Connect with us

Finance

How Financial Services Cyber Regulations are Hotting Up For API Security 

Published

on

Filip Verloy, Field CTO, Noname Security 

 

Financial services firms deploy an increasingly complicated mix of technologies, systems, applications, and processes to serve customers and partners and to solve organisational challenges. Focused heavily on consumer hyper-personalisation, banks are evolving more and more digital assets and services to meet and exceed growing customer experience expectations. 

As a result, the modern banking environment is heavily reliant on APIs to the point that they are now indispensable. APIs allow financial banks to connect with their ecosystem, while inspiring innovative developers to create new products, improve existing services, and work more efficiently. 

A sector disproportionately targeted  

However, this reliance on APIs presents challenges. They create vulnerabilities and are often the gateway for cybercriminals. The financial services industry is disproportionately targeted by threat actors who know that it has what they want – data and money. 

This has brought an ever-increasing set of cyber regulations into sharp focus to help to ensure that banks are protected and compliant. However, this has led to fragmentation, as regulators try to achieve a balance between robust governance and not stifling innovation or driving businesses abroad. 

This fragmentation has occurred because banks must comply with a cocktail of regulations in the same or different jurisdictions that are well-intentioned, but sometimes conflicting, and that do not actually enhance cyber-resilience. 

Therefore, what are these different types of cyber regulations and what should banks be thinking about when it comes to API security? 

Stress testing banks 

Earlier this year, the European Central Bank (ECB) announced plans to stress test the cyber resilience of the Eurozone’s top banks in 2024 because of the proliferation of sophisticated cyberattacks, with EU law mandating that the ECB undertakes stress tests on supervised banks at least once per year. Results from these tests help supervisors identify vulnerabilities and address them early on in their interaction with banks. Likewise, the results of annual stress tests provide important input for the Supervisory Review and Evaluation Process (SREP) in the test year.  

In years when there are no EU-wide tests, the ECB tests significant institutions under its direct supervision against specific kinds of incidents. These tests run in cooperation with national supervisory authorities, and the ECB publishes the results on an aggregate basis. 

A lack of API standards 

The European Commission has just published its proposal for the third Payment Services Directive (PSD3), to help advance open banking and strengthen consumer protection. The PSD3 and Payment Services Regulation aims to drive further development in open banking, first introduced with PSD2, as well as addressing issues around API quality, and giving authorities the required tools to better evaluate the dedicated API interfaces provided by banks and other financial institutions.  

According to the European Banking Authority (EBA), “The experience acquired in the implementation of the PSD2 has shown that the absence of a single API standard has led to the emergence of different API solutions across the EU. This creates significant challenges for third-party service providers as they must invest significant efforts into connecting to different Account Servicing Payment Service Providers’ APIs and adapt their connections to changes in APIs over time.” Whilst PSD3 will absorb the lessons learned from PSD2, it’s no secret that PSD2 is seen as complex and difficult to define. In fact, between 2016 and 2022, the EBA released six technical standards, eight sets of guidelines, eight opinions, and more than 200 Q&As in relation to PSD2. 

PCI DSS v4.0 is the next evolution of the PCI DSS​​ standard. The goal of this new standard is to continue to meet the security needs of the payments industry, promote security as a continuous process, add flexibility for different methodologies, and enhance the validation methods. This is the first time APIs have been explicitly called out in the standard, underpinning their importance.​​ In fact, the EBA argues that API standardisation is needed to reduce the barriers to entry for FinTechs wanting to access financial account data held by banks and similar institutions. 

Adhering to DORA 

Additionally, by January 2025, EU financial entities and their critical ICT providers must be ready to comply with the Digital Operational Resilience Act (DORA). DORA standardises how financial entities report cybersecurity incidents, test their digital operational resilience, and manage ICT third-party risk across the sector.  

For certain financial entities this includes undertaking advanced threat-led penetration testing every three years. By clarifying testing methodology and introducing mutual recognition of testing results, DORA will help financial entities continue to build and scale their testing capabilities in a way that works throughout the EU. 

The NIS2 Directive – which came into force in January 2023 – aims to strengthen cybersecurity risk management requirements as well as ensure companies take appropriate and proportionate technical, operational, and organisational measures to manage their cybersecurity risks as well as prevent and minimise the impact of potential incidents. The Directive aims to ensure a safer and stronger Europe by significantly expanding the sectors and types of entities falling under its scope.  

