The coronavirus pandemic has left many businesses scrambling to adapt. The lockdown and social distancing measures now in place – likely to remain in place, in one form or another, for many months to come – are forcing organisations of all sizes and sectors to reconsider how they operate. Ammar Akhtar, co-founder and CEO of Yobota, shares his thoughts on what the newly adapted financial sector might look like.
As we so often hear, we must prepare for a “new normal”; a world where office working, unrestricted travel and regular visits to bricks-and-mortar premises for essential services is going to become increasingly rare. In short, the transition from physical to digital is being greatly accelerated.
In the finance industry, there is a huge amount at stake. Firms that are unable to deliver their services while the physical world is largely closed off from us are at risk of being left behind by their competitors.
Rising to this challenge invariably means turning to technology. Indeed, fintech has been championed as the future of the finance sector for a decade now, but it has taken COVID-19 to bring about a “fintech revolution” in any meaningful sense.
What will this ‘revolution’ look like?
The increasing prevalence of financial technologies has been a common subject in both consumer and business contexts for many years. The so-called fintech revolution promised open access to data, hassle-free banking experiences and fairer deals for customers.
Yet only relatively small steps have been taken towards this vision. Until now we have only really witnessed a cautious adoption of this technology as consumers, regulators and established banks became familiar with what it can enable – and this has still come at considerable investment.
The so-called fintech revolution promised open access to data, hassle-free banking experiences and fairer deals for customers.
Now, though, things are finally changing. Technology is now not just a competitive advantage for financial services firms; it is essential to their very existence.
Today, people must be able to access critical financial services digitally. From taking out a new product (a loan or a credit card, for example) through to managing their finances and receiving advice, this must all be possible from within one’s own home. But more than that, the process of doing so must be fast, painless and personalised as possible.
There are credit marketplaces in the UK which already offer pre-approved loans that can be opened in just a few minutes with minimal clicks. This is possible because the lenders have made progressive choices in the way they develop or utilise technology.
Conversely, many finance companies still have data, systems and processes that are completely reliant on legacy technologies and on-premise servers. Simply put, these firms are under threat of becoming the Blockbuster or Kodak of the financial services sector (that is to say, businesses that were far too slow to respond to technological change).
Interoperability and the cloud
For financial technologies to be successful, two things are essential: interoperability and cloud computing.
Over the past decade firms have too often taken a piecemeal approach to adopting fintech; they have deployed specific technologies to solve isolated problems. That is because fintechs – financial technology startups – are typically created with that very focused mindset.
For financial services companies, particularly banking providers, a much broader perspective is required. Not only must each element of a business’ operations be built around best in class technology, but the technology must also be interoperable – it must fit together to form entire systems and processes that work seamlessly together.
[ymal]
Take the example of someone applying for a credit card – something that is increasingly common as a result of the economic hardship brought about by COVID-19. There are various different stages that an applicant will need to pass through – identity verification; credit scoring; advice or product recommendation; application and assessment; and, if successful, creating the account.
Using interoperable fintechs on a cloud-based platform removes time, complexity and human interference in all of those processes. Data can be rapidly shared and analysed, allowing for the appropriate products – better yet, personalised products – to be shown to the user. There is no reason that an applicant cannot go from the start of the process to the end by themselves in minimal time; so long as the credit card provider invests in the technology that enable them to do so.
Embracing fintech to its fullest
We are in the midst of what, in ‘business speak’, they would call a paradigm shift. We are moving past the stage of thinking about financial technology as simply being a means of checking one’s account or transferring someone money. The fintech revolution is gathering speed, and it will lead us to a more open, connected form of banking where one can see and manage all their finances digitally, as well as accessing personalised advice and products all from the comfort of their sofa.
In this primarily digital landscape, financial services firms who cannot deliver an exceptional level of service to customers – be it consumers or business – risk losing them to those who can. Now is the time for the sector to embrace fintech to its fullest and build systems that are not just adapted to the new normal, but actually help to shape it.
Andrew Beatty, Head of Global Next Generation Banking at FIS, shares his thoughts on the inevitable evolution of building societies with Finance Monthly.
Building societies have grown with the communities they service. They have been in an area for decades and sometimes centuries, giving them a strong sense of place and knowledge of the needs of the communities they serve. This has been vital to their durability, and this knowledge is very much still valued by customers.
But it’s not enough in today’s digital world. Consumers demands are increasing. Personal, tailored services, such as what customers receive through Amazon and Netflix, in conjunction with seamless digital experience offering spread across all channels the likes of which we see from Google and Facebook is now expected from banks.
Building societies need to evolve, but they need to do it in the right way. Building societies needn’t rip everything up and start again in the pursuit of reinvention. When e-readers were invented, authors didn’t stop writing; a Nobel prize winner retains that distinction in hardback or Kindle. Instead, building societies need to adjust their businesses to maintain relevance.
