Connect with us

Finance

HOW THE FINANCIAL SECTOR CAN PREPARE FOR THE NEW AGE OF RESILIENCE

Published

on

Richard Harmon, VP & Global Head of Financial Services at Red Hat.

 

The EU’s new DORA legislation is ushering in strict rules on technology use. Businesses should embrace it as a new way to unlock innovation.

Ever since the 2008 global financial crisis, governments and regulators have been on a mission to build integrity and resilience back into their banking and financial systems.

In the EU, DORA (Digital Operational Resilience Act) is the latest effort. Due to be passed in March 2022, it will mandate that financial organisations ensure the resilience of all the technologies in their stack. Liability is a key tenet—if you run it, then you have responsibility for it, goes the new rule. That brings third-party systems and applications into the arena of an organisation’s accountability. It’s not just big banks that will be under the spotlight. DORA will apply to all sorts of financial businesses, from credit and payment providers to investment and insurance firms; cryptocurrency exchanges to crowdfunding platforms.

Richard Harmon

Outside the EU regulators are ready to follow suit. In the UK, the Bank of England has requested policy powers to assess, and if necessary intervene, in banks’ migrations to cloud hyperscalers. The Federal Reserve, Congress and other policy leaders in the US have started to explore whether regulators there are properly set up to address cloud concentration risk exposures. In Singapore, Hong Kong and Australia, banks are now required (to varying degrees) to conduct due diligence checks on technology partners to demonstrate that they have satisfactory safeguards and response plans in place in the event of a disruption.

DORA (and whatever may follow) comes at a time when many institutions are adding complexity, and so risk, to their technology supply chain. The undeniable benefits of cloud are likely to prompt more mission-critical workloads to head there. These workloads attract more profound security considerations, and new vendors are sought that can protect these core systems. So too partners that can modernize legacy platforms and applications, and power the digital innovations that leave customers happy and the competition behind.

The result is a hyper-connected finance sector. Organisations now access a vast array of third party data and technology services from the same public cloud servers and data centers. If one organisation is vulnerable, it may impact everyone else. The Federal Reserve estimates that an attack on any one of the five most active banks in the US could spill over to impact 38% of the national financial network. The subsequent liquidity hoarding and forgone payment activity could reach more than 2.5 times daily GDP.

In 2020, the global finance sector reported 1,188 security incidents and data breaches, around 3.4% of the all-industry figure. Victims have included some of the biggest names in finance. The Equifax breach of 2017 saw hackers steal credit card numbers of over 209,000 customers. It cost Equifax up to $700 million in fines, and the jobs of its CEO, CIO, and CSO. A 2019 attack of Capital One resulted in 80,000 bank accounts being compromised in the U.S and one million Canadian social insurance numbers leaked. Most recently, $613 million in crypto tokens was stolen from the Poly Network platform by hackers. Security hacking has become professionalised and nation-states sponsor some of the most effective operations.

This all points to the need for a more community-minded approach. Make resilience and security a team effort rather than a lone pursuit, since financial systems no longer exist in isolation. If institutions pull down their walls of secrecy, there can be a holistic view of how everything is stitched together, benefiting the whole ecosystem. The ‘single pane of glass’ solution that has become the established practice in SecOps must now be the ambition for the sector as a whole. Accept that, and the logical next steps are a sector-wide strategy; collective selection, procurement and deployment of shared solutions; and coordinated attack prevention and remediation teams and processes.

At Red Hat, we are trying to kickstart this collaborative spirit. Working with some proxy data and partner organizations, we are mapping how the global financial sector is connected technologically and then running simulations to show how a system failure or attack in one place could play out. The aim is to understand what types of critical financial infrastructure and applications are most impacted by a bank’s cloud deployment strategy, predict contagion trigger points that might yield systemic risk events, and quantify impacts on the overall economy. Regulators, banks and cloud providers alike can benefit from these insights. These are the same modelling principles that have helped virologists predict the path of COVID-19.

Having spent almost two decades working with financial institutions, I know what a cultural shift this open collaboration can be. So, let’s also consider how organisations can build resilience by looking inwards.