It replaces the current Directive on Security of Network and Information Systems and focuses on measures including incident response and crisis management, vulnerability handling and disclosure, policies and procedures to assess the effectiveness of cybersecurity risk management measures, and cybersecurity hygiene and training.  

Furthermore, it features more stringent supervisory measures for national authorities, as well as stricter enforcement requirements, along with a list of administrative sanctions, including fines for breaches of the cybersecurity risk management and reporting obligations.  

Compliance across all financial Directives 

The DORA Amending Directive will amend other Directives to align with DORA, including CRD IV, Solvency II, MiFID II, PSD2, UCITS and AIFMD. In-scope entities include credit institutions, payment institutions, electronic money institutions, investment firms, and crypto-asset service providers, whilst regulation 2022/2554 outlines the requirements concerning the security of network and information systems supporting the business processes of financial entities.  

Clearly, APIs have become the default connectivity and data exchange method within modern financial services environments and will continue to be so in the future. With this in mind, securing APIs from both a pre-production and post-production perspective is paramount to securely operating in our digital-first banking world.  

Therefore, financial services entities should work with an API security platform provider that can deliver strong API security and help with compliance and governance requirements. In this evolving regulatory landscape this will enable organisations to implement a robust API strategy across discovery, posture management, runtime protection and API security testing.  

Business

In-platform solutions are only a short-term enhancement, but bespoke AI is the future

Published

on

By Damien Bennett, Global Director, Principal Consultant, Incubeta

 

If you haven’t heard anyone talking about artificial intelligence (AI) yet, then where have you been? Conversations about AI and its advantages to society have been a key talking point over recent months, with advances being made in the generative AI race and ChatGPT opening a whole plethora of possibilities. Many have highlighted the advantages of AI, but notably it’s ability to create human-like content.

But these discussions have only scratched the surface of what AI is capable of doing. It is for far more than just essay writing, adding Eminem to your rave and photoshopping dogs into pictures.

In marketing, we have been using AI for years, for everything from analyzing customer behaviors to predicting market changes. It’s enabled us to segment customers, forecast sales and provide personalized recommendations, having a huge impact on how our industry works.

It is even, for the more savvy marketers of the world, becoming a key tool in maximizing budget efficiency – which is apt, considering over 70% of CMOs believe they lack sufficient budget to fully execute their 2023 strategy.

Now, as AI becomes more intelligent, the number of efficiencies it can unlock continues to rise. Not only can it help brands get the most out of their available resources and identify any areas of waste, but it can also help highlight new opportunities for growth and maximize the impact of your budget allocation.

The trick, however, is to veer away from the norm of using in-platform solutions with a one-size-fits-all approach and create your own, bespoke solutions that are tailored to your business needs.

 

Pitfalls of in-platform solutions

In-platform solutions aren’t by any means a bad thing. In fact, built-in AI tools have become increasingly popular, owing to their ease of integration, user-friendly interfaces and minimal set up requirements. They come pre-packaged with the platform, offering the user the ability to leverage AI technologies without the need for in-depth technical expertise or the upfront cost of building a solution from scratch.

However, the streamlined and accessible nature of in-platform AI solutions comes at the expense of complexity and customization. They are designed to serve a broad user base, but for the most part are built using narrow AI solutions with predefined features and workflows.

This makes them great for assisting with common AI tasks, but they lack the flexibility to tailor functionality towards unique business requirements or innovative use cases, limiting the potential efficiencies and cost savings that can be unlocked. Additionally, if a business’ competitors are using the same platform, they are probably using the same AI solution, meaning any strategic advantage gained from these will be reduced.

Bespoke AI solutions, on the other hand, may carry a higher initial investment – but can offer a significantly more attractive ROI over a short amount of time.

 

Why customized and adapted AI is the key

The difference between bespoke AI and in-platform solutions is similar to that between home cooked food and a microwave meal. Yes, it is more time consuming to prepare, and yes it likely carries more of an upfront cost, but the end result is going to be far more appealing and will carry more long-term value (financially… not nutritionally).

That’s because bespoke solutions, by nature, will have been tailored to address your brands specific needs and challenges. These custom-built tools allow for much greater efficiencies by streamlining workflows across different channels, automating more complex tasks, and providing deeper, more relevant insights.

The increased level of optimization can significantly improve productivity and reduce operational costs over time, offering a higher ROI. The increased flexibility of bespoke AI also allows brands to implement innovative use cases that can significantly differentiate them from their competitors.

The data analyzed can be specifically chosen to match business requirements, as can the outputs of the AI tool, providing a significant advantage when understanding and acting on the insights provided.