While every building society is different, but here are four investments no society can afford to ignore.
Digital capabilities
Worldpay research shows that 73% of consumer banking interactions are now digital, a figure that has only been rising during lockdown. Providing customers with a frictionless, on-demand experience across multiple channels is imperative. Focus on getting the right mix of personalisation, agility and operational and financial efficiency.
Building societies have grown with the communities they service.
Platforms that are built to leverage artificial intelligence and machine learning give building societies the ability to deliver the kind of personalisation that reinforces their established brand image. Systems that are built to accommodate open application programming interfaces, or APIs, and that use mass enablement for new product features and service rollouts will make adding new innovations later both cost-efficient and operationally feasible.
The cloud
In banking, trust and security are synonymous, and investing in or partnering with companies that have invested in the cloud is an important strategic decision.
When executed properly, a private cloud infrastructure delivers greater resiliency, enables faster software enhancements and ensures data security. Other benefits include significant decreases in infrastructure issues, improved online response times, enhanced batch processing times and the ability to swiftly respond to disasters and disruptions.
Data
It used to be that only the largest financial institutions could afford good data. But now the ability to access, filter and focus on real-time data is within reach for building societies as well.
In addition to adding even greater personalisation to digital and mobile banking tools, building societies can make further use of data to drive cost efficiencies, growth initiatives and service improvement efforts, as they deliver that differentiated customer experience they were built on. For building societies workers who fear they can’t harness an influx of data: don’t let the flood of information incite “analysis paralysis.” Start with a focus on your key goals. Then, ramp up other functionalities as you gain more confidence and skill. Data is a tool for creating an even better bank.
[ymal]
Regulatory compliance
To quote Spider-Man, “with great power comes great responsibility”. This rings as true as ever for building societies who, with increasingly stringent regulatory compliance burdens on their plates, need to make sure all the benefits incurred with increased data are analysed and harvested both legally and ethically.
It also demands that building societies put in safeguards as part of their fiduciary duty. Do your due diligence and make sure whatever method you choose, be that technological or hiring additional staff members, accounts for the ever-shifting regulatory environment and can ensure adaptability.
On your marks
Building societies need not despair at their technological deficiencies. After all, it’s far easier for a building society to catch up on five years of technical innovation than it is for a neobank to catch up on fifty years of hard-earned customer loyalty. Get in the driver’s seat, set the GPS for transformation, and start your digital journey.
Across the UK, lenders have approved nearly £27.5bn in government backed loans, through bounce back and business interruption loans, to more than 650,000 businesses affected by COVID-19.
This is an astronomical effort by all involved to keep businesses afloat, but it’s not been quick enough for many ailing businesses. The total amount of business loans available amounts to £330 billion, and businesses should be receiving these funds at a much faster pace then we currently are. Matt Cockayne, Chief Financial Officer at Yapily, explores how open banking may be the solution to these businesses' issues.
It’s clear lending will be needed throughout the year to help these businesses stay afloat as they reopen. And while lenders could be a lifeline for SMEs over the coming months, it’s thought that many believe that future lending or loans are too high risk, or that they just can’t tell what the future holds to lend to businesses. This is likely to cause further frustration for business owners who, until coronavirus happened, ran successful, growing businesses.
This has created a conundrum for the UK business landscape. As we emerge from the initial COVID-19 fallout, businesses need financial support to stay open and to ensure the economy bounces back, but lenders are either too slow or too wary of lending too much to businesses who are facing huge pressures to avoid going bust. To solve this problem, we have to look at new ways of accessing and sharing financial information to make quicker and better decisions. And in open banking, I believe we have a solution that answers these problems and more.
Speed, security and agility
The initial backlash in response to the government's three loan distribution schemes (BBL, CBIL and CLBIL) has centred around frustrations in the time it took to distribute essential funds. To keep up with this demand, lenders have to make faster decisions. But without the right information about the borrower they can’t make them consistently or fairly.
[ymal]
It is normally standard for lenders to request three months' worth of financial statements, but through the CBILS scheme, lenders must now request six months. This can slow the process down for businesses, providing an added layer of friction in finding and sharing bank statements, and an added layer of delay with the lender having to review the statements manually. Through open banking, lenders can gain instant access to up-to-date financial information and can retrieve historical data in just seconds.
This means they can quickly onboard customers and determine lending limits, without needing to send documentation such as bank statements, ID or other documents back and forth as you would traditionally. By gaining instant access to bank statements and a secure verified source of income, lenders can quickly analyse credit decisions in real-time, and make better, more informed decisions, which is crucial as we begin to step into the new normal.
Lending in the new normal
Up until now, the government has relied on a panel of lenders - established banks and the likes of Funding Circle - to distribute the schemes. But as the crisis continues, more loans need to be disbursed, presenting an opportunity for smaller lenders to play their part to support SMEs too.
