Source: Finance Derivative
Nick Hogg, Director of Security Training, Fortra
The regulatory landscape is tightening for European banking, financial, and insurance institutions. Besides adhering to various local and global legislations, these organisations must prove compliance with the Digital Operational Resilience Act (DORA) by 17 January 2025. DORA “sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services.”
This deadline will occur almost a year after the due date for PCI DSS 4.0 compliance and serves as a reminder that as the threat landscape evolves, so does the legislative one. Both DORA and PCI DSS 4.0 present excellent opportunities for financial organisations to re-evaluate their procedures for all compliance legislation and security requirements.
What can financial institutions do to ensure they are compliant?
Scoping and identifying overlap
The first step is identifying the risks faced and establishing the appetite for risk. Once these have been identified, organisations can then look at their existing policies, processes and defences to understand where existing elements can be reused or adapted to reduce the burden on the business. These steps will assist with prioritising projects and spending to ensure efficient use of resources.
Understand your environment
Having clear and consistent visibility into your infrastructure, whether on-premises or in the cloud, is essential to understanding whether something is at risk or poses a threat. Vulnerability scans, penetration testing and red team exercises are tools and techniques that help businesses identify those gaps that can be improved. Increasing the frequency of these scans and using automation to run them on a repeatable basis will help to lessen the impact on the teams involved. This increased visibility can help a company to respond to the small changes and risks swiftly. Financial organisations must also account for the internal changes that may cause a system to break or halt. Configuration change management and file integrity monitoring can help to reveal exactly what has changed, when, and who has made the change to avoid mistakes from crippling an entire organisation.
Business continuity and resilience
While prevention is an essential strategy, organisations cannot stop 100% of compromises and preparing for when something slips through the cracks of security controls is key. All the regulatory frameworks recognise that organisations will eventually experience some compromise or downtime, so balancing prevention with response strategies is a mature approach to security and compliance.
Treat internal and supply-chain risks
It’s important to mitigate the threats to infrastructure and software that might damage resilience. A simple inattentive moment can result in an employee clicking on a malicious link or opening an infected attachment. The best way to prevent this is to make security a constant presence, both technically, and logically. Technical data loss prevention tools, as well as security awareness training can augment existing controls.
Another necessary component for mitigating these threats is focusing on the third-party supply chain, which is also a critical ingredient of DORA compliance. Businesses must get visibility into the risks from suppliers and partners, especially those from software or applications. This is best achieved with careful review to make sure that these external parties meet the standards of the hosting organisation.
Discover hidden vulnerabilities
Financial organisations must invest in vulnerability scans and pen testing to ensure ongoing compliance and solid risk management. Both are valuable tools because they give a complete understanding of the posture and the gaps. They provide valuable insights and information that security teams can leverage to strengthen compliance security and get buy-in from the executives to allocate budget and resources to implement projects. The data from these scans and tests can also become instruments to help re-prioritise tasks and projects because they provide a more representative glimpse of what could happen if an attacker exploits these risks. Pen tests and vulnerability scans can determine the real-world impacts that may not be realised in a risk assessment.
Partner with a managed service provider
Another important consideration is evaluating whether a financial organisation has the capacity to become compliant or needs to hire additional resources. Buying the tools required for security and compliance is just one step. Organisations also need to consider the ongoing administration and management that will result from these additional resources. Hiring security professionals to build a security team is hard, and organisations must provide training to retain them. This is the best time for financial companies to consider managed security services, like detection and response, or data loss prevention. A managed service provider greatly extends the existing security team and is a cost-effective approach to security and compliance.
Train your employees
Financial organisations must also focus on training their employees about security awareness. A good strategy is to focus on one topic a month and avoid overloading people with acronyms and technical jargon. The content must be relative to the employees’ day-to-day operations and provide the context required to understand why a lack of security can cause a massive problem for an organisation.
Build additional layers of defence
Training is enormously effective; however, businesses need additional layers of defence to fortify themselves against evolving threats. These technology layers can help detect phishing emails, ransomware, and malware, and prevent an attack from crippling the infrastructure, or the ability to do business.
