Connect with us

Business

Banking on legacy – The risks posed by ‘stone age’ banking infrastructure

Source: Finance Derivative

By Andreas Wuchner, Angel Investor of Venari Security

Introduction

If you consider the most significant motivating factors behind cyber-attacks – the promise of large financial reward and the opportunity to cause maximum business and social disruption – it’s little wonder that banks and financial institutions are amongst the most inviting targets for would-be cyber criminals. In fact, according to IBM’s recent report, ‘banking and finance’ was the most attacked industry for the five years between 2015 and 2020 – surpassed only by threats to critical infrastructure in recent years. Successful attacks can provide aggressors with a mass of sensitive personal and financial information, and even access to people’s money itself. Furthermore, a suspension of withdrawals and deposits can cause huge social disruption and reputational damage. 

As banks have reacted to years of new regulation and emerging technologies, they often operate with a hugely complicated and disparate technology estates. This provides malicious actors with a wealth of potential attack vectors. A small breach from anywhere in this network can have enormous consequences, and lead to entire systems being overrun. As such, it’s crucial that security teams operate with the highest-grade security possible, including ensuring the strongest level of encryption standards. Banks need to look beyond regulatory tick-box commitments and ensure they are taking proactive and preventative steps to monitor and combat malicious attacks across their entire network.

Andreas Wuchner

However, the ability to react to cyber-threats across a vast estate requires speed and flexibility to quickly react and update security protocols. The sheer volume of legacy infrastructure slows this process down considerably leaving many security teams in a vicious cycle. 

The threat of legacy infrastructure

A sizeable proportion of the banking industry still maintains a reliance on systems first developed more than 40 years ago. In fact, many ‘core banking’ systems, like payments, loans, mortgages and the associated technologies, are still coded using COBOL (Common Business-Orientated Language), an otherwise defunct programming language that is older than the internet itself. In the UK and Europe, COBOL remains the ‘backbone of banking services,’ while in the USA, as much as 43% of banking systems are built on COBOL, meaning it underpins much of our financial system.

This presents a huge security risk. While code has been regularly updated over the years, these systems were built when security threats were far less sophisticated, less well-financed and the burden of data was far less pronounced. For several years, governments have pointed towards legacy systems, built using COBOL, as a major cybersecurity threat, incompatible with modern security best practices and solutions, including multi-factor authentication. For example, data from Kaspersky found that businesses with outdated technology are much more likely to have suffered a data breach (65%) than those who keep their technology updated (29%).

A further security consideration is the diminishing number of people who are trained in maintaining COBOL systems. Every year, experienced professionals exit the industry, making it increasingly difficult to service legacy technologies and creating significant delays in patching threats once they’re identified. This lack of supply of sufficiently trained experts, and the demand they face, makes any updates extremely expensive and time consuming.

Furthermore, legacy infrastructure is preventing the secure application of encryption, posing its own distinct cybersecurity and regulatory risks. Encryption is often heralded as a silver bullet solution for data privacy and has been a continuing area of focus for regulatory bodies in recent years. However, banks remain guilty of poor deployment, maintenance and management of encryption – using outdated protocols and inefficient methods of analysing and understanding network traffic. This, coupled with legacy ‘core banking’ systems that are incompatible with modern encryption techniques, equates to a regulatory and security headache for security teams.

Adopting a new mindset

The risks posed by legacy systems and the volume of cybersecurity threats facing banks, mean a concentrated re-think of overall cybersecurity strategy is needed to prevent breaches and ensure data is protected long-term. Traditionally, banks have taken an ‘outside-in’ view – dedicating capacity, finances and knowledge to dealing with threats that are existing, known and well publicised. However, to aid long-term security, this should be superseded by an ‘inside-out’ proactive approach, whereby security teams are cognisant of their own internal systems and where the key vulnerabilities are found. Once banks have a detailed view of the security risks posed by their legacy systems, and specifically what data is threatened, they can address flaws, update these systems and build a stronger overall security posture.

