By Brian Chappell, BeyondTrust
On July 1st of this year, the Monetary Authority of Singapore introduced new guidelines that require financial institutions to take specific measures to manage risk. The regulations also impact any financial organisation trading with companies in Singapore, so while these new guidelines may sound local, its implications are global.
According a report published by the City of London analysing global financial markets, Singapore is ranked as the fourth leading financial centre in the world. The Bank of International Settlements ranks Singapore as the third largest foreign exchange centre in the world, after London and New York.
Overview of the new guidelines and notices
The TRM Guidelines aim to demonstrate best practices, which financial institutions are expected to adopt. Although the guidelines are not legally binding, they will be taken into account by the Monetary Authority of Singapore (MAS) in its risk assessment of a financial institution.
The TRM Notices do have legal force and set out the requirements around technology risk management across reliability, availability and recoverability of critical IT systems. Failure to adhere to these notices could result in penalties.
These new regulations – which supersede previous ones – apply to a wide range of financial institutions including insurance providers, stock brokers, and payment services firms. They even go so far as applying to individuals with licenses to provide some sort of financial service. Details of the guidelines and notices were announced just over a year ago in June 2013, but many financial institutions are still struggling to achieve compliance.
MAS has very good reasons for believing these guidelines are so important. Financial institutions are so reliant on technology to operate their businesses and are typically at the forefront of technology innovation.
With that comes complexity, which can heighten the risk of cyber-attacks and other security instances, as well as the risk of system atrophy or outright failure. These new guidelines focus not only on resilience, but also on availability and recoverability. They also place an emphasis, and rightly so, on ensuring protection of customers’ sensitive data.
Risk management – inside and out
The TRM guidelines specifically call out the need to manage the amount of ‘privilege’ that users have (in other words, what data they are allowed to access). While incidents caused (either intentionally or accidentally) by insiders form a small proportion of security breaches, they often have the most damaging consequences. Plus, looking at the wider requirements of the MAS requirements, data confidentiality and system integrity are difficult to achieve if privileged user accounts and activity are not adequately controlled.
Fortunately, the documents supplied by MAS provide financial institutions with some clear best practice around privilege user management:
- The never alone principle –procedures for handling the most sensitive and critical functions must be carried out by more than one person, including PIN-code generation, the creation of cryptographic keys, and the use of administrative accounts.
- Segregation of duties – this is an essential part of internal control and requires that certain functions are separated and performed by different groups of employees. For example, no one person should be able to initiate, enter, approve, and execute transactions into the systems.
- The access control principle –the access rights or system privileges should be granted based on job responsibility and should only be sufficient for the duties that a person has to fulfil. Of course, the threat is not just within an organisation and MAS compliance requires financial institutions to protect systems against external risks and vulnerabilities, such as hacking and malware attacks. This needs to be across all internal and external systems, external resources mobile devices and cloud services. Organisations need to have plans in place to not only identify but also remediate vulnerabilities, plus clear audit trails.
One of the biggest challenges for companies implementing MAS is having clear visibility across the entire threat landscape and to have context around what constitutes a real vulnerability. Companies also need to know what an attack looks like as it migrates from the outside to the inside, because by the time a hacker is within the firewall, he or she probably looks just like an employee.
While we would not suggest there are any instant fixes, there are some very simple things that companies could do to protect themselves better:
Stop focusing just on the end of the attack lifecycle – while an organisation may become incredibly efficient at spotting attacks, it can never win this battle. Defensive security means only having to do a few things very well to improve protection (such as improving password policies, limiting admin rights and best practice software patching are very effective).
Accept that it’s not just the security team’s responsibility– While there is an arguably an infinite amount of malware out there, there is a finite number of ways that an attacker can get in. Many of these fall under the responsibility of IT operations and users: shared accounts, super user accounts, monitoring and analysis of audit logs, controlled access based on need-to-know.
Get a hold on context – IT operations and security teams also need to work together to analyse and assess what constitutes a real-world risk. For instance, imagine a vulnerability management system finds 1000 vulnerabilities. In reality, 800 of those vulnerabilities are affecting client applications and therefore if best practices are being used on servers (such as not browsing the internet from them) then the number of vulnerabilities that really matter may only be 200.
Then, if on further investigation, the majority of those are not being exploited, the real threats that need further investigation might only be 50. Suddenly, it is a lot easier to translate a mountain of data from a vulnerability management system into something that is feasible to address by the IT operations and security team.
