Major players such as HSBC and JPMorgan are already leading the way in adopting the technology, with the latter’s report, Opportunities in the Metaverse, estimating that the metaverse poses a market opportunity of $1trn in annual revenue.

Creating world-class digital experiences

As organisations look to the future, having a metaverse presence has the potential to not only create virtual environments for staff and customers, but provide new ways to analyse trends, as well as extend digital operations into areas like cryptocurrencies, and generally provide a more immersive customer experience.

Although it has existed in some shape or form for more than two decades, the metaverse is finally becoming mainstream. Gartner predicts that in the next four years, one in four people will spend at least an hour a day in the metaverse, performing a range of tasks and activities from shopping and socialising to attending work events and distance learning. With leading tech companies like Meta (previously Facebook, Inc.), Google and Microsoft investing billions of dollars into the technology, there is no denying that it has the potential to revolutionise the way that companies engage and communicate with customers much like social media has over the past two decades.

As our lives moved online during the pandemic, the way we consume digital services like mobile banking or online shopping changed. As consumers, we don’t just compare digital experiences between competitors – but to the last great digital experience that we had; be that on our favourite fashion brand’s app or speaking with a virtual representative from our bank. Customers are demanding new ways to engage and bridging the gap between physical and virtual worlds could, therefore, help firms attract new, digitally native customers, as well as embrace and integrate new products like ‘metaverse mortgages’ and NFTs.

However, FSI providers face challenges when it comes to balancing these digital ambitions with the reality of their complex hybrid IT environments and modernising their decades-old legacy environments.

Balancing agility and governance

Despite a real willingness from banks to accelerate the pace of digital change, this often adds to the proliferation of homegrown and third-party technologies, platforms, systems, and environments. To keep up with the pace of change, banks created DevOps-led product teams with the mandate to ‘go fast and break things. Often, these teams are siloed from the I&O (Infrastructure & Operations) teams who are responsible for ensuring that the infrastructure these new products and services are delivered on is secure, compliant, and safe, but this approach is often not agile enough to meet developer’s needs.

This wall between DevOps and I&O is a barrier to the agility and resilience needed to achieve digital ambitions.

IT now, more than ever, must be service-oriented rather than infrastructure-oriented. I&O teams should modernise their approach to IT service management (ITSM) and become the brokers who enable and govern services across these complex hybrid IT environments. This means bringing together Platform Ops, Cloud Ops, and SRE (Site Reliability Engineers) to form a modern I&O function which supports and collaborates with its Product cousins and provides them with well-governed self-service environments in which they can innovate.

Automation for really complex IT environments

Essentially, to embrace new digital experiences, banks and FS organisations must adopt service-oriented orchestration and think about how they can move towards environment-as-code.

Environment-as-code elevates infrastructure-as-code to connect Product teams with I&O teams, prioritising both developer agility and governance and allowing them to deliver, manage and orchestrate environments, platforms, and services rapidly, reliably, resiliently and at scale. It can be achieved with automation tools that can deliver full lifecycle orchestration for any application, in any environment and at scale and which provide the centralised control plane required for good governance and compliance.

World-class digital experiences are built on these resilient and secure environments, and this approach can also free up developer time to focus on delivering innovative new services and products - such as those in the metaverse. It will be interesting to see how banks, FS firms and insurers move forward with plans to adopt metaverse technology and not get left behind by their competitors.

Below Simon Kenny, CEO of Hoptroff, explains that traceable time is not something you can just install and forget, but must be carefully integrated so that it maintains fully traceable time across all the servers the regulations require.

We have learnt that the challenge is not so much about installing traceable time, but more about adapting traceable time so it works within an existing infrastructure without interfering with performance. Many variations on solutions have therefore been installed, often based on different interpretations of what the regulators require. So the solution adopted by one enterprise might not work at all for another or even offer useful precedents on how to solve the problem.

The FCA is seeing the results of this fragmented development process. It has noted in its bulletins that it is finding that many companies have timing irregularities in their data records. However, it has not moved aggressively to generally enforce the timing regulations, preferring instead to give companies more time to find a compliance solution that works with their existing systems. But this position can only be sustained for so long.

Traceable timing was introduced because data records on automated transactions were unreliable and could not be used to reconstruct transactions after the event accurately. If market participants are to be able to trust reported outcomes from automated systems and have confidence in the market, then sequence and interval in event records need to be verified.

Traceable timing was introduced because data records on automated transactions were unreliable and could not be used to reconstruct transactions after the event accurately.

There might not be a simple solution everyone can acquire and install 'off the shelf', but traceable timing compliance is getting easier. Network connectivity providers such as BT are beginning to offer traceable time as a network service, where companies do not need to buy and integrate additional hardware.

Traceable time synchronization is done in software, using connections to cloud grandmaster clocks to provide trusted time sources. As this method gains adoption, the FCA will be less patient with bespoke timing solutions that do not produce the reliable records they need to regulate market practices.