Additionally, these tools are, by nature, more scalable. They can be updated, upgraded and expanded as needs change, ensuring they continue delivering value as the business grows. They can also be designed to integrate with any existing IT infrastructure, from CRM systems and databases to marketing platforms and sales tools – leading to more efficient and effective decision-making.

 

Managing finances with AI

It’s no secret that AI in marketing automation has, and will continue to, revolutionize the way marketing is done. It has a bright, if slightly terrifying, future and can help CMOs to unlock new efficiencies, maximize the impact of their budgets and increase their ROI. And as this technology becomes more advanced, its impact will only increase.

But we already know that…and so does everyone else.

So, in order for businesses to make themselves stand out from the crowd , they must look to fully adopt the power of AI. Creating a customized and unique AI solution could be the way to set yourself apart from your competitors. A bespoke AI tool can provide brands and businesses with features unique to them and their business needs. As a result, companies will benefit from more useful data and better results to make more data-driven decisions for their business. Ultimately, this will help brands to maintain a competitive edge over their competitors, deliver ROI and most importantly optimize their budgets.

Continue Reading

Business

Is your business suffering with Fintech FOMO?

Published

on

By

FinTech Trends In 2022

Tom Kiddle, Chief Commercial Officer at Equals Money

 

It’s a challenging time for businesses of all sizes, but the past three years created storms that are particularly hard for SMEs to weather. For businesses dealing with shrinking margins, while a weakened pound is making international purchases more costly, it’s a scary time.

For many businesses this meant initially reigning in any unnecessary costs, reducing investment in anything deemed as a ‘nice to have’, and focusing on keeping the lights on. However, despite not being out of the woods in terms of economic challenges, this year many SMEs have their eyes on growth.

While some might have been buoyed by the news that the UK narrowly avoided a recession at the end of last year[1], data shows businesses were already making investments before this news was released. In fact, UK business investment rose by 4.8% in Quarter 4 (Oct to Dec) 2022, coming in at 13.2% above where it was during the same quarter in 2021[2].

So, where are SMEs putting their cash? As well as predictable spending on IT equipment, machinery, and transport[3], businesses are also putting more funding than ever into technology investments – a trend that isn’t slowing down anytime soon. UK tech investment is set to grow at its fastest rate in over 15 years, both in terms of budget but also headcount[4]

Tom Kiddle

UK businesses are clearly seeing the real opportunity that technology, in all its various forms, presents to their operations. This may also be bolstered by the fact that tech investments are potentially more cost-effective now that the government has made recent changes to R&D tax relief, which sees things like cloud computing and data included in expenditure categories[5]. When it comes to revamping legacy systems and introducing Fintechs that offer businesses a smarter, easier, automated way of doing business, investing in technology can increasingly feel like a no brainer.

However, it’s rare that a one size fits all solution exists for businesses. What works for your competitor may not offer the same benefits to your organisation. In a world with so many risk factors, making smart investments that are aligned to your individual business goals is key.

Tom Kiddle, Chief Commercial Officer at innovative money movement solution Equals Money, explains four ways businesses can reap the rewards of smart tech investments:

1. Measurement

Can you measure the impact it will have on your business? It doesn’t have to be monetary, but if it gives you efficiency, visibility, or certainty, these can have measurable tangible impacts to your top and bottom line.

2. Insight

Does it tell you something you didn’t know before about your customers, your employees, your suppliers, and their behaviour?  What could you do with that information? Often, businesses lack critical insight on their key drivers, and understanding those can open up new opportunities.

3. Action

Pretty charts and graphs make for good reading, but make sure you’re taking action with your new piece of tech. Setting accountability for action from your latest investment will drive your business to achieve a return on that investment and ensure it doesn’t sit on the shelf.

4. Adoption, adoption, adoption

Often, the latest tech trend may seem like a great investment to the motivated few, but look more broadly: if your intended internal target for your new tech fails to adopt the new practice, you won’t achieve the return promised. Also, more likely than not, you’ll frustrate both the key supporters of the new product and those you’re imposing it on.

Innovative technology, particularly in the finance space, can transform the way you do business, but avoid being lured in by solutions that don’t align to your individual needs. Good suppliers should always take the time to give an honest appraisal of whether their product is right for you and should leave you feeling empowered to devote time to what matters most – growing your business.