All this is perfectly achievable, given the right processes security software tools. And while not everyone may welcome the forced deadline by MAS, if it means that financial institutions now have clear guidelines for taking their security and risk management up a gear, then that has to be good news all round.
About the author:
Brian Chappell is Director of Technical Services for BeyondTrust in EMEA and APAC. He has been an IT professional for over 26 years during which time he has managed systems providing network services to thousands of users through to global B2B interfaces carrying transactions worth billions of dollars. He has held a number of senior roles in companies such as Amstrad plc, BBC Television and GlaxoSmithKline. www.beyondtrust.com
Iron Mountain 2021 Outlook
By Stuart Bernard, VP of Digital Solutions at Iron Mountain
The Covid-19 pandemic is continuing to rewrite the rules governing how we live and work; no crystal ball is needed to identify that general trend. However, what is perhaps less clear is how this reshaping of our traditional work/life patterns will play out in physical, day-to-day terms during 2021.
To fully understand the impact of the virus on employment practices requires an investigation of two evolving challenges: how and where we work. These interlinked issues are already having a profound influence on a wide range of business processes and they are continuing to fundamentally and irrevocably altering the world of employment for people around the world.
Cost reduction will top business priorities
For most businesses, the need to preserve cash will be a major concern over the coming 12 months. Uncertain trading conditions customarily tighten purse strings so we can expect some near-term cost reduction measure. An agile, flexible approach to office space offers an immediate monetary benefit, which in combination with a widespread acceptance of remote working, provides ample opportunities for downsizing real estate holdings. This will enable businesses to divert cash to crucial customer-facing operations, helping protect bottom line performance.
Flexible working will enable greater workforce diversity
However, there is an enduring need for companies to provide offices for their employees, if only to support face-to-face collaborations and ensure that there’s an opportunity for direct learning and training to support career development. For many people, a single place of employment will no longer be the norm – a flexible mix of home, remote and office-based work will be the new reality. However, knitting dispersed employees together into an integrated unit is problematic. Meeting the needs of a hybrid workforce will require the implementation of seamless digital workflows that are responsive and robust enough to ensure that staff can be productive and connected no matter their location.
An unintended benefit of operating a hybrid workforce is the increased level of flexibility it provides when recruiting staff. This has the potential to open up the talent pool beyond conventional geographic areas, boosting access to skills and experience from a wider area. Once again, in order to maximise the opportunities this provides, it will be necessary to assemble a robust digital network in order to bridge physical distances as well as potential cultural ones, depending on how widespread a workforce becomes.
Automated workflows will become critical
For 2021 it’s not just where businesses operate that’s going to change; the requirements of customers are likely to transform, too. This will be especially apparent when it comes to signing contracts and delivering services. Lockdowns and Covid-19 related restrictions on traditional in-person meetings are going to herald the demise of conventionally signed documents in many instances; they are also likely to change how records are shared and stored. An increasing reliance on digital workflows will require the parallel adoption of secure digital storage and handling. Specifically, Iron Mountain’s research reveals that IT support (49%), customer relationship management (36%) and overseeing team resourcing (34%) are the top three processes digitised in response to lockdown.
Nevertheless, efficiently storing existing physical documents or ensuring their safe destruction remain important functions that businesses should not neglect, even if they’re moving to predominantly digital workflows.
Importantly, digitising processes offers a range of benefits that will outlast the current global pandemic. According to our research sample there are four key benefits, which all deliver long-term value: increased productivity (the most popular response at 27%), time savings (20%), enhanced data quality (13%) and cost reductions (12%). Irrespective of trading conditions, there are all important developments that any forward-looking business will want to gain.
Protecting bottom line performance
How does all this work in practice? Well, a fully-searchable on-line repository will enable a company to quickly and cost-effectively access and archive documents, thanks to an array of enhanced search functions. During a period of intensified competition and pressure on bottom line performance this level of functionality delivers real-time benefits that not only meets the needs of a transforming business, it also adds value and consistency to customer services. Similarly, once in place, a properly designed digital workflow system will also be able to automate processes, allowing valuable time and budget to be preserved. What at first might look like a costly investment can quickly turn into a business driver by creating a unified and responsive platform for document and contract management with anytime, anywhere access.