This work being done by financial services will potentially become important in other industries that use widely distributed automated systems to conduct trading. The Information Commissioners Office (ICO) in the UK is currently conducting a review of the Real Time Buying (RTB) process in the digital advertising industry. This is the process through which a personally targeted advertisement is marketed, sold and provisioned in the interval between when you click on a particular website page and the advertisement actually appearing. It takes milliseconds, but can involve hundreds of third parties, all of whom get access to the personal information of the user as part of the process. However, under the terms of the General Data Protection Act (GDPR), that information is supposed to be under the control of the publisher, who has the permission to use it, not multiple unidentified third parties who don’t have direct permission. If the ICO wants to track this “data leakage,” so it can protect personal data then the work done by the financial services industry to create traceable records using synchronized time could be invaluable.

[ymal]

Similarly, the online gambling industry uses fast, automated systems to offer and adjust betting odds on different outcomes in sporting events. In this process the precise sequence and intervals between events are important; if a user bets 'in-play' during a football match that a penalty will be given, and at that precise moment of making the bet a foul is committed which is then given as a penalty, the timing of events, and how they are recorded, will determine whether the bet is accepted. Did the bet happen in time? What mattered? When did the user pressed send, or when did the bet hit the platform server? The UK gambling commission is regularly being asked to look at disputes when gambling companies reject bets that would have won had they been accepted. If all the parties in the chain had traceable time to confirm the sequence and interval between events, disputes could be settled more quickly and much more cost effectively.

There are no traceable timing requirements in the digital advertising market, or in online gambling at present, but both have a need for traceable data records to underpin market confidence in non-transparent automated systems. The regulators will likely move cautiously on introducing a regulation like traceable timing. Like the FCA, they want to make sure that the potential market disruption this might cause is justified by the market efficiency benefits to be gained. But the faster the systems become, the wider they are deployed and the smarter the applications get, the greater the need for verified transactions records. Financial services are leading the way on developing ways to help keep automated systems accountable. Other industries will reap the benefits, because when additional regulators unveil a requirement for traceable timing, the systems developed for financial services will be available, almost 'off the shelf', to these other industries, which make automation more accountable but ultimately boost market confidence.

According to Ketan Parekh, Head of Financial and Insurance Services at Fujitsu UK & Ireland, Fujitsu recently revealed that 71% of financial services leaders believe that technology is vital to the future success and health of their organisation. Below Parekh discusses with Finance Monthly the prospects of fintech innovation in 2020, and the benefits for Financial services companies therein.

Every year new technologies are transforming the financial services industry, with technology such as the Internet of Things (IoT), Robotic Process Automation (RPA), Artificial Intelligence (AI) and blockchain completely changing the services that banks can provide to their customers. For example, Metro Bank is using a selfie technology to allow consumers to open current accounts online, whilst Facebook will soon let you send payments via WhatsApp. With so much innovation on offer, there is a huge opportunity for organisations to take advantage of new technologies to improve efficiency and customer service.

Our recent research of the sector also revealed that over half (55%) of UK financial services business leaders feel their organisation has been a leader in technological innovation over the last five years. And while many embrace the positive effect of technology, there are some risks associated with this rapid innovation. The explosion of new technologies combined with the rapid pace of change and ever evolving consumer demands means some organisations can be left playing catch-up and falling behind on innovation.

Investing in the future

It was recently uncovered that more than half (56%) of UK financial services business leaders worry their organisation could miss out on the benefits of technological innovation, because they haven’t planned radically enough. The truth is - organisations with the right foundations in place will be those to take advantage of what technology has to offer.

With no signs of innovation slowing down, it’s vital that the financial services sector builds on its existing strengths. Although significant steps have been taken already, to succeed in the digital age and bring innovative solutions to the market, business leaders will need to make a sizeable financial commitment. Now is the time for them to put the right plans in place to ensure they are prepared to tap into the innovations to come, and this includes making investments in digital technologies a key priority for the business.

Although significant steps have been taken already, to succeed in the digital age and bring innovative solutions to the market, business leaders will need to make a sizeable financial commitment.

Customer first

Financial services leaders have been faced with no small challenge. Currently, over half (55%) of financial services business leaders admit they are not able to predict what customers will want from their organisation in the future. Today their customers are hunting for convenience, and seeking innovation, new digital services, low rates, speed and security.

Take retail banking for example, where some banks are now beginning to roll out systems that learn the behaviours of their individual customers, and can recognise in real-time the ‘signature’ abnormal behaviours when these customers are influenced by scammers. It’s clear that financial services organisations are innovating but these organisations must ensure that the technology they offer actually meets the demands of individual customers.

Keeping the top spot

Financial services leaders have been faced with no small challenge. Their customers are asking them to innovate and provide new digital services, alongside threats in the form of data governance, protection and public trust. Yet one thing is clear - financial services leaders must continue to put the organisation at the forefront of innovation.

It’s now the time for them to put the right plans in place to ensure they are prepared to tap into the innovations to come. When organisations ensure they prepare, plan and put the customer first, successful technological innovations are possible. This way organisations will be able to stay ahead of competition and keep the UK’s financial service organisations at the forefront of innovation.

Below Zoe Wyatt, Partner at international tax specialists Andersen Tax, discusses the inevitability of blockchain, whilst exploring banks' attitudes towards the emergence of new financial technologies, and highlighting how the two can, in fact, work hand in hand.

