Banks are increasingly using your data intelligently and effectively. Let’s find out how far they can go. Julius Abensur, Head of Industry and Financial Services at Relay42, explains.
Technology has advanced at a rapid pace in banking and our demands have changed, making our data – and banks using it properly to benefit us – more important than ever.
Through various utilities, facilities, transactions and experiences, banks have more opportunities to break down traditional barriers to offer us a more seamless experience across channels and outcomes, rather than products and functions. By using our data effectively, they can deliver us a unique journey, based around our personal interests and most frequently-used channels. The benefits to banks are clear; customers who are fully engaged bring an average of 37% more annual revenue to their primary bank than customers who are disengaged.
To achieve the levels of engagement and loyalty we now expect, banks need to ensure they are using our data wisely and responsibly in order to nurture our trust. If banks aren’t using our data to provide us with a better and more valuable user experience, it won’t be long before we stop sharing it altogether. This will only be made easier in light of regulations such as GDPR and PSD2, which are placing stricter rules on how banks use our information.
So how can banks use our data more effectively, while maintaining our trust?
Merging the real and digital worlds
Impending regulation changes are slowly pushing banks and disruptive fintech start-ups to collaborate, rather than compete, and this is opening up a whole new world of opportunities for us as customers. Banks possess a stronghold of customer data ripe for delivering personalised and useful experiences, and by partnering with fintechs who specialise in innovative, agile technologies, they can deliver true value.
For example, let’s say that a customer (we’ll call him Bill) has just paid for dinner at a restaurant with his friends, and they all want to split the cost and pay Bill back. By partnering with the right fintech and sharing customer data across platforms with a smart data platform, the bank can make this repayment process easier by enabling Bill to distribute payment requests through an online chat service via a single link. By using this link, Bill’s friends can then repay him instantly regardless of who they bank with.
By using data management technology to responsibly share data across different platforms, banks can launch intelligent customer experiences and solutions relatively quickly across both the real and the digital world. This offers clear advantages for customers, who can now use more intelligent services to increase convenience. And this is just the beginning.
Connecting with other industries
When it comes to delivering truly beneficial experiences, banks need to be looking beyond the industry they serve. We all have a vast range of interests that can be capitalised upon through the sophisticated use of data, and this can be achieved by connecting with other industries.
Take the travel industry, for instance. As seamless partnerships between payment providers, booking interfaces and airlines become ubiquitous, travel and financial services leaders need to take a sideways glance to carefully choose trusted partners, value propositions and technology.
To translate this into a practical example: Let’s revisit Bill. Bill has a Global Travel Plus credit card, which is issued by his bank and connected to a global airline, granting him rewards and discounts when he travels. The bank has also created a service called the Travel Plus app, which offers relevant recommendations related to Bill’s journeys and behaviours, and is orchestrated by the bank’s customer journey technology.
Through intelligent cross-pollination of insights and data, the bank can deliver a suite of offers based on Bill’s loyalty and customer value, including frequent flyer points and hotel discounts. Then, through contextual retargeting, Bill’s bank can send financially-related recommendations for his next trip to Barcelona, from the best insurance rates to lock-in forward Euro rates. This kind of data-driven personalisation is what we now crave, and simply would not be possible without banks connecting with other platforms and industries.
Stitching data intelligently
Data is undoubtedly the key to delivering the innovative, highly personalised banking experience that we are all seeking. For banks, the benefits are clear - customer retention is around 14% higher for companies that effectively apply big data and analytics to deal with velocity.
However, if banks are to achieve this then they need to make sure they use our data intelligently. As we have explored, using data management technology can go a long way to effectively stick data together to create a single customer view — the foundations for orchestrating right customer experiences — for the right people. Additionally, partnering with companies both inside and outside of the financial sector can open up new opportunities for next-generation loyalty and engagement.
Sharing confidential information is a data protection issue with more and more red tape every day. With more and more apps differentiating encryption methods, this becomes even harder to manage for authorities. Below Finance Monthly hears about the potential for banking fraud via apps such as WhatsApp from Neil Swift, Partner, and Nicholas Querée, Associate, at Peters & Peters LLP.