One of the biggest struggles of the schemes has been around lenders being unable to meet the demand for onboarding new customers. Some businesses have reported that it is taking longer than expected to open a new account and receive essential funds. However, if conducted through open banking, these processes could be sped up and enable more lenders to operate and offer their services to UK businesses.
One of the biggest struggles of the schemes has been around lenders being unable to meet the demand for onboarding new customers.
This isn’t just a benefit for lenders in terms of meeting soaring demand, it also means an added layer of trust and greater loan personalisation for customers. Lenders can make fairer and more accurate decisions, based on a customer's financial picture.
Fueling the economy post-pandemic
With lenders able to grant more loans quickly and efficiently through open banking, businesses will have faster access to the much-needed cash required to stimulate the economy; keeping companies running, people in jobs and ensuring spending continues across the country. Lenders will also have the opportunity to monitor the borrowers finances after the loan has been granted, with the borrowers consent of course, to offer continued support and create future offerings if required.
As more businesses across the UK seek government support, the role of lenders will continue to grow in importance. But rather than shut up shop due to the risks at play, they should utilise open banking to make better, informed choices to ensure the economy recovers quickly.
With the entire industry currently under pressure due to uncertainty, data must lie at the core of every decision any business makes if it wants to succeed. In fact, research from McKinsey tells us organisations that leverage customer behavioural data and insights outperform peers by 85% in sales growth and more than 25% in gross margin. Jil Maassen, lead strategy consultant at Optimizely, offers Finance Monhly her thoughts on how data experimentation can be used to drive financial services forward.
The game-changing nature of data
One of the best examples of risk and reward, based on data science, comes from the world of baseball. Back in 2002, Billy Beane, general manager of the unfancied Oakland Athletics baseball team, spawned an analytical arms race among US sports teams. Working under a limited budget, Beane used obscure stats to identify undervalued players — eventually building a team that routinely beat rivals who had outspent them many times over.
Data analytics turned the game on its head by proving that data is an essential ingredient for making consistently positive decisions. The success of the bestselling book and subsequent Oscar-winning film, Moneyball, based on Beane’s story, took data analytics mainstream. Today, financial services companies are applying a “Moneyball” approach to many different aspects of their business, especially in the field of experimentation.
Data analytics turned the game on its head by proving that data is an essential ingredient for making consistently positive decisions.
We live in testing times
Experimentation departments for the purposes of testing, also known as Innovation Labs, have been growing at a prolific rate in recent years, with financial services seeing the highest rate of growth according to a survey by Capgemini. By the end of 2018, Singapore alone had 28 financial service-related Innovation Labs. Alongside this, research from Optimizely reports that 62% of financial services companies plan to invest in both better technology and skilled workers for data analytics and experimentation.
Areas such as fund management are no strangers to data analytics. But since the fintech disruptors arrived on the financial services scene, legacy banks are now using data in combination with experimentation to evolve other elements of their business and remain competitive. Many have found that this is helping them to address common concerns, including how to improve customer experience and successfully launch products to market. So much so, that our research found that 92% of financial services organisations view experimentation as critical to transforming the digital customer experience. In addition, 90% also consider experimentation key to keeping their business competitive in the future.
Eat, sleep, test, repeat
However, experimentation takes patience. As Billy Beane said when his strategies didn’t deliver right out of the gate: “It's day one of the first week. You can't judge just yet.” He was ultimately vindicated. Like any new initiative, experiments can fail because of cultural “organ rejection.” They require taking short-term risks that don’t always work, all in service of long-term learning. It’s the job of Innovation Labs to take these risks, and often, one for the team, by being prepared to fail.
[ymal]
The point is, when you're transforming something and making massive change, not everyone is going to understand right away. The best way to convince people that your theory is correct is to show them — not tell them — you're right. Experimentation initiatives in business, and especially in financial services where risks and rewards have high impact and return, allow new ideas to be proven right before they play out in front of a paying public.
Founded in facts and stats, experimentation promotes an ethos that is key in adopting new technologies and utilising data analytics to build roadmaps for the future. As the amount of data companies have access to increases, the ethos of experimentation will only become more important for predicting and changing the future for the better.
Experimentation is about measuring and learning and repeating that process until optimum results are achieved. The final word in this regard should perhaps go to Beane himself; “Hard work may not always result in success. But it will never result in regret.” His story is something that all financial services organisations can learn from.
London-based airline EasyJet revealed on Tuesday that nine million customers’ personal information was stolen in what it called a “highly sophisticated” cyber-attack.
In addition to email addresses and travel details being accessed, 2,208 of those customers affected also had their credit card information stolen. EasyJet clarified that no passport details were uncovered in the breach, and that it would contact those affected.
