Technology

HOW TO KEEP DIGITAL TRANSFORMATION ON TRACK AFTER THE PANDEMIC

Published

2 years ago

April 7, 2020

admin

Ashley Coker, CEO and founder, Slate

Introduction

The global coronavirus health emergency has made it abundantly clear how dependent we are on digital services for business continuity and social cohesion. When physical contact must be minimised, digital businesses are in a better position to rapidly adapt and continue their services and respond to customers’ needs.

This is perhaps why Chancellor, Rishi Sunak, was prompted to delay the introduction of IR35 Off-Payroll working rules to the UK private sector until April 2021, as part of his package of measures to support British businesses through the COVID-19 crisis.

While some businesses expressed relief at the delayed introduction of IR35 rules in the private sector, many financial enterprises had already terminated contracts with IT contractors in preparation for the original deadline, with the risk of digital transformation programmes stalling.

What is IR35?

Inland Revenue legislation 35 (IR35) is a tax law designed to prevent individuals from using intermediaries, such as their own limited company, in order to avoid paying their fair share of tax and national insurance contributions (NICs). By setting up a limited company, some people were able to leave their employment in a bank on a Friday and return to the same job on a Monday as an IT contractor, with no change in their role, duties, or place of employment. HMRC wants to put a stop to this.

However, with an estimated 170,000 contractors working through their own personal service companies, HMRC has not had the resource to address cases individually and decided to put the onus on the organisations that hire contractors.

From April 2021, the responsibility for assessing whether a contractor is genuinely self-employed (outside of IR35) will fall on every medium and large private sector organisation with a turnover of over £10.2 million, a balance sheet of £5.1 million, and more than 50 employees. This means that every contract will have to be reassessed to decide whether an individual’s work falls inside or outside IR35. Contractors must be provided with a Status Determination Statement (SDS) for each contract that they undertake, confirming the organisation’s assessment of their status for IR35 purposes.”

How has the financial sector prepared for IR35?

To avoid the time and resource required to scrutinise thousands of contractor contracts, many financial services organisations took a blanket decision which deems that all contractors are working inside IR35. Several prominent organisations have taken this route and terminated all contracts with contractors who bill for their services via limited companies.

Being deemed to be working inside IR35 has the effect of making hiring organisations liable for paying contractors’ income tax and National Insurance contributions at source, as though they were employees, without contractors benefiting from the sick pay and holiday pay benefits of the organisations’ employees. Tax experts have calculated that working inside IR35 will reduce contractors’ incomes by approximately 25 per cent. This makes projects less attractive to IT contractors who might be working on delivering digital change.

How does IR35 affect Digital Transformation?

Prior to the IR35 deadline extension, HSBC, Lloyds bank and Barclays bank were reported to have taken a uniform decision to classify all contractors as working within IR35. It was also reported that Deutsche Bank risked losing 50 out of 53 contractors working in its London-based change management team after taking the decision to cease working with contractors via personal service companies and asking them to join the payroll of a recruitment outsourcing agency used by the bank.

If IT contractors stop working with their financial service industry clients, to avoid falling foul of IR35 after April 2021, this could have a devastating impact on digital transformation projects that depend on the specialist skills of external contractors.

A number of contractors have reported that they plan to seek employment overseas after IR35 comes into force in the private sector, so that they can carry on enjoying the flexibility, job satisfaction and remuneration of working off-payroll. This could result in a brain drain for many sectors, such as banking, which relies heavily on the skills of external IT contractors to deliver digital transformation.

Fast track to digital delivery:

While IR35 could pose serious challenges for digital change programmes in the UK financial services sector after April 2021, some CIOs we have spoken to see the contract renewal phase as an opportunity to clear the decks, refocus and keep their best people on the pitch.

Our experience of providing corporates with highly-skilled software engineers who are born problem-solvers, who work in small, capped teams on a 5 in 50 model, has shown that they are often fundamental to getting stalled digital change programmes back on track. These developers work alongside enterprise IT teams, on a Seed, Scale, Succeed process, bringing fresh coding skills and transforming project thinking into product thinking, with continuous delivery of digital service iterations. They are technology specialists who relish the challenge of working on high profile digital journeys, but who do not wish to work as corporate employees and are therefore hard for financial services organisations to hire.