The first industrial revolution in 1780 began with mechanisation. It was followed by electrification in 1870, automation in 1970 and globalisation in the 1980s. Today, we have digitalisation of the industrial process and tomorrow there will be ‘personalisation’ (industrial revolution 5.0): the cooperation of humans and machines through artificial intelligence (AI) whereby human intelligence works hand-in-hand with cognitive computing to personalise industrial processes.

This might involve the creation of bespoke artificial organs operated by computers talking to one another, automation of the manufacturing process, or self-executing contracts (smart contracts), and so on.

John Straw, a disruptive technology expert involved in developing the 5.0 model, recently claimed that blockchain could render the financial services industry irrelevant, thereby killing off the City of London and constricting the tax revenues that fund the NHS. Straw makes some headline grabbing comments, but do they have any substance?

Blockchain is the technology that underlies cryptocurrencies, such as Bitcoin, and whilst it has existed for approximately ten years, it remains relatively new.

In simple terms, blockchain is a digital archive of information pertaining to an asset, individual and/or organisation. But this is no ordinary digital ledger.  Its technology features:

• the ability to validate data entered on the blockchain as correct and complete at the time of creation;
• data that cannot be changed; new blocks of data are added sequentially and chained to the last block. The story the data tells can be added to, but its past cannot be modified;
• multiple parties must consent by a majority or pre-defined basis on the validity of additions to the blockchain;
• multiple copies of the data, in encrypted form, are stored on the computer systems of numerous globally disseminated individuals/organisations participating in a particular blockchain network;
• respecting the privacy of that data;
• although there is potential for a malicious attack on a specific computer to successfully change data held on its copy of the blockchain, other participants in the blockchain network would be alerted and the true blockchain restored. In this sense, the blockchain is immutable
• an accessible audit trail.

These characteristics diminish the role of intermediaries who are traditionally used to validate data and ensure that it is kept safe. Therefore, Blockchain has myriad potential applications: investment in blockchain start-ups, which are developing solutions for the financial services sector, is staggering.

Blockchain has myriad potential applications: investment in blockchain start-ups, which are developing solutions for the financial services sector, is staggering.

Technical issues exist in overcoming scalability, transaction speed, and energy consumption. However, these will be resolved in the near future as companies develop ways in which the blockchain can be stored ‘off-chain’. This will ensure that it does not need to be downloaded entirely by a node to verify a transaction using AI, amongst other tech, to guarantee that the immutability of blockchain is not undermined. It also creates scalability and reduces energy to such a degree that even the idle computer in a car or mobile phone can be used to verify transactions.

Blockchain technology can be deployed by the financial services sector to:

• Assist with almost real time settlement and reconciliation of transactions as the intermediaries used to verify and authenticate parties to a transaction and the source of funds are removed
• Program self-executing commercial agreements
• Trade stocks and shares in real time
• Reduce costs for financial transactions through efficiency gains
• Remove time limits and payment failures
• Track financial transactions, preventing fraud and money laundering
• Diminish exposure to currency movement
• Minimise risk of inflation or currency depreciation where it is separate from the state and/or bank.

Although blockchain technology has the power to change the entire traditional banking system, it does not represent disaster for the City of London. Although traceability of transactions and, therefore, tax evasion cannot yet be mitigated entirely,  blockchain can indeed help to resolve some critical tax evasion and avoidance issues.

HM Treasury has already developed a proof of concept for VAT using blockchain technology. This should eliminate large swathes of VAT fraud. Given the advent of digital identity, tighter anti-money laundering (AML) procedures administered on blockchain and a widely adopted digital currency, tax evaders will have nowhere to hide.

[ymal]

Blockchain and smart contracts have the capacity to completely transform the audit and tax industries, including multinational corporations’ in-house CFO/finance functions. When coupled with AI technologies, this will enable the digital preparation of accounts and tax return, and the performance of audits. In turn, this facilitates absolute tax transparency, making it easier for tax authorities to raise and conclude enquiries more efficiently into, for example, transfer pricing on intra-group transactions.

Most importantly, the tax and regulatory systems need to evolve somewhat faster than we have so far seen on other new business models and supply chains.

To realise these benefits, seamless interoperability of different technologies is required, together with cooperation between multiple parties, as opposed to a single banking system. This will allow for comprehensive management of the risks that Straw prophesises.

Below Simon Wood, CEO at accredited LEI issuer Ubisecure, discusses with Finance Monthly the significance and function of LEIs, what they are and how they work, but more importantly how the financial sector can work to reduce the risks involved in managing LEIs.

Comprising of 20-character alphanumeric reference codes, LEIs are designed to identify distinct legal entities and provide a free, publicly available, verifiable source of ‘who is who’ (organisation identity) and ‘who owns whom’ (organisation group structures). Crucially, by utilising LEIs, companies of all sizes can identify themselves as a true legal identity and trade globally.

LEIs offer many advantages to the banking industry, ranging from significantly reducing costs in customer onboarding to establishing transparency and enabling trust in transactions. Indeed, McKinsey & Company, along with the Global Legal Entity Identifier Foundation, recently found that LEIs could yield annual savings of over U.S. $150 million within the investment banking industry alone.

