Connect with us

Business

IDENTITY SECURITY IN THE ERA OF SOX

Published

on

By Steve Bradford, Senior Vice President, EMEA, SailPoint

 

The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices in auditing and financial regulations for public companies. Its original intent being to restore trust in a corporate and financial system that had been rocked by major accounting scandals such as Enron, WorldCon and Tyco. Legislators believed if there was no trust in the major corporate institutions of America, then the whole fabric of capitalism could be brought into question.

Initially only applying to American companies, every major institution that dealt with America had to comply with SOX. It was a huge a success with the number of financial scandals emanating from the US dropping dramatically since compliance. But can The UK follow suit?

 

Preparing for “SOX UK”

The UK has had its own high profile business collapses – notably BHS and Carillion. So, the government has launched a consultation programme that mimics the US SOX rules. The consultation on reforms aims to ‘restore trust in audit and corporate governance’ and applies to auditors, companies, directors, audit committees, investors, other stakeholders, and the regulator.

A focus is on companies with a significant public interest, otherwise known as Public Interest Entities (PIEs). These include financial institutions, banks, insurance companies, underwriters, and alike – many of which are already familiar with a high degree of financial scrutiny. A noteworthy difference is the stated preference to expand the UK SOX controls beyond public interest companies, which could include large companies in retail, manufacturing, logistics and automotive.

UK SOX may seem like a massive undertaking if unfamiliar, but with the right technologies in place manual tasks can become automated, reducing time which can be then redirected to greater priorities or risks, and everyday operations will be guided by a strong set of well-defined controls.

 

A growing threat

The Sarbanes-Oxley Compliance 9-Step checklist provides a series of recommendations to protect the validity of all reported information and help businesses to ensure they are following the rules. This includes the need to establish controls to prevent data tampering, track data access, test the effectiveness of safeguards and detect security breaches – any of which need to be reported to SOX auditors on time.

As both physical and digital information are affected, accurate management is an integral part of compliance. Remote working, blockchain integration, and the emergence of cloud-based banking (Banking as a Service) have led to growing cyber threats, privacy concerns and compliance requirements through the complexities of connectivity.  For example,  multiple devices now connect to networks from different locations, accessing the vast amount of information in the cloud. There is now critical need to close security gaps outside the perimeter.

Some of the greatest threats lie within an organisation – either human error or more likely, the rise in risk facing the access today’s workforce has to technology. Complex corporate structures and departmental silos hinder management’s visibility into workforce roles, responsibilities, and data access. Traditional reliance on spreadsheets and manual processes for tracking data access and user identities leads to inaccuracies and inconsistencies.

Apart from being an auditing and reporting nightmare, the situation creates system gaps that are ripe for exploitation by threat actors.

 

Maintaining security through identity

To meet security and compliance regulations, companies and organisations must act smarter in how they protect their “perimeter”, which is centred on its people – the new threat vector of choice. Companies must prepare to automate business processes and embrace new security practices that fully protect the workforce and the tools they need to  do their job.

Staying in compliance with regulation is important for the safety of the company, but it is crucial that the right safety measures are in place. Identity access management can reduce the risk of insider threat, data breaches and human error for financial reporting – enabling automated logging and report generation for companies to make smart decisions whilst uncovering and remediating hidden or unknown issues that pose inherent risk.

 

The countdown to SOX

One commodity companies don’t have is an abundance of time. With less than 18 months to go until the SOX recommendations deadline, any form of automated access system is an essential first step in ensuring companies are prepared. Starting early is critical – given an implementation programme can take 18-24 months for a company that is used to stringent financial regulations. It’s time to get identity and access compliance right – automation can save a significant amount of effort and money, whilst improving the accuracy of identity management processes.

As seen in the US, UK companies not used to financial compliance procedures will have to catch up or ask for help – learning from the financial sector – and scale up their auditing and control to comply with more stringent regulations. The rules are there to help provide the security that regulators need for a secure commercial environment. Now is the time to act in order to reduce the risk.

 

Business

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Published

on

By

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation

The strongest recommendation yet by the Financial Stability Board (FSB) that the LEI should be used more widely in payments will catalyze increased global LEI adoption. The most immediate intention is in facilitating cross-border payments. GLEIF explains why this makes it the perfect time for financial institutions to become Validation Agents within the Global LEI System.

