Besides, sometimes you have to take a step backward to move forward. The most practical way of dealing with bankruptcy and moving back to solvency is by establishing a saving plan. Saving is an essential aspect of wealth creation. With the right mindset and correct information, individuals can create wealth post-bankruptcy by adopting and neglecting certain behaviors.
Take Advantage of the Pre-discharge Credit Counseling
Bankruptcy comes with a lot of emotional and psychological strain. However, getting help from credit counselors can help you get through. Involving your legal advisor will help you find an approved agency to counsel you through the process. The counseling platform offers valuable financial advice to help you wisely manage your finances in future. It also focuses on income, expenses and strategies to save. Consequently, it covers financial literacy on budgeting and debt management. Budgeting your finances is essential if you want to achieve your saving goals. During bankruptcy, individuals learn to live without credit. Therefore, this experience should be used to your advantage by trying to operate with no debt post-bankruptcy. In case you access credit-cards, it is essential that payments be made before or on dates when they are due.
Increase Your Income Streams
After being declared bankrupt, sourcing for new income streams may be difficult at first. However, individuals can work with what they have, to achieve what they hope to get. For example, monthly income paid to unsecured creditors before being declared bankrupt can help you build up on your savings by depositing it into your savings account. Individuals can also start a business. Not all business ventures require capital to start. For example, Dave Ramsey began a financial advice group in his church after he was declared bankrupt which later became the successful Ramsey Show. Using your experience to educate others can create business opportunities for you, and you can even document your experience by writing a book. You can also take up a second job and save income from that job.
Work on Improving Your Credit History
Although debt is the last thing, you should think about post-bankruptcy, working on developing a good credit history is essential. Bankruptcy records show on your credit score for up to seven years. However, improving your credit scores in three years could make you qualified for a loan. Lenders often look at payment history, hence having years of consistent payments to your savings account shows reliability and commitment. Consequently, a good credit history improves your credit score allowing you to qualify for loans with lower interest rates which also makes it easier for you to save.
Dealing with bankruptcy can be exhausting. However, accepting and working towards financial stability can make it bearable. Personal financial evaluation can help you know where to start on your journey towards normalcy. Adopting better financial habits like living within your means is also good to ensure you remain financially stable.
As payment methods become more seamless to cater for consumers who demand a quick and easy user experience, concerns around protection of payment details have been mounting. Here Finance Monthly hears from James Romer, Chief Security Architect for SecureAuth, on the ins and outs of customer payment information, how it’s controlled and the potentials for multi factor authentication.
In light of recent data breaches, consumer trust in the ability of businesses to keep their data safe is at a low. Despite being well-established and active for decades, authentication techniques such as username and password for online payment portals, have been failing consumers and financial institutions for years, as they are simply no longer enough to defend against bad actors. It is clear that more advanced authentication techniques are needed to keep our finances and data secure.
Why two factor authentication isn’t enough
To defend against increasingly sophisticated attacks on financial services, a comprehensive and intelligent approach is needed. A strategy that focuses on where most breaches occur – i.e. the identity level – and combines multiple authentication techniques that do not hinder the user is needed. Multi-factor authentication (MFA) combines a minimum of three factors: ‘something you are’ (for example, a facial scan), ‘something you have’ (such as a bank card) and ‘something you know’ (a passphrase or password) and can improve identity security both in the payment transaction process, as well as when the customer is accessing a payment portal.
To improve security around online transactions, two-factor authentication (2FA) was introduced to bolster traditional username and password methods. It involves using an additional verification step; such as information that’s unique to the individual, a physical token or an SMS one-time passcode (also known as SMS OTP). While 2FA was a step in the right direction, and might deflect the average attacker, for a motivated one it’s no longer enough. Phone-based authentication and knowledge-based questions can be easily defeated by determined attackers, as seen with the recent Reddit data breach. This pitfall, combined with the less than user-friendly experience, and delays that often accompany 2FA, financial organisations need to re-think their security strategy.
Applications in the financial industry
MFA has the potential to transform payment transactions and customer experience when accessing financial information, helping to protect against fraud whilst at the same time improving usability for the consumer. Overall, the user experience with multi-factor authentication is seamless, making a strong case for a move away from the 2FA approach for good. For example, looking at contactless transactions the end user will simply present their card, while holding their enrolled finger over the embedded fingerprint reader during the POS transaction. Verification of the fingerprint is performed on the card during the transaction, using a pre-enrolled template. If the fingerprint matches, then the transaction is approved. If the read or the match fails, then an additional challenge (for example PIN) can be offered.
