The Top 5 Impacts of GDPR on Financial Services

The clock is ticking to the 2018 deadline to comply with the EU General Data Protection Regulation (GDPR). Acting now is critical for firms to avoid risking fines of €20m (or 4% of annual revenue) so advance planning and preparation is essential. Here Nathan Snyder, Partner at Brickendon, lists for Finance Monthly the top five considerations and impacts GDPR will have on financial services.

Amidst growing concerns around the safety of personal data from identity theft, cyberattacks, hacking or unethical usage, the European Union has introduced new legislation to safeguard its citizens. The EU General Data Protection Regulation aims to standardise data privacy laws and mechanisms across industries, regardless of the nature or type of operations. Most importantly, GDPR aims to empower EU citizens by making them aware of the kind of data held by institutions and the rights of the individual to protect their personal information. All organisations must ensure compliance by 25^th May 2018.

While banks and other financial firms are no strangers to regulation, adhering to these requires the collection of large amounts of customer data, which is then collated and used for various activities, such as client or customer onboarding, relationship management, trade-booking, and accounting. During these processes, customer data is exposed to a large number of different people at different stages, and this is where GDPR comes in.

So, what does the introduction of GDPR actually mean for financial institutions and which areas should they be focussing on? Here Brickendon’s data experts take a look at five key areas of the GDPR legislation that will impact the sector.

1. Client Consent: Under the terms of GDPR, personal data refers to anything that could be used to identify an individual, such as name, email address, IP address, social media profiles or social security numbers. By explicitly mandating firms to gain consent (no automatic opt-in option) from customers about the personal data that is gathered, individuals know what information organisations are holding. Also, in the consent system, firms must clearly outline the purpose for which the data was collected and seek additional consent if firms want to share the information with third-parties. In short, the aim of GDPR is to ensure customers retain the rights over their own data.

2. Right to data erasure and right to be forgotten: GDPR empowers every EU citizen with the right to data privacy. Under the terms, individuals can request access to, or the removal of, their own personal data from banks without the need for any outside authorisation. This is known as Data Portability. Financial institutions may keep some data to ensure compliance with other regulations, but in all other circumstances where there is no valid justification, the individual’s right to be forgotten applies.

3. Consequences of a breach: Previously, firms were able to adopt their own protocols in the event of a data breach. Now however, GDPR mandates that data protection officers report any data breach to the supervisory authority of personal data within 72 hours. The notification should contain details regarding the nature of the breach, the categories and approximate number of individuals impacted, and contact information of the Data Protection Officer (DPO). Notification of the breach, the likely outcomes, and the remediation must also be sent to the impacted customer ‘without undue delays’.

Liability in the event of any breach is significant. For serious violations, such as failing to gain consent to process data or a breach of privacy by design, companies will be fined up to €20 million, or 4% of their global turnover (whichever is greater), while lesser violations, such as records not being in order or failure to notify the supervisory authorities, will incur fines of 2% of global turnover. These financial penalties are in addition to potential reputational damage and loss of future business.

4. Vendor management: IT systems form the backbone of every financial firm, with client data continually passing through multiple IT applications. Since GDPR is associated with client personal data, firms need to understand all data flows across their various systems. The increased trend towards outsourcing development and support functions means that personal client data is often accessed by external vendors, thus significantly increasing the data’s net exposure. Under GDPR, vendors cannot disassociate themselves from obligations towards data access. Similarly, non-EU organisations working in collaboration with EU banks or serving EU citizens need to ensure vigilance while sharing data across borders. GDPR in effect imposes end-to-end accountability to ensure client data stays well protected by enforcing not only the bank, but all its support functions to embrace compliance.

5. Pseudonymisation: GDPR applies to all potential client data wherever it is found, whether it’s in a live production environment, during the development process or in the middle of a testing programme. It is quite common to mask data across non-production environments to hide sensitive client data. Under GDPR, data must also be pseudonymised into artificial identifiers in the live production environment. These data-masking, or pseudonymisation rules aim to ensure the data access stays within the realms of the ‘need-to-know’ obligations.

Given the wide reach of the GDPR legislation, there is no doubt that financial organisations need to re-model their existing systems or create newer systems with the concept of ‘Privacy by Design’ embedded into their operating ideologies. With the close proximity of the compliance deadline – May 2018 – firms must do this now.

Failing to do at least one of the following now: a) identify client data access and capture points, b) collaborate with clients to gain consent for justified usage of personal data, or c) remediate data access breach issues, will in the long run not only cause financial pain, but also erode client confidence. A study published earlier this year by Close Brothers UK, found that an alarming 82% of the UK’s small and medium businesses were unaware of GDPR. Recognising the importance of GDPR and acting on it is therefore the need of the hour.

The Paradise Papers have revealed secret boltholes for many firms and individuals around the world, from sportsmen and the Queen to giants like Apple. But what are people’s thoughts on tax avoidance, which is very different from the illicit tax evasion? Tax avoidance has a large range of angles to consider, from investment to the moral dilemma of national tax, the spirit of the law, and of course financial protection.

Below Finance Monthly hears Your Thoughts on tax avoidance and offshore tax law loopholes, referencing the latest leaks and the information found therein, with experts from all round, covering various sectors.