The Financial Stability Board (FSB) has put its full weight behind a landmark recommendation that the LEI should be widely adopted across the global payments ecosystem. In July 2022, the FSB published a report encouraging global standards-setting bodies and international organizations with authority in the financial, banking, and payments space to drive forward LEI references in their work. The report also recommends guidance and further outreach on the use of the LEI as a standardized identifier for sanctions lists and as the primary means of identification for legal entity customers or beneficiaries, with specific reference to customer due diligence and wire transfers.

A primary near-term goal of the FSB’s most recent report, published as part of the G20 Roadmap for Enhancing Cross-Border Payments, is to stimulate LEI to use initially in cross-border payment transactions. By helping to make these transactions faster, cheaper, more transparent, and more inclusive, while maintaining their safety and security, the LEI has been deemed by the FSB to support the goals of the G20 roadmap.

As a result, banks and financial institutions will now be compelled to move quickly to incorporate the LEI as an integral component of their cross-border payments infrastructure, since there are huge benefits in doing so. In addition to supporting lower costs and enhanced transaction speed and transparency, the LEI can also facilitate straight-through processing (STP) and sanctions screening, while easing compliance with Know-Your-Customer (KYC) due diligence.

Additionally, the report recommends that standards bodies (e.g., BCBS, CPMI, IOSCO, FATF) and international organizations (IMF, OECD, World Bank) should consider how the LEI may be used as a standardized identifier for sanctions lists or as the primary means of identification of legal entity customers or beneficiaries. This demonstrates the broader ecosystem needed to support cross-border payments evolution – an ecosystem based on a single global identifier for legal entities that can be used to facilitate compliance checks across various resources.

With this in mind, banks and financial institutions who may soon need to ensure their legal entity clients possess an LEI to engage in certain payment transactions, cross-border or other, should feel motivated to leverage the benefits of becoming a Validation Agent within the Global LEI System. The advantages are two-fold: enhanced customer service, through a simpler, faster, and more convenient LEI issuance process for customers; and huge efficiencies in client onboarding and lifecycle management for the bank or financial institution. It really is a win-win scenario.

 

The wider impact of LEI adoption in cross-border payments

While the FSB’s report is intended to promote LEI use in cross-border transactions, both the strength and far-reaching scope of its recommendations are likely to be a catalyst for the LEI to be more broadly implemented across many other payment scenarios too. After all, if banks and financial institutions need to equip customers with an LEI to participate in cross-border transactions, then it’s a logical next step for participants in the payments ecosystem to leverage and optimize those LEIs to drive efficiencies across their other payment operations, and to bring enhanced transparency and trust benefits for customers.

There is already a healthy pipeline of active consultations and commitments by financial regulators aimed at recommending or mandating LEI use more broadly within the global payments space.

  • Last year, the European Commission (EC) officially recognized the value of the LEI as a unique mechanism capable of supporting transparency in AML and countering the financing of terrorism (CFT) efforts. It issued two legislative proposals that call for the LEI to be used in certain customer identification and verification scenarios where available.
  • The EC also launched a separate initiative last year to identify obstacles to the creation of efficient pan-European instant payments solutions. As part of its consultation strategy, the EC issued a survey for the purpose of exploring the potential for the LEI to support the screening of instant payment transactions against sanction and watch lists.
  • The Bank of England (BoE) affirmed its position to support wider uptake of the LEI and will introduce the LEI into ISO 20022 standard for CHAPS payment messages on an ‘optional to send’ basis in February 2023. While the BoE encourages all CHAPS Direct Participants to start using LEIs as early as possible, it will not become mandatory until spring 2024, at which time the BoE will begin mandating LEIs to be used in certain circumstances, with a vision to widen out the requirement to all participants over time. In particular, the BoE will mandate the use of the LEI where the payment involves a transfer of funds between financial institutions. The BoE will also monitor the use of the LEI for all transactions, with a view to assessing whether the mandatory requirement to include LEI data should be extended to all CHAPS payments.
  • In order to further the use of LEI in cross-border transactions and facilitate cross-border trade and investment, the Chinese Cross-border Interbank Payment System (CIPS) designed an innovative product “CIPS Connector”, which provides an integrated “one-step” service for a variety of cross-border RMB transactions between banks and enterprises. Every CIPS Connector user is assigned with an LEI, which is used for activating the tool as well as a mandatory business element in their business transaction.
  • In January 2021, and in a move that was the first of its kind, the Reserve Bank of India issued a mandate for the LEI in all payment transactions totaling ₹ 50 crore and more undertaken by entities for Real-Time Gross Settlement (RTGS) and National Electronic Funds Transfer (NEFT).

