finance
monthly
Personal Finance. Money. Investing.
Contribute
Premium
Awards

Steve Cox, Head of Accountancy at IRIS Software Group, shares his thoughts on MTD and its implications with Finance Monthly.

HMRC’s prompt decision to delay the next phase of the making tax digital (MTD) rollout in 2020 due to the coronavirus was a welcome move. This now means any businesses who were expected to put digital links in place last year must have this done by the rapidly approaching deadline of April 2021.

Added to this, from April 2022, all VAT-registered businesses will be expected to file their tax returns digitally regardless of their turnover - which was a limitation in the previous phase. For many businesses, this requires a substantial amount of work if the bookkeeping is done manually, on paper records or even not at all, adding to their already full plates as they look to rebuild following the on-going challenges borne from the pandemic last year.

Accountants naturally have a critical role to play in supporting businesses through this next phase of MTD. So, it’s important to have a clear understanding of what needs to be done right now and how to make the transition as simple as possible for clients.

Actions to take now to meet MTD

The first port of call is to evaluate all clients who must comply with MTD before the phase 2 deadline, and review the MTD template built for the first phase. This will help establish a clear strategy of what each client needs to do. Accountants should then begin the transition preparation - communicating with clients about their exact financial positioning, workflow, filing and how to approach switching to digital records.

The first port of call is to evaluate all clients who must comply with MTD before the phase 2 deadline, and review the MTD template built for the first phase.

This is where it is important for accountants to think smart as MTD is a volume play - in both clients and data - when it comes rolling out across a large portion of their client base. One tool that is incredibly valuable and available from software providers, including IRIS, is record digitisation which enables anyone who needs to track receipts, capture photos and digitally process receipts, invoices, purchase orders and bank statements. The physical data automatically becomes a digital record and uploaded to a cloud-based platform, ready for accountants to review and compile VAT returns as required in their process. Such automation tools dramatically increases client efficiency and process productivity, while making life less stressful for accountants and business owners.

Through automation, such systems eliminate the time-consuming everyday chores, ensuring accountants can act smart and get more done. The majority of small business owners end up spending their personal time compiling their records from the week (or month) and would love to get this time back thanks to automation tools. In return, time saved chasing and reconciling client data frees up accountants to focus on client relationships and higher-value advisory services. It also rapidly improves communication speeds, transforming how accountants engage and connect with clients and prospects, ultimately helping them to retain and attract new clients.

Once accountants have successfully evaluated and prepared their clients for MTD and established a clear, proactive plan of action, they then need to make sure all clients have registered for an HMRC Agent Services Account, although proactive accountants could do this ahead of client evaluation. Once this is done, certain HMRC online services, including the MTD, VAT and income tax pilots can be accessed so business owners and accountants can work together to manage the transition efficiently; making it as simple as possible for both parties involved.

By using technology to gain instant access to accurate, real-time data well ahead of this year’s MTD deadline, accountants and business owners can be sure they’re in the best position possible to move forward with confidence.

Future-proofing for challenges ahead

Every client is different and will have their own way of managing their tax - some will have been using paper-based processes for years on end. So, it’s important to frame MTD in a way that isn’t complicated or confusing. Given the rapid digitisation of UK businesses over the last year to survive - and in some cases thrive - during the pandemic, businesses are more likely to be open to a digital records conversation than ever before.

[ymal]

Yes, the practical side of what’s required and expected with regards to MTD is essential to get right. But MTD is about more than mere compliance, it’s about looking to help future-proof businesses. This is a real opportunity to build relationships with clients on a personal level and move into that trusted advisory role.

Working with clients to lay out a clear roadmap of steps they should be taking ahead of the 2021 MTD deadline - as well as the April 2022 VAT rollout - will enable accountants to help their clients on a real-time basis. And ultimately be of more support to business owners looking to recuperate from the impact of the last year.

By digitising now and creating great efficiencies across the client’s business, accountants can take advantage of improved workflows, increasing productivity and working smarter and help their clients future-proof their business for good. Harnessing technology to streamline tax management and create a single view of the data for all financial records, means accountants will put their clients in the best position to move forward with confidence.

Finance Monthly hears from Wayne Parslow, Executive Vice President for EMEA at Validity, as he explores what the financial services sector stands to gain from better handling of its data.

Financial firms face an increasingly complex minefield of regulations when it comes to handling data. The sector has so many acronyms that it’s often difficult for a layperson to wrap their head around them. Unfortunately, finance companies don’t fare that much better, and can be overwhelmed by seemingly infinite customer data management requirements.

Whether it’s ensuring appropriate customer data storage under GDPR or securing payments processes under PSD2 and PCI-DSS, there’s a host of regulatory pressures for managing the financial customer relationship chain.

Regulatory bodies are certainly not toothless when it comes to enforcing punitive measures, either. At the end of 2020, the ICO issued fines to both OSL Financial Consultancy Limited and Pownall Marketing Limited for misusing personal data.

Data Management Difficulties

Ensuring data held by finance firms is accurate, up to date and, equally importantly, used appropriately is a shared goal for both the regulator and financial institutions. However, with the pressures put on financial firms by the pandemic, there’s a good chance that data management best practice has taken a back seat in favour of ensuring business continuity.

This is a misstep, as the two key fundamentals of data – data quality and data governance – should be tied into the basic operations of a financial services firm. With strong data foundations, financial services firms will be in a far stronger position to navigate the upcoming uncertainty of a post-pandemic world.

Ensuring data held by finance firms is accurate, up to date and, equally importantly, used appropriately is a shared goal for both the regulator and financial institutions.

Having data quality and governance work in concert to support one another does not simply ensure regulatory compliance, though. The value of data for driving successful business outcomes has already been proven, and businesses which employ a data-driven strategy are growing 30% year-on-year. Higher data quality also delivers stronger customer relationships and greater engagement.

Curating Quality

Data quality is not a once and done operation. For financial services in particular, it’s a complex, continuous network of processes and actions that must be continuously maintained as new data is collected, augmented and edited by the organisation.

