As pressures for timely reporting of OTC transactions mount on both sides of the pond, Ian Salmon of ITRS Group explores the challenges that this presents, while explaining why the sell-side requires a fresh approach to avoid heavy fines and reputational damage….
Hindsight is a wonderful thing. Having met the Dodd-Frank deadline for reporting trades to a data repository, most banks in Europe initially felt that the 12th February deadline for Emir compliance presented little problem. Fast forward a few months and that first flush of optimism feels wildly misplaced. Mention Emir to a compliance officer now and you are likely to be met with black scowls and a rapid change of subject. Somewhere along the line, Emir turned out to be a lot more challenging than was first anticipated.
What hindsight tells us with astonishing clarity is that the differences between Emir and Dodd-Frank were always going to create difficulties. The two regulations have different specifications for timing of reporting and the inclusion of collateral reporting. More significantly, where Dodd-Frank Title VII looks at mandating transaction reporting solely for OTC instruments, Emir includes both OTC and exchange-traded derivative products.
Most importantly of all, the two regulations differ when it comes to which entity reports a trade. Under Dodd-Frank, the dealer takes responsibility for reporting a transaction. Under Emir, both parties to the trade are accountable. Emir also specifies several additional data fields to Dodd-Frank, including information that is specific to each counterparty.
To achieve compliance with Emir, each counterparty needs to apply a unique trader reference identifier to each trade at the same stage of the workflow. How to ensure all identifiers match so that both counterparties have the same reference at a point at the same time is – often quite literally – the six million dollar question.
To make things even more interesting, Emir allows one counterparty to delegate transaction reporting to the other. They can even arrange for a third party to do the necessary reporting. Given that workflow surrounding derivatives trading can often resemble a game of pass the parcel, this only adds new layers of complexity both when trying to ascribe a unique identifier to the trade and when trying to assign responsibility for its reporting.
With brokers giving up electronic flow to fellow brokers to execute on their behalf, the relationship between the reporting entity and clearer is much more convoluted. Each of the intermediaries in the way represents a break point in the workflow, and the potential for reporting responsibility to fall between a gap. Banks that undertake reporting on their clients’ behalf need to ensure they have the means to source customer-related data in order to report it. No wonder that Emir is discussed only through much gritted teeth.
Principles and prescriptions
The specifics of transaction reporting aside, what this highlights once again is the difficulties associated with trying to create a model for OTC and derivatives trading that is based on equities workflow. In effect, the regulators are trying to deliver an identical end result from very different materials.
By very definition, OTC transactions are not standardised. Futures and options have less centralised markets, different platforms and different flow for different instruments. There’s no consistent and verifiable data streams. Even within a single institution there is unlikely to be a single infrastructure to handle every OTC transaction. The likelihood of two separate counterparties having identical infrastructure and workflow is even less likely.
That’s a very different proposition to the equities world, which although fragmented and complex, still retains a more straightforward and linear workflow. A standardised infrastructure is in place, which makes it much easier to deliver consistent results.
For many, the situation brings back painful memories of the early days of MiFID, with its lengthy consultative and often quite disorientating process. This is perhaps the biggest difference between Dodd-Frank and Emir, and is symptomatic of the broader difference between prescriptive and principles-based regulation. It also has the most implications for Asian markets as the regulatory trend moves inevitably eastward.
So where Emir is the liberal parent asking a teenager to decide whether they should stay out late or come home early, Dodd-Frank is the parent that demands they be home by ten. Interestingly, when ESMA was introduced in Europe it implemented a bunch of quite short, sharp regulations and applied them quickly to market participants. The approach was close to that taken in the US: this is what you have to do, this is when you have to do it, and this is what happens when you fail to comply.
The problem with Emir is that the market infrastructure is not in place for them to do that. They have effectively asked brokers to be home by ten, but can’t enforce it because there is no train service until half-past. Both regulator and regulated are caught in a stand-off, trying to work out how to progress without the necessary infrastructure in place.
Facing the future
Nonetheless, there will be a point where the regulator will enforce the transaction reporting requirements, and there are ways in which brokers can prepare now to avoid fines and reputational damage later. The principles-based approach gives brokers plenty of opportunity to develop their own proposals and plans for dealing with the problem. Mapping their own workflows across their disparate systems the in front-, middle- and back-office and then creating a landscape of transactions enables them to identify potential break points or gaps where data can slip.
This is the kind of information that can be used to engage with the regulators. It is far more about using specialist reconciliation tools to monitor infrastructure and applications, and using business intelligence to analyse potential improvements, rather than re-building platforms for interest rate swaps or installing monolithic derivatives platforms.
Increasingly, the solution is a light-touch layer of software that sits above and across all existing infrastructure and looks at the completeness of these flows – what gets traded and what gets reported, and flags up any discrepancies. It is far easier for intelligent software to spot that thirty incoming trades have only produced twenty reports than it is for a compliance officer to do the same – and it is the only way to ensure that thirty thousand trades produce thirty thousand reports.
The added advantage of course is that it protects brokers from whatever final demands the regulator makes. But there is more to it than that. To date, buy-sides have outsourced their reporting process to their brokers, and if banks didn’t report on behalf of their counterparties, buy-sides may have chosen to take their business elsewhere. That has always required a level of trust. But now the regulators are demanding a standard of proof that the buy-side – as well as the sell-side – has acted responsibility. This subtle, but important shift, places buy-sides under greater scrutiny: we are certain to see regulators asking some very probing questions in the future.
For smart brokers, it’s yet another tool to be used to demonstrate absolute compliance with the complex network of regulations that now encircle the world’s capital markets. It is another way of demonstrating value. Interestingly, after the transformative effect of the technology arms race, it is compliance standards (as well as the speed of the algo or quality of the DMA) that is now attracting clients.
What banks need to know about observability
By Abdi Essa, Regional Vice President, UK&I, Dynatrace
More aspects of our everyday lives are taking place online – from how we work, to how we socialise and, crucially, how we bank. To keep pace, financial organisations have stepped up their digital transformation efforts, supported by a shift to dynamic multicloud environments and cloud-native architectures. However, traditional monitoring solutions and manual approaches cannot keep up with these vast, highly complex environments. As a result, many banks are turning to new, observability-based approaches to understand what is happening in their digital ecosystems. These approaches, however, bring new challenges to overcome.
Here are six things banks need to know about observability to ensure they can gain true value, combat the complexities of their modern multicloud environments, and drive digital success in 2021 and beyond.
- Most banks have very limited observability
The scale, complexity, and constant change that characterises hybrid, multicloud environments presents a real challenge to banks’ IT teams. Our research found that, on average, banking digital teams have full observability into just 11 percent of their application and infrastructure environments – not nearly enough to understand what is happening, and why, across the digital ecosystem. Additionally, 87 percent said there are barriers preventing them from monitoring a greater proportion of their applications – including limited time and resources. Without improving observability across the entire cloud environment – by drawing in metrics, logs, and traces from every application – banks’ IT teams are limited in the success they can have driving initiatives to deliver the new banking products and quality user experience customers want.
- You can’t bank on manual approaches
With many banks beginning to rely on more dynamic, distributed multicloud architectures to deliver new services, IT teams are stretched further than ever. More than a third of financial services organisations say their IT environment changes at least once per second, and 65 percent say it changes every minute or less. This rate of change creates a volume, velocity, and variety of data that has gone beyond banks’ IT teams’ ability to handle with traditional approaches – there’s no time to manually script, configure, and instrument observability and set up monitoring capabilities. The need for automation is therefore critical. By harnessing continuous automation assisted by AI in place of manual processes, teams can drastically improve observability to automatically discover, instrument, and baseline every component in their bank’s cloud ecosystem as it changes, in real-time.
- Cloud native adoption is obfuscating observability
To remain agile and keep up with the rapid pace of digital transformation, banks are increasingly turning to cloud-native architectures. Our research found 81 percent of them are using cloud-native technologies and platforms such as Kubernetes, microservices and containers. However, the complexity of managing these ecosystems has made it even harder for banks’ IT teams to maintain observability across their environments. Nearly three-quarters of banking CIOs say the rise of Kubernetes has resulted in too many moving parts for IT to manage, and that a radically different approach to IT and cloud operations management is needed. Such an approach should be based on a solution that is purpose-built to auto-discover and scale with cloud-native architectures.
- Data silos result in tunnel vision
To boost observability, many banks have simply thrown more tools at the problem. Our research found that most organisations use an average of 11 monitoring solutions across the technology stack. However, more isn’t always better, and multiple sources of monitoring data can result in fragmented insights. This fragmentation makes it harder to understand the full context of the impact that digital service performance has on user experience and unravel the nearly infinite web of interdependencies between banks’ applications, clouds, and infrastructure. Instead, financial organisations should seek a single platform with a unified data model to unlock a single source of truth. This will be integral to ensuring that all digital teams are on the same page, speaking the same language, and collaborating effectively across silos to achieve business goals.
- Observability alone is not enough
Simply having observability doesn’t help banks achieve tangible benefits or reach their business goals. To get true value, the data processed must be actionable in real-time. As such, observability is most effective when paired with AI and automation. This observability enables teams to instantly eliminate false positives, prioritise problems based on the impact it will have on the wider organisation, and understand the root cause of any problems or anomalies so they can resolve them quickly. The alternative is to manually trawl through dashboards and data to find insights, which is incredibly time-consuming and makes it almost impossible to act in real-time. Our research found that 94 percent of CIOs think AI-assistance will be critical to IT’s ability to cope with increasing workloads and deliver maximum value to the organisation. AI is clearly no longer just a ‘nice to have,’ but a business imperative.
- Observability isn’t just for the back end
Far from just having observability of their multicloud environments, banking IT teams also need to be able to see how the code they push into production impacts the end-user experience, and how that in turn affects outcomes for the business. This is a major goal for many CIOs, with 58 percent citing the ability to be more proactive and continuously optimise user experience as a benefit they hoped to achieve from increased use of automation in cloud and IT operations. By harnessing automatic and intelligent observability, banks’ digital teams can unlock code-level insights and precise answers to their questions about user experience and behaviour, so they can continuously optimise their banking services.
Observability is key for modern financial organisations looking to accelerate their digital transformation. By understanding these six key things about observability, IT teams will be better placed to master dynamic, multicloud ecosystems, and drive better digital banking services for the business and its customers.
Hackers can now empty out ATMs remotely – what can banks do to stop this?
By Elida Policastro, Regional Vice President for Cybersecurity, Auriga
In 2010, the late Barnaby Jack famously exploited an ATM into dispensing dollar bills, without withdrawing it from a bank account using a debit card. Fast forward to the present day, and this technique that is now known as jackpotting, is emerging as a threat and is growing as an attack on financial services. Recently, a hacking group called BeagleBoyz in North Korea have caught the attention of several U.S. agencies, as they have been allegedly stealing money from international banks by using remote hacking methods such as jackpotting.
The reality behind jackpotting
Jackpotting is when cybercriminals will use malware to trick their targeted ATM machine into distributing cash. As this criminal method is relatively easy to commit, it is becoming a popular tool for cybercriminals, and this trend will sure continue in 2021, unless financial organisations implement policies to prevent this and protect consumers.
During this difficult time, when access to cash has never been more important to banking customers, it is imperative that banks give their customers reliable ATMs that work, 24/7, 365 days a year. However, due to the sensitive data that ATMs possess, such as credit card or PIN numbers, they have now become a profitable object for cybercriminals to manipulate. As cybercriminals have been evolving in their efforts of attacking the IP in ATM machines, we will definitely see more jackpotting stories emerge in the coming months, especially with the large return on investment.
How criminals exploit the vulnerabilities found in ATMs
Since ATMs are both physically accessible and found in remote locations with little to no surveillance, this gives an opportunity for criminals to carry out jackpotting, especially with the software vulnerabilities that may exist in many ATMs.
ATM machines have been easily manipulated due to the outdated and unpatched operating systems that they run on. If banks wanted to resolve this issue and update these systems, it would take large amounts of time and money to do so. However, some banks do not have such resource and because of this, cybercriminals take advantage by penetrating the software layers in ATMs and exploiting the hardware to dispense cash.
How can banks tackle this?
As the sector has a complex technical architecture, banking organisations will have to make sure that they have control over the transactions that take place, and this includes the management of security when it comes to communication between various actors. When financial organisations are reviewing their ATM infrastructure, they will also need to protect their most vulnerable capabilities within their cybersecurity. Banks, for example, can encrypt the channels on the message authentication, in the event bad actors try to tamper with their communications.
Because ATM networks need to be available 24/7, banks not only, need to implement greater protection over their systems, but they need to do so with a holistic approach. One action that banks can take is to implement a centralised security solution that protects, monitors and controls their various ATM networks. This way banks can control their entire infrastructure from one location, stopping fraudulent activities or malware attempts on vulnerable ATMs.
Another way for banks to reduce the risk of jackpotting attacks is to update their ATM hardware and software. To do this, they will need to closely monitor and regularly review their machines in order to spot any emerging risks.
What the future holds for the banking industry
As confirmed by the warnings from the U.S. agencies, jackpotting remains a very serious threat for financial organisations. Evidence has also emerged, which shows hackers are becoming more innovative in their tactics. It was reported last year, for example, that hackers stole details of propriety operating systems for ATMs that can be used to form new jackpotting methods.
The emergence of jackpotting highlights the need for banks to actively work to protect their customers’ personal information and critical systems now and for the foreseeable future. In order to stay secure and reduce the risk of attacks, they will need to put in place the aforementioned solutions, which include updating their ATM hardware and software as well as closely monitoring and regularly reviewing their ATMs. As cybercriminals continue to become more innovative in their ways of attacking the machines, the issues mentioned will only continue to rise if they are not addressed. Although the method of jackpotting requires little action from cybercriminals, if financial organisations can implement a layered defence to their ATM security, they can stop themselves from becoming another victim to this type of attack in the future.
