Connect with us

Technology

Supplier Assurance – FinTech’s route to well managed regulation

Published

on

Supplier Assurance – FinTech’s route to well managed regulation 1

By Stuart Jubb, head of consulting at Crossword Cybersecurity, looks at how fintech start-ups can maintain their agility while reducing risk with supplier assurance

The bar of entry to becoming an operator in the financial services industry is understandably high as it is necessarily heavily regulated.  The UK financial sector has evolved rapidly over the last five years with the growth of fintech businesses looking to drive innovation into the banking industry.  As well as developing technology, new entrants must pay great attention to meeting the requirements of the regulators as well as ensuring that a ‘privacy by design’ approach is taken from the outset.  There is a risk that founders might focus all of their energy into the development of innovative and cutting-edge technology offerings, but at the detriment of meeting the demands of the regulator and broader privacy requirements.

Exciting growth that must be regulated

One of the key catalysts for the growth in the Fintech industry has been the Payment Services Directive 2 (PSD2), also known as Open Banking.  PSD2 regulations ensure that banks create mechanisms to enable third-party providers to work securely, reliably and rapidly with the bank’s services and data on behalf and with the consent of their customers.

The FCA has been pioneering in encouraging the growth of the fintech sector in London through their regulatory sandbox programme.  Since its launch in 2016, 89 firms have so far been accepted to test innovative products and services.  The combination of this programme with the PSD2 legislation has seen huge growth in the UK’s fintech sector with investments growing 38% from 2018 to 2019 to a massive $4.9 billion of investments.  The development of new and innovative applications and services is great for consumers, businesses and the banking sector as a whole, but each of those groups must protected with the same gusto that the sector is known for.  Regulation and legislation in the sector remains far reaching and for new entrants can be complicated to navigate, particularly as they are typically fast-moving start-ups used to working with agile methodologies and utilising a range of open source and third party technology providers to bring their service to market rapidly.  This kind of technology supply chain comes with risks that need closely managed, and as we’ll come on to supplier assurance has a key role to play here.

FinTech’s and cyber security

Unsurprisingly, information and cyber security feature heavily across much of the existing legislation that firms will need to consider. Legislation exists in all jurisdictions and the more regions a firm operates in, the more legislation they will need to comply with. In the UK the FCA’s handbook raises security in the section focussed on Processes and Systems (13.7) that in turn is concerned with operational risk. Generally, there is an ongoing focus on Operational Resilience in the UK financial regulatory environment also seen in the Operational Resilience consultation launched by the Prudential Regulatory Authority (PRA) in December 2019.

The services a fintech business is offering and where it operates will define the security regulations it will be required to meet. PSD2, for example, has robust security measures within the legislation.  Controls are mandated with organisations having to implement “an effective operational and security risk management framework” and the “framework should focus on security measures to mitigate operational and security risks.” The framework must also encompass outsourcing arrangements where appropriate so if a company outsources any of their service provision to a third party – this supply chain risk must be understood and monitored as well.  The framework needs to cover a broad range of security considerations including Risk Assessment, Protection (including Data Systems Integrity, Access Control, Physical Security), Detection, Business Continuity and Testing of Security Measures.

Stuart Jubb

Stuart Jubb

The security themes that we have spoken about so far are part of a number of regulatory standards including, the Payment Card Industry Data Security Standard (PCI DSS) if card data is processed, stored or transmitted by the service.  FintTech startups, as well as established firms, must also consider local differences in legislation.  For example, those operating out of New York State, must consider the New York State Department of Financial Services 500 series on Cyber Security (NYDFS 500).

There are common themes across all of these requirements because after all, their intent is much the same, to ensure that firms operating in the financial services industry are taking the right approach to reduce the risks of doing business.  Firms should look at adopting an industry standard as a baseline to begin to satisfy all the areas of legislation that may apply to them.  Many of these regulations draw upon standards such as ISO27001 and if this is used as a baseline, the controls in ISO27002 can be mapped across all the requirements that are applicable to the firm.  Fintech businesses are often building APIs and as such must enter the market with the European Union General Data Protection Regulation (GDPR) ‘Privacy by Design’ principle at the heart of what they do.

As an example, from the cyber security specialist perspective, they typically approach these responsibilities as short-term, single-moment-in-time, instant assessments – often required on top of their day job of protecting the organisation’s IT assets and systems.  It’s also common that technical cyber specialists are asked about assessing standards, cyber controls and governance – an area in which they may well have no experience.  They’ll carry out these tasks as best they can, but won’t always see them as strategically important.