First and foremost, a finance firm must take stock of the current state of its data. Given the rapid changes that have occurred over the past year, it’s essential to reassess data for accuracy, completeness, duplicates and inconsistencies. Firstly, data needs to be housed correctly so that it can be profiled accurately. Profiling their data enables financial organisations to ensure it is right for the business’s current needs, can be easily analysed and reported on, as well as being able to more easily check whether it is up to date.

Deduplication

A common barrier to data quality are duplicates. Many regulations require data to be up to date, and for customer data to be removed under certain circumstances (i.e. when a contract is terminated). Whilst a firm might believe it has done its due diligence under these circumstances, leaving duplicate data behind poses a significant compliance threat and risks inappropriate or even illegal communication. To have a consistent, complete view of its customer data, a financial firm must be proactive with the management of deduplication. It’s a simple yet effective process that can make a huge impact, but requires an investment in the appropriate tools.

Leaving duplicate data behind poses a significant compliance threat and risks inappropriate or even illegal communication.

Security and Enhancing Data

The end user is typically identified as the weakest link in the security chain, and many breaches reported to the ICO stem from simple user error, whereby an employee downloads a confidential document to a laptop which is then lost or stolen, for example.

With the move to remote working last year, many businesses wisely took the step to upskill their now remote workforces with additional security best practice training to help mitigate the additional cybersecurity risks.

Organisations can take additional steps to ensure errors that create vulnerabilities, such as the laptop example above. Employees will often adopt methods that help them get their jobs done most efficiently, even if these deviate from security best practice. Standardising data is a crucial step to enabling it to move through the organisation in the correct, and secure, way – regardless of location.

For example, if finance needs to produce reports based on the outgoings of a few different international teams, putting best practice standards in place as basic as how titles and regions are entered means this can be completed more efficiently, easily and securely across the board.

Alongside profiling, deduplication and process standardisation, verification needs to be a top priority, and should take place as data is collected. Using external sources, both prospect and existing client data should be verified (provided, of course, that consent has been given for these external sources to be used in this way). Enriching data in this way ensures finance firms get a better ROI from marketing and sales.

Adopting a Data Mindset

Data is constantly changing, and a continuous monitoring regime is the only way to keep track as it waxes and wanes. A simple way to keep up with the health of your data as it changes is to set up dashboards and alerts that track data quality automatically.

[ymal]

That said, it’s not just about technology. There’s no getting away from it – a comprehensive cross-functional approach is needed to implement a successful data governance programme. For finance firms, team members must be subject matter experts who understand the complex industry standards and regulations and know what to do if they don’t. Many finance organisations will already have an executive level representative responsible for company-wide data management, such as Chief Data Officer (CDO).

A core aspect of a CDO’s responsibilities should be simplifying processes with the help of the right technologies. However, it’s unlikely there’s a single tool that will do everything a financial organisation needs, and every governance strategy should be bespoke for the organisation that will follow it. Companies should be aiming for a “data quality by design” mindset, where the checks and processes that ensure top-quality data is maintained become second nature.

Simon Pamplin, technical director at Silver Peak, explores what public cloud is and what its implications are for financial services firms.

Adoption of cloud by financial institutions has risen dramatically over the past five to ten years. Yet this has largely been private cloud rather than the more flexible and scalable public cloud.

In January, however, European financial institutions formed the European Cloud User Coalition (ECUC) to drive public cloud adoption and ensure consistency and enforcement of security standards of cloud’s use. Allied Irish Bank, BAWAG Group, Belfius Bank, Commerzbank, Deutsche Börse, EFG Bank, Erste Group Bank, Euroclear, ING, KBC Bank, Swedbank and UniCredit have all signed up to the ECUC and are participating in the initiative.

This widespread push displays the desire for public cloud in the finance industry, and there are persuasive arguments for the transition from private to public. Although the desire is clearly there for greater use of public cloud, there are key factors that will determine the speed and success of this transition.

Public versus private: an industry ready to shift

The difference between public and private cloud is that, as the name suggests, private cloud is managed internally by an organisation – all the dedicated infrastructure, including the data centre, is managed by a single, owning organisation. Conversely, public cloud is offered to multiple companies by a public cloud provider that runs and maintains the supporting shared infrastructure.

That the finance industry has been cautious in its uptake of public cloud highlights the essential need for top security for banks and other financial service organisations. The industry in particular is subject to strict compliance legislation across Europe, and organisations may choose private clouds as a means to ensure they are indeed complying.

Adoption of cloud by financial institutions has risen dramatically over the past five to ten years.

Another issue is that of vendor lock-in, as companies may worry of their complex cloud infrastructures being guaranteed by a single cloud provider – this reliance can hurt market competition, as it prevents companies easily switching between vendors.

It is these concerns that the ECUC seeks to address by defining and communicating what requirements have to be met in Europe for public cloud to become a feasible option for financial organisations. There are, after all, some clear benefits.

The first and foremost benefit of transitioning to public cloud is cost. Supporting cloud infrastructure is an expensive and labour-intensive process – smaller, newer organisations in the industry may find the possibility of private cloud beyond their resources, especially given the stringent cybersecurity standards that the financial world requires.

Adding to this, public cloud providers do offer a top rate service uniquely tailored for organisations – they are excellent at what they do, and a multitenancy business model allows them to allocate resources in a distilled and highly efficient manner. By delegating cloud to an expert third party, finance organisations free themselves from the operational headaches of enterprise IT administration.

The network must facilitate financial public cloud use

A key criterion for the use of public cloud is that when implemented, financial organisations can be sure their data is safe. However, the secure use of public cloud services lies in infrastructure and vitally the wide-area network (WAN).

Before the public cloud transformation in the industry can advance, organisations must transform their networking infrastructure. In essence, traditional WAN architectures have been obsoleted by the cloud, and private cloud security can only be guaranteed through advanced WAN solutions, such as an SD-WAN.

