Alex Bransome, Chief Information Security Officer at Doherty Associates discusses tougher compliance in the financial services landscape, and how PE’s, in particular, can remain secure in a challenging climate.
Accenture reports that financial services firms globally are investing heavily in financial technologies, including big data technologies and predictive analytics, as well as the necessary infrastructure to be GDPR compliant. The Private Equity industry is also focusing on technology and cybersecurity, with the recent acquisition of UK technology firm Sophos by US PE firm Thomas Bravo as an example. Yet the PE industry itself is one of the biggest and most lucrative targets for cyber criminals.
Private equity funds are a naturally high value target for cybercriminals. Firms, many of which are small enterprises, collect and hold a wealth of sensitive client and market information, not to mention the large sums of funds moved on a regular basis leaving them wide open to significant risk of a data breach.
Neil Hampson, Partner, UK Cyber Security Leader at PwC commented “The threats are enormous. 80% of [private equity and portfolio] organisations have had a breach in the last 12 months and the time it took for the organisation to discover that they had been breached was 8 months. In Private Equity, he continues, “it applies in three areas. First there is a private equity organisation itself; secondly it’s the deal they are doing and then the third one is the management of the portfolio company thereafter.”
With the lure of high net worth customers and market-sensitive data a key driver for attackers, it is often a case of when – not if – this data falls into the wrong hands. The consequences of such a breach can be severely damaging to the company portfolio, causing extensive business interruption and financial loss. Types of data that attackers are particularly attracted to include:
Sensitive information about investors – undue disclosure, negotiation or communication of information may have serious consequences, such as tailored and targeted fraud attacks that leverage disclosed information to increase their authenticity. The resulting financial losses and reputational impact can have significant impact on both for the person involved and the Private Equity company’s future. Furthermore, sensitive personal data loss will have consequences from a data protection perspective, with tougher penalties now being used more frequently.
Investment strategies, trade secrets and other proprietary information – for all companies, not least those in PE these intangible assets represent the majority of their value and are therefore highly valuable. This data is not only valuable to cyber criminals, but also malicious nation-states and advance threat groups, looking to use this information for their own countries gain. When it comes to safeguarding this data in our ultra-mobile environments, we need to leverage technology that bakes protection into the data itself, rather than rely on traditional perimeter protection.
Information about vendors, portfolio companies and employees – present multiple opportunities to cyber criminals to target through the back door via supply chain style attacks. Attacks conducted by compromised trusted third parties are difficult to detect as the human pre-existing trust relationship is already established. This is where a holistic approach is so important, as no one control is going to successful prevent this threat. Successful attacks of this nature often lead to password compromise, malware and ransomware infection, corporate data loss and financial fraud.
Data from limited partners, counterparties and other sources – as Accenture notes, “Financial services firms are awash in data, both from traditional internal structured sources and, increasingly, from external “unstructured” sources ranging from social media to newly accessible government and third-party databases.” In essence, it’s the volume diversity of this data that makes it so attractive as valuable resource to hackers and cybercriminals.
How can PE firms be cyber secure and compliant?
The right technology can be a proven enabler to security, compliance and data protection. Data is the key to differentiating a firm’s DNA, competitive advantage and portfolio growth, so it is imperative that it is managed correctly.
Using data effectively gives a business the winning edge, and firms need to implement better data management processes to harness its’ power and make better data driven decisions. Leveraging data can help make better investment decisions and meet reporting requirements, while implementing big data and cloud technologies such as Advanced Analytics can help meet investor and regulator demands for rich, seamless and transparent data.
Enforcing data protection compliance across the whole client portfolio is a key strategy to ensuring that the armour is protected and revenue stream uncompromised. Staff should be regularly educated on the latest regulatory requirements, alongside the latest cybersecurity risks. Your people hold the keys to the kingdom. Therefore, it is imperative to implement mandatory cyber security policies and processes, such as incident response readiness and security focused risk management to remain robust and resilient. Improved cybersecurity practice across the firm will protect your investors, safeguard your strategies and scale the reporting processes to meet regulatory and compliance requirements.
Developing a business continuity plan is also key to remaining resilient, should the company be compromised. Despite being protected there is always the risk of an attack. Having a tactical business continuity and incident response plan (that everyone is aware of and up to date with) will help minimise the damage caused and ensure optimum agility in dealing with the incident, fall out, and resuming operation efficiency as quickly as possible.
There is no silver bullet when it comes to security in Private Equity and Financial Services, but by adhering to and implementing these key approaches will help to build a strong and resilient security strategy into your Private Equity business as it continues to build its ecosystem of technology and digital transformation.
THE TRIALS AND TRIBULATIONS OF TRADERS TRADING FROM HOME
Steve Haworth, CEO of TeleWare Group
Banks had hoped to keep their London trading floors open amid the worsening coronavirus pandemic, insisting traders were “key workers”. But trading floors were quickly cleared and employees sent to work from home in isolation.
Firms needed to quickly adapt to remote working. This meant recreating the carefully monitored environment of the trading floor at thousands of sites.