It is not yet known how the historically large data breach occurred, but EasyJet said that it had “closed off this unauthorised access” and reported details of the incident to the Information Commissioner’s Office (ICO) and the National Cyber Security Centre.
The size of the breach raises the possibility of EasyJet being forced to pay significant compensation, as was the case for British Airways after the personal information of 500,000 customers was stolen. In that case, the ICO fined the airline £183 million.
A similarly sized fine would likely be a significant blow to EasyJet, which has already said it expects to make a loss of around £275 million this year as the COVID-19 pandemic continues to drive demand for air travel through the floor.
Reacting to the news, Tony Pepper, CEO of Egress, called the breach “another stark reminder that airlines must take a comprehensive risk-based approach towards protecting customer data”.
“For organisations, it remains crucial they continue to prioritise data security at all times, but especially when there’s widespread introductions of new systems as there has been in response to sustained remote working during the COVID-19 pandemic.”
Well, all too often these processes utilise simplistic methods, such as spreadsheets. This ignores the multiple benefits that more technologically advanced processes can bring, most notably far greater accuracy. More accurate forecasts will help businesses in many ways, from securing funding from banks or investors to identifying future shortfalls. While rethinking how to approach cash flow forecasting will always be relevant and beneficial for businesses, in today’s uncertain climate of business instability due to COVID-19, it is especially important.
In fact, cash flow forecasts are almost useless if they are inaccurate and it is only the businesses with accurate forecasts that will flourish. Accurate forecasts allow businesses to run predictably, generate funding and make informed decisions on capital investment. In contrast, inaccurate forecasts can lead to potentially devastating outcomes. At the lighter end of the scale, an inaccurate cash flow forecast can result in missed opportunities while the business had surplus cash in the bank. Whereas, at the heavier end, an inaccurate forecast could lead to overtrading and the end of the business. It is clear that this must be avoided and remedied, but how? Andy Campbell, Global Solution Evangelist at FinancialForce, shares an alternative method with Finance Monthly.
The Difficulties
Although popular, the spreadsheet presents many issues as a tool for cash flow forecasting. The first of these is that future income and future expenses are typically completed in monthly increments. This is an issue because it means that the future is generated using data from the past so by the time the forecast has been generated, the data is out of date and, therefore, no longer accurate. Another issue is that it takes a lot of time to assimilate data from the many different sources required for this process which causes further delays. A solution to this problem is that all data from each department be made visible to the finance teams so that they can create an accurate and real-time data set.
A well-built data set will become the foundation for accurate forecasting, so it must be able to process the variety of data produced by each department. This is because companies generally process a combination of both product and service-based revenues. Therefore, the data set must be able to manage both of these sources and their different payment structures.
Although popular, the spreadsheet presents many issues as a tool for cash flow forecasting.
Volatility presents another difficulty to be reckoned with. As the current pandemic has shown, volatility can come in unexpected forms and not all can be protected against. However, preparation is key, and some volatility is more predictable. For example, businesses themselves are volatile by their very nature with the changing of business models in line with the latest developments. Therefore, it is to be expected that business revenues would also be prone to volatility. This can be mitigated against by ensuring that all data has human oversight and is regularly reviewed. Doing so will ensure that any projection is in line with the company’s strategy and should prevent unexpected outcomes.
Cash flow forecasting comes hand in hand with revenue forecasting, which is the greatest of all these challenges. Revenue generation crosses all departments: starting in marketing, it is then delivered by sales, realised by operations and, finally, measured by finance. As already stated, the collating of data from multiple departments is tricky, revenue generation crosses all departments so presents a tangible difficulty here. Currently, the typical finance department addresses this using a complicated interlinking system of spreadsheets which often presents further problems. Another issue is that there can be disconnect between departments where a lack of trust means that data is not readily shared. To solve this, businesses must remove the culture where each department treats its goals separately rather than looking at one overarching goal and working together.
How to Overcome These Difficulties
The problems can be broken down into two main categories – technology and people. In terms of people, this comes down to the business culture and only a business that can successfully change its culture will be able to successfully implement new technologies. It is very important that employees are properly briefed and trained in the new processes or technologies that businesses want to implement so that they feel part of the processes and are adequately prepared. Simply enforcing a new process and expecting it to be a success will not work and there will be no visible improvements to the business. Successful change to a business culture, at all levels of seniority and across all departments, will result in more tangible improvements.
[ymal]
In regards to technology, the days of spreadsheets are over, it is time to retire them and let new technology take over. Finance needs to have clear and direct visibility into active opportunities to be able to generate accurate cash flow forecasts. A simple way to do this is to integrate the CRM with finance which will give a window directly into the required processes. The data set can be further strengthened using data from the past, for example past win rates and payments can indicate what the future may hold. AI can analyse historic data sets to identify customers who were slow to pay in the past and, therefore, are likely to be slow to pay in the future.