[ymal]

The drive towards public cloud will enable the financial industry to enjoy its full benefits – greater accessibility, lower cost, and increased market competition. However, first, coordination with European public cloud providers and transformation of the organisational network must be accomplished to assure success.

It has caused a massive global economic shock that economists describe as three times worse than 2008’s financial crisis. Additionally, workforces are learning how to deliver services from outside their usual working environment. Andy Campbell, global solution evangelist at FinancialForce, shares his insight on the effect this is having and how firms can overcome their new difficulties.

Pre-pandemic, businesses were already facing external pressures to adapt. The transition to a services economy, and an increased expectation for high-quality customer experience moved the goal posts for many firms. This combination of external factors has necessitated companies to make changes on a scale and a rate never seen before. Those that fail to make the necessary changes run the risk of being left behind.

Many companies have started to adopt cloud-based systems to enhance specific business functions and processes, most notably in the front office. However, thus far they have been unable to combine all their activities in the cloud. While it is a step in the right direction to see this increased focus on process optimisation, organisations will keep suffering from inefficiencies until they unite around one overarching cloud strategy.

Broadly speaking, there are five key pain points that businesses must address in order to thrive in the future.

Antiquated and unreliable processes

There are many difficulties when it comes to operating a global enterprise. For instance, regional teams may have their own unique local capabilities and requirements. This results in individualised local tactical solutions being developed that run side-by-side with the systems that the company uses on a global scale.

Tensions often arise between the delivery level, where quick fixes take place, and the global level, where greater consistency is required. This disjointed approach to applications development results in inefficient business processes and centralised solutions that are antiquated, difficult to maintain and inflexible.

There are many difficulties when it comes to operating a global enterprise.

The speed of business change continues to increase and out-of-sync processes slow down a firm’s ability to respond. For example, a fragmented systems architecture usually compromises the quality and timeliness of data, causing decisions to be delayed as well as ill-informed. A united strategy is required to oversee the entire opportunity-through-delivery process.

Fragmented customer service

With businesses in all sectors becoming increasingly customer-focused, elevating customer experience should be central to decision making. Using spreadsheets and bolt-on custom-built software to oversee the delivery process is an inadequate approach. Such short-term solutions are limited in their effectiveness, and they also restrict an organisation’s ability to pivot when faced with changes to the needs of both the market and customers.

Nowadays, employees from across the business come together when working on projects, while instantaneous interactions with customers are required for success. By deploying a single system to oversee the whole opportunity-through-delivery process, an organisation can deliver cohesion and unity throughout the whole customer journey.

Separate data for front and back office

For many companies, the front and back office have not always seen eye-to-eye and when conflicts arise, it is often because of the different systems and processes they use. In an ideal world, the front and back office would combine their datasets, providing everyone with a consistent 360-degree view of the enterprise that includes customer, operational and financial data. However, the reality of the situation is that the front and back office are often siloed, meaning datasets are often nothing alike in terms of accuracy and detail. This has the potential to compromise decision making, hinder the growth of the business and limit the development of fresh new offerings.

By opening up the pathway for information to be shared between the front and back office, companies can align the data between the two and ensure that they are working in tandem, thus eliminating any obstacles to growth.

In an ideal world, the front and back office would combine their datasets, providing everyone with a consistent 360-degree view of the enterprise that includes customer, operational and financial data.

Lack of clarity in ongoing projects

Many organisations need to manage complex projects, with dispersed teams, and project managers who often have their own idiosyncratic means of monitoring progress. This results in employees completing their tasks ‘side systems’, which are invariably poorly integrated across the enterprise.

There are many problems associated with not having an organisation-wide view of ongoing activities, such as poor visibility of project progress, lack of clarity over resource availability and limited understanding of the true cost of project delivery.

Optimising the delivery of service projects, both internal and external, requires a robust platform for management and automation. The impact in terms of both resource utilisation and the effectiveness of project delivery are considerable and for any services business this can translate into significant competitive advantage.

Revenue leakage

Revenue leakage is a constant thorn in the side of many organisations and one of the major issues is that it can appear at so many points in the customer lifecycle. Additionally, if you’re not actively looking for revenue leakage it can go overlooked until it’s too late. Hence why it’s often referred to as a silent killer of businesses.

COVID-19 has exposed gaps in both existing systems and processes. Whilst individually these gaps may appear small, the combined effect in terms of lost revenue and reduced customer service can be considerable.

Issues with data entry and disconnected systems are just two of the many causes of revenue leakage and they typically result in process errors, duplications, reworks and delays. For those organisations that do not deploy a single integrated system to oversee business functions such as planning, producing, and selling, they run the risk of leaking revenue.

[ymal]

However, by utilising the right cloud solution, companies can seamlessly tie the front and back office together, balance real-time resource demand against resource capacity, forecast more effectively into the future, and deliver more predictable business growth. The pace of change is quickening, and in this services economy even the largest firms need to start becoming more flexible and agile.

Finance Monthly hears from Nic Sarginson, Principal Solutions Engineer at Yubico, on emerging trends in data security that may soon be coming to financial services.

This past year has prompted a rise in take-up of digital banking services. As people stayed at home they went online to work, shop, stay in touch and manage their money. While this shift to online banking presents an opportunity to service providers with a digital-first approach, it also presents a target for cybercriminals intent on profiting from data breaches and account takeovers. Banks and their customers are adapting to a new, remote, relationship; as they do, the strength of online security protection will become a greater talking point and, for some institutions, even a source of competitive advantage.

According to some reports, as many as six million people in the UK made the switch to digital banking in March/April last year. Customers setting up their accounts will have created a password/PIN to use with a user ID to gain access. This form of authentication will be familiar from other log-in services; what may be less so is the additional strong customer authentication (SCA) check, such as a one-time passcode generated by a card reader or sent as a text to a registered mobile phone.

Password weaknesses

This second line of defence is incredibly important for financial services, as passwords are notoriously weak at preventing bank account takeovers. Reused passwords render multiple accounts vulnerable should a data breach put this information into the hands of cybercriminals. Passwords can also be guessed with a range of common word and number combinations in use, and bank details are some of the most coveted data breach spoils.

