44% of requests were processed after detection of an attack during an early stage, saving the client from potentially severe consequences. These are among the main findings of Kaspersky’s latest Incident Response Analytics Report.

It is often assumed that incident response is only needed in cases when damage from a cyberattack  has already occurred and there is a need for further investigation. However, analysis of multiple incident response cases which Kaspersky security specialists participated in during the 2018 shows that this offering can not only serve as investigative, but also as a tool for catching an attack during an earlier stage to prevent damage.

In 2018, 22% of IR cases were initiated after detection of potential malicious activity in the network, and an additional 22% were initiated after a malicious file was found in the network. Without any other signs of a breach, both cases may suggest that there is an ongoing attack. However, not every corporate security team may be able to tell if automated security tools have already detected and stopped malicious activity, or these were just the beginning of a larger, invisible, malicious operation in the network and external specialists are needed. As a result of incorrect assessement, malicious activity evolves into a serious cyberattack with real consequences. In 2018, 26% of investigated “late” cases were caused by infection with encryption malware, while 11% of attacks resulted in monetary theft.19% of “late” cases were a result of detecting spam from a corporate email account, detection of service unavailability or detection of a successful breach.

“This situation indicates that in many companies there is certainly room for improvement of detection methods and incident response procedures. The earlier an organisation catches an attack, the smaller the consequences will be. But based on our experience, companies often do not pay proper attention to artifacts of serious attacks, and our incident response team often is being called when it is already too late to prevent damage. On the other hand, we see that many companies have learned how to assess signs of a serious cyberattack in their network and we were able to prevent what could have been more sever incidents. We call on other organisations to consider this as a successful case study,” said Ayman Shaaban, security expert at Kaspersky

Additional findings of the report include:

• 81% of organisations that provided data for analysis were found to have indicators of malicious activity in their internal network.
• 34% organisations exhibited signs of an advanced targeted attack.
• 54.2% of financial organisatons were found to be attacked by an advanced persistent threat (APT) group or groups.

To effectively respond to incidents, Kaspersky recommends:

• Make sure the company has a dedicated team (at least employee) responsible for IT security issues in company.
• Implement backup systems for critical assets.
• To respond in a timely manner to a cyberattack, combine in-house IR team as a first-line of respond and contractors to escalate more complex incidents.
• Develop an IR plan with detailed guidance and procedures for different types of cyberattacks.
• Introduce awareness training for employees to educate them on digital hygiene and explain how they can recognise and avoid potentially malicious emails or links.
• Implement patch management procedures to have software updated.
• Regularly conduct security assessment of your IT infrastructure.

Almost a year in, is MiFID 2 fit for purpose, and what needs to be done to make sure that financial services companies start to comply? Below Matt Smith, CEO of SteelEye, explains.

Failure to comply implied threats of reputational damage and harsh fines from the FCA and so, come implementation day on January 3, those firms which hadn’t digested MiFID II’s 1.4 million paragraphs of rules in time were left living in fear of a crackdown from regulators.

Eleven months in, that crackdown has yet to materialise. And while a number of firms have undertaken the effort and expense to implement MiFID II’s myriad rules in full and have hopefully reaped the benefits of doing so, an equally substantial number haven’t – and regulators appear to be turning a blind eye.

This ‘softly, softly’ approach by the FCA has been picked up by commentators. Gina Miller, head of wealth manager SCM Direct, recently called for the Treasury to investigate the FCA for its failure to enforce MiFID II. This was in response to an April investigation which uncovered fifty firms in breach of MiFID II’s transparency rules. Despite receiving this dossier, the FCA wrote only to eight of the firms.

Given the breadth and complexity of MiFID II, most in the industry weren’t surprised that the FCA didn’t react strictly to non-compliance immediately after January 3. Equally as important as complying with MiFID II was that the markets affected by it continued to function effectively – which necessitated giving some time for the new rules to settle down.

But the lacklustre approach of the FCA is less understandable now we are approaching the anniversary of MiFID II’s implementation day. At the very least, it is unfair to those firms which took the time, trouble and expense to comply with MiFID II right from its implementation date – particularly smaller companies lacking substantial in house resources in technology and compliance.

The FCA’s unwillingness to enforce MiFID II is, unsurprisingly, having an effect on the number of firms making an ongoing effort to comply. As evidence, ESMA recently published its data completeness indicators, which showed a significant shortfall in companies’ compliance with ESMA’s data filing requirements – often submitting unsatisfactory data that is incomplete or late.