The secure path ahead

Many of our successful high-street banks today have centuries of experience in dealing with social, economic and regulatory upheaval. However, the rapid development and deployment of technology continues to present a unique challenge. Many ‘traditional’ banks have built a complex technology infrastructure through decades of adjustment to new legislation and emerging technologies. While serviceable in the past, fintech start-ups are pushing the long-term viability of these systems to the limit.

Challenger banks have the luxury of being built from the ground-up, prioritising convenient digital services and features, and modern security processes. As the user base of these banks increase, customers are increasingly expecting these features and security from their existing banks, meaning even more complexity added to legacy infrastructures. As outlined by Deloitte, existing firms simply aren’t positioned to support the rising expectation of the market, exposing banks to additional risk and liability.

What’s more, it’s estimated that banks spend as much as 80% of their yearly IT budgets on the maintenance of legacy systems. While an immediate switch away from these systems is unrealistic, there is an opportunity to reduce wasted spend and divert spend towards modernisation efforts. However, while traditional banks may want to adapt quicker to technological advancements, they need to do so while continuing to minimise cyber risk and without jeopardising the security of their data or systems. This means placing cybersecurity at the heart of any modernisation efforts and maintaining a steady rate of change. As more of the technology estate begins to be modernised, the potential risks of regulatory non-compliance will also reduce.

Legacy systems need a considered update

Banking systems have heavily relied on legacy infrastructure for too long now, bringing difficulties in maintaining the highest-grade cybersecurity and in facilitating innovation. The risks presented by novel cybersecurity attack vectors and competition from new and emerging digital services offered by challenger banks are exacerbating these issues. As such, legacy systems need a managed modernisation in the long-term, facilitated in part by a managed redistribution of existing IT spend. However, to ensure long-term security overall, cybersecurity needs to be central to be at the very heart of modernisation efforts.

 

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Building thriving innovation hubs & startup ecosystems

By Gianna Pinasco

Building thriving innovation hubs and startup ecosystems matters because they serve as catalysts for economic growth, fostering collaboration, entrepreneurship, and the development of transformative solutions to societal challenges.

For the last 6 years, I have studied and worked with government, corporate, and academia partners to create and nurture innovation hubs and startup ecosystems — also known as entrepreneurial ecosystems. In this article, we will define these concepts and zero in on the key components for building thriving ecosystems that drive innovation and entrepreneurship.

What are innovation hubs and startup ecosystems?

Before we begin, we should clarify what is a) an innovation hub and b) a startup ecosystem. Sometimes, these terms are used interchangeably. Whilst they may be related, they are very different things.

Firstly, an innovation hub is a physical or virtual place designed to foster creativity, collaboration, and technological advancement, offering access to resources like mentorship, funding, and workspace.

In contrast, a startup ecosystem (also known as an entrepreneurial ecosystem) is an interconnected network that works together to nurture entrepreneurial development and societal growth. An innovation hub, for example, is only a small component of an entrepreneurial ecosystem.

The Building Blocks of an Entrepreneurial Ecosystem

At a basic level, most entrepreneurial ecosystems share six key interconnected elements that work independently and with one another to support entrepreneurs and drive innovation. These include:

Human Capital

Human capital is crucial for the success of an entrepreneurial ecosystem. Talented individuals bring expertise, creativity, and experience – essential for developing new ideas, solving complex problems, and scaling businesses. These drive skilled workforce, innovative entrepreneurs, and knowledgeable investors needed to drive growth and innovation.

By investing in and collaborating with universities, educational institutions, and training programmes that nurture desirable skills, you can develop skilled entrepreneurs and employees to secure a continuous pipeline of capable professionals to sustain the ecosystem’s dynamism and competitiveness.

For example, our team recently visited Kuwait to help launch the Kuwait Digital Startup Campus project. The project results from a public-private partnership aiming to nurture local talent to support the development of the Kuwaiti ecosystem. The project partners understood that Kuwait would need to invest in its human capital to achieve its vision of becoming a leader in finance and trade. This project will help to support the overall ecosystem by supporting the development of skilled entrepreneurs and employees.

