By Stuart McClymont, co-founder and MD, base60 Consulting
We are all familiar with silo-orientated organisations having a right hand that never quite knows what the left hand is up to.While large organisations are addressing this challenge internally in a continuing efficiency drive, the problem is in a different league altogether when poor communication between regulatory bodies results in conflicting requirements. This can lead to an organisation in an effort to comply with one regulatory requirement fall foul of another.This conflict is a significant problem to market participants on both a national and international scale.
Regulators need to talk
The issue is that regulatory bodies act independently of each other, and the market, they have different objectives and often make different interpretations of international guidelines. Regulators are understandably keen on market transparency, protection and confidentiality, but it doesn’t take much imagination to realise that transparency and confidentiality are often mutually exclusive.
MiFID and GDPR conflict
The MiFID II transparency requirements around transaction reporting require personal information about the actual individual person executing a transaction,and this collides with the General Data Protection Regulation (GDPR) around individuals’ personal information.Fraud and identity theft is increasing at a time that transaction reporting requires a large amount of personal information required to be captured across multiple industry infrastructures,and this surely increases the risk of personal data not being protected.It would have made sense for the regulators to have asked market participants how they keep individuals’ personal data confidential, and, in parallel ellicit suggestions from market participants as to how they could increase the transparency of individuals’ transactions.Armed with this knowledge the regulators could have improved the legislative and regulatory requirements around transparency and confidentiality with all players on board form the get go.
How it started
Back in 2004/05 it was apparent that the FED in the US was uncomfortable with the level of outstanding unsigned confirmations for Credit Derivative Swap (CDS) across the global CDS market. The major market participants, who accounted for most of the transaction volume, worked together to address the issue. Known as the G14 Dealers, they agreed among themselves a set of self-regulated targets to reduce this back-log, and to track and report progress against these targets to the FED on a regular basis. These became known as the ‘FED Targets’.Through working collaboratively together, the G14 market participants not only reduced the backlog and average time confirmations remained unsigned, but also developed an industry standard electronic confirmation messaging language, the Financial products Markup Language (FpML).Participants of trades then used technology to electronically match confirmations and eliminate the manual, lengthy and time-consuming process around paper confirmation. This electronic matching not only eliminated the back log of paper confirmations but was also scalable to support increased trading volumes across the global markets. This is a great example of market participants, who understand their products and processes, introducing changes to increase control in a self-regulated environment and providing ongoing transparency to the regulatory community.
Independent interpretation of 2009 commitments
In 2009, the G20 summit in Pittsburgh agreed four commitments around Global over-the-counter (OTC) Derivatives:
- Reporting OTC Derivatives to Trade Repositories
- Increased use of central counterparties for OTC Derivatives
- Execution of OTC Derivatives on electronic trading platforms
- Increased use of collateral and risk mitigation techniques.
Each G20 country then independently interpreted the global Pittsburgh OTC Derivatives commitments and developed them into local legislation. Not only did each country interpret the four high level commitments differently but they also implemented different regulatory requirements – Dodd-Frank (US), ESMA (Europe) and JFSA (Japan) – and had different compliance timeframes. Depending on the location of their primary regulatory supervisor, market participants were then faced with the challenge of having to comply with the different requirements when products were being traded between market participants across national borders.
It is understandable that each country wanted to assume control of implementing the changes given that most countries had to bail out organisations domiciled in their countries using taxpayers’ money.But it is in times of stress that we need global collaboration and harmonisation across regulators and not local protectionism by local regulators.
Fast forward to 2014/15 and many market participants had to implement bespoke tactical solutions to comply with the differing regulatory requirements across the globe.Moreover,it is doubtful that any regulator has a full and accurate transparency over the global OTC Derivative market place.
The solution – a collaborative approach
A small group of the G14 Dealers (albeit a few names have disappeared due to the bankruptcies in 2008) again started to work together to understand how to simplify and automate this complex, costly and fragmented infrastructure. They identified opportunities to optimise collective investment in technology and resources to increase control, capacity and client service, while delivering against regulatory requirements, through collaboration, innovation and market participation.
There is little doubt that a collaborative approach, bringing together market practitioners is logical for matters of regulation and market safety. The FCA is sensibly using the sandbox approach to provide an environment where participants can collectively design, develop and test solutions to meet regulatory objectives. The Monetary Authority of Singapore (MAS) adopts a similar approach.
