By Andrew E. Bigart and Evan R. Minsberg
Recent efforts by state regulators to streamline the process of applying for and obtaining state financial services licenses are a welcome development for non-bank financial services providers. In May 2017, the Conference of State Bank Supervisors (CSBS) announced “Vision 2020,” an initiative designed to make the multi-state licensing experience “as seamless as possible” by redesigning the Nationwide Multistate Licensing System (NMLS) and harmonizing multistate supervision. More recently, some state finance regulators have announced plans to push for greater coordination in licensing and supervision. Bryan Schneider, the Secretary of the Illinois Department of Financial and Professional Regulation and chairman of a multistate regulatory task force, has stated that “Our goal is uniformity across the United States.”
One of the primary methods of achieving uniformity being discussed is a reciprocity system, sometimes called “passporting,” under which obtaining a license in one state would allow for a streamlined application and approval process in other states. A similar system currently exists for “producer” licensing to sell, solicit, or negotiate insurance. The National Association of Registered Agents and Brokers Reform Act of 2015 (or NARAB II) created the NARAB, a nonprofit membership-based organization charged with establishing requirements and procedures to enable applicants to simultaneously apply for nonresident licensing in multiple jurisdictions.
Applying the NARAB model to financial services, one can imagine NMLS expanding in a similar way in the future. NMLS’s effortsto harmonize money transmitter reporting requirements is just one example of this evolution. Like NARAB, NMLS is an entity created by federal law (under the Secure and Fair Enforcement for Mortgage Licensing Act of 2008), with the original mission of streamlining the licensing process for individual mortgage loan originators (MLOs). Currently, all U.S. jurisdictions use NMLS to receive MLO license applications and other residential mortgage-related licenses. The majority of jurisdictions have also transitioned other financial services licenses to NMLS, including non-mortgage lending, money transmission, and debt collection licenses.
As NMLS continues to grow and evolve, states could develop an effective reciprocity system with the following features:
- A single, uniform application standard accepted by all states for each financial services activity.
- Once approved for an activity, an NMLS “member” could conduct that activity in additional states after paying licensing fees, increasing the amount of a common surety bond, and updating any required credit report or criminal background check.
- Each state regulator would retain the ability to deny a license for certain enumerated reasons, such as criminal history or prior enforcement action, and would retain the authority to supervise and regulate NMLS members active in their state.
The benefits of such a system are numerous. First, non-bank financial services providers would be encouraged to accept state regulation if the process were streamlined in this manner. The expense associated with licensing would be drastically reduced, as would the time to market. Second, with the licensing review function effectively outsourced to NMLS under a uniform application, regulators could focus their resources on identifying unlicensed activity and activities that violate their financial services laws, instead of reviewing license applications. Far from threatening consumer protection, reciprocity would increase the amount of resources available to investigate bad actors. Third, efforts to streamline licensing may provide the framework and further motivation for additional harmonization in state financial services regulation.
While CSBS and several individual state regulators appear to be considering such a system, resolving differences in state licensing requirements will be a challenge. Some of the more difficult issues may include:
- Authorized Activities: Each state has different licenses permitting a different range of activities – some authorize a narrow set of financial services, while others allow for multiple activities under a single license. For example, a North Dakota Money Broker License permits the holder to engage in any consumer or commercial unsecured, secured, or real-estate secured (mortgage) lending and broker activities, with the exception of payday lending. New York requires at least three different licenses to perform the same activities. How will these be reconciled?
- Data Security:In recent years several states have developed their own data security laws which, in some cases, impose higher or different requirements than federal law. The New York Department of Financial Services Cybersecurity Rules have received significant attention, but other states, including Massachusetts and Nevada, have also introduced laws covering encryption, monitoring, training, and other data security controls. As state regulators make efforts to harmonize existing licensing standards, emerging data security requirements should also be included in this effort.
- Fingerprints and Principal Investigations: Currently, many states accept fingerprints for background checks on officers, directors, and large shareholders through a single electronic submission with NMLS preferred fingerprint vendor. However, outside of NMLS, multiple hard-copy rolled fingerprint cards are required in several states. While this issue would be resolved easily if each state accepted electronic fingerprints through NMLS, a more difficult question concerns who needs to provide fingerprints and other disclosures in each state.
There is no uniform standard for which principals of a company need to be disclosed and provide information as part of a licensing application. NMLS provides a definition of “control” for purposes of determining who should be disclosed, but ultimately it is a fact-based inquiry that states often interpret differently. The result is that some states may only require disclosure of the primary officers of the company to be licensed, while others will require information about individuals at every level of the corporate structure.
- Usury Laws: Usury rates present a particularly tricky issue for state uniformity standards. The maximum rates that non-bank lenders may charge vary widely from state to state, and many states may be unwilling to alter their usury laws out of consumer protection concerns. Usury laws are also directly linked to licensing issues in states where the requirement to obtain a license is triggered only by loans above a certain interest rate. For example, a license is required in Texas to make consumer loans above 10% per year, while Rhode Island’s law suggests a license is required to make any consumer loan, regardless of interest.
The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk
Research by Egress reveals organisations suffer outbound email data breaches approximately every 12 working hours
Egress, the leading provider of human layer data security solutions, today released their 2020 Outbound Email Data Breach Report, which highlights the true scale of data security risks related to email use. 93% of IT leaders surveyed said that their organisation had suffered data breaches through outbound email in the last 12 months. On average, the survey found, an email data breach happens approximately every 12 working hours.*
Rising outbound email volumes due to COVID-19-related remote working and the digitisation of manual processes are also contributing to escalating risk. 94% of respondents reported an increase in email traffic since the onset of COVID-19 and 70% believe that working remotely increases the risk of sensitive data being put at risk from outbound email data breaches.
The study, independently conducted by Arlington Research on behalf of Egress, interviewed 538 senior managers responsible for IT security in the UK and US across vertical sectors including financial services, healthcare, banking and legal.
Key insights from respondents include:
· 93% had experienced data breaches via outbound email in the past 12 months
· Organisations reported at least an average of 180 incidents per year when sensitive data was put at risk, equating to approximately one every 12 working hours
· The most common breach types were replying to spear-phishing emails (80%); emails sent to the wrong recipients (80%); incorrect file attachments (80%)
· 62% rely on people-led reporting to identify outbound email data breaches
· 94% of surveyed organisations have seen outbound email volume increase during COVID-19. 68% say they have seen increases of between 26 and 75%
· 70% believe that remote working raises the risk of sensitive data being put at risk from outbound email data breaches
When asked to identify the root cause of their organisation’s most serious breach incident in the past year, the most common factor was “an employee being tired or stressed”. The second most cited factor was “remote working”. In terms of the impact of the most serious breach incident, on an individual-level, employees received a formal warning in 46% of incidents, were fired in 27% and legal action was brought against them in 28%. At an organisational-level, 33% said it had caused financial damage and more than one-quarter said it had led to an investigation by a regulatory body.
Traditional email security tools are not solving this problem
The research also found that 16% of those surveyed had no technology in place to protect data shared by outbound email. Where technology was deployed, its adoption was patchy: 38% have Data Loss Prevention (DLP) tools in place, while 44% have message level encryption and 45% have password protection for sensitive documents. However, the study also found that, in one-third of the most serious breaches suffered, employees had not made use of the technology provided to prevent the breach.
Egress CEO Tony Pepper comments: “Unfortunately, legacy email security tools and the native controls within email environments, such as Outlook for Microsoft 365, are unable to mitigate the outbound email security risks that modern organisations face today. They rely on static rules or user-led decisions and are unable to learn from individual employees’ behaviour patterns. This means they can’t detect any abnormal changes that put data at risk – such as Outlook autocomplete suggesting the wrong recipient and a tired employee adding them to an email.”
“This problem is only going to get worse with increased remote working and higher email volumes creating prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle. Instead, organisations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spots errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake.”
Organisations still cannot paint a full picture of the risks, relying on people-led reporting to identify email breaches, despite severe repercussions
When an outbound email data breach happens, IT leaders were most likely to find out about it from employees. 20% said they would be alerted by the email recipient, 18% felt another employee would report it, while 24% said the employee who sent the email would disclose their error. However, given the penalties that respondents said were in place for employees who cause a breach, it is not guaranteed that they will be keen to own up, especially if the incident is serious. 46% said that the employee who caused a breach was given a formal warning, while legal action was taken in 28% of cases. In 27% of serious breach cases, respondents said the employee responsible was fired.
Tony Pepper comments: “Relying on tired, stressed employees to notice a mistake and then report themselves or a colleague when a breach happens is unrealistic, especially given the repercussions they will face. With all the factors at play in people-led data breach reporting, we often find organisations are experiencing 10 times the number of incidents than their aware of. It’s imperative that we build a culture where workers are supported and protected against outbound email breach risk with technology that adapts to the pressures they face and stops them from making simple mistakes in the first place. As workers get used to more regular remote working and reliance on email continues to grow, organisations need to step up to safeguard both employees and data from rising breach risk.”
Creating an engaging email marketing campaign that avoids the junk folder
By David Wharram, CEO of Coast Digital
With more than 280 billion emails sent every day, email marketing is a tried and tested marketing method with a multitude of benefits. In addition to resonating with those looking to save on their marketing spend, email marketing generates significant ROI for businesses. Statistics have shown that email marketing significantly outperforms social media when trying to reach customers, while also proving more cost-effective. Additionally, Mckinsey found that email marketing is 40 times more successful at gaining customers than Twitter and Facebook combined.
As business owners digest these facts – low cost, high return – it can be tempting to plan a barrage of untargeted marketing emails to both prospective and existing customers. Yet, this “spray and pray” approach may not generate as many sales leads as you’d hope. In fact, this method often tends to deter prospective customers and impact the relationship with existing clients, resulting in your emails consistently making their way into the junk folder. The key to a successful email marketing campaign is investing in the right tools to plan, automate, track, and analyse your outreach.
Like other marketing channels, email marketing takes effective planning and the right strategy to make it work. Rather than trying to sell a product or service from the outset, you need to engage with the customer and build trust with them first. To do this, you need to consider who the customer is, how to reach them and what information they are likely to want. For example, returning customers will be much more receptive to an email presenting discounts and timed offers. However, new or prospective customers would most likely prefer to familiarise themselves with your businesses first in order to understand how your product or service will benefit them.
Not only do you need to identify different audiences and identify how to engage them, but you should also consider the frequency of communication. Too often, and your emails could appear as spam. Too irregular and there’s a risk the customer might forget about you or turn to a competitor.
A crucial part of planning the overall strategy is considering the ideal outcome. Whether this is to attract new customers, send product or service updates, or retain customers through offers and discounts, the objective will determine the scope of the entire campaign.
The results of a well thought out email marketing strategy can drive brand awareness, boost lead generation and increase revenue. The results of a poorly planned strategy often lead to disgruntled recipients and a high number of unsubscribes.
Keep content relevant, personal and useful
In addition to planning the overall strategy of your campaign, you need to consider the content you will push out to your audience. From our experience, this will largely depend on which goals have been determined during the planning process.
It’s essential to ensure you’re providing something of value. While you want to make sure that your email marketing campaigns generate ROI, you also need to make the recipients feel that they’re not always being sold to. The key to this is by building a level of trust with the audience, which can be achieved by providing relevant advice and insights, or by asking for feedback.
Additionally, audiences are more receptive to content that is personal to them. It’s easy to spot a generic email that has been created to cover all bases for an entire mailing list. Therefore, making the emails more personalised to recipients tends to strengthen the overall campaign.
According to recent research by Econsultancy, personalisation remains a top priority for marketers as 67% of those asked said that was the main focus for improving their campaigns. Also, a study by Salesforce found that 84% of consumers prefer to be treated like a person not a number. That’s why taking the time to make content more relevant to the receiver could make or break the campaign.
Evaluate and evolve
Once your initial outreach has been complete, you need to take the time to reflect on your efforts. One aspect of the planning process should include setting clear metrics and KPIs so that you can be clear on whether these were met or not. There are several metrics that businesses should consider when it comes to the success of their campaign – including clickthrough rate, conversion rate, bounce rate and email forwarding rate. Each KPI will depend on the overall goal. Companies need to invest in the right tools and resources to evaluate email marketing campaigns, especially if this is new territory. Measuring the success of your outreach will enable you to determine what worked well, what needs refining or what needs to be completely overhauled. What’s more, if the initial campaign didn’t generate the outcome you were hoping, don’t be deterred from using email marketing altogether and instead use it as an opportunity to learn and improve.
Email marketing remains one of the most effective methods to engage with your audience on an ongoing basis. However, far too many businesses try to run before they walk and could be spamming their customers with irrelevant, uninteresting content. To ensure your outreach is successful, you need to effectively plan your outreach – considering your audience and delivering helpful and engaging content to them will help your emails avoid the dreaded junk folder.
