Connect with us

Banking

DIGITAL TRANSFORMATION: WHAT CAN BANKS LEARN FROM OTHER SECTORS?

By Paul Jones, Head of Technology at SAS UK & Ireland

 

The banking sector sets a benchmark for other industries in many areas. When businesses need to process large volumes of transactions reliably, maintain 24/7 availability, meet complex regulatory requirements, analyse risks or make financial plans, they often aim to follow the same practices and adopt the same technologies that banks have established as a gold standard.

However, there are other areas where banks aren’t necessarily ahead of the field – and where they can learn from the successes and failures of other sectors. Digital transformation is a prime example. According to McKinsey: “Years of research on transformations has shown that the success rate for these efforts is consistently low: less than 30 percent succeed.” And as almost all established banks see digital transformation as a top priority to help them counter disruption from challenger banks and fintech startups, this is a major concern.

 

Technology as the catalyst for transformation

In their struggles to get digital transformation initiatives over the line, banks typically take one of two approaches. The first is to create a separate internal organisation with a remit to develop new digital products and services, unencumbered by the bank’s existing legacy processes and technology. In some cases, banks have even acquired one of their former fintech rivals to take advantage of its digital skills and provide this internal innovation capability.

The second approach is to focus on incremental digitisation by enhancing existing processes with digital technologies. For example, a bank might seek to enhance contact centre operations by embedding intelligent decisioning capabilities that use artificial intelligence and machine learning to help operatives make more personalised offers to customers. This strategy has the advantage of building on the strengths of existing ways of working, instead of starting from scratch. But it may also be more difficult to implement and require significant investment from senior leaders to drive the required cultural change.

It’s difficult to say which of these approaches is best. And in practice, banks will probably require both, depending on the type of transformation they are trying to achieve. But one interesting insight, again from McKinsey, is that whichever approach they follow, organisations whose transformation initiatives are successful tend to deploy or try more technologies than those who fail, particularly in areas such as cloud, mobile, IoT and artificial intelligence. And this links strongly to the fail-fast mantra in introducing digitalisation.

 

The importance of first principles engineering

There’s a connection here. Banks are buying fintechs to take advantage of their digital expertise, and fintechs have earned that expertise through their willingness to adopt and experiment with new technologies. But that experimental approach isn’t something that the fintechs invented on their own. It’s a lesson they learned from the big technology companies.

For example, while Facebook’s famous mantra of “move fast and break things” sounds like a frightening idea in the highly regulated world of the financial sector, it’s basically the same idea that Tesla calls “first principles engineering.” You take a new idea, try to implement it using whatever technologies seem most promising and expect your first attempts to fail. But because you expected some form of failure, you learn from the experience and do better on the next iteration.

Perhaps some of the new technologies you try end up in the final product, and perhaps they don’t. The point is, you make the cost of the experiment and the price of failure as low as possible so that you have space to explore the problem and come up with the right design for your business.

 

Learning from the tech giants

Take Monzo, for example, which is one of the UK’s biggest success stories in the new wave of challenger banks. In its mission to build a banking system from the ground up, Monzo’s engineering team decided to build a loosely coupled microservices architecture, specifically because “large internet companies like Amazon, Netflix and Twitter have shown that single monolithic codebases do not scale to large numbers of users.”

In its willingness to learn from the tech giants, Monzo experimented with different technologies before settling on Kubernetes – the same technology that Google uses to manage containerised workloads at a massive scale. (Incidentally, at SAS, we’ve been through a similar journey in developing our own cloud analytics platform and came to a similar conclusion. We’re now running our new services on Kubernetes too.)

The same principle applies to the adoption of analytics tools for artificial intelligence and machine learning. Even more so than classical statistical modelling, AI inherently requires an experimental, iterative approach where you learn as much from your failures as you do from your successes. In many cases, the wisest path is to try a wide range of different approaches and technologies, including all the latest open source frameworks, to discover what works best. Once you have found the right approach, you can then industrialise it using a production-grade analytics platform such as SAS Viya, and even provide it to your clients as a service.

 

The human element

We’ve established that banks can profit by following the example of the big tech companies when it comes to designing the technical architecture and processes around digital transformation. But technology isn’t everything. Successful digital transformation also has a strong human element.