Despite the changing employment patterns, 2021 will show that the physical office space will not cease to exist. Having said that, the way we remember it might change as hybrid working becomes more common place. The coming year will also reinforce the importance of enterprises being flexible and agile – those that cling onto outmoded ways of operating will lose their competitive advantage during a period of dramatic change. Importantly, in order to maximise their opportunities businesses will need to invest in the best available digital tools; adopting and adapting to a paper-free workflow aren’t optional: the next 12 months are going to transform how we create, transfer, share, store and action documents thanks to an increasing use of automated workflows.
Jack Henry shares six areas of focus for financial institutions in 2021
Reflecting back on 2020, the community banking and credit union industries should be proud of how this unprecedented pandemic and resulting economic crisis was managed. It was a truly remarkable time in which organizations worked together to take care of their employees, serve and support our communities, and operate their businesses efficiently despite significant challenges.
Now in 2021, the financial services industry is focused on moving forward – and is well positioned to do so. The technology demands faced over the last year were tremendous, but they were not a surprise. Jack Henry has been steadily working toward building digital, user centric, and open technologies that allow community banks and credit unions to meet customer and member needs personally and at their time and location of choice. The company is constantly evaluating industry trends and developing the technology necessary to prepare financial institutions for continued success. Below are a few areas of focus in 2021:
- The Paycheck Protection Program (PPP) continues. An additional $284 billion has been approved for PPP lending, including new loan eligibility and the option for qualifying businesses to receive a second loan. Preparing for the dissemination of these funds, all while managing the forgiveness process, is top of mind for many bankers. Community banks and credit unions can continue to benefit from participating in this program by gaining and strengthening small business customers as well as playing a significant role in extending loans to minority- and female-owned businesses. In fact, in addition to facilitating the majority of the small business PPP loans in 2020, community banks originated 72.6% of PPP loans made to non-white small business owners and 71.5% of PPP loans made to female small business owners.
- Digital banking continues rapid acceleration. Digital banking adoption has reached record highs, and enhancing digital service is a top priority. The area is constantly evolving in speed, personalization and openness. The key to continued success is to stay focused on the needs of people, identify digital solutions that draw people in, engage them, and focus more on providing human-centered service in moments of need. Platforms should offer open infrastructure that makes it easy for institutions to embed their solutions of choice, preparing them for the future.
- Payments platforms take center stage. It’s critical for financial institutions to broaden their payments options, moving toward an approach that provides end users with robust features combined with an excellent experience. An integrated payments infrastructure that provides frictionless, real-time experiences will be necessary to compete with big banks and fintechs. Financial institutions will partner with vendors that can help to build the right platform for their unique customer and member preferences.
- Digital transformation in mortgage lending. Mortgages rates have dropped to record lows and the Federal Reserve has expressed no plans to change the rate environment until 2022 or beyond. Bankers must drive efficiency to compete. They need automation and seamless workflows that effectively measure credit risk and streamline previously manual processes. This empowers lenders to focus on building relationships and growing portfolios. Borrowers will benefit also from the added speed and connectivity with their lender.
- Changes in the new administration. With the pending changes in Washington, a new administration will most likely swing the pendulum back toward an environment of stricter banking regulation. Economic recovery has also been identified as a top priority by the new administration. Banks and credit unions must have agile technology and processes in place to respond; outsourcing will help many with these adjustments.
Transparency and fairness in lending. Given the social environment in our country today, Jack Henry expects a real focus this year on diversity and inclusion in banking, especially around access to fair credit and lending costs. Many organizations, Jack Henry included, have taken a formal stance in supporting racial justice and equality. Working together to ensure that lending clients are treated equitably.
This year will continue to be about partnerships that are committed to doing the right thing and providing for local communities. Together, fintechs and financial institutions can develop joint strategies and modern technology that drive success, both today and tomorrow.
Seven lessons from 2020
Rebeca Ehrnrooth, Equilibrium Capital and CEMS Alumni Association President
Attending a New Year’s luncheon on 31 December 2019, we played a game that involved predicting the world in 2020. Some of the questions included: would Uber become profitable? Would the three-decade bond rally finally come to an end? Would the US hit a recession?
Unlike any of our predictions based on a traditional approach to business and predicting, we now know that 2020 became the year where business, professional and personal plans were turned upside down, reshaped and put-on hold. The proverbial black swan had arrived.
As revealed in a new CEMS Guide to Leadership in a Post-COVID-19 World, to which I contributed, the COVID-19 pandemic has exposed deficiencies in the 20th Century vision of leadership, giving a rare opportunity to question the status quo.
So, what are the main lessons from 2020?