How to communicate when the world is in crisis
By Callum Jackson Account Executive at communications agency Cicero/AMO
Across sectors both private and public, the coronavirus crisis has brought with it a list of overused yet unavoidable tropes. Phrases such as ‘rapidly changing times’, ‘the new normal’ and the king of COVID clichés ‘unprecedented’ have been deployed by communications experts of all ilks to engage audiences, linking their products and businesses to the pandemic however they can. In fact, amongst online news articles from January to September this year, ‘unprecedented’ received about six times more column space than over the same period in 2019. The financial services sector is far from immune – a quick scan of the 21.9 million Google results which the search term “unprecedented banking covid” throws up reveals a distinct preference for the platitudinal over the insightful.
But as often as this is said, it bears repeating: communication plays a central role in all of our lives and all of our businesses. In the banking and financial services sector, one PR misstep can mean the difference between an investment round succeeding or failing, between a challenger being awarded its coveted banking licence or having its reputation demolished, between a fintech app appearing on every other smart phone in the country or dying an obscure death.
While communication is vital, however, it is not a straightforward science or art at the best of times. Below are some key approaches for comms professionals to consider taking when communicating during a crisis.
- Start with the bank in the mirror
In all sub-sectors of the comms industry, from in-house external comms to agency PR and everything in between, inauthenticity stands out like a sore thumb, and badly thought-through messaging or imagery can reek of it. Take Pepsi’s heavily pilloried 2017 ad campaign featuring Kendall Jenner, the imagery of which attempted to position the soft drink – and the business producing it – as a saviour of divided and oppressed communities. Accused of seeking to capitalise on the Black Lives Matter movement, Pepsi rightly pulled the commercial and apologised for missing the mark entirely. Interrogating what your business stands for, what it does well, what its goals are and, most importantly, what it is not in the business of (in the case of Pepsi, saving the world) is essential to communicating with your stakeholders authentically. This has been conventional wisdom amongst banking and finance grandees for a while. In 2015, Tesco Bank’s then CEO Benny Higgins noted, “Authenticity [is critical] – we all have strengths and weaknesses but being authentic gives a consistent notion of what your leadership is about.” By all means, talk about doing good but make sure it’s good you’re actually doing.
- Read the room
Being aware of your audiences’ needs is two-fold. First, it is about identifying the topics that consumers of news (be they your customers, your suppliers or the general public) want and need to hear about, and secondly, it’s about being sensitive to audiences’ anxieties and preoccupations. Our current environment is characterised by companies asking staff to take pay cuts, having furloughed others at 80% of their salary, all while social distancing or staying home. During these – yes, unprecedented… – anxiety-inducing times, money saving advice, working from home tips, and information on the best cost-saving financial products are subjects of interest and necessity to journalists and readers. Listicles of the best luxury summer getaways are not. Think about what your business or client is doing that might directly help those who are worst affected and use that as a springboard for your communications messaging.
- Look ahead
In late 2019, few of us could have foreseen the sheer magnitude of a potential pandemic, nor indeed its short-term and residual effects on the economy, society, and individual financial institutions. However, as professionals in charge not only of spreading the good news but also of putting out reputational fires, it is the duty of financial services PRs to game various scenarios – sorted by likelihood and impact – pre-empting possible outcomes and preparing for the negative fallout as well as the positive opportunities a situation might present. Looking ahead to identify these ‘opportunities’ is not per se a cynical attempt to boost business reputations or commercial outcomes. It can and should involve looking ahead to ascertain the potential silver linings, gifts in disguise, and diamonds in the rough that come along with a crisis. One unforeseen consequence of the COVID-19 pandemic has been a reminder of the warmth, appreciation and even love we feel towards the frontline workers of the NHS. If yours is the company that finances the manufacture of their uniforms, insures the production of their machinery, or invests on behalf of the factory that makes their PPE, you should be proud of that and should let others be proud too. All this requires
foresight, however – the ability to identify both the risks and opportunities of a dire situation.