Ultimately, the more integrated a business is, both in terms of people and technology, the more smoothly it will run and the better its outcomes will be. Having a finance team that can produce accurate cash flow forecasting and a business reaping the rewards is not as difficult as it may seem. There are tools and technologies to help along the way. It is time to say goodbye to spreadsheets and to embrace the new way to approach cash flow forecasting.
Finance teams are still spending too much time in ‘excel hell.’ Every hour spent grappling with spreadsheets, pivot tables, and pie charts are hours that could be spent helping make better business decisions. And yet, astonishingly, top finance functions are still devoting 75% of their time to data analysis, according to a recent PWC study. Eugene Hillery, Senior Director of International Operations at Tableau, offers Finance Monthly his thoughts on the issue and why it should be turned around.
Spreadsheet drudgery isn’t just frustrating and inefficient, it’s outdated. There is a huge range of intuitive, interactive and highly visual data software available – what some call ‘visual analytics’ - designed to help knowledge workers see and analyse the data that matters to them, faster.
Delivering insight from data should be the core competence of finance – not spreadsheet navigation. Yet, research from Sage shows two thirds of CFOs (64 %) are still unable to make data-driven decisions to drive business change. Here are five reasons to kick-off an analytics overhaul:
1. You Can Work (And Collaborate) From a Single Source of Truth
Conventional spreadsheets are capable of handling many tasks, but real time collaboration has never been their strongest suit.
Inconsistent version control, restricted server access and unnecessary duplication are a drag on far too many finance teams. When there are multiple sources of ‘truth’, hours of time are needed to make sure conclusions are built on accurate and up-to-date data. The longer this process takes, the less value you can claim from any time-sensitive data.
With more advanced analytics products, finance teams can bring diverse data sets together from across an entire organisation, allowing everyone to work from a single source of truth. This offers a holistic view and saves time especially when everyone, whether from AP, AR, Tax or Purchasing can collaborate on the same data in ‘real time’.
Inconsistent version control, restricted server access and unnecessary duplication are a drag on far too many finance teams.
2. You Can Get Insight Overnight
More than ever, the ability to connect to offices around the world is a business necessity. The power of a rolling international handover between knowledge workers using accurate, up-to-date data, is tremendous.
For example, if daily sales or staff performance data is be collected at the close of a business day in London, it can be turned into insight by teams in the US literally overnight. This means recommendations for action land on desks at the start of the next day in the UK, and issues can be resolved faster.
If a coherent view of your accounts means drawing information from data sources in China and the US, for example, trying to reconcile them through different spreadsheets will only bury insight. Quick answers are critical for teams operating across different time zones, as for any business that needs an accurate overview of what’s going on in a hurry.
When diverse data sources are unified in a single interactive dashboard, drilling into the numbers can be done by anyone, wherever they are.
3. You Can See Both Granular Detail and the Big Picture
Managing business expenses is a never-ending task, but it’s another area where working smarter beats working harder.
Data analytics software helps uncover the kind of hard to spot correlations that can be invaluable in finding new ways to keep costs down. Dashboards should make it easy, for example, to see which employees are in the habit of booking flights well in advance (saving the company money) and those who rack up huge bills by making last minute purchases.
A faster understanding of data outliers is also valuable in the quick response to business challenges that may exist. Instead of questioning ‘what’ is happening, conversations are led with ‘why’ it is happening. Data analytics makes it easier to uncover cost drivers and make predictions about cash flow. This equips finance teams to identify the source of a challenge faster than ever and help drive the solution.
[ymal]
4. You Can Put Your Focus on the Future
Access to an organisation’s accounting full history means the finance team is best placed to offer predictions for its future. In general, the richer and more diverse the data that underpins those forecasts, the more accurate and useful they become.
With data analytics, finance teams can use a cash flow summary dashboard to help management understand the outlook in aggregate. They can ask useful questions like “what are our balances by currency, subsidiary, country, banking partner or geography?” The ability to reveal and answer these is fundamental to supporting other financial processes like preparing for audits and SOX compliance.
Combining effective data analytics and artificial intelligence support allows teams to compile and comprehend far bigger data sets, and even help present larger, more evidence-laden projections. This level of authority is what enables finance teams to play a more strategic role in the boardroom - advising CEOs, boards and investors, not to mention staff or customers. In fact, eight in 10 CFOs in the UK (78 %) say their role has changed recently and they are focusing more time and effort on business-wide operational transformation, according to Accenture.
Access to an organisation’s accounting full history means the finance team is best placed to offer predictions for its future.
The best visual analytics software make comparisons between external data sources like economic trends, and internal sources like operational numbers or sales figures. This in turn empowers finance teams to be more efficient and intuitive, making better recommendations with longer lasting impact.
5. Investing in Your Money People
The pace and scale of digital transformation is something finance teams understand better than most. After all, they are the ones processing payments for every major IT investment a company makes.