Policy

Thriving entrepreneurial ecosystems require the implementation of policies that create a conducive regulatory environment for innovation. This necessitates the intervention of policymakers, regulators, and experts to formulate and implement suitable policies. Effective policies are typically designed to promote entrepreneurship, remove bureaucratic barriers, and provide incentives and support for startups (Stam & Spigel, 2016).

One can look to the UAE as an example of how progressive policies have helped it become a leader in developing and adopting innovative vertical take-off and landing (VTOL) technology. Last year, the UAE General Civil Aviation Authority published the world’s first national regulation covering vertiports’ design and operational requirements and the efficient and safe operation of VTOL aircraft. Looking ahead, the UAE can expect to roll out the world’s first air taxi services.

Finance

Access to financial resources and funding is critical for an entrepreneurial ecosystem as it fuels business growth and innovation. Startups need funding to develop products and services, hire talent, and scale operations. Adequate financial resources enable entrepreneurs to access critical capital streams to drive growth and navigate early-stage challenges.

Diverse funding options, including venture capital, angel investors, and grants, attract and retain startups. A major part of London’s success is due to its strength as a leading financial hub, providing access to venture capital (VC) firms, angel investors, banks, and other financial institutions. According to the Startup Genome, available VC funding for startups in London alone was $101 billion (2019-2023) compared to the global average of $4.6 billion. Additionally, the government’s startup loans scheme offers new businesses up to $31,500 per co-founder at a 6% interest rate.

Access to finance ensures that promising ideas can be transformed into viable businesses, driving economic growth, job creation, and technological advancements within the ecosystem.

Markets

Market access is vital for thriving startup ecosystems. It enables startups to connect with potential customers, suppliers, and partners. A healthy ecosystem facilitates these connections, providing opportunities for startups to gain traction and scale. For example, large corporations within the ecosystem can become key customers, suppliers, or partners, offering valuable resources and market reach.

Further, access to local and international markets ensures startups can grow, innovate, and compete globally, driving economic growth and sustainability within the ecosystem. London does this well, offering access to potential customers, suppliers, partners and other resources and connections needed to grow and succeed. This market access ultimately fosters a vibrant environment where startups and entrepreneurs can thrive and succeed.

Culture

Culture is another vital component in building a thriving entrepreneurial ecosystem as it shapes societal attitudes towards entrepreneurship. A supportive culture values innovation, risk-taking, and learning from failure, encouraging individuals to pursue entrepreneurial ventures. It fosters an environment where role models and success stories inspire aspiring entrepreneurs.

A strong network of experienced entrepreneurs also provides mentorship and guidance, helping new startups navigate challenges. This positive cultural foundation attracts talent, investment, and collaboration, creating a dynamic and resilient ecosystem where startups can flourish and contribute to economic growth and innovation.

Ecosystems like Silicon Valley in the USA, London in the UK, and Dubai in the UAE owe a great deal of their success to having cultivated cultures conducive to entrepreneurship, providing support and incentives for entrepreneurs and innovators, encouraging risk-taking and the ability to learn from failure, making them leaders in the development and adoption of several groundbreaking technologies.

Support Systems

Support systems within an entrepreneurial ecosystem encompass a wide range of resources and services that facilitate the growth and success of startups. Key supports include access to innovation hubs such as incubators, accelerators, and coworking spaces, which provide essential infrastructure, mentorship, and networking opportunities.

It also refers to university availability and professional services like legal, accounting, and marketing which are crucial for startup development and growth. Likewise, educational and training programs on entrepreneurship offer valuable knowledge and skill development, empowering entrepreneurs to innovate and scale their ventures. Together, these supports create a robust foundation that nurtures startup potential and drives sustainable economic growth.

Remember: context is king.

Whilst the elements outlined above are essential for building a thriving entrepreneurial ecosystem, potentially the most crucial element of all has yet to be mentioned: context.

When setting out to create a thriving entrepreneurial ecosystem, it is important to understand the unique social, economic, and environmental context within which it will exist and operate. Each local or virtual community has its own needs, strengths and weaknesses. Depending on where and when you are operating, you will have differing levels of access to resources, talent, and market opportunities. This is why you can take lessons from other thriving entrepreneurial ecosystems, but you cannot expect to replicate the results. You will need to tailor your support systems, policies, and initiatives to fit your unique context to allow for success.