But it’s not just cards that this can be applied to. When a customer is accessing an online payment portal, adequately authenticating the user is critical to protecting sensitive data. Although customers are accustomed to (and often reassured by) lengthy authentication processes, a reduced number of steps will greatly improve the quality and ease of their interaction. Forward-thinking organisations understand this and will implement modern techniques, such as adaptive authentication, where both security and user experience can be enhanced. These techniques act in the background to quickly verify different aspects of the user’s login attempt, considering factors such as location, device used and IP address, without compromising the experience.
For example, SecureAuth worked with a large UK-based financial services enterprise to secure and protect its customer portals. The company recognised that their business model was largely based on repeat custom, so aimed to prioritise customer retention through a personalised personal portal. Following detailed research into the preferences stated by their own customer base, this organisation was able to offer authentication that adapted to the user’s needs and preferences, for instance, by using demographic information to give the most appropriate authentication method based on market research. In addition, repeat users enjoyed a frictionless experience without repeat access requests, as authentication was only required at the transaction phase. This greatly reduced the amount of times that credentials were requested and improved the overall user experience, highlighting how with modern authentication approaches; increased security doesn’t have to impact user experience.
Protection of the authentication process in the financial industry is absolutely essential, as no single authentication technique is beyond the reach of malicious actors. It is only a matter of time before they find a way to circumvent traditional authentication methods. True identity security must rely on multiple factors combined with risk analysis. By implementing adaptive methods that flex and change according to this associated risk, organisations can allow access, deny, step-up or step-down users at the authentication stage. This means that even if a malicious actor possesses one aspect of the user’s unique profile, such as biometric information, then other factors will be considered to authenticate them. In this way, payment and personal information can be protected and consumer trust maintained.
All directors and owners of a company should be aware of the declaration of solvency - particularly if considering solvent liquidation. The declaration of solvency must be submitted before claiming entrepreneurs relief through members voluntary liquidation (MVL). Business Rescue Experts, licensed insolvency practitioners and specialists in MVLs, are sharing what is involved in solvent liquidation.
What is the declaration of solvency?
The declaration of solvency is prepared before solvent liquidation - providing information on the company’s finances up to five weeks before the winding up resolution - and is split into three different parts:
- Statement of assets and liabilities of the company
- The sworn declaration of solvency by directors
- The endorsement of the proposed liquidator
What is the statement of assets and liabilities?
As mentioned above, this is the first part of your declaration. This statement, in simple terms, represents the company’s financial information ahead of the solvent liquidation. It’s important that all available information is included to avoid a false statement. All assets must be listed, as well as liabilities, and it must also set out the costs of the procedure and any interest returns due to creditors. Similarly, you must outline the returns available for the shareholder once the capital distribution becomes available.
Sworn declaration of solvency
Unlike the statement of affairs - sworn by a statement of truth - the declaration of solvency must be done so by a solicitor or notary. There will be costs involved, typically around £10 per swear. The wording is also critical to the declaration and must comply with insolvency legislation.
The proposed liquidator
The proposed liquidator of the case will present the declaration of solvency to the shareholders of the company. From there, resolutions can be made for the business to enter solvent liquidation, and the liquidator will also endorse the document. This will then be made public and placed on record at Companies House.
Once the procedure begins, the assets of company will be realised to pay off the remaining creditors. The balance will then go to the shareholders by way of capital distribution. Any eligible shareholders can also claim entrepreneurs relief.
What if I provide false information?
A false declaration of solvency is a serious threat to the future of your company. It’s important to note that you cannot be suffering from the early signs of insolvency before opting for this procedure, so you must seek advice at the earliest possible opportunity. An insolvent company is one where liabilities exceed the assets, and, therefore, your business is not suitable for solvent liquidation.
If your company is found to be insolvent, your company could be placed into creditors voluntary liquidation (CVL). Similarly, an MVL could become a CVL if creditors come forward with outstanding debts that have not been paid and submit claims against your business. If this does happen, there is also a chance that you - as a director - could face criminal charges. While you could face disqualification, for a period of up to 15 years, imprisonment is also an option in the most severe cases.
Ultimately, you must always ensure your company is solvent and there are no creditors to worry about. If not, you must seek advice from insolvency practitioners immediately.
Finance Monthly recently spoke with Rajeev Tandon, CEO of Xavient Digital - powered by TELUS International, about how future competitiveness will be determined by those who make digital evolution a part of their core DNA to continuously adapt ahead of their competitors.
