Simon Pamplin, technical director at Silver Peak, explores what public cloud is and what its implications are for financial services firms.
Adoption of cloud by financial institutions has risen dramatically over the past five to ten years. Yet this has largely been private cloud rather than the more flexible and scalable public cloud.
In January, however, European financial institutions formed the European Cloud User Coalition (ECUC) to drive public cloud adoption and ensure consistency and enforcement of security standards of cloud’s use. Allied Irish Bank, BAWAG Group, Belfius Bank, Commerzbank, Deutsche Börse, EFG Bank, Erste Group Bank, Euroclear, ING, KBC Bank, Swedbank and UniCredit have all signed up to the ECUC and are participating in the initiative.
This widespread push displays the desire for public cloud in the finance industry, and there are persuasive arguments for the transition from private to public. Although the desire is clearly there for greater use of public cloud, there are key factors that will determine the speed and success of this transition.
Public versus private: an industry ready to shift
The difference between public and private cloud is that, as the name suggests, private cloud is managed internally by an organisation – all the dedicated infrastructure, including the data centre, is managed by a single, owning organisation. Conversely, public cloud is offered to multiple companies by a public cloud provider that runs and maintains the supporting shared infrastructure.
That the finance industry has been cautious in its uptake of public cloud highlights the essential need for top security for banks and other financial service organisations. The industry in particular is subject to strict compliance legislation across Europe, and organisations may choose private clouds as a means to ensure they are indeed complying.
Adoption of cloud by financial institutions has risen dramatically over the past five to ten years.
Another issue is that of vendor lock-in, as companies may worry of their complex cloud infrastructures being guaranteed by a single cloud provider – this reliance can hurt market competition, as it prevents companies easily switching between vendors.
It is these concerns that the ECUC seeks to address by defining and communicating what requirements have to be met in Europe for public cloud to become a feasible option for financial organisations. There are, after all, some clear benefits.
The first and foremost benefit of transitioning to public cloud is cost. Supporting cloud infrastructure is an expensive and labour-intensive process – smaller, newer organisations in the industry may find the possibility of private cloud beyond their resources, especially given the stringent cybersecurity standards that the financial world requires.
Adding to this, public cloud providers do offer a top rate service uniquely tailored for organisations – they are excellent at what they do, and a multitenancy business model allows them to allocate resources in a distilled and highly efficient manner. By delegating cloud to an expert third party, finance organisations free themselves from the operational headaches of enterprise IT administration.
The network must facilitate financial public cloud use
A key criterion for the use of public cloud is that when implemented, financial organisations can be sure their data is safe. However, the secure use of public cloud services lies in infrastructure and vitally the wide-area network (WAN).
Before the public cloud transformation in the industry can advance, organisations must transform their networking infrastructure. In essence, traditional WAN architectures have been obsoleted by the cloud, and private cloud security can only be guaranteed through advanced WAN solutions, such as an SD-WAN.
[ymal]
The drive towards public cloud will enable the financial industry to enjoy its full benefits – greater accessibility, lower cost, and increased market competition. However, first, coordination with European public cloud providers and transformation of the organisational network must be accomplished to assure success.
It has caused a massive global economic shock that economists describe as three times worse than 2008’s financial crisis. Additionally, workforces are learning how to deliver services from outside their usual working environment. Andy Campbell, global solution evangelist at FinancialForce, shares his insight on the effect this is having and how firms can overcome their new difficulties.
Pre-pandemic, businesses were already facing external pressures to adapt. The transition to a services economy, and an increased expectation for high-quality customer experience moved the goal posts for many firms. This combination of external factors has necessitated companies to make changes on a scale and a rate never seen before. Those that fail to make the necessary changes run the risk of being left behind.
Many companies have started to adopt cloud-based systems to enhance specific business functions and processes, most notably in the front office. However, thus far they have been unable to combine all their activities in the cloud. While it is a step in the right direction to see this increased focus on process optimisation, organisations will keep suffering from inefficiencies until they unite around one overarching cloud strategy.
Broadly speaking, there are five key pain points that businesses must address in order to thrive in the future.
Antiquated and unreliable processes
There are many difficulties when it comes to operating a global enterprise. For instance, regional teams may have their own unique local capabilities and requirements. This results in individualised local tactical solutions being developed that run side-by-side with the systems that the company uses on a global scale.
Tensions often arise between the delivery level, where quick fixes take place, and the global level, where greater consistency is required. This disjointed approach to applications development results in inefficient business processes and centralised solutions that are antiquated, difficult to maintain and inflexible.
There are many difficulties when it comes to operating a global enterprise.
The speed of business change continues to increase and out-of-sync processes slow down a firm’s ability to respond. For example, a fragmented systems architecture usually compromises the quality and timeliness of data, causing decisions to be delayed as well as ill-informed. A united strategy is required to oversee the entire opportunity-through-delivery process.
Fragmented customer service
With businesses in all sectors becoming increasingly customer-focused, elevating customer experience should be central to decision making. Using spreadsheets and bolt-on custom-built software to oversee the delivery process is an inadequate approach. Such short-term solutions are limited in their effectiveness, and they also restrict an organisation’s ability to pivot when faced with changes to the needs of both the market and customers.
Nowadays, employees from across the business come together when working on projects, while instantaneous interactions with customers are required for success. By deploying a single system to oversee the whole opportunity-through-delivery process, an organisation can deliver cohesion and unity throughout the whole customer journey.