It’s not surprising then that it is so frustrating to see finance teams often overlooked for technology investments which could in fact create efficiencies that drive business forward.
Of all business areas that stand to benefit from the ongoing revolution in data analysis, finance departments have the most to gain. Gartner research shows that the number of finance departments deploying advanced analytics will double within the next three years. Visual and AI-empowered analytics can untap the insight and creativity currently locked in finance teams across the UK – but only if they can look up from their spreadsheets and see them.
Dermot O’Kelly, Senior Vice President, Europe at Finastra
Think your organization hasn’t embraced AI? Think again. The reality is that there are hundreds of applications of artificial intelligence embedded in everyday organizational life. From pay-per-click ads to social listening, chatbots to lead scoring, biometric security to network attack detection. As Europe at Finastra's Senior Vice President Dermot O'Kelley outlines below, the chances are that your organization is already relying heavily on AI for a range of functions.
It’s true that many of these services may be provided by third parties connecting directly to systems via open APIs. The organization therefore doesn’t need to become the expert. In fact, there is a proliferation of external experts as AI becomes ever more accessible. In less than two years, training time for machine vision algorithms dropped by over 99%. It went from three hours to just 88 seconds – whilst computational costs dropped from ‘thousands of dollars to double-digit figures’.
It therefore comes as no surprise that organizations are looking at how they can benefit from the AI revolution, to help boost areas such as operational efficiency, security, predictive capabilities, product development or customer satisfaction.
In less than two years, training time for machine vision algorithms dropped by over 99%.
Leading the way is the financial services sector, not least because of the vast amounts of data held by legacy organizations, but also in response to the changing expectation of consumers. Tech giants created new models of engagement, platforms that consolidated services and captured data to further fuel predictive capabilities, and this expectation of convenience is now shifting to financial services, where consumers are now more than comfortable with concepts like robo-advisory. Institutions, regardless of whether they’re providing retail services, lending, trade finance, wealth or any other line of business, are racing to adopt similar models without relinquishing customer data.
As data proprietors, the world of opportunity that AI affords any organization is immense. Data is the new currency as we enter the fourth industrial revolution, and all AI applications rely on huge amounts of data to function well. So, why aren’t all organizations rushing to embrace AI?
- Firstly, the lack of appropriate, compliant data. Successful AI models require tens of thousands of records, cleaned and labelled, that have been captured and stored according to strict regulatory conditions.
- Secondly, the growing urgency for transparency and accountability in data, models and decisions to stop the cumulative effect of bias. Best practices are offered, but as yet there is no universal regulation or consensus.
- Thirdly, the ethical implications - just because you can doesn’t automatically mean that you should, particularly where privacy is concerned. As Cap Gemini noted, consumers are attuned to ethical practices…get it wrong and the trust – and business – is lost.
- Finally, the well-documented shortage of skilled AI and Data experts. Thankfully, through open APIs, all organizations can connect in AI-based capabilities developed by specialist third parties – it doesn’t always pay to build in-house.
[ymal]
The intelligence race continues unabated, with escalating VC investment in AI and new, exciting applications that are having tangible success. Still not sure what Artificial Intelligence can do? Very soon it will be easier to recall the few things the technology can’t do.
The FCA, the authority that regulates UK banking and financial services, has this week admitted to accidentally leaking the private data of around 1600 people that complained against the regulator.
In a document on its website, the FCA published names, phone numbers and addresses in response to a freedom of information request in November 2019. No other data like financial information or passport info was included, however. The private data belonged to those who complained against the FCA between January 2018 and July 2019.
The FCA has admitted to the leak and apologised, with the intent to address each person whose data was revealed and apologise to each in writing. It has referred itself to the Information Commissioner’s Office (ICO) and will likely expect a fine for the data breach.
On the back of this news, Andy Barratt, UK MD at international cybersecurity consultancy, Coalfire, told Finance Monthly: “The question on a lot of people’s minds will be how does the ICO respond to a data breach at a fellow regulator.
“Together, the ICO and FCA enforce some of the largest monetary penalties for data breaches and there could be cries of foul-play if one’s punishment of the other appears to be a light touch.
“While many will see this as embarrassing for the FCA, it now has a real opportunity to go through the same pain as those it regulates and learn from it.
“Human error is, to an extent, unavoidable and it will be interesting to see whether the FCA better empathises with those it polices in future.”
Here Andy Barratt, UK managing director at international cybersecurity specialist Coalfire, explores how the financial services sector can turn the tide on costly, high-profile cyber missteps.
It’s fair to say that the financial services sector has struggled to secure positive consumer sentiment for itself recently – particularly in relation to cybersecurity. At the end of October, the government’s Treasury Select Committee (TSC) went so far as to say that the number of IT failures at banks and other financial services firms has reached a level it deems “unacceptable”.
