Many organisations are migrating to the cloud – applications, services and infrastructure can be run more efficiently by service providers, or by hosting them in private cloud environments. According to IDC, nearly 40% of all data in the digital universe will be in the cloud by 2020.
However, financial services and banking organisations have been more cautious on how they make use of cloud. Partly this is due to the significant data security and compliance requirements that banks are under. Financial data has to be secure and access controlled, as set out by legislation like Sarbanes-Oxley and the Gramm-Leach-Bliley Act in the US and the Data Protection Act in the UK.
While some aspects of banking IT can make the move to the cloud, the sheer size of banking IT operations means that there will be a “long tail” of migrations across the sector for some time to come. For internal IT requirements that don’t touch on personal data, the option to virtualise and build private cloud infrastructure has been evaluated, and in many cases started.
Banks are making the shift over to cloud where they can as the technologies behind cloud become more robust and secure. Around 71 per cent of banking executives stated that they planned to invest in cloud according to a survey by PricewaterhouseCoopers in late 2013 – this was four times more than in the previous year.
As part of this shift to cloud, how services are delivered and managed will change as well. Rather than looking at fixed physical platforms for the long term, cloud computing encourages more agility and flexibility in approach. For IT teams, used to thinking about migration as a “one-off” activity, a change in mindset is called for around workloads and portability.
Because businesses—and the banking industry, specifically—will continue to evolve to address growing data input demands, the modern data centre will need to be nimble in order to reflect the constant flow of information across increasingly diverse origins and destinations. The sooner companies can realize the efficiencies enabled with technology that does not rely on like-system migration, the sooner they will be able to move forward with business development without fear about uprooting their data protection processes given future needs or change. Because migration to the cloud is an increasingly viable option for banks today, IT needs to understand how the process of migration—not just the migration itself—can benefit their business long-term.
Migration should be thought of as something that will be going on continuously, as banking IT teams can look at how to make the shift without impacting on day-to-day operations. As workloads become ready for migration, they can be moved across to new platforms using the same strategy.
Even for internal applications, the move to the cloud can lead to potential downtime that is extremely costly. To avoid this problem, banks are looking at new strategies in order to remove that potential downtime. Business continuity aims to keep business processes and architectures available for users regardless of any challenges like network connectivity being lost or device failure.
The IT teams at banks are experts at business continuity planning, as their systems include applications that have to be available to users whatever happens. Business continuity planning can be extremely helpful within migration projects, as it can provide ways to reduce the potential impact of downtime.
By using migration tools, like data replication software, IT teams can shift server images and data across to new cloud platforms without having to take the original systems offline. This can not only cut the risk of a migration failing, it means that the team can go back to the previous platform without too many problems.
This whole approach around workload mobility aims to provide banking IT with a degree of flexibility and agility that is not possible when you are wedded to specific hardware or storage platforms. By decoupling the workloads from the operating systems, storage layers and servers underneath them, bank IT teams can deploy those applications where it makes the most sense – both for performance and economic reasons.
For the banking sector as a whole, cloud computing can be used to support some key customer-facing applications and services across the many facets of their business activities. Gartner estimates that consumers will initiate at least 10 per cent of all banking transactions indirectly via cloud-services based portals and exchanges by 2015.
For banking IT teams, the move to the cloud is part of a longer-term strategy around picking the right platforms for applications. However, these decisions are not all-or-nothing moves; by putting the right workload mobility strategy in place, banks can remove some of the risk and challenges that exist around migration.
Creating a culture of cybersecurity in Financial Services
By Martin Landless, Vice President for Europe at LogRhythm
As the financial services sector increasingly moves online and reaps the benefits of the modern digital economy, the sector has become an even more tantalising target for cybercriminals. Financial data is among the most lucrative data types for cybercriminals, going for high prices on the Dark Web or used to access accounts, copy payment cards and make fraudulent purchases.
For any business which suffers a successful cyberattack, the consequences can be severe. A halting of business processes whilst the business gets up and running again can impact the bottom line, negative media attention can dent customer confidence, and the potential for a large General Data Protection Regulation (GDPR) fine can derail existing plans for business growth.
These consequences will be front of mind for financial services leaders now, as the sector has found itself in the crosshairs even more so during the current pandemic. Recent data from VMWare indicates that cyberattacks against the financial sector increased by 238 per cent from February to April 2020, with cybercriminals looking to take advantage of the tumult to steal valuable data.
