Connect with us





Richard Shearer, CEO of Tintra PLC


Let’s imagine a scenario in which an individual living in Kenya wants to send money to London. If the person were living in the UK, this would be a very simple matter: two taps on their smartphone phone would result in a near-instantaneous transaction with no questions asked.

As a cross-border payment, however, this transaction looks very different: The individual’s money will have multiple arduous hurdles to clear as it’s passed from a local bank to a local electronic money institution [EMI] to a UK EMI, then on to a UK bank, before – if they are lucky – arriving in the hands of the beneficiary. This is a long-winded process riddled with red tape that could last as long as three months.

In addition, this already lengthy process is compounded by a further impediment: because the person is from an emerging country, they will – in the eyes of KYC/AML compliance teams – be considered high risk, despite the fact their earnings and transactions are entirely above board.

In essence, these challenges boil down to two key and interrelated issues: compliance processes are full of friction [often in the form of sluggish, manual, complex, and time-consuming KYC checks from multiple banks and EMIs], and Western KYC/AML teams are subject to bias, meaning they can’t [or possibly won’t] discern ‘good’ clients from ‘bad.’

Therefore, in order to truly achieve global banking, we need to develop a solution that will allow financial institutions to deal with both challenges quickly, efficiently and automatically – which is where technology, and more specifically, artificial intelligence, has the answer.


Leveraging technology to eliminate barriers and address bias

The banking industry hardly needs persuading of the benefits of AI in broad terms, as demonstrated by a recent report from McKinsey,which signposted several advantages of its integration, including boosted revenues, lower costs, and the discovery of unrealised opportunities through insights generated by powerful, data-hungry technology.

Perhaps more importantly, however, AI has the potential to significantly improve AML processes. For example, in predictive analytics, machine learning methods can be used alongside customer data to predict possible criminal behaviour – at lightning speeds and at an unprecedented scale – which simply cannot be matched by the people who remain at the heart of legacy banks’ compliance teams.

Not only can AI speed up the cumbersome processes that create the kinds of barriers faced by the likes of the individual from Kenya, but – crucially – the adoption of AI can also help to overcome the significant barriers represented by KYC/AML bias.

For example, using cutting edge AI tools to streamline onboarding and compliance procedures and automate all processes that currently involve manual invention, will effectively replace subjective human decision making with intelligent machines that have learned from years of data and experience. As a result, by reducing human involvement to a minimum, these tasks become fast, fair, transparent, scalable, and flexible enough to be applicable to customers and transactions across the globe.

Of course, AI isn’t always entirely free from bias – it’s made by people, and its insights are interpreted by people too. This reinforced by the last Nordics Anti-Financial Crime Symposium, which highlighted the need to watch out for bias at the programming stage.

In the context of KYC/AML classifiers, an unfair bias could occur if the machine is trained to mimic the human decision-making process, where the ‘right decision’ is fed into the AI solution. This can be overcome by providing evidentiary data instead, where the machine can learn from examples of transactions that resulted in complications as opposed to modelling outcomes on potential human prejudice.

Another key challenge for AI is generalisation caused by ‘narrow’ training data, such as when certain demographics and/or ethnic groups aren’t represented sufficiently in the training set. A similar phenomenon can occur in the context of KYC / AML where criteria for accepting a customer or transaction can vary across geographic area, meaning those in emerging markets may suffer as a result.

That said, it doesn’t mean AI can’t help in eliminating prejudice in AML procedures – far from it – it simply means we need to ensure the next generation of fintechs and challenger banks utilising this technology are feeding their AI models good data that provide explainable results – and that these entities are sincere in their desires to level the global banking playing field.


Revolutionising the global finance industry

Taking this kind of technology seriously would be nothing short of revolutionary for the global finance industry.

After all, as the Centre for Global Development has recently noted, KYC/AML discrimination can have serious ramifications in emerging markets, with those most likely to be impacted including “the families of migrant workers, small businesses that need to access working capital or trade finance, and recipients of life-saving aid in active-conflict, post-conflict, or post-disaster situations.”

In looking beyond the benefits that this new breed of global banking will have on individuals, there are also huge implications for the global economy.

McKinsey’s report on the future of cross-border payments points out that international payments revenues already amount to around $200bn globally – but a closer look at the figures reveals that while Western Europe sees 5.5 annual cross-border transactions per capita, Latin America only sees 0.7.

If compliance barriers were lowered through the leveraging of new technology, it seems perfectly plausible to suggest that places like Latin America would see cross-border transactions increase, with all the economic benefits associated with this increased flow of money on an international scale.

