finance
monthly
Personal Finance. Money. Investing.
Contribute
Newsletter
Corporate

Despite the mobile channel being an increasingly lucrative one for fraudsters to exploit, efforts to implement watertight authentication are being stymied by a lack of clarity around which party is liable in the event of sensitive data being compromised by hackers. It is time that mobile network operators (MNOs) and banks made a concerted effort to clear up this confusion and enable a positive customer experience to come first.

According to Aspect Software, the battle against fraud is one that is still being fought fiercely, especially as cybercriminals become more savvy in the way they conduct their activities. According to the Information Security Media Group’s 2017 Faces of Fraud survey, 52% of businesses polled stated that today’s fraud schemes are too sophisticated and evolve too quickly for their organisation to keep pace. For the mobile channel in particular, incidents of ‘SIM Swap’ fraud – which sees criminals steal money from bank accounts by digitally duplicating SIM cards via social engineering – accounted for 11.5% of total mobile fraud in the past year, according to Aspect’s own figures, attained through its work with banks and MNOs over the last 12 months.

These figures underline the importance of multifactor authentication in getting the upper hand in the fight against fraudsters. However, many organisations remain bogged down in debates over liability, which is slowing down the pace of adoption and risking compromising the trust of their customers.

Keiron Dalton, Global Program Senior Director at Aspect Software’s digital identity division, said: “The issue of liability regarding fraud can be something of a minefield. When working with third-party authentication providers to secure the mobile channel for mobile or telephone banking, it can be a challenge to establish clear, consistent lines of accountability in this area. This lack of direction and transparency can hinder the adoption of high-quality authentication which, crucially, creates a greater risk of customer trust being damaged if a data breach strikes.”

Keiron believes that MNOs and payment services providers, including banks, need to work towards re-evaluating the relationship they have with third-party authentication providers, to a point where a clear understanding is reached on the subject of liability. For Keiron, this means firmly establishing the authentication provider as a partner who provides an essential service along with recommendations on how the company can further improve its security practices, while final liability rests with the company that holds the data.

He concluded: “It is vital that businesses do not lose sight of what is most important when it comes to fraud prevention: maintaining a positive customer experience. This can only be effectively delivered if the organisation in question maintains strong relationships with its authentication partners, and ensures that the boundaries regarding liability are clearly defined. Key to cultivating lasting customer trust is being able to confidently communicate what is being done to keep data safe. If these internal relationships can be effectively managed, this assertive outward persona will come to the fore naturally.”

(Source: Aspect)

Below Simon Cadbury, Director of Strategy and Innovation at Intelligent Environments, answers a question many have been asking themselves for years now, what is the actual difference between a building society and your regular bank?

Becoming an adult is an important moment for anyone. However, it’s perhaps now significantly less so for the millennial generation, a demographic that views travelling abroad as their biggest priority ahead of home ownership, buying a car, and even paying off debt.

In fact, recent research has also found that most millennials only see themselves as an adult once they have turned 30 years old, with some even agreeing that 40 is a more reasonable estimate.

And this delay in ‘becoming an adult’ is having a significant impact on this generation’s knowledge of financial planning – frequently resulting in a lack of clarity when it comes to getting the best deal in the retail banking sector.

The Building Society Enigma

Building Societies are one example of organisations that remain a mystery to millennials. Our research, which surveyed 2,000 UK millennials on their attitudes towards the building society sector, discovered that very few knew the benefits of opening a building society account.

Worryingly, just under half (48%) were unable to name a single advantage, with a third (33%) agreeing that they could see no reason to use a building society.

Part of this uncertainty lies with millennials’ confusion around the difference between a building society and a bank. Around three-quarters (73%) admitted that they did not know the difference between the two, while nearly half (45%) unsure of when or in what circumstance they’d use a building society instead of a high street bank.

The Difference

So, what exactly is the difference? Key to understanding the distinction between banks and building societies is to be clear on exactly how, and for who, they operate. Because banks are listed on the stock market, they are businesses and therefore work in the favour of those who invest in them, specifically their shareholders. Building societies, however, are not commercial businesses, they are ‘mutual institutions’ – owned by, and working for, their customers.

As a result, building societies’ interest rates generally tend to be a lot higher than banks as they are not required to pay dividends to any shareholders. In fact, upon learning of this community-focused and member-ownership aspect, over a quarter (27%) of the millennials surveyed noted this as a real advantage.

Whilst building societies do focus more on financial products like savings and mortgages, they are still able to offer the same services that banks provide, such as current accounts, for example. However, with the exception of Nationwide, building societies’ services are only available on a regional basis, which is clearly a factor that significantly influences a generation always on the move.

