data - Finance Monthly | Personal Finance. Money. Investing

CFOs no longer rate Excel as most important skill, turning to new technologies, automation.

Adaptive Insights recently released its global CFO Indicator report, exploring finance automation progress and expectations of CFOs. The survey reveals that CFOs are embracing automation across various areas of finance, driven in large part by a requirement to be more strategic and provide better analyses. Financial reporting and period-end variance reporting top the list of automated processes today, according to the survey.

Automation initiatives are also impacting required skills for finance professionals. Whereas two years ago, 78 percent of CFOs considered proficiency in Excel as the most important skill for their FP&A teams, only 5 percent feel the same today. Looking ahead, only 7 percent of CFOs list better Excel skills as important for new hires. Instead, CFOs rated the ability to be adaptable to new technologies as the top skill for new hires, signaling a shift in desired skillsets for finance professionals in the future.

“We’ve seen CFOs increasingly take on the role of chief data officers in their organisations,” said Jim Johnson, CFO at Adaptive Insights. “At the same time, CFOs recognise the limitations in the way they manage and analyse data today and know it will only get worse with the proliferation of more systems with siloed data. That’s why Excel skills aren’t ranked as a top skill any longer. Proficiency in Excel is a given today. The new skills finance leaders need are those that can use technologies to access, analyse, and amplify data for insights to better manage the business.”

Limitations with manual processes like spreadsheets were recently documented in a Wall Street Journal article, Stop Using Excel, Finance Chiefs Tell Staff. The article noted that ubiquitous spreadsheet software that revolutionised accounting in the 1980s hasn’t kept up with the demands of contemporary corporate finance units, citing a lack of automation.

(Source: Adaptive Insights)

In force since January, the Second Payment Services Directive (PSD2), aka Open banking, is a regulation that forces the largest of our banks to open up access to their data; a necessity that could change the way many people and businesses bank. Below Jerry Matthews, Commercial Manager & Head of Bridging at KIS Finance, explains everything you need to know, touching on the risks and opportunities therein, and answering the big question: is it safe?

The Competition and Markets Authority (CMA) has started a revolution which encourages consumers to share their financial data to third-party companies, after years of being told to do the exact opposite.

The Open Banking Implementation Entity (OBIE) was created in response to the UK Government’s request for a fairer, more transparent banking and financial services. Transparent is definitely what they got.

What is Open Banking?

Open Banking is a new system which means customers can allow third party providers, other than their bank, to access their financial information.

These providers can be anything from insurance and mortgage companies to shopping sites, mobile phones and broadband providers.

The main idea is to give consumers more control of their financial information and have access to a wider range of products and services. Customers can allow the company to analyse their spending habits and offer them better deals, tailored to them.

There has been a new change in UK law which means that banks must allow FCA regulated businesses to access a customer’s personal and financial information, but the customer must give their permission first. Customers can give and withdraw permission at any time they choose.

The bank can only prevent the business access, on the customer’s behalf, if they suspect that the company is fraudulent, or not regulated by the FCA.

When will Open Banking Start?

Four of the nine largest UK account providers, Lloyds Banking Group, Nationwide, Allied Irish Bank and Danske are ready to start Opening Banking now.

Six weeks maximum has been given to RBS, HSBC, Barclays and Bank of Ireland by the Competition and Markets Authority (CMA). Santander’s Cater Allen has been given another year to prepare.

In order to integrate the new system smoothly, for the first 6 weeks the banks and companies offering Opening Banking services have been asked to only make it available to a small group of selected customers and to limit the amount of instructions processed.

How Will These Third-Party Providers Gain Access to our Information?

There appears to be two methods as to how your information can be accessed;

API’s: New communication technologies have been developed, Application Programming Interfaces, which are designed with customer security at the forefront. API’s are regularly used by various online tools and mobile apps to provide joined facilities, allowing software from numerous companies to, essentially, ‘talk’ to each other. This way, your information will be securely passed between companies with this technology in place.

Log-In Details: Another method may be that third-party providers will request that you share your online bank log-in details directly with the company. Yes, you read that right. A separate piece of legislation, the Payment Services Directive, will allow some companies to do this.

The company can then log in to your online banking account, like they were you, to access your financial data, such as; transaction history, direct debits and standing orders. This means that the company is likely to be able to access a much larger range of information, so really, the one way to withdraw your permission to this company, for certain, is to change your account password and other security details.

Do you Actually Have to Share your Information?

I am glad to say no, this isn’t mandatory.

The new rules state that banks must allow third-parties access to your information, but you have to explicitly give that company your permission – they can’t just look at your account willy-nilly. There will be an option to either switch on or switch off Open Banking on your account.

Once you have given that company permission, it’s not set in stone either. You can withdraw your permission at any time.

So, there is some security in knowing that this isn’t some sort of new binding contract.

So, what are the Potential Risks with Open Banking?

Current surveys suggest that a majority of consumers are reluctant to hand out personal and financial data. But, with the new system, this behaviour is expected to steadily change over time.