Simon Browning, Partner, UHY Hacker Young:

The net is continuing to close in on a variety of tax planning and more information from the Paradise Papers will no doubt fuel HMRC’s efforts of collecting the tax gap.

In my opinion, there are two types of taxpayers who are getting caught up in the headline of ‘tax avoidance’:

• “Those who have little awareness or understanding of the tax plans they have entered into through their advisors, although ignorance should not be a defence, of course; and
• “Those who have knowingly relied upon tax planning that may have fallen within the letter of the law but perhaps not the spirit of it.

We are seeing many more arguments in the press about the moral position of taxpayers and it is clear the landscape has changed over the past five years or so, with tax avoidance appearing to be as abhorrent as tax evasion.

However, it is the courts that decide on tax matters and not the press, so we need to be careful not to tar everyone with the same brush and to allow informed decisions to be made through the correct channels.

The continuing change in landscape makes it very difficult for taxpayers and advisers to know where the line now is between acceptable tax planning and abusive avoidance.

It will be very interesting to see how HMRC and international tax authorities deal with the information from the Paradise Papers and whether they can successfully filter their way through commercial tax saving arrangements as compared to abuse of apparent loopholes.

Karl Pemberton, Managing Director, Active Chartered Financial Planners:

First and foremost, we must stress that we’re not ‘tax advisers’, albeit we do have a remit to consider taxation when advising clients on their investments.

The issue for us here is morality, as Tax Avoidance (or mitigation) is not illegal. Every client that invests within an ISA does so for the taxable benefits it brings. Similarly, so does a pension. If the tax breaks were not there, I doubt people would use them as they do. Investing offshore has always been a legitimate way of investing too, however some of the more complex schemes raised of late raises a question of morality, rather than legality.

I believe it’s the amounts involved that make it feel immoral to the majority of the general public. If, for example, we see someone who is taking home a large pay packet not paying the tax man the ‘fair’ amount, it makes people feel angry, as they’re already winning the lottery, as it were. The problem is, if it’s immoral to ‘legally avoid tax’ at all, the amounts should be irrelevant. This issue of morality, therefore, makes it impossible to police, as everyone has differing views.

If we’re saying that ‘avoiding tax’ at any level is wrong, then that should also mean the end to ISAs, pensions, and every accountancy business in the country, as this is their purpose in the end. It would become an absolute minefield.

Miles Dean, Managing Partner, Milestone International Tax:

It would be very surprising if the affairs of those individuals concerned were illegal or nefarious. It is the theft of the papers that is illegal.

Some of the documents relate to matters 75 years ago when the world was a very different place. Recent developments have made a significant impact on the use of tax havens, namely the common reporting standard (CRS) and FATCA. Both FATCA and CRS are automatic exchange of information protocols that mean privacy is no longer what it used to be.

Just because an individual makes an investment that is based offshore does not mean that they have done anything wrong – if they fail to disclose it (and the return they make) on their tax return then that’s tax evasion. But to make the quantum leap and suggest that everyone from the Queen to Bono is dodging tax because some of their investments are made via Bermuda, Cayman or Malta is stupidity on a grand scale.

Regarding Lord Ashcroft, if he is non-UK domiciled then he will benefit from the remittance basis of taxation. The fact that he took steps to mitigate his UK liability (legally) is a matter for him and his conscience, not the media.

The comments this morning by Shadow Chancellor John McDonnell are wide of the mark – imposing a withholding tax on dividends will not stop tax abuse - it would simply make the UK less competitive as a jurisdiction for large multinationals, at a time when we need to be more competitive than ever.

John McDonnell’s comments illustrate just how magnificently out of touch he is with reality. A worrying thought given he’s likely to be our next Chancellor.

Dr Daniel Cash, Lecturer in Law, Aston University:

Offshore investing, in very general terms and in order to provide a realism check, is legal. The ability to invest one’s funds offshore, traditionally in a small jurisdiction that does not have the most sophisticated regulatory structure, is noted as being a viable and useful investment strategy for a number of reasons. Whether it is to diversify one’s exposure to risk, to protect one’s assets from political variabilities (like war or political instability, for example), or to protect against market volatility, there are a number of benefits to investing offshore. However, ‘investing offshore’ masks a number of variances which really should be revealed: offshore investing may relate to an investment fund being ‘domiciled’ abroad, which is legal, but offshore investing is sometimes cited when people attempt to remove their income from tax authorities, which is not legal. Whilst some who are caught in the crosshairs of this latest scandals have not, necessarily, been accused of operating illegally, it is really the close connection between the business and political elite and these tax-avoiding schemes which is causing the scandal to have such an impact. Whilst allegations of illegality will likely be forthcoming, at the moment the focus is on both a. proximity between the scheme and the elite, and also b. the issue of declaration, as witnessed by the story enveloping Lord Ashcroft at the moment. Yet, the proximity-issue points to a much larger issue, and one which, rather regrettably, is difficult to paint in a positive manner.