Despite these benefits, however, if LEIs are not managed correctly the potential risks could result in harmful ramifications, including non-compliance fines and negatively impacted reputations. With that in mind, it is important that the banking sector not only educates itself on these risks, but that it also acts to deploy tools and strategies to manage LEIs safely and effectively.

The role of LEIs in banking

The value LEIs bring to the banking sector can be categorised in two key ways – by enhancing transaction identification processes, and by simplifying the process of tracing information about a transaction.

LEIs are an ideal mechanism in situations where an identification process is required for payments. At the same time, they allow financial institutions to optimise the efficiency of their systems through automating and augmenting verification methods.

LEIs are an ideal mechanism in situations where an identification process is required for payments. At the same time, they allow financial institutions to optimise the efficiency of their systems through automating and augmenting verification methods.

Where payments need to be routed to the correct entity in a large corporate group, LEIs serve an equally essential function, making all members of the transaction aware of who owns whom via LEI level 2 data. They also allow economic crime and identity fraud to be quickly pinpointed and averted.

It’s therefore unsurprising that the SWIFT Payment Market Practice Group is a key advocate of LEIs, and has formally declared the ‘huge potential’ they offer for improving payment processes.

Moreover, the cost of customer onboarding can also be significantly reduced with LEIs as they standardise one comprehensive identifier for KYC/AML processes. In fact, recent research from McKinsey & Company suggested that by using LEIs to support all stages of the ‘customer management lifecycle’, the banking industry as a whole could save around U.S. $2.4 billion a year.

LEI management considerations

With ISO 20022/SWIFT becoming the global standard for financial transactions, there is a strong push for the inclusion of LEIs in payment messages. Consequently, LEIs are set to play an even more fundamental role within banking over the next year – so it is increasingly vital that they are managed in a secure and efficient way.

This involves ensuring that workflows and systems are able to obtain LEIs as required, and also that they don’t lapse. Ultimately, a host of new risks are introduced when LEIs are missing, incorrect or out-of-date. The implications can be severe, resulting in held-up trade and potential non-compliance fines.

Organisations are required to acquire and uphold LEIs in line with specific regulations – such as MiFID/MiFIR in the EU for example. If this doesn’t happen, then trade will be delayed and transactions frozen until the issue is resolved. For this reason, LEIs should be issued at the earliest stage possible to avoid payment workflow delays and disruption down the line.

[ymal]

Mitigating the risk

The first step around countering LEI risk is to ensure that the relevant staffers are fully aware of the consequences that come with lack of LEI preparation. With this, its essential that strategies are put in place to provide the necessary education.

In practical terms, employing a robust LEI issuance and management solution can help to reveal the existence and status of all current LEIs within an organisation’s internal and external groups. This also helps to provide an overview of all the LEIs in play within a single view, so financial organisations can easily identify and issue LEIs to anyone with missing identifiers.

By automating the LEI issuing and renewal processes, banks can significantly cut down administrative burdens, while simultaneously guarding themselves against the risk of lapses or fines from regulatory breaches.

As LEI use cases are set to explode, there’s no question that they are the future for driving progress within banking. Yet although the benefits are significant, the industry must also be aware that the potential costs of lapsed, missing or incorrect LEIs are also considerable. To fully reap the rewards, then, implementing systems and processes to manage them effectively is vital.

Bitglass recently released its 2019 Financial Breach Report: The Financial Matrix.

This year’s study found that only 6% of all breaches in 2019 were suffered by financial services firms. However, these breaches compromised significantly more records than those that occurred in other industries.

In total, more than 60% of all leaked records in 2019 were exposed by financial services organisations. This is at least partially due to the Capital One mega breach, which compromised more than 100 million records. Despite this outlier, average breaches in financial services companies still tend to be larger and more detrimental than other sectors’ breaches. Fortunately, they do occur less often.

“Given that organisations in the financial services industry are entrusted with highly valuable, personally identifiable information (PII), they represent an attractive target for cybercriminals,” said Anurag Kahol, CTO of Bitglass. “Hacking and malware are leading the charge against financial services and the costs associated with breaches are growing. Financial services organisations must get a handle on data breaches and adopt a proactive security strategy if they are to properly protect data from an evolving variety of threats.”

Hacking and Malware remain the primary cause of data breaches in financial services at 74.5% (up slightly from 73.5% in 2018). Insider Threats grew from 2.9% in 2018 to 5.5% today, while Accidental Disclosures increased from 14.7% to 18.2%.

The cost per average breached record in financial services ($210) has increased over the last few years and exceeds the per-breached-record cost of all other industries except healthcare ($429).

For mega breaches, which affect approximately 100M or more individuals, the cost per breached record in financial services is now $388 – up from $350 in 2018.

Many financial services organisations are still not taking proper steps to secure data in our modern cloud and BYOD environment. Consequently, they are suffering from recurring breaches. For example, Capital One and Discover each experienced their fourth significant data breach in 2019.