However, this does open up massive risks surrounding data privacy and security.

There are worries concerning the fact that by creating more chains of data access, it will be much harder to prove who was at fault if the customer’s information is stolen, making it harder than it already is to be compensated in these situations.

Not to mention how people handing out personal and financial data is like a gold mine to fraudsters.

To name just one potential scam, fraudsters could easily mimic third-party providers, by copying their choice of contact, to trick people into handing over their data which leaves consumers at risk of losing their money, and potentially, their identity being stolen.

Also, giving a company your bank log-in details with the only secure way of knowing that you have cancelled your permission is by changing your password? This is the main thing that consumers are told to never do, to never hand out your bank log-in details. This leaves your details at huge risk, and something just doesn’t make sense to me.

It is absolutely vital that the industry regulators ensure that consumers are wholly protected from any data breaches if they are to use these services with confidence and trust.

The Positives…

Although I think there is a lot at stake for people who decide to go forwards with Open Banking, I do think, for some people, this could be a way to gain much better control over their finances.

With Open Banking, it could be made easier to assess what type of bank account is best for you by analysing how you actually use it. For example, a lot of people can be unsure of how much their overdraft is costing them, but if a company can see your account, they may be able to provide you with a much clearer perspective and give you cheaper alternatives.

Or, for people who want to save money but are struggling to do so, sharing their data with budgeting companies/apps could help them see where and how they can save money.

Budgeting time is here, and you’re likely going to make some safe assumptions on the budgeting based on previous years, experience and forecast. But is are these backed by actual real data? Below John Orlando, CFO at Centage Corporation, talks Finance Monthly through data integration in budgeting, looking at specific trends we can expect in 2018.

At the present moment, the economic future looks good. Unemployment is dropping, inflation is manageable and both the House and Senate passed tax bills that will slash the corporate income tax rate, giving them added cash to grow. Over the past few months I’ve talked to many CFOs who say their companies are eager to expand and they’re actively building growth assumptions into their budgets.

However, even in the best of times, there are risks to growth since at any time some world event can affect economic conditions. Performance monitoring and forecasting are part and parcel to business success in a growth economy, and to the end, 2018 will see some positive data-driven trends emerge that will make it easy for executives to keep a watch over their businesses.

The data goldmine: CFOs and financial teams will look to the robust data-generated HR, CRM and other platforms to feed their budget models

Many mid-size companies have implemented third-party HR and CRM systems, platforms that generate robust datasets. For instance, PEO providers maintain detailed records on every type of employee or contractor who works with the company, as well as their benefit requirements. Salesforce.com tracks virtually any type of sales and metric important to the company. This data, much of it market-tested, offers a level of detail it would take an army to create. By entering or importing it into a budget model, finance teams can create highly detailed and robust budgets in a remarkably short time frame.

Organizations will be more assertive with their assumptions

With robust and accurate data from internal systems populating the budget, executive teams will have access to variance reporting that is far more accurate than ever before. Moreover, this level of specificity will prompt CFOs to be more assertive in their assumptions, as well as provide the confidence management teams need to execute on their growth plans.

Greater accountability in business decisions

Marketing pioneer John Wanamaker famously said, “Half the money I spend on advertising is wasted; the trouble is I don't know which half.” He wouldn’t say that if he were alive in 2018. The combination of robust data and better performance tracking will make it easier to assess the outcomes of virtually all business decisions (including advertising campaigns). The result will be greater accountability in business initiatives as CEOs obtain the tools to compare current results to the budget, forecasts and what occurred in the past.

With greater accountability comes greater learnings and more success

Armed with a better sense of what worked and what didn’t, business leaders will have keen insight into which activities, markets or initiatives are worth repeating. I can envision companies establishing new metrics with a greater degree of specificity than was possible in the past, supported by data-driven budgets and the ability to track budget versus the actual on a constant basis.

Forecasting will be the next big innovation in budgeting

Looking at the budget software market itself, I believe the next big innovation will be easy forecasting, driven by customer demand. CEOs in particular want streamlined and simple forecasting whether it be monthly, quarterly or half year, and will pressure their providers to deliver it.

I, of course, support this demand. As anyone responsible for a budget knows, within a few months of a budget’s completion, there’s a good chance some or all of it will be out of date. Benchmarks must be reset regularly as market or economic conditions change. If a particular product suddenly begins selling better than another, the company will no doubt want to rejigger resources in order to exploit the opportunity (or retrench in the face of disappointing sales). This is particularly true when companies are embarking on ambitious growth plans.

Growth opportunities and market conditions will move CFOs away from spreadsheets to budget models

Ten years ago, 90% of mid-size companies built their budgets in spreadsheets; today from what I see, it stands at 80%. As more and more executive teams realize the inherent power of a budget, I suspect that number will go down quickly, replaced by budgeting software that allows them to monitor performance much more frequently. But don’t expect a public mudslinging between budget-software providers. Growth in our market will come from first-time customers, rather than

Anomali recently released a new report that identifies major security trends threatening the FTSE 100. The volume of credential exposures has dramatically increased to 16,583 from April to July 2017, compared to 5,275 last year’s analysis. 77% of the FTSE 100 were exposed, with an average of 218 usernames and password stolen, published or sold per company. In most cases the loss of credentials occurred on third party, non-work websites where employees reuse corporate credentials.