Additional ID checks therefore boost security, but not all forms of stronger authentication are completely resistant to security threats. Mobile-based one-time codes that are so popular with banks, for example, can be vulnerable to SIM-swap and modern man-in-the-middle (MitM) and phishing attacks.

According to some reports, as many as six million people in the UK made the switch to digital banking in March/April last year.

During a MiTM attack the innocent party believes they are communicating with a legitimate organisation, such as their bank, but in reality information is being intercepted and relayed by a malicious third party. It isn’t easy to recognise this type of attack, even for the cyber savvy, as attackers create personalised and convincing communications to trick their targets. Routes in can include unprotected Wi-Fi and manipulated URLs.

In the more widely known phishing attack, people are tricked into parting with personal information such as login details. Phished credentials are then used to gain access to the user’s account and may be tried against other services as part of a multiple account takeover.

Managing the customer experience

For financial services, the strongest possible authentication to protect data and accounts does not always marry with the best customer experience. Each additional check can add time and frustration to the log-in experience, preventing customers from accessing their accounts whenever they want to – if, for example, they are in a mobile-restricted location.

Strong authentication therefore must meet the dual requirement of protecting account details and financial and personal information, while also providing a convenient, preferably frictionless, user experience. Added to that is another consideration - how simple it is to integrate additional authentication into back-end systems for both the existing product portfolio and future innovations. With the rate at which financial services are digitising, and payments moving cashless, this is a challenge most banks will find concerning. The finance industry is also faced with the critical need to ensure compliance with various industry regulations including GDPR, PCI DSS and PSD2 mandates that govern access to sensitive data.

Protecting corporate infrastructure

Financial institutions must also protect access to their own systems and applications. Here, the challenge is exacerbated by the fact that most banking infrastructures are a mix of legacy on-premise systems, and private or public cloud-hosted services. They must all be protected against unauthorised access, a challenge that has been heightened by the rapid transition to large-scale homeworking of the past year.

[ymal]

Finance teams and employees working from unfamiliar locations expand the potential attack surface with home networks and personal devices suddenly a part of a bank’s corporate IT estate. Seamless, convenient and high-assurance multi-factor authentication (MFA) must be in place to protect data and corporate assets so that employees can securely access systems remotely without introducing new risks and vulnerabilities.

Financial services are starting to embrace hardware-based tools such as security keys as a route to strong authentication, which protects business and customer data without inconveniencing increasingly impatient financial customers. When it comes to their financial data, users appreciate authentication devices being something they have, as opposed to something they know, to protect against phishing attacks. For customers, they provide protection for accounts, while in the corporate setting they can secure access to systems and applications. Whether tasked with upgrading a bank’s legacy infrastructure, or a new generation of fintech developers operating solely in the cloud, such an approach can offer seamless integration with operating systems, and conformance with global authentication standards.

If the finance industry is to effectively protect customers and customer data while providing the user experience that today’s consumers expect, they must look beyond basic protection methods to provide strong yet frictionless authentication. It’s shocking that social media accounts are often more secure than bank accounts as of today. Since consumers are increasingly exposed to better protection elsewhere, they'll soon be demanding the same security assurances for their bank account.

Philippe Alcoy, Security Technologies for NETSCOUT, describes the cybersecurity threat facing the financial services sector, the damage it has done and how it can best be safeguarded against.

In 2020, for the first time in history, the annual number of Distributed Denial-of-Service (DDoS) attacks exceeded 10 million. These attacks took place at greater frequency, speed, and strength, enabling attackers to knock out their targets faster than ever before. Now, NETSCOUT is seeing threat actors re-targeting companies who were previously able to prevent being attacked, focusing particularly on the finance industry.

Before looking at DDoS attacks in relation to the financial sector, it is important to understand what a DDoS attack is. DDoS attacks can be described as malicious attempts to make online services unavailable, which is achieved by overwhelming the service with traffic from multiple systems. The industries targeted by these attacks are wide-ranging, from telecommunications and eCommerce to finance and healthcare.

In 2020, the financial sector emerged as a prime target for cybercriminals. NETSCOUT observed that there were more DDoS attacks against the finance industry in the month of June than there were from January to May 2020. In fact, from June to August 2020, there were more attacks against the industry in this period than were seen in total between April 2016 and May 2020. There was also an increase in the speed of attacks that were taking place against the financial sector, with the total throughput of attacks increasing by roughly 4.5 times worldwide.

DDoS extortion campaign

This campaign of DDoS attacks targeting the finance industry was taking place worldwide, with banks, exchanges and other financial services organisations all being hit. But there was something unusual about these DDoS attacks: they were part of an extortion campaign. This involves extortionists demanding a payment via Bitcoin within a specified amount of time prior to or following a demonstration DDoS attack. In most scenarios, when the demands of the attackers aren’t met, the ensuing attack that was threatened does not end up taking place.

In 2020, for the first time in history, the annual number of Distributed Denial-of-Service (DDoS) attacks exceeded 10 million.

More recently however, NETSCOUT has discovered that the same attackers are returning to previous targets. The organisations that were successfully able to mitigate the first DDoS extortion attack are now being retargeted in follow-on attacks, months after the original attacks took place.

The impact of the campaign

The financial sector is a prime focus for this DDoS extortion series and the more recent retargeting campaign because they are perceived to have access to large amounts of money, as well as vast swathes of private data, making them an obvious target for those behind the campaign.

It should be noted that the attackers claim to be part of well-known attack groups, such as ‘Lazarus Group’, ‘Fancy Bear’, and ‘Armada Collective’ to try and boost their credibility and scare their targets into paying up. As such, NETSCOUT has given the attackers the nickname ‘Lazarus Bear Armada’ (LBA).

Unlike other threat actors, these LBA attackers have carried out extensive research into identifying the appropriate email inboxes that are regularly checked and used, to make sure their threats are read by the right people. The increased accuracy of the extortion emails has the potential to cause serious damage to those in the financial sector. It has the capability to disrupt a large number of services used by finance organisations, from online banking platforms and website access to internal systems that help the organisations to operate and fulfil the needs of customers.

