By Chris Goettl, Security Evangelistat Ivanti
The financial sector has been reluctant to get fully behind cryptocurrencies, but while it might have experienced something akin to a crash from its peak of close to $20,000 on December 17th2017, Bitcoin (and other cyrptocurrencies) are still hot commodities. Now sat at a little over $6,000, many have cooled off their interest in cryptocurrencies and that volatility has done little to convince banks that their customers should be able to use their credit cards to invest.However, there are still a large number of people who see an opportunity to profit, but a small portion of those interested aren’t looking to invest or mine for the currency themselves; they only want to steal it.
The practice known as cryptojacking sees malicious actors run cryptocurrency-mining software in the background of a user’s computer without their permission or knowledge. Cryptojacking has quickly become the preferred method of attack for hackers, with a recent report claiming that there has been a “massive shift from ransomware to cryptomining”, with the newer tactic accounting for 35 percent of threats. The vast majority of these attacks will mine for a currency called Monero, which, like others, uses a public ledger but the difference is that Monero’s is obfuscated to the point where no one can tell its source, amount or destination. That obfuscation speaks again to the financial sector’s reticence on making any definitive statements about cryptocurrencies. While blockchain-based currencies have the potential to reduce organised fraud, they are currently largely unregulated, with the UK’s Treasury Committee recently describing the crypto-landscape as a ‘Wild West’.
It’s worth noting that cryptojacking is an entirely new form of financial crime. Unlike a bank robbery or printing counterfeit money, the currency being generated is not what is being stolen. It is the computer time that is being stolen. The cost for common processors to generate crytocurrency is now costlier than the amount of currency generated. So, in this case the threat actor is walking away with the information needed to allow them to claim the next block in the chain and you get stuck with the power bill which was more than the currency generated.In effect, anybody with a computer can mine for cryptocurrency though to make any significant amount of money requires investment in expensive components purpose built for cryptopmining or to transfer that cost to unwitting users, which is what cryptojackers are exploiting.
There are two forms of cryptojacking that both work towards the same end: using a system’s power to mine for currencies. The first form, cryptojacking malware, works in a similar way to other malware variants. Hackers will sneak cryptocurrency miners into software which then runs in a computer’s background processing. This form largely preys upon vectors like out-of-date applications and operating systems, like Windows XP. One large scale crypto hacking attack saw malware inserted into vulnerable versions of the popular Jenkins X platform and hackers pocketed an estimated $3.4 million.
The second variant called ‘drive-by’ cryptojacking does not require the installation of any software or applications and can be carried out on any device using a web browser. These attacks take place when web pages infected with a mining script are open on a user’s device. The website will then mine for cryptocurrency using the device without the user’s knowledge or consent. Millions of Android users experienced this in early 2018. Many devices browsing the web found themselves forcefully redirected to a page that claimed: “Your device is showing suspicious surfing behaviour. Please prove that you are human by solving the captcha.” Until the particular code was entered, the phone or tablet was mining for the Monero cryptocurrency at the maximum speed of the CPU. With an average time of four minutes spent on the page per user, each user probably only generated fractions of pennies but it all adds up. The hackers didn’t quite earn the same amount of money as the previous example(reportedly ‘a few thousand dollars a month’), but that is still money being earned through cryptojacking, and costs are being passed onto users.
Cryptojacking should have an obvious effect on a device, from overactive fans and a fast-draining battery to uncharacteristic sluggishness in use. These symptoms, while being obvious to someone who is alert to the issue, are easy to go undetected particularly if the devices are still operational. Users tend to only go to the IT help desk in the event that their device stops working altogether. An affected device will not only perform operationally worse, but there is a higher risk of that device ceasing to work altogether. Cryptomining pushes components to their maximum capacity, which if left for too long can break the individual part, or in worst case scenarios the overheating could destroy a device entirely or cause a fire.
On top of the costs of having to potentially replace devices and employees being slowed down, is the added energy bill. For example, the electric cost of cryptojacking (Coinhive in this case) on an average desktop computer was 1.212kWh of electricity over the space of 24 hours.According to the Energy Savings Trust, the average cost of electricity in the UK per kWh is 14.37p, so this would cost 17.42p per day, or £5.22 per month. With potentially thousands of computers affected within a company that could add up to a massive energy bill.
There is no one easy solution to prevent cryptojacking; both administrators and users need to do their bit. Organisations need to carefully monitor and check the devices that are on their networks and when using third party tools they should put protections into place and not link directly to source codes. Businesses also should adopt a layered approach to cybersecurity that reduces attack surfaces, detects attacks that do get through, and helps cybersecurity professionals to take rapid action to contain malicious activity and software vulnerabilities.