To see why this is important, let’s look at a counterexample. Another fintech company that has enjoyed rapid growth is Robinhood Markets, whose mobile app has made it easy for a new generation of investors to start trading stocks, ETFs, options and cryptocurrencies. However, in early March 2020, the Robinhood app suffered a series of systemwide outages that prevented users from opening or closing their positions.

The cause of the problems was a technology failure. In a subsequent blog post, the company’s founders noted that their infrastructure couldn’t handle the combination of “highly volatile and historic market conditions; record volume; and record account sign-ups.” But the impact was human. When the app failed, there was no contact centre to act as a backup for booking trades.

 

The risks of failed tech

The result? Many of Robinhood’s small investors were helpless as the markets turned against their positions, or unable to make trades to take advantage of opportunities they spotted during a week when the coronavirus pandemic sparked a mass selloff. While it’s not yet clear how Robinhood will weather the storm, it’s reasonable to expect that there will be compensation claims, potential lawsuits and, worst of all, a catastrophic loss of customer confidence in the business. As one customer quoted in The New York Times put it: “For me, the moment they get [back online]I am going to try to get out and switch out to someone else.”

Without a human element that can take over when technology fails, businesses expose themselves to significant risk. And even if the technology is completely bulletproof, it’s a bad idea for banks to use it to replace human contact entirely. When customers apply for a mortgage or a loan, they’re often going through a high-stress situation, such as moving house or expanding a small business. While the loan approval decision can and should be handled by sophisticated modelling techniques, the customer wants to hear more than just “computer says yes” (or “no”).

The best customer experience comes when the model is able to explain its decision to a customer service agent, who can then act as an intermediary to break the good or bad news to the customer. This is assistive AI in action.

 

Learning from the public sector

This is a lesson that the public sector has been faster to learn than the private sector. Health care organisations, for example, are investing significantly in the use of AI to assist with diagnoses – for example, using image recognition models to identify potential tumours in X-rays and other medical images. But the principle from the beginning has been that AI can only play an advisory role; the final decision is always made by the physician.

At SAS, we’ve seen the success of this approach in other areas of the public sector too. We’ve recently worked with a large government department to embed intelligent decisioning into its contact centre to give staff the insight they need to provide a better service to each caller. We’ve helped translate the same principles over to the private sector, as well. One of our clients is a car insurance company that uses AI to assess whether a damaged vehicle needs to be written off, and the model now explains its decisions to the customer service team so that it can advise policyholders.

 

Banking

IMPROVING THE BANKING EXPERIENCE THROUGH INFORMATIVE AND ENGAGING VISUAL COMMUNICATIONS

Javier Lopez, General Manager Vertical Solutions, OKI Europe Ltd

 

Banks play an integral role in daily life. However, everyday opportunities such as attracting new customers into branches to open an account, or promoting new offers and services to existing customers, can be lengthy, expensive and cumbersome processes – especially when tailoring communications to the specific requirements of each branch, or differing customer needs.

Quickly creating and adapting in-branch visual communications to communicate and educate cost effectively while remaining on brand can be a challenge, especially for banks that have networks of branches and print their visual communications centrally or use third-party suppliers.

 

Building trust through signage

Visual communications can help build trust and satisfaction between you and your customers.  The ability to create and print personalised communications on demand can not only instil confidence in your brand, it can also offer the flexibility to quickly adapt to financial trends and fluctuations in interest rates. This is particularly important in today’s volatile market, so that you can keep your customers informed while remaining competitive.

Javier Lopez

Printing in-branch and on-demand is an immediate and cost-effective way for banks to communicate with customers. With the right printer on-site, branch staff can easily create and print signage and customer communications as well as everyday documentation to a professional quality as and when needed. This saves on the cost of third-party suppliers and eliminates lead times for essential signage.

The ability to print a comprehensive range of collaterals in-house including freestanding and hanging banners, posters, self-adhesive floor and window stickers, as well as personalised leaflets and direct mailers, can help keep customers informed about the latest services and offers. It can also be used to remind both customers and staff to adhere to social distancing guidelines. Furthermore, the same printer can be used for day-to-day documents such as personalised mortgage or loan offers.