A DDoS extortion campaign can lead to institutions losing a large amount of money, even without a ransom being paid, because the initial demonstration DDoS attack results in downtime for part of the company.

An indirect consequence of a DDoS extortion attack is the reputational damage that it can cause. For example, when financial organisations are hit by a DDoS attack, customers may be unable to access their money and financial information, and may feel put off or let down by the organisation not having the appropriate DDoS countermeasures in place.

[ymal]

In order to mitigate the risk posed by DDoS extortion campaigns, financial services organisations must have a solid plan of action in place. It is vital that when organisations are attacked, they know who to contact and notify. This should include key stakeholders, security providers and local regulators. Financial institutions should also learn from previous DDoS extortion campaigns that targeted the industry. For example, there are clear similarities between the DD4BC series of attacks that took place from 2014-2016, and the current extortion campaign, with both targeting the financial sector.

While a DDoS extortion attack can be devastating for those organisations in the financial services sector, providing they have the right protection and plan of action in place, the damage caused by the attack can be kept to a minimum.

Peter Ku, VP and Chief Financial Strategist for Informatica, outlines the challenges posed by the transition and how firms can turn them into opportunities.

The London Interbank Offered Rate (LIBOR) underpins some $240 trillion in financial contracts, and with just 11 months to go until the move to risk free rates, Sterling Over Night Indexed Average (SONIA), financial services firms are under pressure to finalise this complex change programme.

Widely considered one of the biggest transformation programmes undertaken by modern financial services firms, the shift away from LIBOR is a complex business challenge which impacts teams across the business. Failure to adequately prepare represents significant operational risk. Why? Because at the heart of it all is data – what is it, where is it, how is it connected, governed, and made available to the business. Board level committees, cross-functional teams and significant resources have been dedicated to managing this intensive and – at times – painful process. However, it’s not all imposition; there are meaningful upsides to having trusted, governed and relevant data, shifting it from tool to strategic business asset.

The Road Ahead

The Bank of England recently published an updated 2021 Roadmap, outlining key milestones that need to be met in order to prepare for the LIBOR transition. It suggests that by the end of Q1 2021, organisations will have completed the identification of all legacy LIBOR contracts. For banks that have hundreds of systems – each with thousands of indexes – locating and tracking the lineage of this data across all systems is a mammoth task.

After completing the LIBOR data inventory, firms can begin conducting an impact analysis on all existing LIBOR contracts. This is a crucial, in-depth exercise covering a number of areas. What will the financial impact be of switching from LIBOR to SONIA? What is the market, operational, credit and reputational risk? Data quality is paramount to being able to perform accurate analysis and in turn manage risk. It’s important to keep in mind that a change of a single data point will impact multiple systems and, in most cases, hundreds of reports. Therefore, having confidence that the data is accurate and trusted is essential. Finance and accounting teams will need to update risk and valuation models once the risk exposure is identified. These include valuation models, pricing future revenue streams and how those impact daily, monthly and annual reporting.

What will the financial impact be of switching from LIBOR to SONIA? What is the market, operational, credit and reputational risk?

Alongside this work, legal and compliance teams will be working to review and replace fall back language in LIBOR contracts which expire in 2022 and beyond. The roadmap published by the Bank of England working group suggests that firms complete these conversions by the end of September 2021. The success of this maps back to the data inventory, and whether teams are able to determine which systems service which contracts, and adequately address corrupt data.

The singular thread through it all, whether it be those managed by legal and compliance, finance and accounting, or risk management, is a dependency on data that is good for use. Unfortunately, many organisations today still struggle with data quality. There are instances where the correct data just isn’t available, or it’s unclear where the data is located or how it is connected to other indexes. This is a continuous work in progress but the conversion from LIBOR to SONIA is undoubtably driving improvements in the automation and scale of existing data governance projects.

Operationalising Data Governance

The LIBOR transition may be a landmark one, but it certainly won’t be the last challenge for the financial sector, which will continue to face increasing market pressures fuelled by rapidly emerging technologies, global interconnectedness, changing economic and jurisdictional factors, and consumer demands. It is the adoption of cloud-based technologies and steady foundation of intelligent data governance that will deliver sustainability, resilience and efficiency moving forward.

As Chief Data Officers round out these gargantuan programmes, a continued focus on two core areas will accelerate the shift of data governance from an IT-centric discipline to a core business function that empowers all within the organisation to be more data-driven.

First, there needs to be a continued focus on resolving data quality issues. Data quality management should be proactive, measured, monitored, and communicated across all data stakeholders from data engineers, analysts, stewards to executive business decision makers. This will ensure data quality management is transparent, predictable and measurable.

[ymal]

Secondly, users need to leverage tools and technologies to make data governance processes more automated and agile. AI-driven data governance solutions can operationalise data governance by decentralising data stewardship and enabling self-service stewardship to reduce the cost to the business, while still allowing data governance to scale.

Data is the new currency of financial services firms. Forward-thinking organisations will view the overhaul required to move away from LIBOR as a stepping stone to turn data management challenges into opportunities.

Ilia Sotnikov, VP of Product Management at Netwrix, looks at the state of cybersecurity in financial services and the external factors that drive it forward in 2021.

The past year has required financial teams and organisations to review many of their technical processes, especially as employees were forced to work remotely almost overnight. Research shows that 30% of financial organisations feel they are now at greater cybersecurity risk now than they were pre-pandemic. The majority (64%) are concerned about both more frequent cyberattacks and the security gaps caused by remote work – but despite this increased concern about malicious activity, the most reported incidents for financial firms involved human errors.

As a result, 2021 will certainly see financial organisations reassessing their data security policies to be fit for purpose in a post-pandemic digital world. However, given the wide range of financial services emerging, financial organisations today are on very different security maturity levels. Some have consistent ongoing risk management, established processes and dedicated IT security teams. Others just expect IT operations to handle security as part-time assignment. Many financial organisations from the less technically mature side of the spectrum or still heavily rely on legacy systems simply don’t have internal motivation to adopt better security practices.

