Ben Saunders, VP Consulting EMEA at Contino
According to the Financial Conduct Authority (FCA) guidelines on outsourcing IT, firms must be able to “know how [they] would transition to an alternative service provider and maintain business continuity”.
For organisations that realise that the future of digital services belongs to the cloud but want to remain in line with key financial guidelines, this could mean only one thing: multi-cloud.
So, what do the regulations mean for your business’ multi-cloud? The guidance given by the FCA is trying to do one thing: reduce risk. This can be approached from four main angles: operational, concentration, data and exit risk.
Reducing Operational Risk
The operational perspective is all about securing day-to-day operations. Key requirements to meet this include documented and tested risk assessments, skills and resources to mitigate risk and a documented business case justifying risks. The central pillar of an operational risk strategy must be a solid risk assessment.
This must identify all the critical or important functions that the financial institution provides (e.g. current accounts, payments, loans, credit cards, savings accounts) and the risks associated with these services (e.g. technical, financial, political etc.).
Your risk assessment must be documented and reviewed on a regular basis. All the risks that are identified must be assigned to someone to be accepted, managed or mitigated with a clear action plan, with a Material Risk Taker (MRT) wholly accountable for the risks identified as part of the overarching cloud strategy.
The key takeaway here is that many financial organisations, upon first adopting the cloud, struggle to fully understand how their core products, business service lines and customer journeys hang together architecturally. So, the starting point is always to understand the as-is state is and what your provisional to-be architecture could look like.
As a starter for ten, choose one business service line across each of your core product sets. Identify the components where value could be derived through the adoption of public cloud and establish a repeatable framework that can be used by other sections of the organisation.
Mitigating Concentration Risk
Concentration risk is defined as “the reliance that firms themselves may have on any single provider.” It’s about making sure that you don’t put yourself in a situation where you have all your mission-critical eggs in one basket.
So, what do businesses need to do to mitigate concentration risk in the eyes of the FCA? They need to know the criticality of workloads in the cloud, know where these workloads are and test a plan for how you can transfer these to a different provider in the event of provider failure.
Regarding workloads, note that different requirements apply to different functions. Most important here is whether the function being outsourced is “critical or important”. A critical or important function is one whose failure would “materially impair the continuing compliance of a firm”. Undertake a discovery assessment so you know what workloads you have where and what level of material importance they carry.
When it comes to creating a tested plan for moving to a different provider, one suggested method is:
- Identify a small, low-risk workload in your organisations existing cloud that would make a good candidate for an experimental migration to a new cloud
- Execute the experimental low-risk migration
- Whether you fail or succeed: learn from what went well and what didn’t go so well
- Apply the lessons learned to the next experiment
- Continue experimenting, scaling the migration more widely each time
- Write up the results of your experiments into a documented strategy along with evidence of the experiments
- Consult with the FCA to see if they approve of your battle-tested strategy!
Being transparent is a crucial part of an effective engineering culture and here it applies as much externally as internally. Update the FCA frequently and ensure a tight feedback loop between them and your cloud teams.
Reduce Data and Security Risk
How you approach data and security are critical when it comes to reducing risk. Firms “should carry out a security risk assessment that includes the service provider and the technology assets administered by the firm … [c]onsider data sensitivity and how the data are transmitted, stored and encrypted, where necessary”.
Regarding security readiness for public cloud, a poorly thought-out method is taking existing ‘on-premise’ security and compliance controls and enforcing them in a cloud environment.
As part of a cloud adoption strategy, businesses should consider which of your existing security controls should be adopted, which should be adapted, and which should be retired. Using frameworks such as the Cloud Security Alliance (CSA), Centre for Internet Security (CIS) and National Institute for Standards Technology (NIST) and embedding these using practices such as compliance-as-code will provide organisations with a consistent security pattern that can be applied across each of the major cloud providers, in turn establishing a heterogeneous way of handling security in the cloud.
Regarding data, it’s important to build a view of data tiering and sensitivity of data you’re prepared to push into cloud. This assessment must be wide reaching and include a data residency policy, a data loss strategy, and a data segregation strategy.