In May 2017, more than 560 million login credentials were found on an anonymous online database, including roughly 243.6 million unique email addresses and passwords. The report shows that a significant number of credentials linked to FTSE 100 organisations were still left compromised over the three months following the discovery. This failure to remediate and secure employee accounts, means that critical business content and personal consumer information held by the UK’s biggest businesses has been left open to cyber-attacks.

The report, The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures, executed by Anomali Labs also reveals that:

Five of the FTSE 100 companies had more than 1,000 credential exposures, access to these enable cyber criminals to harvest and misuse additional credentials and company data
The banking sector accounted for a quarter (23%) of the total exposed credentials

“Our research has uncovered a staggering increase in compromised credentials linked to the FTSE 100 companies. Security issues are exacerbated by employees using their work credentials for less secure non-work purposes. Employees should be reminded of the dangers of logging into non-corporate websites with work email addresses and passwords. While companies should invest in cyber security tools that monitor and collect IDs and passwords on the Dark Web, so that staff and customers can be notified immediately and instructed to reset accounts,” said Colby DeRodeff, Chief Strategy Officer and Co-Founder at Anomali.

The Anomali research team also analysed suspicious domain registrations, finding 82% of the FTSE 100 to have at least one catalogued against them, and 13% more than ten. In a change to last year the majority were registered in the United States (38%), followed by China (23%). With the majority of cyber attackers using gmail.com and qq.com (a free Chinese email service) to register these domains to mask themselves. With a deceptive domain malicious actors have the potential to orchestrate phishing schemes, install malware, redirect traffic to malicious sites, or display inappropriate messaging.

For the second year, the vertical hit hardest by malicious domain registrations was banking with 83, which accounted for 23%. This is double that of any other industry. To avoid a breach, organisations have to be more accountable and adopt a stronger cyber security posture, for themselves and to protect the partners and customers they directly impact.

“Monitoring domain registrations is a critical practice for businesses to understand how they might be targeted and by whom. A threat intelligence platform can aid companies with identifying what other domains the registrant might have created and all the IPs associated with each domain. This information can then be routed to network security gateways to keep inbound and outbound communication to these domains from occurring. No one is 100% secure against actors even with the intent and right level of capabilities. It is essential to invest in the right tools to help secure every asset, as well as collaborate with and support peers in order to reduce their risks to a similar attack,” continued Mr. DeRodeff.

(Source: Anomali)

The Top 5 Impacts of GDPR on Financial Services

The clock is ticking to the 2018 deadline to comply with the EU General Data Protection Regulation (GDPR). Acting now is critical for firms to avoid risking fines of €20m (or 4% of annual revenue) so advance planning and preparation is essential. Here Nathan Snyder, Partner at Brickendon, lists for Finance Monthly the top five considerations and impacts GDPR will have on financial services.

Amidst growing concerns around the safety of personal data from identity theft, cyberattacks, hacking or unethical usage, the European Union has introduced new legislation to safeguard its citizens. The EU General Data Protection Regulation aims to standardise data privacy laws and mechanisms across industries, regardless of the nature or type of operations. Most importantly, GDPR aims to empower EU citizens by making them aware of the kind of data held by institutions and the rights of the individual to protect their personal information. All organisations must ensure compliance by 25^th May 2018.

While banks and other financial firms are no strangers to regulation, adhering to these requires the collection of large amounts of customer data, which is then collated and used for various activities, such as client or customer onboarding, relationship management, trade-booking, and accounting. During these processes, customer data is exposed to a large number of different people at different stages, and this is where GDPR comes in.

So, what does the introduction of GDPR actually mean for financial institutions and which areas should they be focussing on? Here Brickendon’s data experts take a look at five key areas of the GDPR legislation that will impact the sector.

1. Client Consent: Under the terms of GDPR, personal data refers to anything that could be used to identify an individual, such as name, email address, IP address, social media profiles or social security numbers. By explicitly mandating firms to gain consent (no automatic opt-in option) from customers about the personal data that is gathered, individuals know what information organisations are holding. Also, in the consent system, firms must clearly outline the purpose for which the data was collected and seek additional consent if firms want to share the information with third-parties. In short, the aim of GDPR is to ensure customers retain the rights over their own data.

2. Right to data erasure and right to be forgotten: GDPR empowers every EU citizen with the right to data privacy. Under the terms, individuals can request access to, or the removal of, their own personal data from banks without the need for any outside authorisation. This is known as Data Portability. Financial institutions may keep some data to ensure compliance with other regulations, but in all other circumstances where there is no valid justification, the individual’s right to be forgotten applies.