We now have another twelve months to prepare for IR35. In the meantime, as financial services organisations adapt to the demands of the pandemic, this is the time for small, agile teams of problem-solvers to shine.

Up Next

CAN TECHNOLOGICAL INNOVATIONS HELP IN HANDLING PANDEMICS?

Don't Miss

IN CONSUMER BIOMETRICS WE TRUST: AUTHENTICATION FOR THE DATA PRIVACY AGE

Business

TAKE THE NO-CODE LEAP TO DIGITAL INNOVATION WITH A FUSION TEAM

Published

3 days ago

November 26, 2021

admin

Chris Obdam, CEO, Betty Blocks

In the last couple of years, a new sector has emerged alongside enterprise financial organisations—an ecosystem of fast-growing Fintech startups that develop innovative solutions for the banking sector. These small, flexible startups and scale-ups began filling a gap the ‘big boys’ left quite some time ago. Then, they gained even more ground during the pandemic. According to KPMG, Fintech investments worldwide amounted to $98 billion USD in the first half of 2021, compared to $121.5 billion over the whole of 2020[1].

The massive surge has financial regulatory bodies scrambling to balance the benefits of modernising the industry with the necessity of strong oversight. But, what if traditional financial enterprises could combine their durability, reliability and years of experience with the flexibility of a startup? They can! More and more enterprise organisations are becoming agile, empowering digital-savvy colleagues and improving competitive value.

Fusion teams

Their approach? They break through patterns and almost literally through walls in their organisation. The most successful organisations team up with genuine problem solvers. It’s a solution-oriented approach, which can be really successful if governed the right way. We like to call it a fusion team, a team that empowers digitally-skilled and solution-oriented employees to work side-by-side with the IT department while using a low-code and no-code development platform.

Citizen development

A fusion team brings together people with diverse professional backgrounds who use data and technology to achieve shared business outcomes. Ideally, a fusion team combines pro-developers with citizen developers. A citizen developer is a business person without coding experience that builds apps using a no-code or low-code platform.

The purpose of the professional developer, in a fusion team, is not to train the citizen developer to become a pro-developer but to bring guidance and governance to the project. Before building successful software, a fusion team will require knowledge and guidance through the software development life cycle (SDLC) phases. IT feedback is crucial to helping a fusion team understand what makes good software and how new platforms can (or cannot) integrate into an existing system. Citizen developers should receive coaching to make decisions that lead to architecturally sound, value-adding applications.

What are the challenges that a fusion team can tackle?

Modernisation of legacy systems. Many banks have been around for years, expanded their software, but regularly have to deal with legacy systems or even a vendor lock-in.
Regulations can change fast; that’s why financial organisations need to increase flexibility and improve adaptability. A flexible layer on top of core systems or legacy systems can profit the whole organisation.
Counter shadow IT. Thousands of employees means that a lot of solutions are single handedly-built. All these solutions can be beneficial for the employees and even for your customers, but the thing is that they are not checked and governed by IT. For example, you run the risk that they are not meeting all your security requirements.
Digitisation of processes, like the onboarding process for customers, is still a long paper process within financials. What if this could be 100% digital and automated? This could save you a lot of repetitive work, energy and money.

Create an environment for innovation

Banks tend to have difficulties setting up the right conditions to empower the workforce to innovate towards the future. Our first reaction to possible security risks is to impose more rules and restrictions, while the solution lies in a coaching attitude, independent of strict regulations. You can empower digital transformation by using a no-code or low-code platform.

A fusion approach encourages better software governance, allowing IT to help mitigate the risks of shadow IT projects. With a no-code or low-code platform, you can combine existing secure systems, extract data more efficiently, effectively communicate and convey between systems and thus better manage qualitative information. Governance is not a simple process or a task to check off and forget about; the essential governance feature for low-code or no-code development is a platform provider with the flexibility to adapt to specific needs of an enterprise. The provider should be a partner in expanding the role of citizen developers within the organisation.

Taking the leap into no-code software development with a fusion team will empower the entire organisation in digital transformation. It’s a strategic move that helps enterprises become more resilient against unexpected challenges – such as a pandemic or new consumer demands. Furthermore, you create a modern and innovative working environment with digitally-capable and engaged employees.