As ever greater quantities of sensitive personal data are shared electronically, software developers have been quick to capitalise on concerns about how susceptible confidential information may be to interference by hackers, internet services providers, and in some cases, governmental agencies. The result has been an explosion in messaging apps with sophisticated end-to end encryption functionality. Although ostensibly designed for day to day personal interactions, commonplace services such as WhatsApp and Apple’s iMessage use end-to-end encryption to transmit data, and more specialised apps offer their users even greater protection. Signal, for example, allows for its already highly encrypted messages to self-destruct from the user’s phone after they have been read.
The widespread availability of sophisticated and largely impregnable messaging services has led to a raft of novel challenges for law enforcement. The UK government, in particular, has been outspoken in its criticism of the way in which end-to-end encryption offers “safe spaces” for the dissemination of terrorist ideology.
Financial regulators are becoming increasingly conscious of the opportunity that these messaging services present to those minded to circumvent applicable rules, and avoid compliance oversight. 2017 saw Christopher Niehaus, a former managing director at Jeffries, fined £37,198 by the Financial Conduct Authority for sharing confidential client information with friends and colleagues via WhatsApp. Whilst the FCA accepted that none of the recipients needed or used the information, and the disclosure was simply boasting on Neihaus’ part, it was only his cooperation with the regulator that saved him from an even more substantial fine.
That same year saw Daniel Rivas, an IT worker for Bank of America, investigated by the US Securities and Exchange Commission and plead guilty to disclosing price sensitive non-public information to friends and relatives who used that information. One of the means of communication was to use Signal’s self-destructing messaging services. Rivas’ prosecution saw parallels with the 2016 conviction of Australian banker Oliver Curtis, an equities dealer, for using non-public information that he received from an insider via encrypted Blackberry messages.
These examples are likely to prove only the tip of an iceberg; given that encrypted exchanges are by definition clandestine, understanding the true scale of the issue, outside resorting simply to anecdote, is itself an unenviable task for regulators and compliance departments. Whilst those responsible for economic wrongdoing have often been at pains to cover their tracks – perhaps by using ‘pay as you go’ mobile phones, and internet drop boxes to communicate – access to untraceable and secure communication is now ubiquitous. It is difficult to imagine that future regulatory agencies will have access to the material of the same volume and colour that was obtained as part of the worldwide investigations into alleged LIBOR and FX manipulation.
How then can regulators respond? And how are firms to discharge their obligations both to record staff business communications, and monitor those communications for signs of possible misconduct? Many firms already ban the use of mobile phones on the trading floor, but such edicts – even where rigorously enforced – will only go so far. Neither Mr Rivas, nor Mr Neihaus, would have been caught by such a prohibition.
There may be technological solutions to technological problems. Analysing what unencrypted messaging data exists to see which traders are notably absent from regulated systems, or looking for perhaps tell-tale references to other means of communication (“check your mobile”), may present both investigators and firms with vital intelligence. Existing analysis of suspicious trading data may assist in identifying prospective leads, although prosecutors may need to become more comfortable in building inferential cases.
Fundamentally, however, such responses are likely to be both reactive, and piecemeal. Unless the ongoing wider debate as to the social utility of freely available end-to-end encryption prompts some fundamental rethink, the need to effectively regulate those who participate in financial markets – and thus the regulation of those markets themselves – may prove increasingly challenging.
Stephen Ufford, Founder and CEO of Trulioo, discusses how mobile can offer increasing protection against modern fraud.
In a world where interaction is increasingly made through screens rather than face-to-face, it is often difficult for companies to tell exactly who their customers are online, which poses a serious risk to security and compliance.
This threat is doubled by increasing legislative pressure. A host of new regulations passed at the end of 2017 mean that companies have to focus more and more on knowing exactly who their customers are.
The end of January was the final deadline for financial services firms to register ‘ultimate beneficial owners’ so that the individuals behind every account, and those who benefit from it, are clearer. The Fourth Anti-Money Laundering Directive (4AMLD) stipulates that companies need to be aware of the ultimate identity of business entities. Prevents the development of shell companies for tax evasion and money laundering, among other financial crimes.
Under the Second Payment Services Directive (PSD2), which also passed in January, any transaction above 30€ needs to be subject to a two-factor authentication process, which verifies the identity of the customer through two separate pieces of information.
This can be based on something they know, such as a password; something intrinsic about them, such as biometric data like fingerprints or facial appearance; or something they possess, such as specific documentation.