Separate data for front and back office
For many companies, the front and back office have not always seen eye-to-eye and when conflicts arise, it is often because of the different systems and processes they use. In an ideal world, the front and back office would combine their datasets, providing everyone with a consistent 360-degree view of the enterprise that includes customer, operational and financial data. However, the reality of the situation is that the front and back office are often siloed, meaning datasets are often nothing alike in terms of accuracy and detail. This has the potential to compromise decision making, hinder the growth of the business and limit the development of fresh new offerings.
By opening up the pathway for information to be shared between the front and back office, companies can align the data between the two and ensure that they are working in tandem, thus eliminating any obstacles to growth.
In an ideal world, the front and back office would combine their datasets, providing everyone with a consistent 360-degree view of the enterprise that includes customer, operational and financial data.
Lack of clarity in ongoing projects
Many organisations need to manage complex projects, with dispersed teams, and project managers who often have their own idiosyncratic means of monitoring progress. This results in employees completing their tasks ‘side systems’, which are invariably poorly integrated across the enterprise.
There are many problems associated with not having an organisation-wide view of ongoing activities, such as poor visibility of project progress, lack of clarity over resource availability and limited understanding of the true cost of project delivery.
Optimising the delivery of service projects, both internal and external, requires a robust platform for management and automation. The impact in terms of both resource utilisation and the effectiveness of project delivery are considerable and for any services business this can translate into significant competitive advantage.
Revenue leakage
Revenue leakage is a constant thorn in the side of many organisations and one of the major issues is that it can appear at so many points in the customer lifecycle. Additionally, if you’re not actively looking for revenue leakage it can go overlooked until it’s too late. Hence why it’s often referred to as a silent killer of businesses.
COVID-19 has exposed gaps in both existing systems and processes. Whilst individually these gaps may appear small, the combined effect in terms of lost revenue and reduced customer service can be considerable.
Issues with data entry and disconnected systems are just two of the many causes of revenue leakage and they typically result in process errors, duplications, reworks and delays. For those organisations that do not deploy a single integrated system to oversee business functions such as planning, producing, and selling, they run the risk of leaking revenue.
[ymal]
However, by utilising the right cloud solution, companies can seamlessly tie the front and back office together, balance real-time resource demand against resource capacity, forecast more effectively into the future, and deliver more predictable business growth. The pace of change is quickening, and in this services economy even the largest firms need to start becoming more flexible and agile.
Finance Monthly hears from Nic Sarginson, Principal Solutions Engineer at Yubico, on emerging trends in data security that may soon be coming to financial services.
This past year has prompted a rise in take-up of digital banking services. As people stayed at home they went online to work, shop, stay in touch and manage their money. While this shift to online banking presents an opportunity to service providers with a digital-first approach, it also presents a target for cybercriminals intent on profiting from data breaches and account takeovers. Banks and their customers are adapting to a new, remote, relationship; as they do, the strength of online security protection will become a greater talking point and, for some institutions, even a source of competitive advantage.
According to some reports, as many as six million people in the UK made the switch to digital banking in March/April last year. Customers setting up their accounts will have created a password/PIN to use with a user ID to gain access. This form of authentication will be familiar from other log-in services; what may be less so is the additional strong customer authentication (SCA) check, such as a one-time passcode generated by a card reader or sent as a text to a registered mobile phone.
Password weaknesses
This second line of defence is incredibly important for financial services, as passwords are notoriously weak at preventing bank account takeovers. Reused passwords render multiple accounts vulnerable should a data breach put this information into the hands of cybercriminals. Passwords can also be guessed with a range of common word and number combinations in use, and bank details are some of the most coveted data breach spoils.
Additional ID checks therefore boost security, but not all forms of stronger authentication are completely resistant to security threats. Mobile-based one-time codes that are so popular with banks, for example, can be vulnerable to SIM-swap and modern man-in-the-middle (MitM) and phishing attacks.
According to some reports, as many as six million people in the UK made the switch to digital banking in March/April last year.
During a MiTM attack the innocent party believes they are communicating with a legitimate organisation, such as their bank, but in reality information is being intercepted and relayed by a malicious third party. It isn’t easy to recognise this type of attack, even for the cyber savvy, as attackers create personalised and convincing communications to trick their targets. Routes in can include unprotected Wi-Fi and manipulated URLs.
In the more widely known phishing attack, people are tricked into parting with personal information such as login details. Phished credentials are then used to gain access to the user’s account and may be tried against other services as part of a multiple account takeover.
Managing the customer experience
For financial services, the strongest possible authentication to protect data and accounts does not always marry with the best customer experience. Each additional check can add time and frustration to the log-in experience, preventing customers from accessing their accounts whenever they want to – if, for example, they are in a mobile-restricted location.
Strong authentication therefore must meet the dual requirement of protecting account details and financial and personal information, while also providing a convenient, preferably frictionless, user experience. Added to that is another consideration - how simple it is to integrate additional authentication into back-end systems for both the existing product portfolio and future innovations. With the rate at which financial services are digitising, and payments moving cashless, this is a challenge most banks will find concerning. The finance industry is also faced with the critical need to ensure compliance with various industry regulations including GDPR, PCI DSS and PSD2 mandates that govern access to sensitive data.
Protecting corporate infrastructure
Financial institutions must also protect access to their own systems and applications. Here, the challenge is exacerbated by the fact that most banking infrastructures are a mix of legacy on-premise systems, and private or public cloud-hosted services. They must all be protected against unauthorised access, a challenge that has been heightened by the rapid transition to large-scale homeworking of the past year.
[ymal]
Finance teams and employees working from unfamiliar locations expand the potential attack surface with home networks and personal devices suddenly a part of a bank’s corporate IT estate. Seamless, convenient and high-assurance multi-factor authentication (MFA) must be in place to protect data and corporate assets so that employees can securely access systems remotely without introducing new risks and vulnerabilities.
