Institutions crave a more efficient, repeatable approach to compliance, boosted by intelligent automation, new JWG research suggests. Inforalgo’s Jordan Ambrose reports
A raft of new and updated requirements to international trade reporting obligations are pushing many financial institutions to crisis point. That’s because they are struggling to meet all of the diverse requirements in the timeframes allotted, and with the resources open to them.
These are among the findings of new research by independent financial regulatory think-tank JWG, in partnership with Inforalgo. They reveal that project costs, and the risks of non-compliance, are rising. Consequently, a majority of FS providers are reviewing their approach to transaction data management, and looking for a more sustainable, repeatable approach to preparing reports.
Regulatory demands are certainly increasing. There’s MiFID II, now almost a year into its implementation; EMIR, which is currently being re-written; Dodd-Frank; FINRA TRACE which is increasing the scope of reportable instruments; CAT and SFTR, which are due to go live in 2019; and MAS, due to be upgraded in 2020. Put all of these developments together, and there is no let-up for trading firms keen to maximise global trading opportunities.
But JWG’s in-depth, qualitative research, conducted with senior executives from 12 global financial institutions in October 2018, highlighted firms’ growing frustration with the processes involved with trying to meet all of the associated reporting obligations. “(The) business is fed up with investing in regulation! Instead, we need to slash costs,” commented one project manager from a major German bank currently grappling with MiFID and MAS (Singapore authority) reporting.
Reduce, reuse, recycle
It isn’t only the risk of non-compliance, potential fines and reputational damage that has prompted a review as demands rise. Firms are also becoming more acutely aware of the amount of information repetition and duplicated effort involved as they collate, prepare and turn around trade data to fulfil each authority’s particular requirements.
Time pressures are a very real concern too. If firms wait until the end of the day to reconcile all of their transaction data and generate reports, this can cause bottlenecks – especially if exception/query resolution involves input across different time zones.
Above all, firms want to manage their regulatory obligations in a more efficient, reliable and repeatable way. Relying on manual processes and spreadsheets is impractical, burdensome, costly, inefficient and fraught with risk. It prevents a clear line of sight across trade activity, and hinders potential useful insights – for example, into the relative cost of transactions, or where common errors are concentrated.
Ideally, FS providers need to be able to routinely amalgamate data and get it into a robust, readily deployable and centrally viewable format – wherever the respective original sources and formats.
A senior technology leader at a North American bank, contributing to the research, admitted that, because his organisation still had a lot of manual reference data maintained in spreadsheets, and had many, varied data sources – six in Singapore for trading source data; three for reference data; and 20 connection points in Ireland – its reporting activities had become highly cumbersome.
Since different regulators demand different data, it isn’t a simple case of being able to prepare fields once to meet multiple needs. Rather, firms need to employ rules-driven workflow to automate reporting according to each authority’s particular requirements.
As an IT manager at a European investment bank put it, if he had spare budget to spend on regulatory reporting, he would spend it all on central eligibility rules. “Enrichment and transformation of data is easy once the rules are defined, known, agreed and accessible,” he said.
In JWG’s findings, firms were looking for an ability to complete each set of reporting fields automatically, with the precise information that is eligible for declaration under each set of regulations. Having a rules engine capable of assessing data’s fit, accuracy and completeness, without writing or embedding code each time requirements are revised or added to, was high on interviewees’ wish lists – as was being able to re-use rules for other regulations, where there is a close match between requirements from one authority to another.
The study also found that firms are beginning to take a more holistic approach to automation of trading data management. The need to control costs more broadly, and maximise revenues, is turning attention to the concept of a ‘centralised data hub’ – one that can support multiple trading-related process requirements, and increase visibility of transaction data and activity with scope to reduce the cost of trading and improve yields. Most of the firms JWG spoke to had already begun to allocate some resources to this kind of strategy, in recognition that a more holistic data automation approach could offer a degree of market advantage.
- The full JWG research analysis, Regulatory reporting: time for a rethink? A 2019 approach for Capital Markets, can be downloaded from Inforalgo’s web site.
HOW WILL COVID-19 IMPACT ESG INVESTING LONG-TERM?
By Kerstin Engler, Senior Wealth Manager, Geneva Management Group.