In a digital age, this is easier said than done. Gone are the days when customers walk into a branch to set up their bank account in person. The vast majority of financial interactions nowadays are carried out simply through the click of a mouse or, more recently, the swipe of a phone. The number of mobile phone users in the world is expected to surpass the 5 billion mark by next year.[1] Last year, mobile transactions overtook those made online and in branches – according to data by Visa. [2]
But this increasing shift to mobile devices can provide a KYC opportunity, offering another item that customers possess, and can use to identify themselves. With access to Mobile Network Operators (MNOs), financial services firms can access another form of identification – possession of a specific handheld device.
This usually involves an SMS text message being sent with a verification code to the user’s mobile. The code can then be used to authenticate that the account being accessed is by the owner of the phone, verifying identity through possession of the device. MNOs already have access to extensive identity information on their subscription holders, as they are also expected to meet stringent KYC requirements. Financial Services firms can use this vital layer of identification and compare it against other pieces of evidence, such as document and passwords, for the benefit of all parties.
Another useful function of handheld devices is their capacity to record biometric data. The majority of smartphones include a front-facing camera that can be used to take a photo, capturing inherent data about a person’s appearance.
As technology on phones improves, this opens up opportunities for further layers of authentication. Many iPhones have the capacity to register fingerprints, as well as the facial recognition capacity extensively advertised in the iPhone X.
At the moment, these innovations are limited to higher-end devices. However, as this capability becomes more widespread amongst devices, using further biometric data proofs for customers will become increasingly feasible.
Additionally, the ability of mobile devices to verify identity has a wider potential for citizens of the world. Vast numbers of the global population are unbanked, not included in the financial system, and without a financial identity. But the extreme reach of mobile technology could change this.
In Mexico, for instance, only 40 percent of adults have a bank account, yet there are 80 phone subscriptions for every 100 people. Being unconnected to any formal bank can leave many people financially disempowered, unable to access any kind of financial services, which leaves their funds insecure and without growth potential. The ability to verify identity through mobiles means that previously unbanked individuals can be provided with access to financial services in the future.
In an increasingly globalised world, borders are becoming more fluid. The global population is more mobile than ever, with many people moving between borders for work or shopping in foreign countries over the internet. Cross-border e-commerce, for instance, is growing at 25 percent annually.[3] As individuals and money routinely travel increasing distances between geographical and legislative areas, this makes securing identity and tracing transactions more difficult than ever.
But mobile devices can be taken across borders and connected to their original MNO via other local networks. In a growingly interconnected world, as fraud threats become more sophisticated and regulation more stringent, mobiles and their networks can provide a consistent proof of identity that brings security and increased access to financial services for everyone.
[1] https://www.statista.com/statistics/274774/forecast-of-mobile-phone-users-worldwide/
[2] https://www.visaeurope.com/media/pdf/40172.pdf
[3] http://www.dhl.com/en/press/releases/releases_2017/all/express/cross_border_ecommerce_is_one_of_the_fastest_growth_opportunities_in_retail_according_to_dhl_report.html
The Top 5 Impacts of GDPR on Financial Services
The clock is ticking to the 2018 deadline to comply with the EU General Data Protection Regulation (GDPR). Acting now is critical for firms to avoid risking fines of €20m (or 4% of annual revenue) so advance planning and preparation is essential. Here Nathan Snyder, Partner at Brickendon, lists for Finance Monthly the top five considerations and impacts GDPR will have on financial services.
Amidst growing concerns around the safety of personal data from identity theft, cyberattacks, hacking or unethical usage, the European Union has introduced new legislation to safeguard its citizens. The EU General Data Protection Regulation aims to standardise data privacy laws and mechanisms across industries, regardless of the nature or type of operations. Most importantly, GDPR aims to empower EU citizens by making them aware of the kind of data held by institutions and the rights of the individual to protect their personal information. All organisations must ensure compliance by 25th May 2018.
While banks and other financial firms are no strangers to regulation, adhering to these requires the collection of large amounts of customer data, which is then collated and used for various activities, such as client or customer onboarding, relationship management, trade-booking, and accounting. During these processes, customer data is exposed to a large number of different people at different stages, and this is where GDPR comes in.
So, what does the introduction of GDPR actually mean for financial institutions and which areas should they be focussing on? Here Brickendon’s data experts take a look at five key areas of the GDPR legislation that will impact the sector.
