By Olaf van Gorp, Perforce Software
Insurance is one of the latest sectors to start to benefit from advancements in digitalization. A big part of insurance’s digital transformation is the increasing use of APIs, bits of software that connect different services and apps — whether internally or externally — to connect in a friction-free way. Part of the whole open finance movement, APIs remove the need for complex and costly integrations between disparate systems and networks.
Insurers and associated third parties benefit from being able to share data more easily, processes happen faster, workload and unnecessary costs are reduced, and customers get faster response. It’s an all-round win.
However, while one of the reasons for using APIs is that they provide a controlled route to share confidential and sensitive data, APIs can also potentially introduce risk. If an API contains a vulnerability, then that can lead to problems, including cyberattacks and data breaches. Furthermore, once an API is published, there is usually little or no time to remedy the situation.
To understand how easily these weaknesses can be introduced, let’s look at how APIs are created. First, development has always been the point at which vulnerabilities are inadvertently introduced, potentially leading to issues further down the line, including performance and security problems. Second, development teams have traditionally worked siloed from the rest of the business (even from their colleagues in the IT operations team), with little visibility into their work. Plus, traditionally, security has not been their focus: that was something for the QA or test manager to worry about later.
That culture is changing, particularly with the DevOps movement, whereby the barriers between development and operations teams is broken down, and they work in a more collaborative way. However, with the understandable emphasis on getting an API published as soon as possible, security often still takes a backseat.
Finally, APIs are being created by a much wider group of people (including external agencies), not just software developers. That is good and bad: it makes it easier to keep up with the demand for APIs, but the new breed of API creators may not be trained software engineers, and arguably even more likely to introduce vulnerabilities.
So, what is the solution to this dilemma? APIs are an integral part of the entire financial sector’s future, but they have to be secure. Fortunately, there are some ways in which their security can be improved.
Four ways to improve API security
ONE – create a security-first mindset – get everyone on board on putting security in the spotlight, rather than an afterthought. Bake security into development processes and throughout the API’s entire lifecycle. Make sure everyone understands their roles around risk mitigation, including external contributors. Consider investing in security training for anyone responsible for API development.
TWO – go the extra mile – some compliance and standards already address API security. For instance, in Europe, the banking sector’s PSD2 requires security measures at the API level. In insurance, the NAIC Registry in the USA is putting more emphasis on API security and overall management, with automated filing of standard reporting documentation from insurance providers to meet state-level compliance. We are likely to see more API security requirements worldwide and within all aspects of finance, including insurance. However, open finance standards have a specific scope, and there are other security measures that can be adopted to further reduce risk. A good source is the OWASP API Security Top 10, which covers the most common API vulnerabilities and ways to prevent them.
THREE – put the brakes in place – comprehensive security processes need to cover all deployment and approval processes, people and teams. They should cover: authentication, authorisation, malicious pattern detection, message content security, and rate limiting. An API should also not be published without time-stamped approval from an authorised person, and this is typically a combined manual and automated process, involving the software development’s Continuous Delivery/Continuous Integration pipeline. Finally, make sure that there is a clear audit trail, so that if a problem occurs in the future, it can be traced back to root cause.
FOUR – reduce human intervention – automate security policies as much as possible, because this will not only reduce the risk of manual error, it will also help prevent security becoming a bottleneck. Introducing an API gateway will help achieve this, as well as making it harder for people to switch off security policies at will. Make sure that the chosen API gateway can operate with external contributors, as well as support all the main types of API, and deal with high volume. People still make the final decisions, but automation is the workhorse.
Take away security from developers
This may sound counter-intuitive to what is happening in other parts of software development (especially the Shift Left movement whereby software developers are taken on more responsibility for testing), but take away security from developers. Instead, leave API product managers, security specialists and other people to keep watch on API security. Use software tools to continually inspect code so that any issues are found early. Again, this can be a largely automated process, with humans then taking action depending on the results.
APIs are transforming financial services of all kinds, opening up faster and more efficient ways to communicate. By making security a priority across an API’s lifecycle, this will make it easier to reap the rewards of APIs, to reduce costs, speed up processes, and keep customers satisfied.
by Devan Nathwani, FIA and Investment Strategist at Secor Asset Management
Defined Benefit pension schemes are one of the most significant institutional investors, representing c.£1,700 billion in assets. With investments becoming increasingly more complex, regulatory and reporting requirements increasing and markets generally being volatile, making investment decisions is taking up more of the governance budget. This has been further highlighted in the recent Covid-19 crisis where pension schemes were faced with falling equity markets, collateral calls and new investment opportunities arising from market dislocations. Corporate sponsors saw their pension scheme deficits widen at a time when free cash flow was needed to maintain working capital. There is a vast array of investment or de-risking products that claim to have low governance requirements, however often they can require giving up investment freedom and transparency or have high costs. This is where partnering with a Fiduciary Manager can help.