Today’s businesses are focused on digital transformation more than ever before, with many CEOs and CIOs listing it as a top priority in 2018 and beyond. Why is that the case?
Digital transformation or digital enablement - the changes associated with integrating digital technology to enable innovation in all aspects of a business - is increasingly top of mind for many companies because of its significant impact on a brand’s ability to deliver superior customer experiences compared to their competitors. The trend towards digital is also being exacerbated by disruptive companies that continue to shake up traditional business models and steadily gain market share.
In the digital age, consumers want next-gen technology-enabled user experiences today - not tomorrow - from the brands they support. These predictive and hyper-personalised interactions, which must also be available when, where and how they want, are quickly becoming the norm as opposed to a ‘value added’ feature. In addition to making every customer touchpoint and interaction more meaningful, evolving digitally also helps on the back end, improving processes and driving operational agility - critical factors in a rapidly evolving marketplace.
Importantly, companies must recognise that digital transformation has no clear finish line, but must be repeatedly executed in order to keep pace with new technologies entering the market.
What are the top factors driving digital enablement?
Customer experience is arguably the topmost factor driving digital enablement as a captivating customer journey goes a long way in establishing unflinching customer loyalty. In fact, customer experience is becoming increasingly recognised as a fundamental competitive differentiator - even more so than the product in many instances.
Rising competition in this regard has brought dynamic technologies such as Artificial Intelligence (AI), Internet of Things (IoT) and blockchain among others to the forefront. When harnessed as part of an overall digital enablement strategy, these technologies can help brands develop a deeper understanding of their customers’ expectations in order to better align their products and services to meet, and oftentimes, anticipate their needs.
Additionally, as tech-savvy Millennials overtake Baby Boomers as the largest segment of the population, brands need to up their ‘digital game’ in order to create engaging user experiences. Whether companies seek to accomplish this internally, or look to develop a trusted outsourcing partnership externally, this is how brands will thrive today and into the future in the new age of the digitised customer experience. Moreover, brands need to focus on delivering personalised services and shorter time-to-market, as both significantly contribute towards delightful customer experiences.
Are there specific industries that should be focused on digital enablement?
Regardless of product or service type, the size of your business or your industry, leveraging some aspect of a digital evolution will enhance your performance. This is because the true power of digital doesn’t live in the technologies themselves, but in how they are selected, customised and integrated with one another and into all aspects of a company, including customer service. Where there are customers, there will be patterns in their behaviours, expectations and attitudes, and digital enablement is about arranging all customer touchpoints into a connected network that is proactive, agile, intelligent and analytical.
Financial services and FinTech are industries where digital enablement has flourished in order to meet the needs of consumers who are continually seeking more efficient, accessible and personalised experiences from their providers. Traditional banks, for instance, can no longer get by with simply a website and an app, they need to be able to offer far more features than the ability to check an account balance to keep up with the new products and services being offered by non-financial brands such as Apple Pay and Google Wallet.
But, when FinTech providers focus entirely on launching new products or rolling out more flexible options, customer service can get left behind. By partnering with a customer experience provider to help sustain the brand experience, FinTechs can balance innovation with exceptional customer service.
All in all, digitally-enabled businesses reduce customer effort, which leads to satisfied customers, increased brand affinity and top-line growth.
What are some of the challenges that businesses face when undertaking a digital enablement strategy?
While some worry about being able to keep pace with the latest technologies, others fear falling in the gulf between the initiation and finalisation of large-scale initiatives, or are hesitant to invest in new technology before they realise a financial return on a legacy system.
These are valid concerns and challenges, however, they should not stop companies from pursuing a digital enablement strategy. Instead, they should inform how you design and execute it, as there are various ways to incorporate many different aspects of digital capabilities into your business.
Digital enablement does not mean that a business needs to transform its operations overnight, nor does it preclude a major initial investment. It is a process and companies can begin by taking small steps, such as integrating a chatbot or an AI-powered analytics platform into their existing operations.
It’s also important to understand that technology adoption alone does not equal digital enablement. The overall corporate evolution, with an emphasis on strategy, operations and culture is the star - technology is the supporting cast. In this regard, another challenge organisations can face is internal resistance to change by employees.
Not everyone welcomes a new way of doing things, and if widespread, this lack of curiosity and experimentation often deprives businesses from discovering new and better ways to operate, work more efficiently and deliver enhanced customer experiences. A risk-averse mindset can be similarly detrimental, so it’s critical to foster a culture that embraces change, has a growth mindset, and is agile. Training and education also go a long way in executing a solid digital strategy.
