Danny Maher, CTO, HANDD Business Solutions
When it comes to stealing data, thieves often look to the finance industry for rich pickings. Banks must think differently about how they manage their data to reduce the risk of it falling into the wrong hands. By analysing a data record’s journey through the organisation, financial institutions can govern and protect it along the way. In this article, we will explore how that works and where to begin as you rethink data governance.
Banks can’t afford to ignore data security in the light of mounting cyberthreats. In April, Global Banking and Finance Review reported on Verizon’s 2017 Data Breach Investigations survey. The financial services sector was the number one global target for data compromise, accounting for a full quarter (24 per cent) of all breaches.
Hacked banks have littered the headlines for years. In 2015, JP Morgan and other banks were victims of a concerted cybercrime campaign that harvested the customer data of over 100 million people. The following year, criminals hit Qatar National Bank and leaked 1.4Gb of sensitive data online, including passwords, PINs and payment card data for hundreds of thousands of customer accounts. These organisations all made the same understandable mistake: They didn’t map out their data’s journey properly.
Data is one of a bank’s most valuable assets, but if not tightly controlled, it can quickly become a liability. By separating a data record’s journey throughout a bank into distinct phases with individual characteristics, financial institutions can make use of its value while minimising its risk. In its work across finance and other sectors, HANDD has identified five states in the data journey.
All records begin their journey when the bank creates them. This can happen via online channels, on the telephone, or in many cases, at the branch when new customers open accounts.
These records go beyond sensitive data such as customer records. Banks should include documents created internally in their analysis, ranging from risk models through to operating reports.
Each of these individual data assets will have its own level of sensitivity, and processing requirements outlined by financial regulators. Banks must keep some data records for longer than others, for example. Understand these characteristics and bind them individually to each document or record for future use. This is a key requirement if banks are to manage data consistently and at scale.
Data classification tools will use metadata as the solution to these problems. They can tag each record with specific labels describing these characteristics. Future applications can ‘read’ these tags and use them to decide how they should treat the associated record.
Banks can train employees to choose the right labels and tag new records as a matter of course, so that no new records enter the organisation without applications knowing what to do with them.
Go beyond tagging new records, though. All banks will have an ocean of existing data that they should also classify to avoid it becoming a liability. Use data discovery tools to find these records and classify them. In many cases, these tools can tag existing data based on predefined rules, leaving administrators to enlist employees’ help with ad hoc records that don’t fit the existing categories.
Classifying data up front will help to solve one of the biggest problems facing UK companies: a lack of differentiation in data security investment.
HANDD surveyed 304 IT professionals and found that 41.4% of them allocated the same level of security resource and expenditure for all company data, regardless of its importance. This theoretically means that they are spending the same time and money securing internal memos about lunch breaks as they are customer records. These companies are not putting their security budgets to work effectively. Data classification can change that.
The next stage in the data journey highlights the importance of good classification. Without probably classifying data, a bank won’t know how to store it optimally. Should they encrypt it on high-speed solid-state internal storage, or leave it in plain text on a slower hard drive?
Proper data classification makes the next stage in the data journey easier: access. Not everyone should have access to all data. Tying information about data to its record makes it possible to decide automatically whether someone should see it, and whether they can edit it.
Identity and access management (IAM) systems have a big part to play at this stage. Financial institutions can use them to securely authenticate employees using enhanced mechanisms such as two-factor authentication.
2FA uses something you know, such as a password, along with something you have, such as a hardware token. Biometric systems take it a step further, using ‘something you are’, such as your fingerprint, making it still harder for one person to impersonate another.
Many banks will have an existing directory management system such as Active Directory. This will contain employee access credentials along with information about their roles and responsibilities at the bank.
When a user accesses a data asset, IAM systems can combine this information with record metadata to provide them with only the privileges that they need, and no more.
The next stage in a data record’s journey is sharing. Left unmanaged, data has a way of leaving an organisation in potentially disastrous ways as users share the data inappropriately via channels ranging from email to social media, or plain old printed paper.
Rights management and data leak prevention systems can govern how users share records, and who with. Combine these tools with user training to prevent inappropriate sharing.
Without this level of visibility and control, banks face expensive mistakes. Earlier this year, Scottrade admitted that 20,000 customers’ personal data was openly available online after a third-party vendor accidentally uploaded it to a server in plain text. When it came to managing sensitive data, no one was at the steering wheel.