From a user perspective, staff should be encouraged to employ best cyber practices. This includes not downloading files from suspicious website or opening attachments from unrecognised email addresses. Users can also protect themselves by employing browser plug-ins that block attempts from websites trying to hijack their PCs.
It should also be noted that the volatility of cryptocurrency itself might end up being the cure for cryptojacking. As mentioned above, Bitcoin (along with other altcoins) have seen their value plummet over the past year. If cryptojacking can no longer prove to be profitable because the investment in the tools required is not matched by the reward, then it may well be the markets that solve the issue.
But while that volatility is out of the control of businesses, what they can do is shore up their infrastructure. Cryptojacking is the latest popular tool of hackers, but with the right mind-set and solution it is easily preventable by keeping applications and operating systems up-to-date. By investing in cybersecurity technology and training for users, organisations can defend against cryptominers and deter them from attacking their systems. And maybe with these systems in place, the financial sector can truly start to see the positives in blockchain-based currencies.
What to Know Before You Expand Across Borders
By Sean King, Director of International Tax at McGuire Sponsel
The American retail giant, Target Corporation, has a market cap of $64 billion and access to seemingly limitless resources and advisors. So, when the company engaged in its first global expansion, how could anything possibly go wrong?
Less than two years after opening its first Canadian store in 2013, Target shut down all133 Canadian locations and terminated more than 17,000 Canadian employees.
Expansion of an operation to another country can create unique challenges that may impact the financial viability of the entire enterprise. If Target Corporation can colossally fail in its expansion to Canada, how might Mom ‘N’ Pop LLC fare when expanding into Switzerland, Singapore, or Australia?
Successful global expansion requires an understanding of multilayered taxes, regulatory hurdles, employment laws, and cultural nuances. Fortunately, with the right guidance, global expansion can be both possible and profitable for businesses of any size.
Any company with global ambitions must first consider whether the company’s expansion outside of the U.S. will give rise to a taxable presence in the local country. In the cross-border context, a “permanent establishment” can be created in a local country when the enterprise reaches a certain level of activity, which is problematic because it exposes the U.S. multinational to taxation in the foreign country.
Foreign entity incorporation
To avoid permanent establishment risk, many U.S. multinationals choose to operate overseas through a formal corporate subsidiary, which reduces the company’s foreign income tax exposure, though it may result in an additional level of foreign income tax on the subsidiary’s earnings. In most jurisdictions, multinationals can operate their business in the foreign country as a branch, a pass through (e.g., partnership,) or a corporation.
As a branch, the U.S. multinational does not create a subsidiary in the foreign country. It holds assets, employees, and bank accounts under its own name. With a pass through, the U.S. multinational creates a separate entity in the foreign country that is treated as a partnership under the tax law of the foreign country but not necessarily as a partnership under U.S. tax law.
U.S. multinationals can also create corporate subsidiaries in the foreign country treated as corporations under the tax law of both the foreign country and the U.S., with possibly two levels of income taxation in the foreign country plus U.S. income taxation of earnings repatriated to the U.S. as dividends.
Under U.S. entity classification rules, certain types of entities can “check the box” to elect their classification to be taxed as a corporation with two levels of tax, a partnership with pass-through taxation, or even be disregarded for U.S. federal income tax purposes. The check the box election allows U.S. multinationals to engage in more effective global tax planning.
Toll charges, transfer pricing and treaties
When establishing a foreign corporate subsidiary, the U.S. multinational will likely need to transfer certain assets to the new entity to make it fully operational. However, in many cases, the U.S. multinational cannot perform the transfer without recognizing taxable income. In the international context, the IRS imposes certain outbound “toll charges” on the transfer of appreciated property to a foreign entity, which are usually provided for in IRC Section 367 and subject to various exceptions and nuances.
Instead, the U.S. multinational may prefer to license intellectual property to the foreign subsidiary for a fee rather than transfer the property outright. However, licensing requires the company and foreign subsidiary to adhere to transfer pricing rules, as dictated by IRC Section 482. The U.S. multinational and the foreign subsidiary must interact in an arms-length manner regarding pricing and economic terms. Furthermore, any such arrangement may attract withholding taxes when royalties are paid across a border.
Are you GILTI?
Certain U.S. multinationals opt to focus on deferring the income recognition at the U.S. level. In doing so, they simply leave overseas profits overseas and delay repatriating any of the earnings to the U.S.
Despite the general merits of this form of planning, U.S. multinationals will be subject to certain IRS anti-deferral mechanisms, commonly known as “Subpart F” and GILTI. Essentially, U.S. shareholders of certain foreign corporations are forced to recognize their pro rata share of certain types of income generated by these foreign entities at the time the income is earned instead of waiting until the foreign entity formally repatriates the income to the U.S.