Financial services are starting to embrace hardware-based tools such as security keys as a route to strong authentication, which protects business and customer data without inconveniencing increasingly impatient financial customers. When it comes to their financial data, users appreciate authentication devices being something they have, as opposed to something they know, to protect against phishing attacks. For customers, they provide protection for accounts, while in the corporate setting they can secure access to systems and applications. Whether tasked with upgrading a bank’s legacy infrastructure, or a new generation of fintech developers operating solely in the cloud, such an approach can offer seamless integration with operating systems, and conformance with global authentication standards.
If the finance industry is to effectively protect customers and customer data while providing the user experience that today’s consumers expect, they must look beyond basic protection methods to provide strong yet frictionless authentication. It’s shocking that social media accounts are often more secure than bank accounts as of today. Since consumers are increasingly exposed to better protection elsewhere, they'll soon be demanding the same security assurances for their bank account.
Philippe Alcoy, Security Technologies for NETSCOUT, describes the cybersecurity threat facing the financial services sector, the damage it has done and how it can best be safeguarded against.
In 2020, for the first time in history, the annual number of Distributed Denial-of-Service (DDoS) attacks exceeded 10 million. These attacks took place at greater frequency, speed, and strength, enabling attackers to knock out their targets faster than ever before. Now, NETSCOUT is seeing threat actors re-targeting companies who were previously able to prevent being attacked, focusing particularly on the finance industry.
Before looking at DDoS attacks in relation to the financial sector, it is important to understand what a DDoS attack is. DDoS attacks can be described as malicious attempts to make online services unavailable, which is achieved by overwhelming the service with traffic from multiple systems. The industries targeted by these attacks are wide-ranging, from telecommunications and eCommerce to finance and healthcare.
In 2020, the financial sector emerged as a prime target for cybercriminals. NETSCOUT observed that there were more DDoS attacks against the finance industry in the month of June than there were from January to May 2020. In fact, from June to August 2020, there were more attacks against the industry in this period than were seen in total between April 2016 and May 2020. There was also an increase in the speed of attacks that were taking place against the financial sector, with the total throughput of attacks increasing by roughly 4.5 times worldwide.
DDoS extortion campaign
This campaign of DDoS attacks targeting the finance industry was taking place worldwide, with banks, exchanges and other financial services organisations all being hit. But there was something unusual about these DDoS attacks: they were part of an extortion campaign. This involves extortionists demanding a payment via Bitcoin within a specified amount of time prior to or following a demonstration DDoS attack. In most scenarios, when the demands of the attackers aren’t met, the ensuing attack that was threatened does not end up taking place.
In 2020, for the first time in history, the annual number of Distributed Denial-of-Service (DDoS) attacks exceeded 10 million.
More recently however, NETSCOUT has discovered that the same attackers are returning to previous targets. The organisations that were successfully able to mitigate the first DDoS extortion attack are now being retargeted in follow-on attacks, months after the original attacks took place.
The impact of the campaign
The financial sector is a prime focus for this DDoS extortion series and the more recent retargeting campaign because they are perceived to have access to large amounts of money, as well as vast swathes of private data, making them an obvious target for those behind the campaign.
It should be noted that the attackers claim to be part of well-known attack groups, such as ‘Lazarus Group’, ‘Fancy Bear’, and ‘Armada Collective’ to try and boost their credibility and scare their targets into paying up. As such, NETSCOUT has given the attackers the nickname ‘Lazarus Bear Armada’ (LBA).
Unlike other threat actors, these LBA attackers have carried out extensive research into identifying the appropriate email inboxes that are regularly checked and used, to make sure their threats are read by the right people. The increased accuracy of the extortion emails has the potential to cause serious damage to those in the financial sector. It has the capability to disrupt a large number of services used by finance organisations, from online banking platforms and website access to internal systems that help the organisations to operate and fulfil the needs of customers.
A DDoS extortion campaign can lead to institutions losing a large amount of money, even without a ransom being paid, because the initial demonstration DDoS attack results in downtime for part of the company.
An indirect consequence of a DDoS extortion attack is the reputational damage that it can cause. For example, when financial organisations are hit by a DDoS attack, customers may be unable to access their money and financial information, and may feel put off or let down by the organisation not having the appropriate DDoS countermeasures in place.
[ymal]
In order to mitigate the risk posed by DDoS extortion campaigns, financial services organisations must have a solid plan of action in place. It is vital that when organisations are attacked, they know who to contact and notify. This should include key stakeholders, security providers and local regulators. Financial institutions should also learn from previous DDoS extortion campaigns that targeted the industry. For example, there are clear similarities between the DD4BC series of attacks that took place from 2014-2016, and the current extortion campaign, with both targeting the financial sector.
While a DDoS extortion attack can be devastating for those organisations in the financial services sector, providing they have the right protection and plan of action in place, the damage caused by the attack can be kept to a minimum.
Peter Ku, VP and Chief Financial Strategist for Informatica, outlines the challenges posed by the transition and how firms can turn them into opportunities.
The London Interbank Offered Rate (LIBOR) underpins some $240 trillion in financial contracts, and with just 11 months to go until the move to risk free rates, Sterling Over Night Indexed Average (SONIA), financial services firms are under pressure to finalise this complex change programme.
Widely considered one of the biggest transformation programmes undertaken by modern financial services firms, the shift away from LIBOR is a complex business challenge which impacts teams across the business. Failure to adequately prepare represents significant operational risk. Why? Because at the heart of it all is data – what is it, where is it, how is it connected, governed, and made available to the business. Board level committees, cross-functional teams and significant resources have been dedicated to managing this intensive and – at times – painful process. However, it’s not all imposition; there are meaningful upsides to having trusted, governed and relevant data, shifting it from tool to strategic business asset.