What is Fiduciary Management?
Fiduciary Management is essentially a form of delegated investment decision making. Fiduciary Managers partner with pension schemes to give advice on scheme investments and are responsible for the implementation of that advice. Fiduciary Management relationships are often highly customised and do not have to be “all or nothing”. A simple Fiduciary Management partnership could involve a Fiduciary Manager managing a fund-of-hedge-fund portfolio. A more comprehensive partnership could involve a Fiduciary Manager using their investment expertise to make investment decisions on the entire scheme portfolio. In practice, these partnerships can take many different forms and the best relationships are often highly customised, be it in the services received, the portion of the assets covered or the decisions that are delegated.
Why Fiduciary Management?
Every pension scheme is different and in practice will choose to partner with a Fiduciary Manager for different reasons. Some common reasons for partnering with a Fiduciary Manager are:
Independent investment expertise
Over the last 10 years pension scheme investments have become increasingly more complex, with alternative asset classes becoming a core component of the strategic portfolio. Asset classes such as Private Equity, Private Credit and Property require in-depth knowledge of the different strategies deployed within them and often require portfolio management expertise to deal with capital calls and distributions and the sizing of commitments. Independence can be crucial here as these asset classes often carry high investment fees and require careful investment due diligence. A Fiduciary Manager typically has deep investment experience in a broad set of asset classes that a pension scheme can in-source without the cost of building an in-house team. Independence can be very important as a Fiduciary Manager that has no association with the underlying managers that a pension scheme invests with, can make investment decisions with minimal conflicts of interest.
Precision and speed
As highlighted by the market impact following the Covid-19 pandemic, it is important for pension schemes to be able to implement their investment decisions with speed and precision. Markets move every single day and investment opportunities can often arise and pass more quickly than a typical pension scheme governance structure can tolerate. Risk management is one of the most important objectives for a pension scheme, with unrewarded risks needing careful management and rewarded risks needing to be sized appropriately. Fiduciary Managers monitor their client portfolios daily and can act quickly to take advantage of investment opportunities or rebalance the portfolio as markets move.
As regulatory requirements have increased, pension schemes are increasingly being asked to monitor their investment decisions with more scrutiny. Regulation requires them to consider Environmental, Social and Governance (ESG) factors in their investment decisions and understand the performance of their investments in detail, including the impact of explicit and implicit transaction costs. In addition, as funding levels improve, pension schemes and their sponsors are looking for tighter control and greater transparency over the scheme’s risks. This is particularly important as schemes approach their desired “End Game”. Good Fiduciary Managers typically have proprietary tools and systems that facilitate better performance and risk measurement. As regulations form and evolve, Fiduciary Managers adapt their investment decision making processes to account for them making compliance much easier.
Typically pension schemes and their sponsors have limited internal resources with limited time to spend on both investment and non-investment related matters. Most companies do not have dedicated pensions treasury teams so it can be difficult to devote the sufficient time that is required to both monitoring investment performance and making investment decisions. Where new asset classes are added to a pension scheme’s portfolio, additional training may be required which can take a considerable amount of time, particularly for more complex asset classes. Partnering with a Fiduciary Manager can supplement any existing governance structure by re-focusing pension scheme resources on more strategic matters.
Pension schemes typically receive advice from investment consultants who do a good job of advising on strategic matters but are ultimately not accountable for the performance and the outcome of that advice. Pension scheme representatives are increasingly looking for their advisors to be accountable for their advice and the performance relative to the liabilities. Fiduciary Management solutions typically focus on liability relative scheme performance and are governed by the GIPS Fiduciary Management Performance Standard, to ensure a consistency in performance measurement.
Value for money
Fiduciary Management relationships are often all-encompassing and typically cover all investment related matters for the pension scheme. Through economies of scale, Fiduciary Managers negotiate more favourable asset management fees on behalf of pension schemes and are able to get schemes of all sizes access to investment opportunities that would historically only be available to larger schemes. The combination of investment expertise and accountability under a single Fiduciary Management solution, is expected to deliver better funding and performance outcomes which ultimately offers better value for money.
Fiduciary Management as an investment solution is arguably more relevant today than historically. The recent crisis has highlighted the need for an investment partner who can help manage the downside risks associated with investing in equities, manage the collateral behind important hedges and take advantage of market dislocations. Many corporate sponsors will have seen their pensions contributions eroded and balance sheet deficits widened during the Covid-19 market crisis and a Fiduciary Management partner could have helped better navigate the volatility.
As corporate sponsors begin to consider the “End Game” for their DB pension scheme, they are increasingly faced with the dilemma of entering low-governance investment solutions that may be poorly constructed or paying an insurance premium to “Buy-out” the scheme.