3. Consequences of a breach: Previously, firms were able to adopt their own protocols in the event of a data breach. Now however, GDPR mandates that data protection officers report any data breach to the supervisory authority of personal data within 72 hours. The notification should contain details regarding the nature of the breach, the categories and approximate number of individuals impacted, and contact information of the Data Protection Officer (DPO). Notification of the breach, the likely outcomes, and the remediation must also be sent to the impacted customer ‘without undue delays’.

Liability in the event of any breach is significant. For serious violations, such as failing to gain consent to process data or a breach of privacy by design, companies will be fined up to €20 million, or 4% of their global turnover (whichever is greater), while lesser violations, such as records not being in order or failure to notify the supervisory authorities, will incur fines of 2% of global turnover. These financial penalties are in addition to potential reputational damage and loss of future business.

4. Vendor management: IT systems form the backbone of every financial firm, with client data continually passing through multiple IT applications. Since GDPR is associated with client personal data, firms need to understand all data flows across their various systems. The increased trend towards outsourcing development and support functions means that personal client data is often accessed by external vendors, thus significantly increasing the data’s net exposure. Under GDPR, vendors cannot disassociate themselves from obligations towards data access. Similarly, non-EU organisations working in collaboration with EU banks or serving EU citizens need to ensure vigilance while sharing data across borders. GDPR in effect imposes end-to-end accountability to ensure client data stays well protected by enforcing not only the bank, but all its support functions to embrace compliance.

5. Pseudonymisation: GDPR applies to all potential client data wherever it is found, whether it’s in a live production environment, during the development process or in the middle of a testing programme. It is quite common to mask data across non-production environments to hide sensitive client data. Under GDPR, data must also be pseudonymised into artificial identifiers in the live production environment. These data-masking, or pseudonymisation rules aim to ensure the data access stays within the realms of the ‘need-to-know’ obligations.

Given the wide reach of the GDPR legislation, there is no doubt that financial organisations need to re-model their existing systems or create newer systems with the concept of ‘Privacy by Design’ embedded into their operating ideologies. With the close proximity of the compliance deadline – May 2018 – firms must do this now.

Failing to do at least one of the following now: a) identify client data access and capture points, b) collaborate with clients to gain consent for justified usage of personal data, or c) remediate data access breach issues, will in the long run not only cause financial pain, but also erode client confidence. A study published earlier this year by Close Brothers UK, found that an alarming 82% of the UK’s small and medium businesses were unaware of GDPR. Recognising the importance of GDPR and acting on it is therefore the need of the hour.

The Paradise Papers have revealed secret boltholes for many firms and individuals around the world, from sportsmen and the Queen to giants like Apple. But what are people’s thoughts on tax avoidance, which is very different from the illicit tax evasion? Tax avoidance has a large range of angles to consider, from investment to the moral dilemma of national tax, the spirit of the law, and of course financial protection.

Below Finance Monthly hears Your Thoughts on tax avoidance and offshore tax law loopholes, referencing the latest leaks and the information found therein, with experts from all round, covering various sectors.

Simon Browning, Partner, UHY Hacker Young:

The net is continuing to close in on a variety of tax planning and more information from the Paradise Papers will no doubt fuel HMRC’s efforts of collecting the tax gap.

In my opinion, there are two types of taxpayers who are getting caught up in the headline of ‘tax avoidance’:

“Those who have little awareness or understanding of the tax plans they have entered into through their advisors, although ignorance should not be a defence, of course; and
“Those who have knowingly relied upon tax planning that may have fallen within the letter of the law but perhaps not the spirit of it.

We are seeing many more arguments in the press about the moral position of taxpayers and it is clear the landscape has changed over the past five years or so, with tax avoidance appearing to be as abhorrent as tax evasion.

However, it is the courts that decide on tax matters and not the press, so we need to be careful not to tar everyone with the same brush and to allow informed decisions to be made through the correct channels.

The continuing change in landscape makes it very difficult for taxpayers and advisers to know where the line now is between acceptable tax planning and abusive avoidance.

It will be very interesting to see how HMRC and international tax authorities deal with the information from the Paradise Papers and whether they can successfully filter their way through commercial tax saving arrangements as compared to abuse of apparent loopholes.

Karl Pemberton, Managing Director, Active Chartered Financial Planners:

First and foremost, we must stress that we’re not ‘tax advisers’, albeit we do have a remit to consider taxation when advising clients on their investments.

The issue for us here is morality, as Tax Avoidance (or mitigation) is not illegal. Every client that invests within an ISA does so for the taxable benefits it brings. Similarly, so does a pension. If the tax breaks were not there, I doubt people would use them as they do. Investing offshore has always been a legitimate way of investing too, however some of the more complex schemes raised of late raises a question of morality, rather than legality.

I believe it’s the amounts involved that make it feel immoral to the majority of the general public. If, for example, we see someone who is taking home a large pay packet not paying the tax man the ‘fair’ amount, it makes people feel angry, as they’re already winning the lottery, as it were. The problem is, if it’s immoral to ‘legally avoid tax’ at all, the amounts should be irrelevant. This issue of morality, therefore, makes it impossible to police, as everyone has differing views.