The top three breaches of financial services firms in 2019 were suffered by Capital One Financial Corporation (106 million individuals), Centerstone Insurance and Financial Services (111,589), and Nassau Educators Federal Credit Union (86,773).

But as the attack surface expands with the growing use of social media and external digital platforms, many FinServ security teams are blind to a new wave of digital threats outside the firewall.

Here Anthony Perridge, VP International at ThreatQuotient, discusses how all businesses need to fully understand the threats they can face on social media and how to prevent them, and specifically how FS’s can protect their institutions online.

More than three billion people around the world use social media each month, with 90% of those users accessing their chosen platforms via mobile devices. While, historically, financial services (FinServ) institutions discouraged the use of social media, it has become a channel that can no longer be ignored.

FinServ institutions are widely recognised as leaders in cybersecurity, employing layers of defence and highly skilled security experts to protect their organisations. But as the attack surface expands with the growing use of social media and external digital platforms, many FinServ security teams are blind to a new wave of digital threats outside the firewall.

Social media is a morass of information flooding the Internet with billions of posts per day that comprise text, images, hashtags and different types of syntax. It is as broad as it is deep and requires an equally broad and deep combination of defences to identify and mitigate the risk it presents.

Understanding prevalent social media threats

Analysis of prevalent social media risks shows the breadth and depth of these types of attacks. A deeper understanding of how bad actors are using social media and digital platforms for malicious purposes is extremely valuable as FinServ institutions strive to strengthen their defense-in-depth architectures and mitigate risk to their institutions, brands, employees and customers.

To gain visibility, reduce risk and automate protection, leaders in the financial industry are expanding their threat models to include these threat vectors. They are embracing a data-driven approach that uses automation and machine learning to keep pace with these persistent and continuously evolving threats, automatically finding fraudulent accounts, spear phishing attacks, customer scams, exposed personally identifiable information (PII), account takeovers and more.

[ymal]

They are aggregating this data into a central repository so that their threat intelligence teams can trace attacks back to malicious profiles, posts, comments or pages, as well as pivot between these different social media objects for context. Network security teams can block their users from accessing malicious social objects to help prevent attacks, and incident response teams can compare their organisation’s telemetry of incidents with known indicators of compromise to mitigate damage.

Employee education is also a critical component of standard defences. Raising awareness of these threats through regular training and instituting policies to improve social media security hygiene with respect to company and personal accounts goes a long way to preventing these attacks in the first place.

A Checklist for Financial Institutions

This checklist that encompasses people, process and technology will go a long way toward helping FS teams better protect their institutions, brands, employees and customers.

1. IDENTIFY the institution’s social media and digital footprint, including accounts for the company, brands, locations, executives and key individuals.
2. OBTAIN “Verified Accounts” for company and brand accounts on social media. This provides assurance to customers that they are interacting with legitimate accounts and prevents impersonators from usurping a “Verified Account.”
3. ENABLE two-factor authentication for social media accounts to deter hijacking and include corporate and brand social media accounts in IT password policy requirements.
4. MONITOR for spoofed and impersonator accounts and, when malicious, arrange for takedown
5. IDENTIFY scams, fraud, money-flipping and more by monitoring for corporate and brand social media pages.
6. MONITOR for signs of corporate and executive social media account hijacking. Early warning indicators are important to protecting the organisation’s brand.
7. DEPLOY employee training and policies on social media security hygiene.
8. INCORPORATE a social media and digital threat feed into a threat intelligence platform as part of an overall defense-in-depth approach. This allows teams to ingest, correlate and take action faster on attacks made against their institution via social media.

Here Jake Holloway, Chief Product Officer for Rizikon Assurance at Crossword Cybersecurity PLC, explains why Supplier Assurance Frameworks are becoming more-and-more essential in the new world of operational resilience.

More recently, the introduction of SMF24 under the Senior Managers and Certification Regime has put the ownership of resilience firmly in the boardroom.  Those in the new SMF24 role need to have complete visibility of the operational risks that might exist not only in the organisation, but also within its own supply chains and partnerships.  As we have seen with recent IT outages and high-profile cyber security incidents, it is not always the institution itself that is at fault, but it is them that faces the critical attention of their customers, the media and the regulators.

A new era of supplier risk management for the financial sector

In order to manage risk and build healthy supply chains in the financial sector, the right supplier assurance processes need to be in place.  This could be seen as a challenge for procurement teams and the supplier onboarding process, but it reaches much further, with risk assessments needed across areas as diverse as anti-money laundering, the Modern Slavery Act, Health & Safety, GDPR and cyber security to name but a few.

Each of these areas impacts institutions in different ways, and indeed may require specialist expertise to assess the risks.  Cyber security is a great example, where a weakness such as an unpatched VoIP phone or laptop, may be exploited in one supplier to reach back into the financial institutions themselves.

Normally, supplier assurance and procurement teams would stay well away from such technical and complex areas.  For instance, with cyber security, where supplier due diligence requires a cyber security assessment, it’s happily handed over to specialists – whether internal or external.  Any reports, risk acceptance or remediation activities are left with the specialists while supplier assurance teams focus on the core of financial risk, insurance cover, regulatory standards, governance and so on.