The Road Ahead
The Bank of England recently published an updated 2021 Roadmap, outlining key milestones that need to be met in order to prepare for the LIBOR transition. It suggests that by the end of Q1 2021, organisations will have completed the identification of all legacy LIBOR contracts. For banks that have hundreds of systems – each with thousands of indexes – locating and tracking the lineage of this data across all systems is a mammoth task.
After completing the LIBOR data inventory, firms can begin conducting an impact analysis on all existing LIBOR contracts. This is a crucial, in-depth exercise covering a number of areas. What will the financial impact be of switching from LIBOR to SONIA? What is the market, operational, credit and reputational risk? Data quality is paramount to being able to perform accurate analysis and in turn manage risk. It’s important to keep in mind that a change of a single data point will impact multiple systems and, in most cases, hundreds of reports. Therefore, having confidence that the data is accurate and trusted is essential. Finance and accounting teams will need to update risk and valuation models once the risk exposure is identified. These include valuation models, pricing future revenue streams and how those impact daily, monthly and annual reporting.
What will the financial impact be of switching from LIBOR to SONIA? What is the market, operational, credit and reputational risk?
Alongside this work, legal and compliance teams will be working to review and replace fall back language in LIBOR contracts which expire in 2022 and beyond. The roadmap published by the Bank of England working group suggests that firms complete these conversions by the end of September 2021. The success of this maps back to the data inventory, and whether teams are able to determine which systems service which contracts, and adequately address corrupt data.
The singular thread through it all, whether it be those managed by legal and compliance, finance and accounting, or risk management, is a dependency on data that is good for use. Unfortunately, many organisations today still struggle with data quality. There are instances where the correct data just isn’t available, or it’s unclear where the data is located or how it is connected to other indexes. This is a continuous work in progress but the conversion from LIBOR to SONIA is undoubtably driving improvements in the automation and scale of existing data governance projects.
Operationalising Data Governance
The LIBOR transition may be a landmark one, but it certainly won’t be the last challenge for the financial sector, which will continue to face increasing market pressures fuelled by rapidly emerging technologies, global interconnectedness, changing economic and jurisdictional factors, and consumer demands. It is the adoption of cloud-based technologies and steady foundation of intelligent data governance that will deliver sustainability, resilience and efficiency moving forward.
As Chief Data Officers round out these gargantuan programmes, a continued focus on two core areas will accelerate the shift of data governance from an IT-centric discipline to a core business function that empowers all within the organisation to be more data-driven.
First, there needs to be a continued focus on resolving data quality issues. Data quality management should be proactive, measured, monitored, and communicated across all data stakeholders from data engineers, analysts, stewards to executive business decision makers. This will ensure data quality management is transparent, predictable and measurable.
[ymal]
Secondly, users need to leverage tools and technologies to make data governance processes more automated and agile. AI-driven data governance solutions can operationalise data governance by decentralising data stewardship and enabling self-service stewardship to reduce the cost to the business, while still allowing data governance to scale.
Data is the new currency of financial services firms. Forward-thinking organisations will view the overhaul required to move away from LIBOR as a stepping stone to turn data management challenges into opportunities.
Ilia Sotnikov, VP of Product Management at Netwrix, looks at the state of cybersecurity in financial services and the external factors that drive it forward in 2021.
The past year has required financial teams and organisations to review many of their technical processes, especially as employees were forced to work remotely almost overnight. Research shows that 30% of financial organisations feel they are now at greater cybersecurity risk now than they were pre-pandemic. The majority (64%) are concerned about both more frequent cyberattacks and the security gaps caused by remote work – but despite this increased concern about malicious activity, the most reported incidents for financial firms involved human errors.
As a result, 2021 will certainly see financial organisations reassessing their data security policies to be fit for purpose in a post-pandemic digital world. However, given the wide range of financial services emerging, financial organisations today are on very different security maturity levels. Some have consistent ongoing risk management, established processes and dedicated IT security teams. Others just expect IT operations to handle security as part-time assignment. Many financial organisations from the less technically mature side of the spectrum or still heavily rely on legacy systems simply don’t have internal motivation to adopt better security practices.
External pressures for financial services
The good news is that moving into 2021, these organisations will be driven to increase security maturity by external factors: cyber insurance and privacy regulations. With 2021 bringing both new privacy laws and stricter enforcement of existing regulations to minimise the risk of incurring steep fines for compliance failures, businesses will turn to cyber insurance.
The bad news is those policies will come with their own security standards and requirements, such as regular risk assessment and effective detection and response capabilities.
Many financial organisations from the less technically mature side of the spectrum or still heavily rely on legacy systems simply don’t have internal motivation to adopt better security practices.
In 2020, many privacy-related bills were pushed down in priority due to more urgent tasks related to global pandemic. However, this isn’t an issue that will go away. Any British or European businesses that deal with local or international markets have to comply with GDPR – and with Twitter’s recent fine of approximately €500,000 for failing to promptly declare and properly document a data breach marking the first cross-border GDPR ruling, there will be a renewed vigour in the finance industry to ensure compliance. Furthermore, payments-related legislation such as PCI-DSS and PSD2 will face further strains given that a huge consequence of the pandemic has catalysing the move of payments becoming cashless.
A balancing act to compliance and security
This renewed focus on privacy laws require financial organisations to pay more attention to what data they have on hands, how they handle this data, and who is accessing it and why. Failing to document this or to follow documented policies can result in significant fines in case of consumer complaints or a data breach. This may force finance firms to adopt security and data governance practices they did not have in place this year.