If we’re saying that ‘avoiding tax’ at any level is wrong, then that should also mean the end to ISAs, pensions, and every accountancy business in the country, as this is their purpose in the end. It would become an absolute minefield.

Miles Dean, Managing Partner, Milestone International Tax:

It would be very surprising if the affairs of those individuals concerned were illegal or nefarious. It is the theft of the papers that is illegal.

Some of the documents relate to matters 75 years ago when the world was a very different place. Recent developments have made a significant impact on the use of tax havens, namely the common reporting standard (CRS) and FATCA. Both FATCA and CRS are automatic exchange of information protocols that mean privacy is no longer what it used to be.

Just because an individual makes an investment that is based offshore does not mean that they have done anything wrong – if they fail to disclose it (and the return they make) on their tax return then that’s tax evasion. But to make the quantum leap and suggest that everyone from the Queen to Bono is dodging tax because some of their investments are made via Bermuda, Cayman or Malta is stupidity on a grand scale.

Regarding Lord Ashcroft, if he is non-UK domiciled then he will benefit from the remittance basis of taxation. The fact that he took steps to mitigate his UK liability (legally) is a matter for him and his conscience, not the media.

The comments this morning by Shadow Chancellor John McDonnell are wide of the mark – imposing a withholding tax on dividends will not stop tax abuse - it would simply make the UK less competitive as a jurisdiction for large multinationals, at a time when we need to be more competitive than ever.

John McDonnell’s comments illustrate just how magnificently out of touch he is with reality. A worrying thought given he’s likely to be our next Chancellor.

Dr Daniel Cash, Lecturer in Law, Aston University:

Offshore investing, in very general terms and in order to provide a realism check, is legal. The ability to invest one’s funds offshore, traditionally in a small jurisdiction that does not have the most sophisticated regulatory structure, is noted as being a viable and useful investment strategy for a number of reasons. Whether it is to diversify one’s exposure to risk, to protect one’s assets from political variabilities (like war or political instability, for example), or to protect against market volatility, there are a number of benefits to investing offshore. However, ‘investing offshore’ masks a number of variances which really should be revealed: offshore investing may relate to an investment fund being ‘domiciled’ abroad, which is legal, but offshore investing is sometimes cited when people attempt to remove their income from tax authorities, which is not legal. Whilst some who are caught in the crosshairs of this latest scandals have not, necessarily, been accused of operating illegally, it is really the close connection between the business and political elite and these tax-avoiding schemes which is causing the scandal to have such an impact. Whilst allegations of illegality will likely be forthcoming, at the moment the focus is on both a. proximity between the scheme and the elite, and also b. the issue of declaration, as witnessed by the story enveloping Lord Ashcroft at the moment. Yet, the proximity-issue points to a much larger issue, and one which, rather regrettably, is difficult to paint in a positive manner.

The former British Prime Minister, David Cameron, once opined that tax avoidance – in relation to the comedian Jimmy Carr being outed as using an aggressive tax-avoidance scheme – is ‘morally wrong’, with his successor, Theresa May, vowing to combat tax-avoidance almost immediately after taking office. However, the first point to note is that it will be incredibly interesting to hear Theresa May’s responses to this latest leak, one which puts some of her Party’s most revered figures in the centre of the scandal (one doubts she will be as forthcoming this time). The second point is more abstract; the absolutely incredible amount of people and corporations caught up in this scandal can only tell us one thing: tax avoidance, or at least doing everything possible to reduce one’s tax burden, is inherent within society (particularly, rather obviously, for those with large reserves of funds). This should not really be revelatory, but the response to the Paradise Papers suggests that maybe it is. This latest instance of proof that influential people systematically ‘game the system’, should be the spark that initiates deep-rooted reform of the market-centred society we live in, but one should be able to realise how fanciful that thought is when looking at the impact of the Panama Papers; that is quite a way to end on the back of what, to all intents and purposes, should have been an era-defining revelation in its own right, but now represents par-for-the-course.

Nigar Hashimzade, PhD. Professor of Economics, Durham University Business School:

The recently leaked documents yet again brought to light offshore investments by firms and individuals, many of whom are politicians and celebrities. Most of the tax-reducing arrangements mentioned in these documents, however, are perfectly legal. Among many questions this may raise, two are “Is investing abroad a bad thing?” and “Do tax laws favour the rich? “

Investment in global financial markets is similar to global trade. Both remove territorial constraints to economic activities and bring benefits. Investing abroad should be thus no more objectionable than buying imported cars or imported vegetables. However, offshore opportunities are not available to the majority of taxpayers, - typically, they are for very large investments, - so the issue here is the underlying inequality of opportunities, rather than an evil nature of global markets.

According to the official statistics, in 2017/18 tax year the top one percent of UK taxpayers earned 12% of the total pre-tax income and paid 27.7% of the total income tax revenue. The bottom fifty percent earned 25.3% of total pre-tax income and contributed 9.7% of the total income tax revenues. In 1999-2000 these numbers were 11% and 21.3% for the top one percent, and for the bottom fifty percent they were 23.8% and 11.6%, respectively. This reflects growing progressivity of the UK personal income tax, which also appears to have outpaced the growth in income gap.

