Following talks in Brussels, the Greek government has agreed to unlock a further €10.3bn (£7.8bn) in loans from its international creditors, who have also agreed on easing the debt burden of Greece which totals €321bn (£245bn) - worth 180% of the country’s annual economic output. The tranche of bailout funds will be split into two payments: €7.5bn in June and €2.8bn in September. The European officials plan to extend the repayment period and cap interest rates.
However, the debt relief plan is far from the ‘upfront’ debt relief that The International Monetary Fund (IMF) has demanded. Poul Thomsen, director of the IMF’s European programme, said the IMF had made “a major concession”. “We had argued that (debt relief measures) should be approved up front and (now) we have agreed that they should be made at the end of the programme period.”
Germany was in opposition to the ideas about the debt relief, expressing beliefs that a debt relief could not be considered before the end of Greece’s current €86bn bailout programme in mid-2018.
"We achieved a major breakthrough on Greece which enables us to enter a new phase in the Greek financial assistance programme," said Jeroen Dijsselbloem, President of Eurogroup. He added that the package of debt measures would be "phased in progressively". This review was the first one under Greece's third eurozone bailout, secured in August 2015, after which Greek Prime Minister Alexis Tsipras called a snap election. This move happened only two days after the Greek parliament approved another round of tax increases and spending cuts, that were demanded by the creditors.
The European Central Bank has announced its June policies, which include leaving interest rates unchanged and hinting at further action if inflation fails to improve. President Mario Draghi said at a press conference that external shocks, such as a possible exit from the EU for Britain, would affect the market negatively and he recommends that the UK remain in the EU.
Mr. Draghi hinted that there is still the possibility for future stimulus if needed. This is following the ECB’s increase in its qualitative easing programme in March from €60 billion to €80 billion. The ECB will also start buying high-grade corporate bonds in early June.
The euro barely reacted to the news that interest rates will not be changed. Most recent forecasts now expect inflation to hit 0.1% this year, 1.3% in 2017 and 1.6% in 2018, possibly due to a rise in oil prices.
David Cheetham of XTB.com comments: “As was widely expected the ECB have announced that they will make no alterations to the three benchmarks interest rates or QE programme following the conclusion of their latest meeting. During the press conference shortly after the rate decision President Draghi struck dovish chords as the markets have grown accustomed to in recent times, stating the rates will stay at present or lower levels for some time. Market reaction so far has been fairly subdued with the slight upward revision to this year's inflation forecast of 10 basis points arguably the biggest takeaway, but seemingly not a big enough development to cause a sustained market move.”
David Cheetham is a market analyst at XTB. For more information about him, please visit: https://www.xtb.com/en/market-analysis/our-analysts/david-cheetham
Efforts to extend the reach of the internet to the 4 billion people worldwide that are not yet connected will only succeed if a digital ecosystem approach is adopted where access, affordability, skills and content are given equal attention, according to a new World Economic Forum-led initiative, Internet For All, whose key learning and best practices are published today.
The learning is published as a collection of best practices from around the world on how public-private collaboration has enabled internet access and adoption. Entitled Internet for All: A Framework for Accelerating Internet Access and Adoption, the report forms the basis of the Internet For All initiative’s first phase and concludes with a framework for governments and businesses to accelerate large-scale internet adoption.
The framework will be implemented in an initial project with the full endorsement of the governments of the Northern Corridor countries of Ethiopia, Kenya, Rwanda, South Sudan and Uganda. In these countries, 75 million people representing 67% of the total population have no access to the internet.
“The internet has become a pervasive, fundamental part of daily life, but low internet penetration significantly impacts a country’s ability to participate in the digital economy, which is becoming an increasingly important priority for development as Africa, like the rest of the world, enters the Fourth Industrial Revolution. We know it is possible to break down the digital divide for the 55% of the world’s population that is still not connected: now it’s time for governments, businesses and civil society to make it happen,” said Alex Wong, Head, Global Challenge Partnerships and Member of the Executive Committee, World Economic Forum.