And, with AI and machine learning leading the charge towards revolutionised banking, it’s worth remembering that decreased prejudice needn’t come at the cost of increased risk: in fact, a recent Deloitte survey found that 41 per cent of respondents believed too many false positive AML alerts were the biggest AML compliance challenge faced by banks today.

Therefore, the right technology operated by new, forward-thinking financial entities has the real potential to simultaneously address the prejudices that underpin AML compliance processes, eliminate the sluggishness that those processes entail, unlock new streams of money to circulate in the global economy, and address the current lacklustre state of addressing financial crime.

When one really allows oneself to really absorb this new paradigm, the potential is there for AI to completely repackage the way in which the global banking industry operates. The question is who will be first to the party!



Enhancing cybersecurity in investment firms as new regulations come into force



Christian Scott, COO/CISO at Gotham Security, an Abacus Group Company


The alternative investment industry is a prime target for cyber breaches. February’s ransomware attack on global financial software firm ION Group was a warning to the wider sector. Russia-linked LockBit Ransomware-as-a-Service (RaaS) affiliate hackers disrupted trading activities in international markets, with firms forced to fall back on expensive, inefficient, and potentially non-compliant manual reporting methods. Not only do attacks like these put critical business operations under threat, but firms also risk falling foul of regulations if they lack a sufficient incident response plan. 

 To ensure that firms protect client assets and keep pace with evolving challenges, the Securities and Exchange Commission (SEC) has proposed new cybersecurity requirements for registered advisors and funds. Codifying previous guidance into non-negotiable rules, these requirements will cover every aspect of the security lifecycle and the specific processes a firm implements, encompassing written policies and procedures, transparent governance records, and the timely disclosure of all material cybersecurity incidents to regulators and investors. Failure to comply with the rules could carry significant financial, legal, and national security implications.

 The proposed SEC rules are expected to come into force in the coming months, following a notice and comment period. However, businesses should not drag their feet in making the necessary adjustments – the SEC has also introduced an extensive lookback period preceding the implementation of the rules, meaning that organisations should already be proving they are meeting these heightened demands.

For investment firms, regulatory developments such as these will help boost cyber resilience and client confidence in the safety of investments. However, with a clear expectation that firms should be well aligned to the requirements already, many will need to proactively step up their security oversight and strengthen their technologies, policies, end-user education, and incident response procedures. So, how can organisations prepare for enforcement and maintain compliance in a shifting regulatory landscape?


Changing demands

In today’s complex, fast-changing, and interconnected business environment, the alternative investment sector must continually take account of its evolving risk profile. Additionally, as more and more organisations shift towards more distributed and flexible ways of working, traditional protection perimeters are dissolving, rendering firms more vulnerable to cyber-attack.    

As such, the new SEC rules provide firms with additional instruction around very specific prescriptive requirements. Organisations need to implement and maintain robust written policies and procedures that closely align with ground-level security issues and industry best practices, such as the NIST Cybersecurity framework. Firms must also be ready to gather and present evidence that proves they are following these watertight policies and procedures on a day-to-day basis. With much less room for ambiguity or assumption, the SEC will scrutinise security policies for detail on how a firm is dealing with cyber risks. Documentation must therefore include comprehensive coverage for business continuity planning and incident response.

 As cyber risk management comes increasingly under the spotlight, firms need to ensure it is fully incorporated as a ‘business as usual’ process. This involves the continual tracking and categorisation of evolving vulnerabilities – not just from a technology perspective, but also from an administrative and physical standpoint. Regular risk assessments must include real-time threat and vulnerability management to detect, mitigate, and remediate cybersecurity risks.  

Another crucial aspect of the new rules is the need to report any ‘material’ cybersecurity incidents to investors and regulators within a 48-hour timeframe – a small window for busy investment firms. Meeting this tight deadline will require firms to quickly pull data from many different sources, as the SEC will demand to know what happened, how the incident was addressed, and its specific impacts. Teams will need to be assembled well in advance, working together seamlessly to record, process, summarise, and report key information in a squeezed timeframe.

Funds and advisors will also need to provide prospective and current investors with updated disclosures on previously disclosed cybersecurity incidents over the past two fiscal years. With security leaders increasingly being held to account over lack of disclosure, failure to report incidents at board level could even be considered an act of fraud. 