 

A message that sticks

As the world adjusts to a new normality, OKI Europe Ltd recognises the challenges banks face when encouraging social distancing and has teamed up with Floralabels to offer free* social distancing media and artwork to create self-adhesive floor stickers that can be printed quickly and easily from an A3 colour printer such as the C800 Series.  Floor stickers can help ensure customers maintain safe distances while queuing at counters, kiosks and ATMs. The free stickers include self-adhesive floor circles (285 x 285mm) and rectangular floor banners in two sizes (215 x 900mm and 297 x 1,320 mm) with various designs and messaging options to choose from.

 

Achieving ROI with a do-it-all device

When it comes to printing in-branch, implementing a printer with unrivalled media flexibility will provide the best return-on-investment. Not only will the bank be saving on printing and delivery time and costs, it will also save on storage space or potential wastage as well as offering the flexibility to be more reactive to market trends in a timely manner.

OKI’s multi award-winning C800 Series A3 colour printer is designed to take up a minimal footprint and will supply everything from 1.3m metre hanging and freestanding banners to posters, self-adhesive floor stickers, window stickers, leaflets, flyers and much more on a diverse range of materials. Featuring OKI’s pioneering digital LED technology, the C800 Series delivers professional quality results, at high speed and on-demand.

Banks are vital to helping people and businesses prosper, supporting economic growth. Investing in cost-effective do-it-all devices that enable the fast rollout of eye-catching, professional quality collateral will help banks and their customers thrive.

 

Continue Reading

Banking

CONSEQUENCES & RISK EXPOSURE FOR NON-COMPLIANCE WITH PCI DSS FOR THE BANKING SECTOR

Narendra Sahoo,Founder and Director of  VISTA InfoSec

 

Introduction

Every day millions of people around the globe fall prey to cybercrimes. What makes it alarming is that majority of the data breach/theft is related to debit and credit cards. For these reasons, the PCI DSS standards were set in 2006 to strengthen information security and secure cardholder data. PCI DSS is a compliance requirement for all organizations and financial institutions including banks that deal with card transactions. As per the set guidelines, banks and other financial institutes are expected to have in place comprehensive internal controls, and security frameworks to safeguard sensitive data. Financial institutions heavily deal with millions of transactions daily, which is why it is an incredibly challenging task for them to secure transactions and cardholder data. For the amount of risk they are exposed to, the financial institutes are the most heavily regulated industry in the U.S. and around the world.

In this article today we have discussed how PCI DSS Impacts the banking sector and the risks they are exposed to for non-compliance.

PCI DSS Compliance in a Glance

Payment Card Industry Data Security Standard is the set of security standards administered by the PCI Security Standards Council and established by the top 5 credit card brands namely the American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The Compliance Standard applies to –

  • Any organization or institute that deals (store, process, transmit) with credit cards including service providers.
  • Any organisation (service provider) whose functioning can affect the security of the Card Data Environment of another organization (Client of service provider)

The scope of compliance typically covers data security, security framework policies and procedures, network architecture, and software design. Financial institutions, including issuing banks, (banks that offer credit cards to customers) and acquiring banks (financial institutions that hold merchants’ bank accounts, receive payments through the card processors, and deposit funds on behalf of the merchants), merchants, and service providers who process, store, transact, or enter into a contract with the five-card brands are expected to be PCI DSS Compliant.

Impact of PCI DSS Standard on the Banking Sector

PCI DSS is a set of security standards that banks need to follow diligently to stay compliant. For millions of transactions that they undertake daily and the risk to which they are exposed, requires them to have in place strong security measures to safeguard Cardholder data. Given below are some PCI DSS Standard Requirements that banks are expected to follow and security tests they need to perform to ensure no compromise of the cardholder data environment.

  • Test the defense systems in place to ensure network, end-point, and web applications are secure.
  • Frequently commissioning a controlled data breach attempt against the bank network to secure networks (Penetration Testing or even a Red Team assessment).
  • Perform security tests to detect known vulnerabilities like SQL injection, OS command injection, Cross-site scripting, broken authentication, etc.
  • Test networks and check for the presence of authorized and unauthorized wireless access points every quarter.
  • Perform Penetration Test on the cardholder environment (CDE) and systems and networks connected to it at least once a year or after a signification change has been made to the application.
  • Conduct a VAPT test to identify all possible threats and exploit them to penetrate the system at the application and network level.
  • Issues identified should be corrected and re-tested until the time systems and networks are clean and have strong defense systems in place against malicious activities.
  • Conduct Internal audits as per the PCI DSS requirements atleast once a year or after any major change to processes or systems.
  • Internal awareness training for the employees atleast once a year.