The criticism, which highlighted poor IT performance within financial firms and a lack of decisive action from their regulators, comes in the wake of a string of high-profile and costly cyber glitches in recent years. Most notable among those is TSB’s unsuccessful attempt to migrate its systems over to new parent company Banco Sabadell.
Customer details were left easily accessible and vulnerable to fraud attacks, as well as resulting in thousands being unable to access their accounts. But TSB are not the only culprits: Barclays, RBS and VISA are among a raft of other major financial service providers to have suffered serious technical glitches in the past few years.
Why then, with so much at stake, are financial firms lagging behind when it comes to their cyber strategy?
Complex legacy tech infrastructure
The first aspect that makes large firms so susceptible to attacks is that their IT systems are often complex and, significantly, outdated. Hackers can easily find weak spots in the system or, as in TSB’s case, vital information can slip through the cracks.
The first aspect that makes large firms so susceptible to attacks is that their IT systems are often complex and, significantly, outdated. Hackers can easily find weak spots in the system or, as in TSB’s case, vital information can slip through the cracks.
Our inaugural Penetration Risk Report, which took place around the time of TSB’s issues, found that the largest firms are less likely to be prepared to face up to cybercrime than their mid-sized equivalents – despite greater budgets and resources – due to their cumbersome and slow-moving infrastructure.
More recently, we’ve seen those larger businesses close the gap, mostly through the support of in-built cloud security services, but the risks still remain for many. In the financial services sector specifically, this year’s study indicated that the level of external threat has actually increased.
The rush to implement services under a new ‘Digital’ initiative sometimes comes at the cost of addressing the underlying legacy issues too. Whilst the big banks rush to keep up with the online-only challenger banks they re-allocate budget for the new apps and forget the underlying infrastructure they depend on.
‘Yes’ culture
One of the key risks boosting that threat is a habit within large corporate cultures for IT teams or risk managers consistently ‘downgrading’ risks due to lack of understanding or complacency when reporting to those further up the pecking order. This is dangerous and can lead senior figures to the conclusion that everything is ‘ok’ within their organisation when, in reality, an IT crisis is just around the corner. This is particularly true when organised crime groups are targeting financial services with highly sophisticated attacks that are often discounted by management with a throw away ‘nobody would do that’ comment.
Companies should attempt to foster a ‘safe’ environment where staff feel comfortable raising problems they encounter so that solutions can be found before disaster strikes. They should also to remain current with intelligence from their incident response and forensic partners who will see the sophisticated threats when they do cause a breach.
An enhanced understanding of the issues facing the business is less likely to leave senior spokespeople up a creek without a paddle when facing the media. No one would expect a CEO to know all the ins-and-outs of their IT infrastructure, but basic comprehension can go a long way. Knowledge is power.
[ymal]
Weak links in the chain
Due to the nature of the industry and the services they provide, banks and large financial firms are required to interact with third parties on a massive scale. Unfortunately, this isn’t without its drawbacks.
Many third parties – and, by extension, their own supply chain – lack the sophistication and / or the wherewithal to deal with cyberattacks. As such, they are often the first port-of-call for a hacker looking to worm their way into a major system.
An example includes the British Airways data breach in the summer of 2018, when hackers were able to take information directly from the airline’s website thanks to access from a third party.
Often, being subject to this form of intrusion is pure bad luck rather than bad planning. However, large firms must ensure that they’re sufficiently protected and that access for third parties is limited. It’s a simple case of making sure that your back’s covered wherever possible.
Human error
Perhaps the most common error (and the most tangibly addressable) is the human risk inherent within any business. Naturally, the larger your workforce, the greater the risk you face, which is a major issue within the financial services sector.
Phishing, a scam that prompts staff to provide their username and password, is still one of the simplest but most successful ways potential attackers get their foot in the door.
The key to combatting the danger is providing constant training to employees so that they’re fully aware of the threat and the responsibility that they have towards protecting the business.
What’s more, the high-profile cases mentioned above are dangers in themselves: when the glitch or failure makes the news, a sign post is placed for hackers looking to break in. Each headline is an ‘x-marks-the-spot’ for a company’s weak spot, as well as their competitors’.
It’s a brutal world that financial services businesses face as technology advances but, with such large amounts of money at stake, they must be up to the challenge.
The company’s report, ‘Saudi Aramco After IPO – Company Overview and Development Outlook’, reveals that five major expansion projects – four crude and one natural gas – are being planned to boost output in the country.
One eighth of the world’s crude oil from 2016 to 2018 was produced by Saudi Aramco. As well as being the world’s largest oil producing company, it is also the most reliant on oil production, with 88% of its total 2018 upstream production coming from crude.