1. Client Consent: Under the terms of GDPR, personal data refers to anything that could be used to identify an individual, such as name, email address, IP address, social media profiles or social security numbers. By explicitly mandating firms to gain consent (no automatic opt-in option) from customers about the personal data that is gathered, individuals know what information organisations are holding. Also, in the consent system, firms must clearly outline the purpose for which the data was collected and seek additional consent if firms want to share the information with third-parties. In short, the aim of GDPR is to ensure customers retain the rights over their own data.
2. Right to data erasure and right to be forgotten: GDPR empowers every EU citizen with the right to data privacy. Under the terms, individuals can request access to, or the removal of, their own personal data from banks without the need for any outside authorisation. This is known as Data Portability. Financial institutions may keep some data to ensure compliance with other regulations, but in all other circumstances where there is no valid justification, the individual’s right to be forgotten applies.
3. Consequences of a breach: Previously, firms were able to adopt their own protocols in the event of a data breach. Now however, GDPR mandates that data protection officers report any data breach to the supervisory authority of personal data within 72 hours. The notification should contain details regarding the nature of the breach, the categories and approximate number of individuals impacted, and contact information of the Data Protection Officer (DPO). Notification of the breach, the likely outcomes, and the remediation must also be sent to the impacted customer ‘without undue delays’.
Liability in the event of any breach is significant. For serious violations, such as failing to gain consent to process data or a breach of privacy by design, companies will be fined up to €20 million, or 4% of their global turnover (whichever is greater), while lesser violations, such as records not being in order or failure to notify the supervisory authorities, will incur fines of 2% of global turnover. These financial penalties are in addition to potential reputational damage and loss of future business.
4. Vendor management: IT systems form the backbone of every financial firm, with client data continually passing through multiple IT applications. Since GDPR is associated with client personal data, firms need to understand all data flows across their various systems. The increased trend towards outsourcing development and support functions means that personal client data is often accessed by external vendors, thus significantly increasing the data’s net exposure. Under GDPR, vendors cannot disassociate themselves from obligations towards data access. Similarly, non-EU organisations working in collaboration with EU banks or serving EU citizens need to ensure vigilance while sharing data across borders. GDPR in effect imposes end-to-end accountability to ensure client data stays well protected by enforcing not only the bank, but all its support functions to embrace compliance.
5. Pseudonymisation: GDPR applies to all potential client data wherever it is found, whether it’s in a live production environment, during the development process or in the middle of a testing programme. It is quite common to mask data across non-production environments to hide sensitive client data. Under GDPR, data must also be pseudonymised into artificial identifiers in the live production environment. These data-masking, or pseudonymisation rules aim to ensure the data access stays within the realms of the ‘need-to-know’ obligations.
Given the wide reach of the GDPR legislation, there is no doubt that financial organisations need to re-model their existing systems or create newer systems with the concept of ‘Privacy by Design’ embedded into their operating ideologies. With the close proximity of the compliance deadline – May 2018 – firms must do this now.
Failing to do at least one of the following now: a) identify client data access and capture points, b) collaborate with clients to gain consent for justified usage of personal data, or c) remediate data access breach issues, will in the long run not only cause financial pain, but also erode client confidence. A study published earlier this year by Close Brothers UK, found that an alarming 82% of the UK’s small and medium businesses were unaware of GDPR. Recognising the importance of GDPR and acting on it is therefore the need of the hour.
Where do cyber threats begin? What is the root of the issue and how can we eradicate the source of any risk? What does this look like when you’re a maturing startup compared to a global corporation? Thomas Parsons, Sr. Director of product management at Tenable Network Security here takes to Finance Monthly back to the basics and gives his thoughts on the current global cyber situation.
Ransomware had previously been considered just another piece of nuisance malware that largely targeted unsuspecting consumers. However, the recent uptick of new variations, and their drastic impact in restricting access to enterprise systems and data, has catapulted this threat firmly into the spotlight. Events in the last few months have established ransomware as one of the most impactful and persistent global cyber threats.
Ransomware on the global stage
Increasingly in recent years, we’ve seen a shift from hackers using ransomware to target individual users to much larger attacks on enterprises. Top of mind is WannaCry, which wormed its way into networks around the world and encrypted data, closely followed by ‘Petya’ and also ‘NotPetya.’