Ongoing regulatory consultation with market participants is also imperative ahead of introducing regulatory rules and requirements even sometimes at a very basic level. A simple and recent example where this hasn’t happened is with the implementation date of MiFID II. Given the significant ‘go-live’ challenges that MiFID II imposes on all market participants it would have made sense for the implementation date to be on a Monday (so that the preceding weekend could be used to migrate, test and deploy) or in the quiet market period between Christmas and New Year 2017 to minimise and mitigate the risks of go-live for all market participants. However, the regulators decided to choose Wednesday 3rd January 2018 for its implementation which is firstly in the middle of a week and secondly the day after the first full global trading day of 2018.
What regulators should do
On the basis that regulators have access to everything, and don’t like surprises, there are three broad processes that would assist regulators when formulating regulations:
- Consult with market participants who have a deep understanding of the market and its processes and have the expertise to suggest workable solutions to meet multiple regulatory objectives in a sustainable and efficient manner.
- Harmonise interpretations and regulations through cross border regulatory conversations and by working with the global international governance bodies.
- If they’re looking at a market that is subject to other regulations (e.g. GDPR), sit down and consult with the other regulator(s) (e.g. MiFID II) to ensure that there are no conflicting requirements. Regulatory bodies have differing objectives and lens of focus. This is understood, but all large organisations have different objectives across different departments and they work together to ensure that they are all achieved by talking and communicating.
People affect change communicating and collaborating and this leads to the right changes being made for all.
The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk
Research by Egress reveals organisations suffer outbound email data breaches approximately every 12 working hours
Egress, the leading provider of human layer data security solutions, today released their 2020 Outbound Email Data Breach Report, which highlights the true scale of data security risks related to email use. 93% of IT leaders surveyed said that their organisation had suffered data breaches through outbound email in the last 12 months. On average, the survey found, an email data breach happens approximately every 12 working hours.*
Rising outbound email volumes due to COVID-19-related remote working and the digitisation of manual processes are also contributing to escalating risk. 94% of respondents reported an increase in email traffic since the onset of COVID-19 and 70% believe that working remotely increases the risk of sensitive data being put at risk from outbound email data breaches.
The study, independently conducted by Arlington Research on behalf of Egress, interviewed 538 senior managers responsible for IT security in the UK and US across vertical sectors including financial services, healthcare, banking and legal.
Key insights from respondents include:
· 93% had experienced data breaches via outbound email in the past 12 months
· Organisations reported at least an average of 180 incidents per year when sensitive data was put at risk, equating to approximately one every 12 working hours
· The most common breach types were replying to spear-phishing emails (80%); emails sent to the wrong recipients (80%); incorrect file attachments (80%)
· 62% rely on people-led reporting to identify outbound email data breaches
· 94% of surveyed organisations have seen outbound email volume increase during COVID-19. 68% say they have seen increases of between 26 and 75%
· 70% believe that remote working raises the risk of sensitive data being put at risk from outbound email data breaches
When asked to identify the root cause of their organisation’s most serious breach incident in the past year, the most common factor was “an employee being tired or stressed”. The second most cited factor was “remote working”. In terms of the impact of the most serious breach incident, on an individual-level, employees received a formal warning in 46% of incidents, were fired in 27% and legal action was brought against them in 28%. At an organisational-level, 33% said it had caused financial damage and more than one-quarter said it had led to an investigation by a regulatory body.
Traditional email security tools are not solving this problem
The research also found that 16% of those surveyed had no technology in place to protect data shared by outbound email. Where technology was deployed, its adoption was patchy: 38% have Data Loss Prevention (DLP) tools in place, while 44% have message level encryption and 45% have password protection for sensitive documents. However, the study also found that, in one-third of the most serious breaches suffered, employees had not made use of the technology provided to prevent the breach.
Egress CEO Tony Pepper comments: “Unfortunately, legacy email security tools and the native controls within email environments, such as Outlook for Microsoft 365, are unable to mitigate the outbound email security risks that modern organisations face today. They rely on static rules or user-led decisions and are unable to learn from individual employees’ behaviour patterns. This means they can’t detect any abnormal changes that put data at risk – such as Outlook autocomplete suggesting the wrong recipient and a tired employee adding them to an email.”
“This problem is only going to get worse with increased remote working and higher email volumes creating prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle. Instead, organisations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spots errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake.”
Organisations still cannot paint a full picture of the risks, relying on people-led reporting to identify email breaches, despite severe repercussions
When an outbound email data breach happens, IT leaders were most likely to find out about it from employees. 20% said they would be alerted by the email recipient, 18% felt another employee would report it, while 24% said the employee who sent the email would disclose their error. However, given the penalties that respondents said were in place for employees who cause a breach, it is not guaranteed that they will be keen to own up, especially if the incident is serious. 46% said that the employee who caused a breach was given a formal warning, while legal action was taken in 28% of cases. In 27% of serious breach cases, respondents said the employee responsible was fired.