Intuitively perhaps, going all-in with one cloud hyperscaler may seem like the best option. One vendor, one suite of systems, fewer points of vulnerability—right? Not quite. Dedication to one player can leave you exposed to their whims and errors. It should be worrying then that at present the market is highly concentrated, with a 2020 survey by the Bank of England finding that almost three-quarters of banks, and an even greater proportion of insurance firms, are served by the same two cloud infrastructure providers. That feels inconsistent with the 98% of financial firms that are following an open source strategy, as reported by Red Hat in The State of Enterprise Open Source. A driver of that is containerization; the same report found that 75% say they plan to increase their use of containers in the next 12 months. Doing so will help make them more secure and resilient. A container platform can provide the standards and oversight to secure multiple best-in-class cloud vendors, as well as the application portability to keep future options open.

Make resilience and innovation partners, rather than opposing forces. Take an approach that is genuinely holistic, with security baked-in to the DNA of the ecosystem, rather than added as an afterthought, and you have innovation with resilience.

 

Finance

The penny has dropped – the finance sector needs Data Governance-as-a-Service

Published

on

By

By Michael Queenan, Co-Founder and CEO at Nephos Technologies

 

In our data-driven world, the amount of data is growing exponentially and it’s predicted that the amount generated each second in the financial industry will grow 700% this year. Leaders of financial services organisations have realised two things since the start of the pandemic – that data on their customers and services is their greatest asset and that they must embrace technology to make intelligent business decisions to grow successfully and outperform competitors.

Since the financial sector holds arguably the most valuable and sensitive information, organisations must do more than just store this data. They need to ensure its security, integrity, and governance so that it’s useful in improving the brand’s customer experience, innovating products and services or predicting future trends to improve risk management.

Yet without a robust data governance model – a strong set of rules and processes for what data means, and how it is categorised, owned, accessed, stored, and used – data is worthless. Only when an effective data governance model has been established, will data meet regulations and be secure. Data leaders must shift gear in their data processes to avoid hefty compliance penalties and unlock potential value from their data assets.

 

The data governance challenges faced by financial sector organisations

The barriers for achieving ‘good governance’ are many and varied. Ignorance of the benefits of data governance is a major hurdle for developing a governance strategy. Many financial firms have invested – at significant cost – in data governance tools, but struggle to deliver the benefits they are looking for. Many don’t have the right skills and resources to maximise or set the right metrics to measure the business value. Some are compromised by unoptimised gaps in their approach.

With many different elements to master, data governance is complex – from identifying the right tools to managing the challenges presented by encryption, all whilst ensuring that data quality is sustained and data is managed responsibly.  The negative impact of misplaced investment in ineffective data governance strategies can be significant, for the short and long-term.

 

Why data governance matters

With the acceleration of digital adoption in the financial services industry, it has become crucial to deliver seamless, intelligent customer experiences. Data governance is the key to managing data flow, ensuring compliance, and scaling up. Proof that data governance matters is evident in the Master Data Management Market growth prediction, from $16.7 billion in 2022 to $34.5 billion by 2027.

Data governance is a comprehensive methodology for ensuring the quality and security of the company’s data. The various benefits of an effective data governance strategy include minimised risk, coherent policies, metrics and processes, and better implementation of compliance and enhanced data value. However, for financial services, there are significant advantages as a result of the following:

  • Data governance saves the company money by increasing efficiency. Precious time can be saved by having good quality data and a single source of truth, with less duplication of data, and less time needed to correct data errors.
  • Good data governance gives the business confidence in having accurate and trustworthy data, the holy grail for delivering outperforming customer experiences.
  • A data-driven culture can also be introduced to your business through good data governance. With the ability to gather critical customer and market insights that can guide the direction of your business, data governance allows financial institutions to drive innovation and gain competitive advantage.

 

Bridging the governance gap with Data Governance-as-a-Service (DGaaS)

Increasingly organisations are turning to the ‘as-a-Service’ model to bridge the gaps in their data governance capabilities, as well as ensure critical alignment between objectives and results. This dedicated approach aims to minimise the risk of investments and delivers the strategy and proven technologies required to ensure data governance success.

DGaaS can be applied across each major component required to deliver good data governance. First, it uses software tools to scan all data within a typically complex financial services data infrastructure in its data discovery and classification phase. Without this detailed insight, organisations can’t always identify their data assets, any data mishandling and the level of risk generated.

The next part of the process is creation and documentation. This means organisations can drive their governance objectives through to execution, while removing the operational and recruitment overheads, which means they can purely focus on value created from data. In doing so, organisations can convert the raw outputs from the toolsets into meaningful business outputs.