With major disruption across the entire sector, it seems the Financial Conduct Authority felt no other choice but to relax regulations on recording calls. But does this measure introduce more problems than it solves?
Why call recordings are regulated
Whilst regulations differ globally, authorities in the UK, US and Hong Kong have long required trading floor phone calls to be recorded for certain activities.
In the UK, the FCA demands financial institutions keep records of all trades and transactions related to certain types of business for at least six months. Recording calls and reporting trades are essential to the regulators’ ability to monitor the markets for abuse, such as insider trading. Requirements to record calls apply to companies that receive and execute client orders to buy or sell in the financial markets.
Each trading floor in a financial firm also has its own set of policies which staff must abide by. For instance, the trading floor manager must ensure that all trade-based calls are recorded and monitored. An often-used policy that still exists is to ban all mobile phones on the trading floor. To enforce this, mobile phones are often stored in lockers and traders are required to use turrets to host calls.
Beyond call recording, most traders and salespeople need to sit together on a monitored trading floor in order to meet regulatory rules. A range of compliance complexities under GDPR, MiFID II and Dodd Frank have meant working from home has simply not been an option for many traders.
The rush to relax regulations
Traders are now required to work from home – if they can. The FCA has said it accepts that some scenarios may emerge where recording calls may not be possible. Adding that it expects companies to “consider what steps they could take to mitigate outstanding risks if they are unable to comply with their obligations to record voice recordings.” If financial services companies are unable to record calls they are then expected to “come up with a plan to fix the problem”.
Yet, trading firms have enough problems to solve without having to decipher call recording requirements. Why should traders spend extra time updating the FCA and coming up with an alternative solution when one already exists?
A smart alternative
Smart solutions – such as mobile call recording which meet global regulations – have perhaps been overlooked as a way to maintain business continuity.
Mobile voice recording technology (MVR) is not new. It has existed since 2011 and includes secure and reliable voice and SMS recording, easy to use conferencing and robust, accessible voicemail. It has matured over the years and proven itself to be flexible and highly reliable.
Technology can keep traders trading from wherever they are. Ensuring they can operate effectively at home while remaining compliant.
STOP THE CONFUSION: HOW TO KNOW IF YOUR BUSINESS MAY BE INSURED AGAINST COVID-19
By Alex Balcombe, Partner at Harris Balcombe
The last few weeks has seen businesses in hospitality, tourism, retail, leisure and more forced to close their doors following the Government’s orders that they should close to prevent the spread of coronavirus.
While this is expected to flatten the curve and reduce the number of coronavirus cases, it will of course have an impact on businesses and employees alike. For small businesses especially, there are many concerns about how they can claim on their insurance to weigh the fall of this impact.
In response to calls to help struggling businesses, the Government has informed the public that companies who are facing turmoil will be able to claim on their business interruption insurance during this difficult time. For most, this is wrong.
The insurance industry has also been extremely vocal that there is no cover for any coronavirus-hit businesses during this tough financial period. This isn’t strictly true either.
How can businesses see through the mixed messaging and best secure their future and their livelihoods and reduce money worries? It’s an extremely stressful time for many companies, and confusion over whether or not they can be covered can only cause more unnecessary stress.
Since it’s a new disease, most businesses will not be covered for business interruption due to COVID-19. In fact, the vast majority of policies do not cover anything related to COVID-19.
That said – don’t rule out the idea that you may be covered. There is a chance that you will be covered against COVID-19, but not know it. This is a very small chance, but your current cover may already protect your business against the consequences of coronavirus, and the nationwide response to it – though those with this cover are unlikely to realise it.
How Could I Be Covered?
Not everyone has business interruption insurance, as it’s not a legal requirement. It is entirely up to the policy holder to weigh up the benefits of having it, and their ability to trade should a disaster happen.
To be considered for cover for COVID-19, there are two types of policy extensions to your business interruption cover that can potentially cover you for this situation:
Infectious Disease Extension
Many policies expressly state which diseases fall within the realm of being an infectious or notifiable disease. If this is the case, your policy will not provide cover. As it is a new disease, these policies will not have included COVID-19.
Other infectious disease extension policies will define the disease with reference to the actions of the government. Since the UK Government has named COVID-19 as a notifiable disease throughout the UK, it is possible that your business may fall into this definition, thus meaning you may be able to make a claim.
However, again, it’s not always that simple. Many policies require the disease to have been on your premises, while others specify a radius from your premises in order to qualify.
Denial of Access Extension (non-damage)
Denial of Access Extension (non-damage) policies may cover you if you’re prevented from accessing your property. This could be due to an event, or by the actions of a competent authority, which could cause your business interruption cover to engage.
If covered by this clause, there are often very subtle differences in wording in your policy. This could depend on the insurer or policy. You may well be covered, but it will depend on your particular circumstances, and the specific policy wording.
It’s clear that the Government needs to do more in ensuring there is clear messaging for businesses, and to help the insurance market look after policy holders. This is an unprecedented situation, and with many people looking to claim on their insurance, we’re already seeing major delays which could have a domino impact.