"Achieving Internet for All is a critical priority for Africa to take full advantage of enormous current and future digital opportunities. This report provides a clear framework on which our Internet for All development strategy is based. In the Northern Corridor of East Africa, our aim is to help bring 25 million more citizen online by 2019," said Jean-Philbert Nsengimana, Minister for Youth and Information Communication Technology, Rwanda.
Local communities must be involved in infrastructure development at every step of the way, said Cyril M. Ramaphosa, Deputy President of South Africa. Infrastructure is for the betterment of people’s lives and is important that they feel a sense of ownership by being given full opportunity to benefit from the construction and from eventual delivery, he added.
South Africa’s experience of filling a gigantic post-apartheid infrastructure deficit over the past 21 years – since the advent of democratic government – has taught it important lessons, said Ramaphosa. One of these is that coordination of all projects at the highest level is critical to the best division of resources and to timely completion. South Africa has situated a coordination agency within the president’s office, enhancing and centralizing the government’s own management capacity; improving transparency, particularly with regard to tenders, which are often a point of corruption; and effectively “crowding in” the private sector.
Partnerships with the private sector have been particularly successful in the energy sector, with companies being given licences to develop generation capacity largely independent of government interference, and selling power into the national grid.
Colin Dyer, President and Chief Executive Officer, JLL, USA, said developing countries’ domestic capital markets are very shallow and will take time to strengthen and deepen. But the urgency of the infrastructure task requires financing right now, which means international markets have to be tapped.
Dyer listed four key factors to attracting international capital: transparency on costs and returns, and purchase and selling prices; reliable judicial systems to protect ownership; low levels of bureaucracy; and low levels of corruption. Dyer added that many countries in Africa are, in fact, success stories in terms of these criteria, but these stories are not being told. “The press loves to stream problems and whisper success,” he said.
John Rice, Vice-Chairman, GE, USA, said inclusive growth is impossible without electricity, citing figures showing that 500 million in Africa are “in the dark”. This has to change and quickly, and highlights the need for nimbleness and urgency on the part of governments and bureaucracies in addressing power gaps. “Speed matters,” he said, lamenting how important projects are allowed to “languish” due to political electoral cycles.
Equally, potential financers express eagerness to invest in infrastructure because of a clear and urgent need for it, but then allow enthusiasm to wane as they proceed to “define risk in the old-school ways,” noted Rice.
Africa should use the opportunities presented by the Fourth Industrial Revolution to transform itself into a full partner on the global stage, said Paul Kagame, President of the Republic of Rwanda, at the opening address of the 26th World Economic Forum on Africa. “Africa should not be still playing catch-up when the fifth revolution comes around, he added. Kagame called for “a continent free of pity and apprehension, a place of opportunity and partnership.”
The transformative power of technology lies at the core of the vision of a Fourth Industrial Revolution, as articulated by Klaus Schwab, Founder and Executive Chairman of the World Economic Forum, continued Kagame. However, it should be understood that technology is not a “magic bullet” in itself, but a tool for wisely tackling the challenges faced by Africa.
On a practical level, digital solutions in financial markets need to be significantly scaled up, said Kagame. Efficient, reliable and stable capital markets are key to providing access to funding for growth, and ICT makes such markets viable. At the same time, he added, development and growth are about more than machines – Africa’s people are an enormous resource – and can be achieved through “good politics and accountability”.
Kagame said it is a myth that there is only one acceptable way to build a just and equitable society. But, whatever path is followed, the key leadership requirement is “clear-headed realism”.
Akinwumi Ayodeji Adesina, President, African Development Bank (AfDB), Abidjan, and a Co-Chair of the World Economic Forum on Africa, said that Africa has “no choice but to be ambitious” in embracing the Fourth Industrial Revolution. He said that one of the greatest priorities for the continent is universal electrification to allow digital technology to play its role in transforming lives. “Africa is tired of being in the dark. This is why the African Development Bank will spend $12.5 billion in the next five years on its New Deal in Electricity,” added Adesina.