Given the financial sector’s heavy regulation, banks should not overlook what happens to a data record when it reaches the end of its life. Eventually, a bank must dispose of the record either because it is no longer useful, or because regulators mandate it.
Map a record’s metadata against a disposal policy. Some records may need erasing. Others may still have value for historical data analysis, but might need to be stripped of personally identifying information and used in aggregated big data analytics. Create these policies so that you can dispose of or archive your data records responsibly.
All sectors must deal with these data governance challenges, but the financial sector has historically been especially data-intensive, meaning that the stakes are higher in this innovative and fast-moving industry. By thinking about data governance systematically, you can avoid your financial institution becoming the next unfortunate headline.
How banks can take on Google in the race for AI talent
By Nicola Sullivan, solutions director at candidate engagement tech firm Meet & Engage
The events of 2020 have made the battle for AI talent more ferocious than ever. In a volatile landscape where innovation is key, multinational firms are rolling up their sleeves for the inevitable scrum ahead.
For incumbent banks, the stakes are intimidatingly high. In one corner stand the fintech startups: the likes of Revolut and Monzo, who are snapping up AI-literate graduates while laying down pressure for capacity in exactly that area.
In the other corner, we find the Silicon Valley contenders of Amazon, Facebook and Google, who have phenomenal pay packages – not to mention glamour and visibility – on their side. And technologists with a finance background loom firmly in their crosshairs (Facebook employs hundreds of ex-banking recruits).
This unsettling picture is intensified by a chronic tech shortage: in a recent study by AI firm Peltarion, 83 percent of AI decision-makers agreed that a deficit of deep learning skills was seriously hampering their competitiveness. But, with the global impact of AI on financial services companies set to hit $140 billion in productivity gains and cost savings by 2025, banks need to find a way to break ahead and secure the AI talent they need. Here’s how:
Fish from a wider talent pool
We tend to think of AI in relation to a very niche set of qualifications. Yet in reality, it’s a fast-moving sphere that also requires a host of soft transferable skills such as problem-solving, agility, great communication and a sound analytical mind. In short, it’s less about what a candidate knows/does, and more to do with what they could know or do.
It’s worth thinking about whether you are being open-minded enough in your interpretation of tech talent. Do the AI roles you’re looking to fill need specific skills and criteria, or are they better suited to people who are inherently curious, intelligent and quick to learn?
Depending on the answer, you may want to expand your search from the bright young things of MIT or Berkeley to other related careers or older candidates with transferable skills. You may even want to look internally for the next generation of tech talent.
For example, if a bank’s customer-facing roles are declining but AI supply is not keeping up with demand, maybe this is a problem that could fix itself. The bank in question could run a two-week internal virtual AI internship to test interest, with the aim of rechanneling internal talent and avoiding redundancies. If AI is as critical as all forecasts suggest to the future of finance, investing in a more comprehensive approach like this may make a lot of sense.
Then there’s also the question of underrepresented groups. The proportion of black or latino people at major tech companies remains depressingly low, while women make up only a quarter of computing roles.
As well as driving equality, this issue of diversity is also a market gap that could be used for competitive advantage by banks. But doing so requires a deep-seated strategy that addresses the root reasons why candidates from these groups are turning away from tech. Issues such as lack of career development and accessible education need to be solved at ground level from the inside-out; an effort that begins before, or in tandem with, recruitment.
Make your recruitment process personal and transparent
When you’re fighting for top AI candidates who have the world at their fingertips, it’s not enough to bundle them through a generic Applicant Tracking System. You have to actively woo them, and get them on-side with your vision and community. This is especially important for millennials and Gen Z recruits, who are more purpose-driven than their predecessors.
Live online chat sessions hosted by high-profile speakers across the business is one tactic our banking clients have seen great success with here. For example, a shortlisted group of technologists get to meet with a bank’s CTO or Chief Human Resources Officer via a group chat (which they can join anonymously if they want to), to ask questions and find out more about a company’s technology roadmap and cultural ethos.
This is a rare opportunity to give candidates real takeaway value; even if they’re not thinking about leaving their current job, few will turn down the chance of time with the person who runs cybersecurity at a major bank. And this person will invariably be able to communicate a much better sense of culture than a third-party recruiter can.
Visibility is also important here: if you want to attract more BAME or female candidates, you need to have lead BAME or female technicians as a vocal part of the recruitment process, showing what success in your company looks like. If you don’t have people to fulfil these roles, you need to go back and address that rather than making empty statements.