Sustainability is a trend on the rise in every sector of the business world. From consumers to corporates, there has been a global shift bringing environmental and social consciousness to the fore.
The investment world is no exception. In recent years, there has been a rise in investors looking to the future ‒ opting to choose their investments on the basis of social and environmental impact rather than exclusively financial gain.
This is not just about making money back on an investment, but about making a bigger impact on the planet and building communities by investing in businesses that implement measures to ensure ethical practice, sustainability and accountability.
Statistics indicate that investors continue to put their money into businesses with a strong focus on environmental, social, and governance investing (ESG), even at the start of the year as the Covid-19 pandemic was already unfolding.
According to investment research company Morningstar, investors around the world put a total of $45.6 billion into funds focused on ESG in the first quarter of 2020. This is not to say that this sector was immune to global investment outflows experienced in response to the outbreak of Covid-19.
After reaching an all-time high of $960 billion at the end of 2019, following three years of consistent growth, sustainable funds declined by 12% in the first quarter. Comparatively, investment funds overall declined by 18%.
But what does the future hold for this investment sector beyond Covid-19? The reality is that it is simply too soon to tell. We have no evidence so far that companies which apply ESG criteria will weather this storm better.
In fact, it’s too early to know what the overall impact on investing will look like long-term beyond Covid-19. Globally, we are still collectively figuring out the ‘new normal’ during this unprecedented crisis.
We have seen that investors are typically focusing on the short-term, dealing with their current investments and focusing on the survival of their companies or their bankable assets.
Our clients want to know how the pandemic will change the world from an investment perspective. We have discussions with clients about how the corporate landscape, and therefore investment opportunities, will be affected. There is a lot of consideration of the impact on sectors including biotech, robotics, gaming and the automotive industry. Consider, for example, that the latter will be affected by a significant reduction in the use of public transportation.
People aren’t asking about ESG. There hasn’t yet been time to look to the long-term. During this period of uncertainty, there have been ripples of talk around the world about how nature will ‘take back cities’ and conspiracy theories that ‘planet Earth is teaching us a lesson’.
Perhaps one good thing that will come out of this is that we will emerge with more consciousness and more purpose. The world will certainly be less global and more local after the crisis. Covid-19 has shown the limitations of globalisation, disruption in supply chains, and transportation, for example.
One of the potential advantages for companies that are already ESG classified is that they may already produce locally for environmental reasons, which could give an edge in this new world where we realise the fragility of global imports and the importance of supporting local business. Other companies may still need to adapt their supply chain.
We have already seen businesses launching new initiatives to help those in need during this time. Beyond Covid-19, it stands to reason that there will be heightened social awareness. More than ever, people are thinking about social factors and uplifting communities. Sustainability could well be in focus as the world collectively heals and looks to the long-term for the planet and its people.
KEEPING DATA IN THE VAULT: INSIDER BREACH RISK IN FINANCIAL SERVICES
by Tony Pepper, CEO. Egress
Financial services organisations are trusted with far more than just money; they are also responsible for keeping customers’ highly sensitive personal and financial data under lock and key. We’re hyper-aware that the growing value of this data means financial organisations are prime targets for malicious cyberattacks – but this isn’t the only threat they face. In fact, not a day passes without these firms’ own employees putting data at risk from within.
You might think that, when it comes to reducing overall breach risk, employees represent low-hanging fruit – surely it is easier to control the actions of a company’s own team members than it is to defend against external attackers? However, this not the reality experienced by financial firms worldwide. While external attackers are always motivated by malicious intent, the employee population is far more heterogenous and, in a sense, much more human. This makes understanding and mitigating insider risk a more nuanced exercise. Just because it is difficult, however, doesn’t mean it is impossible. It’s crucial that financial services companies shift the dial on insider risk and reduce breach frequency, because the penalties for failing to do so are becoming increasingly draconian and the repercussions from customers much more severe.
The recent Egress Insider Breach Survey aimed to understand the different attitudes towards data sharing and ownership among employees in financial services companies and the approaches that IT leaders in the sector are taking to managing insider breach risk.