DORA compliance is a strategic advantage
Being DORA compliant is a strategic advantage in a highly competitive world. The date for compliance with DORA will come round quickly, and companies should begin their journey today. As there is much overlap with other regulations, these institutions can orchestrate their daily activities and projects to maintain compliance and security. Taking this approach indicates that your organisation respects your customers’ needs and provides them with the safest environments possible.
Leveraging Technology for Sustainable Logistics and ESG Compliance
by Will Lovatt, General Manager and Vice President, Deposco Europe
A growing number of consumers are demanding packaging that is sustainable and environmentally friendly.. Consultancy, McKinsey, recently launched a survey to explore people’s attitudes to the topic across 11 countries worldwide. In all surveyed countries and across end-use areas, the majority of respondents claim to be willing to pay more for sustainable packaging,
Of course, features and functions remain important, but the sustainability and ESG (Environmental, Social, and Governance) aspects of the logistics process are becoming increasingly significant in consumers’ purchasing decisions. The entire supply chain, including the sourcing of raw materials, manufacturing processes, packaging, delivery methods, return policies, labour practices, and initiatives for regeneration, is under scrutiny. Today’s informed consumers are making deliberate choices, favouring brands and delivery services that align with their values on these fronts. Therefore, it’s essential for brands to not only maintain high standards of service but also to provide a variety of delivery options. This range should cater to immediate needs as well as offer solutions like batched deliveries at convenient pick-up points, catering to the growing demand for flexibility and sustainability in the shopping experience.
Regulation and risk management
Consumers are undoubtedly a driving force in ESG-focused logistics transformation, but businesses must also meet a growing number of regulations that are driving the need for ESG considerations in the logistics sector. For example, the European Union’s Sustainable Products Action Plan includes several requirements for businesses to provide information about the environmental impact of their products. Now, we expect regulators to be closely monitoring final mile delivery and whether zero emissions vehicles are being utilised, at least within urban areas.
From a risk management standpoint, ESG considerations are critical. Neglecting ESG risks exposes businesses to reputational harm, financial penalties, and legal repercussions. Today’s consumer sentiment is such that unsustainable logistics practices can prompt consumer boycotts or lead to regulatory fines, underlining the importance of ESG compliance in modern logistics operations.
The role of technology in greening logistics
So what can businesses do to mitigate ESG challenges? To address ESG challenges, businesses must transition from traditional paper-based systems to advanced technology solutions. These solutions enhance visibility across the entire supply chain, from production to delivery. Distributed order management systems, for instance, offer real-time insight across extended fulfilment networks, enabling the optimised allocation of consumer orders to the most suitable stock sources, balancing cost and speed. In today’s era of stringent ESG and sustainability standards, it’s crucial for organisations to have comprehensive oversight over the movement of goods and the various stakeholders involved, beyond mere timing. This technological shift is essential for meeting the evolving demands of ESG compliance and sustainable logistics.
Actively tracking the credentials and integrity of every checkpoint in the supply chain is now everyone’s problem. Consumers care deeply about the ethical sourcing of raw materials and the labour practices of third-party logistics firms involved in product sourcing. Technology can allow organisations to map the complete movement of a specific customer order, from acquisition to final shipment, and then notify that customer directly.
Organisations then need to implement sustainable practices in the warehouse, leveraging technology to optimise operations. This includes using technology to determine the most efficient customer packaging sizes, reducing waste, and guiding staff on consolidating orders to minimise shipments and cut carbon emissions. Additionally, offering consumers options like click-and-collect can align with their existing plans, promoting sustainability rather than just delivery speed. Providing flexible delivery options is increasingly seen as crucial, as the fastest route is typically not the most eco-friendly.
A sustainable future
As data and computer security threats evolve, we’re now transitioning to increased controls around how our products are made, procured, packaged and shipped to the public. For a variety of reasons, from ethical to legal and public sentiment, ESG considerations and controls are becoming increasingly important in logistics and fulfilment.