Ransomware operates by compromising a system, infecting it with malware and encrypting data using a private key, preventing users from accessing the system. Hackers then send a message demanding payment to provide the key and restore the user’s data. Weaponising ransomware with worm capabilities, i.e. EternalBlue, has given hackers the opportunity to maximize the damage as the malware spreads from system to system. When ransomware latches onto systems that contain valuable company data, the systems become inaccessible, effectively bringing business to a halt.
For any organisation, the breach of personal data can not only impact the bottom line, but it can also cause irreversible reputational damage.
To pay or not to pay
WannaCry and Petya/NotPetya represent the new normal of today’s sophisticated threat environment. And with ransomware now impacting the global community, organisations must grapple with whether to pay the ransom.
Unfortunately, there is no guarantee that an organisation, which has its data held hostage by cyber criminals, will get a decryption key by paying the ransom – after all you’re dealing with criminals.
Paying the ransom also further funds the criminals’ antics, validating the business model and encouraging repeat infections – a practice that doesn’t benefit anyone in the long run, except perhaps the criminals.
However, the debate as to whether to pay cyber ransom shouldn’t be the focus, given that these attacks can be preventable.
Rather than a sophisticated attack or zero-day exploit, ransomware often takes advantage of well-known software vulnerabilities that organisations have failed to patch or update. The truth is attackers would much rather gain entry to the network by exploiting a known, but unpatched vulnerability, or a phishing email, because these techniques have a much higher return on investment.
But patching isn’t always that simple. Security teams can't control everything, and while it has become increasingly easy to deploy changes into environments, there are some mission-critical systems that can’t be updated with a click of a mouse or a simple script. For those systems that can’t be taken offline without disrupting business operations, security teams must implement compensating controls and make proper, risk-based decisions to mitigate the threat.
Cyber 101: Back to the basics
If we’re to leave ransomware in the past, organisations must get back to the basics, focusing on the foundations of strong cybersecurity.
To start, organisations need to implement security controls that prevent untrusted or unknown applications from being installed, while not impeding end-user productivity. This means security teams should use application whitelisting, blacklisting, dynamic listing, real-time privilege elevation and application reputation.
Organisations should also consider adopting the principle of least privilege, which gives privilege to users according to job necessities. In the event of an accidental link click or attachment opening that attempts to execute an application requiring elevated privileges (such as encrypting a hard drive, network share or folder), the user privileges would not allow those actions to be performed, stopping the attack immediately.
Even more important is end-user security training and awareness, backed by a solid understanding of attack methods used to gain information from users. Educating users on how to spot a phishing email and the dangers of sharing personal information and installing software from unknown sources can benefit them both at work and home.
In the modern computing environment, which now spans cloud, on-premises, IoT and operational technology, continuous visibility into the vulnerability status of every asset is critical to understanding the business impact of ransomware attacks and to fundamentally improve how organisations think about cybersecurity.
Here is a simple mantra to help focus the mind - If you can’t patch it, then you must protect it. And if you can’t do either, then you should prepare for the consequences.
Peter Arrowsmith, Partner at Gill Jennings & Every discusses with Finance Monthly the implications of intellectual property in the FinTech world, how to best protect and how to go about the challenges involved.
Getting to grips with intellectual property (IP) can seem daunting for fledgling FinTech companies just pushing off the starting blocks. However, it’s a step that early-stage businesses, looking to disrupt the market with the latest innovation, cannot afford to overlook.
The IP needs of disruptive companies are different from those of the industry incumbent, but are no less important. Having a well-formed IP strategy is not only vital to protecting the technical innovation at the heart of many FinTechs’ disruptive aspirations, it also plays a critical role in helping startups prove themselves worthy of funding, as investors assess the company’s prospects and exactly what they are getting for their money. Moreover, for founders looking towards their eventual exit, a strong IP portfolio will go a long way towards making a company attractive to potential buyers.
What protection is available to FinTech companies?
FinTech companies will likely hold several types of IP that they can and should seek to protect. Trade marks, for example, provide vital security and protection for a company’s name and branding. In terms of protecting innovation itself, if it’s software-based one option is copyright for the relevant code. However, copyright is limited in that it only protects the specific expression of code that underpins a concept and creates an effect; it does nothing to prevent a competitor achieving the same effect using code that has been developed independently. Ultimately, if your innovation is based on a new technology or process, a patent is the best option for providing strong protection of innovation. With a lifetime of 20 years, it allows a company to safeguard their entire invention for the long-term while they gain a foothold in the market.