 

[1] HR Solutions, 2022 [2] The Guardian, Feb 2023 [3] ONS, Dec 2022 [4] ONS, Dec 2022 [5] Nash Squared Digital Leadership Report, 2022 [6] BDO, 2023 [1] The Guardian, Feb 2023 [2] ONS, Dec 2022 [3] ONS, Dec 2022 [4] Nash Squared Digital Leadership Report, 2022 [5] BDO, 2023

Continue Reading

Magazine

Trending

Business1 day ago

In-platform solutions are only a short-term enhancement, but bespoke AI is the future

By Damien Bennett, Global Director, Principal Consultant, Incubeta   If you haven’t heard anyone talking about artificial intelligence (AI) yet,...

Business2 days ago

Exploring the Transformative Potential and Ethical Challenges of AI in Wealth Management

Nuno Godinho, Group CEO of Industrial Thought Group   In recent years, the advent of AI has sparked both excitement...

4 common myths about the role of open source in financial services 4 common myths about the role of open source in financial services
Banking2 days ago

Are SaaS platforms challenging banks for a piece of the payments pie?

Attributed to: Ralph Dangelmaier, Global CEO of BlueSnap   The finance industry is at a tipping point with software firms...

Banking2 days ago

Emerging technology will power long-term sustainability within the UK banking industry 

By Peter-Jan Van De Venn, VP Global Digital Banking at Hexaware Mobiquity.   Sustainability has been a big focus for...

FinTech Trends In 2022 FinTech Trends In 2022
Business2 days ago

Is your business suffering with Fintech FOMO?

Tom Kiddle, Chief Commercial Officer at Equals Money   It’s a challenging time for businesses of all sizes, but the past three...

Banking2 days ago

The Future of Banking: Streamlined Cash Management for ATMs

Gaetano Ziri, Innovation Manager, Auriga   “Maintaining free access to cash for the community demands robust strategies to mitigate the...

Top 102 days ago

Can AI revolutionise wealth management?

~ The benefits of AI when collecting and analysing financial data ~   Global fintech company Finder reported that around...

AI and machine learning AI and machine learning
Finance2 days ago

Where is the value in generative AI for financial services?

Michael Conway, Executive Partner, Data, AI and Technology Transformation Service Line Leader at IBM Consulting   The New York Times...

Technology2 days ago

Connecting the security dots with cyber fusion 

Anuj Goel, Co-founder and CEO at Cyware  Against the backdrop of Russian-based hacktivists declaring war on Europe’s financial systems, the...

Business2 days ago

Exploring the symbiotic advantages of SoftPoS for merchants and consumers

By: Brad Hyett, CEO at phos by Ingenico   Amid the dynamic shifts that have come to define today’s fintech...

Finance3 days ago

Investing In Bitcoin: What You Need To Understand Before You Buy

Bitcoin—the digital currency that launched a financial revolution—is more than a trending investment. This decentralized currency, free from traditional banking...

News5 days ago

How the LEI Can Help Financial Institutions ‘Address’ a Growing Challenge in ISO 20022

The vast complexity and inconsistency of address formats globally presents significant challenges for financial institutions. In this blog, GLEIF’s Head...

Banking6 days ago

Building towards an inclusive financial future

By Catharina Eklof, CCO of IDEX Biometrics    From the visually impaired to displaced migrants, the unbanked, and people living...

Business6 days ago

Euro deep tech M&A deal value expected to reach $20bn+ in the next 15 months

Written by Oliver Warren, Associate at DAI Magister   Investment in European deep tech has mirrored the broader decline in...

Business1 week ago

Why ESG Investing Is Becoming More Important

Author: Urtė Karklienė, Sustainability Manager at Oxylabs   Environmental, social, and governance (ESG) term was first mentioned in a 2004...

Banking1 week ago

Preparing banks for digital transformation

By Joman Kwong, Strategic Solutions Manager, Financial Services at Laserfiche   Today, digital transformation is imperative for every industry. After...

Finance1 week ago

The critical tech to deliver personalised digital financial experiences 

Jay Sanderson, Senior Product Marketing Manager, Digital Experience at Progress   Providing customers with outstanding digital experiences is now a must...

Banking1 week ago

Bank-fintech partnerships can shape the future of cross-border payments

Steve Naudé, Head of Wise Platform   People and businesses are more interconnected than ever. In today’s global economy, international...

Business2 weeks ago

DORA Compliance in Financial Organisations: What You Need to Know

Nick Hogg, Director of Security Training, Fortra   The regulatory landscape is tightening for European banking, financial, and insurance institutions....

Business2 weeks ago

How sound investment research can revive the City of London

Author: Neil Shah, Director at Edison Group   A few months ago, leading portfolio manager Nick Train described the modern...

Trending