While it extremely challenging to meet the testing requirements of PCI DSS, performing the test and securing systems and networks is mandatory for Banks and other financial institutions. Failure to comply with the bank will have to face severe repercussions in terms of huge penalties, and loss of trust and credibility. We have listed below some serious repercussions and risks banks may be exposed to for non-compliance with PCI DSS.

Consequences and Risk Exposure to Non-Compliance with PCI DSS for Banking Sector

The risk of merchants suffering a data breach has far greater, implications and consequences, resulting in monetary penalties and often, irreparable damage to brand reputation.

Data theft & Security Breach-

Being non-compliant to the PCI DSS Standards simply means the bank may not have the necessary security measures in place to protect data. Having no strong defense systems and security built around the network and systems will lead to a security breach and data theft. This could further have huge financial implications on the institute, leading to huge losses.

Hefty Penalties

Non-compliance to PCI DSS can result in huge penalties ranging from $5,000 to $100,000 per month by the credit card companies. The penalties levied shall depend on the volume of transactions, and the degree of non-compliance. Further, the penalties levied shall be based on the discretion of the payment brand and the brand may decide to levy penalty based on per record that has been breached Moreover, the fines get reassessed monthly and may raise over time until the merchant achieves compliance. However, fines that the bank incurs can be passed to the merchant via high transaction fees or service charges if in case the merchant is found to be non-compliant. This will further strain or affect the relationship between the bank and the company.

 Compensation costs for non-compliance

A huge amount of compensation costs would involve in case of non-compliance to PCI DSS Standards.   The banks or merchants will have to probably compensate the clients with credit card monitoring, identity theft insurance, or in any other form of compensation.

Tarnished Reputation due to non-compliance

Security breaches and data theft shall not just have financial implications but will also cause irreversible damage to the reputation of your brand. Once your security is compromised, it will be very difficult to regain their trust in your bank. The image and reputation of your bank will be at stake and greatly tarnished if found non-compliant and face a security breach.

Revenue loss

Once there is a blot on reputation, it will significantly impact the business revenue and sales. There is a huge possibility of the bank facing loss due to an incident of a breach. Infringement can lead to loss of consumers, followed by loss of revenue. The financial implications are far more significant than the amount of money it would probably take to ensure compliance with PCI DSS.

Direct Intervention of Regulatory Bodies-

Non-compliance to PCI DSS followed by a security breach could call for the direct intervention of Regulatory Bodies and involve frequent Federal Audits. This would further involve imposing strict regulations and penalties. Consequences like this could severely impair the banking business.

 

Conclusion

The bottom line is that no matter how strong your defense is and the number of assessments you conduct, it just needs one slip for the breach to happen. So, no system is totally impenetrable, but at the end of the day, incase of breach, you need to present your bank in a way that it has followed all the compliance requirements and did its best to secure the systems to the best of its knowledge and ability.This is where the banks need to work on by conducting due dellligence as detailed in the standard and summarized above in the article.

Moreover, we belive  complying with the security standards is extremely important not just for the banking business, but also for the safety of their clients. While the standard requirements and testing process may seem to be rigorous, but the consequences of non-compliance can be destructive for the banking business. Banks in general have their take on the set standards. Depending on the risk levels (which are often high in the banking sector) and exposures, banks generally balance between the cost, security, and functionality, while investing in an effective security control framework.

 

Author Bio: Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, and CRISC) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry.  VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.

 

Continue Reading

Magazine

Partner Events

Trending

Finance8 hours ago

SAFEGUARD YOURSELF FROM FINANCIAL STRUGGLE AND UNCERTAINTY IN THE CASE OF DEMENTIA

Despite the rising incidence of dementia globally – The World Health Organization (WHO) estimates one new case every three seconds...

Technology8 hours ago

WHY TECHNOLOGY IS KEY TO THE FUTURE OF AUDITING

By Piers Wilson, Head of Product Management at Huntsman Security   The Financial Reporting Council (FRC), which is responsible for corporate...