The other driving factor for financial firms to revamp their data security measures is cyber insurance. The cyber insurance market is growing rapidly at an impressive 26% CAGR. This growth is fueled by the surge in cyberattacks and businesses seeking to offset their risks, and executives and board members recognising potential breaches or ransomware threats as business risks.
Finance companies are more likely to turn to insurance as an option to deal with the potential cost of these new risks. However, cyber insurance is not a “pay-and-forget” thing. To lower the risks that their customers will be breached, cyber insurance carriers are requiring them to comply with their own security standards, such as regular risk assessment and effective detection and response capabilities. This way, cyber insurance carriers contribute to the growth of security solutions that provide such functionalities. Finally, they force companies to cover security fundamentals and regularly reevaluate their IT risk programs and carrier’s policy changes to ensure adequate coverage, as insurance is not a panacea for a weak or inconsistent security programme.
[ymal]
The long view
It's safe to say that in the coming year, insurance and legislation will drive mass adoption on fundamental security practices for finance firms and teams. However, given the particular data pressures they face, financial services will be faced with a balancing act of meeting insurance criteria as well as complying with the regulatory standards themselves. While this may throw up some data management challenges, in the long run, it will certainly prove beneficial in helping financial services improve their cyber security posture.
Whether you are a new startup or you are an established business in your niche, taking the right approach to your small business accounting is crucial for the success of your enterprise moving forward. With the right financial data at your disposal, you can make better-informed decisions about the future of your business, assess your performance and adapt to changing trends with ease.
Failing to maintain proper financial records can cause your business all sorts of problems down the line. From delaying the receipt of payments to cash flow problems and issues with filing your taxes, poor financial management can quickly spell disaster for small businesses. To ensure that you stay in control of your business finances, it’s important that you adopt the right accounting habits this year to set your small business up for success in 2021.
Let’s take a closer look at five accounting habits you should adopt in 2021 to help you to stay in control of your business finances.
Maintain Proper Records
One of the most important accounting habits that any business owner can adopt is keeping good records. Keeping meticulous records will ensure that you keep track of all of your income expenses, that you get paid on time and that you have the financial information you need when reporting time rolls around. Having access to up-to-date and accurate financial data will also allow you to make better-informed business decisions going forward.
Seek Professional Advice
Business owners wear many hats, contributing to many aspects of the business. When it comes to managing your finances, you need to ensure that you have the right advice to help you keep your business on track. Seeking out professional financial advice will help you to gain a better understanding of your accounts and implement systems that will help you to manage your finances more efficiently.
[ymal]
Invest In The Right Tools
Modern cloud-based accounting programs can help you to manage your business accounts and meet your reporting obligations with ease. These powerful accounting solutions are capable of automating many of your financial recording and reporting tasks, giving you more time to focus on the daily tasks associated with running your business. Choosing the right accounting software to meet the needs of your business will allow you to manage your business accounting with more precision and confidence.
Remain Tax Compliant
As a business owner, you need to ensure that you meet your tax reporting obligations to the ATO. At the beginning of the financial year, be sure to enter all of your report due dates into a calendar or other organiser so you know what reports are required and when they are due. Taking an organised approach towards your business tax reporting obligations will ensure that you avoid incurring any penalties or fines which could hinder your business at tax time.
Monitor Your Expenses
Having a clear understanding of your business expenses is essential in planning for the future needs of your business. Being able to identify where you are overspending or where you are investing with little return will help you to make changes as required. Whether you will need to reduce your spending, seek financing or generate more income, monitoring your expenses closely is key in maintaining your profitability and having adequate cash flow to allow you to operate optimally.
Take The Right Approach To Your Business Accounting In 2021 And Beyond
Managing your business finances is a constant struggle for many business owners. With a new year beginning, now is the time to reassess your accounting habits and make positive changes going forward. Take the right approach to your business accounting in 2021 and adopt new accounting habits that will allow you to stay in control of your business finances and on track toward your financial targets.
Kris Sharma, Finance Sector Lead at Canonical - the publisher of Ubuntu - offers Finance Monthly his thoughts on APIs and how firms are already using them to enhance their services.
Cloud computing, big data analytics, artificial intelligence (AI), machine learning (ML), distributed ledger technology and process robotics are all playing a key role in reimagining financial services for a digital world. A growing number of financial institutions are drawing plans to adopt these technologies at scale as part of their digital transformation initiatives to accelerate financial data processing, deliver mass personalisation and increase operational efficiencies.
Most organisations currently deploy a complicated mix of technologies, legacy software platforms, applications, and processes to serve customers and business partners. On their digital journey, financial firms will have to integrate data, processes and business functionality from legacy systems of record to this set of new technologies. Many businesses have tried to adopt various transformation approaches such as re-platforming and re-hosting, direct integration between applications, rip and replace, and deploying middleware technology to deal with legacy systems and their integration with new technologies. But each of these approaches have their own drawbacks and can limit the adoption of new solutions within the constraints of legacy technology debt.
An evolutionary approach to digital finance, however, will unify information and data without the need to merge operational systems. Application programming interfaces, or APIs, can overcome the challenges involved with adopting new technologies and more innovative solutions while integrating with legacy run-the-business applications.
Where APIs become a core piece of the puzzle
APIs are increasingly playing a central role in digital finance. They essentially bind different parts of the financial value chain together, even though the underlying components may be based on different systems, technology, or supplied by different vendors. Using APIs, financial firms can securely share digital assets while masking backend complexity, integrating software applications and focusing on maximising their proprietary strengths by sharing data, systems, and functionality with customers, partners and developers. This in turn drives digital transformation without a complete overhaul of existing infrastructure.