Opening the doors to your company in this way is a winning strategy for tech candidates: it’s a “wrapper” to put around them and make them feel wanted, welcome and motivated – even when a recruitment process lasts a little longer than you’d like.
Talk like yourself but walk like a tech expert
Part of the openness needed to recruit key tech talent is about being authentic, too. There’s a tendency among some finance incumbents to “get down with the kids” and appear more like their disruptive competitors than they truly are. If you are a long-established brand in the banking world, with a good track record of developing careers, that alone is enough to attract AI technologists – you have a lot to offer, and you don’t need to put on a guise.
Equally, if you do have work to do in being more accessible to potential candidates, focus on real progression rather than image. This may mean putting through measures to build awareness and role modelling around recruitment diversity, or enhancing employee wellbeing.
With mental health issues on the rise in the workplace, a co-managed wellness programme of fitness and community events can make the difference between which way a candidate sways in a roomful of enticing options. This is especially true since banks – for all their boardrooms traditions – have a reputation amid technologists for a better, less brutal work-life balance than Silicon Valley.
Lastly, banks need to walk the walk when it comes to tech-enabled recruitment. However hard you try to make it personal, most candidate enrollments will involve a degree of automation at some stage – and it’s important to make that process as quick and slick as possible. For a candidate with consumer-grade tech experience, first impressions count: they want to know that this is a place that will recognise and nurture their skill set. So instead of a long, clunky application process, maybe consider a virtual assessment centre or a sophisticated chat bot, which can capture essential information in a fast, engaging way.
Recruiting the world’s top tech talent isn’t a question of magic or even necessarily a huge pay cheque. Instead you need to weave together these “micro-moments” that signal your bank’s character, integrity and technical ambition. Do this, and you stand a good chance of persuading leading AI candidates to skip the queue and come directly to you.
1.4 million customers to stop using bank branches due to COVID
8.4 million customers had already stopped visiting branches in person before lockdown
However, three quarters (74%) of customers will return to banking in branch after the pandemic
Of those who plan to return to branches, over two thirds (69%) will only return when they absolutely need to
A further 1.6 million (3%) said they don’t have an account with a high-street bank, meaning a total of 3 million Brits don’t have a need for physical branches.
This number may rise, as 8.4 (16%) million Brits had stopped using their bank’s branches before lockdown and are not sure if they will ever return.
However, not everyone has gone completely digital as 3 in 10 British banking customers (29%) have already returned to using their bank’s branches, with an additional 44% of customers planning to return soon.
Of these people who plan to return in the near future, over two thirds (69%) will only return when they absolutely need to and their problem cannot be solved online or over the phone.
While a third of those consumers (31%) are waiting for a COVID vaccine or treatment before they go back to their local branch.
This means that eventually, three-quarters of Brits (74%) will return to banking in-branch the way they did before lockdown.
However, they may face a longer journey than they previously did to find a branch. Data from ONS shows 25% of branches have closed in the UK since 2012 and this decline in branches is likely to continue if people follow through with their plans to avoid branches.
Customers in Northern Ireland will go back to banking in branches more so than those in any other region, with 85% of customers here saying they have already returned or plan to do so soon.
Interestingly, a quarter of customers (25%) in the East Midlands had already stopped banking in branches, making this the area with the most customers who no longer use branches.
Those in the North East are set to follow the same path as residents in the East Midlands, with 5% of customers in the North East saying they will stop using branches in the future.
To see the research in full visit: https://www.finder.com/uk/banking-branch-usage
Commenting on the findings, Jon Ostler, CEO at finder.com said:
“Lockdown has quickly changed many aspects of our lives and our banking behaviour was no different. Not being able to visit bank branches in person meant many consumers had no option but to start using online banking and bank’s mobile apps. These are generally easy to use and intuitive so you would expect some of these new converts to stay away from branches going forward.
“While the digital-only banks excel at their app offering, previous research we carried out found that sentiment towards these banks fell almost three times as much during lockdown than towards high street banks. This could be a sign that the quality of apps and online banking from high street banks is catching up.”
Finder commissioned Onepoll on 26 to 28 August 2020 to carry out a nationally representative survey of adults aged 18+. A total of 2,000 people were questioned throughout Great Britain, with representative quotas for gender, age and region.