People throughout the world are understandably facing all kinds of worries because of the current pandemic. Our ways of living have changed, and many business owners will not have experienced a situation like this in their life times. If you own a business and are unsure about whether you can claim for business interruption, or are confused about ambiguous wording, get in touch with a loss assessor.
These claims are not simple, but loss assessors will be experts in business interruption insurance, and will specialise in large and complex claims. They will be able to help and guide you along the way, check your wording and work on your behalf to make sure you get everything you are entitled to.
HOW TO KEEP DIGITAL TRANSFORMATION ON TRACK AFTER THE PANDEMIC
Ashley Coker, CEO and founder, Slate Introduction The global coronavirus health emergency has made it abundantly clear how dependent...
THE FUTURE OF CUSTOMER EXPERIENCE IN DIGITAL BANKING
By Richard Billington, Chief Technology Officer, Netcall Over the past five years, the digital banking revolution has had a seismic...
TRANSFORMING BANKING: WHY COVID-19 IS UNFREEZING CONSUMER HABITS
Raj Chakraborty, Senior Managing Director, Publicis Sapient There is much debate about the impact of COVID-19 on the economy....
IS YOUR OFFICE LEASE CRUSHING YOUR BOTTOM LINE? YOU HAVE OPTIONS
By Jonathan Wasserstrum, Founder / CEO, SquareFoot These are unprecedented times for us all. Nobody has a playbook to get...
THE TRIALS AND TRIBULATIONS OF TRADERS TRADING FROM HOME
Steve Haworth, CEO of TeleWare Group Banks had hoped to keep their London trading floors open amid the worsening coronavirus...
HOW WILL REVOLUT’S MOVE INTO OPEN BANKING AFFECT US?
By Richard Mathias, Senior Technology Architect at LiveArea Despite current uncertainty, the financial services sector is experiencing transformative change year...
IN CONSUMER BIOMETRICS WE TRUST: AUTHENTICATION FOR THE DATA PRIVACY AGE
Jonas Andersson, Head of Standardization at Fingerprints Data privacy is high on the global agenda. In the wake of data...
CAPITAL MARKETS – LIQUIDITY MANAGEMENT DURING COVID-19
Tony Farnfield, Partner at management and technology consultancy, BearingPoint When “Dr. Doom” predicted the 2008 financial crisis back in...
SONY BANK SECURES AND ENHANCES MOBILE BANKING WITH ONESPAN’S MOBILE SECURITY SUITE
App shielding, biometric authentication and additional technologies secure and improve the customer experience for Sony Bank’s mobile banking app ...
KOREA’S KB BANK USES TRUSTONIC IN-APP PROTECTION TO ENHANCE MOBILE BANKING EXPERIENCE
Using Trustonic Application Protection enables KB Bank to dramatically improve the authentication experience for users of its mobile banking app...
CUSTOMER CARE TODAY WILL BUILD RESILIENCE FOR FUTURE CRISES
Cathal McGloin, CEO of ServisBOT writes, “The COVID-19 pandemic has created major spikes in calls to financial sector helplines dealing with customers...
THE CO-BRAND CREDIT CARD MARKET – SINK OR SWIM
By Chris Vinnicombe, VP Financial Services at Acxiom The co-brand credit card market is the result of the partnerships between...
HOW TO MANAGE YOUR CASH FLOW IN UNCERTAIN TIMES
While the world is constantly changing, probably at a faster pace now than ever before, businesses need to manage cash...
NEW IVALUA STUDY SHOWS TECHNOLOGY CHALLENGES ARE HINDERING PROCUREMENT TEAMS FROM ACHIEVING BUSINESS OBJECTIVES
Lack of system integrations and actionable insights are stopping organisations from accurately measuring performance Ivalua, a leading provider of global...
WHY DIGITAL TRANSFORMATION IN FINANCIAL SERVICES IS ABOUT CULTURE FIRST, TECH SECOND
Stuart Templeton, Head of UK at Slack In today’s world, there’s no such thing as a ‘non-tech fin’. Every...
STOP THE CONFUSION: HOW TO KNOW IF YOUR BUSINESS MAY BE INSURED AGAINST COVID-19
By Alex Balcombe, Partner at Harris Balcombe The last few weeks has seen businesses in hospitality, tourism, retail, leisure...
BRAVE NEW WORLD: A FUTURISTIC VISION OF PAYMENTS
James Booth, VP, Head of Partnerships in EMEA for PPRO Over the last ten years, the retail e-commerce ecosystem...
A PROPTECH FOUNDER’S BEGINNING, THE START OF KLEVIO AND HOW ACCESS-TECH IMPROVES FACILITIES MANAGEMENT
An interview with Klevio’s CEO and Co-Founder, Aleš Špetič What is Klevio? Klevio is a smart intercom that allows...
HERE’S HOW YOU CAN LEARN TO TRADE RISK-FREE DURING THE COVID-19 MARKET CRASH
Trading app BullBear has launched new features to support budding investors looking to hone their skills against the backdrop of...
ENTERPRISE BLOCKCHAIN: DRAGGING INSURANCE OUT OF THE DARK AGES
Ryan Rugg, Global Head of The Industry Business Unit at R3 The history of insurance traces back to the development...