The pattern is even stronger in the United States. There, in 2014 the top one percent of taxpayers earned 20.58% of total income and paid 39.48% of all income taxes. The bottom fifty percent earned 11.27% of total income and contributed 2.75% of all income taxes. For each dollar earned, the top one percent taxpayers paid 27.1 cents in tax, whereas the taxpayers in the bottom fifty percent paid 3.5 cents, - a more than seven-fold difference.

Thus, a highly progressive income tax system in the UK and in the US leads to the highest burden of income tax falling on the richest taxpayers. What these numbers also tell us is that the income distribution in both countries is highly unequal. This is why rich taxpayers have opportunities unavailable to many, - in particular, they can afford incurring high costs of offshore investments that give them higher net returns. The task for the governments is to address the roots of inequality, and this goes far beyond changes in the tax law.

We would also love to hear more of Your Thoughts on this, so feel free to comment below and tell us what you think!

By Andy Barratt, Managing Principal Financial Services & Payment Solution Assessment at Coalfire

The fall-out from the Equifax hack has, understandably, focused on the millions of people who have had data stolen, but far less attention is being paid to the wider implications for the financial services industry.

Financial services providers, in particular, rely heavily on credit ratings to vet potential customers, with Equifax being one of the major providers of this information in the UK.

Businesses across the sector need to ask themselves whether they can consider the data they receive from Equifax is reliable. Pleading ignorance is not an option, now that the hack is public knowledge, and the onus is back on financial services providers themselves to ensure they are lending responsibly and securely.

It’s well known that the credit rating services provided by the likes of Equifax, Experian and Callcredit are integral to modern lending processes. The depth of information and immediacy they offer is, for many, simply not achievable otherwise. With this reliance in mind, the broader impact of the breach for the sector could be significant and long-lasting.

Should the extent of the breach be more far-reaching, it might be too late by the time the industry knows that records at Equifax have been manipulated.

The impact of the breach

The first, and more widely discussed, impact of the Equifax breach is the potential for the individuals whose data has been stolen to be a victim of identity fraud.

The number of people affected by this particular incident has been reported widely and is now reasonably understood to be in the millions. This puts an abundance of vital personal information at the fingertips of unscrupulous individuals across the globe.

The second key factor to consider is the systemic impact on the financial services industry. Especially in an environment where increasing amounts of business are carried out without any face-to-face interaction with the customer and automated, rapid decision making used.

For the growing number of online-only businesses, it can be very hard to know if an applicant is who they say they are – especially if the credit rating provided by a third party is potentially compromised. While the affected data will have been flagged as stolen, we don’t know if the cyber-thieves changed any of the original records at source.

If the source data at Equifax has been manipulated, false identities could go undiscovered giving fraudsters a greater chance of success. Stolen data can be used to create fake identities, falsify credit histories and enter into relationships with lenders that would otherwise not be possible.

Criminals could also have made individuals appear more credit-worthy than they are in reality. This might result in over lending to sub-prime or near sub-prime individuals in a manner that may well be judged irresponsible by regulators.

Of course, many lenders use multiple sources alongside their own records to verify loan applications.

But for those relying heavily (or solely) on Equifax data to support their decision making, it is vitally important to evaluate the level of dependence and whether a new approval process needs to be put in place.

Ensuring data reliability

At this stage, completely abandoning Equifax might be overcautious, but a review of how their data is utilised is a must.

Businesses need to start a dialogue with the credit ratings agency immediately. Equifax should be forced to disclose what measures have been put in place to alert both consumers and financial institutions to fraudulent data, how they are identifying the people affected and what new practices are being implemented to ensure data security and integrity in the future.

It will, of course, be down to individual companies to decide whether the evidence provided by Equifax is satisfactory.

If it is not, firms that rely heavily on this agency, should consider other partnerships so that data can be corroborated. Anomalies can be identified by comparing information provided by two or more ratings agencies, potentially uncovering a fraudulent application.

In this vein, firms may also be able to further leverage existing customer data to sense check a new application. For example, if an existing customer’s circumstances or credit worthiness change drastically from one application to the next, this should raise flags.

Common-sense checks such as this are an interim measure, but will help judge the reliability of data while assurances from Equifax are sought and more long-term strategies put in place.

Long term, it will be up to the regulators to decide if Equifax can really be relied upon by the global financial services community. Any rulings or advice on Equifax’s reliability could have significant implications for the financial services industry’s dependency on a small number of credit rating agencies.

If Equifax’s trustworthiness is called into question, it could be a tipping point that opens the door to a new type of ratings agency.

Financial services is in a transformative phase with new ‘challengers’ emerging all the time. Online-only banks like Monzo are capitalising in an industry that is already amenable to change. The sector should watch on with interest for comment from the FCA that could impact Equifax’s role and keep an eye out for potential partnerships should new rating providers enter the market.

