Connect with us



Source: Finance Derivative

By Michael Magrath, VP Global Regulations and Standards

Cryptocurrency has had a whirlwind of a year. The growth in popularity of currencies like Bitcoin and Ethereum saw valuations skyrocket, whilst government crackdowns in countries including China and Turkey – and even Tweets by Elon Musk – caused them to fall just as dramatically.

Meanwhile, financial institutions have bought and sold cryptoassets in vast quantities, mainstream consumer payment providers have started offering digital assets to their customers, and Bitcoin has even become legal tender in El Salvador.

However, these exciting developments have been punctuated by regular reports of significant cyberattacks on crypto exchanges and custodians. Research shows that $1.9 billion worth of cryptocurrency was stolen by hackers in 2020. And just last month, hackers successfully targeted Japanese blockchain-based platform Poly Network and extracted more than $600 million in Ethereum and Binance coins, as well as the stablecoin, USD Coin (USDC) tokens.

The crypto regulation challenge

Since the invention of crypto, regulation has lagged behind technological advancements in the space. Nonetheless, crypto continues to edge its way into the financial mainstream. Unlike cryptocurrency firms, banks and other traditional financial institutions are required to comply with complex and demanding security standards. These ensure that they’re equipped with the necessary resources and skills to continually adapt to the rapidly shifting cyber threat landscape.

Despite huge efforts from global regulators and international monetary organisations to effectively build frameworks for the secure, safe exchange and storage of crypto assets, the crypto space remains very underregulated. This can be attributed in part to the breakneck pace of innovation in the industry, which makes it nearly impossible for policymakers to ensure that consumers are protected.

Recently, Gary Gensler, US Securities and Exchange Commission chief, urged crypto trading platforms to register with his organisation on the grounds that many cryptocurrencies qualify as securities. He warned that, for the crypto market to still be relevant in ten years, firms would have to start operating within a public policy framework.

Today, many central banks are now working on releasing their own digital currency. These public currencies referred as Central Bank Digital Currencies (CBDC) will compete with private currencies like bitcoin and others. While this is an ongoing process, industry bodies and governments alike are seeking to establish regulations and guidance to ensure fair competition.

Lessons must be learned

Any technological innovation inevitably carries with it a degree of cyber security risk. Cryptocurrency is no different in this regard. Every new way to trade, store or monetise digital assets opens a new channel for hackers to exploit. It’s like when Apple releases an updated version of its operating system – a stream of security updates inevitably follows, as developers plug potential exploits and vulnerabilities. The difference is that most crypto firms have nowhere near the research and development resources of a major financial institution or tech giant.

All this doesn’t mean that the battle is lost, and crypto firms are condemned to a future of frequent cyberattacks. Instead, there are a series of practical, achievable steps that firms can take to protect themselves. Let’s examine the recent Coinbase hack. Though a disaster for the 68 million users at risk of losing their assets, by traditional finance standards, the cause of the breach was extremely simple – and therefore relatively easy to guard against in future. According to experts, the attack was a “SIM swap”, where hackers compromise victims’ mobile phone numbers and use these to authenticate themselves as a valid account holder.

For many years, SIM swap fraud was a method commonly used by malicious actors to gain access to the bank accounts of unsuspecting consumers. As a result, financial institutions moved away from using text messages as a form of authentication. Utilising text messages for multi-factor authentication (MFA) often puts the onus of protecting customer data on mobile network operators, whose systems are not designed to withstand such attacks. This is the security equivalent of locking the Mona Lisa away in a self-storage unit, rather than the Louvre.

The U.S. Federal Financial Institutions Examination Council (FFIEC) appropriately notes in its updated Guidance Authentication and Access to Financial Institution Services and Systems that not all MFA solutions offer equal usability and security pointing out that “certain MFA factors may be susceptible to ‘Man in the Middle’ (MIM) attacks, such as when a hacker intercepts a one-time security code sent to a customer.”  This is true as NIST uses this example in its Digital Identity Guidelines: Authentication and Lifecycle Management (Special Publication 800-63B). In July 2020, NIST published Special Publication 800-63: Digital Identity Guidelines FAQs reminding readers that SMS-OTP is a “restricted” authenticator.