Although financial services institutions find themselves under attack more frequently than ever, it is still possible to remain at the forefront of the digitalisation of the industry and remain secure. Doing so relies on a three-pronged approach, with people, processes and technology all working in concert towards ensuring cybersecurity. Through a holistic approach, a culture of cybersecurity can be created that protects institutions.
Given the sensitivity of the data they manage, financial services organisations must have a mature security operation model in place to deal with threat actors. Security operations maturity is measured based on two variables: mean time to detect (MTTD) threats and mean time to respond (MTTR) to them.
A reduction of both MTTD and MTTR is crucial to ensuring cyberattacks are halted earlier in the threat lifecycle, and is reliant on technological solutions which allow for the automation of workflows. This frees up vital time for security teams to focus their attention where it is most needed. Indeed, a recent survey of security professionals and executives found that 47 per cent of those surveyed felt that they needed increased security teams, so anything that can maximise the effective time of existing cybersecurity personnel is a huge benefit. Visibility across networks and systems is also key, as cybersecurity teams must be able to immediately see shifts in behaviour in the network to recognise imminent threats as they arise.
Although technological innovation in security response is a strong foundation for an effective culture of cybersecurity, this must be complemented with processes and security training for employees.
Ensuring cybersecurity is a board-level issue
It is the responsibility of the CISO and the security team which works under them to ensure that security is front of mind for all employees. A chain is only as strong as its weakest link, and it only takes one employee falling victim to a phishing email to compromise a business. CISOs may be senior figures in a business, but they need the support of the rest of the C-suite to fulfil their goals. At the board level, CISOs must ensure that executives are aware and fully understand the challenges security teams encounter day to day and the longer term.
This then becomes a matter of communication rather than technology. One potential means of communicating security posture to the board is by focusing on the benefits and return on investment an effective security posture can entail. Additionally, a CISO can furnish a high trust environment through partnering a member of the board with the security team.
This partner can articulate perspective to the team from a purely business standpoint, allowing the team to produce intelligence to the board that exhibits the business value of the security operation centre’s (SOC’s) methods and goals. This collaborative approach will encourage the understanding security teams have for business goals and the board’s understanding of security necessity.
Growing security alongside the business
One area of understanding between security team and leaders that should be nurtured is the impact of business growth on security. Although business growth indicates that a business is in robust health, it also facilitates multiple avenues through which a company can come under cyberattack.
Firstly, don’t assume cybercriminals aren’t keeping an eye on the markets and on the business pages. They’ll be aware of a company’s raised profile and whether they’re now a more lucrative target – or not. Positive business events like mergers and acquisitions can also present opportunities for cybercriminals. On a tech level network and security systems of different companies may be in the process of being migrated and integrated, and on a more human level, new staff, as yet unaware of the security protocols of the company they’re joining, can be targets.
It’s important then that security teams ensure each new employee is vetted, safely added to the system and trained on appropriate security protocol. In the case of acquisitions, security teams must effectively monitor new structures that are added to the network, and third-party connections with whom they are not yet familiar. A Gartner study earlier this year identified third-party cybersecurity risk as a key concern for half of legal and compliance leaders.
This is all easier said than done however, and key to this issue is security budget, and it is here board-level support is important. Security budgets are often determined in advance and follow two common pricing models used by security vendors: the user-based model and capacity-based model. In the face of growth, both are fixed, and may leave security teams making difficult decisions as to where they safeguard their organisations.
Executives should instead look for security vendors which offer a subscription-based model. This offers the guarantee of scalable security at a determined rate, which will greatly alleviate the stress felt by security teams in what often should be an exciting time for an entire organisation.
Changing security budgets to better facilitate the work of SOCs represents a culture of cybersecurity being put into practice. Technological solutions are provided based on an understanding between security teams and the board on what is needed, allowing for better performance in MTTR and MTTD.
Security posture needs to be fixed now
Covid-19 has heightened the risks faced by cybersecurity teams and financial services organisations, and now, more so than ever, is it vital to foster a culture of cybersecurity. The benefits of digitalisation for financial services are too great to ignore, and failure to embrace digitalisation in the name of security will hamper financial services’ growth. Instead, a holistic approach encompassing people, process and technology will be vital to forging a secure path forward in the financial services industry.
VP Bank Selects AxiomSL to Meet Multi-Jurisdictional Risk and Regulatory Reporting Requirements
Consolidates bank’s reporting on a single platform for financial/statistical, AnaCredit, and CRR2/Basel-driven mandates including ICAAP and ILAAP, and provides foundation for strategic expansion
AxiomSL, the industry’s leading provider of risk and regulatory reporting solutions, today announces that VP Bank, one of the largest banks in Liechtenstein, has selected AxiomSL’s ControllerView® data integrity and control platform, as a foundation for its risk and regulatory compliance across Liechtenstein, Luxembourg, Singapore and Switzerland, – encompassing financial and statistical reporting such as CSSF, FINMA, AnaCredit for EBA, MAS 610 for Singapore, and CRR2- and BCBS-driven requirements including ICAAP and ILAAP for FMA.