Solutions such as Cashflow Driven Investing (CDI) tend to overemphasise portfolio construction to be based on uncertain cashflow profiles, and excessively exposing the pension scheme to risky credit allocations, which in a post Covid-19 world could expose pension schemes to adverse funding outcomes.
For corporates who prefer to avoid a large cash lumpsum payment for insurance-based buy-outs, a Fiduciary Manager can offer an alternative solution to reaching the required funding level for such a transaction to take place. By slowly growing the asset base while carefully managing risks, pension schemes can become buy-out ready allowing their sponsors to reinvest free cashflow in existing or new business lines.
Partnering with a Fiduciary Manager today could give pension schemes the tools to better manage the next crisis and offer more flexibility in reaching the desired End Game.
 The DB Landscape – Defined Benefit Pensions 2019 – The Pensions Regulator dated January 2019
TIME TO THINK OUTSIDE OF THE BLACK BOX
Mike Brockman, CEO, ThingCo
If you have the unbridled joy of parenting a teenager you’ll probably know what telematics insurance is. In very simple terms, telematics or ‘black box’ insurance enables insurance companies to track driving behaviour using technology fitted to the car or via a smartphone app. It is the first practical example of IoT – machine to machine communication of real-time data.
Telematics has been crucial to helping thousands of young people get experience on the road who would otherwise have found the cost of insurance too high. When you look at the number of road casualties in the UK over the last nine years there is a clear correlation between the rising adoption of telematics and a fall in young driver casualties[i]. The problem is that as soon as they can, young drivers chuck in telematics and take traditional insurance. As such telematics insurance has got stuck firmly in a rut.
So why is that a problem?
First, telematics saves lives – think what it could do if more drivers had it.
Secondly motor insurance costs are linked to claims costs – if we can bring down the cost of claims through the engagement, speed of response in accidents and anti-fraud benefits of using telematics data to its full potential, everyone could access cheaper insurance.
Thirdly we are living in a world deeply impacted by COVID-19. Travel trends were already altering prior to the pandemic but have changed and could remain significantly changed for the foreseeable future. Consumers are beginning to think more deeply now about their motor insurance and value for money. This may create demand for motor insurance cover that is more responsive to people’s individual driving behaviours – why pay an annual premium when you only use the car once or twice a week? On the flipside, those nervous of using public transport could see an increase in their car use. Telematics allows insurance providers to offer insurance based on actual rather than predicted use.
The fundamental reason for telematics getting stuck in a rut is insurance companies are not offering something consumers actually want and they are not deriving value from their investment in the technology. Different telematics devices give different qualities of data and that data determines the economic equation they have to resolve in terms of how much they pay for the technology and what value they get from it.
Another key factor is that if you give something away – as the insurance industry has done with telematics ‘black boxes’ – you are sending a strong signal to the customer that the technology is of no value to them and only there to serve the insurer’s need.
You need to make the device a desirable piece of technology that consumers would value in their own right – rather than something that is imposed on them to get cheaper insurance. By introducing new technologies into these devices such as Voice, camera, ADAS, black spot warnings, it becomes a truly connected device that not only helps the driver but also creates incredible amounts of data that’s useful to the insurer to manage risk and provide better customer services.
With next generation telematics, the data is no longer a one way street direct into the insurer. You can feed that data back to the customer and develop additional services such as a voice alert when they have been driving for too long without a break, an incentive of a coffee at the next rest-stop.
Telematics also transforms the claims process for the customer and the insurance provider. A crash alert can kick in and activate a voice command in the device and that will ask the driver if they had an accident, whether they need help and will alert emergency services if necessary.
This is where the data brings huge value to the insurance provider providing a whole range of detail – like a liability assessment, video footage, fault, g-force etc. This data is dynamite to First Notification of Loss team with an insurance provider.
But the biggest difference next generation telematics offers is it really strengthens the relationship with customers and insurers can make it fun as well. Insurance and fun aren’t usually two words you see in the same sentence but unlike traditional insurance, or old school telematics, it allows engagement and the opportunity to provide incentives without any big brother feeling about it.
Technology has changed massively over the last ten years, the quality of devices has developed and the Cloud has opened the potential for telematics products to be designed for customers in the most attractive way. Barriers around trust and big brother can be broken down by being absolutely clear that the data belongs to the driver – they can choose how it is used to their benefit, spelling out the advantages, being transparent and flexible.
COVID-19 is providing an opportunity to stand back and think about telematics differently – how to make it customer friendly and how to make the economics work. By leveraging next generation telematics technology the insurance market has a window of opportunity to turn the motor insurance grudge purchase into something consumers really start to value.
DON’T RISK IT ALL WITH NON-COMPLIANCE
By Paul Sleath, CEO at PEO Worldwide Did you know non-compliance costs more than twice the cost of maintaining or...
