Connect with us

Top 10

TIME TO TAKE A SECURITY-FIRST APPROACH TO APIS IN INSURTECH

By Olaf van Gorp, Perforce Software

 

Insurance is one of the latest sectors to start to benefit from advancements in digitalization. A big part of insurance’s digital transformation is the increasing use of APIs, bits of software that connect different services and apps — whether internally or externally — to connect in a friction-free way. Part of the whole open finance movement, APIs remove the need for complex and costly integrations between disparate systems and networks.
Insurers and associated third parties benefit from being able to share data more easily, processes happen faster, workload and unnecessary costs are reduced, and customers get faster response. It’s an all-round win.
However, while one of the reasons for using APIs is that they provide a controlled route to share confidential and sensitive data, APIs can also potentially introduce risk. If an API contains a vulnerability, then that can lead to problems, including cyberattacks and data breaches. Furthermore, once an API is published, there is usually little or no time to remedy the situation.
To understand how easily these weaknesses can be introduced, let’s look at how APIs are created. First, development has always been the point at which vulnerabilities are inadvertently introduced, potentially leading to issues further down the line, including performance and security problems. Second, development teams have traditionally worked siloed from the rest of the business (even from their colleagues in the IT operations team), with little visibility into their work. Plus, traditionally, security has not been their focus: that was something for the QA or test manager to worry about later.

Olaf van Gorp

That culture is changing, particularly with the DevOps movement, whereby the barriers between development and operations teams is broken down, and they work in a more collaborative way. However, with the understandable emphasis on getting an API published as soon as possible, security often still takes a backseat.
Finally, APIs are being created by a much wider group of people (including external agencies), not just software developers. That is good and bad: it makes it easier to keep up with the demand for APIs, but the new breed of API creators may not be trained software engineers, and arguably even more likely to introduce vulnerabilities.
So, what is the solution to this dilemma? APIs are an integral part of the entire financial sector’s future, but they have to be secure. Fortunately, there are some ways in which their security can be improved.

Four ways to improve API security

ONE – create a security-first mindset – get everyone on board on putting security in the spotlight, rather than an afterthought. Bake security into development processes and throughout the API’s entire lifecycle. Make sure everyone understands their roles around risk mitigation, including external contributors. Consider investing in security training for anyone responsible for API development.

TWO – go the extra mile – some compliance and standards already address API security. For instance, in Europe, the banking sector’s PSD2 requires security measures at the API level. In insurance, the NAIC Registry in the USA is putting more emphasis on API security and overall management, with automated filing of standard reporting documentation from insurance providers to meet state-level compliance. We are likely to see more API security requirements worldwide and within all aspects of finance, including insurance. However, open finance standards have a specific scope, and there are other security measures that can be adopted to further reduce risk. A good source is the OWASP API Security Top 10, which covers the most common API vulnerabilities and ways to prevent them.

THREE – put the brakes in place – comprehensive security processes need to cover all deployment and approval processes, people and teams. They should cover: authentication, authorisation, malicious pattern detection, message content security, and rate limiting. An API should also not be published without time-stamped approval from an authorised person, and this is typically a combined manual and automated process, involving the software development’s Continuous Delivery/Continuous Integration pipeline. Finally, make sure that there is a clear audit trail, so that if a problem occurs in the future, it can be traced back to root cause.

FOUR – reduce human intervention – automate security policies as much as possible, because this will not only reduce the risk of manual error, it will also help prevent security becoming a bottleneck. Introducing an API gateway will help achieve this, as well as making it harder for people to switch off security policies at will. Make sure that the chosen API gateway can operate with external contributors, as well as support all the main types of API, and deal with high volume. People still make the final decisions, but automation is the workhorse.

Take away security from developers
This may sound counter-intuitive to what is happening in other parts of software development (especially the Shift Left movement whereby software developers are taken on more responsibility for testing), but take away security from developers. Instead, leave API product managers, security specialists and other people to keep watch on API security. Use software tools to continually inspect code so that any issues are found early. Again, this can be a largely automated process, with humans then taking action depending on the results.
APIs are transforming financial services of all kinds, opening up faster and more efficient ways to communicate. By making security a priority across an API’s lifecycle, this will make it easier to reap the rewards of APIs, to reduce costs, speed up processes, and keep customers satisfied.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

THE INEFFICIENT MARKETS THEORY

Fraser Thorne, CEO at Edison Group

According to accepted financial thinking The Efficient Market Hypothesis (EMH) asserts that, at all times, the price of a security reflects all available information about its fundamental value.  So current prices are the best approximation of a company’s intrinsic value.

If that is true then why are so many companies being taken over at values of up to 70% more than their stock market price?.  What is the market missing?  Either accepted economic thinking is wrong or it is suffering from a period of abnormality or maybe something more fundamental is taking place.  Something which challenges the hypothesis of existing theories as to how share prices are created.

In recent months FTSE 100 businesses G4S and Royal Sun Alliance (RSA) have both been bid targets with insurer Hastings Group Holdings plc and Urban&Civic plc falling to earlier bid, following other leading industry names such as Macarthy & Stone .  Even the doyenne of roadside assistance the AA was finally taken off the market following a 6 year downhill journey.

A common feature is the gulf between the company’s stock price when the bid was launched, and the stock price offered by the potential acquirer. Yet if companies took advantage of the IR resources at their disposal, which have been significantly enhanced as digital capabilities have been developed as a result of COVID-19, this share price gap would have been considerably narrower or the companies might not have been the subject of a bid at all – potentially saving millions in defence fees.

Struggling stock prices have, of course, been a key stock market feature during the pandemic. Like many listed companies, G4S´s stock price fell sharply in the spring and then gradually recovered in the early summer to around 110p – still well short of the 200p at the start of this year – when Gardaworld made its first bid of 145p. Gardaworld’s final bid in December of 235p a share, was not enough to win the competition with Allied Universal trumping them at 245p cash. A 70% premium to G4S’s share price when Gardaworld’s first bid was made. The stock now trades at 257p implying some believe the bidding war may rumble on.

Similarly, Urban&Civic received a bid of 345p from Wellcome Trust, a 64% premium on its trading price at the time, RSA a joint bid from Intact Financial and Tryg, of 685p, a 49% premium and Hastings a 250p bid from Dorset Bidco, a 47% premium.

While the AA bid was at a premium of 40% to its price 4 months prior or 230% from its lows in February.  Even serial underperformer Talk Talk was taken over at a 16% premium.

Having reviewed a number of deals over the past six months most had a bid premium of over 40%+ which compares with an average of 15% for the previous two decades.

Takeovers are natural part of corporate development and a key requirement for markets to function efficiently.  But their value to shareholders has to be set against the recognition of the underlying value of the business before the bid is made.  A premium is normal and is normally required for control but what is most notable is the scale of such premiums.  Such price mismatches challenge the foundations of economic thinking, the market is not efficient.

A 10% bid premium is good, 15% very good and anything north of that is exceptional but this depends on the underlying price before the first bid is made.  Numbers in excess of 20% suggest the underlying stock is mispriced and therefore the stock market is inefficient.  This is hard to fathom in age of open access to so much information but the numbers demonstrate a dislocation between the stock markets value what others are prepared to pay for exactly the same assets.

True, bid prices are not always representative of the value of a business and its future cash flows might improve as a result. But one has to review the fundamentals of stock market valuations when the world’s largest security business can be undervalued by 200%+. Does the market lack the relevant information about the business outlook to make the same assessment as the bidder?  Is it that the market is dominated by analysts whose collective glass is half empty?  Or maybe it is the risk averse nature of large, bureaucratic investment houses who hope to demonstrate their precise calculations to reassure fund holders that they are looking after their savings.

Some of the quoted discount results from the public/private differential of the cost of capital and the tax treatment of debt v equity.  But perhaps a more obvious challenge has to be met by the companies and their boards’ – make sure everyone recognises your value, not just a potential bidder.

With as much investment now funded via debt (PE) as by quoted equity financial theories need a much wider lense. The efficient market hypothesis can only be applied to the market if investors and analysts incorporate the activity of the wider economic and investmsnt market.  This must include the valuations applied to private companies.  It is a great irony that in the age of the internet he time when more and more information is freely available to all markets are seemingly becoming less efficient.

The cost of private v quoted capital plays a part as does the massive growth of private equity v quoted funds, with active money halving in percentage terms in the last 20 years.

EMH theory came to prominence at a time of relative stock market stability, before international takeovers had come into vogue and in a time of greater higher interest rates.

 

US Mergers since 1897

According to Keynes “markets can remain irrational longer than you can stay solvent” and while they may re balance in the long run they can experience long periods of price dislocation.  We are not talking days but months or even years in some extreme cases.  Long enough for those closest to the business (the board) to highlight the error and try to rebalance it.

If the stock market cannot see the value opportunity then maybe it is not being given the full picture.   When that is the case then it is the obligation of the board to put the market right, yes the business needs to deliver what it promises but the other side of that is to highlight to investors how they will long term returns for shareholders.

While public perception may be that M&A deals and takeovers are decided by thrusting company directors, brave bankers and diligent lawyers, heroically fighting their corners in smoke filled boardrooms.

The reality is that these situations can only arise either when resources are scarce ie a mega merger between two dominate indsurty players scarping over a low growth or shrinking market or if one neglects its duty to achieve a proper value for its shares in the most public of arenas the stock market.

Certainly, the current gulf between share and bid prices suggests that management teams are not doing enough to properly communicate the value of their business to the wide variety of investors, which have holdings in their company.

In these uncertain economic times, clear and direct communication with investors is more important than ever. But not only do management teams need to communicate effectively with their existing investors, reaching out to potentially new investors who are likely to back an existing management team is also important.

A healthy share register is a diverse register incorporating all types of investors from retail through to the large institutions.  This means reaching out to a wide and fragmented audience.  The modern investment landscape is increasingly characterised by new and exciting pools of capital.  The growing significance of these new pools and the value of funds they represent is magnified as a result that active funds have shrunk as a percent of global funds under management by up to 30% in the last 20 years.  Boards should focus on building a more diverse and engaged share register, reach out beyond the more mainstream institutional investors to include, family offices, private wealth managers and the end individual investor herself.  To ignore this part of the market could be the difference between success and failure in a bid, just ask the board of GKN.

 

To address these issues, the IR industry has been adopting to a new level of innovation and tech-enabled solutions to respond effectively to these demands. For example, Edison has developed a new market-leading digital approach, which harnesses the latest in data and tech-driven tools, effectively transforming and enhancing the firm’s IR capability to not only efficiently reach out to existing holders but also to target new investors, which in an unwelcome bid situation could make all the difference between independence and redundancy.

Edison’s starting point is to monitor the behaviours of tens of thousands of investors by using smart targeting, with algorithms identifying not just interest but interest with intent to buy. These ‘propensity to purchase signals’ are detected via Edison’s digital content tracking system, InvestorTrack® and layered over market activity and fin depth knowledge of funds flows.

The recent spate of high premium bids highlights management failures to invest in their capital market communications.  It is not sufficient to concentrate on the top holders, nor to assume that exhaustive meetings with the sell side is an effective way to get your message carried to the wider market, in the format you want.

Initiating a bid is expensive, even more so defending one.  The combined advisory fees alone in the G4s bid are estimated to be in excess close to $30m or close to the annual IR budget of the combined FTSE100.  If the FTSE was repriced to close the average bid premium of the last two decades then it could increase in value by more than £300bn.

So, the choice appears straightforward: implement a long-term IR strategy, utilising all the modern digital methods now available to robustly communicate a company’s commercial case and strategy so the business is as fully valued as possible, or neglect this and risk a future bid and if it transpires then spend potentially millions of shareholder funds in fees in a possibly futile attempt to protect the company’s independence. If I was part of a senior management team, I know which option I would choose..

 

Continue Reading

Top 10

WHY BETTER PLANNING COULD BE THE INSURANCE INSURERS NEED

Adam Bimson, Chief Customer Officer, Vuealta

 

Insurance is predicated on the ability to plan effectively, to model accurately, and to predict the likelihood and impact of certain events. Whilst already facing significant regulatory, competitive, and customer disruption, the industry, like all others, has now been deeply disrupted by the pandemic. From an operational perspective, insurers have seen their workforces dispersed, their technologies stretched to the limit, and customers put under immense pressure – and in turn, that strain has been put on the insurers themselves.

Then there’s the increase in customers focusing on wanting to better protect themselves. Separate reports have found that the number of people making wills has risen at the same time as life insurance has seen a spike in interest. And for commercial lines, corporate customers are carefully scrutinising their current and future business disruption insurance, again with an eye on increasing their cover.

When is a growth in customers a problem? When you can’t handle each one properly. No business wants to fail due to too much success, but if insurers do not adapt rapidly, that is the risk they entertain. Whilst there may be an uptick in demand in some areas, the market is still awash with competition and tight margins.

Adam Bimson

Added to this are the demands of IFRS17, due to come into force in January 2023. That may seem a long way off, but the reporting requirements it places on insurers will require significant organisational, data and technological change, all of which needs to be started now.

 

Two challenges to overcome to achieve better insurance

This all points to the need for a fundamental shift in the way insurers operate in not one, but two areas.

Firstly, there is the need to adapt their operational model so that the effects of disruption, whether driven by the pandemic or regulation, do not impact the experience their customers receive.

Secondly, they need to reinvent their business so that the services and products they provide are both appropriate for customers and capable of withstanding future upheaval.

In both instances, technology, or rather the ability to consolidate, analyse and action data-driven insights through the use of technology, may offer the solution.

Why? Because as with so many things, the issues that insurers face are built on data. Being able to harness it gives them a much better chance of tackling those issues head-on. For instance, when it comes to operational models, better visibility (powered by data), combined with accurate scenario-based modelling and planning, will aid the development of a more agile organisation. Whether it’s adapting to a reduction in staff headcount as infections spike in different parts of the country or anticipating when customer service functions may be impacted by local lockdowns and increased restrictions. Being able to identify problems and react accordingly will be critical to delivering operational continuity and, therefore, unimpeded customer experience, and data lies at the heart of this.

Then there’s how it can be applied to evolving products and services for customers. Customers, whether consumers or businesses, are going to want to feel covered by their insurance – insurers will want to balance this with the need to not overexpose themselves to events that could appear out of nowhere. Here’s where the combination of accurate data use and the right digital tools, such as artificial intelligence-driven solutions, can help insurers take a major leap forward. Premiums can be adjusted, and more dynamic products tailored to the needs of customers can be developed.

Being able to use data more effectively is going to play a major role in complying with IRFS17, both in getting ready for its implementation and meeting its requirements in the years to come. Complying with a reporting standard will drive an investment in data and technology, but harnessed correctly, that investment can unlock wider benefits – the same commitment can be used to cover off all the challenges already covered.

In short, those that use technology effectively, and plan for scenarios appropriately, are more likely to build the types of products and services that fulfil both those objectives, and ultimately keep customers coming back.

 

Planning for the unpredictable

Much like other sectors, insurers need to revamp their business models. Technology, and the better use of data, offers a solution to both operational and customer experience challenges.

Planning for the unpredictable may seem impossible, but by using a variety of data sources, and more importantly, by being able to connect them all and read them effectively, insurers can ensure they continue to meet customer expectations while preparing their businesses for whatever comes next.

 

Continue Reading

Magazine

Trending

Business1 day ago

HOW TECHNOLOGY IS MAKING AIRLINES SMARTER DURING LOCKDOWN

Captain Nadhem is the General Manager of Alpha Aviation UAE   2020 has provided challenges to all industries, but few...

Business1 day ago

THE INEFFICIENT MARKETS THEORY

Fraser Thorne, CEO at Edison Group According to accepted financial thinking The Efficient Market Hypothesis (EMH) asserts that, at all...

Finance1 day ago

HOW WILL WE PAY IN 2021?

Nick Corrigan, UK & Ireland Managing Director, President of Global Payments.   As 2020 began, there was already much conversation...

Top 101 day ago

WHY BETTER PLANNING COULD BE THE INSURANCE INSURERS NEED

Adam Bimson, Chief Customer Officer, Vuealta   Insurance is predicated on the ability to plan effectively, to model accurately, and...

Business1 day ago

WHY IT IS MORE IMPORTANT THAN EVER TO SHOP SOCIAL

Dave Linton is an innovator, social entrepreneur, thought leader, mentor of social enterprises, motivational speaker and the founder and Managing...

Finance2 days ago

HOW COVID-19 HAS RESHAPED THE PAYMENTS LANDSCAPE

By Mohamed Chaudry, Group Chief Financial Officer of FoodHub   The year 2020 may well have sounded the death knell...

Business2 days ago

CREATING A PEOPLE-CENTRIC WORKPLACE CENTERED ON FLEXIBILITY, EXPERIENCE AND WELLBEING

By Anne Marie Ginn, Head of Video Collaboration, Logitech EMEA   The light is appearing at the end of the...

News2 days ago

UK OPEN BANKING FINTECH YAPILY ANNOUNCES EXPANSION IN VILNIUS

Yapily, a London-based fintech startup, has announced plans to set up in Vilnius, the company’s third European office. Yapily joins...

News2 days ago

FINTECH EEDENBULL SECURES PAYMENT TECHNOLOGY DEAL WITH NATIONAL AUSTRALIA BANK

EedenBull has announced a five year agreement with National Australia Bank (NAB), which allows the bank to deploy EedenBull’s innovative...

Finance2 days ago

2021 FINTECH PREDICTIONS

2020 has been a year like no other. The way we live, work, socialise and more has completely changed as...

News2 days ago

MARQETA ANNOUNCES PARTNERSHIP WITH GOLDMAN SACHS ON MARCUS CHECKING OFFERING

Marqeta’s modern card issuing platform will be leveraged by Marcus by Goldman Sachs to build new digital banking offerings.    Marqeta,...

Finance4 days ago

MAKE 2021 THE YEAR YOU DRAW UP A PERSONAL BUDGET

By Neli Mbara, Certified Financial Planner at Alexander Forbes   Budgeting is the most important thing you can do to manage...

News4 days ago

FINTECH EEDENBULL SECURES PAYMENT TECHNOLOGY DEAL WITH NATIONAL AUSTRALIA BANK

EedenBull has announced a five year agreement with National Australia Bank (NAB), which allows the bank to deploy EedenBull’s innovative payment...

Finance4 days ago

GEOSPATIAL DATA VISUALISATION MAKES SENSE OF MASS OF COMMERCIAL PROPERTY INSURANCE DATA

Heikki Vesanto, Manager GIS Data Science, LexisNexis Risk Solutions UK & I   Like most areas of the general insurance...

Top 104 days ago

A GUIDE TO HMO PROPERTY INVESTMENT

Many experienced property investors are turning their attention to HMOs and achieving much higher rental yields as a result. Find...

Finance4 days ago

PROTECTING THE DIGITALLY-EXCLUDED: BIOMETRIC IDENTIFICATION ENSURES ACCESS TO PAYMENTS IN A CASHLESS WORLD

By Vince Graziani, CEO, IDEX Biometrics ASA   The events of this year have exacerbated a number of challenges for...

Interviews4 days ago

‘GLOBAL TRADE IN 2008 VS 2021: GLOBAL IMPACT, DIFFERENT CHALLENGES’

A Q&A with Nawaz Ali Head of Insights at Western Union Business Solutions who draws comparisons between the financial crisis...

Finance4 days ago

FOUR WAYS OF FINDING THE SUPPORT AND RESISTANCE LEVELS

Support and resistance levels are mainly conventional values where a large number of orders assemble to stop a prevailing trend...

Finance5 days ago

TAX-FREE SAVINGS ACCOUNTS OR RETIREMENT ANNUITIES: KNOW THE SAVINGS PRODUCTS AVAILABLE TO YOU

By Michael Kirkpatrick, head of individual consulting best practice, Alexander Forbes   The start of a year is a great time...

News5 days ago

FROM PLASTIC WASTE TO PAYMENT CARD

Giesecke+Devrient invites to join the cause of saving the oceans.   Giesecke+Devrient (G+D) and the environmental organization Parley for the...

Trending