Somayeh Davodi, Oil and Gas Analyst at GlobalData, commented: “The major expansions at Saudi Aramco’s offshore oil fields of Marjan, Zuluf, Safaniyah and Berri are expected to comprise the majority of the company’s upstream investment over the next three years. Although these developments will also add gas and NGL capacity, the main addition will be oil.”
In 2018, the company’s MSC capacity (maximum barrels of crude oil that can be produced during a year) was 12 million barrels per day (bd) with 10.5 million bd oil produced plus the remaining 1.5 million bd available as spare capacity. This capacity allows flexibility to respond to market supply and demand fluctuations. The new expansions will add 1.45 million bd additional oil capacity.
Davodi adds: “Future production, including the ability to realize output gains from new capacity additions, is likely to be highly dependent on OPEC quotas. Production cuts are set to continue into 2020, but could be extended further.”
The interest in ATM malware and attacks is persistent and poses a threat to financial institutions and ATM manufacturers alike.
Here Amina Bashir, Associate Product Manager at business risk experts Flashpoint, offers Finance Monthly some insight into the underground market for malware designed for use in ATM cash-out schemes.
As giant boxes of cash, it’s understandable that ATMs are magnets for nefarious activity. Like many other forms of financially motivated crime, malicious activity against ATMs is supported by an underground ecosystem of illicit offerings and resources, as evidenced across Flashpoint’s datasets.
For example, information sourced across illicit online communities, encrypted chat services, and paste sites shows threat-actor mentions of ATMs on a par with mentions of distributed denial-of-service (DDoS) tools and attacks, far exceeding mentions of Remote Access Trojans, crypters, botnets, and ransomware. The interest in ATM malware and attacks is persistent and should be on the radar of financial institutions and ATM manufacturers alike.
Here’s a look at some known threats to ATMs:
Skimmers and Shimmers
Skimmers and shimmers are small, physical devices which are inserted into ATMs to steal payment card data. They are a popular commodity among fraudsters, but some criminals favor a more straightforward form of theft: directly stealing cash from the machine.
ATM Jackpotting
Jackpotting is the manipulation of an ATM so it ejects the cash within. It is often carried out with the help of specialised malware sold on illicit online marketplaces. During the past several years, malware-enabled ATM jackpotting attacks have been reported worldwide, from Europe and the U.S., to Latin America and Southeast Asia.
ATM Malware
ATM malware continues to be popular among threat actors operating across various platforms. Analysts have observed that ATM malware appears to be sold by only a few threat actors, some of whom may be associates. This is in contrast to other types of malware, which are sold by a wide range of vendors.
[ymal]
Inside the ATM Malware Market
WinPot, Cutlet Maker, and Yoda are among the most mentioned ATM malware variants. Due to similarities in posts, it is possible that some of these malware families are being created or sold by associated—if not the same—threat actors. Moreover, Flashpoint analysts have noted that many threat actors who advertise ATM malware also peddle other offerings on the cybercrime underground, including carding services and access to compromised bank accounts.
Uniquely among cyber threats, ATM malware attacks inherently require a physical presence at the targeted site. In fact, since most common and popular ATM malware variants are installed via USB, where attackers must physically open the machine’s exterior panel and connect an external device—attacking an ATM is hardly an inconspicuous endeavour.
And while some forms of ATM malware, such as ATMitch, can be administered without physical access to the machine by leveraging a known exploit against a financial institution’s servers, such an attack still requires the threat actor or a money mule to physically retrieve the stolen cash from the machine. As such, jackpotting crews are known to select their targeted sites carefully; ATMs stationed not at banks, but rather at small businesses, shopping centres, gas stations, and other retail locations are the most desirable targets for jackpotting crews.
ATMs stationed not at banks, but rather at small businesses, shopping centres, gas stations, and other retail locations are the most desirable targets for jackpotting crews.
So, in addition to keeping ATMs updated with the latest security software and patches, one of the best ways for operators to avoid being targeted in a malware attack is to noticeably bolster actual and perceived physical security at ATM sites. For example, an outdoor ATM set back from the sidewalk in a poorly-lit area could be a natural target for jackpotting, but the addition of motion-activated floodlights and conspicuous security cameras monitoring the premises from several angles to avoid blindspots could immediately deter threat actors.
In addition to enhancing visibility and surveillance, changing the lock on an ATM’s exterior panel is another simple way to thwart threat actors sniffing out vulnerable ATMs that use a generic, mass-produced key provided by the manufacturer.
Assessment
Despite being controlled by a relatively small number of threat actors, Flashpoint analysts believe the underground market for ATM malware will continue to flourish, serving a global customer base of threat actors and posing a threat to financial institutions and ATM manufacturers worldwide.
Flashpoint analysts have observed wide variance in the price of ATM malware within illicit marketplaces, from as low as $25 USD up to $5,000 USD depending on the malware being offered, in addition to other factors, such the vendor’s reputation and level of customer support, customisation, and bundled services.