Reduce Exit Risk
What if you need to leave a cloud? Your organisation needs to be prepared. Regulations make it clear that you need a documented and tested exit strategy that will, crucially, enable you to meet the regulated level of service for a given workload.
Say, for example, that you had a critical payments system that regulations mandated be 99.99999% available, with a recovery point objective of zero. Your exit strategy would have to ensure that you can still meet this level of service, while you exit your cloud provider.
Achieving this goes back to having really good configuration management practices and architectural principles. No one wants to deal with a monolithic app here! Make sure all applications are as modular as possible, which will support incremental migration patterns to maintain system uptime.
Critical here is that when you are in negotiations with a cloud service provider that you have a contractual agreement in place that guarantees that they will help you to exit with minimal disruption and provide you with the required support to do so.
Most financial institutions are already considering embarking on a multi-cloud journey, however the FCA guidelines should be the prompt everyone needs to really get started. If organisations consider operational, concentration, data and exit risk, they can meet the FCA guidelines and ensure they are running a dependable, profitable and forward-thinking operation.
DISPELLING BIOMETRIC MYTHS AND MISCONCEPTIONS
By Lina Andolf-Orup, Head of Marketing at Fingerprints
Gangsters cutting off enemies’ fingers to access secret locations and spies lifting fingerprints from martini glasses – the imagination of the entertainment world has been running wild ever since biometrics entered the scene.
Couple that with the limitations of some early biometric solutions from fifteen years ago, still anchored in the minds of many consumers, and you have the perfect recipe for an apprehensive and uncertain public.
Thawing lukewarm attitudes with a biometric touch
The biometrics industry has made great strides in the last few years – something particularly true for smartphones. Fingerprint authentication has replaced PINs and passwords as the most popular way to authenticate on mobile, with 70% of shipped smartphones now featuring biometrics.
And it doesn’t end there. Many adjacent markets are now eager to benefit from the secure and convenient authentication solutions that biometrics offer. Take the payments industry, for example, where biometrics payment cards are currently gathering real momentum.
However, some consumers are still uneasy about accepting biometrics. A recent study found that 56% of US and EU consumers are concerned about the switch to biometrics as it’s not enough understood to be trusted.
Although attitudes are shifting for the better, stats like this demonstrate there is still some work to do to disprove common biometric myths and showcase just how smart today’s solutions really are.
Dispel, adopt, repeat
The evolution in consumer biometrics in the last two decades has been phenomenal. And today’s solutions are far more advanced and safe than many may think.
To help bring an end to the myths, let’s expose some of the most common misconceptions around biometrics.
Myth: Biometric data is stored as images in easy-to-hack databases.
A leading myth about biometrics is that when a fingerprint is registered to a device, it is stored as an image of the actual fingerprint. This image can then be stolen and used across applications. In reality, the biometric data is stored as a template in binary code – put simply, encrypted 0s and 1s. Storing a mathematical representation rather than an image makes hacking considerably more challenging. In most consumer applications, this template is also not stored in a cloud-based location, its securely hosted in hardware on the device itself for example in the smartphone, in the payment card. Thus, it stays privately with its owner.
Myth: Fingerprints can be easily replicated to ‘trick’ devices.
The internet is full of articles and videos that claim it is possible to use materials from cello tape to gummy bears to craft fingerprint spoofs and access biometric systems. Although there may have been a time where gummy bear spoofing was the go-to party trick, todays’ consumer biometric authentication solutions have too many technological defences, such as improved image quality and matching algorithms, to simply ‘trick’ devices. Plus, on top this, the criminal needs to have access to the person’s device where this fingerprint is enrolled e.g. smartphone, payment card, before he/she notices and blocks it. This is not scalable nor common, in comparison to gaining access to someone’s PIN code or skimming a contactless card.
Myth: Physical change will prohibit access to my device.
Although our irises don’t change as we age, our fingerprints can and our faces will. Does that mean we have to update our biometric devices every few months to capture these changes? Not quite! Unless there are drastic, sudden changes, the ‘self-learning’ algorithms in modern-day biometric systems are able to keep up with our developing looks.
Who you gonna call? Mythbusters!