It is crucial that the Fourth Revolution “does not leave anyone behind,” said Graça Machel, Founder, Foundation for Community Development (FDC), Mozambique, and a Co-Chair of the World Economic Forum on Africa. The first three revolutions left Africans as a whole behind, with women in particular being abandoned.
For ASEAN to meet the growth and inclusion challenges posed by the Fourth Industrial Revolution – the rapid adoption of new technologies and digital systems – countries in the region must reform the way people are educated and be careful not to introduce regulations that stifle innovation and the adoption of disruptive business models, business and policy leaders warned in a session on the first day of the World Economic Forum on ASEAN.
Mari Elka Pangestu, Professor of International Economics at the University of Indonesia, who was a minister in the previous Indonesian government, said that with the launch of the ASEAN Economic Community (AEC), “we have gone from pooling resources to pooling markets, but we have yet to pool our talent.” She added: “Technology is a means to an end. But people are still important – and they have to have the training and knowledge to use the technology.” Developing new skills, such as collaboration and empathy, is important. “With value chains, you can’t work in silos anymore,” she said.
Regulators, too, have to be educated, Pangestu argued. “Regulators and policy-makers are still in the old world. We have to regulate but we have to do it in a way that is in line with the new world. Governments tend to over-regulate and control in the old way. Policy-makers don’t know where all this is going so it is better to tread lightly.”
“We need a revolution in education” for both young and old people, declared Nazir Razak, Chairman of CIMB Group Holdings in Malaysia. Embracing the unprecedented wave of technological change means empowering people, particularly the youth, to challenge vested interests, especially the entrenched links between big business and government, he added.
South-East Asia has key advantages over other regions, the experts reckoned. Being relatively young, its people are fast adopters of new technology. “There are lots of local platforms being mixed with global brands and platforms,” said Ulf Ewaldsson, Senior Vice-President and Chief Technology Officer of Ericsson in Sweden. Established companies such as CIMB will have to rely on this openness and flexibility to prosper. “We are being bashed by fintech,” Nazir told participants. “We have to respond. For an old company like us, we have to think like a fintech company, be innovative and become a fintech company ourselves.”
Diane Gray-Smith joined Uphold as CFO in November 2015, tasked with overseeing and managing the company’s global corporate financial reporting and governance, including developing the policy and system infrastructure. As a certified accountant, she has spent the past 20 years serving Boards and management teams in the financial services, fintech and media spaces, supporting transition and growth. Her work over the previous 12 years has been as an interim executive, defining business models and strategies to maximize value and profitability for SME in fast growth sectors by way of acquisition, fundraising, integration, restructure and IPO. Prior to this she worked as the CFO for a VC specialising in emerging and mid cap markets. Here she talks to Finance Monthly as part of our spotlight on CFOs.
The role of CFO is well positioned to drive cultural change within a company. What goals did you arrive with as CFO of Uphold?
My role at Uphold is further proof that the days of the one-dimensional CFO number cruncher are long gone.
Alongside the traditional mandate to provide financial reports and analysis, within Uphold I am expected to be involved in supporting and developing strategy, guiding key business initiatives, and working closely as a business partner to my CEO Anthony Watson.
Building and nurturing a high-performance culture is critical to the success of any organization.
The modern CFO is an adviser, scorekeeper, operations manager, team leader and strategist. We have to play each of these roles while safeguarding the resources of the company and ensuring the organization’s performance and expansion. This role is magnified when working in a startup, where the ground appears always to be moving, especially in a burgeoning sector such as fintech.
It is a challenge to make Uphold’s vision and business objectives come to life by connecting our front-line operators to the executive team and the board. It requires the CFO to be a trusted business partner rather than just a diligent scorekeeper. Iprovide those connection points by delivering fast, accurate, relevant and meaningful reports and insightful analysis that help evaluate performance to assist decision making and improve performance.
When I joined Uphold, in essence my primary goal was to make numbers more meaningful to everyone within the organization: to show how numbers can help drive the pathway to our vision and objectives; and for everyone to realise that numbers are a powerful tool, not a stick to be beaten by or the jury to be judged by.