[ymal]

Building a Supplier Assurance Framework

Institutions need a different approach to reduce risks associated with suppliers, vendors and other third parties.  One that combines the supplier assurance and procurement team’s approach based on good practice, controls, evidence of governance and commitments to improvement, with the deeper technical understanding of other teams.  Supplier assurance and procurement teams have a far greater role to play in this than they may imagine through the implementation of a Supplier Assurance Framework.

A good framework, starts with the need for supplier assurance and other departments to gain an improved understanding about each other’s domains, objectives and responsibilities.  A starting point is for them to jointly develop Supplier Impact criteria that systematically assess how much inherent risk every supplier or third party may have in that departments sphere.

Each supplier can then be measured against these criteria, and their supplier impact level established.  A different approach for each level of impact should be agreed jointly and completely standardised across the organisation. For example, for suppliers with a Very High impact, the supplier should be expected to demonstrate a high level of internal controls.  For cyber security, for example, this should take the shape of obtaining or working to achieve high standards such as ISO27001, IASME Governance or NIST.  This means it’s the supplier’s responsibility to show a serious level of control rather than the hard-pressed cyber security team’s responsibility to dive into hundreds of hours of audit work.  It also has the benefit of being easy for a non-cyber specialist to determine if the standard is present or not.

Where a technical assessment is needed, such as a penetration test or at least a “pen test” report from a credible third party, then the supplier assurance team can be responsible for managing that this takes place – handing over the responsibility to the cyber teams or external testers where needed.  This ‘management of risk’ role cannot be handed over though, as tempting as it is when the talk gets incomprehensibly technical.

The approach at each level of supplier impact should also contain the ongoing levels of compliance required in order to maintain good risk management.  Again, the supplier assurance team can timetable these ongoing reviews and focus on the governance of third-party risk – whether cyber, continuity, financial or regulatory.

Total risk visibility for the SMF24 role

What really helps is that the different teams involved in supplier risk start to use shared information systems to record and visualise supplier risks.  We have seen users creating really impressive supplier scorecards showing a combined view of financial, cyber, GDPR, slavery and other risks all on one simple chart for each supplier.  For the person in the SMF24 role, this creates a shared understanding of the totality of risk from each supplier and helps specialist teams, such as IT, and the supplier assurance team understand how their worlds fit together.

The SMF24 role completely changes the emphasis on operations from management to proactive resilience, but to achieve that the right supplier assurance framework, processes and technology need to be in place that give the boardroom the visibility it needs to control, manage and measure their exposure.

But it’s not just about convenience at home. With recent research revealing that 91% of businesses are now investing in voice technologies, the benefits of using them are being realised by offices all over the world. Whether it’s easing administrative duties or enabling companies to provide a smoother, more convenient customer journey, voice technologies are changing the game.

However, not all sectors are reaping the rewards just yet. Whilst financial services (FS) companies have led the charge in some areas of technological adoption and know-how when it comes to voice technologies many of these organisations have a long way to go. By failing to embrace change and invest in voice-led innovation, FS businesses really are missing out on a world of possibilities, says Mark Geremia from Nuance.

Time is money

Earlier this year, a research report discovered that speech recognition technologies could save FS businesses a staggering £40,000 per employee each year. Although not the sole answer to increasing productivity, it was found that these technologies can actually be used to speed up over half of the tasks currently being undertaken by employees within these organisations.

Speech recognition technologies could save FS businesses a staggering £40,000 per employee each year.

Responding to emails, writing Business Studies papers, writing up meeting notes, crafting client communications and recommendation letters... All are jobs on the to-do list which, although important, eat up precious time unnecessarily. And, as the saying goes: in business, time is money.

By deploying speech recognition technologies, the time and therefore cost associated with these administrative duties is reduced significantly – from an average of 275 minutes to just 73 minutes per day. As a result, the burden often associated with admin is reduced and employees are able to channel their efforts into other areas of the business or take on a higher number of clients to create additional income.

Of course, there are some tasks for which speech recognition cannot be used. Client meetings will always require the human element, as will product and provider research. But, given that we talk up to three times faster than we type, there is an undeniable potential for speech recognition to support productivity within FS organisations.

But that’s not the only benefit voice technologies could bring to FS businesses.

Looking after your most valuable asset

In today’s gig economy, employee expectations are at an all-time high and loyalty is far from guaranteed. If FS businesses are not meeting these expectations, they risk losing their talent to their competitors.

The goal for every business, regardless of size or sector, is to create a workforce which is happier and – therefore – more motivated. Achieving this will likely lead to increased investment from individual workers and a boost in overall business productivity.

Voice technologies can support these efforts for FS businesses by granting employees the tools they need to do their jobs effectively. If implemented in a way that involves employees from the offset, encouraging transparency and ensuring that they are aware of all the potential benefits - voice technologies can help to engage an entire workforce.

In fact, recent research showed that employees working in environments where advanced technologies – such as voice solutions – are in widespread use are 56% more likely to say that they are motivated at work. This could have a huge impact on overall business output.  After all, everyone knows that a happier workforce is a more productive one.