Application programming interfaces, or APIs, can overcome the challenges involved with adopting new technologies and more innovative solutions while integrating with legacy run-the-business applications.
Since APIs are self-contained, they can be readily deployed and leveraged for innovation at speed, enabling financial institutions to introduce and integrate new features. When powered by the cloud, firms can develop, test and launch new services to customers quickly and cost-effectively, fuelling business growth. For example, insurance firms can make more timely offers by cross-selling home, auto and life policies. Financial institutions can leverage APIs to connect sources and use cloud computing to handle massive amounts of data, as well as AI and ML services live in the cloud, thereby analysing all this data faster and cheaper than they can on-premises.
Who is successfully using APIs?
Challenger bank Starling was designed and built completely on AWS cloud to deliver and scale infrastructure on demand. Additionally, by building a bank with open APIs from day one, Starling is natively compliant with the European Union’s Payment Services Directive (PSD2) directive.
According to ProgrammableWeb research, financial services is ranked highly in the fastest growing API categories, given the rise in digital forms of payment, an ever-increasing customer demand for connected solutions, and open banking initiatives. APIs are at the heart of the PSD2, the UK’s open banking mandate, as well as the Bank of Japan and the Monetary Authority of Singapore’s open banking initiatives.
Finastra’s Open Banking and collaboration: State of the nation survey 2020 finds that “86% of global banks surveyed are looking to use open APIs to enable Open Banking capabilities in the next 12 months”.
As APIs attract an ecosystem of developers, a financial API provider can encourage participation to fill go-to-market gaps and extend its services and data to new markets and use cases. Barclays is fostering collaboration and generation of new ideas through secure, innovative APIs. The Barclays API exchange has built an API library that is available for use by third parties to develop and test new products. Barclays and third-party developers work together to create, develop and test new product ideas before releasing them to the regular API catalogue. Similarly, Starling Bank provides a marketplace that enables developers to build their own products and integrations using its API.
[ymal]
Unleashing the potential
There is an opportunity for financial firms to leverage the power of APIs by bringing them together with digital technologies to broaden the possibilities for innovation and expand customer experiences. Financial institutions need to reimagine APIs as product offerings that will drive business expansion and increase revenues.
The future of digital finance will be driven by organisations building digital business models, redefining their API strategies and bringing new customer propositions to life using modern web architectures, best-in-class technologies and new ecosystems.
Rob May, Managing Director and founder of ramsac, looks at some emerging trends in cybercrime and how firms can best defend themselves.
Security, for financial clients, has had to adapt to many forms in the last decade. The most recent, and urgent, line of defence has come in response to the unexpected, novel threat of a global pandemic. But as more clients onboard their operations to digital platforms, that risk grows and becomes ever complicated. Remote operations, for example, opens a place of business to both insider attacks and outside ones.
While the financial service industry has always been one of the “most-breached sectors” (accounting for 35% of all data breaches), cyberattacks have become even more widespread and sophisticated during the global pandemic. This is, arguably, because operations have had to quickly onboard their business digitally. And, with new digital models, there are troubled spots, or weaknesses.
With more financial companies seeking to create new digital customer experiences, investing in a wealth of technology innovations, and working remotely, this could result in a new wave of extreme cyberattack scenarios leaving companies vulnerable to serious data breaches or worse.
To gain deeper insights and help guide financial companies in their decision-making when it comes to cybersecurity, we’ve rounded-up the emerging cyber threats, how they could evolve in the future, and solutions to address them during these challenging times.
Be Watchful of Malware
Cyber-risk management should be watchful and vigilant of the most common cyber-risks. Malware will breach systems and ransom, corrupt, or steal data. Even though it’s common, over the years, several US states and counties (including Texas) have observed a growing intelligence about how these attacks are delivered. One scenario noticed several malicious ransomware attacks at once, effectively a multiparty attack, reaching across jurisdictional boundaries to result in the first cybercrime event of its kind.
Cyber-risk management should be watchful and vigilant of the most common cyber-risks.
The solution, a suitable line of cyber-defence, would include early planning and preventive measures for multiparty attacks and disruptive threats. Oftentimes awareness is a helpful starting point. But defence and security measures alike need to anticipate more complicated, organized cybercrime as it becomes increasingly sophisticated.
For those in finance, a defence plan could include trial simulations to measure internal response times and mock scenarios to help security teams shape their reactions for real future attacks. Likewise, building cross-sector peers and contacts, can be helpful in organising a defence to a larger cyber-risk.
Misinformation Can Deceive
This has been one of the largest threats throughout COVID-19 and has rallied a shared, collective attempt to cull the flow of misinformation online. Many known bodies, including NASDAQ, have predicted a possible spike in market manipulation on the heels of COVID-19, where attention is split between a global pandemic response and economic recovery.
Misinformation can conflate what seems like harmless advice on stock investments, but is actually driving malicious activity. These disruptive attacks tend to prey on market volatility and flagging economic confidence. In the past, these attacks have been known to use fraudulence as sleight of hand to conflate stock values.
A reasoned solution to this issue would require financial firms to conduct extra due diligence and caution when navigating the market and instructing their clients on financial manoeuvres. As surface information could be corrupted, extra research and investigation can steer financial decisions away from malicious foul play.
Data Manipulations Are Disruptive
Traditionally, data was duplicated or destroyed. Whilst this was harmful to firms, the next evolutionary stage of cyber-crime, since the latter half of 2019, has moved onto data manipulation. There have been scenarios where data hacks can be twisted to manipulate or encrypt it. This has led to increased scrutiny for cloud security, which has known vulnerabilities.
