A ten-year development strategy must be built on innovation and technology – EY’s Ms Effie Xin

She underscored that the most effective approach combines long-term goal setting with continuous strategic adjustments.

Innovation is transforming business through AI, cloud, and blockchain, delivering efficiency and growth. But these advances also create risks in resilience, compliance, data security, and trust that can threaten long-term success if not addressed.

Sharing her expert insights is Ms Effie Xin, Greater China Chief Operating Officer and APAC FinTech & Innovation Leader at EY. With over 20 years of experience in the financial sector, she leads more than 3,500 professionals across Greater China, delivering strategic and technology-driven solutions.

A pioneer of EY’s APAC FinTech and Innovation services, Ms Xin has built a dedicated team in China to drive the application of advanced technologies, including Big Data, AI, blockchain, and RPA. With a strong record of implementing impactful projects, she has consistently aligned innovation with business needs, improving efficiency, reducing costs, and increasing the competitiveness of financial institutions.

As a judge at the Asian Innovation Excellence Awards 2025, Ms Xin stressed embedding resilience, safeguarding data, balancing compliance, and driving future-ready, trustworthy innovation.

Given rising cyber and regulatory threats, how can organisations embed digital resilience in innovation programmes from day one?

Nowadays, organisations are actively embracing diverse innovative technologies—such as AI, cloud computing, and blockchain—across a range of organisational functions, from R&D and risk management to business development, and beyond. These technologies drive efficiency gains, mitigate risks, and reduce operational costs. However, their adoption also introduces new threats, including heightened cybersecurity risks and regulatory compliance challenges. Failing to integrate resilience into innovative initiatives can thus lead to severe consequences.

Resilience refers to an organisation’s ability to recover and adapt when adverse events occur. Given that vulnerabilities can emerge in various components of an innovation programme, it is critical to embed “Resilience by Design” throughout the programme lifecycle to ensure resilience is proactively addressed.

Key tasks include fostering a resilience-by-design culture across the organisation and engaging relevant stakeholders, such as compliance, legal, and cybersecurity teams, together with business project owners from the early stages. It also involves identifying and mapping interconnections and interdependencies amongst core components underpinning the programme, such as people, processes, technologies, facilities, third parties, and information, and then assessing resilience measures for each of these underlying components.

From there, organisations need to identify resilience vulnerabilities and define targeted risk-mitigation strategies, whilst conducting regular scenario testing to simulate operational disruptions, evaluate the effectiveness of resilience measures, and implement necessary remediation actions. Finally, it is important to stay abreast of market developments and regulatory updates to ensure digital resilience practices remain aligned and up to date.

By adopting innovative technologies alongside embedding resilience by design, organisations can fully capture investment value whilst maintaining robust resilience to address emerging threats.

How can institutions strike the right balance between speed, scalability, and regulatory compliance?

Financial institutions frequently encounter regulatory constraints when pursuing operational efficiency and business expansion. Yet these three objectives—efficiency, growth, and compliance—are not mutually exclusive.

Compliance must serve as the foundation. With this as a base, financial institutions can implement scientific strategic planning and optimal resource allocation to streamline operations and enhance productivity, ultimately achieving sustainable business growth. This balanced approach enables institutions to satisfy regulatory requirements whilst simultaneously advancing their development objectives.

A sound strategic plan must be grounded in the financial institution's own market positioning and resource endowment. It should avoid the unrealistic pursuit of scale expansion whilst also preventing the premature adoption of efficiency tools that exceed current management capabilities, which could lead to resource misallocation and operational risks.

Efficiency and scale are inherently mutually reinforcing. Institutions should assess their existing technological capabilities and management levels against established growth targets to select appropriate efficiency enhancement solutions. For instance, regional banks might prioritise optimising credit approval processes rather than directly implementing AI risk control systems, achieving step-by-step improvements in processing efficiency whilst controlling costs. This gradual innovation approach both safeguards compliance baselines and lays a solid foundation for scale expansion.

In financial innovation, speed, scale, and compliance are not a mutually restrictive trilemma, but rather three mutually reinforcing dimensions of success - truly outstanding institutions can achieve breakthroughs in all three dimensions simultaneously.

What safeguards should be in place when dealing with high volumes of sensitive customer data in AI?

When dealing with large volumes of sensitive customer data in AI systems, inadequate safeguards can lead to significant risks to privacy, security, and compliance. It is therefore crucial to put in place safeguards to ensure proper use of sensitive data, making the AI trustworthy and meeting necessary privacy requirements. These safeguards fall into three main areas: privacy requirements, AI model security, and cybersecurity protection.

Meeting privacy requirements involves ensuring data legitimacy by collecting and using only data that is legally and ethically permissible for the AI’s intended purpose, obtaining clear and informed customer consent regarding how their sensitive data will be used in AI systems such as training or decision-making, and enabling user rights so that customers can exercise control over their data through options like opt-in, opt-out, access to their data, or requests for correction or deletion. It also requires anonymising or pseudonymising data by removing or replacing personal identifiers to prevent information from being linked back to individuals, thereby reducing privacy risks in AI training and use.