SoftBank Vision Fund set for new portfolio champion with Coupang IPO
By Sam Nussey and Joyce Lee
TOKYO/SEOUL (Reuters) – SoftBank’s $100 billion Vision Fund is poised to have a new number-one asset in its portfolio with the upcoming floatation of top South Korean e-tailer Coupang, furthering a turnaround that has seen the fund yo-yo from huge losses to record profit.
The $50 billion target valuation that Reuters reported this month would likely see the decade-old firm surpass recently listed U.S. food deliverer DoorDash Inc on a roster of assets that also includes stakes in TikTok parent ByteDance and ride-hailers Grab and Didi.
The Vision Fund built up its 37% stake in Coupang for $2.7 billion, mostly at an $8.7 billion post-money valuation, a person familiar with the matter said. The fund is not expected to sell shares in the initial public offering (IPO) that Coupang filed for in New York, the person said, declining to be identified as the information was not public.
SoftBank Group Corp and Coupang declined to comment.
Achieving a $50 billion valuation would add to good news for the fund which is bouncing back from an annual loss in March. This month, it announced record quarterly profit, driven by the listings of DoorDash and home seller Opendoor Technologies Inc and share price rise of ride-hailer Uber Technologies Inc.
The fund has written big cheques for late-stage startups to fuel rapid growth, with two-thirds of the value of its portfolio concentrated in 10 assets including Coupang.
The 10 include 25% of British chip designer Arm – to be sold to Nvidia Corp pending regulatory approval – but not stakes in high-profile stumbles like office-sharing firm WeWork.
The fund’s largest assets include its 22% stake in DoorDash, whose share price has doubled since the firm’s December IPO, sending its market capitalisation to $65 billion.
FACTBOX: Vision Fund’s investment hit parade
SoftBank initially invested in Coupang in 2015, adding it to a stable of e-commerce hits that included 25% of China’s Alibaba Group Holding Ltd, before placing it under the fund.
The e-tailer has grown rapidly during stay-home policies while the COVID-19 pandemic has forced other portfolio firms like Indian hotel chain Oyo to scramble to preserve cash.
Analysts see Coupang’s $50 billion valuation as feasible given its first-mover status and as it expands beyond replacing brick-and-mortar retail with a rising number of online channels.
It is the biggest e-tailer in South Korea that directly handles inventory, with 2020 purchases at about 21.7 trillion won ($19.62 billion), showed data from WiseApp.
“The market’s assessment isn’t exaggerated,” said analyst Park Eun-kyung at Samsung Securities. “Coupang’s market leadership is a premium factor.”
($1 = 1,106.1800 won)
(Reporting by Sam Nussey in Tokyo and Joyce Lee in Seoul; Editing by Christopher Cushing)
Holiday bookings soar as Britons hope for travel restart
By Sarah Young LONDON (Reuters) – International holiday bookings surged by as much as 600% after Britain laid out plans...
Commodities rally, stocks steady, yields off highs
By Danilo Masoni and Anshuman Daga MILAN/SINGAPORE (Reuters) – Optimism about the economic outlook pushed commodity prices to new highs...
Concern over rich-poor divide seen on the increase during pandemic
By Matthew Lavietes NEW YORK (Thomson Reuters Foundation) – People have become more concerned about the gap between rich and...
Bitcoin tumbles 17% as doubts grow over valuations
By Tom Wilson and Tom Westbrook LONDON/SINGAPORE (Reuters) – Bitcoin tumbled 17% on Tuesday, sparking a sell-off across cryptocurrency markets...
Sterling climbs towards $1.41 as PM sets roadmap to easing lockdown
By Joice Alves LONDON (Reuters) – Sterling edged higher on Tuesday against both the dollar and the euro after Prime...
H&M, IKEA and Stora Enso backed TreeToTextile builds sustainable fibre demo plant
STOCKHOLM (Reuters) – A venture part-owned by Finnish forestry group Stora Enso, Sweden’s H&M and IKEA said on Tuesday it...
IHG books $153 million loss, Holiday Inn softens coronavirus blow
By Tanishaa Nadkar (Reuters) – InterContinental Hotels booked an annual loss of $153 million on Tuesday, pummelled by repeated COVID-19...
Boon or bane? Malaysian island reclamation plan divides residents
By Rina Chandran (Thomson Reuters Foundation) – The island of Penang on the northwest coast of Malaysia is known for...
Aviva sells French business to Macif’s Aéma Groupe for $3.9 billion
LONDON (Reuters) – Aviva has agreed the sale of its operations in France for 3.2 billion euros ($3.89 billion) to...
The future of cryptocurrency in the eCommerce industry
By Josh Brooks, Head of Marketing at OnBuy.co With some of the biggest names in the business turning to cryptocurrencies,...