed organizations reported that they have an operational resilience programme in place or are actively building one. Of these, only 40.6% were banking and finance organizations.
Where operational resilience programs are in process or in place in financial services, they are a top focus. The survey found that of those banking and finance organizations with operational resilience programs, over 87% cited regulatory compliance as the primary driver. Because of the regulatory focus, over 48% of firms surveyed had Operational Resilience efforts being led by senior management (22% CEO, 14% Executive Director and nearly 13% Chief Operations Officer).
Regulators are going to require firms to test and report on their resilience. With a virtual twin of the operational ecosystem, a bank or insurer or investment management company could easily respond to regulatory queries like:
Q.: How do you assess and mitigate the potential for a cyberattack on one of your processes, applications or servers?
A: A virtual twin provides traceability across the entire ecosystem so you could see the services impacted immediately and over time. Organizations can simulate attacks to any aspect of the ecosystem within the digital twin to predict and prevent the impacts of cyberattacks.
Q: What is your protocol for a failed data feed or third party process failure? How do you assess and mitigate the impact?
A: Virtual twins can capture dependencies and highlight down-stream effects quickly and easily. This would enable firms to create specific mitigation plans for each scenario. Stress tests could be conducted and over time, failure mode effect analyses could be used to predict and prevent failures in the future.
Q: How do you handle urgent upgrades or patches? Ones that can’t wait for a weekend?
A: Test the patch or upgrade in the virtual twin to identify any potential service interruptions before putting it into production. A virtual twin helps eliminate down time and the risks that come with it.
Q: How do you assess and integrate new business acquisitions or new processes while minimizing impact to the broader organization?
A: Use the virtual twin to model the new business/process and identify dependencies, overlaps or gaps. The virtual twin can be used to identify operational efficiencies and risks using fault tree analysis and traceability.
Moreover, financial organizations can use virtual twins to help eliminate down time, streamline upgrades, system integrations and patches. Virtual twins are also a key to cyber security; enabling firms to see and test likely targets for cyber breaches to mitigate those risks.
Virtual twins are not just for physical products. They can be used to model any complex system. They are powerful tools for engagement; imagine being able to “show” your board or senior management what happens in a cyber-attack or some other “severe but plausible” disruption scenario. A virtual twin is intuitive and accessible to any business user; no engineering degree is required. Business owners could access the twin to trace relationships and dependencies and instantly understand how their particular business works, and what it depends on.
The financial company of the future is the one that understands the power of a virtual twin and leverages that power to be compliant with new regulation and stay ahead of the competition.
1 Source: “Latest BCI report shows significant growth in operational resilience uptake” by BCI
Taherah KUHL, Vice President Business Services Industry, Dassault Systèmes
Taherah has worked at Dassault Systèmes for the past 7 years. Focused on the Financial Services & Logistics industries globally, Taherah is responsible for driving the industry strategy and vision. LinkedIn profile
Linda SAVAGE, Business Services Industry Value Consultant, Dassault Systèmes
Linda currently holds the position of Industry Value Consultant for Business Services at Dassault Systèmes, specializes in the Financial Services segment. Prior to joining the company, Linda dedicated her career to managing client-facing teams in global banking and investment management. LinkedIn profile