What were some of your major achievements in this area in 2015?
Forecasting, planning and analysis is key at every stage of a company’s progression, but it is arguably at its most important whilst in the start-up phase and when a company is growing at unprecedented levels. Much of my first 100 days was to put in place robust, institutional quality reporting system that was digestible, relevant and meaningful. At the same time I was getting my head around Bitcoin, blockchain and the looming disruption to traditional banking, all a new horizon to me.
Uphold’s ambition is to be the best in breed, not just in terms of the product we offer, but the internal practices. As such, much work has been done to define and implement best practices, whether reporting, commercial decision making, business development, or regulatory requirements.
Are companies like Uphold shielded or more exposed during a financial crisis due to its nature?
The financial crises has changed the landscape in which we work, and has brought into focus the regulatory and corporate governance in every company.
For Uphold, the dynamic global economic environment compounded by the extraordinary rate of technological change and the ambition for fast track growth, presents huge challenges for the Executive team.
Statistics consistently show that many startups fail, so as CFO, risk mitigation takes centre stage. I continually assess performance to plan, with vigilant attention to cash flow, financial regulation, shareholder relations, fundraising, stakeholder engagement and managing resource and bandwidth.
Uphold’s huge advantage lies in our ability to respond quickly to changes in the economic environment, identifying and taking advantage of opportunities, reacting to potential threats and being able to scale quickly.
A lot has been made recently of the security systems in place for online currency, data clouds etc. At Uphold, how do you ensure that money is kept secure?
Uphold, as a financial services company, we operate within a strict regulatory environment, and much of this regulation is focussed on protecting the consumer. Uphold has invested heavily in building a platform that exceeds regulatory compliance baselines. We are setting new standards by adopting advanced technology tools for Anti Money Laundering (AML),Know Your Customer (KYC) and fraud detection and prevention, priding ourselves in keeping abreast of innovation and adopting new developments in the sector.
Security is, of course, a priority and we have a team of industry leaders in our compliance, risk and security department. We operate in a real time environment, and all transactions are transparent. Our blockchain technology provides a public record of all activity on the platform that any member can access. We also have a dedicated Security Operations Centre which monitors activity 24/7.
The integrity of the platform is paramount: the number of members we are attracting and the volume of transactions we are completing is testament to members’ confidence in our systems and processes.
Uphold is by nature a worldwide company – how is your chain of command setup, and how is the company structure set up?
Uphold is a global company with operations in Braga, London, Los Angeles, Mexico City, Mumbai, Portland, San Francisco, Sao Paulo and Shanghai.
I work from the London office, with my department and most of my direct reports in the US. The chain of command is setup so the CFO reports directly to the CEO. As CFO I need to be across Compliance, Intra-Country Regulation, Reserve Management, Acquisition identification, Investment Relations and Business Development. The benefit of this structure is that Uphold’s finance function is recognised as integral to the running of this business.
The leadership team consists of our CEO and executive VP’s from Legal, Compliance, New Business, Investor Relations, Product & Engineering and our People Officer
Inevitably there are some logistic challenges in terms of negotiating time zones, cultures and regulatory frameworks. Many of our meetings are over various internet channels, but as you would expect, the job requires a significant amount of travel, as I am still of the school that at times a face to face meeting is essential.
Looking into 2016 and beyond, what do you anticipate for your role?
Uphold as a business continues to grow at an eyewatering pace entering new markets with additional product lines bringing with that additional regional compliance and regulatory requirements. Central to my role is helping the organization navigate an increasingly complex business world. It is imperative that reporting is constantly reviewed to ensure the business is growing on a sound financial structure, that it is relevant and fit for purpose and is considered a tool for managers of all sections of the business.
As the CFO I am expected to be an organisational leader, balancing the responsibilities of reporting stewardship with that of a business partner, being a proactive member of the leadership team driving performance and developing strategy.
Is there anything else you would like to add?
What is certain is that financial services is undergoing a huge transformation into new, uncharted territories. It is an exciting journey to be a contributor to Uphold’s vision of making financial services innovative, accessible and equitable.