The former British Prime Minister, David Cameron, once opined that tax avoidance – in relation to the comedian Jimmy Carr being outed as using an aggressive tax-avoidance scheme – is ‘morally wrong’, with his successor, Theresa May, vowing to combat tax-avoidance almost immediately after taking office. However, the first point to note is that it will be incredibly interesting to hear Theresa May’s responses to this latest leak, one which puts some of her Party’s most revered figures in the centre of the scandal (one doubts she will be as forthcoming this time). The second point is more abstract; the absolutely incredible amount of people and corporations caught up in this scandal can only tell us one thing: tax avoidance, or at least doing everything possible to reduce one’s tax burden, is inherent within society (particularly, rather obviously, for those with large reserves of funds). This should not really be revelatory, but the response to the Paradise Papers suggests that maybe it is. This latest instance of proof that influential people systematically ‘game the system’, should be the spark that initiates deep-rooted reform of the market-centred society we live in, but one should be able to realise how fanciful that thought is when looking at the impact of the Panama Papers; that is quite a way to end on the back of what, to all intents and purposes, should have been an era-defining revelation in its own right, but now represents par-for-the-course.

Nigar Hashimzade, PhD. Professor of Economics, Durham University Business School:

The recently leaked documents yet again brought to light offshore investments by firms and individuals, many of whom are politicians and celebrities. Most of the tax-reducing arrangements mentioned in these documents, however, are perfectly legal. Among many questions this may raise, two are “Is investing abroad a bad thing?” and “Do tax laws favour the rich?       “

Investment in global financial markets is similar to global trade. Both remove territorial constraints to economic activities and bring benefits. Investing abroad should be thus no more objectionable than buying imported cars or imported vegetables. However, offshore opportunities are not available to the majority of taxpayers, - typically, they are for very large investments, - so the issue here is the underlying inequality of opportunities, rather than an evil nature of global markets.

According to the official statistics, in 2017/18 tax year the top one percent of UK taxpayers earned 12% of the total pre-tax income and paid 27.7% of the total income tax revenue. The bottom fifty percent earned 25.3% of total pre-tax income and contributed 9.7% of the total income tax revenues. In 1999-2000 these numbers were 11% and 21.3% for the top one percent, and for the bottom fifty percent they were 23.8% and 11.6%, respectively. This reflects growing progressivity of the UK personal income tax, which also appears to have outpaced the growth in income gap.

The pattern is even stronger in the United States. There, in 2014 the top one percent of taxpayers earned 20.58% of total income and paid 39.48% of all income taxes. The bottom fifty percent earned 11.27% of total income and contributed 2.75% of all income taxes. For each dollar earned, the top one percent taxpayers paid 27.1 cents in tax, whereas the taxpayers in the bottom fifty percent paid 3.5 cents, - a more than seven-fold difference.

Thus, a highly progressive income tax system in the UK and in the US leads to the highest burden of income tax falling on the richest taxpayers. What these numbers also tell us is that the income distribution in both countries is highly unequal. This is why rich taxpayers have opportunities unavailable to many, - in particular, they can afford incurring high costs of offshore investments that give them higher net returns. The task for the governments is to address the roots of inequality, and this goes far beyond changes in the tax law.

We would also love to hear more of Your Thoughts on this, so feel free to comment below and tell us what you think!

By Andy Barratt, Managing Principal Financial Services & Payment Solution Assessment at Coalfire

The fall-out from the Equifax hack has, understandably, focused on the millions of people who have had data stolen, but far less attention is being paid to the wider implications for the financial services industry.

Financial services providers, in particular, rely heavily on credit ratings to vet potential customers, with Equifax being one of the major providers of this information in the UK.

Businesses across the sector need to ask themselves whether they can consider the data they receive from Equifax is reliable. Pleading ignorance is not an option, now that the hack is public knowledge, and the onus is back on financial services providers themselves to ensure they are lending responsibly and securely.

 It’s well known that the credit rating services provided by the likes of Equifax, Experian and Callcredit are integral to modern lending processes. The depth of information and immediacy they offer is, for many, simply not achievable otherwise. With this reliance in mind, the broader impact of the breach for the sector could be significant and long-lasting.

Should the extent of the breach be more far-reaching, it might be too late by the time the industry knows that records at Equifax have been manipulated.

The impact of the breach

The first, and more widely discussed, impact of the Equifax breach is the potential for the individuals whose data has been stolen to be a victim of identity fraud.

 The number of people affected by this particular incident has been reported widely and is now reasonably understood to be in the millions. This puts an abundance of vital personal information at the fingertips of unscrupulous individuals across the globe.

 The second key factor to consider is the systemic impact on the financial services industry. Especially in an environment where increasing amounts of business are carried out without any face-to-face interaction with the customer and automated, rapid decision making used.

 For the growing number of online-only businesses, it can be very hard to know if an applicant is who they say they are – especially if the credit rating provided by a third party is potentially compromised. While the affected data will have been flagged as stolen, we don’t know if the cyber-thieves changed any of the original records at source.

 If the source data at Equifax has been manipulated, false identities could go undiscovered giving fraudsters a greater chance of success. Stolen data can be used to create fake identities, falsify credit histories and enter into relationships with lenders that would otherwise not be possible.