Tony Pepper comments: “Relying on tired, stressed employees to notice a mistake and then report themselves or a colleague when a breach happens is unrealistic, especially given the repercussions they will face. With all the factors at play in people-led data breach reporting, we often find organisations are experiencing 10 times the number of incidents than their aware of. It’s imperative that we build a culture where workers are supported and protected against outbound email breach risk with technology that adapts to the pressures they face and stops them from making simple mistakes in the first place. As workers get used to more regular remote working and reliance on email continues to grow, organisations need to step up to safeguard both employees and data from rising breach risk.”
Creating an engaging email marketing campaign that avoids the junk folder
By David Wharram, CEO of Coast Digital
With more than 280 billion emails sent every day, email marketing is a tried and tested marketing method with a multitude of benefits. In addition to resonating with those looking to save on their marketing spend, email marketing generates significant ROI for businesses. Statistics have shown that email marketing significantly outperforms social media when trying to reach customers, while also proving more cost-effective. Additionally, Mckinsey found that email marketing is 40 times more successful at gaining customers than Twitter and Facebook combined.
As business owners digest these facts – low cost, high return – it can be tempting to plan a barrage of untargeted marketing emails to both prospective and existing customers. Yet, this “spray and pray” approach may not generate as many sales leads as you’d hope. In fact, this method often tends to deter prospective customers and impact the relationship with existing clients, resulting in your emails consistently making their way into the junk folder. The key to a successful email marketing campaign is investing in the right tools to plan, automate, track, and analyse your outreach.
Like other marketing channels, email marketing takes effective planning and the right strategy to make it work. Rather than trying to sell a product or service from the outset, you need to engage with the customer and build trust with them first. To do this, you need to consider who the customer is, how to reach them and what information they are likely to want. For example, returning customers will be much more receptive to an email presenting discounts and timed offers. However, new or prospective customers would most likely prefer to familiarise themselves with your businesses first in order to understand how your product or service will benefit them.
Not only do you need to identify different audiences and identify how to engage them, but you should also consider the frequency of communication. Too often, and your emails could appear as spam. Too irregular and there’s a risk the customer might forget about you or turn to a competitor.
A crucial part of planning the overall strategy is considering the ideal outcome. Whether this is to attract new customers, send product or service updates, or retain customers through offers and discounts, the objective will determine the scope of the entire campaign.
The results of a well thought out email marketing strategy can drive brand awareness, boost lead generation and increase revenue. The results of a poorly planned strategy often lead to disgruntled recipients and a high number of unsubscribes.
Keep content relevant, personal and useful
In addition to planning the overall strategy of your campaign, you need to consider the content you will push out to your audience. From our experience, this will largely depend on which goals have been determined during the planning process.
It’s essential to ensure you’re providing something of value. While you want to make sure that your email marketing campaigns generate ROI, you also need to make the recipients feel that they’re not always being sold to. The key to this is by building a level of trust with the audience, which can be achieved by providing relevant advice and insights, or by asking for feedback.
Additionally, audiences are more receptive to content that is personal to them. It’s easy to spot a generic email that has been created to cover all bases for an entire mailing list. Therefore, making the emails more personalised to recipients tends to strengthen the overall campaign.
According to recent research by Econsultancy, personalisation remains a top priority for marketers as 67% of those asked said that was the main focus for improving their campaigns. Also, a study by Salesforce found that 84% of consumers prefer to be treated like a person not a number. That’s why taking the time to make content more relevant to the receiver could make or break the campaign.
Evaluate and evolve
Once your initial outreach has been complete, you need to take the time to reflect on your efforts. One aspect of the planning process should include setting clear metrics and KPIs so that you can be clear on whether these were met or not. There are several metrics that businesses should consider when it comes to the success of their campaign – including clickthrough rate, conversion rate, bounce rate and email forwarding rate. Each KPI will depend on the overall goal. Companies need to invest in the right tools and resources to evaluate email marketing campaigns, especially if this is new territory. Measuring the success of your outreach will enable you to determine what worked well, what needs refining or what needs to be completely overhauled. What’s more, if the initial campaign didn’t generate the outcome you were hoping, don’t be deterred from using email marketing altogether and instead use it as an opportunity to learn and improve.
