RSA, a global cybersecurity leader delivering Business-Driven Security™ solutions, unveiled new products to help address many of the challenges related to compliance with data protection regulations like the European Union’s General Data Protection Regulation (GDPR).
New RSA Archer offerings around Data Governance and Privacy Program Management can be paired with RSA NetWitness® to help speed breach response, and RSA SecurID® to deliver identity and data access assurance to further continuous compliance capabilities.
GDPR is forcing companies around the world to revisit and revise how they manage and protect data in today’s interconnected cyber landscape. A recent PwC survey found over half of U.S. multinationals say GDPR is their top data-protection priority.
DATA PRIVACY IS A BUSINESS RISK
“We used to live in a world where executives ran the business, IT ran the infrastructure, security set the perimeter, and compliance made the rules, but regulations like GDPR are breaking down those old walls,” said Rohit Ghai, President, RSA. “GDPR translates cyber risk to a bottom-line business issue, which completely changes how businesses view their customers’ data.”
RSA offers a combination of products and services across these domains, including two new use cases in the market leading RSA® Archer® Suite:
- The RSA Archer Data Governance use case is designed to assist organizations in better documenting data governance requirements to improve support for data-centric regulations, such as HIPAA, GLBA and GDPR.
- The RSA Archer Privacy Program Managementuse case is designed to enable organizations to holistically manage privacy programs and align processes with regulations, including privacy assessments and regulatory case tracking.
Ultimately, GDPR is not just a Governance, Risk and Compliance (GRC) issue. GDPR spans the full enterprise and forces companies to adopt a healthier privacy and security risk posture in four critical areas: Risk Assessment, Breach Readiness, Data Governance, and Compliance Management.
RISK ASSESMENT: UNDERSTANDING YOUR CYBER AND BUSINESS RISK
GDPR Article 32 outlines elements of a security risk assessment process to ensure the appropriate design and implementation of controls. An effective risk assessment process helps accelerate the identification of the linkage between risks and internal controls, potentially reduce the GDPR compliance gaps and improve risk mitigation strategies, while also giving companies a game plan for improving their cyber posture.
The RSA Archer Suite is designed to empower organizations to manage multiple dimensions of risk with solutions built on industry standards and best practices on one configurable, integrated software platform. Other use cases that can help support critical GDPR related processes include:
- RSA Archer Security Incident Management helps enable processes to address the flood of security alerts and implement a managed process to escalate, investigate and resolve security incidents.
- RSA Archer Security Operations and Breach Management helps extend the security incident process by adding workflow for data breaches and management of the overall security operations team.
- RSA Archer Issues Management helps organizations manage issues generated from risk and control assessments and audits.
- RSA Archer IT Risk Management helps accelerate the identification of IT risks related to GDPR compliance and improves an organization’s risk mitigation strategies.
- RSA Archer IT & Security Policy Program Management provides the framework to help organizations establish a scalable and flexible environment to document and manage an organization’s policies and procedures to help comply with the GRPR.
- RSA Archer IT Controls Assurance provides a framework and taxonomy to assist organizations by systematically documenting the GDPR control universe, enabling organizations to assess and report on the performance of controls at business hierarchy and business process levels.
- RSA Archer Third Party Catalog assists in documenting third party relationships, engagements and associated contracts to identify help track external parties related to GDPR.
BREACH RESPONSE: RESPONDING REQUIRES VISIBILITY
Article 33 of the GDPR regulation outlines specific requirements for notification of a personal data breach to the supervisory authority, which makes having a full understanding of the details of a data breach paramount. The goal of any security team is to prevent these kinds of breaches, but breaches can still occur. As a result, many data protection requirements focus on breach response and reporting.
Additionally, GDPR requires notification to regulators, generally within 72 hours of becoming aware of an actual breach. Released earlier this summer, the newest edition of RSA NetWitness® Suite is designed to scan your entire infrastructure for indications of an attack, and uses behavioral analysis and machine learning to help better understand the scope and nature of a breach with improved visibility into the attack sequence, enabling faster notification.
DATA GOVERNANCE MEANS IDENTITY MANAGEMENT
Another critical element of GDPR compliance is controlling who has access to personal data. Organizations must protect personal data in a number of different ways, and must be able to demonstrate accountability in keeping accurate records of processing activities, including the categories of personal data processed, the purposes of processing, transfers to third countries outside of the European Economic Area, and the relevant technical and organizational security measures.
The RSA SecurID® Suite,including RSA SecurID® Access and RSA® Identity Governance and Lifecycle, is designed to enable organizations of all size and maturity to minimize identity risk and deliver convenient and secure access to their modern workforce. By leveraging risk analytics and context-based awareness, RSA SecurID Suite helps ensure the right individuals have the right access, from anywhere and any device. These products can play a critical role in addressing the fundamental need for identity and access assurance.
PROGRAM MANAGEMENT: COMPLIANCE IS NOT A DESTINATION
The RSA Risk and Cyber Security Practiceoffers a range of strategic services designed to help customers develop a business-driven security posture, build an advanced security operations center and revitalize their GRC program. To complement a robust product offering, RSA also provides implementation and post-implementation support so customers can maximize their existing investment in RSA products.
- The RSA Risk Management Practice delivers strategic consulting services to help optimize an organization’s GRC program. It also offers staff augmentation and support services to help plan, implement, deploy and upgrade RSA products and services, including the RSA Archer Suite.
- The RSA Advanced Cyber Defense Practice helps security organizations develop the processes, procedures, workflows and automation that enable prompt, decisive response to data breaches and other cyber incidents.
- The RSA Incident Response Practice helps organizations respond to security breaches as they prepare to meet new 72-hour notification requirements of GDPR.
- The RSA Identity Assurance Practice helps organizations plan and implement comprehensive programs for managing access to GDPR-relevant data. With knowledge of who has access to what, organizations can make more informed access decisions, better identify risky activity, and meet compliance mandates.
With an organized, managed process to escalate issues identified during control testing, organizations get visibility into risks and can address the risks in a timely manner. Organizations will see quicker reaction to emerging issues, create a more proactive and resilient environment, and reduce the churn in driving accountability towards GDPR compliance.
Digital collaboration: Shaping the Future of Finance
By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn
With heightened economic uncertainty and increased customer expectation becoming the norm in the banking industry, it is understandable that the sector is struggling to keep afloat. Due to its precarious nature, banking institutions are trying their best to ensure they remain relevant in the competitive landscape and guarantee that their customers continue to be a priority.
When it comes to the first half of this year, the pandemic has shown how easy it is for industries to fail. Customers and companies alike had to get used to the new normal, as physical locations started to close. The banking industry felt this first hand, as banks were made to restructure how their business ran, with restricted opening hours and a wider push to motivate people to use online banking.
While some had already embraced digital options prior to the pandemic, this proved to be a stark contrast to the elderly population, who frequently visited branches to access their finances. Moving forward, banks have to adopt new methods to ensure customers get the most out of our their accounts, without their experience suffering.
Heightened Customer Expectations
When the pandemic reached its peak, people were encouraged to use online banking, as telephone contact was under strain with long waiting times and pressure mounting on contact centre agents. According to Fidelity National Information Services (FIS), which works with 50 of the world’s largest banks, there was a 200% jump in new mobile banking registrations in early April, while mobile banking traffic rose 85%.
With branches remaining closed, customers were continuously being urged to limit the amount of calls they made to the most urgent cases and consider whether they could solve their answers through mobile online banking or checking the company website. Although already being adopted in pockets of the industry, this was a real catalyst that spurred banks to up their game on digital channels and with self-service tools.
Banks are challenged with precariously balancing customer needs with the cost of personalised support. With the demographic of customers changing over the last few years, customers are becoming increasingly younger and more comfortable with technology. Influenced by the “Amazon Effect”, their expectations have raised to an all-time high, placing record strain on the sector
Customer experience isn’t just about support anymore, it’s about serving your customer at every point in the journey. Companies have an opportunity to elevate the experience they provide by moving beyond one-and-done interactions to create continuous engagements with their customers. It is starting to become a primary competitive differentiator in the market and one that doesn’t have a lot of variation. Deploying AI chatbot technology will be able to strategically help banks improve customer experience and raise the level of support that agents provide.
Digital collaboration: Working around the Clock
The benefits of adopting digital channels and self-service tools are second to none. By implementing chatbots, fuelled by conversational AI, banks will be able to help serve a wide range of customer queries and ensure they are protected from fraud and scams.
Conversational AI is exactly what it sounds like: a computer programme that engages in a conversation with a human. When it comes to service delivery, conversational AI can be deployed across multiple channels to engage with customers in ways that effectively address evolving customer needs. At a time defined by COVID-19, self-service tools such a conversational chatbots can work around the clock to solve customer queries in a concise and timely way. Of course, self-service tools won’t completely replace human agents in the banking industry, but they will help companies re-distribute customer traffic and workflows in ways that enhance customer experience. Self-service tools fuelled by conversational AI can also improve employee experience because service employees can handle fewer, but higher-level service tasks that chatbots might escalate to them.
Adopting new tools to help facilitate consistent and concise answers and help maintain customer experience is on the forefront of many industry minds. Banks such as the Natwest Group have seen this first-hand and are testament to the benefits that a good digital experience can provide. Simon Johnson, Capability Consultant, Digital at NatWest Group highlights NatWest’s use of digital tools during lockdown, “Over the last few months, we’ve learnt how to use digital tools to help our employees remotely. From a banking perspective, there have been a lot of changes including base rates, waive fees and the best ways of contacting our vulnerable customers, ensuring we keep them protected from frauds and scams.
“By introducing our Bold360 chatbot interface, Ella, we’ve been able to get relevant information out quickly, apply the best practice and ensure that our customer journeys are being developed correctly. Due to the volume of questions, some of our customers were finding themselves waiting longer than usual. So digital channels become essential to helping reduce the wait time. Using Bold360, we were able to mitigate issues and answer questions in a more timely way through our chatbot.
“Moving forward, as we open more digital services, we are analysing our data to see if customer will return back to their usual way of banking, now that they’ve seen what a good digital experience can provide. Either way, with Ella, we are ready.”
Chatbots and Humans: The Best Option for Customer Service
Over the last year, banking institutions have recognised the power that digital collaboration can have to their success. Delivering exceptional customer service and support is key for any business wanting to stay competitive in today’s market and banks are especially challenged with precariously balancing customer needs with the cost of personalised support. Leveraging the right technology, such as AI-powered chatbots, will enable the banking industry to provide better support and a more robust customer experience in the long term. Other institutions must follow suit, or risk becoming obsolete.
A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US
By Lauren Jones, International Payments Ambassador, Icon Solutions
The US payments industry is undoubtedly ripe for change. Before the unprecedented shock of COVID-19, digitization and payments transformation initiatives had been organic, piecemeal and predominately the preserve of the largest banks.
Now, increasing pressure means that financial institutions of all sizes are working to define a digital strategy to unlock new opportunities, drive business value, and stay competitive. But beyond the immediate impact of COVID, what underlying trends are accelerating digitization in the US?
- Real-time payments – the stimulus for change
Real-time payments have been met with a degree of caution by US financial institutions. Risking traditional profit generators in return for potential revenues down the line is a gamble many have not been willing to take. But immediate payments are coming to the US whether banks like it or not.
Major payments infrastructure providers, including NACHA and The Clearing House (TCH), have moved to encourage immediate payment adoption in recent years. But the Fed, frustrated with a slow rate of progress, has announced that it is pressing ahead with the implementation of its FedNow system (despite significant industry objection). Although the Fed’s true intentions are open to interpretation and this may just be a play to accelerate private initiatives, it is a clear signal that they mean business.
This means holdouts risk their own ‘Kodak’ moment if they miss the huge opportunities in front of them by fixating on traditional revenue streams. Banks are in a position to support innovation across entire industries such as healthcare, which could be released from the constraints of paper-based bureaucracy and slow, expensive transactions.
Another opportunity that can be unlocked via instant payments is ISO 20022 (used in the TCH RTP system). It is the future of payments messaging standards and can greatly enhance various payments processes through increased data-carrying capabilities. More importantly given the current climate, citizens reliant on federal or state support can benefit from RTPs combined with additional data to immediately access emergency funds.
- The kids are growing up
The US is getting older. Consumers who were 10 when the iPhone first launched are now 23. This means we are seeing a ramp-up of digitally native Gen Z consumers (roughly those born between 1995 and 2010) accessing banking services.
Demographics are an inexact science and not perfect predictors (there are technophobe college students and 100-year-old Instagram influencers), but we can detect noticeable trends.
Younger customers don’t usually choose a bank because there is an ATM in their neighbourhood, a slightly better interest rate or an advert in the newspaper. Rather, a strong digital presence, personalised tools, rewards and experiences, and the trusted recommendations of friends and family, will have a more significant impact on customer acquisition.
Banks must look at the effect this will have on their longer-term digitalization strategy and be able to segment what this emerging customer base might want and how they will interact in years to come.
- Checkmate? Evolving corporate requirements
Corporate treasurers are people and their experience of seamless, immediate payments in their personal lives shapes expectations in the workplace. Although check usage for business-to-business (B2B) transactions is still the norm in the US and barriers remain, corporates are increasingly demanding the ability to transact in a real-time, omnichannel environment, 24×7.
The benefits are clear. Corporate treasurers stand to enjoy enhanced liquidity management and transparency, greater control over payments and enhanced data for reconciliation purposes. And for consumers, alternative digital payment options such as buy now pay later promote choice and flexibility.
- Increasing competition
A significant consequence of emerging consumer and business demand for digital offerings is the increase in competition from fintechs, technology giants and other third-parties. Traditionally, incumbent banks have enjoyed the advantage of consumer trust to offset more limited innovation. But as consumers become more comfortable entrusting their financial transactions to non-banks, banks must differentiate and digitize to remain competitive.
Data is where the technology giants excel, and their ability to personalise experiences and emotionally connect with their users is unprecedented. Banks need to learn from the positive aspects of this model to better understand their users and deliver meaningful, useful products and services.
For data to become the cornerstone of a banks’ customer relationship and take services to the next level, breaking the channel silos and extracting value from a comprehensive dataset will be decisive. But with only 18% of banks reporting that they are in the process of shifting from a transactional revenue model to a data-driven revenue model, this work has some way to go.
Taking customer propositions to the next level
Customers now expect services that work for them, not their banks. All banks, no matter the footprint, need to move quickly to offer a broad digital service platform that adds value to both the customer and the bank.
By defining a robust payments transformation strategy, banks of all sizes can remain fiercely competitive by rapidly lowering costs, unlocking revenues and promoting innovation
Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense
By Rob Harrison, MD UK & Ireland, SAP Concur
The last few months have been an exercise in adaptability for businesses across the UK. With the sudden mandate to work from home, company processes that were ingrained in employees’ day-to-day routines were either put on hold or turned upside down. The new office normal now includes virtual meetings, conversing through instant messaging instead of in the hallway, and the redefining of “business casual” attire.
Many of the processes that have undergone changes fall into the category of travel and expense. With most business travel on hold and the nature of expenses changing, finance managers have had to adjust policies and practices to accommodate the new world of work. Recent SAP Concur research found that 72% of businesses have seen changes in the levels and types of expenses submitted, but only 24% have changed their policies to support this. Examples of travel and expense related changes that were made at the beginning of work from home mandates include:
- A halt to business travel and its associated expenses.
- Temporarily ending expensed meals for business lunches, dinners, or in-office meetings.
- Increase in office expenses like monitors and chairs as employees furnish their home offices.
- New expenses to consider like Internet and cell phone bills for employees who must work from home.
Now, as companies begin thinking about return to work plans, finance managers are discovering it’s not simply business as usual again. SAP Concur research found that many expect finance will return to normal quicker than general workplace practices, but vast majority see the process taking up to 12 months. New policies and processes need to be put in place to accommodate travel restrictions and changes in expenses. While finance managers need to stay flexible as the business environment continues to evolve, spend control and compliance should still be a high priority.
Here are a few questions that can help finance managers prepare for return to work while keeping control and compliance top of mind:
- What will travel look like for the company? Finance managers must work with travel and HR counterparts to determine the need for employee travel, if at all, and how to keep employees safe. At SAP Concur, we surveyed 500 UK business travellers and found that health and safety is now seen as more than twice as important than their business goals being met on trips (34% versus 16%. Clear guidelines should be developed, even if they are temporary or evolving, so it’s clear who can travel, when they can travel, and how they can travel. Duty of care plans should also be re-evaluated and businesses should ensure they know at all times where employees are traveling for business and how they can communicate with them in the event of an emergency.
- Who needs to approve travel and expenses? While it may be temporary, businesses may have to implement a more stringent approval policy for travel and other expenses. Due to health concerns related to travel and the need to conserve cash flow, business leaders like CFOs may want to have final approval over all travel and expenses until the situation stabilises. To help ensure new approval processes don’t cause delays and inefficiencies, finance managers should implement an automated solution that streamlines the process and allows business leaders to review and approve travel requests, expenses, and invoices right from their phones. According to SAP Concur research, 11% of UK businesses implemented some automation of financial processes in response to COVID-19. This is definitely set to increase post-pandemic.
What types of expenses are within policy? Prior to social distancing, employees may have been allowed to take clients out to dinner. In-person team meetings held during the lunch hour, may have included expensed lunches. As employees return to work, finance managers need to determine if these activities and expenses will be allowed again. Clear guidelines must be put in place and expense policies need to be updated to reflect any changes.
- What happens to home office items that were purchased? While new office equipment may have been purchased for employees’ home offices, they remain the business’s property and what to do with them as employees return to work needs to be determined. Perhaps employees will continue to work from home a few days a week and need to keep the equipment to ensure productivity. However, if a full return to work is expected, finance managers have options that can maximise their asset investment and possibly save the company money, like replacing old office equipment with the new purchases, reselling to a used office furniture company, or donating to a non-profit.
- How can cost control be ensured? For many businesses, cash flow will be tight for the foreseeable future. Spend needs to be managed to help ensure recovery and stability. An important aspect of controlling costs is having full visibility of expenses throughout the company. Implementing an automated spend management solution that integrates expense and invoice management brings together a business’s spend, giving finance managers an understanding of where they can save, where to renegotiate, and where to redirect budgets based on plans and priorities.
Once finance managers have asked themselves the questions above and determined how they want to approach travel and expense procedures, it’s vital they create guidelines and communicate clearly to employees. Compliance can only be ensured if employees have a clear understanding of what has and has not changed with travel and expense policies and what’s expected as they return to work.
Digital collaboration: Shaping the Future of Finance
By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn With heightened economic uncertainty and increased customer expectation becoming...
The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk
Research by Egress reveals organisations suffer outbound email data breaches approximately every 12 working hours Egress, the leading provider of human layer data security solutions, today released their 2020 Outbound Email Data...
Regulating innovation: the biggest challenge in payments
By Fady Abdel-Nour, Global Head of M&A and Investments, PayU Over the course of the last six months, the payments...
Investors remain worried about COVID, but positive towards stamp duty holiday
By Jamie Johnson, CEO of FJP Investment The journey back to economic normality will be strenuous. COVID-19 has imbued many...
Creating a culture of cybersecurity in Financial Services
By Martin Landless, Vice President for Europe at LogRhythm As the financial services sector increasingly moves online and reaps the...
How the financial sector can keep newly acquired customers returning time and time again
By Dicken Doe from Foolproof, a Zensar company Covid-19 has changed the financial lives of millions; what worked for people...
Creating an engaging email marketing campaign that avoids the junk folder
By David Wharram, CEO of Coast Digital With more than 280 billion emails sent every day, email marketing is a...
Cloud in Banking: An Opportunity That Can’t be Ignored
By David Rimmer, Research Associate at Leading Edge Forum Originally offered as a better way to build IT systems, cloud...
Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert
The rapid adoption of contactless payments during COVID-19 may be contributing to multiple strands of fraud Monica Eaton-Cardone, COO and...
Pay and Go, why seamless checkout is essential for the customer experience
By Ralf Gladis, CEO, Computop Shopping for many is therapy…until they reach the queue for the checkout. It’s easier online...