- Humans are enormously adaptive. This is not an extinction scenario. The world is getting used to dealing with global human disaster which may become a recurring event. Life continues guided by new parameters.
- No sector or country is immune to rapid change. Just as the leveraged finance and equity markets ground to a halt during the Global Financial Crisis, we have seen a disruption in the financial markets (including M&A) in 2020, including a significant redistribution of wealth between sectors; think tech vs airlines and the hospitality industry. When a market is disrupted it has secondary and tertiary effects such as less work for accountants, lawyers, financiers etc.
- Location is not as important anymore. The belief that finance staff need to be based in one of the financial capitals to be effective has been forever altered. Pursuing a career in finance from anywhere is becoming possible. However, it’s likely that over time, financial controls and human interaction will move the work model back towards the traditional office approach, as work is a critical sanctuary for people. While working from home may allow more time for family, chores and sports, it is mainly effective for people who already have their internal and external networks. For junior employees it presents a notable challenge as they may be forced to spend their formative years without a chance to really build their networks.
- Change is likely to be lasting. The opportunity for alternative finance and tech focused providers is enormous and 2020 will accelerate this shift. For example, many retail banks are providing rather poor customer service, blaming the pandemic. Even the most loyal customers will be heading elsewhere. For recent graduates and current students this is a major shift; future winners and key employers may not be names we are used to seeing in the headlines.
- There will be a spotlight on leaders with visionary strategy and understanding of the operations. 2020 showed many politicians and business leaders behaving like they were playing a game of snakes and ladders, rather than executing a thought-out strategy. The next wave of thoughtful leadership is urgently required.
- Collaboration leads to success. The definition of a pandemic is an infectious disease prevalent worldwide. A global problem requires a collaborative solution rather than each country and industry on their own. Quoting Steven Riley, professor of infectious disease dynamics at Imperial College London: “Once you have the knowledge and you share the knowledge, then you are able to take measures to push transmission much lower”. This principle is transferable to management education. In a world more complex than ever, investing in a degree is hard currency. Combined with the full global alumni network, corporate partners and schools, CEMS is capital that doesn’t depreciate.
- Resilience has become a watch word. Saint-Exupéry’s quote resonates with me: “If you want to build a ship, don’t drum up people to collect wood and don’t assign them tasks and work, but rather teach them to long for the endless immensity of the sea.” We are in a new paradigm – so prepare for the next change. For COVID-19, while we hope that the vaccine will soon upon us, the broader long-term positive challenge remains.
Bitcoin overtakes “long tech” as most crowded trade – BofA fund manager survey
LONDON (Reuters) – A long position on bitcoin overtook “long tech” as the trade fund managers said was the most...
British hospitals use blockchain to track COVID-19 vaccines
By Tom Wilson LONDON (Reuters) – Two British hospitals are using blockchain technology to keep tabs on the storage and...
Shares climb ahead of Yellen speech, earnings in focus
Via Reuters By Danilo Masoni and Wayne Cole MILAN/SYDNEY (Reuters) – Global shares climbed and the dollar eased on Tuesday...
Norway awards oil and gas exploration rights to 30 firms
Via Reuters By Nerijus Adomaitis OSLO (Reuters) – Norway awarded 61 offshore exploration blocks to 30 oil firms in its...
European stocks turn defensive as lockdown worries resurface
Via Reuters By Amal S and Sruthi Shankar (Reuters) – European stocks inched higher on Tuesday, as possible extension of...
FTSE 100 edges up as HSBC, drugmakers gain
Via Reuters By Shivani Kumaresan (Reuters) – British shares inched higher on Tuesday, supported by gains in HSBC and drugmakers,...
Google backs Indian courier startup Dunzo in $40 million fundraising
Via Reuters BENGALURU (Reuters) – Indian hyperlocal courier startup Dunzo has raised $40 million from existing investor Google and others,...
Bankers call for ‘hybrid’ shares to plug COVID corporate capital gap
Via Reuters LONDON (Reuters) – European companies hit by COVID-19 could issue “hybrid” shares to plug a predicted capital gap...
Bank of England sets out interim ‘bail-in’ debt targets for banks
via Reuters LONDON (Reuters) – The Bank of England on Tuesday set out interim levels of special debt that banks...
British firms call for immediate $10.3 billion in COVID aid
via Reuters By William Schomberg LONDON (Reuters) – British firms called on Tuesday for another 7.6 billion pounds ($10.3 billion)...