External pressures for financial services

The good news is that moving into 2021, these organisations will be driven to increase security maturity by external factors: cyber insurance and privacy regulations. With 2021 bringing both new privacy laws and stricter enforcement of existing regulations to minimise the risk of incurring steep fines for compliance failures, businesses will turn to cyber insurance.

The bad news is those policies will come with their own security standards and requirements, such as regular risk assessment and effective detection and response capabilities.

Many financial organisations from the less technically mature side of the spectrum or still heavily rely on legacy systems simply don’t have internal motivation to adopt better security practices.

In 2020, many privacy-related bills were pushed down in priority due to more urgent tasks related to global pandemic. However, this isn’t an issue that will go away. Any British or European businesses that deal with local or international markets have to comply with GDPR – and with Twitter’s recent fine of approximately €500,000 for failing to promptly declare and properly document a data breach marking the first cross-border GDPR ruling, there will be a renewed vigour in the finance industry to ensure compliance. Furthermore, payments-related legislation such as PCI-DSS and PSD2 will face further strains given that a huge consequence of the pandemic has catalysing the move of payments becoming cashless.

A balancing act to compliance and security

This renewed focus on privacy laws require financial organisations to pay more attention to what data they have on hands, how they handle this data, and who is accessing it and why. Failing to document this or to follow documented policies can result in significant fines in case of consumer complaints or a data breach. This may force finance firms to adopt security and data governance practices they did not have in place this year.

The other driving factor for financial firms to revamp their data security measures is cyber insurance. The cyber insurance market is growing rapidly at an impressive 26% CAGR. This growth is fueled by the surge in cyberattacks and businesses seeking to offset their risks, and executives and board members recognising potential breaches or ransomware threats as business risks.

Finance companies are more likely to turn to insurance as an option to deal with the potential cost of these new risks. However, cyber insurance is not a “pay-and-forget” thing. To lower the risks that their customers will be breached, cyber insurance carriers are requiring them to comply with their own security standards, such as regular risk assessment and effective detection and response capabilities. This way, cyber insurance carriers contribute to the growth of security solutions that provide such functionalities. Finally, they force companies to cover security fundamentals and regularly reevaluate their IT risk programs and carrier’s policy changes to ensure adequate coverage, as insurance is not a panacea for a weak or inconsistent security programme.

[ymal]

The long view

It's safe to say that in the coming year, insurance and legislation will drive mass adoption on fundamental security practices for finance firms and teams. However, given the particular data pressures they face, financial services will be faced with a balancing act of meeting insurance criteria as well as complying with the regulatory standards themselves. While this may throw up some data management challenges, in the long run, it will certainly prove beneficial in helping financial services improve their cyber security posture.

Whether you are a new startup or you are an established business in your niche, taking the right approach to your small business accounting is crucial for the success of your enterprise moving forward. With the right financial data at your disposal, you can make better-informed decisions about the future of your business, assess your performance and adapt to changing trends with ease. 

Failing to maintain proper financial records can cause your business all sorts of problems down the line. From delaying the receipt of payments to cash flow problems and issues with filing your taxes, poor financial management can quickly spell disaster for small businesses. To ensure that you stay in control of your business finances, it’s important that you adopt the right accounting habits this year to set your small business up for success in 2021. 

Let’s take a closer look at five accounting habits you should adopt in 2021 to help you to stay in control of your business finances. 

Maintain Proper Records

One of the most important accounting habits that any business owner can adopt is keeping good records. Keeping meticulous records will ensure that you keep track of all of your income expenses, that you get paid on time and that you have the financial information you need when reporting time rolls around. Having access to up-to-date and accurate financial data will also allow you to make better-informed business decisions going forward.

Seek Professional Advice

Business owners wear many hats, contributing to many aspects of the business. When it comes to managing your finances, you need to ensure that you have the right advice to help you keep your business on track. Seeking out professional financial advice will help you to gain a better understanding of your accounts and implement systems that will help you to manage your finances more efficiently. 

[ymal]

Invest In The Right Tools

Modern cloud-based accounting programs can help you to manage your business accounts and meet your reporting obligations with ease. These powerful accounting solutions are capable of automating many of your financial recording and reporting tasks, giving you more time to focus on the daily tasks associated with running your business. Choosing the right accounting software to meet the needs of your business will allow you to manage your business accounting with more precision and confidence.

Remain Tax Compliant

As a business owner, you need to ensure that you meet your tax reporting obligations to the ATO. At the beginning of the financial year, be sure to enter all of your report due dates into a calendar or other organiser so you know what reports are required and when they are due. Taking an organised approach towards your business tax reporting obligations will ensure that you avoid incurring any penalties or fines which could hinder your business at tax time. 

Monitor Your Expenses

Having a clear understanding of your business expenses is essential in planning for the future needs of your business. Being able to identify where you are overspending or where you are investing with little return will help you to make changes as required. Whether you will need to reduce your spending, seek financing or generate more income, monitoring your expenses closely is key in maintaining your profitability and having adequate cash flow to allow you to operate optimally.

Take The Right Approach To Your Business Accounting In 2021 And Beyond

Managing your business finances is a constant struggle for many business owners. With a new year beginning, now is the time to reassess your accounting habits and make positive changes going forward. Take the right approach to your business accounting in 2021 and adopt new accounting habits that will allow you to stay in control of your business finances and on track toward your financial targets.

Kris Sharma, Finance Sector Lead at Canonical - the publisher of Ubuntu - offers Finance Monthly his thoughts on  APIs and how firms are already using them to enhance their services.

Cloud computing, big data analytics, artificial intelligence (AI), machine learning (ML), distributed ledger technology and process robotics are all playing a key role in reimagining financial services for a digital world. A growing number of financial institutions are drawing plans to adopt these technologies at scale as part of their digital transformation initiatives to accelerate financial data processing, deliver mass personalisation and increase operational efficiencies.