 Criminals could also have made individuals appear more credit-worthy than they are in reality. This might result in over lending to sub-prime or near sub-prime individuals in a manner that may well be judged irresponsible by regulators.

 Of course, many lenders use multiple sources alongside their own records to verify loan applications.

But for those relying heavily (or solely) on Equifax data to support their decision making, it is vitally important to evaluate the level of dependence and whether a new approval process needs to be put in place.

Ensuring data reliability

At this stage, completely abandoning Equifax might be overcautious, but a review of how their data is utilised is a must.

Businesses need to start a dialogue with the credit ratings agency immediately. Equifax should be forced to disclose what measures have been put in place to alert both consumers and financial institutions to fraudulent data, how they are identifying the people affected and what new practices are being implemented to ensure data security and integrity in the future.

It will, of course, be down to individual companies to decide whether the evidence provided by Equifax is satisfactory.

If it is not, firms that rely heavily on this agency, should consider other partnerships so that data can be corroborated. Anomalies can be identified by comparing information provided by two or more ratings agencies, potentially uncovering a fraudulent application.

In this vein, firms may also be able to further leverage existing customer data to sense check a new application. For example, if an existing customer’s circumstances or credit worthiness change drastically from one application to the next, this should raise flags.

Common-sense checks such as this are an interim measure, but will help judge the reliability of data while assurances from Equifax are sought and more long-term strategies put in place.

Long term, it will be up to the regulators to decide if Equifax can really be relied upon by the global financial services community. Any rulings or advice on Equifax’s reliability could have significant implications for the financial services industry’s dependency on a small number of credit rating agencies.

If Equifax’s trustworthiness is called into question, it could be a tipping point that opens the door to a new type of ratings agency.

Financial services is in a transformative phase with new ‘challengers’ emerging all the time. Online-only banks like Monzo are capitalising in an industry that is already amenable to change. The sector should watch on with interest for comment from the FCA that could impact Equifax’s role and keep an eye out for potential partnerships should new rating providers enter the market.

The truth is that Equifax and the service it provides is deeply entwined with the financial services sector. So much so that wider implications from the data breach are inevitable. It’s fundamental now that the sector ascertains whether its lending processes are still reliable and make the necessary changes if they are not.

About the Author

Andy Barratt is Managing Principal for Financial Services and Payment Solution Assessment at Coalfire, a cyber security consultancy which works with many businesses across the financial services sector.

Website: https://www.coalfire.com/

Now that CMOs have a seat at the revenue table, there is also pressure to prove ROI. Since the only true measure of ROI is sales, it’s imperative that the marketing and sales leaders are aligned around key objectives and goals to truly prove their contributions to the bottom line. Here Rishi Dave, CMO at Dun & Bradstreet, talks Finance Monthly through the matter.

While sales and marketing teams have made great strides in recent years to better align their outreach to customers, there is still a huge disconnect between the teams and, more importantly, between sales and marketing and the customer. Our recent study showed that, despite increases in new technologies and a proliferation of data and insights, 57% of marketers still find their biggest challenge to be identifying their target customer and the average sales person spends over two hours researching a prospect before making contact. Why are those numbers not improving in lock step with the growth of sales and marketing enablement technologies?

One reason could be the lack of alignment between the sales and marketing departments. And I don’t just mean the age-old disagreement of what’s a good lead and what is considered an opportunity. While those things are important, businesses in this digital world really have to consider aligning around the most foundational element the companies have – and that’s data.

Especially in an environment like Fintech, where we’re dealing with a vast, untapped or underserved community of small businesses, it’s crucial that marketing and sales are aligned on the definition of the B2B prospect – who are our best customers, and where will we find more of them. It’s not just a lead list of businesses and locations: it’s crucial to understand the key factors that will drive a positive sales and marketing engagement, and increase the chance of sales conversion. Factors such as:

• Target profile (age, size, line of business);
• Risk / credit worthiness;
• Changes in behavior (growth, decline, event triggers, etc.);
• Business family relationships.

In the best of circumstances, using analytics, existing customer profiles based on known behaviour, and unknown behaviour from alternative data sources, all brought together to the business entity level, can be used to create advanced marketing models that will target best prospects with precision.

Businesses can also ensure alignment by implementing a master data strategy across the organisation. This may sound daunting, but all it really means is making sure the data you have is structured, cleansed and connected across the company so that insights can be surfaced to the right people at the right time in order to make better business decisions. And, you can start easily by cleaning one app, like CRM, and growing from there.

With a connected view of all customers and prospects, sales and marketing teams are able to make better holistic decisions about each account- decisions which can lead to revenue growth – the ultimate proof of ROI.

By Christopher Hillman, Principal Data Scientist at Think Big Analytics, a Teradata Company

Insurance fraud is a growing problem which many insurers have begun to dedicate new departments and whopping budgets to try and tackle. Huge amounts of time and effort is now spent detecting fraud before paying claims to avoid the complexity and expense of recovering a loss – insurance companies certainly don’t want to pay out claims only then to realise they are fake.