Alongside this, the trajectory is for more sales to be made via Direct-to-Consumer channels, the desire for more convenient services and customer willingness to hop brands means that businesses must prioritise sustainable practices. Consumers now expect the ability to customise delivery parameters and choose from transparently-priced options, or they will take their business elsewhere. Brands must manage their order and delivery options effectively to stay competitive.
The key to improving supply chain management lies in adopting sustainable order management and fulfilment technologies. Companies should invest in the latest platforms that support best practices in ESG strategy. These advanced solutions enable compliant processes, cost-efficient operations, increased sales, efficient DTC fulfilment and positive customer experiences.
How AI is turning IoT data into actionable insights in the public sector
By Mark Gannon, Director of Client Solutions at Netcall
The use of IoT devices within the public sector is growing rapidly, presenting opportunities for greater efficiency, cost savings, and vast service improvements among a plethora of other benefits. From transportation, infrastructure and even waste management, the ability to monitor and capture data in a range of critical areas has the power to transform organisations across the sector.
Health and Social Care is one setting where IoT devices can drive real impact by significantly improving the day-to-day lives of vulnerable people. In fact, late last year, it was announced that the Glasgow City Region would receive over £3 million to deliver a Health and Social Care-focused project driven by IoT technologies, as part of wider 5G connectivity funding to make public services better. Remote sensors can be used within social housing to detect and control factors such as damp and mould whilst motion sensors can alert emergency services if a vulnerable resident has fallen – not only helping to provide better care, but enabling care to be delivered more efficiently and rapidly to those that need it.
With public sector spending under constant scrutiny, and wider budget cuts increasingly forcing those operating in the sector to achieve more with less, technology that can easily connect and exchange data from device to system, removing a number of manual workflows and processes, is proving invaluable. Taking that one step further, being able to leverage that data and turn it into actionable insights in the future is fast becoming an exciting reality.
So, what’s holding the public sector back from leveraging IoT devices in this way?
The short answer: Data.
Managing IoT-associated data adds a layer of complexity to those responsible for it. With IoT devices typically uploading data multiple times a day, analysing, and actioning the torrents of data can soon become a mammoth task.
IoT and AI: a winning combination
The application of AI alongside IoT is rapidly being recognised as a key solution to this rising data deluge. Not only can it ease the administrative burden by ensuring the IoT devices and any associated workflows are working effectively, but it can also be used to spot any trends and patterns within the device data. Insights such as these can inform longer-term solutions and decisions whilst also acting as predictive analytics to anticipate the likelihood of certain events occurring in the future.
In the case of Health and Social Care, this could mean predicting the probability of a vulnerable resident having a fall based on previous data gathered and putting preventative measures in place to reduce this. IoT wearables are another rising trend in the healthcare setting and can be used to track vital signs and detect anomalies that may need urgent attention. Meanwhile for social housing, using smart solutions including intelligent automation and IoT can help housing providers significantly reduce their risk management burden. For example, the data gained from IoT sensors in tenant homes can be used to proactively identify damp and mold risks and automate alerts.
Looking at the public sector more broadly, we could also see the combination of AI and IoT optimised services such as traffic management, waste management right through to public safety and even managing air quality. By using AI to analyse and draw insights from IoT devices, the concept of the smart city is much closer than we think. AI can use IoT sensor data alongside cameras already in position to adjust traffic signals, optimise routes and even detect incidents and alert public services. It is also expected to play a key role in managing and reducing public service energy consumption, by monitoring and controlling street lighting and other public infrastructures.
Turning insight into action
Whilst AI can take care of the initial analysis, to truly extract the value from IoT data, public sector organisations must ensure these insights are fed into the right systems and married up with the correct workflows to turn them into action.
Fortunately, with the use of application development tools such as low-code application platforms, organisations can rapidly create processes that utilise IoT and AI-driven data, connecting it to internal as well as third-party systems. These solutions move away from traditional development, which can be costly and time-consuming, and can empower broader teams to rapidly build and develop their own applications using a visual drag-and-drop interface. By doing so, organisations can quickly integrate systems and technologies to access actionable data.