Ongoing ambiguity with MiFID II’s rules may be in part to blame. In the build up to MiFID II, many firms didn’t seem to fully understand what was actually required of them. This knowledge deficit was worsened by a lack of clear guidance from the FCA, which has continued.

Across the industry, the FCA has been criticised for this ambiguity, arguing that it makes it near-impossible to comply with the regulation. Even within firms, individuals have come to different interpretations of the rules and, throughout the industry, there is little coherence when it comes to compliance and what needs to be done by when.

The FCA has claimed that its soft approach to enforcing compliance is soon to end, meaning firms could soon have to embrace MiFID II or risk being left behind. But with ambiguity remaining and a number of hurdles ahead, many in the industry are beginning to wonder if the FCA even knows what exactly it is going to be enforcing.

The shadow of Brexit looms large and the future of London as a financial hub is still unclear, as is definitive information on what regulatory regime will apply: a paper backed by ex-Brexit Secretary David Davis suggests numerous reforms to MiFID II. Moreover, the form and scope of MiFID II could soon be set to change considerably, with MEP Kay Swinburne already hinting at the possibility of a MiFID III.

This leaves both the FCA and financial services firms flying blind when it comes to both compliance and enforcement. This climate of uncertainty puts on hold the achievement of MiFID II’s goals of increasing transparency, investor protection and market competition.

If these goals are to be realised, a more responsible stewardship of its own rules – and uniform implementation of them – must be enforced by the FCA. If the FCA delivers on what it promised with MiFID II, out of enforcement a more transparent, competitive and efficient industry should emerge.

The 05: Do Not Honor card declined response is the most common and general ‘decline’ message for transactions that are blocked by the bank that issued the card. This week Finance Monthly hears from Chris Laumans, Adyen Product Owner, on the complexities of this mysterious and vague transaction response.

05: Do Not Honor may be the largest frustration for any merchant that regularly analyses their transactions. Although it frequently accounts for the majority of refusals, it is also the vaguest reason, leaving merchants and their customers at a loss about how to act in response.

Although unfortunately there isn’t an easy, single answer about what this refusal reason means, there are several suggestions as to what could be the cause behind the non-descript message. So what might the 05: Do Not Honor mean? From our experiences analysing authorisation rates and working with issuers and schemes, here are some plausible explanations.

Insufficient funds in disguise

In probably half of the cases, 05: Do Not Honor is likely just an Insufficient Fund refusal in disguise. Reality is that some issuers (or their processors) do a poor job of returning the appropriate refusal reasons back to the merchants. This is both due to the use of legacy systems at the issuer side as well there being no mandates or monitoring by the schemes on this, letting issuers continue to use it as a blanket term.

By looking at the data from various banks, it is easy to see how “Do Not Honor” and Insufficient Funds can often be used interchangeably. Records that show a disproportionately high level of Do Not Honor and a low level of Insufficient Fund refusals would suggest one masquerading as the other. Given that Insufficient Funds is one of the most common refusal reasons, 2^nd maybe only to “Do Not Honor”, it makes sense that “Do Not Honor” by some banks may actually represent Insufficient Funds.

Refusal due to credential mismatches

Although the words “Do Not Honor” aren’t the most revealing, sometimes other data points in the payment response can be clues for the refusal. Obvious things to look at are the CVC response, card expiry date, and, to a lesser extent, the AVS response. For lack of a better reason, issuers will frequently default to using “05: Do Not Honor” as the catch-all bucket for other denials.

Suspicion of fraud

The most appropriate use of “05: Do Not Honor” would be for declining transactions due to suspicious activity on the card. In some cases, although the card is in good standing and has not been reported lost or stolen, an issuer might choose to err on the side of caution due to a combination of characteristics on a given transaction. For example, a high value transaction made at 3am from a foreign based merchant without any extra authentication, likely will trigger a few too many risk checks on the issuer side. These types of refusals will again unfortunately be designated into the “05: Do Not Honor” category, with merchants drawing the short straw. Even though issuers may be able to point to specific reasons why the transaction was refused, issuers have no way to communicate this back to the merchant.

Some astute merchants might point out that issuers should be able to use “59: Suspected fraud” in these cases. Some issuers however remap these 59 refusal reasons to 05 before sending the response to the acquirer to protect store owners in the POS environment and avoid uncomfortable situations with the shopper standing in front of them.