Lastly, all ecosystems are vulnerable to disruption, affecting overall stability and success. By prioritising development based on your strengths and actively working to manage your weaknesses, you can build a more resilient ecosystem. At the end of the day, a context-aware approach creates a more sustainable and impactful ecosystem that will resonate with and benefit the community it serves.

Continue Reading

Business

Why fintech is the catalyst for a new and bold generation of investors

Source: Finance Derivative

By Jeremy Baber, CEO of Lanistar

Investing has evolved since the days of safe blue-chip stocks and government bonds. There’s a new wave of bold investors who have been inspired by the accessibility and ease-of-use offered by fintech innovation. According to Charles Schwab UK’s Investment Forces report, this new generation of investors is taking a bolder approach. Dubbed ‘Gen T’, this generation is taking a pass on the slow game, and the influence of fintech has helped them gain the confidence to do so.

A new way to invest

Investing in stocks has been a route to growing cash for hundreds of years. Since the opening of the Amsterdam Stock Exchange in 1602, the fundamental principles of investment have essentially stayed the same. Investors balance risk and reward to maximise their return on investment. What has changed, particularly in the last decade, is that the ability to invest has become a much more democratised process, with many more people able to educate themselves on investment strategies and access a wide array of online investment platforms. Fintech has been a crucial component of this change.

What fintech offers consumers is an intuitive, tech-fuelled approach to finance with a focus on simplicity. At its core, fintech is consumer-centric, placing the user at the heart of all its products. It has also brought on a new wave of technological innovation to the financial world, producing the next generation of apps and platforms. Consumers today not only have access to a wide array of investment platforms that are simple and easy to use, but they also have greater access to financial education resources. A strong example of the broader range of investment options available today is micro-investing platforms, which allow their users to invest small sums into a diversified portfolio of assets that might include stocks, exchange-traded funds (ETFs), or even cryptocurrencies. This market continues to grow year on year, valued at $19 billion in 2023.

From the fintech wave has emerged a new way to invest. Investment platforms make use of the latest innovative technologies, like real-time data and analytics and automation, to deliver a hyper personalised customer experience that makes investing simpler and easier than ever before. In simple terms, these platforms are built using the fintech model.

Staying financially literate in a chaotic world

Whilst ‘Gen T’ are demonstrating behaviours closer to professional traders, according to Charles Schwarb UK’s report, they also harbour strong concerns over whether investment strategies will lead to heavy losses. Where 50% of boomers said they were unsure of how to adapt their investment strategies to avoid losses, 74% of millennials and 73% of Gen Z said the same. In this way, whilst investing has become easier and more accessible, younger and more inexperienced investors are feeling the heat of today’s turbulent financial markets.

Just as fintech helped to democratise access to investing, it also needs to ensure that all investors – from teenagers to old-age pensioners – are financially literate enough to know what they are investing in. The Organisation for Economic Co-Operation found that just 67% of UK adults were financially literate. This places the UK 15th out of 29 OECD countries for financial literacy. At a time where living costs are sky high and many people are struggling with their finances, it is crucial that financial services providers help to educate their customers and increase the UK’s financial literacy rates. In its customer-centric and highly personalised approach, fintech can lead the way with helping the UK to become more financially literate.

Some fintechs have already started to turn the wheel on financial literacy, providing educational resources within their apps and products. Data and analytics are also key to financial literacy, helping consumers to understand their specific spending habits and support them in making extra savings. When it comes to investing, there have been examples of apps that allow customers to set aside their savings to create portfolios, promoting a sustainable method of investing. Ultimately, where fintechs will deliver the most value to consumers is in providing a truly personalised and simple way to understand their finances.

Fintech’s enduring role

Times have changed, and with a new era of investing being ushered in by an array of new apps and products, the financial services industry must take steps to protect its customers. Whilst it’s a good thing that investing has become easier and more accessible, those who are signing away their savings must be protected. Regulation will play a key role, and the FCA has already enacted some encouraging work in its Consumer Duty regulation brought on in July 2023.