[1] Source: KPMG:

https://home.kpmg/nl/en/home/media/press-releases/2021/09/record-fintech-investeringen-in-eerste-helft-2021.html

Business

IDENTITY SECURITY IN THE ERA OF SOX

Published

3 days ago

November 26, 2021

admin

By Steve Bradford, Senior Vice President, EMEA, SailPoint

The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices in auditing and financial regulations for public companies. Its original intent being to restore trust in a corporate and financial system that had been rocked by major accounting scandals such as Enron, WorldCon and Tyco. Legislators believed if there was no trust in the major corporate institutions of America, then the whole fabric of capitalism could be brought into question.

Initially only applying to American companies, every major institution that dealt with America had to comply with SOX. It was a huge a success with the number of financial scandals emanating from the US dropping dramatically since compliance. But can The UK follow suit?

Preparing for “SOX UK”

The UK has had its own high profile business collapses – notably BHS and Carillion. So, the government has launched a consultation programme that mimics the US SOX rules. The consultation on reforms aims to ‘restore trust in audit and corporate governance’ and applies to auditors, companies, directors, audit committees, investors, other stakeholders, and the regulator.

A focus is on companies with a significant public interest, otherwise known as Public Interest Entities (PIEs). These include financial institutions, banks, insurance companies, underwriters, and alike – many of which are already familiar with a high degree of financial scrutiny. A noteworthy difference is the stated preference to expand the UK SOX controls beyond public interest companies, which could include large companies in retail, manufacturing, logistics and automotive.

UK SOX may seem like a massive undertaking if unfamiliar, but with the right technologies in place manual tasks can become automated, reducing time which can be then redirected to greater priorities or risks, and everyday operations will be guided by a strong set of well-defined controls.

A growing threat

The Sarbanes-Oxley Compliance 9-Step checklist provides a series of recommendations to protect the validity of all reported information and help businesses to ensure they are following the rules. This includes the need to establish controls to prevent data tampering, track data access, test the effectiveness of safeguards and detect security breaches – any of which need to be reported to SOX auditors on time.

As both physical and digital information are affected, accurate management is an integral part of compliance. Remote working, blockchain integration, and the emergence of cloud-based banking (Banking as a Service) have led to growing cyber threats, privacy concerns and compliance requirements through the complexities of connectivity. For example, multiple devices now connect to networks from different locations, accessing the vast amount of information in the cloud. There is now critical need to close security gaps outside the perimeter.

Some of the greatest threats lie within an organisation – either human error or more likely, the rise in risk facing the access today’s workforce has to technology. Complex corporate structures and departmental silos hinder management’s visibility into workforce roles, responsibilities, and data access. Traditional reliance on spreadsheets and manual processes for tracking data access and user identities leads to inaccuracies and inconsistencies.

Apart from being an auditing and reporting nightmare, the situation creates system gaps that are ripe for exploitation by threat actors.

Maintaining security through identity

To meet security and compliance regulations, companies and organisations must act smarter in how they protect their “perimeter”, which is centred on its people – the new threat vector of choice. Companies must prepare to automate business processes and embrace new security practices that fully protect the workforce and the tools they need to do their job.

Staying in compliance with regulation is important for the safety of the company, but it is crucial that the right safety measures are in place. Identity access management can reduce the risk of insider threat, data breaches and human error for financial reporting – enabling automated logging and report generation for companies to make smart decisions whilst uncovering and remediating hidden or unknown issues that pose inherent risk.

The countdown to SOX

One commodity companies don’t have is an abundance of time. With less than 18 months to go until the SOX recommendations deadline, any form of automated access system is an essential first step in ensuring companies are prepared. Starting early is critical – given an implementation programme can take 18-24 months for a company that is used to stringent financial regulations. It’s time to get identity and access compliance right – automation can save a significant amount of effort and money, whilst improving the accuracy of identity management processes.

As seen in the US, UK companies not used to financial compliance procedures will have to catch up or ask for help – learning from the financial sector – and scale up their auditing and control to comply with more stringent regulations. The rules are there to help provide the security that regulators need for a secure commercial environment. Now is the time to act in order to reduce the risk.