Email marketing remains one of the most effective methods to engage with your audience on an ongoing basis. However, far too many businesses try to run before they walk and could be spamming their customers with irrelevant, uninteresting content. To ensure your outreach is successful, you need to effectively plan your outreach – considering your audience and delivering helpful and engaging content to them will help your emails avoid the dreaded junk folder.
How to communicate when the world is in crisis
By Callum Jackson Account Executive at communications agency Cicero/AMO
Across sectors both private and public, the coronavirus crisis has brought with it a list of overused yet unavoidable tropes. Phrases such as ‘rapidly changing times’, ‘the new normal’ and the king of COVID clichés ‘unprecedented’ have been deployed by communications experts of all ilks to engage audiences, linking their products and businesses to the pandemic however they can. In fact, amongst online news articles from January to September this year, ‘unprecedented’ received about six times more column space than over the same period in 2019. The financial services sector is far from immune – a quick scan of the 21.9 million Google results which the search term “unprecedented banking covid” throws up reveals a distinct preference for the platitudinal over the insightful.
But as often as this is said, it bears repeating: communication plays a central role in all of our lives and all of our businesses. In the banking and financial services sector, one PR misstep can mean the difference between an investment round succeeding or failing, between a challenger being awarded its coveted banking licence or having its reputation demolished, between a fintech app appearing on every other smart phone in the country or dying an obscure death.
While communication is vital, however, it is not a straightforward science or art at the best of times. Below are some key approaches for comms professionals to consider taking when communicating during a crisis.
- Start with the bank in the mirror
In all sub-sectors of the comms industry, from in-house external comms to agency PR and everything in between, inauthenticity stands out like a sore thumb, and badly thought-through messaging or imagery can reek of it. Take Pepsi’s heavily pilloried 2017 ad campaign featuring Kendall Jenner, the imagery of which attempted to position the soft drink – and the business producing it – as a saviour of divided and oppressed communities. Accused of seeking to capitalise on the Black Lives Matter movement, Pepsi rightly pulled the commercial and apologised for missing the mark entirely. Interrogating what your business stands for, what it does well, what its goals are and, most importantly, what it is not in the business of (in the case of Pepsi, saving the world) is essential to communicating with your stakeholders authentically. This has been conventional wisdom amongst banking and finance grandees for a while. In 2015, Tesco Bank’s then CEO Benny Higgins noted, “Authenticity [is critical] – we all have strengths and weaknesses but being authentic gives a consistent notion of what your leadership is about.” By all means, talk about doing good but make sure it’s good you’re actually doing.
- Read the room
Being aware of your audiences’ needs is two-fold. First, it is about identifying the topics that consumers of news (be they your customers, your suppliers or the general public) want and need to hear about, and secondly, it’s about being sensitive to audiences’ anxieties and preoccupations. Our current environment is characterised by companies asking staff to take pay cuts, having furloughed others at 80% of their salary, all while social distancing or staying home. During these – yes, unprecedented… – anxiety-inducing times, money saving advice, working from home tips, and information on the best cost-saving financial products are subjects of interest and necessity to journalists and readers. Listicles of the best luxury summer getaways are not. Think about what your business or client is doing that might directly help those who are worst affected and use that as a springboard for your communications messaging.
- Look ahead
In late 2019, few of us could have foreseen the sheer magnitude of a potential pandemic, nor indeed its short-term and residual effects on the economy, society, and individual financial institutions. However, as professionals in charge not only of spreading the good news but also of putting out reputational fires, it is the duty of financial services PRs to game various scenarios – sorted by likelihood and impact – pre-empting possible outcomes and preparing for the negative fallout as well as the positive opportunities a situation might present. Looking ahead to identify these ‘opportunities’ is not per se a cynical attempt to boost business reputations or commercial outcomes. It can and should involve looking ahead to ascertain the potential silver linings, gifts in disguise, and diamonds in the rough that come along with a crisis. One unforeseen consequence of the COVID-19 pandemic has been a reminder of the warmth, appreciation and even love we feel towards the frontline workers of the NHS. If yours is the company that finances the manufacture of their uniforms, insures the production of their machinery, or invests on behalf of the factory that makes their PPE, you should be proud of that and should let others be proud too. All this requires
foresight, however – the ability to identify both the risks and opportunities of a dire situation.