Nevertheless, for those millennials who are settled in one place and like the community focus that building societies offer, there should be every reason for building societies to be considered as an alternative to banks. And really, like most things in life, the choice should be focused on which provider is giving the best customer experience – not on whether the provider is a bank or building society.

Understanding Millennials

Clearly, more needs to be done to educate millennials on building societies, and part of this responsibility should fall on the sector itself. To effectively engage a demographic that has grown up in the digital age, surrounded by technology and the internet, more needs to be done to move away from the traditional model. It should be a priority for building societies to better meet these expectations by providing more engaging digital tools, improving both their internet and mobile offerings. The building society should no longer be seen as a forgotten institution, but one that is considered alongside banks – and that can offer financial products just the same as its business-minded brother.

Below, Thanassis Diogos, Managing Consultant, SpiderLabs at Trustwave, discusses with Finance Monthly the intricate planning and plotting behind the recent Eastern European cyber hack on banks, which combine both physical and cyber stealing methods. Trustwave believe that this attack has the potential to spread to the UK and around the world.

Earlier this year Trustwave was called in to investigate several security breaches which had affected banks in Post-Soviet countries. These attacks appeared to be a hybrid of physical and cyber techniques with people used as mules to open new bank accounts, and cyber specialists using their skills to hack into the banks systems. Banks which had been compromised suffered significant monetary losses, somewhere between USD$3 million and USD$10 million. Trustwave’s investigation also discovered that the attacks shared common features. These identifiers included large financial losses originating from apparently legitimate customer accounts and all thefts taking place at ATM locations outside of the banks originating country, where the money was withdrawn using a legitimate debit card.

In some cases, the banks were not aware they were being breached until the attack was complete. However, there were cases where the malicious activity was picked up by third party processors, who are responsible for processing credit and debit card transactions. Despite the large sums being stolen, the thefts were hard to detect thanks to the use of debit cards acquired legitimately through the standard in-branch application process.

A closer look

Upon investigation of the third-party processors and the affected banks, we found a completely unique modus operandi behind the breaches. The criminal gang had used innovative attack tactics, techniques and procedures to successfully complete the attack campaign. The attack itself comprised of two physical stages which top and tailed the attack – the mules opened bank accounts in the initial phase and withdrew the funds in the final ATM cashing out phase. The cyber-attack compromised four stages beginning with obtaining unauthorised access to the banks network, compromise of the third-party processors network, obtain privileged access to card management system and finally activate the overdraft facility on specific accounts.

Method in the madness

The criminals hired a number of mules and provided them with false credentials, so they could open new accounts in branch. On opening the accounts, the mules requested to receive debit cards with the account, and the cards were then passed on out of the originating country to a group of international conspirators. It is not unusual to request a debit card with a new account as the balance of the account is directly related to how much money is available.

Whilst these numerous bank accounts were being opened in branch, the cyber part of the attack was already under way. Members of the criminal gang hacked into the victim banks’ internal systems and manipulated the debit cards features to allow very high overdraft limits or no overdraft limit at all, and also removed any anti-fraud controls in place on specific accounts. Almost simultaneously the operation continued in the countries where the debit cards had been sent to. The cards were used to make large withdrawals from a number of ATM’s which had been carefully selected because they had high or no withdrawal limits. Locations were also chosen to be remote and have either no or obscured security cameras. During the following few hours the operation concluded with a sum between USD$3 million and USD$10 million being withdrawn from each bank.

Recommendations to banks

There are measures which banks can take to help mitigate these kinds of attacks. A proactive program such as managed detection and response (MDR), also known as threat hunting is recommended. Implementing a threat hunting program will allow banks to detect threats early on and mitigate them before they have the opportunity to do any real damage. Banks should also prepare incident response plans and have them well documented and tested so they are fully prepared to act swiftly if such incidents occur.

Unfortunately, the success of these attacks could be attributed to the lack of coupling between the core banking system and the third-party card management system. Had these two systems been integrated correctly the changes to the debit cards overdraft limits would have been red flagged much earlier on. A second example of non-technical control failure is that several accounts on the card management system were able to both raise a request for a change and approve the change. This process is a violation of a commonly used control used in banks and banking applications called Maker-Checker. Banks are therefore advised to undertake frequent cyber security risk assessments to detect and mitigate this type of control weakness.