With a holistic approach, DGaaS allows financial services organisations to focus on the transformational potential of data while critically staying compliant.

 

Reaping the benefits

Data is a vital asset to enable financial sector organisations to build the right capabilities to deliver their services and remain competitive. With a robust data governance model, financial firms can assess risk, predict trends, and seize market opportunities based on data-driven insights. Only data-driven processes, built on high quality and effectively governed data, will enable them to build outstanding customer experiences. It’s essential that leaders realise data governance is a fundamental discipline, not a luxury, and establish an effective model to formalise processes and responsibilities before their data lets them down.

Continue Reading

Business

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Published

on

By

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation

The strongest recommendation yet by the Financial Stability Board (FSB) that the LEI should be used more widely in payments will catalyze increased global LEI adoption. The most immediate intention is in facilitating cross-border payments. GLEIF explains why this makes it the perfect time for financial institutions to become Validation Agents within the Global LEI System.

The Financial Stability Board (FSB) has put its full weight behind a landmark recommendation that the LEI should be widely adopted across the global payments ecosystem. In July 2022, the FSB published a report encouraging global standards-setting bodies and international organizations with authority in the financial, banking, and payments space to drive forward LEI references in their work. The report also recommends guidance and further outreach on the use of the LEI as a standardized identifier for sanctions lists and as the primary means of identification for legal entity customers or beneficiaries, with specific reference to customer due diligence and wire transfers.

A primary near-term goal of the FSB’s most recent report, published as part of the G20 Roadmap for Enhancing Cross-Border Payments, is to stimulate LEI to use initially in cross-border payment transactions. By helping to make these transactions faster, cheaper, more transparent, and more inclusive, while maintaining their safety and security, the LEI has been deemed by the FSB to support the goals of the G20 roadmap.

As a result, banks and financial institutions will now be compelled to move quickly to incorporate the LEI as an integral component of their cross-border payments infrastructure, since there are huge benefits in doing so. In addition to supporting lower costs and enhanced transaction speed and transparency, the LEI can also facilitate straight-through processing (STP) and sanctions screening, while easing compliance with Know-Your-Customer (KYC) due diligence.

Additionally, the report recommends that standards bodies (e.g., BCBS, CPMI, IOSCO, FATF) and international organizations (IMF, OECD, World Bank) should consider how the LEI may be used as a standardized identifier for sanctions lists or as the primary means of identification of legal entity customers or beneficiaries. This demonstrates the broader ecosystem needed to support cross-border payments evolution – an ecosystem based on a single global identifier for legal entities that can be used to facilitate compliance checks across various resources.

With this in mind, banks and financial institutions who may soon need to ensure their legal entity clients possess an LEI to engage in certain payment transactions, cross-border or other, should feel motivated to leverage the benefits of becoming a Validation Agent within the Global LEI System. The advantages are two-fold: enhanced customer service, through a simpler, faster, and more convenient LEI issuance process for customers; and huge efficiencies in client onboarding and lifecycle management for the bank or financial institution. It really is a win-win scenario.

 

The wider impact of LEI adoption in cross-border payments

While the FSB’s report is intended to promote LEI use in cross-border transactions, both the strength and far-reaching scope of its recommendations are likely to be a catalyst for the LEI to be more broadly implemented across many other payment scenarios too. After all, if banks and financial institutions need to equip customers with an LEI to participate in cross-border transactions, then it’s a logical next step for participants in the payments ecosystem to leverage and optimize those LEIs to drive efficiencies across their other payment operations, and to bring enhanced transparency and trust benefits for customers.

There is already a healthy pipeline of active consultations and commitments by financial regulators aimed at recommending or mandating LEI use more broadly within the global payments space.