FinTech needs supplier assurance

The key point is that firms need to be thinking about how they build in supplier assurance as part of meeting these security and broader regulatory requirements from the outset, because the problem gets bigger and harder as companies increase their involvement with third parties up- and down-stream in the supply chain.

Technology can automate the supplier assurance process, making it much easier to regularly review that all parties meet the necessary requirements and demonstrate due diligence.  Doing so, means companies are not only compliant, but mitigate security risks.  It also proves to parties, that systems and data can be connected, to either expand the service, in the case of a technology provider or as a customer of the service.  Additionally, when raising funds for expansion and growth, investors are highly likely to undertake due diligence, and an established third-party assurance process can greatly simplify this.

Remember too that good software assurance practices do not just allow you to ensure that your suppliers meet the requirements set by you and your industry.  They make it possible for other companies to rapidly have confidence in your organisation, when they are considering a partnership that will make you part of their supply chain.

Third-party assurance matters, and it’s better to start while small using processes and tools that will scale with your fintech aspirations.  Growth can be rapid in the sector, with small companies far more agile and able to jump on new opportunity.  The trick is to may sure that the processes are in place to ensure that ability to ride the wave does not become your undoing.

Technology

The rise of AI in compliance management

Published

on

The rise of AI in compliance management 2

By Martin Ellingham, director, product management compliance at Aptean, looks at the increasing role of AI in compliance management and just what we can expect for the future

Artificial Intelligence (or AI as it’s now more commonly known) has been around in some shape or form since the 1960s. Although now into its eighth decade, as a technology, it’s still in its relative infancy, with the nirvana of general AI still just the stuff of Hollywood. That’s not to say that AI hasn’t developed over the decades, of course it has, and it now presents itself not as a standalone technology but as a distinct and effective set of tools that, although not a panacea for all business ills, certainly brings with it a whole host of benefits for the business world.

As with all new and emerging technologies, wider understanding takes time to take hold and this is proving especially true of AI where a lack of understanding has led to a cautious, hesitant approach. Nowhere is this more evident that when it comes to compliance, particularly within the financial services sector. Very much playing catch-up with the industry it regulates, up until very recently the UK’s Financial Conduct Authority (FCA) had hunkered down with their policy of demanding maximum transparency from banks in their use of AI and machine learning algorithms, mandating that banks justify the use of all kinds of automated decision making, almost but not quite shutting down the use of AI in any kind of front-line customer interactions.

But, as regulators are learning and understanding more about the potential benefits of AI, seeing first-hand how businesses are implementing AI tools to not only increase business efficiencies but to add a further layer of customer protection to their processes, so they are gradually peeling back the tight regulations to make more room for AI. The FCA’s recent announcement of the Financial Services AI Public Private Forum (AIPPF), in conjunction with the Bank of England, is testament to this increasing acceptance of the use of AI. The AIPFF is set to explore the safe adoption of AI technologies within financial services, and while not pulling back on its demands that AI technology be applied intelligently, it signals a clear move forward in its approach to AI, recognising how financial services already are making good use of certain AI tools to tighten up compliance.

Complexity and bias

So what are the issues that are standing in the way of wider adoption of AI? Well, to start with is the inherently complex nature of AI. If firms are to deploy AI, in any guise, they need to ensure they not only have a solid understanding of the technology itself but of the governance surrounding it. The main problem here is the shortage of programmers worldwide. With the list of businesses wanting to recruit programmers no longer limited to software businesses, now including any type of organisation who recognises the potential competitive advantage to be gained by developing their own AI systems, the shortage is getting more acute. And, even if businesses are able to recruit AI programmers, if it takes an experienced programmer to understand AI, what hope does a compliance expert have?

For the moment, there is still a nervousness among regulators about how they can possibly implement robust regulation when there is still so much to learn about AI, particularly when there is currently no standard way of using AI in compliance. With time this will obviously change, as AI becomes more commonplace and general understanding increases, and instead of the digital natives that are spoken about today, businesses and regulators will be led by AI-natives, well-versed in all things AI and capable of implementing AI solutions and the accompanying regulatory frameworks.