[ymal]
Before onboarding new digital solutions for your business, ensure it can be securely bridged. New technologies can be helpful in expanding a business’s productivity, but this should be approached cautiously.
There are a range of emergent threats that result from cyber-risks. The best, more reasoned, solution is to prepare for cybercrime by having a prepared line of defence and the right security tools. The booming of digital businesses, and those migrating online, creates a greater urgency than ever to prepare security to handle a new universe of threats.
Tim Wakeford, VP for Financials Product Strategy at Workday, offers his insight to CFOs looking to lead their business back to strength.
After a year where organisations were forced to continuously change plans and rethink their approach to business recovery, the future is finally looking less turbulent, with a potential COVID-19 vaccine on the way. One fundamental transformation 2020 brought to businesses, however, will continue informing the next year. Leaders will be looking to the CFO for insights on the business and guidance to decide their next move.
If the early stages of the pandemic have taught us anything, it is that companies need good quality data to make faster decisions. The question is, what data-driven insights do CFOs have to provide companies to deliver the best response to persistent change?
It could be argued that all data is valuable. Nonetheless, CFOs must focus on three particular data-led insights to steer businesses to recovery. They need to provide visibility into working capital, empower other leaders with data, and manage investor expectations with scenario planning. In doing so, they will be in a strong position for success in 2021 and be able to guide the business through any challenges the future may bring.
Gain greater visibility into working capital
The first priority all CFOs have in common is being able to share real-time visibility over their business’ financial inflows and outflows in order to manage cash pressures. This is because many businesses have seen revenues plunge during the pandemic, which had a negative impact on cash flow. In fact, 94% of the Fortune 1000 are seeing coronavirus supply chain disruptions and facing the reality that they will need to become more agile in managing inventory. The disruption of the second wave is heightening financial pressures and will likely mean that CFOs have to reassess their budgets again and again. Without a real time view of working capital, moments of disruption can lead executives to make decisions in a panic. This could result in significant inventory spend with non-preferential suppliers, which in turn reduces the potential for savings from contractual discounts, and is common during turbulent times. Having a 360-degree view of the organisation’s working capital, however, can provide a better handle on spend management, optimising costs and overall efficiency. This will help leaders avoid risks that can set them back, and help them to accelerate recovery.
The first priority all CFOs have in common is being able to share real-time visibility over their business’ financial inflows and outflows in order to manage cash pressures.
Empower the organisation to make data-driven decisions
Getting the right data-led insights into the business to guide decisions can be challenging during a constant state of change. However data-driven insights are absolutely key in empowering decision-making — even during the best of times. Providing the right data, to the right people at the right time, can only be done by breaking down the data silos still present in many companies. A global Workday study revealed that out-of-date information and siloed teams are the biggest barriers to agile decision making. On the other hand, 80% of technology leaders from more agile companies stated that employees have access to timely and relevant data without gatekeepers blocking access to such information.
The challenge is that, as many businesses have grown and evolved they have accumulated different technologies — systems that are often placed together and lack smooth integration or a single pane view of what is happening in the organisation. CFOs whose businesses have reporting scattered across different data sources will find that it is much slower and harder to monitor performance, identify variances, and surface risk. This is why CFOs and finance teams have to consider investing in overhauling their technology stacks. Our customer Equiniti, for example, found that having all HR and financial data in the same cloud helped identify challenges and respective solutions with much more agility and confidence during the pandemic. This way, they were able to fix gaps quicker, without slowing their recovery plans.
Manage investor expectations with scenario planning
The uncertainty and volatility created by the pandemic has led to markets swinging back and forth. In turn, this creates pressure from investor communities and has served to highlight one of the biggest challenges organisations face — determining the long-term future of a business. In the current state of constant change, CFOs and their teams cannot underestimate the importance of taking a strategic approach to investor relations. Besides sharing earnings reports, it’s the CFO and its team’s role to offer constant reassurance to stakeholders by communicating how management teams are dealing with the crisis.
Therefore, when talking to investors, leaders have three choices: withdraw, revise, or reaffirm guidance. A recent Deloitte report revealed that more than half of CFOs from public companies have chosen to withdraw from providing guidance. Although understandable, this could signal that leaders are unsure of their company’s prospects and have a downward impact on stocks.
[ymal]
When faced with this lack of clarity, finance leaders must stay ahead of the curve and give invaluable insights to investors by undertaking scenario planning. Many of our customers are basing their entire recovery plans on multiple pictures of their budget using what-if scenarios, and it’s proven equally important for investor insights. CFOs can build scenarios to better understand what the future may look like in areas of particular interest to investors, such as covenants. Deploying these types of forward-looking processes will help businesses prove their stability, ensuring sustained recovery and emphasising their long-term objectives with clear metrics.
The strategic role of the CFO for business recovery
The pandemic has shifted the role of the financial office for good. Everyone – from HR and commercial teams to investors – are now looking to the CFO for guidance and to spearhead the business through upcoming disruption. Armed with the right insights, plans and tools, the CFO will be able to lead their organisation to a swift recovery and prepare the business to thrive, whatever the future holds.
With consumers these days growing extremely comfortable with digital channels and online buying experiences, B2B marketers are evaluating how their strategies fit into this new world.
Perhaps the most jarring aspect of this behavioral change has been reduced reliance on analyst research reports. A 2020 report by TrustRadius indicates that just 21% of B2B buyers rely on analyst reports.
Gartner's Magic Quadrant reports are an eagerly awaited and prestigious release every year. However, with the reduced reliance on research reports and increased trust placed on peer review platforms, are Gartner's reports even relevant anymore? The truth is that there isn't a clear yes or no answer.