BANKIA TRANSFORMS THE CUSTOMER AND EMPLOYEE EXPERIENCE WITH BIANKA BY IPSOFT
Developed with cognitive artificial intelligence, IPsoft’s conversational agent can carry out transactional tasks, perform different roles in customer service and...
by Devan Nathwani, FIA and Investment Strategist at Secor Asset Management Defined Benefit pension schemes are one of the most significant institutional...
TOUCH-FREE AUTHENTICATION FOR ALL: WHY WE NEED A SAFER PAYMENT METHOD IN THE ‘NEW NORMAL’
David Orme, SVP, Sales & Marketing, IDEX Biometrics ASA Ever since March, when the World Health Organization encouraged people to...
WHY BANKS NEED TO EMBRACE OPEN SOURCE COMMUNITIES
Nikolai Stankau, Director Business Development, EMEA Financial Services at Red Hat, the world’s largest enterprise open source solutions provider. ...
FOR PE TO SNAP UP “GOOD” COMPANIES, THEY MAY NEED TO WADE INTO “BAD” ECONOMIES
By Martin Soderberg, Partner at SPEAR Capital There’s no shortage of global challenges for investors currently, especially for those...
THE BASICS OF BUSINESS FINANCE
When you’re starting your business, you’ve got a lot to be thinking about. You need to find affordable suppliers, market...
HOW THE IMPORTANCE OF E-COMMERCE PLATFORMS GREW DURING THE PANDEMIC
Never in history has the world relied more on the internet than during this Covid-19 pandemic. With governments imposing lockdowns...
UNBANKED AND UNCONNECTED: SUPPORTING FINANCIAL INCLUSION BEYOND DIGITAL
Darren Capehorn, Director, Icon Solutions Many of us take it for granted, but accessing basic financial services is fundamental...
MORE THAN REGULATION – HOW PSD2 WILL BE A KEY DRIVING FORCE FOR AN OPEN BANKING FUTURE
Ralf Ohlhausen, Executive Advisor, at PPRO Whilst initially seen as simply a regulation exercise, the second Payment Service Directive,...
TIME TO THINK OUTSIDE OF THE BLACK BOX
Mike Brockman, CEO, ThingCo If you have the unbridled joy of parenting a teenager you’ll probably know what telematics...
BANKING’S SECOND WAVE OF TRANSFORMATION: INTEGRATING THE CLOUD-ENABLED FUTURE BANK
Keith Pearson, Head of Financial Services EMEA, ServiceNow The last six months have seen significant changes to the financial services landscape, with operational resilience, economic recovery, cost reduction and an...
RISK AND INVESTMENT SPECIALIST, CARDANO, TAKES TO DOCUMENT AND EMAIL MANAGEMENT IN THE CLOUD WITH ASCERTUS AS IMPLEMENTATION PARTNER
Ascertus also providing document comparison tool, compareDocs Cardano, a privately-owned, purpose-built risk and investment specialist, has chosen Ascertus Limited as its implementation...
HOW SALARY SLIPS HELP YOU UNDERSTAND TAX DEDUCTIONS ON YOUR SALARY
A salary slip is defined as a document that is provided by your employer which contains the breakdown of your...
BRANCHES ARE THE HUMAN FACE OF YOUR BANK?
Sudeepto Mukherjee, Senior Vice President, Financial Services Lead EMEA & APAC Publicis Sapient Branches have always played a pivotal...
RISE IN E-COMMERCE FOR SMALL BUSINESSES IS A BIGGER RISK THAN JUST STOCK CONTROL
With consumer confidence in the high street at an all-time low, many SME shops and businesses have moved to online...
TIME TO FOCUS ON YOUR ‘WEALTHBEING’
Tony Mudd, Divisional Director, Development & Technical Consultancy. St James’s Place FIVE WAYS TO SAFEGUARD YOUR FINANCIAL FUTURE The...
PAYROLL AGILITY IN THE CORONAVIRUS CRISIS – HOW FINANCE FIRMS CAN ACHIEVE IT
by Hannah Grimshaw, BPO Payroll Lead, Symatrix The government has published guidance with regards to the next steps for...
WHY IT’S TIME TO ADAPT TO THE VIRTUAL WORLD: HOW TO MASTER ONLINE NEGOTIATIONS
By Tony Hughes, CEO at Huthwaite International, a leading global provider of sales, negotiation and communication skills development Virtual...
BNP PARIBAS PERSONAL FINANCE COLLABORATES WITH EXPERIAN AND ARYZA TO HELP CUSTOMERS THROUGH THE COVID-19 PANDEMIC
The consumer finance specialist will be using the Open Banking tool to help customers create an affordable payment plan based...