Keeping pace

Organisations must now take proactive steps to prepare and respond effectively to these upcoming regulatory changes. Cybersecurity policies, incident response, and continuity plans need to be written up and closely aligned with business objectives. These policies and procedures should be backed up with robust evidence that shows organisations are actually following the documentation – firms need to prove it, not just say it. Carefully thought-out policies will also provide the foundation for organisations to evolve their posture as cyber threats escalate and regulatory demands change.

 Robust cybersecurity risk assessments and continuous vulnerability management must also be in place. The first stage of mitigating a cyber risk is understanding the threat – and this requires in-depth real-time insights on how the attack surface is changing. Internal and external systems should be regularly scanned, and firms must integrate third-party and vendor risk assessments to identify any potential supply chain weaknesses.

 Network and cloud penetration testing is another key tenet of compliance. By imitating how an attacker would exploit a vantage point, organisations can check for any weak spots in their strategy before malicious actors attempt to gain an advantage. Due to the rise of ransomware, phishing, and other sophisticated cyber threats, social engineering testing should be conducted alongside conventional penetration testing to cover every attack vector.

It must also be remembered that security and compliance is the responsibility of every person in the organisation. End-user education is a necessity as regulations evolve, as is multi-layered training exercises. This means bringing in immersive simulations, tabletop exercises and real-world examples of security incidents to inform employees of the potential risks and the role they play in protecting the company.

 To successfully navigate the SEC cybersecurity rules – and prepare for future regulatory changes – alternative investment firms must ensure that security is woven into every part of the business. They can do this by establishing robust written policies and adhesion, conducting regular penetration testing and vulnerability scanning, and ensuring the ongoing education and training of employees.

Continue Reading


How to think like an attacker & why it might be critical to your security strategy




Kam Karaji, Global Head of Information Security for Bibby Financial Services, argues at DTX Manchester that the most successful way to keep attackers at bay is to get into the same mindset and calls for the finance industry to fight back as a team.

Since the global pandemic, cybersecurity breaches have been at an all-time high.

With businesses suffering threats from ransomware to phishing to personal identity data attacks – a proactively search for solutions is ongoing. According to Panaseer, nearly a third of security leaders say a lack of visibility of sensitive data can impact a business’s ability to comply with regulatory requirements and nearly 90% say they don’t have adequate visibility of the data they are required to protect.

One trending topic at DTX was that cyber attackers mainly pinpoint a weakness within the business’s security system and use it as a weapon. Attack surface reduction (ASR) can slow and shut down a cyber attack attempting to steal a user’s credentials. This is available on Windows software and can easily be enabled. Businesses would benefit from making each employee aware of ASR as it eliminates any kind of weakness by targeting software behaviours often abused by attackers.

Detecting, intercepting and remediating threats at great speed and scale is vital for businesses as reducing the number of threats made against analytics and user data must be a top priority. Most security teams are not available to work for companies around the clock and so threats have an increased chance of being successful.

Within finance, security breaches are not an option. PIDs are a must-have within the company’s s security culture as clients have to be the most protected. Without client trust, a business risks having its reputation tarnished.

Cybersecurity automation is the most viable option as it can benefit the business in a number of ways. It’s cost-efficient for a start. Enhanced automation security systems, reduce workload, which means you don’t need as many cybersecurity professionals to o monitor systems or perform a manual analysis. It reduces the risk of human error. Automation is key for targeting threats at speed and scale and provides automatic threat intelligence and analysis as it stores logs of human activity and supplies s insights into how attacks are affecting the business overall.

According to the 2022 Verizon Data Breach Investigations Report, ransomware attacks surged dramatically in 2022 and ransomware was involved in 25% of all breaches. It is absolutely crucial l for businesses to communicate with every employee on each step of the cyber security process. This avoids a blast radius attack as businesses tend to only have one security team when they would see a bigger benefit in blending each of the roles together.

Businesses are now beginning to invest in cyber security attack simulations to provide a better training experience for all employees. Every member of staff needs to be involved so that the business isn’t under threat for longer than it needs to be. It’s worth noting that attacks can sit silently on the system for months before they are accurately identified and dealt with.

In a recent survey by Apricorn(, a third of respondents admitted to not backing up data to a second off-site location. Of those that do, over 30% are backing up to the cloud and just over 20% are relying on storage devices to keep secondary backups.  Any cyber security hack will be able to infiltrate any on-site backup plans, so the safest option is to have an offline plan.

Most businesses are not confident in offline back-ups as they must be checked and updated frequently with new data. To add extra resilience to the process, businesses must revisit the offline backup plan before it goes live.