Fiona Tee joined Currency Cloud as CFO in April this year, to oversee finance, human resources, compliance (risk and regulatory) and operations. Over the course of her 30 year career, she has built up experience across the financial services, telecoms and tech sectors. Previous roles include CFO at Mondex International, from the inception of digital payment innovation, and CFO at Intelligent Environments Europe, a market leader in mobile and online banking solutions. Early on in her career, she co-founded a successful technology company, and she loves the working culture and opportunity to do things differently that comes with being part of an innovative, high-growth start-up. Here she talks to Finance Monthly about the role of a CFO and the future of online currency.
The role of CFO is well positioned to drive cultural change within a company. What goals did you arrive with as CFO of Currency Cloud?
I am a strong believer that the role of CFO goes far beyond looking after the numbers. The most satisfying roles I have held over the years have been those that allow for true partnership with the strategic and commercial sides of the business, and I hope to work in the same way at Currency Cloud.
The idea of cultural change is important. As a CFO, one of my major goals is always to realise and promote the value of the finance function as part of the wider business operations and priorities. Some of the roles I have held in the past have required me to take the lead on re-shaping the team to achieve these goals, as well as motivating key senior managers to develop and deliver new processes. Working with the wider leadership team in this way to identify key value drivers and ways to create and support recurring revenue growth lie at the heart of a finance function that delivers strategic value back to the business.
Are companies like Currency Cloud shielded or more exposed during a financial crisis due to its nature?
Our clients are operating in challenging market conditions. Globalisation is growing demand for international business expansion, while regulatory and reporting requirements are putting an increased strain on the industry. Speed to market is a critical competitive factor, with consumers more in control than ever before. Needless to say, we are facing an incredibly volatile economic environment – the nature of international payments means that our sector will always be impacted by changes to FX rates, and the uncertainty caused by major events such as the impending EU referendum.
A lot has been made recently of the security systems in place for online currency, data clouds etc. At Currency Cloud, how do you ensure that money is kept secure?
Wherever money is involved, there must be trust. In financial services, trust must be built on a bedrock of security. Needless to say, this is something we take enormously seriously at Currency Cloud – it’s constantly top of mind. Earlier this year, we were awarded the official stamp of approval in the form of certification against ISO 27001:2013 – the international standard for best practice in Information Security Management Systems. This accreditation, and the voluntary regular audits that it brings provides our clients with independent assurance that our commitment to security runs through everything we do.
How do you see the future of the industry?
Within FinTech more broadly, the payments space has arguably seen the greatest amount of innovation. The push to provide customers with the most convenient payment method for every situation means we are seeing a huge amount of diversity (and fragmentation) in innovation, and an explosion of different business models at this user-facing front end. This in turn, is forcing shifts in the underlying infrastructure, which must power and process these demands. As the world in which we live evolves, so too must the technology that underpins it.
In this globally connected, digital environment, payment transactions moving increasingly towards low value, high volume, as well as increasingly being embedded and ‘hidden’ within other services – you only have to look at Uber to see this in action.
Traditional models were simply not set up to deal with this, meanwhile FinTech was founded on principles of speed, ease of use, security and transparency. This presents a real and very exciting opportunity to fill the “solution gap”.
With loss of 11,000 jobs, the British department store chain BHS is to be placed in liquidation as liquidators called in after rescue bids fail. This is the biggest retail collapse in the UK since the demise of Woolworths in 2008. The liquidation decision followed a five week long bidding process, which resulted in failing to find a suitable buyer.
In order to fund working capital, administrators Duff & Phelps expressed beliefs that a potential buyer would have needed at least £100m on day one. The 88-year-old-retailer is believed to have received a number of offers for buying part of the company, to which the administrators have disagreed, stating that is was in the best interest of creditors to try and sell the business as a whole.
Prior to the confirmation in regards to the closing of the retailer, it was thought possible that Greg Tufnell, the former Mothercare boss, might have been buying the chain. According to various sources, a late 11th bid may have also come in from Mike Ashley, the founder of Sports Direct as well, since he had been involved in the sales process but had failed to convince the administrators.