Currently the attacks have been localised to Eastern Europe and Russia, however, we believe that they do represent a clear and imminent threat to financial institutions in Europe, North America, Asia and Australia over the forthcoming months. During the course of the investigation it was discovered that bank losses currently stand at around USD$40 million. However, this does not account for undiscovered or un-investigated attacks or investigations undertaken by internal groups or third parties, the total losses could already run into hundreds of millions of USD. We would advise all global financial institutions to consider this threat seriously and take necessary precautions.

More than three quarters (77%) of commercial banks are preparing to increase fintech investment over the next three years as the rapidly growing sector shows no sign of slowing, with 86% of senior managers expecting an imminent rise in investment.

The in-depth research commissioned by Fraedom, polled 100 decision-makers in commercial banks including shareholders, middle managers and senior managers.

The survey also discovered that more than seven out of 10 (71%) respondents believe the rise of technology within commercial banks threatens traditional one-to-one banking and customer relationships. This was felt strongest among 95% of shareholders, as opposed to 67% of middle managers.

Kyle Ferguson, CEO, Fraedom, said: “The research reflects what is an upward curve for fintech organisations and to continue this trend it’s important for commercial banks to make the right choice when working with a fintech provider. By working with a trusted partner that understands the challenges of local markets, and equally how digitisation of commercial banks can support financial service offerings, this choice can often lead to further investment in the fintech industry.”

The research also revealed that despite an overall feeling that the future of the fintech sector is exceptionally bright, nearly two thirds (63%) of respondents believe commercial banks are more cautious than retail banks when it comes to adopting new technologies.

In addition, it was discovered that the most common reason for commercial banks lagging behind its retail counterpart was that ‘the market was settled and there was no strong competition from newcomers until now’. This was supported by 37% of respondents that felt retail banks surpassed commercial banking in the uptake of technologies.

“The commercial banking sector must become less cautious in embracing new technologies, especially when fintech firms can support areas of their service by outsourcing operations such as commercial cards,” adds Ferguson. “When technology is embraced at a faster pace, the gap between commercial and retail banks will become smaller and the collaboration between banks and fintech providers will help drive the future of finance, benefitting consumers, businesses and of course the industry as a whole.”

(Source: Fraedom)

Here discussing the increased adoption of connected devices and sensors in banking and how IoT enables banks to respond in real-time to customer needs, is Neil Bramley, B2B Client Solutions Business Unit Director at Toshiba Northern Europe.

Internet of Things (IoT) technology is on the rise both at home and in the workplace, and will soon significantly impact and empower the way we live and work. To date, such solutions have arguably made a bigger splash in the consumer landscape than B2B, with connected fridges, cars and thermostats all resonating with the public. As consumers awareness of IoT grows, so too does their expectation that it will blend into their everyday consumer experience. No business is seeing this effect more than those in the financial industry as more IoT technology incorporates payment capabilities.

The case for financial organisations to introduce IoT into their internal infrastructure and consumer facing technology capabilities is gaining in strength, with solutions providers continuing to innovate and push the boundaries of what such technologies can achieve. The whole concept of IoT is that it can be anything organisations want and need it to be – all it takes is the right app or piece of code to be built around it. At this stage in its adoption, many IT managers in financial organisations don’t necessarily understand the potential of IoT. Given the personal, and often sensitive, nature of the data these organisations manage a fear of data and network security persists, particularly in the wake of recent global cyber-attacks. However, such concerns aren’t projected to hold the market back for long, with IDC research predicting that global spending on IoT technologies is forecast to reach nearly $1.4 trillion by 2021.

The scope of IoT solutions is evolving to fuel this demand. Whereas stationary M2M (machine to machine) solutions, such as sensors, kick-started the connected device market and remain popular, mobile IoT solutions provide vast opportunities across numerous sectors – helping to improve workflows, enhance interactions with staff and customers, and even improve the safety of workers. Key to this development is the introduction of peripherals to the workplace, which can be partnered with mobile gateway solutions to ensure cross-machine collaboration.

One natural example lies within banking. The increased adoption of connected devices and sensors will bring increasingly rich data to banks about their customers, allowing them to provide more personalised products and services, even enabling them to respond in real-time to customer needs. As connected technology becomes imbedded in our environments, and the connected home and smart city market matures, banks could provide real-time spending advice. For example if you have overspent on your budget that month your bank might suggest you avoid your usual Friday lunchtime treat.

Elsewhere, peripherals like smart glasses (wearable display technology) can ensure a hands-free solution to workers across a range of roles. Augmented Reality could give insurance sales teams a in-depth view of customers homes geographical locations and provide them with a better analysis of potential risks in order to give them a better deal, or provide a hands free look at a customers financial history enabling the creation of bespoke products and services.