As AI and IoT technology continue to advance, we can expect to see more innovative and impactful use cases in the future. Unlocking the benefits, however, will hinge on having the systems and processes in place to trigger next steps. By leveraging the tools that enable this, public sector organisations can use the data from connected devices to create powerful, proactive and dynamic services that fulfil the growing needs of its customers.
Enhancing sustainable commitments in retail banking
Source: Finance Derivative
Mikko Kähkönen, Head of Payment Cards Portfolio at Giesecke+Devrient
Today, more consumers are keeping environmental pledges from banks at the forefront of their financial decisions, and those banks that fall behind their competitors on sustainable action are risking the loss of customers, particularly among the younger generation. This shift highlights a growing expectation from consumers for their banks to make and uphold sustainable commitments, signalling a change in consumer priorities where environmental responsibility is increasingly seen as essential, not just an optional extra. Giesecke+Devrient research shows that as many as 64% of Gen Z consumers would be happy to switch banks if their current provider didn’t meet their expectations.
However, sustainable commitments must be authentic to avoid any accusations of greenwashing. Unfortunately for the banking sector, consumer trust is being strained as greenwashing incidents have risen by 70% around the world. Banks can’t simply make claims that can’t be backed up; pledges must be supported by evidence. There’s a number of practical steps they can take to prove their credentials.
Banking on the evolution of cards
The bank card has increasingly become a physical symbol of the relationship between consumer and bank. As such, banks have taken steps to ensure that it is designed with sustainability in mind. Many are now created with recycled PVC material, commonly up to 100%, with a lower carbon footprint.
Some banks are elevating their sustainable credentials by utilising cards that are made from plastic collected in oceans and coastal regions, helping to clear up the world’s beaches. Alongside this, others are issuing cards made of polylactic acid sourced from (inedible) corn starch. This is a fully renewable biomass that could be industrially composted.
Sustainable cards can then encourage further sustainable initiatives. We’re more often seeing issuers now actively taking part in local conservation, community development and educational projects around the world to help benefit the planet. Communicating these efforts to customers can help reinforce sustainable credentials and leave tangible evidence that proactive action is taking place.
Contributing to the circular economy
Powering the sustainable credentials of issued cards is one aspect, but it’s also vital that banks encourage their customers to do the right thing with them once they expire and they need to be discarded of. We’re already seeing prominent banks making progress in this area. UK retail bank, Santander, has launched a pilot scheme in branches and ATMs that encourages customers to return their outdated credit and debit cards for recycling, for example.
The collected cards are then turned into plastic pellets to be used elsewhere, for instance to make outdoor furniture, sponsored by Santander, for local communities. As more banks opt for card recycling, consumers will be empowered to dispose of their old or expired cards in a green way and help to reduce ecological footprint.
Into the digital world
Outside of card innovations, retail banks can add to their credible green claims with digital solutions. As an example, the card issuance process has typically involved paper letters, with additional PIN letter, that are posted out to customers to activate their payment cards. Instead, an ePIN service can enable customers to instantly access their PIN via their choice of a mobile app or SMS message, reducing paper waste and waiting times.
There are also innovations taking place in terms of QR codes and augmented reality (AR) solutions to enable digital marketing offerings. This means that printed collateral doesn’t need to physically sent out in the post. The more that these types of communications are sent out digitally, the more that consumers see a tangible commitment to sustainable practices.
Banks can even take an additional step by deploying third-party partners to track the CO2 footprint involved with every purchase or payment. By opting for organisations that have a solid track record in green practices, such as supporting product certifications and information on eco-products and their claims, they can make steps to compensate for each transaction carbon footprint.
Contributing to the green story
To ensure they don’t come under any criticism regarding their environmental claims, banks and financial institutions have the opportunity to adopt sustainable practices that align with their customers’ expectations for eco-friendly commitments in both their physical and digital services. They can introduce banking cards made from recycled or entirely compostable materials, eliminating plastic waste.
Digitally, banks can minimise unnecessary paper use by employing online applications to simplify the process of delivering PINs. By innovating in these domains, they can fulfil their environmental responsibilities and establish that essential trust with consumers, contributing positively to the planet’s wellbeing.