As well as a lack of understanding, there is also the issue of bias. While businesses have checks and balances in place to prevent human bias coming into play for lending decisions for example, they might be mistaken in thinking that implementing AI technologies will eradicate any risk of bias emerging. AI technologies are programmed by humans and are therefore fallible, with unintended bias a well-documented outcome of many AI trials leading certain academics to argue that bias-free machine learning doesn’t exist. This presents a double quandary for regulators. Should they be encouraging the use of a technology where bias is seemingly inherent and if they do pave the way for the wider use of AI, do they understand enough about the technology to pinpoint where any bias has occurred, should the need arise? With questions such as this, it’s not difficult to see why regulators are taking their time to understand how AI fits with compliance.

Complementary AI

So, bearing all this in mind, where are we seeing real benefits from AI with regards to compliance, if not right now but in the near future? AI is very good at dealing with tasks on a large scale and in super-quick time. It’s not that AI is more intelligent than the human brain, it’s just that it can work at much faster speeds and on a much bigger scale, making it the perfect fit for the data-heavy world in which we all live and work. For compliance purposes, this makes it an ideal solution for double-checking work and an accurate detector of systemic faults, one of the major challenges that regulators in the financial sector in particular have faced in recent years.

In this respect, rather than a replacement for humans in the compliance arena, AI is adding another layer of protection for businesses and consumers alike. When it comes to double-checking work, AI can pinpoint patterns or trends in employee activity and customer interactions much quicker than any human, enabling remedial action to be taken to ensure adherence to regulations. Similarly, by analysing the data from case management solutions across multiple users, departments and locations, AI can readily identify systemic issues before they take hold, enabling the business to take the necessary steps to rectify practices to guarantee compliance before they adversely affect customers and before the business itself contravenes regulatory compliance.

Similarly, when it comes to complaint management for example, AI can play a vital role in determining the nature of an initial phone call, directing the call to the right team or department without the need for any human intervention and fast-tracking more urgent cases quickly and effectively. Again, it’s not a case of replacing humans but complementing existing processes and procedures to not only improve outcomes for customers, but to increase compliance, too.

At its most basic level, AI can minimise the time taken to complete tasks and reduce errors, which, in theory, makes it the ideal solution for businesses of all shapes, sizes and sectors. For highly regulated industries, where compliance is mandatory, it’s not so clear cut. While there are clearly benefits to be had from implementing AI solutions, for the moment, they should be regarded as complementary technologies, protecting both consumers and businesses by adding an extra guarantee of compliant processes. While knowledge and understanding of the intricacies of AI are still growing, it would be a mistake to implement AI technologies across the board, particularly when a well-considered human response to the nuances of customer behaviours and reactions play such an important role in staying compliant. That’s not to say that we should be frightened of AI, and nor should the regulators. As the technology develops, so will our wider understanding. It’s up to businesses and regulators alike to do better, being totally transparent about the uses of AI and putting in place a robust, reliable framework to monitor the ongoing behaviour of their AI systems.

Continue Reading

Technology

Simplifying the Sector: How low code can aid digital transformation in financial services

Published

on

Simplifying the Sector: How low code can aid digital transformation in financial services 3

By Nick Ford Chief Technology Evangelist, Mendix

From online banking to contactless payments and Apple Pay, it has been well demonstrated that the financial services industry is significantly ahead of many others when it comes to technology.

Traders, as well as customers, are now armed with the latest advances in technology and able to operate at super speed with more information at their fingertips than ever before.

However, the sector has not been immune from challenges created by COVID-19. The most significant challenge is maintaining the level of innovation they have been historically known for, with constrained budgets and smaller teams.

The pressure is on

The financial services sector is certainly quite complicated. There are many different regulatory bodies that monitor corporate conduct, which can make innovation a slow and arduous task. It also means that every time a new law is implemented, the sector needs to adjust to it, and that can mean anything from revising security protocols to radically changing the way information is processed, transmitted or audited.

This makes the job difficult for IT managers in the sector. Many of the systems they’re dealing with are old fashioned, dating back many decades and therefore not up to standard when it comes to performance and security. With lockdown restrictions meaning most sector staff are working remotely, this adds an extra pressure to IT teams that now have to ensure systems, data and work devices are functioning and always accessible. Digital transformation can help with this and a recent Mendix study found that 76% of IT managers in the sector believe it can improve operational efficiency.