Collateral damage

Finally, the reality is that your likely not the only merchant that a given shopper interacts with. Regardless of how good your business is or how clean your traffic is, a shopper’s recent history with other merchants will influence the issuers decision on your transaction. For lack of a better reason, the catch-all 05: Do Not Honor refusal in some cases be seen as “Collateral damage”. If the shopper coincidentally just made a large purchase on a high-risk website or went on a shopping spree before reaching your store, there is the possibility that the issuer may decline the transaction at that moment in time. In these cases, there is unfortunately very little that can be done, except to ask for another card or to try again later.

Hopefully this helps shed some light on the possible reasons why ‘05: Do Not Honor’ is so dominant in the payment space and that there is no single reason for this response. Adyen’s advice to dealing with these refusals is to look at the data at individual issuer/BIN levels and from there, try to distil patterns particular to those bank’s shoppers.

Private equity firms have slowly started to push loans that have restrictions on which investors the debt can be sold to, limiting the amount of bargaining that can take place. Stephen Hazelton, Founder and CEO of Street Diligence, explores with Finance Monthly the long-term impact eroding this protection for investors will have.

Despite the rapidly moving trend toward covenant-lite leveraged finance transactions, which are expected to continue well into 2017-18, many investors are concerned about the ongoing impact of the lack of maintenance covenants, historically demanded by lenders to riskier companies.

With private equity firms starting to push loans with aggressive covenant language that essentially restricts lenders’ bargaining power in times of distress, Stephen Hazelton, Founder and CEO of Street Diligence, a leading provider of fixed income analytics on bonds and bank loans, explores the long-term impact of these eroding lender protections.

The landscape for loan issuance and direct lending of late has shifted in significant and impactful ways for, both, corporate debt issuers and lenders. The implications are not only material but long term, in that covenant terms and conditions negotiated today will have an impact in good times and in bad.

How Did We Get Here? Let’s first explore the market shift and the reasons behind it. The financial crisis of nearly a decade ago resulted in a fundamental shift in the regulatory environment. Credit investing and bank lending at the bulge bracket, global banks became challenging, resulting in a capital flow into less regulated investment vehicles, including business development corporations (BDCs) and private direct lending investment vehicles. With so much capital shifting to these vehicles, and the subsequent blurring of lines between large-cap syndicated loans and traditional middle market direct lending, the increased competition has led to new entrants and a flood of capital chasing deals. The result meant more leverage for corporate issuers and their private equity sponsors to negotiate and drive better terms.

Deal Term Implications. The resulting landscape has meant a deterioration in negative covenant protections and the loosening of other key terms and conditions. This has led to more flexibility for financial engineering at the CFO’s office of these loan issuers, better “base case” return scenarios for private equity sponsors and, conversely, declining return expectations for bank loan investors, direct lenders and their own investors.

Loosening Covenant Protections. Broadly speaking, the changing covenant terms in this market boost issuers and their sponsors by eroding lender returns in the event an issuer executes on its plan and doesn’t come close to an event of default. Additionally, in the event all doesn’t go to plan and the issuer struggles, deteriorating recovery rates for lenders can be expected under these looser conditions. Let’s have a look at a few key trends.

Mandatory Prepayments: Lenders typically recover a small portion of the loan annually in the form of a prepayment, which depending on various factors can mean up to 10-15% of the face value is repaid prior to maturity. This repayment hedge in favor of the lender has been declining of late, meaning a smaller cumulative prepayment amount. This hurts lenders, as it removes one of their monitoring tools to force struggling issuers to the negotiating table and benefits issuers in the form of more advantageous cash flows.

Excess Cash Flow (ECF) Sweep: The ECF Sweep provision mandates that excess cash flow, as defined by the deal documents, must be apportioned, in part, to early repayment of the loan obligation. Typically, the ECF sweep requires 50% of excess cash flow be repaid to lenders in advance of maturity. Additionally, in most cases, as an issuer deleverages its balance sheet, the ECF sweep requirements also decline from 50% to 25% and, in some cases to zero. This market is pushing ECF sweep requirements down on a percentage basis in addition to softening the requirements for the stepdown over time. Consequently, with relatively minor improvements in credit profiles, issuers are retaining more cash if they so choose.

Equity Cure: When issuers are operating under stress or distress, the equity cure provision provides private equity sponsors with a “get out of jail” card to use in an effort to avoid an event of default. When used, the equity cure allows a sponsor to provide a cash infusion to the issuer. Critically, this infusion can be treated as EBITDA for the purposes of calculating the issuer’s maintenance covenants, namely their financial covenants. The violation, or threat, of a violation of a financial covenant is a common impetus for a lender renegotiation, so a solid equity cure provision can be valuable in times of stress. Equity cures typically provide for an annual limit and a lifetime limit, the latter of which is increasing from the standard 3 to 4 times, which can be an acute advantage to an issuer in trouble.