The high-performance, fully integrated, data-driven platform will enable VP Bank to manage an array of risk and regulatory mandates on a single platform, with full transparency across all processes from ingestion, calculation, reconciliation, and validation to submission. VP Bank will use the platform strategically to further data harmonization, streamline processes, enhance automation, bolster internal controls, and strengthen risk and regulatory reporting across the enterprise.
“Selecting AxiomSL will enhance the value of our investment in regulatory technology, optimize efficiency, and deliver business insights,” stated Robert Kilga, Head of Group Financial Management & Reporting, VP Bank. “With AxiomSL’s single platform, we can ingest data in its native format from multiple sources thus creating synergies between capital, liquidity, and other business functions enterprise-wide,” he continued. “AxiomSL’s system provides intuitive, hands-on transparency into all processes from inception to filing, enhancing our confidence in the data integrity and auditability of our reporting, and enabling us to meet ever-changing regulatory requirements”.
“We are thrilled that VP Bank, such a well-respected institution, has joined our esteemed user community in the DACH region and globally,” said Claudia Thurner, EMEA General Manager, AxiomSL. “In these times of global uncertainty, complying with a wide range of regulatory and risk requirements across jurisdictions is more complex, data intensive, and time sensitive than ever. Financial institutions require a reliable technology partner who can provide global coverage while understanding the intricacies of local and regional regulatory demands,” Thurner continued. “Our industry and technical expertise will enable VP Bank to streamline their processes, scale faster, and adapt swiftly and confidently to change. We look forward to a strong and strategic collaboration with VP Bank in support of their vision and growth journey”.
With the upcoming Basel IV-driven expansion, financial institutions like VP Bank are faced with the next generation of capital requirements that can easily overwhelm systems if they lack the data transparency, proper methodologies and controls to perform calculations accurately across all risk types. These calculations may have a profound effect on the banks’ portfolio management and even the entire business model.
To address these challenges, AxiomSL’s Basel Capital Solution incorporates a flexible data dictionary architecture, seamless calculation updates, full drilldown to data and processes, transparency into model calculations, and dynamic data lineage. In addition, AxiomSL’s regulatory experts provide VP Bank with a highly efficient change-management mechanism that enables them to be current with all Basel-driven changes.
Uncertain Times for the Financial Sector… Is Open Source the Solution?
By Kris Sharma, Finance Sector Lead, Canonical
Financial services are an important part of the economy and play a wider role in providing liquidity and capital across the globe. But ongoing political uncertainty and the consequences of the COVID-19 crisis have deep implications for the UK’s financial services sector.
In a post-Brexit world, the industry is facing regulatory uncertainty at a whole different scale, with banking executives having to understand the implications of different scenarios, including no-deal. To reduce the risk of significant disruption, financial services firms require the right technology infrastructure to be agile and responsive to potential changes.
The role of open source
Historically, banks have been hesitant to adopt open source software. But over the course of the last few years, that thinking has begun to change. Organisations like the Open Bank Project and Fintech Open Source Foundation (FINOS) have come about with the aim of pioneering open source adoption by highlighting the benefits of collaboration within the sector. Recent acquisitions of open source companies by large and established corporate technology vendors signal that the technology is maturing into mainstream enterprise play. Banking leaders are adopting open innovation strategies to lower costs and reduce time-to-market for products and services.
Banks must prepare to rapidly implement changes to IT systems in order to comply with new regulations, which may be a costly task if firms are solely relying on traditional commercial applications. Changes to proprietary software and application platforms at short notice often have hidden costs for existing contractual arrangements due to complex licensing. Open source technology and platforms could play a crucial role in helping financial institutions manage the consequences of Brexit and the COVID-19 crisis for their IT and digital functions.
Open source software gives customers the ability to spin up instances far more quickly and respond to rapidly changing scenarios effectively. Container technology has brought about a step-change in virtualisation technology, providing almost equivalent levels of resource isolation as a traditional hypervisor. This in turn offers considerable opportunities to improve agility, efficiency, speed, and manageability within IT environments. In a survey conducted by 451 Research, almost a third of financial services firms see containers and container management as a priority they plan to begin using within the next year.