What are some of the ways brands are leveraging next-gen technology to change the way they do business?
Innovation in technology has empowered companies from start-ups to mature brands, to create disruptions in their industry in order to gain a competitive edge by reimagining the possibilities for their customers. Next-gen technologies are helping them better understand the needs of their customers today and can more accurately predict what they will want in the future in order to guide the necessary improvements to their tools and technology architecture.
AI-powered analytics platforms that aggregate agent-customer interactions from various channels into intelligent patterns are in high demand in an age where customer expectations are at an all-time high. Brands are profiting from these platforms’ abilities to use voice recognition, natural language processing and even sarcasm detection to decipher customer intent with reliable probability to detect critical issues that need immediate resolution and to drive recommended actions.
At the end of the day, successfully implementing a digital enablement strategy also requires having highly-skilled and knowledgeable customer service agents who can fully leverage these new technologies across different platforms and customer contact points. In the months and years ahead, these types of universal agents will continue to be key to providing high-tech, high- touch brand experiences.
About Xavient Digital
Acquired by TELUS International in February 2018, Xavient Digital - powered by TELUS International, provides advanced, next-gen IT consulting and delivery services, including Artificial Intelligence (AI)-powered Digital Transformation services, User Interface/User Experience (UI/UX) design, Open Source Platform services, Cloud services, Over-The-Top (OTT) solutions, Internet of Things (IoT), Big Data services, DevOps, and IT Lifecycle services.
With a focus on supporting fast-growing tech, travel and hospitality, telecommunications and healthcare clients, the combined company of more than 30,000 inspired team members is a leader in the customer experience and digital services markets.
Website: https://www.xavient.com/
https://www.telusinternational.com/
The ongoing TSB IT meltdown has been strong evidence of the risks and challenges financial institutions face daily. It has caused mass uproar from customers and severely tarnished the bank’s overall reputation.
TSB started a long-planned move of 1.3 billion customer records from its former parent company, Lloyds Banking Group, to Proteo4, a platform built by TSB’s Spanish owner, Banco Sabadell. The change-over, which started on Friday 20 April, was supposed to be completed over the weekend by 18:00 on Sunday. But on Monday morning millions of customers were unable to use online or mobile banking or had been given access to other people’s accounts.
Error messages and glitches meant paydays and company salaries were turned upside down across the UK. This has understandably caused a chain of problems across many sectors. TSB’s overall response has not been appreciated by the public and its customer service methods have been hugely questioned.
Below Finance Monthly lists some of Your Thoughts on TSB’s IT failure and its customer service approach.
Mark Hipperson, CTO, Centtrip:
Looking more closely at what happened and how the events evolved, it appears that some key IT best practices might have been omitted, such as:
- Production system access: it appears developers had access and were making live fixes to production. This is a big no-no in software development even in an ultra-agile DevOps environment.
- Rollback plan: when it all went wrong, it appeared there was no contingency plan or option to revert back.
- Incremental proving: it would have been more appropriate to first validate each change to ensure it was successful before moving to the next.
- Testing: It is pivotal to confirm all changes have been implemented successfully and work well. There are many different types of testing: user, operational, data migration, technical, unit and functional, which would have helped identify any issues before customers did.
- Early Live Support: it is crucial to make sure sufficient highly skilled staff are available immediately after the release in case things still go wrong.
And last but not least is proof of concepts (PoCs), which would have revealed any tech and planning errors. TSB should have run PoCs on test accounts, or even staff accounts, before the full release.
Alastair Graham, spokesperson, PIF:
Small business customers have reached a nadir in their relationship with traditional banking partners. Branch closures and the move of services online have meant that few now receive any active guidance or support from their bank in helping to grow their business.
At the same time, many feel that even basic banking services aren’t meeting their expectations. Even without issues such as the recent TSB banking crisis, businesses would like improvements to be made.Whether that is quicker account opening processes, simple lending or transparent and fair charges, the demand for alternatives is growing.
Tech innovations, combined with legislative changes such as Open Banking, mean that more products and services are being launched, designed specifically to meet the needs of small business customers. SMEs have already shown they will trust other providers when their banks fail to provide adequate services. This has been particularly evident where prepaid platforms offer more versatility, while still being a safe, secure and flexible method to transfer money.
Yaron Morgenstern, CEO, Glassbox Digital:
In today’s digital age, customer experience is more important than ever. This banking app drama has revealed how important it is to measure your consumer’s experience with complete visibility of any problems. This should really be an ongoing effort, and not just when you plan large scale back office migration. There are three fundamental tenets to an effective customer experience: observation of the customer journey via touchpoints, reshaping customer interactions, and rewiring the company’s services to align with customer expectations.