Patent challenges in FinTech
Securing a patent is often not as easy as FinTech companies would hope, because innovation in the industry is predominantly software-based. A quirk of UK patent law is that, while technical innovation is patentable, the 1977 Patents Act - the most up-to-date legislation - treated computer programs in the same way as works of literature, protectable only by copyright, rather than technical innovations in and of themselves. This old-fashioned definition throws up barriers against a whole host of inventions – from mobile banking apps to online payment methods and even cryptocurrencies, all of which are software-based.
In spite of this, the common claim that it is impossible to patent a software-based innovation is a misconception. The Patents Act states that computer programs and business methods are excluded only “as such”. This key phrase allows leeway in the patentability of solutions, including computer programs, if they can be shown to have a technical effect. With 10,000 European patent applications in computer technology filed in 2016 alone, it is clear that many software companies are successfully patenting their technology.
Securing a patent in FinTech
While a business method itself cannot be patented, by starting with the method and working backward through the technology that makes it possible, IP lawyers can often find a part of a process that can be. For example, the concept of a currency conversion app is non-technical and unlikely to be applicable for a patent, but an inventive use of biometric technology – such as iris scanning - within that app to confirm payment very well could be.
By patenting the underlying technology of the invention, organisations can prevent competitors from copying the innovative part of their business, thus giving “backdoor protection” for their overall idea. A good method for many disruptors is to submit a broad application for the concept, supplemented by a number of narrow applications that protect the technology that makes the concept possible.
The role of inventors/developers
However a product has been developed, it is likely that a team of developers or inventors has been involved. It is critical for all businesses, especially those where the invention has been developed by a team, to make sure that the company has proper rights to the invention. Usually this can be achieved by ensuring that all of the developers are employees of the business, or – if they are independent contractors – that their contract involves an assignment of IP rights. Investors performing due diligence on a company will often look at the ownership of IP first to make sure that the company actually owns what it claims as its core technology. While the inventors themselves should not have any rights to the invention, they are named as inventors in a patent application, and this can provide some much-deserved recognition, and can be a valuable addition to their CVs.
Where to start?
There is no single answer to the question of what a disruptive FinTech should be protecting first; the most important thing is to build an IP strategy around your business plan. Startups naturally don’t have the budget of the big banks, so they should think smartly about what they are trying to achieve, and what they need to protect to achieve it – typically, the core technologies that underpin the company, in the geographies that matter most. Filing a patent for every last idea the company has come up with is not cost-efficient or effective. Before you protect anything, ask yourself what purpose the protection will have for your business, and ensure you are getting the proper IP advice to guide you through your first steps.
Here Chris Labrey, Managing Director UK & Ireland for Econocom talks to Finance Monthly about the management of long term payment models and how they can play a part in the implementation of cyber security measures.
If businesses have learned anything over the past few weeks, it is that the issue of cyber security has never been more important. Despite the severity of the WannaCry incident — which started off affecting numerous NHS trusts across the UK and evolved into something that affected computers in more than 100 countries — it was a stark and much-needed reminder that no business can truly count themselves as safe, no matter the area or industry.
For those working in the legal sector, the unfortunate truth is that they are more vulnerable than most. On a daily basis, lawyers, barristers, solicitors and more are dealing with highly confidential information — the kind of information that is extremely valuable in the eyes of online hackers. If these individuals were able to infiltrate IT systems and seize this data, the consequences of it being leaked could be disastrous.
With this in mind, it is essential that all law firms put sufficient security measures in place, but there are several obstacles that make this process more complicated than many first anticipate. Firstly, the necessary tools for comprehensive protection often require a significant capital expenditure investment, and many firms struggle to pay this without any negative financial repercussions. What’s more, it is not uncommon that this money comes straight from the pockets of the partners, which results in additional strain for those looking to take a proactive stance against the cyber threat.
Even if the majority of firms could afford to pay the considerable one-off payment to protect themselves, they often fail to consider whether they have the sufficient resources to manage and maintain these various tools and systems. Security is not an automated service —it requires staff that are on-hand to monitor and detect any potential vulnerabilities and then decide on the appropriate action to resolve the issue.
However, flexible payment-over-time models represent a solution that makes the process of deploying these security measures much easier — a solution that reflects our 21st century ‘renter society’ sensibilities, and is being realised by security-conscious law firms. Just like many of us pay for our mobile phones or cars in monthly instalments, the legal sector is beginning to reap the many benefits of using such a model to pay for cyber security protection.