Containerisation also enables rapid deployment and updating of applications. Kubernetes, or K8s for short, is an open-source container-orchestration system for deploying, monitoring and managing apps and services across clouds. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation (CNCF). Kubernetes is a shining example of open source, developed by a major tech company, but now maintained by the community for all, including financial institutions, to adopt.
The data dilemma
The use cases for data and analytics in financial services are endless and offer tangible solutions to the consequences of uncertainty. Massive data assets mean that financial institutions can more accurately gauge the risk of offering a loan to a customer. Banks are already using data analytics to improve efficiency and increase productivity, and going forward, will be able to use their data to train machine learning algorithms that can automate many of their processes.
For data analytics initiatives, banks now have the option of leveraging the best of open source technologies. Databases today can deliver insights and handle any new sources of data. With models flexible enough for rich modern data, a distributed architecture built for cloud scale, and a robust ecosystem of tools, open source platforms can help banks break free from data silos and enable them to scale their innovation.
Open source databases can be deployed and integrated in the environment of choice, whether public or private cloud, on-premise or containers, based on business requirements. These database platforms can be cost effective; projects can begin as prototypes and develop quickly into production deployments. As a result of political uncertainty, financial firms will need to be much more agile. And with no vendor lock-in, they will be able to choose the provider that is best for them at any point in time, enabling this agility while avoiding expensive licensing.
As with any application running at scale, production databases and analytics applications require constant monitoring and maintenance. Engaging enterprise support for open source production databases minimises risk for business and can optimise internal efficiency.
Additionally, AI solutions have the potential to transform how banks deal with regulatory compliance issues, financial fraud and cybercrime. However, banks need to get better at using customer data for greater personalisation, enabling them to offer products and services tailored to individual consumers in real time. As yet, most financial institutions are unsure whether a post-Brexit world will focus on gaining more overseas or UK-based customers. With a data-driven approach, banks can see where the opportunities lie and how best to harness them. The opportunities are vast and, on the journey to deliver cognitive banking, financial institutions have only just scratched the surface of data analytics. But as the consequences of COVID-19 continue and Brexit uncertainty once again moves up the agenda, moving to data-first will become less of a choice and more of a necessity.
The number of data sets and the diversity of data is increasing across financial services, making data integration tasks ever more complex. The cloud offers a huge opportunity to synchronise the enterprise, breaking down operational and data silos across risk, finance, regulatory, customer support and more. Once massive data sets are combined in one place, the organisation can apply advanced analytics for integrated insights.
Uncertainty on the road ahead
Open source technology today is an agile and responsive alternative to traditional technology systems that provides financial institutions with the ability to deal with uncertainty and adapt to a range of potential outcomes.
In these unpredictable times, banking executives need to achieve agility and responsiveness while at the same time ensuring that IT systems are robust, reliable and managed effectively. And with the option to leverage the best of open source technologies, financial institutions can face whatever challenges lie ahead.
Digital collaboration: Shaping the Future of Finance
By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn With heightened economic uncertainty and increased customer expectation becoming...
The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk
Research by Egress reveals organisations suffer outbound email data breaches approximately every 12 working hours Egress, the leading provider of human layer data security solutions, today released their 2020 Outbound Email Data...
Regulating innovation: the biggest challenge in payments
By Fady Abdel-Nour, Global Head of M&A and Investments, PayU Over the course of the last six months, the payments...
Investors remain worried about COVID, but positive towards stamp duty holiday
By Jamie Johnson, CEO of FJP Investment The journey back to economic normality will be strenuous. COVID-19 has imbued many...
Creating a culture of cybersecurity in Financial Services
By Martin Landless, Vice President for Europe at LogRhythm As the financial services sector increasingly moves online and reaps the...
How the financial sector can keep newly acquired customers returning time and time again
By Dicken Doe from Foolproof, a Zensar company Covid-19 has changed the financial lives of millions; what worked for people...
Creating an engaging email marketing campaign that avoids the junk folder
By David Wharram, CEO of Coast Digital With more than 280 billion emails sent every day, email marketing is a...
Cloud in Banking: An Opportunity That Can’t be Ignored
By David Rimmer, Research Associate at Leading Edge Forum Originally offered as a better way to build IT systems, cloud...
Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert
The rapid adoption of contactless payments during COVID-19 may be contributing to multiple strands of fraud Monica Eaton-Cardone, COO and...
Pay and Go, why seamless checkout is essential for the customer experience
By Ralf Gladis, CEO, Computop Shopping for many is therapy…until they reach the queue for the checkout. It’s easier online...