- Adapt your offering
Shouting from the rooftops about something you do well, especially when it has a net good impact on the world, is nothing to be ashamed of. In fact, a surprising number of businesses are actually quite bad at telling us what’s good about them – particularly those that need to the most: banks. Cue the PR professional. But that quality of self-promotion – not in the sneering, braggartly sort of way; but rather the recognition that telling your story is how people get to know you – only stands up when what you’re promoting really is good, both morally and commercially speaking. If you are planning a campaign showing that your customer, The Big Bad Oil & Gas Company Ltd., is doing wonders for the planet, it had better be investing heavily in wind and solar, offsetting its carbon output and cleaning up natural areas affected by its commercial activities, and not just paying lip service to environmental conscientiousness. And if your customer or your own business isn’t doing those things, it is time to re-evaluate the corporate strategy. Too many heads of comms are cautious of recommending product and operational changes that require significant investment for fear of CEOs’ eyes rolling back into their heads with ‘dollar shock’. But if you want to be known for doing something good, you had better do it well.
- Take advantage of digital
It comes as no surprise that shares in videoconferencing services such as Zoom (NASDAQ: ZM) just about doubled between late January and mid-April (up to $142.80 from $70.44). As demand for online services increases due to prolonged social distancing and isolation measures, so too does the need for journalists, and therefore PRs, to produce quality digital content that speaks the language of technology. Rather than asking how your logo will change or about the latest appointment to your board, media and the audiences that read them are increasingly asking, ‘How does your company’s offering help us do business, manage our money, or lead better lives by harnessing smart data, open finance, AI, etc.?’ Or more generally, ‘How can I do all the things I’m used to doing and need to do without leaving my house?’ Most banks provide online banking, most insurers allow digital policy purchases and claims, most lenders enable virtual applications or use digital ID to confirm affordability and suitability. If your business is lagging behind, it’s time to catch up.
- Put a relevant twist on business as usual
“Well, our business doesn’t do anything to do with viruses,” is a natural reaction to a crisis that no one saw coming and that stands to affect the global economy in a meaningful way for years to come. But, as well as being natural, it is also limiting. Thinking creatively about the ways our product offerings and operations do, in some way, affect the outcome of a crisis does not have to extend to preventing the spread of a disease or accelerating the creation of a vaccine. It may be that your lending platform can offer mortgage holidays for those financially impacted by the pandemic or that the insurer you work for can interpret policies leniently and with compassion – especially important in light of the FCA’s recent finding on business interruption insurance. Showing your worth in a crisis does not require you to be a central cog in the machine, nor does it require you to dominate the narrative in order to have cut-through. Do your bit, however small, and then tell us about it.
Being alive to developments in politics, society, culture, science and business, and remaining nimble and ready to adapt to those developments sensitively are the cornerstones of good communications. The ancient Greeks knew this before we did; it was no storytelling accident that Olympus’ divine messenger, Hermes, wore winged sandals. The metaphor may be ham-fisted, but the sentiment is sound: sensitivity, fleet-footedness and boldness are the communicator’s greatest weapons. Don’t be a Pepsi, be a Hermes.
Digital collaboration: Shaping the Future of Finance
By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn With heightened economic uncertainty and increased customer expectation becoming...
The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk
Research by Egress reveals organisations suffer outbound email data breaches approximately every 12 working hours Egress, the leading provider of human layer data security solutions, today released their 2020 Outbound Email Data...
Regulating innovation: the biggest challenge in payments
By Fady Abdel-Nour, Global Head of M&A and Investments, PayU Over the course of the last six months, the payments...
Investors remain worried about COVID, but positive towards stamp duty holiday
By Jamie Johnson, CEO of FJP Investment The journey back to economic normality will be strenuous. COVID-19 has imbued many...
Creating a culture of cybersecurity in Financial Services
By Martin Landless, Vice President for Europe at LogRhythm As the financial services sector increasingly moves online and reaps the...
How the financial sector can keep newly acquired customers returning time and time again
By Dicken Doe from Foolproof, a Zensar company Covid-19 has changed the financial lives of millions; what worked for people...
Creating an engaging email marketing campaign that avoids the junk folder
By David Wharram, CEO of Coast Digital With more than 280 billion emails sent every day, email marketing is a...
Cloud in Banking: An Opportunity That Can’t be Ignored
By David Rimmer, Research Associate at Leading Edge Forum Originally offered as a better way to build IT systems, cloud...
Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert
The rapid adoption of contactless payments during COVID-19 may be contributing to multiple strands of fraud Monica Eaton-Cardone, COO and...
Pay and Go, why seamless checkout is essential for the customer experience
By Ralf Gladis, CEO, Computop Shopping for many is therapy…until they reach the queue for the checkout. It’s easier online...