Previously, this process involved manually and laboriously going through masses of individual claims while looking out for suspicious activity, creating a large drain on time, revenue and resources. Now, much of that backend research is being completed faster utilising data and analytics, thereby improving the productivity and efficiency of processes while keeping costs down. Despite this, a significant amount of data that might be meaningful never gets analysed and often, advanced analysts still need to be brought in to uncover meaning from results.

Fraud Invaders: a business case

Imagine being able to cut directly to the chase, removing the human effort needed to tackle huge numbers of worksheets to view potentially fraudulent activity. With advanced analytics and visualisation techniques, this is now possible. To demonstrate, let’s look at a business case called Fraud Invaders.

This case aimed to solve an insurer’s crucial business challenge by discovering a new way to focus on a tighter subset of cases to drive fraud investigation efficiency. To begin, claims documents that had been filled out and submitted by the insurer’s customers were collected, some of which were known to be fraudulent. These known cases of fraud were flagged and put through text mining to extract anything that was a clear identifier such as a bank account, email address or phone number. Following this process, analytics were used to uncover correlations between claims.

With this output, a data visualisation (or network graph) was put together. The resulting image, like the one included below, was made up of dots which represent individual claims, with lines which draw data connections between two or more claim documents. An example of a fraud indicator can be monthly insurance payments from the same bank account: chances are the separate claims belong to the same person or are three different people working together to commit fraud.

Not just a pretty picture: how it works

There’s more to see than initially (and appealingly) meets the eye. The dot clusters visible in the image show us who the “fraud invaders” are. The larger and more apparently connected the cluster, the greater the likelihood of fraudulent activity: this ability to gauge the potential for fraud based on the size of dots and amount of connections can be carried out with the need for little more than a quick look.

Using graphs like these as a foundation, claims teams can identify likely suspects and focus their investigations on these groups. Although not all suspects pulled out will turn out to be fraudsters, far less time, revenue and resources will have been required for this process in comparison to traditional, manual methods. In addition, incidents that may have previously slipped through the net may now be uncovered.

Uncapped opportunity: lessons from Fraud Invaders

In addition to helping insurers to identify fraudulent activity, advanced analytics and visualisation can also reveal networks of people and strong influencers who can assist businesses in attracting new customers, or cause them to lose them. This branch of data science, known as “Social Network Analysis” (not to be confused with Social Media) is a powerful technique that requires true multi-genre analytics. A variety of individual techniques are required to produce a model of a customers’ social network including text mining, fuzzy matching, time series processing and graph analytics. By traversing a persons’ network graph, claim teams can see who they are connected with and who they are influenced by when making decisions such as a purchase or switching services.

Overall, regardless of the desired outcome, Fraud Invaders offers a good lesson to businesses in how to achieve what they want: begin with a solution – rather than just a problem – in mind.

Website: http://www.teradata.com/

Deloitte appears to be the latest in a series of large multi-national companies becoming the victim of serious cyber breaches.

A report by the Guardian newspaper has revealed that the accountancy giant computers were discovered to have been hacked in March this year, although there are suggestions that the hack could have occurred as long ago as October 2016.

The news comes as several US companies are reporting large scales cyber security issues. Equifax and the SEC have both recently suffered embarrassing and potentially devastating hacks which have resulted in huge amounts of company data being compromised.

While the scale of the Deloitte hack is not yet known, the accountancy firm works for a vast amount of companies and governments around the world, providing tax consultancy and audits, all who have vital and confidential data held by the company. It appears that the main attack has been focused on the US arm of Deloitte, although there have been indications that it may affect companies in other countries.

The leak is said to have stemmed from the use of the company’s cloud storage system, where they store nearly 250,000 client emails. The hackers entered through an administrator password and reports suggest that this could have allowed them full access to all the information stored in the cloud.

Deloitte have sought to play down the hack in a statement which cited that there have been “very few impacted clients”. A spokesman is quoted as saying: “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

Deloitte have taken steps to not only plug the leak, but to locate the source of the hack and earlier this year employed top US law firm Hogan Lovells to launch a special investigation on their behalf.

The hack will also serve as an embarrassment to a company who were voted Best Cybersecurity Consultants in the World in 2012.

While the full scale of the attack is not yet known, Deloitte will hope that they will not suffer the same fate as Equifax, whose share price fell 32% during the fallout of their cyber breach.

Following an internal review, SEC Chairman Jay Clayton revealed that the organisation had been the victim of “Malicious attacks”. The revelation came in a 4,000-word statement released on Wednesday and caused concerns among those on the trading floor.

The Securities and Exchange Commission is responsible for handling almost 1.7 million financial market disclosure documents a year through its EDGAR system, which was revealed as the source of the leak. The admission will be a source of embarrassment for the SEC, whose mission statement is to ‘protect investors’. Clayton’s statement confirmed that the leak was discovered and subsequently fixed in 2016. However, last month they discovered that the breach may have resulted in people being able to use the data acquired in the hack to illegally make profits on the stock market.

In addition to the cyber hack, Clayton’s statement also confirmed the use of private e-mails being used to transmit confidential data and that a number of SEC laptops that may contain confidential data are missing.