The end goal
Essentially, all effective international tax planning boils down to treasury management. Effective and early tax planning can properly allow a company to better achieve its initial goal: profitability.
If global expansion is on the horizon for your company, consult a licensed professional for advice concerning your specific situation.
Pandemic risks eclipse treasury priorities as businesses diversify investments to mitigate impact
The Covid-19 pandemic has shunted aside existing challenges to sit atop treasurers’ priority lists, according to “The resilient treasury: Optimising strategy in the face of covid-19”, a survey run by the Economist Intelligence Unit (EIU) and sponsored by Deutsche Bank.
The results show that treasurers are looking to diversify their investments in a bid to mitigate the pandemic impacts, including heightened liquidity, foreign-exchange and interest-rate risk. As many as 55% plan to increase investments in long-term instruments, with 48% increasing investments in bank deposits, another 48% in local investment products, and 47% in money-market funds.
“The Covid-19 pandemic has drastically altered business plans in 2020. It has placed a certain level of strain on treasury processes, but the challenge it presents has been managed by traditional treasury skills. It is clear that pandemic risk will be on the treasury checklist for years to come, but it is one of many risks the department faces and will continue to manage,” says Melanie Noronha, the EIU editor of the report.
Despite Covid-19 looming large, other challenges wait in the wings. Notably, the replacement of the London Interbank Offered Rate was identified by 38% of respondents as the main challenge of their function.
Technology, meanwhile, continues to be a pressing issue, with treasury teams becoming increasingly reliant on IT solutions. Here, data quality is rising up the list of concerns. Already highlighted as very or somewhat concerning in 2019 by 69% of respondents, the figure rose to 78% in 2020. Acquiring the necessary skill sets to realise the full benefits of this data and technology is also a continuing priority – with some progress registered from last year. In 2020, 30% of respondents say they have all the skills they need to manage technological change, up from 22% in 2018.
“Treasury’s focus on technology is not only helping teams operate more efficiently in a remote-working environment, it has long played – and continues to play – a key role in realising their long-term priorities,” notes Ole Matthiessen, Head of Cash Management, Corporate Bank, Deutsche Bank. The survey shows that
Release 1 | 2 managing relationships with banks and suppliers (highlighted by 32% of respondents) and collaborating with other functions of the business (also 32%) remain top of the agenda – and seamless digital systems will help give treasurers the bandwidth and insight to be more effective partners for both internal and external stakeholders.
Based on a global survey of 300 treasury executives, conducted between April and May, the survey explores stakeholders’ attitudes among corporate treasurers towards the drivers of strategic change in the treasury function – from the pandemic through to regulation and technology – and their priorities for the next five years.
Digital collaboration: Shaping the Future of Finance
By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn
With heightened economic uncertainty and increased customer expectation becoming the norm in the banking industry, it is understandable that the sector is struggling to keep afloat. Due to its precarious nature, banking institutions are trying their best to ensure they remain relevant in the competitive landscape and guarantee that their customers continue to be a priority.
When it comes to the first half of this year, the pandemic has shown how easy it is for industries to fail. Customers and companies alike had to get used to the new normal, as physical locations started to close. The banking industry felt this first hand, as banks were made to restructure how their business ran, with restricted opening hours and a wider push to motivate people to use online banking.
While some had already embraced digital options prior to the pandemic, this proved to be a stark contrast to the elderly population, who frequently visited branches to access their finances. Moving forward, banks have to adopt new methods to ensure customers get the most out of our their accounts, without their experience suffering.
Heightened Customer Expectations
When the pandemic reached its peak, people were encouraged to use online banking, as telephone contact was under strain with long waiting times and pressure mounting on contact centre agents. According to Fidelity National Information Services (FIS), which works with 50 of the world’s largest banks, there was a 200% jump in new mobile banking registrations in early April, while mobile banking traffic rose 85%.
With branches remaining closed, customers were continuously being urged to limit the amount of calls they made to the most urgent cases and consider whether they could solve their answers through mobile online banking or checking the company website. Although already being adopted in pockets of the industry, this was a real catalyst that spurred banks to up their game on digital channels and with self-service tools.
Banks are challenged with precariously balancing customer needs with the cost of personalised support. With the demographic of customers changing over the last few years, customers are becoming increasingly younger and more comfortable with technology. Influenced by the “Amazon Effect”, their expectations have raised to an all-time high, placing record strain on the sector
Customer experience isn’t just about support anymore, it’s about serving your customer at every point in the journey. Companies have an opportunity to elevate the experience they provide by moving beyond one-and-done interactions to create continuous engagements with their customers. It is starting to become a primary competitive differentiator in the market and one that doesn’t have a lot of variation. Deploying AI chatbot technology will be able to strategically help banks improve customer experience and raise the level of support that agents provide.