 

Why the LEI in payments?

The LEI is considered an important tool in payments as it is designed for identifying unique parties to each transaction. It meets a fundamental requirement in payment processing – precise identification of the payer and payee. No other current identifier in payments offers this. International Bank Account Numbers (IBANs) for example are used for uniquely identifying payer/payee accounts, while Business Identifier Codes (BICs) are used for routing the payments to the relevant divisions/sub-divisions of financial institutions.

Today’s highly digitized payment networks require faster, cheaper, and more secure transactions. When the LEI is added as a data attribute in the payment messages, any originator or beneficiary legal entity can be instantly and automatically identified.

 

Become a Validation Agent

When viewed collectively, these developments show that LEI advocacy has never been stronger in the payments space. This signals that the LEI could be the widely implemented trust tool of choice for payments in the near future. With that in mind, GLEIF urges banks, and financial institutions to consider taking a proactive approach to supporting voluntary customer adoption of the LEI and getting ahead of recommendations or mandates in the payments space.

Becoming a Validation Agent in the Global LEI System is now the obvious choice. In addition to easing the process of LEI implementation further down the line by making LEI issuance more convenient and accessible for customers, becoming a Validation Agent can deliver some significant advantages for financial institutions themselves. By utilizing ‘business-as-usual’ onboarding processes to obtain LEIs for clients, financial institutions can improve customer experience, facilitate digital transformation, and reduce client lifecycle management costs.

Continue Reading

Business

On-demand pay: why payroll needs a modern approach

Published

on

By

Byline:  Paul Bartlett, CEO, CloudPay

 

While the world of work has evolved drastically over the last decade, payroll has arguably fallen behind the curve. In fact, how businesses view employee pay today is outdated and fails to meet the expectations of the modern workforce which, with the UK’s critical skills short labour market, could prove detrimental. People now expect on-demand services in their personal lives, from their shopping experience to their access to entertainment, and this need for a ‘consumerised’ experience has filtered into many business practices. But payroll has yet to catch up.

Financial technology is certainly gaining prominence across the globe as it gradually replaces traditional financial services such as banking, payments and electronic commerce. In fact, a recent fintech market report shows that the global financial technology remit is expected to reach a market value of approximately $324 billion by 2026, growing at an annual rate of around 25.18% over the 2022-2027 forecast period. So, soon enough, payroll will be expected to keep pace with the rest of the fintech field.

Paul Bartlett

A shift in mindset

Ultimately, most employees are consumers and our digitalised world means that consumers are able to instantly access almost anything through an app. Getting to your next destination and accessing a range of takeaways has never been easier with Uber and same day deliveries through Amazon have meant that shopping online has grown in popularity. In an era where instant results are the norm, it should come as little surprise that individuals are now asking why they should wait to access wages they’ve already earnt. With technology making it so easy to consume, why should they wait for payday to get paid for the work they’ve done?

It’s also important to consider how the world of work itself has changed. The pandemic has led to a general consensus that it’s ok to question norms in society, and workers are now expecting more from their employers, including how and where they work. As we all know, mass remote working wasn’t commonplace before the pandemic, but now the benefits that businesses and employees have experienced have resulted in new ways of working, with some countries even making the work from home option a legal right. Eventually, the same could be said for how people get paid as greater flexibility and a better work-life balance rises in demand.

Pay on-demand

In line with the progression of the working world, employees are increasingly beginning to question how and when they get paid. For staff in the UK, the cost-of-living crisis has increased the desire for more flexibility around access to pay. Businesses themselves are also questioning how age-old processes can be improved and we’re seeing more firms seeking to update legacy systems and processes, which has led to demand for digital payment capabilities for employee pay.