How we as an industry choose to enact this protection will be crucially important in the next decade. I am confident that just as it played a large role in democratizing investing, fintech will be a significant player in the continuing to shape the investing market in the future.

Continue Reading

Business

The Future of Financial Services: Personalised experiences powered by AI, secured by privacy

Source: Finance Derivative

By Erin Nicholson, Global Head of Data Protection and Privacy at Thoughtworks

Over half (51%) of European consumers want more personalised financial services, but a
significant minority (22%) are less comfortable sharing data for this purpose compared to last
year, according to a report by Twilio. This highlights the core tension in today’s financial
landscape: personalisation and privacy.

Consumers crave tailored financial advice and products. They want their banks and financial
advisors to understand their unique needs and goals. Yet, data privacy regulations like GDPR and CCPA make leveraging personal data for such purposes a challenge. These regulations restrict how financial institutions can collect, store, and use customer data.

As a data protection and privacy specialist, I am fascinated by bridging this gap. I question how we can achieve personalisation for clients while remaining compliant with these regulations?

The answer lies in a three-pronged approach utilising Artificial Intelligence (AI): leveraging both predictive AI and generative AI (GenAI) and also leveraging Privacy Enhancing Technologies. This approach empowers financial institutions to personalise the client experience while safeguarding sensitive data.

AI-driven lead generation with privacy at its core

Traditional prospecting methods often rely on incomplete data or outdated strategies. Sifting
through vast datasets to identify potential clients can be a time-consuming and inefficient
process. Here’s how AI can help:

Predictive AI can analyse anonymised or aggregated data sets to uncover patterns and trends. This data can be used to create a “probability-weighted list” of potential clients, highlighting those with a higher likelihood of being receptive to specific financial products or services. This approach provides valuable insights without requiring access to sensitive personal information.

Cross-selling reimagined: connecting the dots without data sharing

Cross-selling within a financial institution can be a powerful strategy to deepen client
relationships and drive revenue. However, identifying potential connections between existing
clients and those who might benefit from products offered by different divisions has always been a challenge due to data silos and privacy concerns.

Here’s where GenAI comes in.

GenAI, Federated Learning, and Homomorphic Encryption unlocks the power of graph-based
algorithms. These algorithms can analyse connections between data points without actually
sharing the underlying sensitive data itself. Imagine a system that can identify potential
cross-selling opportunities between different client segments, allowing banks to recommend
relevant products or services while maintaining strict data privacy boundaries.

The power of combining personalisation and privacy

This two-pronged AI approach offers significant benefits for financial institutions:
Increased efficiency: AI streamlines prospecting efforts, allowing institutions to focus
resources on qualified leads.
Enhanced customer experience: Personalised recommendations based on anonymised
data insights foster stronger client relationships.
Reduced regulatory risk: Minimising reliance on sensitive data minimises regulatory risks
associated with data privacy violations.

The broader potential of genAI

GenAI’s potential extends beyond initial client acquisition and cross-selling. Imagine, for example, using genAI to create educational content tailored to each client’s needs and financial literacy level. This empowers investors to make informed decisions based on clear and relevant information, ultimately strengthening the client-advisor relationship.

Responsible AI adoption: a critical priority

While genAI offers exciting possibilities, responsible adoption is crucial to ensure the protection of the public’s data. Here are some key considerations:
Focus on high-value use cases: Identify genAI applications that deliver significant value
while minimising complexity and cost.
Ensure data security: Implement robust security measures to safeguard sensitive
customer data from potential risks associated with genAI models.
Combat bias and factual errors: Be mindful of potential biases in training data and
incorporate human oversight to prevent biased or inaccurate outputs.
Leverage Privacy Enhancing Technologies: PETs such as Federated Learning and
Homomorphic Encryption will enhance the utility of your data without infringing on
privacy.

By embracing AI in a responsible manner, the financial services industry can achieve its
personalisation goals while ensuring customer data remains protected. This paves the way for a future where personalisation and privacy go hand-in-hand, fostering a more secure and
empowering financial landscape for all.

Continue Reading

Copyright © 2021 Futures Parity.