Help Net Security discovered in 2022 that supply chain attacks surpassed the number of malware-based attacks by 40%. According to the report, more than 10 million people were impacted by supply chain attacks targeting c1700 organisations. By comparison, 70 malware-based cyber attacks affected 4.3 million people.

The most important and effective way of avoiding a supply chain attack, as discussed at DTX, is to understand your supply chain from start to finish as each one differs by industry. Identifying the common denominator in the supply chain attacks can help to drastically change the security posture, and ensure businesses are better prepared and protected and more likely to flourish.

Continue Reading



Business2 days ago

Enhancing cybersecurity in investment firms as new regulations come into force

Christian Scott, COO/CISO at Gotham Security, an Abacus Group Company   The alternative investment industry is a prime target for...

Technology2 days ago

How to think like an attacker & why it might be critical to your security strategy

Kam Karaji, Global Head of Information Security for Bibby Financial Services, argues at DTX Manchester that the most successful way...

Business2 days ago

Building a sustainable future – what’s on your agenda for 2023?

The most successful and progressive leaders are embracing ESG or Environmental, Social and Governance principles throughout their businesses, but how...

Banking2 days ago

Digital Acceleration – the next buzzword in banking tech? Or a new era for the industry?

Ove Kreison, CTO at Tuum McKinsey’s latest report on banking found that traditional banks are spending a whopping 85% of their...

Business2 days ago

One year until EMIR Refit: how can firms prepare? 

Leo Labeis, CEO at REGnosys, discusses everything that financial institutions need to know about EMIR Refit and how they can...

Business3 days ago

In the Name of the Family! Firms with CEOs under clan culture influence are much more likely to be internationally focused

In an increasingly globalised world, it is incredibly rare that a firm can expect to grow in the long-term unless...

Finance3 days ago

Regulations, RegTech and CBDCs – Fintech’s Next Chapter 

Teresa Cameron, Finance Director at Clear Junction    Over the last decade, the UK has embraced the fintech revolution with...

Business3 days ago

Gearing up for growth amid economic pressure: 10 top tips for maintaining control of IT costs

  By Dirk Martin, CEO and Founder of Serviceware   Three years on from the pandemic and economic pressure is...

News4 days ago

Find Your Tribe With Content Marketing

Ian is the CMO at Spotler Group   Seth Godin, a writer, speaker, marketing expert, and influencer, describes audiences as tribes,...

Finance4 days ago

The formula for success: delivering total experience in financial services

  Monica Hovsepian, Global Industry Strategist, OpenText   The tumult of the last few years has thrown many challenges at...

Finance4 days ago

How financial organisations can ensure their data is protected in a SaaS world 

Mark Molyneux, EMEA CTO at Cohesity   The rapid expansion of Software as a Service (SaaS) has changed how we...

Business4 days ago

How freelancers can support the flexible future of the workplace

By Charlotte Gregson, Country Head UK at Malt   The concept of the workplace is changing and not just in...

Banking4 days ago

Banking on legacy – The risks posed by ‘stone age’ banking infrastructure

By Andreas Wuchner, Angel Investor of Venari Security   Introduction If you consider the most significant motivating factors behind cyber-attacks...

Business5 days ago

Beyond the Plastic Era: How Virtual Payments and Digital Wallets are Changing the Way We Pay

Nick Holt, Senior Director Solutions Engineering at Marqeta   In 2017, debit cards overtook cash as the most frequently used...

News5 days ago

Mambu and Mia-FinTech announce collaboration to accelerate introduction of digital finance solutions

Mia-FinTech, the fintech startup that enables banking and financial institutions to evolve towards open finance, and Mambu, a leading cloud...

Finance6 days ago

GDPR – the benchmark for a global privacy framework

by Alasdair Anderson, VP EMEA, Protegrity On the 5th anniversary of GDPR, the regulation continues to be a game-changer, setting the...

Finance6 days ago

Why real-time data remains a top priority for treasurers

Real-time data is vital for treasury teams, and this will continue as currency markets remain volatile and other crises threaten....

Finance6 days ago

Cross border payments: fact or friction?

Tom Scampion, CEO of Global Screening Services (GSS)   10 years ago, the fastest way to transfer money from country...

Business6 days ago

Compliance and customer experience: It’s not a trade-off

Tage Borg, CTO, Scrive Consumers today are used to smooth, instant transactions made in real time and free from the...

News6 days ago

Dubai Traders Summit 2023 concludes with great success

The Forex Traders Summit Dubai 2023 – Third Edition, a two-day event held on May 17-18, 2023, at The Ritz-Carlton,...