It is only through advanced digital analytics and AI technology that organisations can understand what is going through their customers’ minds. These are powerful tools for mapping out customers’ digital journeys from the moment they visit a website. This all goes to the heart of improving conversion in the digital customer journey.
Fabian Libeau, EMEA VP. RiskIQ:
The fact that TSB’s IT meltdown dragged on for such a long time, meant that customers were locked out of their accounts for extended periods. It also made them vulnerable to digital fraud in the form of phishing. TSB itself has warned more than five million customers that fraudsters have been attempting to take advantage of its IT breakdown to trick people into handing over information that could enable them to steal their money. Criminals exploiting brands to defraud stakeholders in this way is nothing new, and we know that financial institutions are a much-loved target for hackers, given the highly-sensitive and valuable information they’ve been entrusted with – it is therefore no wonder that cybercriminals are queuing up for an opportunity to impersonate the bank online.
Andy Barratt, UK Managing Director, Coalfire:
In the grand scheme of things, the TSB incident is perhaps not as significant an event as a nation-state hack like last year's WannaCry. But it has still left many, including the ICO, concerned that a major 'data breach' occurred just weeks away from the implementation of the EU’s General Data Protection Regulation.
The power to hand out major fines that GDPR affords the regulator means that the price of poor data protection is about to become far easier to quantify. When the regulation comes into force at the end of the month, a breach like TSB’s would certainly require a Data Protection Impact Assessment and measures put in place to ensure a similar incident doesn’t happen in the future. At the very least, TSB will have put themselves on the ICO’s radar as ‘one to watch’ when GDPR comes into effect.
While the share price of Banco Sabadell, TSB's Spanish parent, wasn’t overly affected by the incident, there could still be a significant financial consequence for the bank. We now know that a large number of customers are affected so the cost of rolling back any mistaken transactions as well as offering support, and potentially refunds, is likely to eat up a lot of operational resource. This event should be a reminder that data protection and the safeguarding of personal information has to be to priority for financial institutions.
Andy Barr, Founder, www.10Yetis.co.uk:
The best thing you can say about the TSB approach to public relations throughout its issues is that it is going to become the modern benchmark for university lecturers on how not to approach crisis communications.
From the very outset, TSB has failed in its approach to handling this ongoing crisis. Its messages have been wrong, even from its highest-level member of staff, the CEO. He has repeatedly issued statements that have been incorrect and that he has had to retract and apologise for.
TSB’s brand reputation is now circling the plughole and its Spanish owners could very well be forced down the route of a re-brand in the mid to longer term in order to try and recover their reputation. I fully expect a classic crisis communications recovery plan 101 to be rolled out, once this all dies down. Step one; apologise (usually full page ads), step two; announce an independent investigation, step three; a member of the C-Suite gets the Spanish Archer (El-bow), and then step four; another apology before trying to move on.
Whatever the final outcome, this has been a public relations disaster for TSB and they are very lucky that at the time that it happened there was so much other “hard news” going on such as Brexit, rail company re-nationalisation and, of course, Big Don, over the pond, constantly feeding the 24-hour news agenda.
Danny Bluestone, Founder & CEO, Cyber-Duck:
The TSB fiasco shows that many organisations vastly underestimate data migrations. Moving data on such a scale from an incumbent system to a different one is an inherently complex task. There are several steps to follow for a successful migration.
First and foremost, it begins with a considered strategy for structural changes that ensures no legacy data is made unusable and new functionality is accounted for. Banks like Monzo test new features within alpha and beta modes, so new pieces of functionality are tried and tested before a mass general public release. TSB would have been wise to utilise test scripts and automated testing to auto-test thousands of permutations from login to usage of the system. Relevant applications that monitor errors could have then detected issues early on.
TSB could have also used a run-book for deployment so all steps of deployment are documented. When an error was detected, TSB could have rolled back without data loss. Problems could also have arisen if TSB failed to use a testing environment that was identical to the production environment. As if there is even a slight difference, the user experience can break.
With regards to the application hosting, TSB should have an active engineering team monitoring performance 24/7. In our experience at Cyber-Duck – from working with numerous institutions including redesigning the Bank of England’s digital website – there really is no excuse for users to suffer. Complex data migrations can be dealt with in a secure and efficient manner if best practice methodology is followed.