Beyond devices themselves, operating systems will also play a crucial role in the progression of IoT in the financial services world. Currently the focus is very much on writing software for iOS and Android – a smartphone-onus which again signifies the advanced stage of the consumer market. Yet the natural progression is for solutions providers to expand their focus to incorporate Windows 10 – this will serve as a catalyst in creating a greater number of solutions designed for professional use, which in turn will inspire more financial organisations to turn their attention to developing IoT coding and apps to address different business needs.

It is only a matter of time until IoT becomes a major enabler for organisations across the finance industry – with such game-changing potential, it’s important for IT managers to get ahead of the curve to understand how these technologies can empower their business.

If everyone is one step ahead of the competition, how is it possible for anyone to be one step ahead? The FinTech sector is currently facing a complex situation where start-ups are one-upping tech giants, and vice versa, on a daily basis. So how is it possible to maintain an edge in the industry? Finance Monthly hears from Frederic Nze, CEO & Founder of Oakam, on this matter.

The financial services industry has entered the Age of the Customer -- in this era, the singular goal is to delight. With offerings that are faster, better and cheaper, new fintech entrants have the edge over traditional institutions who struggle to keep pace with consumers’ rising expectations around service. Yet this is not the first or last stage in the industry’s evolution. Just as telephone banking was once viewed as peak disruption, so too will today’s innovation eventually become the standard in financial services.

What will become of today’s new entrants as they scale and mature? The answer largely depends on why a particular fintech company is winning with customers today -- a hyper focus on problem-solving.

If customer review site Trustpilot is used as the litmus test for customer satisfaction, then clearly banks and other traditional financial firms are falling short of the mark. Looking at the UK’s Trustpilot rankings in the Money category, not a single bank appears in the top 100, and their ratings range from average to poor. Fintech entrants like Transferwise, Funding Circle and Zopa, on the other hand rank highly in their respective categories.

So how is it that such young companies have elicited such positive responses from consumers, beating out institutions with decades of experience and customer insight?

The advantage fintechs have over banks is that their products are more narrowly focused and are supported by modern infrastructure, new delivery mechanisms and powerful data analytics that drive continuous user-centric improvement and refinement. Still, they’ve had to clear the high barriers of onerous regulatory and capital requirements, and win market share from competitors with entrenched customer bases.

The halo effect of innovation and enthusiasm of early adopters, hopeful for the promise of something better, has buoyed the success of new entrants and spurred the proliferation of new apps aimed at addressing any number of unmet financial needs. This of course cannot continue unabated and we’re already approaching a saturation point that will spark the reintegration or rebundling of digital financial services.

In fact, a finding from a World Economic Forum report, Beyond Fintech: A Pragmatic Assessment Of Disruptive Potential In Financial Services, in August this year stated that: “Platforms that offer the ability to engage with different financial institutions from a single channel will become the dominant model for the delivery of financial services.”

Whether a particular app or digital offering will be rolled up into a bank once again or survive as a standalone in this future world of financial services, will depend on the nature of the product or service they provide. This can be shown by separating businesses into two different groups.

Firstly, you have the optimizers. These nice-to-haves like PFM (personal financial management) apps certainly make life easier for consumers, but don’t have competitive moats wide enough to prevent banks from replicating on their own platforms in fairly short-order.

For the second group, a different fate is in store. These are offerings that are winning either on the basis of extreme cost efficiency (the cheaper-better-fasters) or by solving one incredibly difficult problem. Oakam belongs to this second category: we’re making fair credit accessible to a subset of consumers who historically have been almost virtually excluded from formal financial services

The likely outcome for the cheaper-better-fasters, like Transferwise in the remittances world, is acquisition by an established player. They’ve worked out the kinks and inefficiencies of an existing system and presented their customers with a simpler, cheaper method of performing a specific task. However, their single-solution focus and ease of integration with other platforms make them an obvious target for banks, who lack the technology expertise but have the balance sheets to acquire and fold outside offerings into their own.

Integration into banks is harder to pull off with the problem-solvers because of the complexity of the challenges they are solving for. In Oakam’s case we’re using new data sources and methods of credit scoring that the industry’s existing infrastructure isn’t setup to handle. In other words, how could a bank or another established player integrate our technology, which relies on vastly different decision-making inputs and an entirely new mode of interacting with customers, into their system without practically having to overhaul it?

For businesses who succeed at cracking these difficult problems, the reward is to earn the trust of their customers and the credibility among peers to become the integrators for other offerings. Instead of being rebundled into more traditional financial firms, these companies have the potential to become convenient digital money management platforms, enabling access to a range of products and services outside of their own offering.