Most organisations currently deploy a complicated mix of technologies, legacy software platforms, applications, and processes to serve customers and business partners. On their digital journey, financial firms will have to integrate data, processes and business functionality from legacy systems of record to this set of new technologies. Many businesses have tried to adopt various transformation approaches such as re-platforming and re-hosting, direct integration between applications, rip and replace, and deploying middleware technology to deal with legacy systems and their integration with new technologies. But each of these approaches have their own drawbacks and can limit the adoption of new solutions within the constraints of legacy technology debt.

An evolutionary approach to digital finance, however, will unify information and data without the need to merge operational systems. Application programming interfaces, or APIs, can overcome the challenges involved with adopting new technologies and more innovative solutions while integrating with legacy run-the-business applications.

Where APIs become a core piece of the puzzle

APIs are increasingly playing a central role in digital finance. They essentially bind different parts of the financial value chain together, even though the underlying components may be based on different systems, technology, or supplied by different vendors. Using APIs, financial firms can securely share digital assets while masking backend complexity, integrating software applications and focusing on maximising their proprietary strengths by sharing data, systems, and functionality with customers, partners and developers. This in turn drives digital transformation without a complete overhaul of existing infrastructure.

Application programming interfaces, or APIs, can overcome the challenges involved with adopting new technologies and more innovative solutions while integrating with legacy run-the-business applications.

Since APIs are self-contained, they can be readily deployed and leveraged for innovation at speed, enabling financial institutions to introduce and integrate new features. When powered by the cloud, firms can develop, test and launch new services to customers quickly and cost-effectively, fuelling business growth. For example, insurance firms can make more timely offers by cross-selling home, auto and life policies. Financial institutions can leverage APIs to connect sources and use cloud computing to handle massive amounts of data, as well as AI and ML services live in the cloud, thereby analysing all this data faster and cheaper than they can on-premises.

Who is successfully using APIs?

Challenger bank Starling was designed and built completely on AWS cloud to deliver and scale infrastructure on demand. Additionally, by building a bank with open APIs from day one, Starling is natively compliant with the European Union’s Payment Services Directive (PSD2) directive.

According to ProgrammableWeb research, financial services is ranked highly in the fastest growing API categories, given the rise in digital forms of payment, an ever-increasing customer demand for connected solutions, and open banking initiatives. APIs are at the heart of the PSD2, the UK’s open banking mandate, as well as the Bank of Japan and the Monetary Authority of Singapore’s open banking initiatives.

Finastra’s Open Banking and collaboration: State of the nation survey 2020 finds that “86% of global banks surveyed are looking to use open APIs to enable Open Banking capabilities in the next 12 months”.

As APIs attract an ecosystem of developers, a financial API provider can encourage participation to fill go-to-market gaps and extend its services and data to new markets and use cases. Barclays is fostering collaboration and generation of new ideas through secure, innovative APIs. The Barclays API exchange has built an API library that is available for use by third parties to develop and test new products. Barclays and third-party developers work together to create, develop and test new product ideas before releasing them to the regular API catalogue. Similarly, Starling Bank provides a marketplace that enables developers to build their own products and integrations using its API.

[ymal]

Unleashing the potential

There is an opportunity for financial firms to leverage the power of APIs by bringing them together with digital technologies to broaden the possibilities for innovation and expand customer experiences. Financial institutions need to reimagine APIs as product offerings that will drive business expansion and increase revenues.

The future of digital finance will be driven by organisations building digital business models, redefining their API strategies and bringing new customer propositions to life using modern web architectures, best-in-class technologies and new ecosystems.

Rob May, Managing Director and founder of ramsaclooks at some emerging trends in cybercrime and how firms can  best defend themselves.

Security, for financial clients, has had to adapt to many forms in the last decade. The most recent, and urgent, line of defence has come in response to the unexpected, novel threat of a global pandemic. But as more clients onboard their operations to digital platforms, that risk grows and becomes ever complicated. Remote operations, for example, opens a place of business to both insider attacks and outside ones.

While the financial service industry has always been one of the “most-breached sectors” (accounting for 35% of all data breaches), cyberattacks have become even more widespread and sophisticated during the global pandemic. This is, arguably, because operations have had to quickly onboard their business digitally. And, with new digital models, there are troubled spots, or weaknesses.

With more financial companies seeking to create new digital customer experiences, investing in a wealth of technology innovations, and working remotely, this could result in a new wave of extreme cyberattack scenarios leaving companies vulnerable to serious data breaches or worse.

To gain deeper insights and help guide financial companies in their decision-making when it comes to cybersecurity, we’ve rounded-up the emerging cyber threats, how they could evolve in the future, and solutions to address them during these challenging times.

Be Watchful of Malware

Cyber-risk management should be watchful and vigilant of the most common cyber-risks. Malware will  breach systems and ransom, corrupt, or steal data. Even though it’s common, over the years, several US states and counties (including Texas) have observed a growing intelligence about how these attacks are delivered. One scenario noticed several malicious ransomware attacks at once, effectively a multiparty attack, reaching across jurisdictional boundaries to result in the first cybercrime event of its kind.

Cyber-risk management should be watchful and vigilant of the most common cyber-risks.

The solution, a suitable line of cyber-defence, would include early planning and preventive measures for multiparty attacks and disruptive threats. Oftentimes awareness is a helpful starting point. But defence and security measures alike need to anticipate more complicated, organized cybercrime as it becomes increasingly sophisticated.

For those in finance, a defence plan could include trial simulations to measure internal response times and mock scenarios to help security teams shape their reactions for real future attacks. Likewise, building cross-sector peers and contacts, can be helpful in organising a defence to a larger cyber-risk.

Misinformation Can Deceive

This has been one of the largest threats throughout COVID-19 and has rallied a shared, collective attempt to cull the flow of misinformation online. Many known bodies, including NASDAQ, have predicted a possible spike in market manipulation on the heels of COVID-19, where attention is split between a global pandemic response and economic recovery.