Firstly — and perhaps most obviously — the model means there is no need for a large, one-off payment if businesses want to guarantee protection: instead, the cost is divided into smaller, more manageable chunks that are paid over a pre-determined period of time. Suddenly, the financially-induced headaches that many partners and firms suffer from are alleviated, allowing them the freedom to breathe and implement these new measures without any disruption to regular operations.
Payment-over-time models are also extremely valuable thanks to their flexibility. As the cyber threat continues to evolve and hackers devise new ways of infiltrating IT systems, businesses within the legal sector can continually refresh and future-proof their security measures to ensure they are constantly protected. Outdated systems can be swapped out for state-of-the-art replacements, without having to make another potentially crippling capital expenditure investment.
Fast-growing businesses within the legal sector are understandably wary of spending any significant amount of money on IT systems, especially if they find themselves doubling the size of their workforce in 12 months and find that the systems they spent so much money on are no longer sufficient. Payment-over-time models eliminate this problem entirely, as they allow businesses to scale their estate up or down according to specific business needs and requirements. This approach allows businesses to match the investment costs with the business benefits over time.
The threat of cyberattacks is only going to continue to evolve over time, and so the legal sector is left with no choice but to invest in the relevant security measures to protect themselves. If they fail to do so, they risk enormous financial and reputational damage, as well as the obvious loss of any data that is seized in the process. While putting these measures in place might have previously been tough for many law firms, the popularisation of payment-over-time models is the much-needed lifeline that they need to survive during these tough times.
Following last week’s consumer price index (CPI) announcement that comnsumer prices dropped in March by the largest amount in more than two years, Michelle McGrade, Chief Investment Officer at TD Direct Investing, comments and provides some top tips on how to protect from inflation hits like this.
As predicted, inflation will remain at 2.3% today, this remains the highest year on year level since September 2013. This is mainly due to the rise in pound and a fall in Oil. Another factor is airfares continuing not to rise and Easter falling later this year in April.
So, while energy prices fell, food prices rose. All in all consumers are feeling the pinch, according to Visa, consumer expenditure growth in Q1 was the weakest in three years.
Inflation is expected to peak around 3% by the year end. And, while the job market is tight, wages are not moving. This all means that consumer companies will have to fight harder to entice the customer in. Not only is competition intense but there is price pressure too. Let’s also not forget that retail sales have been flourishing for the last 6-7 years so some slowdown is expected.
The weak pound however should help exporters, and the industrial trade should take over, reducing the reliance on the consumer to hold up the economy.
Income funds - Companies with high barriers to entry and pricing power can offer some protection against inflation. Those paying dividends provide a further return, whether you choose to take the income or reinvest it. For global equities, take a look at Artemis Global Income. If you want to access just UK companies, Threadneedle UK Equity Income could fit the bill.
Index-linked Bonds - While inflation is the enemy of bond markets, index-linked bonds, as the name suggests, are linked to inflation in order to protect the value of investments. L&G All Stocks Index Linked Gilt Index provides exposure to the UK index-linked market, although this fund has performed strongly of late and may start to look expensive if interest rates rise.
Alternatives - Infrastructure assets such as toll roads typically have their prices linked to inflation. First State Global Listed Infrastructure is on our Recommended Funds list. Gold can be used as a hedge in uncertain markets and can offer an inflation insurance policy. Take a look at BlackRock Gold & General. Rising property prices, combined with rental yield, have also offered an effective hedge against inflation in the past. L&G UK Property Feeder offers exposure to the UK commercial property market. Commodities is another asset class which is worth considering. Inflation can be closely correlated to the price of oil and other commodities. First State Global Resources invests across a range of commodity holdings.
Exchange traded funds - Another way of gaining low-cost access to these asset classes is via exchange traded funds (ETFs). Here are some you may want to investigate further:
- Global index-linked bonds – iShares Global Inflation Linked Government Bond
- Gold – ETFS Physical Gold
- Commodities – Lyxor Commodities TR/Core Commodity CRB
Areas to avoid - In an environment when interest rates are lower than inflation, cash does not provide any protection. As prices go up the purchasing power of your cash is being eroded – in effect your cash will buy you less. Bonds also typically don’t protect against inflation. If interest rates or inflation go up, the yield on a bond doesn’t go up with them as it is fixed at the time of issue.