EBITDA Definition: Not all EBITDA definitions are created equal. In fact, each issuer generally customizes their definition for the purposes of calculating covenant thresholds and maintenance tests. Herein lies an opportunity for the issuer to insert soft add-backs to their EBITDA equation and soften the depending covenant restrictions. We are seeing increasingly aggressive add-backs, particularly as they relate to future costs savings, business optimization expenses and other pro-forma line items. The add-back caps (as a percent of total EBITDA) that lenders use as levers to combat this are trending in favor of the issuer.

Deal terms are ever-changing, sometimes in subtle ways, but the trend in this market is clearly in favor of the issuer and their sponsor-led private equity deals. As an issuer, the climate is ripe for new issuance and refinancings through a competitive underwriting process.

According to Forbes, voters concerned about immigration helped swing both the Brexit vote and the election of Donald Trump to the winning ends, but this goes beyond the UK and US’ big socio-political decisions. In many countries now workers are putting pressure on lawmakers to oppose the perceived threat of immigration.

This in turn allegedly affects regional and sector markets and the global economy a great deal. This week Finance Monthly heard from several specialist sources on the various ways immigration changes and public opinion on immigration are or aren’t shaping local and global economies.

Tijen Ahmet, Immigration Specialist, Shakespeare Martineau:

Positive news about migrant workers is often overlooked. As immigration is regularly at the forefront of news and political debate, migrants - whether filling highly-skilled or low skilled jobs - often bring benefits to their host country that directly impact on global business.

The invaluable knowledge and talent from the highly skilled, and the filling of key occupations by the low skilled, can decrease unemployment and increase income capacity with no negative influence on public finances. Most significantly, migrants allow businesses to expand their workforce to meet their growth potential.

UK corporates across the retail, IT and financial services sectors in particular, are beginning to seek their migrant workforce from new markets that they would not have ordinarily considered, forming alternative relationships with fresh customer markets.

There is an assumption that all migrant workers are low skilled and this just isn’t the case. Migrants from a global arena not only fill talent deficits in the host labour market, but can also offer a diverse skillset that may be lacking in the host country. Such skills can generate more cross-border new business opportunities by opening communication up to new markets, while knowledge transfer can assist in upskilling existing co-workers.

Due to restrictions of free movement between the UK and EU global businesses have the opportunity to select the most suited candidate from a much wider pool of talent by casting the net more widely.

With Brexit negotiations unfolding, it is likely that immigration laws will continue to change frequently and directly impact global businesses as a result. Such quick changes to immigration laws, such as those revealed in the Queen’s Speech can cause significant instability in currency markets, causing drastic fluctuations.

Although businesses with bigger profit margins are less sensitive to currency fluctuations, increased exchange rate volatility combined with the complex structures of most global businesses, means that monitoring trading activity is now essential, no matter the size or scale of the business.

The UK’s decision to exit the EU, where immigration was a commonly considered factor for the leave campaign, provided a strong example of fluctuating currency rates. For example, immediately after the Brexit vote there was a sharp drop leaving GBP to EUR 15% lower than pre-Brexit and GBP to USD and AUD down 17%, having a significant direct financial impact on global business.

Guilherme Azevedo, Associate Professor in Business & Society, Audencia Business School:

In December 2015, Prime Minister Justin Trudeau went to Toronto’s airport to receive Syrian refugee families. When handing them winter coats, he repeated many times: “Welcome. You’re safe at home now”. Refugees to Canada arrive as permanent residents and receive support to become full-fledged citizens as swiftly and smoothly as possible. The families are sponsored by local communities, bodies of government, churches, and individuals who provide them with money and housing for one year. Many of them become economically autonomous and start to give back to society before that year is over.

Trudeau’s statement goes further than expressing the values of solidarity that most Canadians cherish. It makes good economic sense. The integration of migrants into the fabric of a nation has net economic advantages—and even more so to developed economies with low birth rates. Research shows that those who move to a new country in the pursue of a better life work harder, are more entrepreneurial, create more wealth, and even win more Noble Prizes than the rest of the population.