Misinformation can conflate what seems like harmless advice on stock investments, but is actually driving malicious activity. These disruptive attacks tend to prey on market volatility and flagging economic confidence. In the past, these attacks have been known to use fraudulence as sleight of hand to conflate stock values.

A reasoned solution to this issue would require financial firms to conduct extra due diligence and caution when navigating the market and instructing their clients on financial manoeuvres. As surface information could be corrupted, extra research and investigation can steer financial decisions away from malicious foul play.

Data Manipulations Are Disruptive

Traditionally, data was duplicated or destroyed. Whilst this was harmful to firms, the next evolutionary stage of cyber-crime, since the latter half of 2019, has moved onto data manipulation. There have been scenarios where data hacks can be twisted to manipulate or encrypt it. This has led to increased scrutiny for cloud security, which has known vulnerabilities.

[ymal]

Before onboarding new digital solutions for your business, ensure it can be securely bridged. New technologies can be helpful in expanding a business’s productivity, but this should be approached cautiously.

There are a range of emergent threats that result from cyber-risks. The best, more reasoned, solution is to prepare for cybercrime by having a prepared line of defence and the right security tools. The booming of digital businesses, and those migrating online, creates a greater urgency than ever to prepare security to handle a new universe of threats.

Tim Wakeford, VP for Financials Product Strategy at Workday, offers his insight to CFOs looking to lead their business back to strength.

After a year where organisations were forced to continuously change plans and rethink their approach to business recovery, the future is finally looking less turbulent, with a potential COVID-19 vaccine on the way. One fundamental transformation 2020 brought to businesses, however, will continue informing the next year. Leaders will be looking to the CFO for insights on the business and guidance to decide their next move.

If the early stages of the pandemic have taught us anything, it is that companies need good quality data to make faster decisions. The question is, what data-driven insights do CFOs have to provide companies to deliver the best response to persistent change?

It could be argued that all data is valuable. Nonetheless, CFOs must focus on three particular data-led insights to steer businesses to recovery. They need to provide visibility into working capital, empower other leaders with data, and manage investor expectations with scenario planning. In doing so, they will be in a strong position for success in 2021 and be able to guide the business through any challenges the future may bring.

Gain greater visibility into working capital

The first priority all CFOs have in common is being able to share real-time visibility over their business’ financial inflows and outflows in order to manage cash pressures. This is because many businesses have seen revenues plunge during the pandemic, which had a negative impact on cash flow. In fact, 94% of the Fortune 1000 are seeing coronavirus supply chain disruptions and facing the reality that they will need to become more agile in managing inventory. The disruption of the second wave is heightening financial pressures and will likely mean that CFOs have to reassess their budgets again and again. Without a real time view of working capital, moments of disruption can lead executives to make decisions in a panic. This could result in significant inventory spend with non-preferential suppliers, which in turn reduces the potential for savings from contractual discounts, and is common during turbulent times. Having a 360-degree view of the organisation’s working capital, however, can provide a better handle on spend management, optimising costs and overall efficiency. This will help leaders avoid risks that can set them back, and help them to accelerate recovery.

The first priority all CFOs have in common is being able to share real-time visibility over their business’ financial inflows and outflows in order to manage cash pressures.

Empower the organisation to make data-driven decisions

Getting the right data-led insights into the business to guide decisions can be challenging during a constant state of change. However data-driven insights are absolutely key in empowering decision-making — even during the best of times. Providing the right data, to the right people at the right time, can only be done by breaking down the data silos still present in many companies. A global Workday study revealed that out-of-date information and siloed teams are the biggest barriers to agile decision making. On the other hand, 80% of technology leaders from more agile companies stated that employees have access to timely and relevant data without gatekeepers blocking access to such information.

The challenge is that, as many businesses have grown and evolved they have accumulated different technologies — systems that are often placed together and lack smooth integration or a single pane view of what is happening in the organisation. CFOs whose businesses have reporting scattered across different data sources will find that it is much slower and harder to monitor performance, identify variances, and surface risk. This is why CFOs and finance teams have to consider investing in overhauling their technology stacks. Our customer Equiniti, for example, found that having all HR and financial data in the same cloud helped identify challenges and respective solutions with much more agility and confidence during the pandemic. This way, they were able to fix gaps quicker, without slowing their recovery plans.

Manage investor expectations with scenario planning

The uncertainty and volatility created by the pandemic has led to markets swinging back and forth. In turn, this creates pressure from investor communities and has served to highlight one of the biggest challenges organisations face — determining the long-term future of a business. In the current state of constant change, CFOs and their teams cannot underestimate the importance of taking a strategic approach to investor relations. Besides sharing earnings reports, it’s the CFO and its team’s role to offer constant reassurance to stakeholders by communicating how management teams are dealing with the crisis.

Therefore, when talking to investors, leaders have three choices: withdraw, revise, or reaffirm guidance. A recent Deloitte report revealed that more than half of CFOs from public companies have chosen to withdraw from providing guidance. Although understandable, this could signal that leaders are unsure of their company’s prospects and have a downward impact on stocks.

[ymal]

When faced with this lack of clarity, finance leaders must stay ahead of the curve and give invaluable insights to investors by undertaking scenario planning. Many of our customers are basing their entire recovery plans on multiple pictures of their budget using what-if scenarios, and it’s proven equally important for investor insights. CFOs can build scenarios to better understand what the future may look like in areas of particular interest to investors, such as covenants. Deploying these types of forward-looking processes will help businesses prove their stability, ensuring sustained recovery and emphasising their long-term objectives with clear metrics.

The strategic role of the CFO for business recovery

The pandemic has shifted the role of the financial office for good. Everyone – from HR and commercial teams to investors – are now looking to the CFO for guidance and to spearhead the business through upcoming disruption. Armed with the right insights, plans and tools, the CFO will be able to lead their organisation to a swift recovery and prepare the business to thrive, whatever the future holds.

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free weekly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every week.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram