By Gaspard BiosseDuplan, Product Head – Sales & Trading at Acin
The risk management discipline is in real danger of failing to see the forest for the trees in the way it talks about non-financial risk management. The debates – often on the “how” and “where” of risk frameworks – are usually grounded in an artificial construct such as organisational structure, lines of defence or regulatory requirements.
The reality is that while some individual risks have not changed fundamentally, new risks are emerging all the time, and changing shape.For example,inappropriate conduct risk-related behaviours were observed as early as the 17th century in tulip trading during the “Tulipmania”.On the other hand, most of the IT-related risks, including cyber risk, did not exist 40 years ago. Within ecosystems, risk scenarios evolve organically and develop new relationships with other risks. Risks do not obey the false boundaries that are created to define and manage them.
Instead, the risk discipline should be focusing on the best way to manage NFRM. This involves thinking about non-financial risk in a more connected,innovative and practical way – both within firms and between them – through new, collaborative approaches.
A useful example of the way the discipline has created false boundaries is the Basel Committee on Banking Supervision’s (BCBS’s) definition of operational risk, which is: “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk.”This exclusion of strategic risk and reputational risk, more than 15 years ago, was undertaken because both of these risks were considered too “fuzzy” to quantify, when supervisory and industry focus was on measuring operational risk for regulatory capital calculation purposes.
In 2019, both regulatory and industry focus have shifted away from advanced modelling of operational risk losses for predictive purposes. Now, the discipline is beginning to understand that the relationship between these two risks and all other non-financial risks is very important. In the wake of social media and other online forms of communication, the potential for a reputational risk loss event has grown significantly – social media not only makes reputational damage instantly visible, it also accelerates the growth of thesize of theoriginal risk event loss impact. There is also increasing acknowledgement of the tight interlinkage between levels of non-financial risks and the ability of an organisation to deliver on its strategic goals.
The same holds true for a rapidly developing regulatory focus, operational resilience. The UK’s Financial Conduct Authority (FCA), Bank of England, and Prudential Regulatory Authority (PRA) published a joint discussion paper on this topic, Building the UK financial sector’s operational resilience, in July 2018. To follow up on this, the regulators expect to jointly issue a consultation paper in October. This will include both the regulators’ new policies in this area, as well as their approach to supervising operational resilience.
Other regulatory bodies are also looking at the issue of operational resilience. The BCBS is expected to include material on the topic in its forthcoming update to its 2011 Principles for the Sound Management of Operational Risk. And the US Federal Reserve is also drafting a new document on operational resilience, although the timeline for its publication is not known.
Operational resilience impacts, and is impacted by, all forms of non-financial risk. It’s important for firms to think about operational resilience — the impact that a loss event may have, and how well a firm responds — in relationship with the likelihood of risks materialising. All non-financial risks, such as OpRisk, strategic risk, and reputational risk, should be considered.
Certainly, the regulators are thinking in this connected way. Many of the operational resilience issues that are under the spotlight — such as responding to an IT outage or a data privacy breach — are issues that all firms face, and are a source of potential systemic risk. Regulators are connecting the dots.
For example, at recent hearings in the UK parliament about IT failures at financial services firms, UK regulators talked about how they are now looking at the way in which reputational damage inflicted by social media (say, for example, an IT outage resulting from a cyberattack) could impact a firm’s capital position and liquidity. This is an operational risk loss event morphing into reputational risk via social media. This then transforms into strategic risk and business risk, as well as financial risks such as liquidity risk. The ability of the initial IT outage to roll into other kinds of risks depends on the strength of the operational resilience at the firm.
It is all connected, and this is why Acin is calling for the industry to adopt further the term non-financial risk. Firms need to look at the entire risk picture in a more joined-up way. The risk management discipline needs to turn away from debates about what risk fits where, and instead put its energies into understanding how risk and resilience interconnects, within firms and between firms.
This is why we also believe that now is the moment for firms to embrace collaboration. To truly understand non-financial risk and resilience, financial services firms need to share experiences and best practices with each other.
Regulators are keen to encourage more industry collaboration. For example, in a recent speech, PRA deputy CEO Lyndon Nelson indicated that financial services supervisors would like to see banks collaborate more to protect IT systems and data from either accidental or deliberate damage. Emphatically underscoring the new importance of collaboration was Nelson’s revelation that the Bank of England would be shortly publishing a report that will highlight the importance of collaboration among financial services firms around resilience issues.
Regulators are also looking at resilience metrics. For example, in the BCBS update to its 2011 Principles for the Sound Management of Operational Risk,the body stated it is planning to include a set of metrics for operational resilience around IT outages. In the UK, Nick Strange, the Bank of England’s director of supervisory risk specialists, has said regulators are thinking about demanding that firms set a specific “tolerance for disruption – in the form of a specific outcome or metric” to strengthen approaches to operational resilience. Examples include “the proportion of payments made; the number of customers affected; [and] the maximum allowed time for restoration of a business service.”
Clearly the majority of non-financial risk – and especially operational resilience – is not a source of competitive advantage for firms – the regulators are implying this through their calls for increased collaboration. Their belief – as well as ours – is that proactive collaboration among firms would strengthen the entire financial system, potentially making all collaborating firms more resilient and benefitting the industry as a whole.
Getting industry-led collaboration right will make all firms stronger and enable constructive dialogue with the regulators about operational resilience, as well as non-financial risk management. Acin is committed to enabling the industry to collaborate through its unique Networked Defence Model, which is bringing the industry together into a growing network of firms who work together to enhance their risk and control environments.
Through the Networked Defence Model, financial services can be transformed from a control ecosystem within each bank that is only as strong as its weakest link, to one that is as robust as the Community’s strongest link.
What Does the FinCEN File Leak Tell Us?
By Ted Sausen, Subject Matter Expert, NICE Actimize
On September 20, 2020, just four days after the Financial Crimes Enforcement Network (FinCEN) issued a much-anticipated Advance Notice of Proposed Rulemaking, the financial industry was shaken and their stock prices saw significant declines when the markets opened on Monday. So what caused this? Buzzfeed News in cooperation with the International Consortium of Investigative Journalists (ICIJ) released what is now being tagged the FinCEN files. These files and summarized reports describe over 200,000 transactions with a total over $2 trillion USD that has been reported to FinCEN as being suspicious in nature from the time periods 1999 to 2017. Buzzfeed obtained over 2,100 Suspicious Activity Reports (SARs) and over 2,600 confidential documents financial institutions had filed with FinCEN over that span of time.
Similar such leaks have occurred previously, such as the Panama Papers in 2016 where over 11 million documents containing personal financial information on over 200,000 entities that belonged to a Panamanian law firm. This was followed up a year and a half later by the Paradise Papers in 2017. This leak contained even more documents and contained the names of more than 120,000 persons and entities. There are three factors that make the FinCEN Files leak significantly different than those mentioned. First, they are highly confidential documents leaked from a government agency. Secondly, they weren’t leaked from a single source. The leaked documents came from nearly 90 financial institutions facilitating financial transactions in more than 150 countries. Lastly, some high-profile names were released in this leak; however, the focus of this leak centered more around the transactions themselves and the financial institutions involved, not necessarily the names of individuals involved.
FinCEN Files and the Impact
What does this mean for the financial institutions? As mentioned above, many experienced a negative impact to their stocks. The next biggest impact is their reputation. Leaders of the highlighted institutions do not enjoy having potential shortcomings in their operations be exposed, nor do customers of those institutions appreciate seeing the institution managing their funds being published adversely in the media.
Where did the financial institutions go wrong? Based on the information, it is actually hard to say where they went wrong, or even ‘if’ they went wrong. Financial institutions are obligated to monitor transactional activity, both inbound and outbound, for suspicious or unusual behavior, especially those that could appear to be illicit activities related to money laundering. If such behavior is identified, the financial institution is required to complete a Suspicious Activity Report, or a SAR, and file it with FinCEN. The SAR contains all relevant information such as the parties involved, transaction(s), account(s), and details describing why the activity is deemed to be suspicious. In some cases, financial institutions will file a SAR if there is no direct suspicion; however, there also was not a logical explanation found either.
So what deems certain activities to be suspicious and how do financial institutions detect them? Most financial institutions have sophisticated solutions in place that monitor transactions over a period of time, and determine typical behavioral patterns for that client, and that client compared to their peers. If any activity falls disproportionately beyond those norms, the financial institution is notified, and an investigation is conducted. Because of the nature of this detection, incorporating multiple transactions, and comparing it to historical “norms”, it is very difficult to stop a transaction related to money laundering real-time. It is not uncommon for a transaction or series of transactions to occur and later be identified as suspicious, and a SAR is filed after the transaction has been completed.
FinCEN Files: Who’s at Fault?
Going back to my original question, was there any wrong doing? In this case, they were doing exactly what they were required to do. When suspicion was identified, SARs were filed. There are two things that are important to note. Suspicion does not equate to guilt, and individual financial institutions have a very limited view as to the overall flow of funds. They have visibility of where funds are coming from, or where they are going to; however, they don’t have an overall picture of the original source, or the final destination. The area where financial institutions may have fault is if multiple suspicions or probable guilt is found, but they fail to take appropriate action. According to Buzzfeed News, instances of transactions to or from sanctioned parties occurred, and known suspicious activity was allowed to continue after it was discovered.
How do we do better? First and foremost, FinCEN needs to identify the source of the leak and fix it immediately. This is very sensitive data. Even within a financial institution, this information is only exposed to individuals with a high-level clearance on a need-to-know basis. This leak may result in relationship strains with some of the banks’ customers. Some people already have a fear of being watched or tracked, and releasing publicly that all these reports are being filed from financial institutions to the federal government won’t make that any better – especially if their financial institution was highlighted as one of those filing the most reports. Next, there has been more discussion around real-time AML. Many experts are still working on defining what that truly means, especially when some activities deal with multiple transactions over a period of time; however, there is definitely a place for certain money laundering transactions to be held in real time.
Lastly, the ability to share information between financial institutions more easily will go a long way in fighting financial crime overall. For those of you who are AML professionals, you may be thinking we already have such a mechanism in place with 314b. However, the feedback I have received is that it does not do an adequate job. It’s voluntary and getting responses to requests can be a challenge. Financial institutions need a consortium to effectively communicate with each other, while being able to exchange critical data needed for financial institutions to see the complete picture of financial transactions and all associated activities. That, combined with some type of feedback loop from law enforcement indicating which SARs are “useful” versus which are either “inadequate” or “unnecessary” will allow institutions to focus on those where criminal activity is really occurring.
We will continue to post updates as we learn more.
How can financial services firms keep pace with escalating requirements?
By Tim FitzGerald, UK Banking & Financial Services Sales Manager, InterSystems
Financial services firms are currently coming up against a number of critical challenges, ranging from market volatility, most recently influenced by COVID-19, to the introduction of regulations, such as the Payment Services Directive (PSD2) and Fundamental Review of the Trading Book (FRTB). However, these issues are being compounded as many financial institutions find it increasingly difficult to get a handle on the vast volumes of data that they have at their disposal. This is no surprise given that IDC has projected that by 2025, the global “datasphere” will have grown to a staggering 175 zettabytes of data – more than five times the amount of data generated in 2018. As an industry that has typically only invested in new technology when regulations deem it necessary, many traditional banks are now operating using legacy systems and applications that haven’t been designed or built to interoperate. Consequently, banks are struggling to leverage data to achieve business goals and to gain a clear picture of their organisation and processes in order to comply with regulatory requirements. These challenges have been more prevalent during the pandemic as financial services firms were forced to adapt their operations to radical changes in customer behaviour and increased demand for digital services – all while working largely remotely themselves.
As more stringent regulations come in to play and financial services firms look to keep pace with escalating requirements from regulators, consumer demand for more online services, and the ever-evolving nature of the industry and world at large, it’s vital they do two things. Firstly, they must begin to invest in the technology and processes that will allow them to more easily manage the data that traditional banks have been collecting and storing for upwards of 50 years. Secondly, they must innovate. For many, the COVID-19 pandemic will have been a catalyst for both actions. However, the hard work has only just begun.
Traditionally, due to tight budgets and no overarching regulatory imperative to change, financial institutions haven’t done enough to address their overreliance on disconnected legacy systems. Even when faced with the new wave of regulation that was implemented in the wake of the 2008 banking crash, financial services organisations generally only had to invest in different applications on an ad hoc basis to meet each individual regulation. However, as new regulations require the analysis of larger data sets within smaller processing windows, breaking down any and all data siloes is essential and this will require financial institutions that are still reliant on legacy systems to implement new technologies to meet the regulatory stipulations.
With this in mind, solutions which offer high-quality data analytics and enhanced integration will be key to the success of financial institutions and crucial to eliminate data silos. This will enable organisations to achieve a faster and more accurate analysis of real-time and historical data no matter where they are accessing the data from within smaller processing windows to keep pace with regulatory requirements, while also benefiting from low infrastructure costs.
This technology will also play a huge part in helping financial institutions scale their online operations to meet demand from customers for digital services. According to PNC Bank, during the pandemic, it saw online sales jump from 25% to 75%. Therefore, having data platforms that are able to handle surges in online activity is becoming increasingly important.
Real-time analysis of data
While the precise solution financial services institutions need will differ based on the organisation, broadly speaking, the more data they are storing on legacy solutions, the more they are going to require an updated data platform that can handle real-time analytics. Even organisations that have fewer legacy systems are still likely to require solutions that deliver enhanced interoperability to help provide a real-time view across the business and enable them to meet the pressing regulatory requirements they face. Let’s also not lose sight of the fact that moving transactional data to a data warehouse, data lake, or any other silo will never deliver real-time analytics, therefore, businesses making risk decisions based on this and thinking it is real-time is completely inappropriate.
As such, financial services firms require a data platform that can ingest real-time transactional data, as well as from a variety of other sources of historical and reference data, normalise it, and make sense of it. The ability to process transactions at scale in real-time and simultaneously run analytics using transactional real-time data and large sets of non-real-time data, such as reference data, is a crucial capability for various business requirements. For example, powering mission-critical trading platforms that cannot slow down or drop trades, even as volumes spike.
Not only will having access to real-time data enable financial institutions to meet evolving regulatory requirements, but it will also allow them to make faster and more accurate decisions for their organisation andcustomers. With many financial services firms operating on a global basis, this is vital to help them keep up not only with evolving regulations but also changing circumstances in different markets in light of the pandemic. This data can also help them understand how to become more agile, help their employees become productive while working remotely, and how to build up operational resilience. These insights will also be vital as financial institutions need to consider the likelihood of subsequent waves of the virus, allowing them to gain a better understanding of what has and hasn’t worked for their business so far.
The financial services sector is fast-paced and ever-changing. With the launch of more digital-only banks, traditional institutions need to innovate to avoid being left behind, with COVID-19 only highlighting this further. With more than a third (35%) of customers increasing their use of online banking during this period, it is those banks and financial services firms with a solid online offering that have been best placed to answer this demand. As financial institutions cater to changing customer requirements, both now and in the future, implementing new technology that provides access to data in real-time will help them to uncover the fresh insights needed to develop new and transformative products and services for their customers. In turn, this will enable them to realise new revenue streams and potentially capture a bigger slice of the market. For instance, access to data will help banks better understand the needs of their customers during periods of upheaval, as well as under normal circumstance, which will allow them to target them with the specific services they may need during each of these periods to not only help their customers through difficult times but also to ensure the growth of their business. As financial institutions not only look to keep pace with but also gain an advantage over their competitors, using data to fuel excellent customer experiences will be essential to success.
With the current economic uncertainty and market volatility, it’s critical that financial services are able to meet the changing requirements coming from all angles. With COVID-19 likely to be the biggest catalyst for financial institutions to digitally transform, they will be better able to cater to rapidly evolving landscapes and prepare for continued periods of remote working. As they look to achieve this, replacing legacy systems with innovative and agile technology solutions will be crucial to ensure they can gain the accurate and complete view of their enterprise data they need to comply with new and changing regulations, and better meet the needs of consumers in an increasingly digital landscape, whether they are located in an office or working remotely.
Lockdown 2.0 – Here’s how to be the best-looking person in the virtual room
Jeff Carlson, author of The Photographer’s Guide to Luminar 4 and Take Control of Your Digital Photos suggests “the product you’re creating is not the camera, the lens or a webcam’s clever industrial design. It’s the subject, you, which is just one part of the entire image they see. You want that image to convey quality, not convenience.”
Technology experts at Reincubate saw an opportunity in the rise of remote-working video calls and developed the app, Camo, to improve the video quality of our webcam calls. As part of this, they consulted the digital photography expert and author, Jeff Carlson, to reveal how we can look our best online.
It’s clear by now that COVID-19 has normalised remote working, but as part of this the importance of video calls has risen exponentially. While we’re all used to seeing the more casual sides of our colleagues (t-shirt and shorts, anyone?), poor webcam quality is slightly less forgivable.
But how can we improve how we look on video? We consulted Jeff Carlson for some top tips– here is what he had to say.
- Improve the picture quality of your call
The better your camera, the higher quality your webcam calls will be. Most webcams (as well as currently being hard to get hold of and expensive), are subpar. A DSLR setup will give you the best picture, but will cost $1,500+. You can also use your iPhone’s amazing camera as a webcam, using the new app from Reincubate, Camo.
Jeff’s comments “The iPhone’s camera system features dedicated coprocessors for evaluating and adjusting the image in real time. Apple has put a tremendous amount of work into its imaging software as a way to compensate for the necessarily small camera sensors. Although it all works in service of creating stills and video, you get the same benefits when using the iPhone as a webcam.”
Aidan Fitzpatrick, CEO of Reincubate explains why the team created Camo, “Earlier this year our team moved to working remotely, and in video calls everyone looked pretty bad, irrespective of whether they were on built-in Mac webcams or third-party ones. Thus began my journey to build Camo: an iPhone has one of the world’s best cameras in it, so could we make it work as a webcam? Category-leading webcams are noticeably worse than an iPhone 7. This makes sense: six weeks of Apple’s R&D spend tops Logitech’s annual gross revenue.”
- Place your camera at eye level
A video call will never quite be the same as a face-to-face conversation, but bringing your camera up to eye level is a good place to start. That can involve putting your laptop on a stand or pile of books, mounting a webcam to the top of your display screen, or even using a tripod to get the perfect position.
Jeff points out, “If the camera is looking down on you, you’ll appear minimized in the frame; if it’s looking up, you’re inviting people to focus on your chin, neck, or nostrils. Most important, positioning the camera off your eye level is a distraction. Look them in the eye, even if they’re miles or continents away.”
Low camera placement from a MacBook
- Make the most of natural lighting
Be aware of the lighting in the room and move yourself to face natural lighting if you can. Positioning the camera so any natural light is behind you takes the light away from your face, which can make it harder to see and read expressions on a call.
Jeff Carlson’s top tip: “If the light from outside is too harsh, diffuse it and create softer shadows by tacking up a white sheet or a stand-alone diffuser over the window.”
Backlit against a window Facing natural light
- Use supplementary lighting like ring lights
The downside to natural lighting is that you’re at the mercy of the elements: if it’s too bright you’ll have the sun in your eyes, if it’s too dark you won’t be well lit.
Jeff recommends adding supplementary lighting if you’re looking to really enhance your video calls. After all, it looks like remote working will be carrying on for quite some time.
“The light can be just as easy as a household or inexpensive work light. Angle the light so it’s bouncing off a wall or the ceiling, depending on your work area, which, again, diffuses the light and makes it more flattering.
Or, for a little money, use a softbox or a shoot-through umbrella with daylight bulbs (5500K temperature), or if space is tight, LED panels. Larger lights are better for distributing illumination– don’t be afraid to get them in close to you. Placement depends on the look you’re going after; start by positioning one at a 45-degree angle in front and to the side of you, which lights most of your face while retaining nice shadow detail.”
In some cases, a ring light may work best. LEDs are arranged in a circle, with space in the middle to put the camera’s lens and get direct illumination from the direction of the camera.
- Centre yourself in the frame
Make sure you’re getting the right angle and that you’re using the frame effectively.
“You should aim for people to see your head and part of your torso, not all the space between your hair and the ceiling. Leave a little space above your head so it’s not cut off, but not enough that someone’s eyes are going to drift there.”
- Be mindful of your backdrop
It’s not always easy to get the quiet space needed for video calls when working from home, but try as best you can to remove anything too distracting from your background.
“Get rid of clutter or anything that’s distracting or unprofessional, because you can bet that will be the second thing the viewers notice after they see you. (The Twitter account @RateMySkypeRoom is an amusing ongoing commentary on the environments people on television are connecting from.)”
A busy background as seen by a webcam
- Make the most of virtual backgrounds
If you’re really struggling with finding a background that looks professional, try using a virtual background.
Jeff suggests: “Some apps can identify your presence in the scene and create a live mask that enables you to use an entirely different image to cover the background. While it’s a fun feature, the quality of the masking is still rudimentary, even with a green screen background that makes this sort of keying more accurate.”
- Be aware of your audio settings
Our laptop webcams, cameras, and mobile phones all include microphones, but if it’s at all possible, use a separate microphone instead.
“That can be an inexpensive lavalier mic, a USB microphone, or a set of iPhone earbuds. You can also get wireless lavalier models if you’re moving around during a call, such as presenting at a whiteboard in the camera’s field of view.
The idea is to get the microphone closer to your mouth so it’s recording what you say, not other sounds or echoes in the room. If you type during meetings, mount the mic on an arm instead of resting it on the same surface as your keyboard.”
- Be wary of video app add-ons
Video apps like Zoom include a ‘Touch up your appearance’ option in the Video settings. This applies a skin-smoothing filter to your face, but more often than not, the end result looks artificially blurry instead of smooth.
“Zoom also includes settings for suppressing persistent and intermittent background noise, and echo cancellation. They’re all set to Auto by default, but you can choose how aggressive or not the feature is.”
- Be the best looking person in the virtual room
What’s important to remember about video calls at this point in time is that most people are new to what is, really, personal broadcasting. That means you can easily get an edge, just by adopting a few suggestions in this article. When your video and audio quality improves, people will take notice.
Death of the workplace friendship: study shows how remote working is eroding our meaningful connections with colleagues
Employee experience platform Perkbox’s research on 1,296 employees and 300 business leaders reveal 65% think the ‘new way of working’...
Half of UK’s finance sector confirms diversity should be more of a priority in the workplace, with calls for action across the industry
Almost half (45%) of Britain’s banking/financial services workforce think their employer could do more when it comes to diversity, according to a...
American Express and Amazon Business Launch Co-branded Credit Cards for Small Businesses in the UK
The co-branded Cards offer flexible benefits and payment optionality by allowing small businesses to decide between earning rewards or adjusting...
Go Global To Expand Your Revenue Stream
By Christian Spaltenstein, Managing Director, AFEX Americas Banking and financial operations have evolved immensely in the past few years. Innovation...
Local authorities and business networks play a key role in small business success, and must be protected during COVID rebuild
23% of UK’s top performing businesses have been supported by local enterprise partnerships and growth hubs Similarly, 30% of Britain’s...
What Does the FinCEN File Leak Tell Us?
By Ted Sausen, Subject Matter Expert, NICE Actimize On September 20, 2020, just four days after the Financial Crimes Enforcement...
Investment Roundtable: Live with Jim Bianco
With Q4’s macro picture still looking grim amid the return of exponential coronavirus waves in Europe and the U.S. and...
Equity markets react to a rise in Covid-19 cases, uncertain Brexit talks and the upcoming US election
By Rupert Thompson, Chief Investment Officer at Kingswood Equity markets had another choppy week, falling for most of it before...
October furlough changes – what you need to know
By Alan Price, employment law expert and CEO of BrightHR The Job Retention Scheme is coming to an end on...
Do we really need banks? Yes, but digital transformation industry-wide is vital
By Charley Cooper is Managing Director at enterprise blockchain firm, R3 The Coronavirus crisis has taught us that we are...