Connect with us

Top 10

TIME TO TAKE A SECURITY-FIRST APPROACH TO APIS IN INSURTECH

Published

on

By Olaf van Gorp, Perforce Software

 

Insurance is one of the latest sectors to start to benefit from advancements in digitalization. A big part of insurance’s digital transformation is the increasing use of APIs, bits of software that connect different services and apps — whether internally or externally — to connect in a friction-free way. Part of the whole open finance movement, APIs remove the need for complex and costly integrations between disparate systems and networks.
Insurers and associated third parties benefit from being able to share data more easily, processes happen faster, workload and unnecessary costs are reduced, and customers get faster response. It’s an all-round win.
However, while one of the reasons for using APIs is that they provide a controlled route to share confidential and sensitive data, APIs can also potentially introduce risk. If an API contains a vulnerability, then that can lead to problems, including cyberattacks and data breaches. Furthermore, once an API is published, there is usually little or no time to remedy the situation.
To understand how easily these weaknesses can be introduced, let’s look at how APIs are created. First, development has always been the point at which vulnerabilities are inadvertently introduced, potentially leading to issues further down the line, including performance and security problems. Second, development teams have traditionally worked siloed from the rest of the business (even from their colleagues in the IT operations team), with little visibility into their work. Plus, traditionally, security has not been their focus: that was something for the QA or test manager to worry about later.

Olaf van Gorp

That culture is changing, particularly with the DevOps movement, whereby the barriers between development and operations teams is broken down, and they work in a more collaborative way. However, with the understandable emphasis on getting an API published as soon as possible, security often still takes a backseat.
Finally, APIs are being created by a much wider group of people (including external agencies), not just software developers. That is good and bad: it makes it easier to keep up with the demand for APIs, but the new breed of API creators may not be trained software engineers, and arguably even more likely to introduce vulnerabilities.
So, what is the solution to this dilemma? APIs are an integral part of the entire financial sector’s future, but they have to be secure. Fortunately, there are some ways in which their security can be improved.

Four ways to improve API security

ONE – create a security-first mindset – get everyone on board on putting security in the spotlight, rather than an afterthought. Bake security into development processes and throughout the API’s entire lifecycle. Make sure everyone understands their roles around risk mitigation, including external contributors. Consider investing in security training for anyone responsible for API development.

TWO – go the extra mile – some compliance and standards already address API security. For instance, in Europe, the banking sector’s PSD2 requires security measures at the API level. In insurance, the NAIC Registry in the USA is putting more emphasis on API security and overall management, with automated filing of standard reporting documentation from insurance providers to meet state-level compliance. We are likely to see more API security requirements worldwide and within all aspects of finance, including insurance. However, open finance standards have a specific scope, and there are other security measures that can be adopted to further reduce risk. A good source is the OWASP API Security Top 10, which covers the most common API vulnerabilities and ways to prevent them.

THREE – put the brakes in place – comprehensive security processes need to cover all deployment and approval processes, people and teams. They should cover: authentication, authorisation, malicious pattern detection, message content security, and rate limiting. An API should also not be published without time-stamped approval from an authorised person, and this is typically a combined manual and automated process, involving the software development’s Continuous Delivery/Continuous Integration pipeline. Finally, make sure that there is a clear audit trail, so that if a problem occurs in the future, it can be traced back to root cause.

FOUR – reduce human intervention – automate security policies as much as possible, because this will not only reduce the risk of manual error, it will also help prevent security becoming a bottleneck. Introducing an API gateway will help achieve this, as well as making it harder for people to switch off security policies at will. Make sure that the chosen API gateway can operate with external contributors, as well as support all the main types of API, and deal with high volume. People still make the final decisions, but automation is the workhorse.

Take away security from developers
This may sound counter-intuitive to what is happening in other parts of software development (especially the Shift Left movement whereby software developers are taken on more responsibility for testing), but take away security from developers. Instead, leave API product managers, security specialists and other people to keep watch on API security. Use software tools to continually inspect code so that any issues are found early. Again, this can be a largely automated process, with humans then taking action depending on the results.
APIs are transforming financial services of all kinds, opening up faster and more efficient ways to communicate. By making security a priority across an API’s lifecycle, this will make it easier to reap the rewards of APIs, to reduce costs, speed up processes, and keep customers satisfied.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Finance

HOW RISING CUSTOMER EXPECTATIONS HAVE BECOME A CATALYST FOR CHANGE IN THE FINANCE FUNCTION

Published

on

By

Ashish Kwatra, Vice President of Finance & Accounting Solutions at Teleperformance India, discusses what the new generation of customers expect from finance outsourcing providers and how businesses can capitalise on emerging market opportunities.