- Adapt your offering
Shouting from the rooftops about something you do well, especially when it has a net good impact on the world, is nothing to be ashamed of. In fact, a surprising number of businesses are actually quite bad at telling us what’s good about them – particularly those that need to the most: banks. Cue the PR professional. But that quality of self-promotion – not in the sneering, braggartly sort of way; but rather the recognition that telling your story is how people get to know you – only stands up when what you’re promoting really is good, both morally and commercially speaking. If you are planning a campaign showing that your customer, The Big Bad Oil & Gas Company Ltd., is doing wonders for the planet, it had better be investing heavily in wind and solar, offsetting its carbon output and cleaning up natural areas affected by its commercial activities, and not just paying lip service to environmental conscientiousness. And if your customer or your own business isn’t doing those things, it is time to re-evaluate the corporate strategy. Too many heads of comms are cautious of recommending product and operational changes that require significant investment for fear of CEOs’ eyes rolling back into their heads with ‘dollar shock’. But if you want to be known for doing something good, you had better do it well.
- Take advantage of digital
It comes as no surprise that shares in videoconferencing services such as Zoom (NASDAQ: ZM) just about doubled between late January and mid-April (up to $142.80 from $70.44). As demand for online services increases due to prolonged social distancing and isolation measures, so too does the need for journalists, and therefore PRs, to produce quality digital content that speaks the language of technology. Rather than asking how your logo will change or about the latest appointment to your board, media and the audiences that read them are increasingly asking, ‘How does your company’s offering help us do business, manage our money, or lead better lives by harnessing smart data, open finance, AI, etc.?’ Or more generally, ‘How can I do all the things I’m used to doing and need to do without leaving my house?’ Most banks provide online banking, most insurers allow digital policy purchases and claims, most lenders enable virtual applications or use digital ID to confirm affordability and suitability. If your business is lagging behind, it’s time to catch up.
- Put a relevant twist on business as usual
“Well, our business doesn’t do anything to do with viruses,” is a natural reaction to a crisis that no one saw coming and that stands to affect the global economy in a meaningful way for years to come. But, as well as being natural, it is also limiting. Thinking creatively about the ways our product offerings and operations do, in some way, affect the outcome of a crisis does not have to extend to preventing the spread of a disease or accelerating the creation of a vaccine. It may be that your lending platform can offer mortgage holidays for those financially impacted by the pandemic or that the insurer you work for can interpret policies leniently and with compassion – especially important in light of the FCA’s recent finding on business interruption insurance. Showing your worth in a crisis does not require you to be a central cog in the machine, nor does it require you to dominate the narrative in order to have cut-through. Do your bit, however small, and then tell us about it.
Being alive to developments in politics, society, culture, science and business, and remaining nimble and ready to adapt to those developments sensitively are the cornerstones of good communications. The ancient Greeks knew this before we did; it was no storytelling accident that Olympus’ divine messenger, Hermes, wore winged sandals. The metaphor may be ham-fisted, but the sentiment is sound: sensitivity, fleet-footedness and boldness are the communicator’s greatest weapons. Don’t be a Pepsi, be a Hermes.
Digital collaboration: Shaping the Future of Finance
By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn With heightened economic uncertainty and increased customer expectation becoming...
The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk
Research by Egress reveals organisations suffer outbound email data breaches approximately every 12 working hours Egress, the leading provider of human layer data security solutions, today released their 2020 Outbound Email Data...
Regulating innovation: the biggest challenge in payments
By Fady Abdel-Nour, Global Head of M&A and Investments, PayU Over the course of the last six months, the payments...
Investors remain worried about COVID, but positive towards stamp duty holiday
By Jamie Johnson, CEO of FJP Investment The journey back to economic normality will be strenuous. COVID-19 has imbued many...
Creating a culture of cybersecurity in Financial Services
By Martin Landless, Vice President for Europe at LogRhythm As the financial services sector increasingly moves online and reaps the...
How the financial sector can keep newly acquired customers returning time and time again
By Dicken Doe from Foolproof, a Zensar company Covid-19 has changed the financial lives of millions; what worked for people...
Creating an engaging email marketing campaign that avoids the junk folder
By David Wharram, CEO of Coast Digital With more than 280 billion emails sent every day, email marketing is a...
Cloud in Banking: An Opportunity That Can’t be Ignored
By David Rimmer, Research Associate at Leading Edge Forum Originally offered as a better way to build IT systems, cloud...
Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert
The rapid adoption of contactless payments during COVID-19 may be contributing to multiple strands of fraud Monica Eaton-Cardone, COO and...
Pay and Go, why seamless checkout is essential for the customer experience
By Ralf Gladis, CEO, Computop Shopping for many is therapy…until they reach the queue for the checkout. It’s easier online...