Adam Alton, Senior Developer, Potato:
Software is difficult; Microsoft still hasn't finished Windows. Trying to write a new piece of software or create a new system, and then migrate everything over to it in one go is likely to go badly. The chances of it working are incredibly slim. Instead, a migration in several parts would be better. Release small, release often. When Mark Zuckerberg said "move fast and break things", you could interpret that as "you're going to break things, so do frequent and small releases in order that you break as little as possible before you get a chance to fix it". The problems with TSB's migration appear to be multiple and disparate; error messages, slowness and capacity problems, users shown the wrong data. It seems unlikely that these stem from a single cause or single bug, so it would seem that they tried to do too much at once.
Coerced optimism: when under pressure to get something to work, it's easy for a team of developers to wishfully believe that something is finished and working because they can't see any problems, even though their experience tells them that the complexity of the system and the rushed job they've done means that it's extremely unlikely to be free of issues. I wouldn't be surprised if IT workers at TSB fell into this trap, leading to the premature announcements that the problems were resolved.
Denying that you have a problem is always a bad idea. Amazon Web Services (AWS) provide a detailed status dashboard giving a continuous and transparent view of any issues on their systems. They don't deny that they occasionally hit problems but instead have a process in place for actively updating their customers with as much information as possible. This transparency and openness clearly win them a huge amount of customer trust.
Senthil Ravindran, EVP & Global Head, xLabs, Virtusa:
Fortunately for all involved, it seems as if the worst of TSB’s IT debacle is now behind it. But its botched migration led to more than 40,000 customer complaints in what was arguably the most high-profile banking error we’ve seen this year. Worse still, the technology itself isn’t to blame here – both previous owner Lloyd’s and the Proteo4UK system used by new owner Banco Sabadell have a good record in handling data. Instead, the responsibility here rests solely with TSB.
It mostly boils down to a lack of proper preparation on TSB’s part. Banks carry out small data migrations regularly, but a large-scale migration such as this typically calls for months of preparation. Actually moving the data isn’t the tricky bit; drawing the data from the siloes it’s stored in across the business and knowing how it’ll fit within the target system is the real challenge. This is why banks are increasingly looking to ‘sandbox’ the testing process; creating a synthetic environment with the data they hold to gauge how it’s likely to fit within a new system of record. Granted, this approach to testing doesn’t happen overnight, but when applied properly, it reassures banks that the actual migration will run smoothly.
This method would likely have spared TSB the disaster it has faced. Yet in reality, we’ll likely see similar high-profile stories appear over the coming months thanks to the combined pressures of GDPR and open banking. The former is forcing banks to bolster their data handling practices in order to avoid hefty financial penalties, while the latter is forcing banks to expose their data to all manner of third parties. Both initiatives are incredibly difficult for banks reliant on decades-old legacy IT systems to manage (indeed, it’s likely that the GDPR deadline this month may have added pressure on TSB to rush the migration through), and as the reality of this new banking environment begins to set in, expect to see other examples along the same lines as TSB’s.
We would also love to hear more of Your Thoughts on this, so feel free to comment below and tell us what you think!
Sharing confidential information is a data protection issue with more and more red tape every day. With more and more apps differentiating encryption methods, this becomes even harder to manage for authorities. Below Finance Monthly hears about the potential for banking fraud via apps such as WhatsApp from Neil Swift, Partner, and Nicholas Querée, Associate, at Peters & Peters LLP.
As ever greater quantities of sensitive personal data are shared electronically, software developers have been quick to capitalise on concerns about how susceptible confidential information may be to interference by hackers, internet services providers, and in some cases, governmental agencies. The result has been an explosion in messaging apps with sophisticated end-to end encryption functionality. Although ostensibly designed for day to day personal interactions, commonplace services such as WhatsApp and Apple’s iMessage use end-to-end encryption to transmit data, and more specialised apps offer their users even greater protection. Signal, for example, allows for its already highly encrypted messages to self-destruct from the user’s phone after they have been read.
The widespread availability of sophisticated and largely impregnable messaging services has led to a raft of novel challenges for law enforcement. The UK government, in particular, has been outspoken in its criticism of the way in which end-to-end encryption offers “safe spaces” for the dissemination of terrorist ideology.
Financial regulators are becoming increasingly conscious of the opportunity that these messaging services present to those minded to circumvent applicable rules, and avoid compliance oversight. 2017 saw Christopher Niehaus, a former managing director at Jeffries, fined £37,198 by the Financial Conduct Authority for sharing confidential client information with friends and colleagues via WhatsApp. Whilst the FCA accepted that none of the recipients needed or used the information, and the disclosure was simply boasting on Neihaus’ part, it was only his cooperation with the regulator that saved him from an even more substantial fine.