Of course, the results are not so positive when immigrants came to do backbreaking work but receive virtually no rights—as, for instance, those coming to Germany following the 1950’s and ironically called Gastarbeiter (meaning ‘guest-workers,’ as if guests should be expected to do the hard work). Or when, despite French Law and the very principle of égalité saying otherwise, the grandchildren of colonial wars returnees continue to be perceived as second-class citizens. In these cases, full integration will take much longer. But suitable integration helps the host economy to remain vigorous and innovative. Just look at the business, the cultural, and the scientific landscapes in the U.S. and you see the power of first-, second-, and third-generation immigrants. They are the ‘American dream.’

Hence, when it comes to immigration, what is bad for economy is misinformation and ignorance. Trump’s election and the Brexit voting have been the result of populist maneuvers. The Polish plumber, the Mexican rapist, the Islamic fundamentalist, and etcetera (remember the greedy Jew from the Nazi?), are xenophobic fabrications without empirical relevance to national economies. They are mere rhetoric puppets and scape goats.

Populism depends on people believing that a simplistic plan will solve a complex problem, which can only happen if there is misinformation and ignorance. Irresponsible journalism also carries a share of blame on both Trump’s election and the Brexit voting. In the first, the Democrats-inclined media (mostly CCN) gave extraordinary coverage to Donald Trump since the very beginning of the primaries because it was good for the audience rates. When the bad joke went too far, they couldn’t stop it anymore. (But, again, can we consider democratic an electoral system that is so anachronic and so scandalously influenced by big capital?) In the case of Brexit, the British media remained oddly silent for at least a decade of demagogues blaming the fictitious lazy Europeans for their domestic problems. Here goes the simplistic promise: “If your life is not as good as you wished, just exit Europe and the problem will be solved”. Well… that’s not so elementary my dear Watson.

Finally, if we step beyond analyses of national economies and look at the global business, the conclusion remains the same, just more obvious: barriers to migration (as well as barriers to flow of capitals and goods) create distortions to currency fluctuation and to markets’ values, not the other way around. Closing boundaries is a path leading back to economic obscurantism and stagnation.

Bottom line: perceived economic threats due to immigration are hugely overstated. The real problems are ignorance and populisms, which can be solved through decent education systems, responsible journalism, and freedom of speech.

James Trescothick, Senior Global Stretegist, easyMarkets:

In recent times, nothing has provoked more debate or in many cases fear in the general populous more than the immigration topic.  In fact, in 2016 we saw two major surprises, first the Brexit result and then Donald Trump winning the US election.  Many believe the reasons for these surprise outcomes were that voters making their decision based upon their concern about immigration control.

But let’s answer this question; is immigration really a burden or is it actually a benefit?  The answer is it can be both, but it leans towards being a benefit.

How many times have you heard the outcry of “they take our jobs” from those of the public who tend to fear migrants coming into their countries?  Let’s face it, it is often the first protest we get.  But statistically speaking this is more than often not the case as the jobs that migrants take are the jobs that no one wants or are in totally different fields.   The economic impact of migrants can be calculated but looking at the taxes and other contributions they make and deduct the benefits and services they receive.

If of course they receive more than are putting into the economy then they do indeed become a burden, but more often than not, countries have benefitted from immigrants and have seen expansion in economic output in the long term.

When it comes to currency fluctuations and the markets, there is no short-term impact from immigration, as the markets perform based on current and projected economic performance.  The outcome of increased immigrants would not show signs if they are indeed a burden or benefit for many years.

Immigration is really a tool for politicians to spark debate and win votes and not a driving a force for the markets.

We would also love to hear more of Your Thoughts on this, so feel free to comment below and tell us what you think!

Future central bankers in the UK will have to deal with a compromised Bank of England following the government’s intervention in Mark Carney’s management of monetary policy, according to a leading critic of Bank of England policy.

Anthony Evans, an economist at ESCP Europe business School in London, says that the government has overstepped its remit in questioning Mr Carney’s decisions – with some members calling for his resignation.

“The government has effectively reminded Mr Carney that he answers to them – and that is a dangerous mistake. He has responded robustly, and it is unlikely that this will affect how he runs his office – but I believe that this has compromised the position for future central bankers in the UK, with the independence of the central bank being questioned so openly.”

“To call for his resignation is unwarranted – in making forecasts he was only doing his job. Personally, I think that his forecasts are overly gloomy, but he must have absolute independence to make calls as he sees them, or the future efficacy of the Bank of England as an independent body will be questionable. The whole point of the central bank as an independent voice is defeated if policy makers can influence it.”

(Source: ESCP)