The truth is that Equifax and the service it provides is deeply entwined with the financial services sector. So much so that wider implications from the data breach are inevitable. It’s fundamental now that the sector ascertains whether its lending processes are still reliable and make the necessary changes if they are not.

About the Author

Andy Barratt is Managing Principal for Financial Services and Payment Solution Assessment at Coalfire, a cyber security consultancy which works with many businesses across the financial services sector.

Website: https://www.coalfire.com/

Now that CMOs have a seat at the revenue table, there is also pressure to prove ROI. Since the only true measure of ROI is sales, it’s imperative that the marketing and sales leaders are aligned around key objectives and goals to truly prove their contributions to the bottom line. Here Rishi Dave, CMO at Dun & Bradstreet, talks Finance Monthly through the matter.

While sales and marketing teams have made great strides in recent years to better align their outreach to customers, there is still a huge disconnect between the teams and, more importantly, between sales and marketing and the customer. Our recent study showed that, despite increases in new technologies and a proliferation of data and insights, 57% of marketers still find their biggest challenge to be identifying their target customer and the average sales person spends over two hours researching a prospect before making contact. Why are those numbers not improving in lock step with the growth of sales and marketing enablement technologies?

One reason could be the lack of alignment between the sales and marketing departments. And I don’t just mean the age-old disagreement of what’s a good lead and what is considered an opportunity. While those things are important, businesses in this digital world really have to consider aligning around the most foundational element the companies have – and that’s data.

Especially in an environment like Fintech, where we’re dealing with a vast, untapped or underserved community of small businesses, it’s crucial that marketing and sales are aligned on the definition of the B2B prospect – who are our best customers, and where will we find more of them. It’s not just a lead list of businesses and locations: it’s crucial to understand the key factors that will drive a positive sales and marketing engagement, and increase the chance of sales conversion. Factors such as:

Target profile (age, size, line of business);
Risk / credit worthiness;
Changes in behavior (growth, decline, event triggers, etc.);
Business family relationships.

In the best of circumstances, using analytics, existing customer profiles based on known behaviour, and unknown behaviour from alternative data sources, all brought together to the business entity level, can be used to create advanced marketing models that will target best prospects with precision.

Businesses can also ensure alignment by implementing a master data strategy across the organisation. This may sound daunting, but all it really means is making sure the data you have is structured, cleansed and connected across the company so that insights can be surfaced to the right people at the right time in order to make better business decisions. And, you can start easily by cleaning one app, like CRM, and growing from there.

With a connected view of all customers and prospects, sales and marketing teams are able to make better holistic decisions about each account- decisions which can lead to revenue growth – the ultimate proof of ROI.

By Christopher Hillman, Principal Data Scientist at Think Big Analytics, a Teradata Company

Insurance fraud is a growing problem which many insurers have begun to dedicate new departments and whopping budgets to try and tackle. Huge amounts of time and effort is now spent detecting fraud before paying claims to avoid the complexity and expense of recovering a loss – insurance companies certainly don’t want to pay out claims only then to realise they are fake.

Previously, this process involved manually and laboriously going through masses of individual claims while looking out for suspicious activity, creating a large drain on time, revenue and resources. Now, much of that backend research is being completed faster utilising data and analytics, thereby improving the productivity and efficiency of processes while keeping costs down. Despite this, a significant amount of data that might be meaningful never gets analysed and often, advanced analysts still need to be brought in to uncover meaning from results.

Fraud Invaders: a business case

Imagine being able to cut directly to the chase, removing the human effort needed to tackle huge numbers of worksheets to view potentially fraudulent activity. With advanced analytics and visualisation techniques, this is now possible. To demonstrate, let’s look at a business case called Fraud Invaders.

This case aimed to solve an insurer’s crucial business challenge by discovering a new way to focus on a tighter subset of cases to drive fraud investigation efficiency. To begin, claims documents that had been filled out and submitted by the insurer’s customers were collected, some of which were known to be fraudulent. These known cases of fraud were flagged and put through text mining to extract anything that was a clear identifier such as a bank account, email address or phone number. Following this process, analytics were used to uncover correlations between claims.

With this output, a data visualisation (or network graph) was put together. The resulting image, like the one included below, was made up of dots which represent individual claims, with lines which draw data connections between two or more claim documents. An example of a fraud indicator can be monthly insurance payments from the same bank account: chances are the separate claims belong to the same person or are three different people working together to commit fraud.

Not just a pretty picture: how it works

There’s more to see than initially (and appealingly) meets the eye. The dot clusters visible in the image show us who the “fraud invaders” are. The larger and more apparently connected the cluster, the greater the likelihood of fraudulent activity: this ability to gauge the potential for fraud based on the size of dots and amount of connections can be carried out with the need for little more than a quick look.

Using graphs like these as a foundation, claims teams can identify likely suspects and focus their investigations on these groups. Although not all suspects pulled out will turn out to be fraudsters, far less time, revenue and resources will have been required for this process in comparison to traditional, manual methods. In addition, incidents that may have previously slipped through the net may now be uncovered.