That same year saw Daniel Rivas, an IT worker for Bank of America, investigated by the US Securities and Exchange Commission and plead guilty to disclosing price sensitive non-public information to friends and relatives who used that information. One of the means of communication was to use Signal’s self-destructing messaging services. Rivas’ prosecution saw parallels with the 2016 conviction of Australian banker Oliver Curtis, an equities dealer, for using non-public information that he received from an insider via encrypted Blackberry messages.
These examples are likely to prove only the tip of an iceberg; given that encrypted exchanges are by definition clandestine, understanding the true scale of the issue, outside resorting simply to anecdote, is itself an unenviable task for regulators and compliance departments. Whilst those responsible for economic wrongdoing have often been at pains to cover their tracks – perhaps by using ‘pay as you go’ mobile phones, and internet drop boxes to communicate – access to untraceable and secure communication is now ubiquitous. It is difficult to imagine that future regulatory agencies will have access to the material of the same volume and colour that was obtained as part of the worldwide investigations into alleged LIBOR and FX manipulation.
How then can regulators respond? And how are firms to discharge their obligations both to record staff business communications, and monitor those communications for signs of possible misconduct? Many firms already ban the use of mobile phones on the trading floor, but such edicts – even where rigorously enforced – will only go so far. Neither Mr Rivas, nor Mr Neihaus, would have been caught by such a prohibition.
There may be technological solutions to technological problems. Analysing what unencrypted messaging data exists to see which traders are notably absent from regulated systems, or looking for perhaps tell-tale references to other means of communication (“check your mobile”), may present both investigators and firms with vital intelligence. Existing analysis of suspicious trading data may assist in identifying prospective leads, although prosecutors may need to become more comfortable in building inferential cases.
Fundamentally, however, such responses are likely to be both reactive, and piecemeal. Unless the ongoing wider debate as to the social utility of freely available end-to-end encryption prompts some fundamental rethink, the need to effectively regulate those who participate in financial markets – and thus the regulation of those markets themselves – may prove increasingly challenging.
Attempts have been underway in Parliament recently to help tenants improve their creditworthiness. This includes new legislation to make lenders give rental payments the same weight as mortgage premiums, including most recently Big Issue founder Lord Bird’s draft Creditworthiness Assessment Bill.
Open Banking - ahead of any future legislation - offers tenants the potential to achieve improved creditworthiness at no extra cost.
The launch of Open Banking in the UK last month, backed by nine key UK banks, is now enabling renters who want to get a mortgage to improve their creditworthiness with an ease that would have been unimaginable only a year ago, says CreditLadder.co.uk.
Instead of onerous paperwork or agent/landlord permissions - as has been the case in the past - tenants are now able to report their rental payments via mobile/online platforms simply, quickly and for free.
Tenants tell their bank they want the platform to ‘read’ their rental payments and pass this information on to a credit reference agency, such as Experian.
“When we launched our Open Banking service last month we were acutely aware that the take up maybe held back given the newness of the technology,” says CreditLadder CEO Sheraz Dar.
“But so far Open Banking is proving popular with our customers. The number of people signing up to our service has doubled and last week 80% of those applying to join our service now do so via Open Banking.
“Many of the UK’s 11 million private renters are finding it harder and harder to get on the property ladder, so it’s no surprise that a service like ours which gives them a leg-up is proving popular.
Case study
Civil Servant Ian Cuthbertson, 33, from Norwich is the first person in the UK to sign up and register his rental payments with a credit agency using CreditLadder’s Open Banking service, which is provided through an FCA-regulated partner.
Ian pays £700-a-month for a two-bedroom barn conversion he shares with his partner on the outskirts of Norwich, payments that are now being added to his credit history via CreditLadder.
“My partner and I are planning to buy a home in a few years’ time so I’ve been realising more and more that I need to improve my chances of getting a mortgage,” he says.
“So I’ve been looking at how I manage my credit cards and trying to make little tweaks here and there to my finances so that I present myself as trustworthy to lenders.
“I was thinking to myself that I pay the rent on time every month and wondered if that could count towards my credit score. And then I saw an article on MoneySavingExpert.com about CreditLadder so I decided to sign up.
(Source: CreditLadder)
Research carried out by Altodigital has revealed that two third (66%) of SMB IT executives admit that that they have significant IT challenges within their business. In comparison, an overwhelming 97% of those IT bosses working in larger organisations indicated having ongoing issues, suggesting very different attitudes to technology between small and larger firms.