We found a whole range of diverse profiles of people who put sensitive financial data at risk for very different, but very human, reasons. Some need monitoring to keep their less-than-honest traits from getting the better of them, while others need a helping hand to save them from making genuine, well-meaning mistakes. And across all respondents, we also found confusion over who really owns data, contributing to the more cavalier attitudes displayed by some.
Deliberate “data breachers” – from well-intentioned but reckless to disaffected and destructive
Our study found that the financial services sector has more than its fair share of deliberate “data breachers”. Of the thousand employees we questioned, almost a third (32%) said they or a colleague had intentionally broken company policy when sharing or removing information in the past year. This compares with just 15% of healthcare workers and 11% of government sector employees.
The reasons given for this deliberate flouting of security policy varied. One-third said they were simply trying to get their job done but didn’t have the appropriate tools to share data safely. On the face of it we might have some sympathy with those employees, but would consumers and businesses want to bank with those firms?
It’s more difficult to be sympathetic with those motivated by self-gain, including the 41% who took data with them because they were moving to a new job. And we have even less sympathy for the 15% who compromised data because they were angry with the company and wanted to deliberately cause harm.
Operator error – mobile, tired, under pressure
Even with their firm’s best interests at heart, employees still make mistakes. 30% of financial sector workers said they or a colleague had caused an accidental data breach in the past year – again more than twice as many as their public sector counterparts. A third had sent an email to the wrong person and a further third had clicked on a link in a phishing email.
Their reasons behind these breaches varied from the pressure of working in a stressful environment, to tiredness and rushing. A significant proportion, however, said they made an error due to using a mobile device – and given the current requirement for mobile remote working during this COVID-19 pandemic, this is a definite cause for concern.
Breach detection gaps and technology limitations
Next, we examined what IT leaders in the sector have in place to mitigate insider breach risk. Concerningly, 60% said the most likely way they would discover an insider data breach was via internal hand-raiser reporting by either the employee themselves or a colleague. Only one third felt that their breach detection systems would pick up the issue.
In a similar vein, traditional data protection technology use was surprisingly inconsistent across financial firms. Email encryption, anti-malware and secure collaboration software were in use by fewer than half of financial sector companies. Again, raising the question whether consumers and businesses would be willing to trust their data to financial firms if they knew they didn’t have systems in place to protect it.
So, why is this the case? From the data we uncovered, it seems as though organisations are resigned to a proportion of insider breach incidents occurring, accepting them as an inevitable result of doing business and employing people. But this doesn’t need to be the case. It is possible to apply human layer security solutions to mitigate these risk factors and make a positive impact on breach frequency figures.
Human layer security – a helping hand and a watchful eye
Take the issue of rushing or tiredness. This can lead to users adding the wrong recipients to emails or failing to spot the subtle changes in familiar email addresses that denote targeted phishing attempts. This risk can be overcome with tools that use contextual machine learning to analyse what the good security behaviour looks like for each user and support them with alerts that tell them they’ve added an unusual recipient to an email, or that they are about to answer a phishing email. A small prompt is all these users need to stop them from making an error and causing a data breach.
Similarly, when using mobile devices with smaller screens, it is very easy to choose the wrong attachment and send sensitive data outside the organisation to the wrong recipient or to the right person unprotected. If an employee is less than honest, our always-on, constantly connected culture also enables them to deliberately do so too. However, it is possible to stop these incidents with an intelligent solution that scans email and attachment content and identifies data such as personally identifiable information (PII) or bank account details to alert users that they are about to send information to an unauthorised recipient, or without the correct level of encryption applied. If the user persists, the risky email can be blocked from being sent and administrators alerted to a potentially intentional attempt to breach data, so they can respond accordingly.
Ultimately, the most effective way to address human-activated threats to security is by implementing tools that support and manage users when they are at their most humanly vulnerable; tired, rushing, under pressure, angry or self-interested. As our research and wider evidence shows, the financial services sector is more than averagely vulnerable to insider data breaches, meaning human layer security must be a priority for IT leaders in the field if they hope to reduce breach frequency and keep sensitive data firmly in the vault.
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS...
FROM MANUAL TO MACHINE LEARNING: HOW TO APPROACH THE RECONCILIATION ‘PROBLEM’
By Christian Nentwich, CEO at Duco At the start of 2020, before the global coronavirus pandemic changed the world,...