Hilco Retail Services will be assisting in the process of winding down the British store network. All 163 stores across the UK will be holding closing sales over the following weeks.
There is no question that the EU referendum is one of the biggest political events we’ve been faced with in a while. We are so integrated within the EU economically and politically, that it is difficult to appreciate what life would be like outside of it.
Since the UK joined the EEC in 1973, we have thoroughly benefited from many aspects of the EU. The ability to trade openly with other member states and move freely between the Schengen Area has unknowingly been of real benefit for small businesses and expats alike.
Nevertheless, there are aspects of the EU that many disapprove of. Being part of the EU does limit our ability to create new trade blocs with other nations, and although the idea of moving abroad and finding work in Spain seems attractive for some, others are concerned about the level of immigration back home.
The real problem with this debate however is not about a right or wrong choice necessarily. Despite many fear-mongering campaigns about a potential recession, amongst others, no one knows what will happen after a Brexit, and it’s this uncertainty which many are afraid of.
In the event of the UK voting to leave the EU, article 50 of the Lisbon treaty will be invoked, as this is the official withdrawal process from the EU. For a minimum period of two years, all existing agreements will remain in place allowing some breathing space for the UK to renegotiate with the EU.
This period of uncertainty is why Mark Carney, the Governor of the Bank of England warns that the UK may be hit by a year-long recession. Corporate businesses who hold their headquarters in the UK may wish to relocate elsewhere, leading to potential job losses. Trade contracts would freeze with EU countries and small businesses who employ foreign workers would be left in limbo.
The other concern is the impact it may have on Sterling, which could weaken against most of the major currencies. Although this would be good for UK exports, it would make imports noticeably more expensive.
In the case of the UK not renegotiating terms with the EU within the two-year period, other members of the EU bloc will presumably vote to extend this period, whilst a ‘no’ vote would catastrophically eject the UK from the EU. The general consensus is that it is highly likely for the UK to take much longer to renegotiate terms with the EU. According to Gregor Irwin, former UK Foreign Office chief economist, such agreements may take up to 10 years to materialise.
In the short term, it’s difficult to envisage a positive outcome of a Brexit for businesses, or the economy as a whole. But are we likely to be better off long term?
Purely speculative predictions state that the long term implications of a Brexit are contingent on how the UK renegotiate terms with the EU, or look elsewhere for trade agreements.
If the EU allow for it, the UK could become a member of the EEA (European Economic Area), which allows for the free movement of goods, services and people between the other EEA member states. Although non-EU members of the EEA are not bound by the financial burden of the EU, contributions will still be made to the EU from the UK. Given that the UK has special agreements to keep the Pound Sterling and banking policies, leaving the EU to join the EEA would make very little difference.
Another possible option for the UK would be to join the EFTA (European Free Trade Association) - a trade bloc with regulations, set up for the promotion of free trade and economic integration to the benefit of its four member states.
If the UK potentially joins the EFTA, there is a chance for the organisation to negotiate the same terms as EEA members, although this would make little difference to existing arrangements with the EU. It’s been argued that the UK might take the Swiss route and arrange bilateral agreements with the union - a rather complex, difficult to manage and time-consuming process. After over five years of materialising, Canada was recently granted an EFTA membership. The question however is, will the EU be willing to go through with this even in the case of article 50 being extended beyond the two-year period?
It is unlikely that the EU will wish to be involved in business operations with the UK, without a financial contribution. Given that the UK is one of the largest contributors to the EU, analysts predict that the bloc would be damaged by a Brexit, leaving the option for an EEA membership without financial contribution off the table.
The options for the UK to recover are either renegotiating terms with the EU or looking elsewhere for trade blocs. If the country joins the WTO, it would be enabled to trade with the EU, but would most likely be hit with trade tariffs. Barack Obama expressed his opinion that the UK would be at the back of the queue for trade agreements, given their push for the TTIP agreement within the EU. The obvious solution once again would be to remain in the union and renegotiate terms that are a concern to the public.