Wall Street has been suitably dismayed by the leak, given the potential risks that have been thrust upon it by the very organisation that is tasked with policing trades. However, the cyber breach will not come as a surprise to many within the government who have previously raised concerns about the SEC’s security systems in the past, including the Department of Homeland security who reportedly discovered five “critical” weaknesses in their system as recently as the start of 2017.

The US markets are already on edge, following the recent Equifax data breach which resulted in the leak of 143 million consumer records and is the subject of increased scrutiny and at least one Federal investigation.

In a bid to restore faith in the institution, Clayton has given his assurances that the SEC is taking cyber security seriously; he stated that: "The Commission will continue to prioritize its efforts to promote effective cybersecurity practices within the Commission itself and with respect to the markets and market participants it oversees," and that all steps are being taken to ensure there is not a repeat of a leak.

The move is a further indication that large financial companies and institutions are under increasing threat from cyber hacks. The SEC statement did not specify who was behind the breach, but recently countries such as Russia and North Korea have been linked to several high-profile hacks on large organisations.

Clayton and the SEC will need to ensure that it does not fall victim again if it is to rebuild its significantly damaged reputation on Wall Street.

Here Christopher Hillman, Principal Data Scientist at Think Big Analytics, A Teradata Company, delves deep into the processes banks use to identify fraud and the culprits within the system.

Insurance fraud is a growing problem which many insurers have begun to dedicate new departments and whopping budgets to try and tackle. Huge amounts of time and effort is now spent detecting fraud before paying claims to avoid the complexity and expense of recovering a loss – insurance companies certainly don’t want to pay out claims only then to realise they are fake.

Previously, this process involved manually and laboriously going through masses of individual claims while looking out for suspicious activity, creating a large drain on time, revenue and resources. Now, much of that backend research is being completed faster utilising data and analytics, thereby improving the productivity and efficiency of processes while keeping costs down. Despite this, a significant amount of data that might be meaningful never gets analysed and often, advanced analysts still need to be brought in to uncover meaning from results.

Fraud Invaders: a business case

Imagine being able to cut directly to the chase, removing the human effort needed to tackle huge numbers of worksheets to view potentially fraudulent activity. With advanced analytics and visualisation techniques, this is now possible. To demonstrate, let’s look at a business case called Fraud Invaders.

This case aimed to solve an insurer’s crucial business challenge by discovering a new way to focus on a tighter subset of cases to drive fraud investigation efficiency. To begin, claims documents that had been filled out and submitted by the insurer’s customers were collected, some of which were known to be fraudulent. These known cases of fraud were flagged and put through text mining to extract anything that was a clear identifier such as a bank account, email address or phone number. Following this process, analytics were used to uncover correlations between claims.

With this output, a data visualisation (or network graph) was put together. The resulting image, like the one included below, was made up of dots which represent individual claims, with lines which draw data connections between two or more claim documents. An example of a fraud indicator can be monthly insurance payments from the same bank account: chances are the separate claims belong to the same person or are three different people working together to commit fraud.

Not just a pretty picture: how it works

There’s more to see than initially (and appealingly) meets the eye. The dot clusters visible in the image show us who the “fraud invaders” are. The larger and more apparently connected the cluster, the greater the likelihood of fraudulent activity: this ability to gauge the potential for fraud based on the size of dots and amount of connections can be carried out with the need for little more than a quick look.

Using graphs like these as a foundation, claims teams can identify likely suspects and focus their investigations on these groups. Although not all suspects pulled out will turn out to be fraudsters, far less time, revenue and resources will have been required for this process in comparison to traditional, manual methods. In addition, incidents that may have previously slipped through the net may now be uncovered.

Uncapped opportunity: lessons from Fraud Invaders

In addition to helping insurers to identify fraudulent activity, advanced analytics and visualisation can also reveal networks of people and strong influencers who can assist businesses in attracting new customers, or cause them to lose them. This branch of data science, known as “Social Network Analysis” (not to be confused with Social Media) is a powerful technique that requires true multi-genre analytics. A variety of individual techniques are required to produce a model of a customers’ social network including text mining, fuzzy matching, time series processing and graph analytics. By traversing a persons’ network graph, claim teams can see who they are connected with and who they are influenced by when making decisions such as a purchase or switching services.

Overall, regardless of the desired outcome, Fraud Invaders offers a good lesson to businesses in how to achieve what they want: begin with a solution – rather than just a problem – in mind.

People are paying more for their homes around the world, with average house prices up 6.5% in the last 12 months.

But, where have house prices grown faster than the average income?

Assured Removalists have combined data on average annual salary, income tax and house prices to produce a ratio that shows the measure of housing affordability around the world. The higher the ratio is, the less affordable the houses are.

How does your country compare? You can view the full data set here.

Card fraud has increased 19% year on year, according to The Nilson Report, accounting for losses of around $16.3 billion, in 2015. France has seen an 8.9% increase in card fraud and the US, which has the largest fraud/loss ratio, currently accounts for 47.3% of the world’s payment card fraud losses.

The threat to banking is at least in part due to the explosion of data, according to Sopra Banking. It is expected that by 2020 we will be creating more than 44 times the data we created in 2009 - and that fraud will have resulted in losses of $35,4 billion. The storage and transmission of so much offers opportunities for fraud and cybercrime as well as being part of the problem.