Finance1 day ago

BOOM OR BUST: HOW THE FINANCIAL SERVICES SECTOR IS COPING

by Simon Black, CEO, Awaken Intelligence   Covid-19 has had an impact across all industries and businesses are feeling the...

Business1 day ago

BACK TO SCHOOL – CEOS NEED TO LEARN A NEW LANGUAGE, FAST!

By Simon Axon, Financial Services Industry Consulting practice lead in EMEA, Teradata   Chief Executive Officers of banks know all...

Business1 day ago

REVITALISING THE TOKEN MARKET

By Gavin Smith, CEO at Panxora   With interest rates near zero and fears that whipsawing stock markets are set for...

Business1 day ago

A SLEEPING DIGITAL GIANT WAKES? 4 KEY TRENDS ACCELERATING PAYMENTS TRANSFORMATION IN THE US

Lauren Jones, International Payments Ambassador, Icon Solutions   The US payments industry is undoubtedly ripe for change. Before the unprecedented...

Finance1 day ago

CAN ACCOUNTING DEPARTMENTS WIN THE FIGHT AGAINST FRAUD?

Magali Michel, Director, Yooz   Despite the implementation of increasingly sophisticated security systems, corporate fraud continues to gain ground: half...

Finance1 day ago

REMOTE INVOICE CAPTURE: ADAPTING TO THE NEW WAY OF WORKING

Author: James Adie, Vice President EMEA Sales at Ephesoft   When the government announced a country-wide lockdown on March 23,...

News1 day ago

GALA TECHNOLOGY SELECTS NUAPAY TO ENABLE OPEN BANKING PAYMENTS

Nuapay, powered by Sentenial, today announces it has been chosen by Gala Technology, a payment security solution specialist, to provide Open...

Top 102 days ago

THE ROLE OF OPEN SOURCE IN UNCERTAIN TIMES

Kris Sharma, Finance Sector Lead, Canonical   Financial services are an important part of the economy and play a wider...

Wealth Management2 days ago

SIMPLIFYING THE RETIREMENT FUND DEATH CLAIMS PROCESS

By Dolana Conco, Regional Executive at Alexander Forbes   Losing a loved one is one of the most difficult experiences...

News2 days ago

THE EMBEDDED BENEFITS IN ESEF DIGITAL FINANCIAL REPORTING

The inclusion of a simple link delivers serious gains in transparency, trust and real time verifiability for the whole financial...

News2 days ago

YAPILY AND OZONE API PARTNERSHIP MARKS TURNING POINT IN OPEN BANKING ADOPTION FOR BANKS

Open banking leader Yapily has today announced a strategic partnership with Ozone API, the leading API standards-based platform, to enable banks and...

News3 days ago

PROGRESSIVE SCENARIO PLANNING FOR THE LIBOR TRANSITION

James Gannaway, Head of Financial Services, Board International   The Financial Stability Board have announced that disruption to markets caused...

News3 days ago

AS DIGITAL TRANSFORMATION ACCELERATES, ENTRUST DATACARD BECOMES “ENTRUST”

Entrust name and identity reflect the critical need for trust at the heart of the digital transformation – and the...

Finance3 days ago

HOW TO TAME YOUR FINANCES TO REGAIN CONTROL OF YOUR MONEY

Credit, combined with bad spending habits, means many South Africans find themselves living from payday to payday, but you can...

Business3 days ago

HOW DATA VIRTUALISATION CAN HELP THE FS INDUSTRY REGAIN COMPLIANCE CONTROL

Charles Southwood, Regional VP – Northern Europe and MEA at Denodo    In recent years, the financial services (FS) sector has witnessed a...

Finance4 days ago

HOW TECHNOLOGY IS CHANGING ACCOUNTING

Mike Whitmire is Co-founder and CEO of FloQast,   The fundamentals of accounting have been around for hundreds of years....

Top 104 days ago

THE COMPLETE GUIDE TO TRANSFERRING SHARES FROM ONE DEMAT ACCOUNT TO ANOTHER

A Demat Account functions like a savings bank account with the obvious difference in the fact it stores stocks instead...

Interviews6 days ago

MAXIMISING THE SPEED OF RECOVERY: ALLOCATING CAPITAL EFFECTIVELY

Simon Bittlestone, CEO of Metapraxis   How has COVID-19 impacted businesses’ financial plans? The uncertainty thrown up by the COVID-19...

Trending