In any event, remaining in the EU provides stability, certainty and more importantly - familiarity. If you operate an SME - you are fortunate enough to have access to the open market; if you are an expat - you are fortunate enough to live in your dream home in the south of France; and if you are a student - you can study in Madrid with very little barriers. Jeopardising these fantastic opportunities makes little sense and a vote to remain should therefore signal further renegotiations so that a reformed EU works for all.
For more information please visit:www.currencies.co.uk
For more stories like this please view the latest magazine http://www.finance-monthly.com/magazine/
With the EU General Data Protection Regulation (GDPR) scheduled to come into effect in two years’ time, the clock is ticking. The central tenet of the regulation is that organisations will need to demonstrate compliance with the directive in its entirety and be fully accountable for even any inadvertent lapses that occur. It’s perhaps the most ambitious legislation (across 28 member states) thus far and one that truly means business. The maximum fine for non-compliance at 4% of the organisation’s worldwide turnover is substantial for any organisation.
Ubiquity of End User Computing applications - a huge risk to compliance
In the banking and financial sector, where applications such as Microsoft Excel, financial models and databases are the ubiquitous and fundamental computer applications for data management and analysis, potentially these End User Computing (EUC) applications pose one of the biggest risks to GDPR compliance. For example, given that millions of Excel workbooks, each with multiple worksheets with millions of cells is typical, the task of ensuring that these mammoth files comply with the various GDPR requirements – including the right to be forgotten, data portability, and anonymisation and pseudonymisation of personal information – is no easy task.
There’s no prescription for GDPR compliance
The perennial problem with most of the new regulations is that regulators are consciously moving away from a prescriptive, siloed and rules-based approach in favour of best practice process and continuous governance. Therefore, fundamental to GDPR or indeed any data-related regulatory compliance is a three-step process of discovery, risk assessment and thereafter, on-going monitoring to minimise new risks.
Foremost, an accurate understanding of the EUC applications estate is imperative – especially as it’s common practice for employees to export data from core enterprise systems such as SAP, Bloomberg Terminal and so on for financial analysis and modelling. This discovery process will enable organisations to identify the EUC applications and files that contain the private and confidential records of individuals.
With an exhaustive inventory of files, the next logical step in the process must be to classify them into categories based on the level of risk posed by each. For instance, an EUC file containing personal details and national insurance number of employees, or client data pertaining to the ‘Know Your Customer’ requirement is likely a high level risk file compared to say a spreadsheet inadvertently containing sporadic entries of personal records. This kind of in-depth understanding and visibility will enable organisations to appropriately and proactively manage those files for GDPR compliance.
Finally, it is vital that organisations embed governance processes into their day to day business operation so that EUC files can be closely monitored. Due to the current dynamic business environment and ever increasing data, which is accessed in a number of formats and via a variety of devices, the ability to detect anomalous behaviour almost in real time, is critical to minimising the risk of regulatory non-compliance. To illustrate, in preparation of a client statement, an employee in the finance department of a bank exports data from the organisation’s SAP system into an Excel spreadsheet that contains personal details such as name, email address and phone number, bank details and so on. The bank must have the capability to apply auditable security controls to that particular file immediately, to sufficiently protect the personal information contained. In fact, a key principle behind the GDPR is ‘privacy by design’ and establishing such processes will go a long way in embracing the sentiment.
The days of tick box compliance are long gone. Falling foul of the GDPR will be costly, not to mention the much more far-reaching consequence of reputational damage. EUC applications present one of the biggest risks to non-compliance, and yet the reality is that many organisations simply don’t undertake strategic EUC application management. So while from an external perspective, organisations are challenged by the regulation; internally they are beleaguered by a lack of visibility of the compliance risks they face. Organisations need to make EUC application management a compliance priority. Only when they ascertain where the risk lies can they meaningfully determine where controls need to be applied for auditable, reliable compliance. It’s a rational approach.
For more stories like this please view the latest magazine http://www.finance-monthly.com/magazine/