However, there’s a fundamental question about paying employees in arrears – why should employees effectively loan money to their employer until payday? It’s now possible to allow employees to effectively choose their own payday (or paydays) with on-demand access to earned wages via a mobile app. Progressive employers, such as Nando’s, are offering this pay on-demand facility as a low-cost, high-value benefit to employees, giving them control and flexibility over how and when they receive their salary.

Nando’s Singapore

In the case of Nando’s Singapore, a brand that revolves around its people, the firm recognised that its payroll system needed to be updated. The main business challenges centred around a highly competitive jobs market, with many more vacancies than people available to work in the country, making it tough to recruit front-line staff. This, coupled with the difficulties of retaining talent when competing with the gig economy, a segment of the workforce known for paying workers frequently, was presenting a significant challenge for the firm. Furthermore, monthly pay cycles were necessitated by Singapore’s requirement for employees to have a monthly payslip to qualify for access to government benefits and the 80% government-owned housing market.

The combination of these challenges and the delicate balance of the need for monthly pay vs. pay flexibility led Nando’s Singapore to look for a more flexible solution. The solution? Pay on demand options for staff. So, what does this change and what does it mean for the firm and its workers?

When a pay on demand solution is in place, Nando’s employees will receive their monthly payslips as usual. There are also no adjustments to existing payroll processes and finance reporting, which means no extra administrative burden on the payroll team. What will change, though, is that Nando’s staff will no longer have to wait until the end-of-month payday to receive wages they’ve already worked for. Pay on demand and pay to card gives employees more control of managing their own cashflow, allowing them to instantly access their earned wages when they need them, via a mobile app rather than requesting pay advances from their employer.

Overall, the decision to seek an earned wage access solution will mean that staff will have flexible pay, supporting Nando’s recruitment and retention efforts while also delivering an enhanced employee value proposition. As Moji Neshat, General Manager at Nando’s Singapore explained, “We know unexpected bills and short-term cashflow challenges can create a lot of stress for our teams. With CloudPay NOW all our team members will be able to access their wages the very next day after working, removing that stressful wait until payday.”

Moving forwards

Sophisticated technology is playing a role in making tedious or labour-intensive processes quicker and easier in our everyday lives, and it can – and should – have the same impact for payroll. The likes of pay on demand may appear on the surface to be complex to manage, but can in fact streamline processes.

When we think back to when online payments were first introduced, there were understandable concerns around the change – but very few of us today could imagine life without mobile banking, and the ease and speed it brings to making and receiving payments. Why shouldn’t payroll follow the same path?

Continue Reading

Magazine

Trending

Business2 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business2 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business2 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business3 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking5 days ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking6 days ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 107 days ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business7 days ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking1 week ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking1 week ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology1 week ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...

Finance2 weeks ago

Why leveraging strong identity verification is the key to remaining competitive for financial services

By Philipp Pointner, Chief of Digital Identity at Jumio   With the recent revelation that Facebook is allowing sales of...

Business2 weeks ago

AI and Super Apps to BNPL : How fintech can help the cost-of-living crisis

By Anna Porra, European Strategy Director at Marqeta   As the cost-of-living continues to increase, financial wellbeing is becoming a...

Interviews2 weeks ago

Interview with Devin de Vries, founder and CEO at WhereIsMyTransport

Where did the idea for WhereIsMyTransport come from? At WhereIsMyTransport, we are working to ensure that better data and technology...

Business2 weeks ago

Tips to Overcome ESG Data Selection Challenges

Gediminas Rickevičius, VP of Global Partnerships at Oxylabs   Environmental, Social, and Governance (ESG) guidelines promise better investment outcomes with...

Business2 weeks ago

The payments boom explained…  

Kosta Du   It has been clear for a while that we are quickly moving into a cashless society –...

Business2 weeks ago

Automation – the key to ensuring your organisation survives tough times and thrives

By Paul Sparkes, Commercial Director   Business is going to get tougher Your cashflow is under increasing pressure. The very...

Business2 weeks ago

How automated Digital Adoption Platforms (DAPs) improve customer engagement within financial services

By Khadim Batti, Co-founder and CEO of Whatfix   Automation is everywhere across financial services;. McKinsey notes that up to...

News2 weeks ago

Why Anti-Money Laundering is no longer just a tick box exercise

Tremors following Russia’s invasion of Ukraine have been felt around the world. At a time when customers are already demanding...

Trending