  • Last year, the European Commission (EC) officially recognized the value of the LEI as a unique mechanism capable of supporting transparency in AML and countering the financing of terrorism (CFT) efforts. It issued two legislative proposals that call for the LEI to be used in certain customer identification and verification scenarios where available.
  • The EC also launched a separate initiative last year to identify obstacles to the creation of efficient pan-European instant payments solutions. As part of its consultation strategy, the EC issued a survey for the purpose of exploring the potential for the LEI to support the screening of instant payment transactions against sanction and watch lists.
  • The Bank of England (BoE) affirmed its position to support wider uptake of the LEI and will introduce the LEI into ISO 20022 standard for CHAPS payment messages on an ‘optional to send’ basis in February 2023. While the BoE encourages all CHAPS Direct Participants to start using LEIs as early as possible, it will not become mandatory until spring 2024, at which time the BoE will begin mandating LEIs to be used in certain circumstances, with a vision to widen out the requirement to all participants over time. In particular, the BoE will mandate the use of the LEI where the payment involves a transfer of funds between financial institutions. The BoE will also monitor the use of the LEI for all transactions, with a view to assessing whether the mandatory requirement to include LEI data should be extended to all CHAPS payments.
  • In order to further the use of LEI in cross-border transactions and facilitate cross-border trade and investment, the Chinese Cross-border Interbank Payment System (CIPS) designed an innovative product “CIPS Connector”, which provides an integrated “one-step” service for a variety of cross-border RMB transactions between banks and enterprises. Every CIPS Connector user is assigned with an LEI, which is used for activating the tool as well as a mandatory business element in their business transaction.
  • In January 2021, and in a move that was the first of its kind, the Reserve Bank of India issued a mandate for the LEI in all payment transactions totaling ₹ 50 crore and more undertaken by entities for Real-Time Gross Settlement (RTGS) and National Electronic Funds Transfer (NEFT).

 

Why the LEI in payments?

The LEI is considered an important tool in payments as it is designed for identifying unique parties to each transaction. It meets a fundamental requirement in payment processing – precise identification of the payer and payee. No other current identifier in payments offers this. International Bank Account Numbers (IBANs) for example are used for uniquely identifying payer/payee accounts, while Business Identifier Codes (BICs) are used for routing the payments to the relevant divisions/sub-divisions of financial institutions.

Today’s highly digitized payment networks require faster, cheaper, and more secure transactions. When the LEI is added as a data attribute in the payment messages, any originator or beneficiary legal entity can be instantly and automatically identified.

 

Become a Validation Agent

When viewed collectively, these developments show that LEI advocacy has never been stronger in the payments space. This signals that the LEI could be the widely implemented trust tool of choice for payments in the near future. With that in mind, GLEIF urges banks, and financial institutions to consider taking a proactive approach to supporting voluntary customer adoption of the LEI and getting ahead of recommendations or mandates in the payments space.

Becoming a Validation Agent in the Global LEI System is now the obvious choice. In addition to easing the process of LEI implementation further down the line by making LEI issuance more convenient and accessible for customers, becoming a Validation Agent can deliver some significant advantages for financial institutions themselves. By utilizing ‘business-as-usual’ onboarding processes to obtain LEIs for clients, financial institutions can improve customer experience, facilitate digital transformation, and reduce client lifecycle management costs.

Continue Reading

Magazine

Trending

Business9 hours ago

CBDCs: the key to transform cross-border payments

Dr. Ruth Wandhöfer, Board Director at RTGS.global   If you work in finance, you’ll have been hearing a lot about...

Business9 hours ago

Green growth: The unstoppable rise of climate technology investment

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas,...

Business9 hours ago

Bolstering know your customer processes as regulation tightens

Nick Payne, banking services, customer advisory, SAS UK & Ireland, discusses how new technologies allow financial services companies to develop rigorous KYC...

Finance10 hours ago

The penny has dropped – the finance sector needs Data Governance-as-a-Service

By Michael Queenan, Co-Founder and CEO at Nephos Technologies   In our data-driven world, the amount of data is growing...

Business10 hours ago

Seven tips for financial services brands using mail

By Cameron Russell, Head of Marketing at Marketreach   Customer experience (CX) is a powerful differentiator for modern brands. If...

Top 1010 hours ago

Turn the data landfill into an insight goldmine

Andrew Watson, CTO, MHR Today, businesses have access to a wealth of data, with vast amounts of information created daily....

Business11 hours ago

A Culture of Cyber Security Throughout Financial Services Organisations

Michael Cantor, CIO, Park Place Technologies Financial Services organisations have long been a top target for cyber-attacks given both the...

Business3 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business3 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business3 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business4 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking6 days ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking1 week ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 101 week ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business1 week ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking1 week ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking1 week ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology1 week ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...

Finance2 weeks ago

Why leveraging strong identity verification is the key to remaining competitive for financial services

By Philipp Pointner, Chief of Digital Identity at Jumio   With the recent revelation that Facebook is allowing sales of...

Trending