Liquid Assets of a Bank
Liquid assets are tangible and movable assets which are easily convertible into cash in a crisis situation. Liquid assets are used by lenders to fund their loans. Examples of liquid assets include government bonds and central bank reserves.
To stay alive, financial institutions must have enough liquid funds to pay withdrawals and other immediate financial obligations by depositing holders of checks. But the amount of money they have in liquid form is not enough to cover these short-term obligations and their financial problems will become worse. Liquid assets of the financial institutions should be regularly replenished to make the banking system financially stable. In order to maintain a sufficient amount of money in the economy, the Federal Reserve System will always be in need of additional assets.
There are several ways in which the financial institutions can replenish their liquid assets. One of the ways is by borrowing funds from banks and credit unions. The other way is by issuing debt securities to provide liquidity for the monetary system.
Borrowing from banks and credit unions: Banks can borrow funds from other financial institutions in order to meet their liquidity requirements. However, the rate at which banks borrow funds from other financial institutions is usually very high. This high rate can only be beneficial for the financial institutions because the borrowed funds are used to purchase commercial mortgage-backed securities (CMBS). In return for providing CMBS, the banks can receive interest payments on the principal balance of the loans they have made to other financial institutions.
Issuing debt securities: The assets that a commercial bank or credit union secures as collateral for the loan from other financial institutions can also be used to liquidate its existing liquid assets. Usually, the assets used as collateral to secure loaned funds are Treasury securities, corporate bonds and treasury bills. However, as the value of these securities decreases, the banks’ ability to recover them through the redemption of their treasury bills and the federal income tax on the principal balance of these securities can increase the amount of funds they will have to pay out on short-term debts.
Securing debt securities: As mentioned above, the assets which commercial banks and credit unions can use to liquidate their liquid and non-liquid assets can also be used to secure loans made by them to other financial institutions. But it is important for the banks and credit unions to ensure that the funds they use to secure these loans are not used to purchase more securities. In order to obtain maximum gains from the sale of their assets, they should use a method to redeem the securities before the maturity date of the loan.
In addition to using these methods to secure other financial institutions’ loans, banks and credit unions can also sell their assets in order to raise the funds they need for making short-term payments. For example, if a commercial bank has a large inventory of commercial mortgage-backed securities, it may want to sell some of its assets in order to raise the capital required to make a single payment. If the purchase price of these assets is less than the total loan balance, the bank can sell its securities and cash in order to raise the necessary capital.
Although liquid and non-liquid assets can help the banking system to make its operations more stable, the loss of one type of asset can severely affect the financial condition of a bank or credit union. Therefore, even if there are many types of assets, it is important for the banks and credit unions to maintain a balanced level of liquidity in order to make sure that the economic system is not adversely affected by any one type of loss.
How Siloed Data Leaves Financial Institutions Open to Fraud
By Stephanie Lapierre, CEO Tealbook Reducing the risk of fraud is a top priority for all financial institutions since fraud...
Dealing with the loneliness crisis with assistive technology
By Karen Dolva, CEO and Co-Founder of NoIsolation Humans are social beings, and for most children, school will be their...
Round Table Feature – Attracting FDI at times of crisis
In recent years the growth of Northern Ireland’s financial services sector has been fuelled by an unbeatable combination of world-class...
UK versus Australia – data regulation on both sides of the world
By Guy Hanson, VP, Customer Engagement, Validity While consumer data privacy continues to be a hotly debated topic and many...
COVID-19 is changing people’s preferences when it comes to BTL investments
By Jamie Johnson, CEO of FJP Investment Throughout 2020, investors have had to navigate increasingly treacherous and volatile market conditions...
Three things to help fintech unicorns grow profitability
By Kash Amini, CEO and Founder of MasLife The new breed of fintech companies is missing a trick with a...
How banks can take on Google in the race for AI talent
By Nicola Sullivan, solutions director at candidate engagement tech firm Meet & Engage The events of 2020 have made the...
Furlough Fraud: genuine mistake or cheating the system?
As the furlough scheme comes to an end, many employers will be at risk of falling foul of its stringent...
Five features that decrease the value of your home
When you’re preparing to sell your house or flat you might think of various steps you could take that might...
Regulatory overlaps cause conflicts, confusion and complexity: is collaboration the answer?
By Rob Fulcher, Head of Business – Americas, CUBE Global Regulatory overlaps are an ongoing, perplexing and often time-consuming anomaly....