Uncapped opportunity: lessons from Fraud Invaders

In addition to helping insurers to identify fraudulent activity, advanced analytics and visualisation can also reveal networks of people and strong influencers who can assist businesses in attracting new customers, or cause them to lose them. This branch of data science, known as “Social Network Analysis” (not to be confused with Social Media) is a powerful technique that requires true multi-genre analytics. A variety of individual techniques are required to produce a model of a customers’ social network including text mining, fuzzy matching, time series processing and graph analytics. By traversing a persons’ network graph, claim teams can see who they are connected with and who they are influenced by when making decisions such as a purchase or switching services.

Overall, regardless of the desired outcome, Fraud Invaders offers a good lesson to businesses in how to achieve what they want: begin with a solution – rather than just a problem – in mind.

Website: http://www.teradata.com/

Deloitte appears to be the latest in a series of large multi-national companies becoming the victim of serious cyber breaches.

A report by the Guardian newspaper has revealed that the accountancy giant computers were discovered to have been hacked in March this year, although there are suggestions that the hack could have occurred as long ago as October 2016.

The news comes as several US companies are reporting large scales cyber security issues. Equifax and the SEC have both recently suffered embarrassing and potentially devastating hacks which have resulted in huge amounts of company data being compromised.

While the scale of the Deloitte hack is not yet known, the accountancy firm works for a vast amount of companies and governments around the world, providing tax consultancy and audits, all who have vital and confidential data held by the company. It appears that the main attack has been focused on the US arm of Deloitte, although there have been indications that it may affect companies in other countries.

The leak is said to have stemmed from the use of the company’s cloud storage system, where they store nearly 250,000 client emails. The hackers entered through an administrator password and reports suggest that this could have allowed them full access to all the information stored in the cloud.

Deloitte have sought to play down the hack in a statement which cited that there have been “very few impacted clients”. A spokesman is quoted as saying: “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

Deloitte have taken steps to not only plug the leak, but to locate the source of the hack and earlier this year employed top US law firm Hogan Lovells to launch a special investigation on their behalf.

The hack will also serve as an embarrassment to a company who were voted Best Cybersecurity Consultants in the World in 2012.

While the full scale of the attack is not yet known, Deloitte will hope that they will not suffer the same fate as Equifax, whose share price fell 32% during the fallout of their cyber breach.

Following an internal review, SEC Chairman Jay Clayton revealed that the organisation had been the victim of “Malicious attacks”. The revelation came in a 4,000-word statement released on Wednesday and caused concerns among those on the trading floor.

The Securities and Exchange Commission is responsible for handling almost 1.7 million financial market disclosure documents a year through its EDGAR system, which was revealed as the source of the leak. The admission will be a source of embarrassment for the SEC, whose mission statement is to ‘protect investors’. Clayton’s statement confirmed that the leak was discovered and subsequently fixed in 2016. However, last month they discovered that the breach may have resulted in people being able to use the data acquired in the hack to illegally make profits on the stock market.

In addition to the cyber hack, Clayton’s statement also confirmed the use of private e-mails being used to transmit confidential data and that a number of SEC laptops that may contain confidential data are missing.

Wall Street has been suitably dismayed by the leak, given the potential risks that have been thrust upon it by the very organisation that is tasked with policing trades. However, the cyber breach will not come as a surprise to many within the government who have previously raised concerns about the SEC’s security systems in the past, including the Department of Homeland security who reportedly discovered five “critical” weaknesses in their system as recently as the start of 2017.

The US markets are already on edge, following the recent Equifax data breach which resulted in the leak of 143 million consumer records and is the subject of increased scrutiny and at least one Federal investigation.

In a bid to restore faith in the institution, Clayton has given his assurances that the SEC is taking cyber security seriously; he stated that: "The Commission will continue to prioritize its efforts to promote effective cybersecurity practices within the Commission itself and with respect to the markets and market participants it oversees," and that all steps are being taken to ensure there is not a repeat of a leak.

The move is a further indication that large financial companies and institutions are under increasing threat from cyber hacks. The SEC statement did not specify who was behind the breach, but recently countries such as Russia and North Korea have been linked to several high-profile hacks on large organisations.

Clayton and the SEC will need to ensure that it does not fall victim again if it is to rebuild its significantly damaged reputation on Wall Street.

Here Christopher Hillman, Principal Data Scientist at Think Big Analytics, A Teradata Company, delves deep into the processes banks use to identify fraud and the culprits within the system.

Fraud Invaders: a business case

Not just a pretty picture: how it works

Uncapped opportunity: lessons from Fraud Invaders

Overall, regardless of the desired outcome, Fraud Invaders offers a good lesson to businesses in how to achieve what they want: begin with a solution – rather than just a problem – in mind.

About Finance Monthly

Follow Finance Monthly

About Finance Monthly

Follow Finance Monthly

Get our free weekly FM email