AI model security focuses on securing model training by protecting data from tampering and validating sources to avoid biased or poisoned inputs that could compromise the model. It also involves bias mitigation through regular audits to detect and address discriminatory outcomes, especially when sensitive data influences results, and ensuring model explainability so that AI decisions can be clearly explained to users, particularly when sensitive data is a key factor in the outcome, such as approval or rejection decisions.

Cybersecurity protection includes implementing access control and authentication through strict mechanisms that ensure only authorised users can access sensitive data and AI systems, as well as preventing data leaks and misuse by securing information against unauthorised disclosure, loss, or improper use throughout the AI lifecycle. It further requires monitoring for anomalies by tracking access patterns, data flows, and model performance to detect unusual activity, potential leaks, or model drift at an early stage. Finally, having an incident response plan is essential to prepare clear steps for addressing breaches, including containment, user and regulator notifications, and recovery, to minimise harm.

How can traditional industries effectively integrate tech innovation whilst maintaining trust?

The uncertainties brought by technological advancement often challenge the long-established public trust in businesses, whilst also testing the market's acceptance of innovative solutions. To achieve an organic unity between technological innovation and credibility, three core principles must be upheld.

First, technological innovation must adhere to the principle of explainability.​​ This means avoiding "black-box" technical solutions, particularly in emerging technologies like artificial intelligence, and ensuring that decision-making logic and operational mechanisms remain transparent and traceable. Only when stakeholders fully understand how the technology works can a lasting foundation of trust be built.

Second, risk management is an essential safeguard for technological innovation.​​ Even in industries like finance, which are relatively open to innovation, robust risk control systems must be established. This includes implementing multi-layered security measures and clear circuit-breaker mechanisms to ensure timely intervention in case of anomalies, minimising potential risks.

Third, gradual integration is the most prudent approach.​​ Technological innovation should not seek overnight success but rather adopt a phased, incremental implementation strategy. Through small-scale pilot tests and gradual scaling, technology, organisations, and the market can adapt smoothly, avoiding systemic risks caused by radical changes.

It is particularly important to emphasise that ​​true technological innovation does not seek to completely replace human roles with machines, but rather to revitalise traditional business models through technological means.​​ This philosophy of "evolving whilst preserving core values"—staying true to the industry's fundamental principles whilst actively embracing technological progress—is the key to successful digital transformation in traditional sectors.

What makes an initiative truly future-ready for the demands of the next decade?

A successful ten-year development strategy requires building upon the dual foundations of business innovation and technological advancement. When formulating such a strategy, enterprises must consider five critical dimensions: adopting a holistic perspective that encompasses all aspects of business development; grounding the strategy in the company's actual situation to accurately identify and address growth challenges; maintaining a business-centric approach focused on pressing operational needs; creating an executable framework with phased technological implementation; and executing gradually through an incremental methodology that allows for steady progress.

Yet, can any strategy remain fully effective for an entire decade? This warrants careful consideration. Even at the national level, the most comprehensive strategic plans typically follow five-year cycles, with each new phase incorporating evaluations and refinements based on previous outcomes. For businesses, this principle proves even more relevant—no strategy can be perfect from inception or remain unchanged over time.

The most effective approach combines long-term goal setting with continuous strategic adjustments based on evolving internal capabilities and external conditions. This dual-focused methodology—maintaining a clear vision for the future whilst remaining responsive to present realities—enables organisations to sustain strategic resilience whilst achieving steady, accelerated growth. As companies prepare for the challenges and opportunities of the coming decade, this balanced approach represents the optimal framework for sustainable success in an increasingly dynamic business environment.

As a judge at the Asian Innovation Excellence Awards 2025, how do you evaluate whether an innovation is setting a replicable benchmark for digital progress?

In my view, assessing whether an innovation truly sets a replicable benchmark for digital progress requires evaluation across three critical dimensions.

First and foremost, the innovation must demonstrate tangible application value—it cannot remain merely theoretical. It should authentically solve real-world problems or bring about qualitative improvements to work and life.

Secondly, a benchmark-setting innovation must possess broad applicability. It should adapt to multiple scenarios whilst retaining the potential to inspire new use cases. Only such innovations can transcend their original domains to be replicated and applied across different industries and institutions, thereby generating greater societal and economic value.

Most crucially, truly exemplary innovation must exhibit foresight and sustainability. It needs to not only meet current technological environments and market demands, but also withstand the test of economic cycles. This requires innovations to possess sufficient resilience and adaptability to remain effective across varying economic conditions—rather than serving as short-lived solutions.

Only innovations that simultaneously fulfil these three criteria can genuinely be considered replicable benchmarks for digital progress.