Self-described “digital banking alternative,” Revolut was first launched to help consumers with their very specific needs around managing travel spending, but today has offerings ranging from current accounts to cell phone insurance. While some of their products are proprietary, they’ve embraced partnership in other areas, like insurance which it provides via Simplesurance. This sort of collaboration offers an early look at the shape of things to come in finance’s digital future

One might ask how the digital bundling of products and services differs from a traditional bank, with the expectation that the quality and customer experience will diminish as new offerings are added. A key difference is PSD2 and the rise of open banking, which will enable closer collaboration and the ability to benefit from the rapid innovation of others. What this means is that an integrator can remain focused on its own area of expertise, while offering its customers access to other high quality products and services

At Oakam, this future model of integrated digital consumer finance represents a way to unlock financial inclusion on a wide, global scale. Today, we serve as our customers’ first entry, or re-entry, point into formal financial services. The prospect of catering to their other financial needs in a more connected, holistic way is what motivates us to work towards resolving an immediate, yet complicated challenge of unlocking access to fair credit.

Financial technology start-ups such as Ratesetter and Lendable pose a significant threat to the dominance of established banks in the UK’s £200bn personal loans market, according to new research.

In the ‘Battling for Buyers’ report, behavioural science experts Decision Technology (Dectech) explore consumer openness to fintech providers across a range of banking products, such as loans, current accounts, and mortgages. The experiments found consumers are more open to considering fintechs for personal loans than for other products.

Nearly half (43%) of consumers are happy to choose a fintech provider for a personal loan. This compares to one in three (33%) being open to having their current account with a fintech and only one in four (26%) considering a fintech for a savings account.

The research shows that one of the biggest barriers to fintechs is low brand recognition. The most recognised fintech brand, online investment manager Nutmeg, was only recognised by one in four (26%) consumers, compared with five out of six (83%)recognising Virgin Money, the least recognised big bank. Few fintech firms were found to have name recognition in double figures.

According to Dectech, behavioural science may provide the answer to why consumers are willing to consider a fintech provider for some banking products more than others. The report explains that loss aversion – people’s tendency to be more sensitive to potential losses than potential gains – means customers are more willing to trust unrecognised brands when borrowing money than when saving.

In addition, the research found consumers on average change personal loan provider once every three years, versus once every 12 years for a current account. Due to the higher churn rate and greater openness to new competitors for personal loans and other borrowing products, Dectech recommends that banks focus their efforts on these markets.

The report suggests established banks emphasise the trust that comes from being an established brand to hold onto customers in savings markets, while ensuring their offer remains competitive for lending products, where established banks are more liable to be outcompeted on price and speed in lending by newcomer brands with lower overheads.

Dr Henry Stott, Director of Decision Technology, said: “These findings are a stark warning to incumbent banks. There is considerable consumer appetite for fintech providers already, especially when buying products based on price rather than brand trust. As name recognition for challenger brands increases, the threat they will pose will do likewise, and we’d expect them to start taking market share across a wider range of products.

“Established banks should pick their battles, leveraging trust in their brand for savings products where customers are more focused on reliability and aiming to stay competitive on price and speed for lending products where customers are most open to newcomers.”

(Source: Decision Technology)

Marlene de Sousa Teixeira is Founding Partner of Teixeira & Guimarães, specializing in Banking and Finance and advising and representing both national and global companies. Marlene believes that today’s society needs focused, assertive and faster answers, and that the standard model of a full-service legal firm is becoming less attractive. Here she offers her insights into dispute resolution in Portugal and the challenges that her clients face.

 

Can you provide a brief overview of the dispute resolution process in Portugal?

The dispute resolution process in Portugal, from a technical point of view, has considerably evolved in the past. Being from a different nature when compared to common law countries, the process is based on Civil Law and its general and abstract legal standards apply to generality and abstraction of situations and where judge-made law has a different value than that of common law countries. This results in better legal certainty in regards to the different kind of economic players, since the kind of interpretation of the ruling is also determined legally.

In regards to less positive aspects, in Portugal, we are faced with frequent delay in the delivery of verdicts. However, this does not mean the decisions are more or less fair, or that the quality of the verdicts is not good enough.

 

How important can it be to resolve disputes as quickly as possible? What are the challenges you face as a lawyer tasked with understanding the technical nature of a business so that a speedy resolution can be found?

The resolution time of a dispute should always be a variable to be taken into account in all matters that relate to coming up with a solution. Understanding the technical nature of a business will not help you make a faster or slower decision. It is clear that if you understand the core of a business, you are going to be assertive and efficient, but the problem is not going to be settled faster because of your know-how. Yet, the know-how will provide you with several other advantages and will introduce you to more hypotheses.