Tech as a necessity

The sector now must be alert due to a new emerging challenge – the tech savvy customer. The modern age means customers are demanding much more from the services they are offered, with two things being highly desired; speed and transparency. As a result, many banks, hedge funds, and investment firms are investing in the appropriate technology to help meet these demands. The data that comes with upgrading ultimately allows financial institutions to better understand their customers and tailor their services more accurately to the changing trends influencing customer behaviour, Being able to have such knowledge is becoming more vital, as the pandemic continues to significantly affect the behaviour patterns of consumers and the preferences driving them.

Investing in technology can also increase efficiency within the sector at a time where teams and budgets are stretched, which can obviously have massive benefits. Digital transformation also leads to faster, better performing systems provides teams with the right tools they need to effectively get their job done. Tech is no longer a fintech privilege – it’s a currency. So much so that nine out of 10 IT leaders in financial services believe their firm will need to invest in digital projects over the next two years, just to survive in a rapidly changing market.

Powering digital transformation with low-code

To manage these different priorities, IT teams need to look beyond themselves and collaborate with different departments to create revenue-generating services that truly answer the clients’ needs – and it needs to empower all developers with the right tools to do so. This improved collaboration between IT and customer-facing staff means that services are designed to suit the needs of the customer-base, whilst reducing the pressure of an already-stretched IT team.

Low-code is one way to foster this collaboration. It requires little coding knowledge or expertise, meaning software development or the creation of business applications can include staff with non-technical backgrounds. Instead of having a back and forth between tech teams and other departments – of which miscommunication is always a risk – the development of apps can be  inclusive involving a variety of teams, bringing together those that understand the business problems with those that understand the IT landscape, core systems and services to contribute to the vision of a product. IT stays in control with governance and guardrails built in to ensure compliance to the various standards required.

Digital transformation is an ongoing process in every industry. With low-code programming some of the current complexities and challenges facing the financial services sector can be tackled, allowing it to fully step into the digital age and continue being a hub of technological innovation.

Continue Reading

Technology

Leading from the front – why decision makers must embrace automation

Published

on

Leading from the front - why decision makers must embrace automation 4

By Jeppe Rindom, Co-founder & CEO, Pleo

Ask any decision maker at a business about admin and you’re likely to be met with a familiar response – it’s a necessary evil that swallows time, but also helps inform strategic choices. Informed decisions are always better than uninformed ones, but many businesses still rely on outdated legacy processes to gather the data they need to make critical choices… and we’ve all seen the perils of a poorly maintained Excel spreadsheet in the news recently.

At director level, these administrative tasks can consist of signing off expenses or monitoring company spending to inform upcoming budgets. Although crucial to running a business well, these can be time-consuming and frustrating when you don’t have the right tools to make sense of it all. The solution? A simple change of approach.

A logical solution

This is where automation comes in. Over the last decade, we’ve seen how technologies including chat-bots and artificial intelligence have impacted everyday business, from customer-services and marketing to data analytics and time-management. More than ever, this is allowing employees to free  up time to work more efficiently and focus on business-critical tasks. But this isn’t a quick fix. At a decision making is required. Ironically, a lot of these tasks relate to how a business can improve efficiency and productivity.

Add in the fact that many of these senior staff members have tight schedules, and can’t afford to spend several hours trawling through spreadsheets, and it’s little wonder high level admin is still an issue. In a recent customer survey, we found that 75% of senior managers spend over an hour a week on expense reports, with 14% losing nearly a whole working day (five hours or more) a week to managing them – time that could be better spent growing their business. The same study found that our platform saves people an average of 11.5 hours a month on managing company expenses. If you consider this could mean an extra day for a CFO or Finance Director to spend on more essential tasks, such as business forecasting or growth planning, the reward for investing in well designed automation at this level is clear.

Building trust

Jeppe Rindom

Jeppe Rindom

But, automation isn’t just a case of saving time; it also fosters trust. Our study found that over half (51%) of users agreed that automating the laborious parts of their expenses like receipt capture, categorisation and expense reports also helped them build trust within their organisation. Automation helped them to excel at the things they’re most interested in, and were actually hired to do. I’m a huge advocate of empowering people with the tools they need to succeed. And through the empowerment automation brings, it’s only natural that employees begin to feel their worth in the business and that they are trusted.