These are just some of the common biometric myths and misunderstandings perpetuating in consumer mindsets. Thankfully, though, while we’re working hard to rid the world of the myths, belief in the value of biometrics is only expected to grow. But as solutions expand and diversify, the myth-busting fight will continue.
Fingerprints has been a leader of innovation in biometrics for the last two decades. We’re proud of the expertise and R&D we’ve been able to pour into our biometrics solutions to deliver stronger security and a better user-experience. To learn more about the most common biometric misconceptions and the modern-day technology that allows us to dispel them, download our eBook here.
WHAT EVOLUTIONARY AI MEANS FOR FINANCIAL SERVICES
by Babak Hodjat, VP of Evolutionary AI at Cognizant
Many banks and other financial services institutions (FIs) are beginning to recognise the benefits of AI-driven solutions as a way to get ahead in the market and challenge the competition. Amongst many other benefits, the technology enables organisations to offer hyper-personalised customer experience, dramatically improve internal decision making, and drive operational efficiency. However, many businesses are struggling to move beyond the experimental phase and reach actual AI deployment. It is those organisations that are at risk of being left behind.
The financial world has already been transformed by AI, and this transformation is continuous. A new breed of AI, known as ‘evolutionary AI’ has begun to further accelerate innovation. It is capable of automatically designing itself with little need for explicit programming by humans – innovatively creating complex AI models, and optimising decisions considering multiple scenarios.
This technology is revolutionary for industries across the world, but in particular it is set to transform the financial services sector. Enabling businesses to spot novel strategies that would never have been identified by human data scientists, and, in turn, allowing companies to take full advantage of today’s massive data sets – evolutionary AI will soon be a vital tool in all FIs’ arsenals.
The nuts and bolts of evolutionary AI
Emerging technologies that enable AI algorithms to design themselves are allowing organisations to transcend human limitations. Evolutionary AI operates iteratively. Firstly, it randomly generates a set of potential solutions to form an initial population and assigns a score to each solution based on how well it performs relative to other solutions. In the second round, it retains the solutions that performed best, perhaps only 5% of the total, and recombines their components, sometimes “mutating” them to create a new population. This new population is then tested, and the process begins again. Over multiple generations, the appropriate components of the more successful solutions become increasingly prevalent in the population, and eventually a solution is discovered that yields the best outcomes.
Advantages and use cases
Compared to human design, evolutionary AI can be deployed far more quickly, avoids biases and preconceptions, and typically performs better. Furthermore, the chosen model will evolve and improve over time based on new data.
Evolutionary AI can be applied in a wide variety of areas at FIs. Some examples include designing quantitative trading strategies to maximise returns while minimising risk and loan underwriting. Rather than relying on human analysis, evolutionary AI solutions can quickly analyse all the combinations of relevant variables to create models that more accurately assess the risk of default by a potential borrower.
A recipe for success
In order to reap the benefits of the technology, FIs should focus on the following:
- Responsible AI – Behave in ways that make customers and employees comfortable, i.e. not making decisions that are unethical or exhibit bias. Companies need to monitor them to ensure they continue to act appropriately, as they learn and evolve.
- Viewing AI through a business lens – Having AI projects managed by cross-functional teams with business executives in the lead is a good place to start. Companies also need to look across their organisations to identify opportunities to generate concrete business value from AI — not only in reduced costs but also in boosting revenues by delivering enhanced customer experiences and through improved decision-making.
- Enhance data management – AI applications depend on access to timely and accurate data, which is a challenge for many FIs that have fragmented data architectures with multiple legacy systems. Companies need to identify which types of data are required for each AI project and ensure they can be captured in an appropriate format.
- Approach with speed and caution – AI projects need to be rolled out quickly, while at the same time be rigorously measured, so failures are terminated promptly while successes are moved into production.
The sophistication of AI technology is set to significantly improve over the coming years as it continues to design and test itself. As a result, it will become more critical to the productivity of FIs, and soon businesses will recognise it as a vital tool for consulting on important business decisions. It will not be long before humans and AI are working alongside each other, with robots handling routine tasks, enabling employees to focus on more complex and sensitive activities. Delivering more value together than either could on their own.