Employees working in environments where advanced technologies – such as voice solutions – are in widespread use are 56% more likely to say that they are motivated at work.

Looking ahead

In today’s competitive landscape, there’s no denying that increasing employee productivity is a core goal for any business – regardless of size or sector. It’s almost a given that those failing to meet this goal will miss out.

By providing employees with the tools which will enable them to effectively use their time and do their jobs FS businesses can boost productivity significantly.

Voice technologies could offer an answer to some challenges which have plagued the financial industry for years. With these solutions playing an ever-increasing role in our personal and professional lives, it’s time for FS businesses to realise their potential and embrace the power of voice.

In 2010, people owned 12.5 billion networked devices; whilst it is estimated that by 2025 this number will have climbed to more than 50 billion.

While the IoT has already impacted sectors such as manufacturing and healthcare, it is still a nascent technology in the world of banking. Research has found that banks have still not implemented IoT technologies within their organisations or in their products or services. In the long term, however, this is set to change. Reports have shown that 40% of financial services businesses are currently experimenting with IoT and big data.

Given the wealth of statistical data which can be gathered from a range of devices within an IoT network, the applications of IoT and big data can go hand in hand. For example, retail banks can combine IoT and big data to offer increasingly personalised services to customers. Rather than providing a ‘one size fits all’ approach, banks can create personalised offers to customers by using IoT capabilities to analyse various aspects of its customers’ behaviour - including the regularity in which they visit merchants or purchase from them - and offer bespoke budgeting plans or financial products relevant to their lifestyles. Furthermore, the data from wearable payments technologies, for instance, could be used to help build detailed customer profiles and enable fraud detection. The same data could also enable banking institutions to build partnerships with brands that can push relevant deals through to banking customers in the area, enabling even closer relationships with customers and providing more useful perks.

The benefits of IoT services within the financial sector aren’t just limited to retail banks. Insurers can use IoT capabilities to aid interactions with customers and to accelerate and simplify underwriting and claims processing, as well as default prediction.

The benefits of IoT services within the financial sector aren’t just limited to retail banks.

It can also help insurance companies to determine risk more precisely. Automotive insurers, for example, have historically relied on indirect indicators, such as age, address, and creditworthiness of a driver when setting premiums. Now, data on driver behaviour and the use of a vehicle, such as how fast the vehicle is driven and how often it is driven at night, are available. These new data sets can help insurers provide premiums that more accurately reflect their consumers.

Another application of IoT within the financial sector that has the potential for huge implications is in trade finance. International trade flows are currently expensive and predominantly paper-based due to the inefficiency of the supply chain in moving goods. IoT within trade finance can be used to make these processes quicker by tracking movement, supply and demand. This can significantly improve the efficiency of the process by reducing the cost and risk for the enterprise. However, in order to have any meaningful impact on trade finance, there would need to be a large scale, global adoption of IoT - allowing every part of the ecosystem to be accounted for and creating a seamless process.

If key issues around cybersecurity can be overcome, the IoT presents a huge opportunity for the banking sector. And there will certainly be disruptors willing to provide that access - so the time is now for banks to start thinking about technology development that will take advantage of this before a competitor gets there first.

Authored by David Murphy, Managing Partner, Financial Services EMEA at Publicis Sapient.

Yet, our working days are getting more demanding and the time we must juggle both our personal, and professional lives seems to be even more restricted.

Maintaining a positive work-life balance is a key factor for employee happiness. Because of this, and in order to better work around personal lives and work demands, dynamic working, which was once a somewhat unfamiliar term, is now a highly sought-after workplace benefit. Below Derren Bevington, Business Director at Michael Page Finance, explains further.

Dawnconsultancy offers full range of dynamic consultancy including Dubai offshore company in UAE, providing best innovative financing solutions to help troubleshoot any business problem with ease.

In fact, in previous research, we found that 66% of professionals working in banking and financial services would like to see flexible working hours offered by their employer and 53% also listed work from home options in their top three desired benefits. However, only 26% of those surveyed had actually been given the option to work from home.

Why is it important?

A recent study conducted by Michael Page shows that millennials expect flexible working to be offered as standard in the workplace and not as an additional benefit. However, this doesn’t mean that those who fall outside of this age group don’t equally enjoy the benefits of dynamic working or want them to be included as part of their working life. The ability to plan work around personal life events allows individuals to better organise their time, take care of their physical and mental wellbeing, and ensures that they are in the best position to manage a productive work schedule. As we are in a candidate-short market, it is important good people are retained. Being able to adapt to the changing motivations of employees to drive forward retention in later years is key.

[ymal]

How to introduce dynamic working

What’s important to remember is that flexibility in the workplace is defined differently by everyone; what works for one person may not work for another. The key to success is to ensure that it is tailored to the individuals in the workforce and that they have the option to choose what is important to them.

Flexible working does not mean fewer working hours. It is a way to show employees they are trusted to do their job no matter the time or location they choose to work in.

Flexible working does not mean fewer working hours. It is a way to show employees they are trusted to do their job no matter the time or location they choose to work in.