A business-wide approach

Yet for automation to work, a company-wide understanding of its potential is vital. Adoption by senior staff should not be seen as simply a fringe benefit, as automation relies on understanding and endorsement from all levels of a business to work efficiently. A report titled ‘Automation and the future of work,’ published by the British Government in September 2019 noted that the successful implementation of automation “relies on managers and business leaders themselves being able to understand the potential of automation and the impact of technological change.” In this respect, managers will be your biggest ally when embracing automation. Any manager worth their salt understands the benefits of leading through example, and by creating automation ‘advocates’, businesses can ensure teams are comfortable with the impending change. While many busy managers often resist new processes (especially those to do with unfamiliar technology), they usually find that investing a short amount of time getting to grips with an automation platform pays off in the long term.

One of the most frequent pieces of feedback we receive is that an effectively automated platform allows staff to focus on strategy, culture and creativity, with the knock-on effect of automating mundane tasks being felt throughout an entire organisation, not just one relieved individual.

Having a smart, automated platform can also massively reduce the chance of human error at an early stage. This can be disastrous when data is relied upon to make important decisions at a later date. In this respect, having access to accurate information can be a game-changing benefit for decision-makers, particularly those working under increased pressure.

At a time when businesses are facing rapid and unpredictable changes, ensuring your business is equipped with the right tools for success is crucial. And while automation may seem an intimidating change, the huge benefits it can bring to both processes and culture will outweigh any initial concerns. By giving senior staff and their team members alike the ability to embrace smart automation, efficiency will speak for itself, and your business’ success will flourish.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Research exposes the £68.8 billion opportunity for UK retailers 5 Research exposes the £68.8 billion opportunity for UK retailers 6
Business2 days ago

Research exposes the £68.8 billion opportunity for UK retailers

Modelling shows increasing the proportion of online sales by 5 percentage points would have significantly boosted retailers’ revenues during the...

Want to serve your customers better? An effective online strategy is what financial institutions need  7 Want to serve your customers better? An effective online strategy is what financial institutions need  8
Business2 days ago

Want to serve your customers better? An effective online strategy is what financial institutions need 

By Anna Willems, Marketing Director, Mention A strong online presence matters. Having a strong online presence, that involves social media...

The rise of AI in compliance management 9 The rise of AI in compliance management 10
Technology2 days ago

The rise of AI in compliance management

By Martin Ellingham, director, product management compliance at Aptean, looks at the increasing role of AI in compliance management and just...

Simplifying the Sector: How low code can aid digital transformation in financial services 11 Simplifying the Sector: How low code can aid digital transformation in financial services 12
Technology2 days ago

Simplifying the Sector: How low code can aid digital transformation in financial services

By Nick Ford Chief Technology Evangelist, Mendix From online banking to contactless payments and Apple Pay, it has been well...

Why the Boom is Long Overdue (and Here to Stay) 13 Why the Boom is Long Overdue (and Here to Stay) 14
Business2 days ago

Why the Boom is Long Overdue (and Here to Stay)

By Roger James Hamilton, CEO, Genius Group Virtually every aspect of our lives has been taken over by tech, so...

5 Sustainability Lessons That Are Crucial For Business Success 15 5 Sustainability Lessons That Are Crucial For Business Success 16
Business2 days ago

5 Sustainability Lessons That Are Crucial For Business Success

By Michael Stausholm, founder of Sprout World (sproutworld.com) Sprout World is the eco-company behind the world’s only plantable pencil, with...

Why financial brands need to understand consumer vitality 17 Why financial brands need to understand consumer vitality 18
Business2 days ago

Why financial brands need to understand consumer vitality

By Carolyn Corda, CMO at data consortium ADARA Our day to day lives have been turned upside down. Office workers have...

Why and how a modern marketing strategy should put customer experience first 19 Why and how a modern marketing strategy should put customer experience first 20
Business2 days ago

Why and how a modern marketing strategy should put customer experience first

By Jim Preston, VP EMEA, Showpad In 2004, the Leading Edge Forum coined the term ‘consumerisation of IT’, defining a...

Leading from the front - why decision makers must embrace automation 21 Leading from the front - why decision makers must embrace automation 22
Technology2 days ago

Leading from the front – why decision makers must embrace automation

By Jeppe Rindom, Co-founder & CEO, Pleo Ask any decision maker at a business about admin and you’re likely to...

Business first, not compliance only is the future for accountants 23 Business first, not compliance only is the future for accountants 24
Business2 days ago

Business first, not compliance only is the future for accountants

By Peter Bracey, MD at Bracey’s Accountants.  The past few months have underlined the need for better business insight to reduce...

Newsletters with Secrets & Analysis. Subscribe Now