 

Which types of disputes are you normally called upon to help resolve? How do you develop the best strategy for resolving a dispute?

Usually, I am called to intervene in cases of financial, banking and civil nature – that is my main area of expertise. In fact, T&G was the first law firm in Portugal to be certified by the new standard EN NP ISO 9001:2015 within credit litigation.
Regarding the strategy procedures, the best way to think about it is getting to know the interests in a dispute, because a good strategy doesn’t necessarily mean a winning strategy. In many circumstances, a good strategy means acting in a certain way, regardless of the verdict.

 

Are there any business sectors that are particularly prone to commercial disputes? What do you attribute this to?

In the past few years, Portugal has witnessed the development of our financial industry. A number of national courts are clogged with mortgage foreclosures and debt recovery lawsuits on unsecured credits. It is clear that a lot of these litigation proceedings were due to the economic situation.

Although this has improved in the past few recent months, it is easy to identify a pattern and easily predict that lawsuits related to foreclosures or debt recovery will definitely continue to be relevant.

 

Website: http://www.tesg.pt/

It’s the end of another Black Friday weekend, the annual event that has transformed the retail calendar and kicks off the festive shopping season for eager shoppers the world over. Below Karen Wheeler, Country Manager and Vice-President, Affinion UK, tells Finance Monthly both traditional and challenger banks could be missing an opportunity and should take inspiration from what retailers are doing during Black Friday.

In the UK alone, £1.4bn was spent on online sales in the UK on Black Friday – an increase of 11.7% on last year, according to online retailers trade body IMRG.

Given the amount of hype and expectation, it’s not surprising to see that banks are slowly waking up to how they too can be inspired by the retail world, and capitalise on this golden window of opportunity. Starling Bank, for example, was offering customers the opportunity to earn 10 per cent cashback on their online shopping on Black Friday and Cyber Monday (up to a total of £25) if they invite one person to join the bank with a referral code.

A missed opportunity

But aside from Starling, there are few examples of other banks experimenting with Black Friday offers, incentives and deals, and I think this is a huge missed opportunity. At a key time for consumers looking for discounts and extra value, could they be doing more to find new ways to make their customers happy, and generate goodwill and loyalty that extends beyond the Christmas period?

Of course, the understandable challenge for banks is that there is less of a natural seasonal spike for them to build momentum towards. Whilst retailers can live or die depending on their performance during the critical Christmas season, banks need to offer a consistent and engaging customer experience all year round. So how can providers give their customers the ‘Black Friday feeling’ every day of the year?

  1. Surprise and delight customers – What makes Black Friday a success is the sense of the anticipation and surprise that it brings. Starling’s offer is a good example of capturing the festive zeitgeist, but instead of being a one-off purchase, it’s the start of a relationship with a customer built around meeting an everyday need. For banks, the opportunity is therefore to find moments where they can offer practical, relevant solutions which help customers to manage their lives, delivered in a personalised way which makes them feel special.
  2. Personalisation is crucial – With reams of data available, there is no excuse for banks to make generalisations or assumptions about their customers, particularly at a time when life milestones are more fluid than ever. Barclays is doing this right, with its Life Moments proposition that lays out key considerations for events such as going to university, buying a house or having a baby – without any reference to age groups or gender. More channels and touchpoints mean more opportunity to collate data on each customer and build a picture of their lives into a ‘segment of one’, meaning every interaction should be relevant, engaging and valued.
  3. Think outside of the box – According to the British Banking Association, there were 19.6 million banking app users across the UK in 2016, with 159 logins occurring every second. This means banks have a huge opportunity to capitalise on this high frequency of interactions and ask themselves: how can we build on this, what more can we offer our customers? We know from our partnerships with some of the UK’s leading banks that in order to build long-term loyalty, it’s essential to provide solutions for other relevant parts of their lives to deepen the engagement.

It will be interesting to see if more banks trial Black Friday offers and promotions in the years to come. However, banks’ relationships with their customers aren’t only important during the last weekend in November.

This is why it’s crucial to find new ways to engage, surprise and delight customers throughout the year; both meeting and predicting their needs and becoming an increasingly important part of their lives to build long-term relationships and encourage loyalty.

The Top 5 Impacts of GDPR on Financial Services

The clock is ticking to the 2018 deadline to comply with the EU General Data Protection Regulation (GDPR). Acting now is critical for firms to avoid risking fines of €20m (or 4% of annual revenue) so advance planning and preparation is essential. Here Nathan Snyder, Partner at Brickendon, lists for Finance Monthly the top five considerations and impacts GDPR will have on financial services.