The Evolution of Fraud Management

Ensuring that customer protection is paramount, whilst also preventing normal transactions from being interrupted is a fine balancing act for banks. The evolution in handling fraud management can be conducted in a more intelligent manner using big data - or ‘dataprints’.

Alike fingerprints, dataprints give us unique information about a given person, action, place and point in time. Analysing these accurate identifications (transactions, devices, usual patterns) through Artificial Intelligence, provides a warning sign of fraud for banks and customers.

Analyst firm McKinsey in their look at disruptive technologies, predict that neural networks will utilize big data to enable “knowledge work automation”. Learning and applying new and more refined algorithms improves the process’s sophistication and capabilities, making it easier to make data-driven decisions to detect fraud.

It’s all very well to say that data and technology can help prevent fraud - but what does this look like in practice, and how can banks achieve this?

1. Collection and Centralization of Internal Data

It is necessary to devise ways of collecting and storing big data in a manner that allows you to take full advantage of it when you need it - but also keep it secure.

Normally, data is created and held in silos, in a division/department/business area/type manner and because of this delocalization, it ends up being difficult to collate, distribute and utilize in any sort of global way. Centralizing the collection and management of data means that you can more easily access the data and cross-reference it.

A July 2014 survey of bank respondents by The Economist, found that half had applied centralized analytics to big data management through artificial intelligence software. In turn, these banks had the most holistic approach to risk mitigation and fraud prevention and enhanced their security as a result. It is something the industry needs in order to fight fraud in 2017 and onwards.

The centralization of data and in turn creation of intelligent big data will enable banks to not only mitigate fraud, but service their audience better. The implementation of big data centralization is as much a process as a system and requires synthesis of legal and regulatory compliance, a security and privacy focus, strong management and the best technology.

2. Leveraging External Data

Big data means information from multiple and often highly disparate sources. One of the new challenges for data collection have arrived in the form of social media platforms like Facebook and LinkedIn. However, external data tracking, can be an extremely useful tool in the fight against fraud.

Analyst firm, McKinsey has shown that the use of  external data, such as social media activities, can have up to 35% improvement in areas such as risk mitigation, as well as allowing the development of better insights into customer behaviour and ultimately in fraud behaviour analysis. One of the reasons for lack of uptake in this area is the difficulty of retrieval of such data. Although this is certainly achievable in terms of technology through the use of social graph APIs. However, the consent and release of this data is often a legal minefield and customer privacy worries and media scares themselves can be a hurdle to jump.

Going forward into an era of instant payments, external data tracking that is conducted in a privacy enhanced manner will become even more important. The ability to keep track of these payments, whilst ensuring personal data is obfuscated, all in real-time is a challenging but ultimately empowering new tool for the industry.

3. Using Behavioural Profiles to Prevent Fraud

Big data is revolutionizing the process of ‘Know Your Customer’ or KYC. As KYC becomes KYCd, or Know Your Customer’s data, a more accurate and in-depth approach to consumer understanding can be rewarded by more impactful anti-money laundering (AML) and other types of fraud detection.

Being able to model patterns of behaviour by using predictions based on internal, external and social big data is transforming banking. It not only gives you insight into normal behaviour, but that baseline then allows comparison and identication of patterns, similarities and differences - and fraud. Technologies such as geolocation, can be added to the arsenal, so those incidents when a customer is interrupted from making a legitimate purchase are greatly reduced, whilst real crime is detected.

However, it can also offer challenges in terms of security and privacy. Customers are now more informed about privacy considerations and have become less happy about sharing their personal data with any company, not just a bank. Sopra Banking Software report found that 80% of customers would be willing to share their personal data, as long as they did so using a consented, ‘opt-in’, approach and in doing so they were incentivized by better rates and so on.

New EU privacy and data protection laws, which are an adaptation of the Data Protection EU Directive 95/46/EC, are due to be finalized this year. The new data privacy laws will be more restrictive and will have focus on, for example, data stored in the Cloud. This requires a Privacy by Design (PbD) approach when creating Cloud based systems, especially those that store, transmit and transact data. Handling these more extensive regulations needs a more rethink in the approach to security and privacy.

Conclusion

Although the collection of data, how to centralize and manage it, how to make it safe and how best to analyse and make predictions from it are all challenges, they also offer huge potential. The digital revolution that has brought us big data can also bring us big banking.

(Source: Sopra Banking)

Robo-advice has become one of the more popular and prominent financial technology innovations of the last few years, and it’s easy to see why. However, Lester Petch, CEO at FinchTech, reckons there’s cause for concern, and below talks Finance Monthly through five reasons robo-advice may not turn out to be all it’s promised without confronting some hard-hitting issues.

In theory these platforms offer expanded access to financial advice and fill a widening RDR gap, at a lower cost and with superior ease of use. Citigroup estimates that assets managed by robo-advisors could reach a collective value of $5 trillion over the course of the next decade - and that is certainly something to aim for.

Excitement and optimism should always be tempered with pragmatism however, and practically speaking, there are reasons to be concerned. Many available and in build platforms promise innovation, efficiency, and accuracy, but have some major potential hurdles to overcome.