Examining the facts through three key aspects of the B2B buyer's decision journey is instructive.
The Buyer's Journey
Business buyer journeys are getting more complex. Blog posts and other content assets are important first touchpoints, but company websites, social media conversations, product mentions, trade shows, video and audio content and sponsorships all play a major role in grabbing a consumer's attention at first.
Trustworthiness is the most important factor that consumers look to evaluate throughout their journey.
To this end, TrustRadius's report mentions that buyers use a company's website and product pages to determine how trustworthy they are. Furthermore, 87% of buyers want a self-service journey and do not want sales rep or marketing interference.
Trustworthiness is the most important factor that consumers look to evaluate throughout their journey.
This means that marketers have to adopt a soft-touch approach while maintaining consistent messaging throughout your channels.
Research reports and analyst mentions might not entirely help establish trust in a consumer's mind, but they do provide social proof. When a brand lands a favourable mention in one of Gartner's Magic Quadrant reports, the result is instant validation that the company is a major player in their space. Your company's categorisation in its quadrant quickly helps establish your specialty and nature in a consumer's mind.
However, increasingly, business buyers are looking beyond these factors. A company that doesn't allow consumers to self-service their journey through product trials is going to find itself out in the cold. An analyst mention isn't going to do the trick all by itself. You need to provide as much value and information as possible before you ever meet their clients face to face.
Credibility and Reviews
TrustPilot's report singles out product reviews and review content as the most important part of a B2B consumer's buying decision. It also highlights a disconnect between what companies focus on and what consumers want.
Most companies focus on their product's score instead of conversations around actual value and customer delight.
This is an important distinction to make. Secondary social conversation sites such as Twitter, Reddit and Quora offer tons of review content that users routinely review. These sites don't offer scores and can be ignored by B2B vendors. Review content performs the same function as a customer referral does, and this is why these secondary social websites are so powerful.
TrustRaidus's data highlights customer referrals as the most effective marketing tactic followed by personalized messages, online events and SEO. On the surface, it seems as if analyst reports have no major role to play in any of it. However, analyst mentions can augment many of these tactics. For example, a backlink from a high authority analyst website will boost your domain's authority considerably.
Sponsoring a research firm's online thought leadership event is an instant way to get your brand in front of thousands of potential clients. While it doesn't convey credibility all by itself, it helps your company occupy mind space and is one block in a larger picture.
It prompts consumers to conduct further research into you, and as long as you back it up with marketing that provides value, you'll engage and delight consumers.
Impartially Assess Industry Impact
Technology trends change quickly, and buyers often find themselves overwhelmed when tasked with keeping pace. Choosing a product that is behind its industry's direction could prove highly problematic, especially given that more sophisticated tech tools often involve extended onboarding processes and contractual lock-ins.
Gartner's MQR paints a quick picture for consumers that they can then use to conduct further research.
Gartner's report classifies companies as leaders, visionaries, niche players, and challengers. Buyers can choose their preferred vendors based on the challenges they're facing. For example, an enterprise that needs an end to end solution might be better served by a leader instead of a niche player. However, if their need is concentrated, a niche player might be a better fit.
[ymal]
Analyst reports also offer insight into the trends an industry can expect moving forward. Whether consumers choose to listen to them or not, the fact is that these reports play a critical role in determining which trends consumers pay attention to.
Positioning your product per these trends, with the characteristics of its relevant quadrant will raise your company's profile.
A Rounded Approach
The key as always is to adopt a well-rounded approach that supports your consumer's needs throughout their journey. Focusing solely on analyst reports, no matter how prestigious they are, is not a good strategy moving forward. Seek to provide value throughout the journey and avoid a PR-like approach at all costs.
Business software producer Salesforce.cmo agreed on Tuesday to purchase work-focused chat service Slack for $27.7 billion in one of the biggest tech mergers in recent years.
Marc Benioff, CEO of Salesforce, hailed the deal as a “match made in heaven.”
“Together, Salesforce and Slack will shape the future of enterprise software and transform the way everyone works in the all-digital, work-from-anywhere world,” he said in a statement. “I’m thrilled to welcome Slack to the Salesforce Ohana once the transaction closes.”
Stewart Butterfield, co-founder and CEO of Slack, also welcomed the acquisition: “Personally, I believe this is the most strategic combination in the history of software, and I can’t wait to get going.”
News that a potential purchasing agreement could be struck between the two companies emerged days ago, though details of the deal were not known until this week.
Aside from being the largest purchase Salesforce has ever made, the deal also represents a significant merger in the tech field as a whole, comparable with Microsoft’s $27 billion purchase of LinkedIn in 2016 and exceeded only by IBM’s $34 billion acquisition of Red Hat in 2018. Further, it provides Salesforce with the ability to integrate Slack with its Customer 360 product, creating new avenues for sales and marketing with Slack’s expanding customer base.
It also marks a new development in an ongoing feud with Microsoft, which has been competing with Slack using the Teams app included in Office 365. Teams utilises a number of the same features as Slack’s six-year-old application, and in July Slack filed a complaint in the European Union accusing Microsoft of illegally bundling Teams with its Office 365 suite in order to block its removal by customers who may prefer using Slack.
[ymal]
Microsoft’s software have also competed with several of Salesforce’s flagship products, having introduced a line of B2B tools aimed at helping other companies manage their relationships with customers.
Wedbush Securities analyst Dan Ives called the Slack acquisition a “now or never” purchase for the Salesforce CEO. “For Benioff, this is all about Microsoft,” he said.