Digital collaboration: Working around the Clock
The benefits of adopting digital channels and self-service tools are second to none. By implementing chatbots, fuelled by conversational AI, banks will be able to help serve a wide range of customer queries and ensure they are protected from fraud and scams.
Conversational AI is exactly what it sounds like: a computer programme that engages in a conversation with a human. When it comes to service delivery, conversational AI can be deployed across multiple channels to engage with customers in ways that effectively address evolving customer needs. At a time defined by COVID-19, self-service tools such a conversational chatbots can work around the clock to solve customer queries in a concise and timely way. Of course, self-service tools won’t completely replace human agents in the banking industry, but they will help companies re-distribute customer traffic and workflows in ways that enhance customer experience. Self-service tools fuelled by conversational AI can also improve employee experience because service employees can handle fewer, but higher-level service tasks that chatbots might escalate to them.
Adopting new tools to help facilitate consistent and concise answers and help maintain customer experience is on the forefront of many industry minds. Banks such as the Natwest Group have seen this first-hand and are testament to the benefits that a good digital experience can provide. Simon Johnson, Capability Consultant, Digital at NatWest Group highlights NatWest’s use of digital tools during lockdown, “Over the last few months, we’ve learnt how to use digital tools to help our employees remotely. From a banking perspective, there have been a lot of changes including base rates, waive fees and the best ways of contacting our vulnerable customers, ensuring we keep them protected from frauds and scams.
“By introducing our Bold360 chatbot interface, Ella, we’ve been able to get relevant information out quickly, apply the best practice and ensure that our customer journeys are being developed correctly. Due to the volume of questions, some of our customers were finding themselves waiting longer than usual. So digital channels become essential to helping reduce the wait time. Using Bold360, we were able to mitigate issues and answer questions in a more timely way through our chatbot.
“Moving forward, as we open more digital services, we are analysing our data to see if customer will return back to their usual way of banking, now that they’ve seen what a good digital experience can provide. Either way, with Ella, we are ready.”
Chatbots and Humans: The Best Option for Customer Service
Over the last year, banking institutions have recognised the power that digital collaboration can have to their success. Delivering exceptional customer service and support is key for any business wanting to stay competitive in today’s market and banks are especially challenged with precariously balancing customer needs with the cost of personalised support. Leveraging the right technology, such as AI-powered chatbots, will enable the banking industry to provide better support and a more robust customer experience in the long term. Other institutions must follow suit, or risk becoming obsolete.
What to Know Before You Expand Across Borders
By Sean King, Director of International Tax at McGuire Sponsel The American retail giant, Target Corporation, has a market cap...
81% of Business Managers in the Manufacturing Industry Agree that a Modern IT infrastructure Accelerates Innovation, Creativity, and Productivity
83% of business decision makers are convinced that slow running networks and applications are inhibiting these three success factors 78%...
From fundamentals to digital evolution: Deutsche Bank and ACT release comprehensive guide for treasurers
The Association for Corporate Treasurers (ACT), in partnership with Deutsche Bank, has today announced the release of “The Group Treasurer:...
Sectigo Selected by Baidu to Provide SSL Services for All-New Baidu Trust SSL Certificates
Sectigo, a leading provider of automated digital identity management and web security solutions, announced that Baidu (NASDAQ: BIDU), a leading Chinese search...
Stella McCartney Transforms Financial Consolidation And Lease Accounting With Board
Board revamps financial analysis, consolidation and reporting for luxury lifestyle brand’s IFRS 16 compliance Board International, the leading provider of...
Satisfaction with Credit Card Issuers in Canada Remains Flat Amid COVID-19, J.D. Power Finds
Tangerine Bank Ranks Highest in Overall Credit Card Customer Satisfaction for Second Consecutive Year With 73% of credit card customers...
The benefits of automated pension plans
While many people will prefer to speak to fellow human beings when discussing their investments, automation is already part of...
Pandemic risks eclipse treasury priorities as businesses diversify investments to mitigate impact
The Covid-19 pandemic has shunted aside existing challenges to sit atop treasurers’ priority lists, according to “The resilient treasury: Optimising...
Boost for consumers as banks recognise room for improvement on service and delivery
42% of banks are looking to improve service provision and boost customer satisfaction in the year ahead Less than half...
By Paddy Osborn, Academic Dean, London Academy of Trading Whether you’re negotiating a business deal, playing a sport or trading...