Amidst growing concerns around the safety of personal data from identity theft, cyberattacks, hacking or unethical usage, the European Union has introduced new legislation to safeguard its citizens. The EU General Data Protection Regulation aims to standardise data privacy laws and mechanisms across industries, regardless of the nature or type of operations. Most importantly, GDPR aims to empower EU citizens by making them aware of the kind of data held by institutions and the rights of the individual to protect their personal information. All organisations must ensure compliance by 25th May 2018.

While banks and other financial firms are no strangers to regulation, adhering to these requires the collection of large amounts of customer data, which is then collated and used for various activities, such as client or customer onboarding, relationship management, trade-booking, and accounting. During these processes, customer data is exposed to a large number of different people at different stages, and this is where GDPR comes in.

So, what does the introduction of GDPR actually mean for financial institutions and which areas should they be focussing on? Here Brickendon’s data experts take a look at five key areas of the GDPR legislation that will impact the sector.

1. Client Consent: Under the terms of GDPR, personal data refers to anything that could be used to identify an individual, such as name, email address, IP address, social media profiles or social security numbers. By explicitly mandating firms to gain consent (no automatic opt-in option) from customers about the personal data that is gathered, individuals know what information organisations are holding. Also, in the consent system, firms must clearly outline the purpose for which the data was collected and seek additional consent if firms want to share the information with third-parties. In short, the aim of GDPR is to ensure customers retain the rights over their own data.

2. Right to data erasure and right to be forgotten: GDPR empowers every EU citizen with the right to data privacy. Under the terms, individuals can request access to, or the removal of, their own personal data from banks without the need for any outside authorisation. This is known as Data Portability. Financial institutions may keep some data to ensure compliance with other regulations, but in all other circumstances where there is no valid justification, the individual’s right to be forgotten applies.

3. Consequences of a breach: Previously, firms were able to adopt their own protocols in the event of a data breach. Now however, GDPR mandates that data protection officers report any data breach to the supervisory authority of personal data within 72 hours. The notification should contain details regarding the nature of the breach, the categories and approximate number of individuals impacted, and contact information of the Data Protection Officer (DPO). Notification of the breach, the likely outcomes, and the remediation must also be sent to the impacted customer ‘without undue delays’.

Liability in the event of any breach is significant. For serious violations, such as failing to gain consent to process data or a breach of privacy by design, companies will be fined up to €20 million, or 4% of their global turnover (whichever is greater), while lesser violations, such as records not being in order or failure to notify the supervisory authorities, will incur fines of 2% of global turnover. These financial penalties are in addition to potential reputational damage and loss of future business.

4. Vendor management: IT systems form the backbone of every financial firm, with client data continually passing through multiple IT applications. Since GDPR is associated with client personal data, firms need to understand all data flows across their various systems. The increased trend towards outsourcing development and support functions means that personal client data is often accessed by external vendors, thus significantly increasing the data’s net exposure. Under GDPR, vendors cannot disassociate themselves from obligations towards data access. Similarly, non-EU organisations working in collaboration with EU banks or serving EU citizens need to ensure vigilance while sharing data across borders. GDPR in effect imposes end-to-end accountability to ensure client data stays well protected by enforcing not only the bank, but all its support functions to embrace compliance.

5. Pseudonymisation: GDPR applies to all potential client data wherever it is found, whether it’s in a live production environment, during the development process or in the middle of a testing programme. It is quite common to mask data across non-production environments to hide sensitive client data. Under GDPR, data must also be pseudonymised into artificial identifiers in the live production environment. These data-masking, or pseudonymisation rules aim to ensure the data access stays within the realms of the ‘need-to-know’ obligations.

Given the wide reach of the GDPR legislation, there is no doubt that financial organisations need to re-model their existing systems or create newer systems with the concept of ‘Privacy by Design’ embedded into their operating ideologies. With the close proximity of the compliance deadline – May 2018 – firms must do this now.

Failing to do at least one of the following now: a) identify client data access and capture points, b) collaborate with clients to gain consent for justified usage of personal data, or c) remediate data access breach issues, will in the long run not only cause financial pain, but also erode client confidence. A study published earlier this year by Close Brothers UK, found that an alarming 82% of the UK’s small and medium businesses were unaware of GDPR. Recognising the importance of GDPR and acting on it is therefore the need of the hour.