 

Business needs are ever-evolving, leaving every department ripe for digital disruption. Gaps between customer expectations for digital services and current capabilities in the Finance and Accounting (F&A) function are creating more reason for organisations to explore outsourcing. Firms are turning to external service providers that, in essence, become their cloud-based finance teams. Outsourcing operations in this way is giving businesses an opportunity to meet new expectations of becoming agile, resilient, and insights-driven, and ultimately create a long-term competitive strategy.

A recent ISG Report reveals that organisations are on the hunt for F&A outsourcing providers to enable data-driven decisions. This comes as 86 per cent of customers admit their expectations of brands’ digital capabilities have increased since the pandemic struck. The more traditional financial institutions are finding themselves at the centre of this growing pressure to offer advanced technology, holistic advisers, and improved collaboration with clients. F&A outsourcing specialists are improving that level of visibility into finance operations and using generated insights to enhance the end-customer experience (as well as meet general financial needs).

Practices that manage to keep pace with expectations and market trends will therefore gain a significant advantage. – When investing in outsourcing, CFOs should be considering the following factors to ensure its adding the most value to their business.

 

Making the  case for F&A outsourcing

It is a common debate for businesses to decide whether the finance function should be outsourced. As disruptive technologies become more widely adopted and customers more conscious of cutting costs and adding value, the bar for expectations will continue to rise. To deliver the best-in-class performance that is expected of end-users, CFOs must make an informed decision on whether to invest in the specialised services of F&A experts. By partnering with dedicated service providers, organisations can have a direct channel to scalable processes with the below benefits:

Reduction in cost of finance: Taking the steps to boost profitability internally by refocusing on revenue-generating activities and increasing efficiency.

Streamlined target operating model: The daily workflow can become more productive by allowing the experts to streamline operations where possible.

Reduction in revenue leakage: The shift away from cumbersome, legacy processes to more advanced technologies such as Robotic Process Automation can prevent unprecedented revenue drains.

Working capital enhancement: Dedicated teams are equipped to optimise the balance between assets and liabilities, to grant firms more freedom to focus on the company’s core goals – without the hassle of chasing overdue accounts.

 

Demanding more than just transactional services

Aside from performing the transactional duties that come with closing the books on time and remaining compliant, organisations are leaning on F&A outsourcing to tap into more strategic capabilities. Automation, Artificial Intelligence (AI), and Machine Learning are all integral to delivering valuable financial insights to CFOs and translating added value to the end customer. Technologies like these can enable businesses to dig deeper into the financial functions, resulting in seamless, easier financial transactions.

It is not just about using new technologies, the rise of APIs is allowing businesses to work collaboratively to source services that they do not have with third parties, driving data simplification.

Looking ahead, it is expected that new delivery models will emerge as RPA and algorithms join a more diverse financial workforce, whilst new tools and microservices will challenge the traditional ERPs

 

Customers deserve best-in-class service

Clients increasingly expect their service providers to get closer to their customers’ needs. F&A providers should be exceeding the typical service and remaining agile in managing customers finances, and guiding revenue growth and business modelling. Transactions aside, relationship-building has become a must in the remote working environment.

Trust and honesty is core to relationship-building in accounting, and customers will want to know there is a human agent on the other end of the transaction. A High-Tech, High-Touch approach to customer service can be a firm’s brand differentiator in a sector driven by data, whereby empathic connections are balanced with advanced technology.

 

Reimagining the future finance function

Indeed, customer expectations have seen a gradual rise. Many companies have understood the changing dynamics of custiomer expectations, therefore, they have set up several cloud-based finance departments in order to provide the best services to their customers.

In the post-pandemic era, companies trying to remain relevant and keep customers’ finances stable will be more technologically advanced. There is a growing opportunity for organisations to focus on such revenue-generating activities by working with experienced external providers. Outsourcing models ultimately grant CFOs access to the latest technologies and in order to keep up with the latest trends, and in some cases stay ahead of the curve, CFOs must be aware of the changing finance function.

 

Continue Reading

Finance

ELIMINATING FINANCIAL LEAKS ACROSS YOUR BUSINESS

Published

on

By

By: Ray Welsh, Head of Product Marketing, FISCAL Technologies

 

All businesses are vulnerable to financial leaks, whether your business is a start-up or an established company, many risks can have serious consequences on your finances. The importance of assessing historical transactions thoroughly to identify any recurring weak spots is critical. Whether you are a small and mid-size enterprise or a global organisation, undertaking these measures will ensure your business is proactive, rather than reactive to these issues before it’s too late. Having the necessary AP technologies in place helps to identify red flags and eliminates the threat of human error.

In light of this, here are the five key benefits of assessing historical transactions thoroughly;

 

Discover and eliminates maverick spending 

Maverick spend or any organisational purchase made outside of a formal purchasing process can result in unexpected purchases, leading to a cash-flow crisis. When purchases aren’t properly tracked, this results in data gaps, and as a result, the financial department is unaware of where the money was spent. This leads to delays at month-end close as well as the potential for fraud. Reconciling maverick spend can become the primary cause of bottlenecks within the AP organisation Without a system to continually check for the indicators of maverick spend, working in the background on your behalf, cash continues to leak out and cleaning up the mess continues to consume your team’s valuable time.

The solution to maverick spend begins with having the necessary AP technologies in place helps to identify red flags.

 

Improves oversight of vendor performance

Thankfully digital transformation has removed the paper document-intensive back-and-forth of completing a purchase that historically included items such as quotes, purchase orders, order confirmations, invoices, credit notes and receipts. Thankfully the environment has benefited from this transformation, it has however failed to reduce the number of documents required in a supplier transaction. If the necessary technologies and procedures are not in place these documents can become lost in the system, resulting in a waste of employee time, excessive spending, and poor supplier relationships. An effective Procure-to-Pay system consolidates the entire process into a single platform which improves efficiency, but without the contemporary controls needed to protect spending, P2P solutions can speed up cash leakage.

 

Improves budget control 

Having the necessary AP technologies in place to track and check transactions can have a monumental positive impact on budgets and how they are controlled. It is sometimes the case that a budget-orientated mindset doesn’t always make its way into the Procure-to-Pay process within organisations. Possessing clear budget controls should be of the utmost importance within any organisations purchasing system. Through a singular purchasing platform, budget limits can be set for each department, resulting in ease of visibility within the purchasing dashboard. Assessing historical transactions via AP technologies will result in the necessary bodies having total visibility and control of departmental budgets, eliminating unwarranted spending and reducing financial leaks within the organisation.

 

Eliminates invoice errors

Incorrect invoices can come in many shapes and sizes, whether it be inaccurate costs, missing or incorrect purchase order numbers or duplicate invoices, this remains a common headache for many businesses. Any worthwhile purchasing process will automate checks and balances that will automatically flag invoice errors, potential duplicate invoices, and all other errors that account for invoice related cash leakage in an organisation. Having the right AP technologies in place will allow you to proactively audit invoices to check for errors, such as duplicates or overbilling. If your platform does nothing but eradicates overpayments, your organisation will have overcome one of the most common causes of unnecessary spending.

 

Removes manual processes 

Manual processes are known to be error-prone and extremely time-consuming. Having the required AP technologies in place can eliminate the challenges and difficulties attributed to manual Procure-to-Pay processes. But when human processing is replaced with rules-based, automated systems, the time allocated to contacting vendors, following up with approvers, and gathering credit notes etc. continues unless smarter error detection is also introduced, alongside AP automation. Time wasted in P2P processing is a major financial leak that can be prevented with the right approach.

 

Continue Reading

Magazine

Trending

Business1 day ago

STREAMLINE YOUR BUSINESS FINANCES AND SIGNIFICANTLY INCREASE PROFITABILITY

Every successful and professional business owner knows and truly understands that there is nothing more important and worthy of investing...

News2 days ago

3 AREAS TO INVEST IN WAREHOUSE EFFICIENCY

The logistics industry is entering exciting times. Warehouses, long a relatively static area, now host multiple converging technologies poised to...

Technology2 days ago

WHAT TO KNOW ABOUT ENHANCING THE ORDER-TO-CASH PROCESS WITH ARTIFICIAL INTELLIGENCE

Mark Sheldon, Chief Technology Officer, Sidetrade   The global pandemic has meant companies everywhere have woken up to the fact...

News2 days ago

WHAT’S THE BIGGEST COST-CUTTING MISTAKE IT LEADERS MAKE?

Alastair Pooley, CIO at Snow Software:    The biggest mistake is making short term changes which, in the long run,...

Finance2 days ago

HOW AI IS HELPING FINANCIAL ADVISORS ENHANCE GO-TO-MARKET ACTIVITIES

By Andy Baillie, Vice President, Seismic   Financial services have been utilising artificial intelligence (AI) for a range of services...

Finance2 days ago

HOW RISING CUSTOMER EXPECTATIONS HAVE BECOME A CATALYST FOR CHANGE IN THE FINANCE FUNCTION

Ashish Kwatra, Vice President of Finance & Accounting Solutions at Teleperformance India, discusses what the new generation of customers expect...

Finance2 days ago

ELIMINATING FINANCIAL LEAKS ACROSS YOUR BUSINESS

By: Ray Welsh, Head of Product Marketing, FISCAL Technologies   All businesses are vulnerable to financial leaks, whether your business...

Business2 days ago

HOW SMEs CAN EMBRACE CONTACTLESS, WITHOUT DITCHING CASH

By Tsuyoshi Notani, Managing Director, JCB International (Europe) Ltd.   Already popular, the past year has accelerated the usage of...

Business2 days ago

HOW TO STREAMLINE YOUR HR DEPARTMENT IN 2021

Modernising your HR department through automation is a small step that can make life easier for team members and managers...

News2 days ago

STICPAY ANNOUNCES LOCAL BANK WIRE SERVICE IN HONG KONG

Offers the ability to transfer funds as if you are a local Leading global e-wallet payment provider, STICPAY, has today announced...

News2 days ago

OPEN PAYMENTS GROWTH: TOKEN’S CHANNEL-FOCUSED STRATEGY DRIVING MARKET EXPANSION

Market share statistics from CMA9 banks indicate that Token is driving adoption of open banking payments in the UK Leading...

Finance6 days ago

WHY PEOPLE ANALYTICS WILL PLAY A PIVOTAL ROLE IN SOLVING THE FINANCIAL SERVICES INDUSTRY’S SKILLS CRISIS

Daniel Mason, Vice President EMEA, Visier   Successfully guiding teams of employees through the post-pandemic landscape will not be easy...

Business6 days ago

BECOMING THE CEO: THIS IS HOW CFOS CAN SECURE THE TOP JOB

Mark Freebairn, Partner and Head of the Board and CFO Practices at Odgers Berndtson, explains what CFOs need to do...

Finance6 days ago

AS SAAS GROWS, FINANCIAL SERVICES MUST RETHINK THEIR SECURITY APPROACH

Ben Bulpett, Identity Platform Director, EMEA, SailPoint   The financial services industry is facing an increasing number of issues related...

Finance6 days ago

THE TECH “RENAISSANCE” OF THE FINANCE INDUSTRY – AND WHAT IT MEANS FOR RISK AND OPERATIONAL RESILIENCE

Stewart Griffiths is Co-Founder and CEO of Albany Group   Not unlike most industries, the finance sector went into something...

Business6 days ago

REDUCE CUSTOMER DISPUTES WITH DATA TRANSPARENCY

By Gabe McGloin, Head of Business Development EMEA at Verifi   The digitisation of commerce has escalated the need for...

Finance6 days ago

ATTENTION CFOs: HARNESS THE POWER OF FINANCE WITH DATA DRIVEN INSIGHTS

By Tim Wakeford, VP Product Strategy, Financials at Workday   From ensuring business continuity to mitigating risk – when it...

Business1 week ago

HOW NEW APPROACHES TO USER VERIFICATION CAN HELP BANKS TACKLE THE ISSUE OF FRIENDLY ACCOUNT TAKEOVER

By Richard da Silva, VP EMEA at Revelock   Banks and other financial institutions are battling hard behind the scenes...

Wealth Management1 week ago

DIGITAL NATIVES CAN BE THE DRIVING FORCE BEHIND THE BIGGEST TRANSFORMATION IN INSURANCE

Sam Vickerman, Practice Director, Insurance & Retail, Grayce   Often referred to as digital laggards in the finance sector, insurance...

Finance1 week ago

THE 7 KEY HABITS OF EXCEPTIONAL ACCOUNTANTS

By David Brightman, Director of Product Marketing at BlackLine   Traditional accounting has evolved substantially over the past few years;...

Trending