The research also explored the differing priorities of these two business types and found that ‘maintaining existing IT infrastructure’ was a top priority for 40% of corporates while 32% unsurprisingly outlining ‘security and compliance’ as a top concern. It was also interesting to note that 25% of respondents listed ‘finding skilled staff’ as a big worry.
In terms of SMB organisations, 26% of IT executives listed ‘security and compliance’ as a major concern while budgetary constraints was close behind with 23%, something that was scarcely acknowledged by corporate respondents.
The poll organised by the office technology solutions provider, Altodigital was formed of two individual studies, one that polled 100 IT decision makers from corporate UK companies with over 500 employees while the second survey included firms with less than 500 employees.
Alistair Millar, Group Marketing Manager at Altodigital said: “It is worrying that such a high proportion of SMB IT Executives feel they do not have any IT issues, because it is likely that they are missing a trick, especially when the issue or security and compliance is something that requires continual upgrades in technology.”
The survey also indicated cultural differences when it came to technology, with 58% of SMBs revealing that they simply didn’t see the need for a bring your own devices policy whereas 72% corporates listed it as a major concern. These contrasting opinions were also clear when it came to discussing print policies, an overwhelming 78% of SMB IT managers admitted that they had no policy in place while 57% of corporates said that they review their print strategy every year or less.
Within these results, a quarter of respondents in large firms said that their printing plan was reviewed more frequently than every six months and 15% reported once a year.
“It is very surprising to see that a large majority of SMBs fail to have a print policy in place because managed print services are widely known to provide benefits for both small and large enterprises. SMBs must consider what services might help improve business efficiency and productivity on a regular basis, this point is clearly understood by large corporations who regularly review operations such as their print strategy on a regular basis,” added Millar.
(Source: AltoDigital)
Forget about high-tech espionage. Many of the headline-grabbing hacks from the past few months hinged on low-tech social engineering—the use of deception to manipulate users into giving up their passwords and other data, writes LeClairRyan attorney David Z. Seide in a new post on the national law firm's "Information Counts" blog.
"This kind of hack takes many forms—examples include security alerts from what appear to be trusted websites to update passwords, and phishing emails from what appear to be known, trusted contacts asking to download files or click on provided links," writes Seide, a partner on LeClairRyan's Compliance, Investigations and White Collar team, based in the national law firm's Alexandria, Va., and Washington offices.
In the Feb. 27 post ("Cyber Security and Social Engineering: A Big Low Tech Problem"), Seide notes that the consequences of computer network penetration through social engineering have been dire for victims. He cites a prime example: the hack of Hillary Clinton's 2016 presidential campaign.
"There, the campaign chair received what appeared to be a genuine email from Google's 'Gmail Team' informing him that a Ukrainian computer had just used his password to try to sign in to his Gmail account," Seide explains in the piece. "The email went on to say that Google had stopped the attempt, advised the chair to change his password immediately, and provided a 'Change Password' link. Believing the email to be authentic, the chair clicked on the link and changed his password."
As the world now knows, of course, the new password went straight to hackers, who promptly downloaded 30,000-plus emails in the account and sent them to WikiLeaks for publication. "This hack succeeded only because hackers used social engineering techniques to trick the unwitting user into effectively giving a secure password to what appeared to be a trusted source," writes Seide, an experienced litigator and internal investigator, who led multiple high-profile internal and financial investigations for several federal agencies prior to joining LeClairRyan last month. Those roles included leading the Department of State Office of Inspector General team that reviewed and published multiple reports in 2016 concerning the use of personal email for official business by Hillary Clinton and four other Secretaries of State.
For the foreseeable future, he notes, low-tech social engineering hacking will continue to be a dominant cyber risk. "If anything, it is likely to proliferate across growing and emerging technology platforms—mobile and other Internet-enabled devices (Internet of Things) and social media," he explains.
This is precisely why defending against such hacks requires more and better "cyber hygiene," which Seide describes as "no different than regularly washing hands to prevent infection." Toward that end, he offers a set of best practices for guarding against social engineering. They include ramping up education about social engineering; closely monitoring the level of security-protocol compliance within your organizations; maintaining vigilance and skepticism, and engaging in timely reporting of hacks or potential hacks.
"Cyber security is an ongoing process that changes as fast as technology changes. And technology changes fast," the attorney writes in the conclusion to the piece. "These suggestions are by no means cure-alls. But they will reduce social engineering risk and may demonstrate a prudent effort to address a serious problem we all regularly face."
(Source: LeClairRyan)