Against the backdrop of transformative technologies and the latest regulations, Graham Lloyd, Director and Industry Principal of Financial Services at Pegasystems, identifies for Finance Monthly what types of challenges financial services will have to navigate in their journey through 2018.

Successful social mediaThe growing discrediting of social media content and its practices comes at an awkward time for banks. The last thing they need is association with anything that could contribute more mistrust to their profile, but they cannot afford to ignore a powerful channel with such reach and strong links to here-and-now impact. It will be interesting to see how banks learn to handle social media with success.

Evolving customer engagementSocial media is just one element of customer engagement and there are far bigger issues on the horizon – digestibility, cost and effectiveness. Data mining is now so huge and its outputs so great that we should perhaps be referring to ‘big insights’ as there are so many of them. For most players, the problem is how to work out which insights to leverage within whatever time and budget constraints prevail.

Time to tackle trade financeWith trade finance risk-weighting kicking in properly in March 2019, we are entering the home straight for finalising the necessary business changes. Most players will presumably look to offset some of the costs of introducing capital requirements in this hitherto largely unweighted portfolio by seeking greater productivity/process efficiencies.

The truth is out about challengers! – Thus far, challengers and Fintechs have been portrayed as somewhere between a benediction and a panacea. The great generic USP – “we’re not a traditional bank” – has helped them weather all sorts of issues from low take-up to sub-optimal IT to almost-but-not-quite products, with scarcely a hard question asked. But the honeymoon period may be drawing to a close, and even in combination, they have still to take any serious market share away from big/traditional banks.

Possibilities of PSD2 – In the final run up to PSD2, there are sizeable revenue opportunities for a bank positioning itself as the ‘destination of choice’ for PISPs (Payment Initiation Service Providers). These new players will gravitate towards the banks offering a higher service standard and the least hassle, as the effects will flow through to the PISPs’ own customers and their expectations of security, certainty and convenience. Banks stand to recapture not only some of their own lost transactions, but also some which have flowed out of their competitors.

Banks that demonstrate low fraud rates will be able to offer frictionless customer experience by escaping legal requirement for extra authentication.

The upcoming Payment Services Directive - due to come into full force in January - has the sometimes competing objectives of facilitating innovation while also strengthening security and protecting customers.

New technology developments in the industry have been known to create sharp increases in the amount of fraud. Losses due to online banking fraud grew by 64 percent from £81.million in 2014 to reach £133.5million in 2015. Yet, high levels of investment in fraud detection and prevention technologies by banks have now helped to reverse the trend - with losses falling 24% in 2016.[1]

The developments under PSD2 will require a new emphasis on tackling the issue. The number of payment service providers who have access to customer data will increase. A greater range of companies will become part of the transaction chain.

Whilst the PSD2 seeks to bring more frictionless transactions for customers, it also includes a legal requirement for payment service providers to use Strong Customer Authentication (SCA) if their fraud detection and prevention rates are not robust enough. Firms will pay a double price if fraud rates increase after PSD2, as they will be required to introduce more friction into the customer experience of payments.

As PSD2 opens up the transaction chain to more providers, Farida Gibbs, of technology consultancy Gibbs Hybrid, warns that banks will have to adapt their fraud detection systems, but can use their fraud prevention capabilities to deliver real competitive advantage.

Farida Gibbs, CEO of Gibbs Hybrid, comments: “As Open Banking creates increased competition in payment services, it will be increasingly important for banks to demonstrate low levels of fraud. SCA, which requires added authentication from the user and can result in customers searching for an alternative payment processor, which is able to process payments without this layer.

“Banks and other financial services firms have put a lot of time and effort into technologies behind fraud detection and prevention. Technology that enables a firm to pick up early warning signs of fraud and promptly send text and email alerts to customers, for example, has been very important in keeping losses to a minimum. And banks have had to implement this despite the challenges of legacy systems and outdated technology processes.

“Their success in reducing the level of fraud losses through online banking is testament to the forward-thinking work that is being done. This will become even more important as Open Banking approaches.

“The legal requirement to put in place Strong Customer Authentication (SCA) will create much greater friction for consumers, but those firms who are able to demonstrate outstanding fraud management will be allowed to use Transaction Risk Analysis (TRA) instead. This has the great benefit of being invisible to customers, introducing no further delays into their payments.

“Analysing transactions behind the scenes for unusual behaviour is not a new method, and is one that banks should be able to adapt to the demands of the new Open Banking environment. The stakes are high – if they can demonstrate success in this area, providers will be able to create a great customer experience for payments, whilst keeping security uncompromised.”

(Source: Gibbs Hybrid)

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free monthly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every month.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram