Connect with us

Business

DORA Compliance in Financial Organisations: What You Need to Know

Source: Finance Derivative

Nick Hogg, Director of Security Training, Fortra

The regulatory landscape is tightening for European banking, financial, and insurance institutions. Besides adhering to various local and global legislations, these organisations must prove compliance with the Digital Operational Resilience Act (DORA) by 17 January 2025. DORA “sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services.”

This deadline will occur almost a year after the due date for PCI DSS 4.0 compliance and serves as a reminder that as the threat landscape evolves, so does the legislative one. Both DORA and PCI DSS 4.0 present excellent opportunities for financial organisations to re-evaluate their procedures for all compliance legislation and security requirements.

What can financial institutions do to ensure they are compliant?

Scoping and identifying overlap

The first step is identifying the risks faced and establishing the appetite for risk. Once these have been identified, organisations can then look at their existing policies, processes and defences to understand where existing elements can be reused or adapted to reduce the burden on the business. These steps will assist with prioritising projects and spending to ensure efficient use of resources.

Understand your environment

Having clear and consistent visibility into your infrastructure, whether on-premises or in the cloud, is essential to understanding whether something is at risk or poses a threat. Vulnerability scans, penetration testing and red team exercises are tools and techniques that help businesses identify those gaps that can be improved. Increasing the frequency of these scans and using automation to run them on a repeatable basis will help to lessen the impact on the teams involved. This increased visibility can help a company to respond to the small changes and risks swiftly. Financial organisations  must also account for the internal changes that may cause a system to break or halt. Configuration change management and file integrity monitoring can help to reveal exactly what has changed, when, and who has made the change to avoid mistakes from crippling an entire organisation.

Business continuity and resilience

While prevention is an essential strategy, organisations cannot stop 100% of compromises and preparing for when something slips through the cracks of security controls is key. All the regulatory frameworks recognise that organisations will eventually experience some compromise or downtime, so balancing prevention with response strategies is a mature approach to security and compliance.

Treat internal and supply-chain risks

It’s important to mitigate the threats to infrastructure and software that might damage resilience. A simple inattentive moment can result in an employee clicking on a malicious link or opening an infected attachment. The best way to prevent this is to make security a constant presence, both technically, and logically. Technical data loss prevention tools, as well as security awareness training can augment existing controls.

Another necessary component for mitigating these threats is focusing on the third-party supply chain, which is also a critical ingredient of DORA compliance. Businesses must get visibility into the risks from suppliers and partners, especially those from software or applications. This is best achieved with careful review to make sure that these external parties meet the standards of the hosting organisation.

Discover hidden vulnerabilities

Financial organisations must invest in vulnerability scans and pen testing to ensure ongoing compliance and solid risk management. Both are valuable tools because they give a complete understanding of the posture and the gaps. They provide valuable insights and information that security teams can leverage to strengthen compliance security and get buy-in from the executives to allocate budget and resources to implement projects. The data from these scans and tests can also become instruments to help re-prioritise tasks and projects because they provide a more representative glimpse of what could happen if an attacker exploits these risks. Pen tests and vulnerability scans can determine the real-world impacts that may not be realised in a risk assessment.

Partner with a managed service provider

Another important consideration is evaluating whether a financial organisation has the capacity to become compliant or needs to hire additional resources. Buying the tools required for security and compliance is just one step. Organisations also need to consider the ongoing administration and management that will result from these additional resources. Hiring security professionals to build a security team is hard, and organisations must provide training to retain them. This is the best time for financial companies to consider managed security services, like detection and response, or data loss prevention. A managed service provider greatly extends the existing security team and is a cost-effective approach to security and compliance.

Train your employees

Financial organisations must also focus on training their employees about security awareness. A good strategy is to focus on one topic a month and avoid overloading people with acronyms and technical jargon. The content must be relative to the employees’ day-to-day operations and provide the context required to understand why a lack of security can cause a massive problem for an organisation.

Build additional layers of defence

Training is enormously effective; however, businesses need additional layers of defence to fortify themselves against evolving threats. These technology layers can help detect phishing emails, ransomware, and malware, and prevent an attack from crippling the infrastructure, or the ability to do business.

DORA compliance is a strategic advantage

Being DORA compliant is a strategic advantage in a highly competitive world. The date for compliance with DORA will come round quickly, and companies should begin their journey today. As there is much overlap with other regulations, these institutions can orchestrate their daily activities and projects to maintain compliance and security. Taking this approach indicates that your organisation respects your customers’ needs and provides them with the safest environments possible.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

2024: THE year for customer experience enhancement

Source: Finance Derivative

Rob Paisley, Director, Banking and Financial Services, SS&C Blue Prism 

How recently have you relayed to someone the immaculate service that your tax office, bank or insurance company provided you with? From renewing a bankcard, buying a house or undergoing an investment fund transfer, financial organisations are not noted for their NPS scores.

Nowadays, banking customers find the service inconvenient, due to errors, hidden fees, delays and fund-accessibility issues to name a few, not to mention that financial organisations must compete in a world where online shopping is only a few clicks away. In fact, in terms of satisfaction, customers rank their streaming and parcel delivery service higher. Highlighting the general dissatisfaction is the TrueDigital Quotient, standing at a meagre 25%, emphasising the consensus amongst customers regarding transactions processed wholly through digital channels.

And, while large financial organisations and banks are addressing enlarging customer satisfaction, decreasing operational costs and steering revenue growth by using artificial (AI) solutions at a future time, wouldn’t a more reasonable solution be to manage digital processes through investment in existing intelligent automation (IA)?

Neobanks and digital banks leverage intelligent automation for faster customer journeys. This includes ‘know your customer’ checks, digital onboarding, and seamless processes, catering to both digital and traditional customers effectively – meaning customers can get what they want quickly and without pain. For younger customers, this means digital banking, while traditional customers are provided with better service at a physical location that includes digital offerings.

In banking and finance, most companies think of RPA-IA as an efficiency tool, but significant opportunities often unexpectedly arise when they start to deploy it. Often, it’s the customer experience that benefits most as it’s not just about efficiency. Automation software can help re-imagine your offerings with the customer at the center of it. Amidst the AI rush, revisiting foundational basics before proceeding may be prudent, as IA establishes essential groundwork often overlooked.

Repeated shortcomings for the banking customer

From routine tasks like mortgage applications to specialised services, such as closing accounts, infrequent or one-time customer experiences, significantly shape long-term loyalty and recommendations.

Let me paint you a picture with a tangible example of why people might take their business elsewhere, to illustrate how today’s predominantly young customers are not brand-loyal, and seek the easiest route to fulfil their needs swiftly.

If you join a cloud-based digital bank that has no branches, all transactions will likely be delivered by a 24/7 customer support hotline. Certain banks like this also don’t do checking accounts, only high yield savings CDs and loans which many people are attracted to given preferrable interest rate offers. This all sounds great, but you still run into the infancy of some of these technologies.

To do a mobile cheque deposit, we’ve had clients say it might take 14 days to clear. That’s not good enough. Even two days isn’t good enough given the technology available for these processes. It may also require the customer to write a restrictive endorsement on the back of the check saying it can only be deposited at the specific bank. Once the endorsement is written, it can’t be taken anywhere else other than that bank. If they reject it, they don’t have branches, so customers can’t walk in and talk to a human being and talk to someone.

Anything that improves time to resolution in a self-service fashion on a digital channel helps, but in reality, it’s a dichotomy. How can you have a cashless society until you solve basic issues like that one? It’s a pain to transfer out and you don’t really want to, but lethargy is inherently baked into the system so anything that can speed up the process is going to improve the customer experience.

Dissatisfaction often goes unvoiced, with customers silently departing without notice. Many companies remain unaware until weeks later, indicating a blind spot in recognising and addressing evolving customer behaviour.

With so much money at stake why are organisations struggling to get it right? This year, customer experience takes center stage, with forward-thinking companies investing in process intelligence, business orchestration and automation. Those lagging lack measurement tools and awareness of their shortcomings. Banks excelling in this realm employ more than 500 digital workers and meticulously measure outcomes, while others trail behind with fewer than 10 or none at all.

Cash no longer reigns supreme

Northern Europe boasts the largest global digital banking market, with Sweden dominating with a 98% cashless economy. Nordea, a leading bank in the region, spearheads this transformation by prioritising customer-centricity around the concept of ‘the idea of something better’ through cutting-edge mobile and digital banking solutions. Despite its 200-year legacy, Nordea embraced online banking early on, and in 2015, it adopted banking automation software to revolutionise its operations. Some six million transactions are processed by its digital workforce, including simple tasks such as new card requests, reducing errors and costs, allowing Nordea to tailor its services based on customer preferences.

“It’s one of the key aspects where we want to be the leading bank. We have invested a lot into our mobile bank, which is regarded as the best in the Nordic markets,” says Ossi Leikola, Head of Operations at Nordea. “We also believe very much in a personal relationship with our customers – that’s why we’re very interested in omni-channel.”

Through Nordea’s employment of almost 400 workers and 450 automated solutions for its 10 million customers around the globe, customer satisfaction levels have transformed. Subsequently, by using SS&C Blue Prism intelligent automation, the bank is positioned as a regional leader.

Where customer experience is concerned, efficiency is crucial to retaining loyalty. Companies providing customers with prompt, precise interactions excel in the industry. Intelligent automation solutions streamline transactions, enhancing customer satisfaction, and therefore loyalty. In the current informed market, banks should prioritise use of tools on enhancement, or risk reputational damage to the organisation.

Continue Reading

Business

Money laundering red flags: How to identify and combat financial crime

By Andrew Doyle, CEO, NorthRow

Money laundering, the process of disguising the proceeds of illegal activities as legitimate funds, is a grave financial crime that undermines the integrity of financial systems worldwide. 

When you consider that the National Crime Agency estimates that £10 billion of illegal money is laundered each year in the UK, financial institutions and regulatory authorities have a responsibility to be more adept at recognising the red flags indicative of these illicit activities. Understanding these warning signs is crucial in the ongoing battle to maintain financial integrity and protect the economy from the corrosive effects of money laundering. 

So, what exactly are the warning signs?

Unusual transactions

Financial activities that deviate significantly from a customer’s known income or business patterns is a clear warning sign. This can include large deposits, withdrawals, or transfers that seem inconsistent with their profile. 

Financial institutions need to scrutinise transactions in the context of their knowledge of the customer’s usual financial behaviour, risk profile and the nature of the business relationship. Any significant deviation should prompt a closer look to determine if the activity is legitimate or if it signals something more sinister.

Unexplained source of funds

Large sums of money appearing in a customer’s account from private or unfamiliar sources should raise immediate concerns. It is vital to look at how they acquired these funds and request supporting documentation such as bank statements, recently filed business accounts, or official documents like property or share sale records to verify any such transactions. 

When cash transactions are involved, the difficulty of tracing the origin of funds increases, making thorough due diligence even more critical. In such cases, the institution must ask whether the source of funds aligns with their knowledge of the customer and if there are any indications of criminal involvement.

Rapid movement of funds

When funds are swiftly transferred without a clear and justifiable business purpose, it can suggest an effort to conceal the true origin of the money. Sudden and unexplained changes in a customer’s transaction patterns, such as an abrupt increase in activity or a shift in transaction types, should also raise suspicion. These deviations may indicate attempts to disguise the nature of financial activities.

PEPs

Transactions involving Politically Exposed Persons (PEPs) are particularly high-risk due to the potential for corruption. PEPs include individuals holding prominent political positions and their close associates, who may be more susceptible to engaging in corrupt activities. These individuals often have access to substantial funds, making it easier for them to participate in money laundering schemes. Financial institutions must exercise enhanced due diligence when dealing with PEPs to mitigate the risk of being used to launder illicit gains.

Inconsistent documentation

Inconsistent documentation is another critical indicator of potential money laundering. This can include altered or forged documents, incompatible details between different records, or paperwork that does not align with the nature of the transaction. These inconsistencies suggest a lack of transparency and honesty in financial dealings, potentially indicating an effort to hide illicit origins or intentions. Financial institutions should be wary of any documentation that appears tampered with, or that provides conflicting information about a transaction.

Refusal to cooperate 

When customers are uncooperative or evasive in response to requests for additional information or documentation, it should raise immediate concerns. Avoiding straightforward questions about the purpose or source of funds, failing to provide necessary documents, or showing reluctance to clarify details can indicate a deliberate attempt to conceal illicit activities. Financial institutions must be prepared to report suspicious activities to the appropriate authorities for further investigation.

The presence of one or more of these red flags does not necessarily confirm money laundering but definitely warrants closer inspection. Financial institutions in the UK are legally required to implement robust procedures to detect and prevent money laundering. These measures include conducting thorough customer due diligence, continuously monitoring clients for any adverse changes to their risk profile, and reporting suspicious activities to relevant authorities.

Recognising and responding to money laundering red flags is essential for maintaining the integrity of the UK’s financial system. Financial institutions must remain vigilant, ensuring they have the procedures and expertise necessary to detect and address suspicious activities. By doing so, they can play a crucial role in combating financial crime and safeguarding the economy from the detrimental impacts of money laundering.

Continue Reading

Business

The Human Advantage: Turning human-centred leadership into commercial success

By Helen Wada

We are living in a world where AI is becoming more prevalent, the economic environment is as challenging as it has ever been, yet organisations are at the same time being asked to become more “human-centric” and focus on their people.

A shift from performance to people

The 1980s and 1990s were characterised by a relentless performance culture, where metrics and outcomes were paramount. Autocratic leadership of the past gave way to a more collaborative approach as we entered the 21st century and we saw technology begin to disrupt the way in which we worked. Deliver more with less, work in a different way, grow the top line and reduce costs and technology was driving efficiency and growth.

Helen Wada

Today, as we look forward to 2025 and beyond, technology is once again shifting the dial, but there is also a real shift towards people, we are moving into a new era. The Human era.  Helen Wada, a top UK top executive business coach, who has spent more than 25 years in the corporate world working across professional services and with global organisations, is witnessing firsthand the need to prioritise the essentials of being human. 

The pandemic brought this sharply into focus as we think back to how so many within all kinds of professional settings kept the wheels in motion at a time of fear and uncertainty. Medical workers, civil servants and retail workers all continued while others were told to stay at home. Since then, there has been a significant shift in focus on prioritising humanness unlike ever before, yet the commercial imperative remains – and in some instances the commercial pressures are felt even more than before the pandemic.   

Combining the need to drive growth  while building a human centric culture

One of the main challenges businesses face is finding the middle ground between human-centred initiatives and commercial goals.

In March of this year, Forrester explored what human and technical skills will matter most to B2B Marketers…”Technical and AI analytical skills will no doubt have a crucial role to play, but those in B2B customer facing roles must develop soft skills such as self-efficacy, cognitive abilities, empathy and excellent communication. These human skills are vital for building strong relationships with clients, collaborating with team members and adapting to changing market dynamics.” In addition…we need leadership skills and business acumen….The reality is we need to think about developing that whole person.”

A Gartner survey conducted in 2022 found that 90% of HR leaders believe that to succeed in today’s working environment, leaders must focus on the human aspects of leadership. However, only 29% of employees report that their leader is a human leader.

According to Helen’s philosophy, these “human skills” that sales leaders require align completely to those that she developed through her executive coach training back in 2015.  Helen had always shied away from sales, preferring to focus on her technical expertise and delivery.  Yet, after training as an executive coach, she found a new confidence in having open-ended conversations with customers, building relationships and creating insight and value through the quality of her conversation and challenge.

This got her thinking, was there a way that coaching could prove to be the bridge between human-centric leadership and commercial focus

The Harvard Business Review, along with many other reports has highlighted the role of quasi-coaches; leaders who blend coaching with their managerial roles as pivotal to successful leadership.  But can this be taken one step further.

The sales leaders of tomorrow, not only require their technical expertise, their ability to collaborate and work with AI, they require these human skills, to connect with customers, be curious and create value.

Human-centred leadership in practice

Human-centred leadership requires an approach that looks at everyone as individuals. It is important to understand a person’s aspirations, values, and what drives them. This can be difficult where development programmes are delivered at scale with a one-size-fits-all approach.  Common coaching skills can be developed, yet the outcome of a coaching conversation is always personal and unique.

By themselves adopting a coaching mindset, leaders can demystify complex issues and foster a culture that supports both personal and professional growth. Helen’s thesis asserts that human-centred and commercial cultures do not have to be separate. Instead, they can “coexist harmoniously through coaching. By developing leaders as coaches, organisations can scale human-centric practices, as well as provide the skills required to foster commercial relationships, where connection, curiosity, challenge and collaboration are at the heart of working together.”

Scaling human-centric practices

At the heart of a coaching culture is the creation of personal responsibility and accountability.  Coaching, by its very nature encourages others to grow and thrive, creating a culture of trust and responsibility for everyone to play their role in their own personal growth and development.

By starting at the top, Helen highlights that coaching provides a framework that equips leaders with the skills to understand and support their teams effectively, as well as having better conversations with their clients, whether external or internal to the business.

This is particularly relevant in professional service or partnership environments, such as accounting, law, or engineering, where technical expertise is valued for promotion to a certain point, but to reach the next level of leadership requires an ability to build a different type of relationship with customers – often exploring areas outside of their comfort zone.

Coaching and coaching skills also support individuals deal with uncertainty, as Helen explored with a fellow coach, Paul Golding in her podcast Human Wise.

The HUMAN Framework

Helen has created a framework that encapsulates the essence of human-centred leadership, based upon coaching principles

H: How you show up

U: Understand yourself and others

M: Mindset

A: Act & Adapt

N: Next steps

By working with this framework,  leaders and executives can have a practical way to embrace a way of operating that fosters a human-centric culture with a commercial lens. The best outcomes for you, your team and your business.

The benefits of investing in coaching are both qualitative and quantitative. Qualitatively, individuals understand more about themselves, they gain confidence and develop stronger leadership capabilities.

Stretching these skills into commercial conversations translates into quantitative benefits   where companies can see tangible commercial outcomes resulting from an increased confidence in the market, new relationships, new opportunities, and an uptick in revenue and profitability.  All resulting from deeper, connections and human relationships.

Helen’s approach to coaching emphasises that making the human advantage your commercial advantage is not just beneficial, but essential to business success in today’s human-centric world.

Continue Reading

Copyright © 2021 Futures Parity.