ENTERPRISE BLOCKCHAIN: DRAGGING INSURANCE OUT OF THE DARK AGES
Ryan Rugg, Global Head of The Industry Business Unit at R3 The history of insurance traces back to the development...
DISPELLING BIOMETRIC MYTHS AND MISCONCEPTIONS
By Lina Andolf-Orup, Head of Marketing at Fingerprints Gangsters cutting off enemies’ fingers to access secret locations and spies lifting...
FUTURE FX PROMO
FOUR WAYS OPEN BANKING AND AI WILL REVOLUTIONISE ACCOUNTANCY
Ed Molyneux, CEO and co-founder of cloud accounting software company, FreeAgent It’s been just over two years since the...
HOW FINANCIAL SERVICES CAN GET TO GRIPS WITH RISING SUPPLY CHAIN RISK
By Alex Saric, smart procurement expert, Ivalua UK businesses have never been more dependent on their suppliers to help...
TWO TO TANGO? MARKET DATA AND OPINIONS IN INVESTMENT MANAGEMENT
Sebastien Lleo is Associate Professor of Finance at NEOMA Business School (France) Analyst views and expert opinions matter. They...
AN ULTIMATE GUIDE TO TURNING YOUR EARLY RETIREMENT DREAM INTO A REALITY
Rick Pendykoski is the owner of Self Directed Retirement Plans LLC, a retirement planning firm based in Goodyear, AZ. ...
WHAT EVOLUTIONARY AI MEANS FOR FINANCIAL SERVICES
by Babak Hodjat, VP of Evolutionary AI at Cognizant Many banks and other financial services institutions (FIs) are beginning...
HARNESSING ANALYTICS IN THE FIGHT AGAINST FRAUD
By Anna Lykourina, EMEA Fraud Analytics Expert at SAS In the past, the fight against fraud has been a...
ERSTE BANK HUNGARY IMPROVES AND SECURES THE REMOTE BANKING EXPERIENCE WITH ONESPAN MOBILE SECURITY
Leading Hungarian bank deploys OneSpan’s Mobile Security Suite to one million customers to make mobile banking convenient while fighting fraud...
HOW WILL LENDERS TREAT THE FINANCIAL SYMPTOMS OF COVID19?
COULD the coronavirus pandemic spark a financial crisis similar to that which was seen in 2008? Tim Kirby, Group Commercial...
ISO 20022 – THE BEDROCK FOR PAYMENTS TRANSFORMATION
Lauren Jones, Global Payments Ambassador, Icon Solutions The financial services industry has seen ISO 20022 grow firmly over the...
2020 VISION: TRANSFORMING THE LEGAL DOCUMENTATION LANDSCAPE THROUGH STRUCTURED DATA
Jason Pugh, Managing Director, D2 Legal Technology The derivatives industry has been transformed by the proactive engagement of its...
WHY LANDLORDS SHOULD MAKE THE MOVE TO THE ALTERNATIVE PROPERTY INVESTMENT SECTOR IN 2020
Reece Mennie, CEO of leading UK investment introducing firm, Hunter Jones The new decade is expected to bring with...
PROTECTING YOURSELF AGAINST LOSS OF FUTURE INCOME IN A RECESSION
By Gerard Visser, Financial Planning Consultant at Alexander Forbes Financial Planning Consultants. With low GDP growth, credit ratings downgrades and the COVID-19 pandemic,...
MOBEY FORUM TO ADDRESS DATA PRIVACY AND INNOVATION IN THE AGE OF AI WITH NEW EXPERT GROUP
Mobey Forum, the global industry association empowering banks and financial institutions (FIs) to shape the future of digital financial services, today announces...
HOW TO MANAGE YOUR SMALL BUSINESS’S FINANCES
There are a lot of fantastic business ideas that end up failing during the early years. Why? A lack of...
THE EVOLUTION OF THE TECH CFO
Gavin Fallon,General Manager, UK, Nordics & South Africa Board International Chief Financial Officers (CFOs) have traditionally been seen as...
IS FRAUD PREVENTION CONVERGING WITH REGULATORY COMPLIANCE?
By Manuel Rodriguez, Fraud Solutions Manager at SAS Several relevant reports show how the world of fraud and financial crimes is mutable...