5 WAYS TO MAXIMISE THE VALUE OF INSTANT PAYMENTS
Lauren Jones, International Payments Ambassador, Icon Solutions Instant payments are the ‘new normal’. The last decade saw a ramp-up...
THE BEST PATHS TO SECURE AUTO FINANCING IN 2020
The previously flourishing economy has taken some dramatic turns in the last few months due to the health and economic...
TIPS FOR BUSINESS EXPANSION
Alan Sutherland, CEO of Kind Consumer Every successful business had a beginning. Its founders usually looked for ways to...
THREE QUESTIONS FINANCE LEADERS SHOULD BE ASKING THEMSELVES DURING THE PANDEMIC
Chris Pope, Global VP of Innovation at ServiceNow We’re living through unprecedented times, dealing with a situation completely out...
HOW WILL COVID-19 IMPACT ESG INVESTING LONG-TERM?
By Kerstin Engler, Senior Wealth Manager, Geneva Management Group. Sustainability is a trend on the rise in every sector...
EIS LAUNCHES IN THE UK AS INSURANCE COMPANIES LOOK BEYOND PROTECTION TO DELIVER MORE VALUE TO CONSUMERS
Leading digital insurance platform expands global footprint to meet UK insurance market demands EIS, a core and digital platform provider...
TINK TECHNOLOGY ENABLES MULTI-BANKING FOR NORDEA’S NORDIC APP CUSTOMERS
Tink’s account aggregation, data enrichment and personal financial management technologies have been integrated into Nordea’s mobile banking app to deliver...
BITCOIN COMES OF AGE
Katharine Wooller, Managing Director, UK and Eire, Dacxi The Bitcoin halving event, which occurred on the 11th May, has...
KEEPING PAYROLL SAFE AND SECURE IN LOCKDOWN” – HOW FINANCE FIRMS’ PAYROLL TEAMS CAN MAKE IT HAPPEN
by Richard Dutton, account director, Symatrix With companies across the UK switching to remote working since the pandemic took...
EMERGENCE PARTNERS LAUNCHES TO HELP BUSINESSES NAVIGATE A NEW WORLD OF EMERGING TECHNOLOGY
Consulting firm will partner with clients to transform their businesses using disruptive technologies Emergence Partners, has today launched to provide strategic counsel...
BEFORE THE INK IS DRY: CORRECTING BIOMETRIC SPOOFING MYTHS
Eric Setterberg, System Design Engineer at Fingerprints Biometric authentication is highly robust, and the latest solutions offer considerably greater security...
DIY SOS: FIXING-UP THE FINANCIAL SERVICES HOUSE
By Edwin Abi, CMO, Modulr It has been 11 years since the 2008 financial crisis. And in that time,...
ARE WE AT THE TIPPING POINT FOR GLOBAL BIOMETRIC PAYMENT CARD ADOPTION?
By Vince Graziani, CEO of IDEX Biometrics ASA Following the coronavirus outbreak, consumers are ready to go cashless more...
KEEPING DATA IN THE VAULT: INSIDER BREACH RISK IN FINANCIAL SERVICES
by Tony Pepper, CEO. Egress Financial services organisations are trusted with far more than just money; they are also responsible...
MOBILE MONEY MOVED THE NEEDLE ON FINANCIAL INCLUSION – BUT NEEDS SCALED INFRASTRUCTURE TO FULFIL AFRICA’S POTENTIAL
Dare Okoudjou, Founder and CEO, MFS Africa Africa is gearing up to become of the great success stories of...
WHAT WILL SALES LOOK LIKE IN A POST COVID-19 WORLD?
Max Eaglen, Director at Platform Group, looks at how businesses will need to re-shape their sales techniques in a post COVID...
HOW HAS THE CORONAVIRUS LOCKDOWN IMPACTED THE MANUFACTURING SECTOR?
As thousands of people have headed back to work, the manufacturing industry will need to have safety guidelines set out...
CAN AUTOMATION HELP BUSINESSES GET PAID ON TIME?
By Magali Michel, Director at Yooz Procurement process costs account for an average of 60% of turnover for most...