1. Build cost and overspending on customer acquisition

Robo-advice start-ups are often unknown quantities, and must therefore build from scratch. Many rely on digital and social marketing campaigns, alongside referrals, o generate revenue. The problem is that these campaigns are often expensive - sometimes hideously so. Nutmeg, for example, posted a pre-tax loss of £9 million in the last fiscal year, even as marketing and staff costs hit £10.8 million.

It’s not altogether surprising that when cost of acquisition (CAC) for clients exceeds overall lifetime value (LTV), firms lose money. The assumption is that these expensive omni-channel campaigns will of course be successful, and eventually skew the CAC to LTV ratio back in the company’s favour. This is however a precarious position for any business to find itself in, even one with fantastic technology. Deep pockets are required.

In some cases the aim might perhaps be for the business to accumulate enough assets under management to enable a sale or exit, however this is also a risky strategy. Recent 2016 research by SCM Direct, a UK wealth manager, suggested most UK robo-advisers “will go bust before acquiring the sizeable assets under management to ensure their sustainability”.

2. No real performance history

Sophisticated software is no substitute for experience. Many robo-advice platforms haven’t weathered any serious economic storms. Many have little performance history at all and rely on back testing. How much can you trust in a technology that has never been truly tested in the heat of battle, or weathered an event such as a recession or cataclysmic sell off?

3. Limited suitability

Robo-advice platforms may be at risk of not always accurately assessing risk tolerance – which can cause serious problems in an economic downturn. Recent research from FinaMetrica found that 21.2% of the firm’s 100,000 customers incorrectly estimated their true risk tolerance by a significant margin, when using a psychometric risk test. Platforms could be vulnerable to recommend investments that are beyond or below the client’s capacity for risk, especially in the event that the markets exhibit extreme volatility.

4. Reliance on algorithms

In an age of sophisticated and improving technology, reliance on this tech has led some to treat algorithms with an almost mystical reverence. Many are truly impressive, but can clients truly understand them? No algorithm is perfect, and many are unproven and untested in reality. They’re theoretically created to take human error or preference out of the equation, but human error can be a factor in their design and development. Could a mistake lead to catastrophic consequences for clients and do they know what they are buying into?

5. Lack of differentiation

For all the talk of the market’s innovation and creativity, it’s often hard to tell one robo-advisor from another. The major differences tend to be cosmetic, a technological bell here, a branding whistle there, and little differentiating focus on the client’s needs and priorities.

Those robo-advice platforms that enter the market in the near future with more niche or specialised offerings aimed at specific market segments such as cultural groups or different age brackets, are more likely to gain traction, as well as potentially spend less on client acquisition

In conclusion, robo-advisors will need to overcome these problems and more to achieve long-term viability. This isn’t to say that the technology isn’t exciting, the need isn’t there or that it doesn’t have huge potential. The right platforms could potentially redefine the market, and digital investment management is a step in the right direction. If digital investment management platforms can iron out the kinks and focus on what works for their own business model, and more importantly their customers, there is a bright future ahead of them.

The answer is that they are so much more. In a study released today, Dun & Bradstreet revealed data that uncovers the changing role finance leaders play in stewarding their organisation’s customer experience, a mandate traditionally viewed as one of the chief marketing officer. Because positive business results are often fuelled by great customer experiences, chief financial officers are increasingly using data and analytics to become customer-obsessed to ensure their organisation’s customer strategy is rooted in insights that will drive favourable outcomes.

The Customer-Obsessed Finance Leader, a study commissioned by Dun & Bradstreet and conducted by Forrester Consulting, found:

• 36% of company finance executives surveyed were identified as customer-obsessed Leaders, making customer-focused initiatives a top priority this year and reporting increases in customer acquisition, retention, and satisfaction.
• Customer-obsessed finance Leaders reported year-over-year increases in revenue, profitability, and cash-flow at a rate of 10 to 30%age points greater than their less advanced peers.
• Data and insights-driven companies are 39% more likely to report year-over-year revenue growth of 15% or more.
• 79% of customer-obsessed Leaders indicated that their organisation will likely increase spending on technology applications to support customer engagement.
• Implementation of a customer-obsessed strategy requires mastery of seven data competencies that must be aligned across people, processes, and technologies.

CFOs, with their leadership position, cross-organisational perspective, and ability to understand complex sets of data, are uniquely positioned to implement insights-driven behaviours and processes within their organisations. Investing in the right tools and technology, as well as augmenting internal data with third-party data and analytics are some of the key actions leading finance executives are taking.

Challenges to becoming truly customer-obsessed persist; disconnected strategies within the organisation, disparate data, inconsistent metrics, and a lack of investment in technology are among respondents’ most cited obstacles.

The study further outlines seven critical data competencies to master, qualities and resulting metrics that set customer-obsessed finance leaders and followers apart, and how-to strategies to focus efforts around using data and analytics to become a customer-obsessed organisation.

The survey, fielded within North America, Europe, and Asia Pacific in February 2017, included feedback from 250 finance executives (CFOs or EVPs of finance) from companies in multiple industries generating $150 million or more in revenue.

(Source: Dun & Bradstreet)