These are my top tips for implementing flexible working successfully:

• Facilitate home access - the ability to work from home or a remote location can significantly improve productivity. Workers in these industries are usually comfortable with reviewing their emails first thing in the morning or responding to queries well after 5:30. In fact, the ability to sign in during a commute can amount to a lot more getting done, well before the rest of the team have even signed in.
• Establish flexibility champions - these individuals should be from right across the business, to demonstrate how they make it work best for them. This employee may be someone who takes a longer lunch break but comes in an hour early to compensate. Alternatively, it could be a parent who comes in later so they can drop their kids off in the mornings. Some companies have also enabled some of their employees, particularly those who live further distances from the office, to leave early as a means of making an earlier train but encourage them to log back in once they get home.
• Highlight great performance - this should happen for both employees in the office and those who on occasion work dynamically. However, if there is a noticeable improvement in an individual’s performance after adopting a dynamic working schedule, be sure that it is known across the company.
• Agree weekly deliverables - regardless of flexibility requirements - work from home, longer lunches, or later start times - every employee needs to know their KPIs and daily responsibilities to ensure they are working effectively. When dynamic working is introduced, this becomes increasingly important to ensure employees know what is expected of them.
• Consider job sharing - where it is feasible, perhaps two employees would work better on a part-time basis sharing the responsibilities of a single role on a week to week basis? Job sharing is a workable solution if two colleagues or new starters are only able to work restricted hours during the week. The key consideration for this working arrangement is to ensure each employee is effectively communicating with the person they are handing the job over to, this is so they are aligned in the requirements for the following day.

Ultimately, it’s important to define what dynamic working means in your business before implementation and ensure this is communicated to everyone in the company. The secret to maintaining a flexible working approach is to always make certain it remains adaptable to everybody’s needs. This working arrangement should be adjustable to the ever-changing schedule of people’s lives and encourage employees to produce their best work.

Here Craig Naylor-Smith, Managing Director of Parseq, explains why financial services businesses cannot afford to stay complacent with the prospect of GDPR fines lurking over their shoulder.

In July, the Information Commissioner’s Office (ICO) announced its intention to fine British Airways £183.39m following a cyber-attack that exposed the details of almost 500,000 customers – the first fine to be publicly announced under the GDPR. The very next day, the ICO announced a second prospective fine of £99.2m against Marriott International following its own hack.

For those in the financial services (FS) sector, the ICO’s actions will have been a reminder of the consequences GDPR non-compliance can bring. Under the legislation, businesses can be fined the equivalent of up to €20m, or four per cent of their global turnover, whichever is greater.

The wealth of personal data held by FS firms of course means that the sector will be under particular scrutiny from both the regulator and the wider public. Yet, our own research has shown that many in the sector have struggled to handle a rise in personal data access requests from their customers and employees in the year since GDPR came into force – a situation that could put them at risk of feeling the ICO’s sting.

Challenges ahead

Under the GDPR, individuals can submit data access requests to receive a copy of personal data organisations hold on them and information on factors such as why their data is being used. They can also request that their personal data be erased. In most cases, organisations must respond within just one month.

Our research – conducted just after the GDPR’s first anniversary – found that more than two thirds (68%) of UK FS companies have seen a rise in data access requests in the year since the GDPR’s introduction in May 2018.

Of these, almost nine in ten (85%) had faced challenges in effectively responding, citing cost (57%) and complexity (48%) as their primary barriers.

Alongside these factors, more than a third (35%) pointed to a reliance on paper documentation as an obstacle.

With this in mind, a potentially effective solution for the sector as it addresses its compliance challenges could be found in greater digitisation – ensuring that the paper documents they hold containing personal data are digitally accessible.

[ymal]

The FS sector has always been quick to adapt to consumer demand for digital solutions and capitalise on the opportunities that digital technologies can offer.  

Steps for success

The FS sector has always been quick to adapt to consumer demand for digital solutions and capitalise on the opportunities that digital technologies can offer.

Despite this, we found that only five per cent of financial services businesses had digitised all of the paper documentation they held in the year after GDPR’s introduction – a situation that hasn’t improved from the 12 months before. When asked why not, our respondents most commonly cited complexity (39%) and a lack of time (37%).

While these issues are understandable, they should be carefully considered in relation to the benefits that digitisation could offer.

Digitisation can help firms more quickly access personal data as and when it’s needed, helping to boost overall response time – an important factor given the GDPR’s time constraints. Meanwhile, investing in technologies such as automated scanning and data capture systems can help reduce time spent on administration, freeing-up valuable staff resources for other tasks.

And there are options to sidestep the issue of complexity. At Parseq, we deploy cutting-edge technologies such as optical character recognition and Robotic Process Automation (RPA) to digitise 25 million paper documents every year for our clients. This can help them build secure, searchable online archives of their documentation, enabling them to be on the front foot when it comes to quickly accessing and managing their documentation while offloading complexity to us, and offering savings in terms of cost and time.

GDPR is now firmly bedded-in, and the UK’s FS businesses must act to ensure that they are fully able to comply. Reducing a reliance on paper documentation through digitisation can help them more effectively respond to data access requests, ultimately reducing the risk of incurring the ICO’s wrath and being slapped with a heavy fine.