Instead, most major banks now use Mobile PUSH notifications for MFA, verifying customer identities using a secure mobile app. These apps often employ the latest ID verification technologies – such as AI, biometrics and liveness detection – to ensure that access can only be gained by a genuine account holder. Looking forward, crypto firms urgently need to re-examine their user authentication practices, using these technologies to stem the flow of authentication-based hacks.

Implementing user verification policies

Unlike online banking fraud or card identity theft, it’s extremely difficult for crypto firms to mitigate the effects of a hack. This is because cryptocurrency transactions are irreversible and can only be refunded by the recipient. So, once a hack happens, funds are usually lost forever. This makes preventing hacks from occurring in the first place even more important.

What’s more, crypto networks typically rely on pseudo anonymity, where users are identified only by a string of random letters and numbers known as an address. This makes it very difficult to identify the perpetrators behind a hack and bring them to justice. Plus, since networks are decentralised and trustless, there is no way to identify transactions subsequently made with stolen cryptocurrency.

By contrast, traditional banks have for many years been subjected to stringent Know Your Customer regulations, designed to prevent money laundering. In 2019, the Financial Action Task Force (FATF) adopted strict AML/CTF requirements on Virtual Asset Service Providers (VASPs), which include crypto exchanges.  In its latest draft to revise its 2019 requirements, it states, “regardless of the nature of the relationship or transaction, countries should ensure that VASPs have in place effective procedures to identify and verify, on a risk basis, the identity of a customer, including when establishing business relations with that customer; where VASPs may have suspicions of ML/TF (money laundering/terrorist financing), regardless of any exemption of thresholds; and where they have doubts about the veracity or adequacy of previously obtained identification data.”

There’s no doubt that crypto firms need to take security more seriously. The risks of not doing so are enormous. On the one hand, every successful hack chips away at already shaky consumer trust. On the other, there’s the very real possibility of inspiring the ire of regulators, who have the power to impose draconian regulation that would stifle the growth of this nascent industry.

When it comes to security, crypto firms can learn a lot from their older, more established peers in the world of traditional finance. If they are to build and maintain the credibility needed to become trusted, mainstream providers of financial services, they need to avoid repeating past mistakes made by banks and financial institutions. It’s now up to crypto firms to take advantage of the wealth of security resources available to them.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Building a Greener Web: Six Way to Put Your Website on an Emissions Diet

By Roberta Haseleu, Practice Lead Green Technology at Reply, Fiorenza Oppici, Live Reply, and Lars Trebing, Vanilla Reply

Most people are unaware or underestimate the impact of the IT sector on the environment. According to the BBC: “If we were to rather crudely divide the 1.7 billion tonnes of greenhouse gas emissions estimated to be produced in the manufacture and running of digital technologies between all internet users around the world, it would mean each of us is responsible for 414kg of carbon dioxide a year.” That’s equivalent to 4.7bn people charging their smartphone 50,000 times.

Every web page produces a carbon footprint that varies depending on its design and development. This must be more closely considered as building an energy efficient website also increases loading speeds which leads to better performance and user experience.

Following are six practical steps developers can take to reduce the environmental impact of their websites.

  1. Implement modularisation

With traditional websites that don’t rely on single page apps, each page and view of the site is saved in individual html files. The code only runs, and the data is only downloaded, for the page that the user is visiting, avoiding unnecessary requests. This reduces transmitted data volume and saves energy.

However, this principle is no longer the standard in modern web design which is dominated by single page apps which dynamically display all content to the user at runtime. This approach is easier and faster to code and more user-friendly but, without any precautions, it creates unnecessary overheads. In the worst case, accessing the homepage of a website may trigger the transmission of the entire code of the application, including parts that may not be needed.

Modularisation can help. By dividing the code of a website into different modules, i.e. coherent code sections, only the relevant code is referenced. Using modules offers distinct benefits: they keep the scope of the app clean and prevent ‘scope creeps’; they are loaded automatically after the page has been parsed but before the Document Object Model (DOM) is rendered; and, most importantly for green design, they facilitate ‘lazy loading’.

  • Adopt lazy loading

The term lazy loading describes a strategy of only loading resources at the moment they are needed. This way, a large image at the bottom of the page will not be loaded unless the user scrolls down to that section.

If a website only consists of a routing module and an app module which contain all views, the site will become very heavy and slow at first load. Smart modularisation, breaking down the site into smaller parts, in combination with lazy loading can help to load only the relevant content when the user is viewing that part of the page.

However, this should not be exaggerated either as, in some instances, loading each resource only in the last moment while scrolling can annihilate performance gains and result in higher server and network loads. It’s important to find the right balance based on a good understanding of how the app will be used in real life (e.g. whether users will generally rather continue to the next page after a quick first glance, or scroll all the way down before moving on).

  • Monitor build size

Slimming website builds is possible not only at runtime but also at a static level. Typically, a web app consists of a collection of different typescript files. To build a site and compile the code from typescript to JavaScript, a web pre-processor is used.

Pre-processors come with the possibility to prevent a build to complete if its files are bigger than a variable threshold. Limits can be set both for the main boot script as well as the single chunks of CSS to be no bigger than a specific byte size after compilation. Any build surpassing those thresholds fails with a warning.

If a build is suspiciously big, a web designer can inspect it and identify which module contributes the most, as well as all its interdependencies. This information allows the programmer to optimise the parts of the websites in question.

  • Eliminate unused code

One potential reason for excessive build sizes can be dozens of configuration files and code meant for scenarios that are never needed. Despite never being executed, this code still takes up bandwidth, thereby consuming extra energy.

Unused parts can be found in own source code but also (and often to a greater extent) in external libraries used as dependencies. Luckily, a technique called ‘tree shaking’ can be used to analyse the code and mark which parts are not referenced by other portions of the code.

Modern pre-processors perform ‘tree shaking’ to identify unused code but also to exclude it automatically from the build. This allows them to package only those parts of the code that are needed at runtime – but only if the code is modularised.

  • Choose external libraries wisely

One common approach to speed up the development process is by using external libraries. They provide ready-to-use utilities written and tested by other people. However, some of these libraries can be unexpectedly heavy and weigh your code down.

One popular example is Moment.js, a very versatile legacy library for handling international date formats and time zones. Unfortunately, it is also quite big in size. Most of all, it is neither very compatible with the typical TypeScript world nor is it modular. This way, also the best pre-processors cannot reduce the weight that it adds to the code by means of ‘tree shaking’.

  • Optimise content

Designs can also be optimised by avoiding excessive use of images and video material. Massive use of animation gimmicks such as parallax scrolling also has a negative effect. Depending on the implementation, such animations can massively increase the CPU and GPU load on the client. To test this, consider running the website on a 5 to 10-year-old computer. If scrolling is not smooth and/or the fans jump to maximum speed, this is a very good indication of optimisation potential.

The amount of energy that a website consumes — and thus its carbon footprint — depends, among other factors, on the amount of data that needs to be transmitted to display the requested content to users. By leveraging the six outlined techniques above, web designers can ‘slim’ their websites and contribute to the creation of a more sustainable web whilst boosting performance and user experience in the process.

Continue Reading


The trends to expect in the future of work in 2023 through the lens of a CFO

Source: Finance Derivative

By Eliran Glazer, CFO at

Not a week goes by without significant evolution in the world of work. The landscape is continuously evolving and these shifts can be analysed from many different perspectives..As it has been in recent years, the position of the CFO will continue to be paramount in spearheading essential business initiatives, communicating with employees and other stakeholders, and ensuring cross-company alignment and advancement. However, how will the role of the CFO evolve in 2023 and what can those involved in financial decisions expect in 2023?

CEO and CFO alignment is crucial for success in 2023

CEOs and CFOs know a company’s success can only occur when they work in tandem to improve organisational performance for sustainable growth. To continue to expand, the CEO and CFO will work together more closely than ever to guarantee company operation, efficiency, resiliency and guidance throughout times of transition.

With the market changing at a rapid speed, organisational agility is vital for continued success. When the CEO and CFO are closely aligned, they bring their areas of expertise to the table to drive crucial strategic decisions together so the organisation can adapt to a changing economic landscape.

This is even more applicable in the current macroeconomic environment and geopolitical tension,  when every business decision has a significant financial weight. With 70% of boards of directors looking to accelerate digital business endeavours and strategies, finance leaders will have an integral role when it comes to ensuring sustainable company growth.

Investments in digital tech is paramount this year

Since the onset of the Covid-19 pandemic, teams have taken a more dynamic and digitised approach in collaboration to address remote work, across time zones, between offices and at home. For 2023, corporations should expect to see further investment in digital technology that will enable teams to have a more harmonised approach to the digital workforce. Finance leaders will play a substantial role in implementing the processes and structure by identifying the right tech tools needed for this approach. Due to this, CFOs must now be aware of the need to adopt digital technology to drive efficiency.

Based on research from a Gartner survey that polled CFOs in July 2022, 66% said they planned to expand their investment in digital technology in the next 12 months. Additionally,another 32% said they would uphold such spending – the most significant percentage of any spend category. To best serve hybrid workers, businesses will need to enhance not only the customer experience but also their employee experience and satisfaction through the support of dynamic and digital collaboration tools.

Proactivity & transparency in this era of change

During this unpredictable economic climate, proactivity and transparency from finance leaders are key for making decisions that are data-driven and staying agile. To stay agile, CFOs must actively drive collaboration and partnering across functions to position the enterprise to respond to the challenges. This requires finance leaders to ensure that employees are kept in the loop of strategic decisions pertaining to the company. This can only be done by  regular updates to the employees about the company’s range of projected scenarios for the upcoming months and any planning adjustments.

To ensure success and resiliency in combatting today’s challenges, finance leaders must be proactive and transparent when conveying the business landscape. It is crucial that CFOs set realistic expectations and break down concepts so that they are well understood and clear for all employees within the company. Educating employees about  financial jargon alongside the state of the global economy will also help them find their footing in these challenging times.

2020 marks a milestone in the evolution of a CFO

While 2023 may seem challenging for CFOs with this great responsibility, they have a unique opportunity to make a significant and positive impact. What is most important for a company to overcome the challenges in 2023 is how flexible and nimble they can be, which requires the CFO to be a crucial player in the company’s growth during these times.

The scope of the role of CFOs has changed over the years. It is no longer solely on how to scale a business, but rather how to focus on the efficiency within that growth. To facilitate opportunities, the role of finance leaders will continue to expand this year. By identifying ways in which the CFO role can produce results, support, and even lead other parts of the company, will stimulate more collaboration, communication, and, ultimately, success.

Continue Reading


Top 5 benefits of low-code development in financial services

Source : Finance Derivative

By Richard Higginbotham, Product Manager at Netcall

Amid the rise of challenger banks like Monzo and Resolut, traditional financial services institutions have never been under more pressure to deliver the innovative and personalised service conferred by digital transformation. The banking sector could stand to gain $1 trillion a year from artificial intelligence and machine learning alone. However, many institutions struggle with how to achieve results. Low-code development not only offers an accessible conduit to digital transformation, but it also comes with a host of other benefits.

Read on to learn about some of the top benefits financial services gain from low-code:

  1. Faster in-house development

Through a low-code application platform designed for business users, financial services organisations can develop full-stack applications three to 10 times faster than with standard development. Low-code makes it possible for business users to develop beyond core function with oversight from IT, increasing developer capability and expediting app development from months to just days in some cases.

This enables businesses to accelerate digital initiatives despite acute shortages of skilled developers. The ease of making changes to low-code applications and the ability to rapidly develop solutions creates the organisational resilience and agility the financial sector needs for long-term success.

Low-code applications combine well with robotic process automation, making integration possible even where legacy applications have proved challenging. This unlocks greater opportunities for automation at scale and improves customer experience, leading to greater returns and efficiencies.

  1. Improved experiences for customers and employees

Our use of technology is rapidly evolving, with the emerging generation of consumers reshaping expectations around digital access to products and services. In this environment, financial services organisations can’t afford to fall short of demands for digital.

Low-code applications provide the capability to build, extend and adapt digital services for consumers. For example, they can provide proactive notifications that keep customers abreast of account activities and give them the capability to manage their accounts in real-time. Customer engagement is improved as financial institutions interact with customers within the channel of their choice, without disrupting the customer journey.

Legacy systems and technology, on the other hand, often struggle to keep pace to support evolving products and services. Employees take the strain as they bridge the gap between applications with manual and spreadsheet-based processes.

However, the intelligent automation capabilities of low-code development and robotic process automation ease this burden on employees and drastically reduce the inevitable errors that occur when employees do repetitive and monotonous tasks, like data entry.

Manual paper-based processes are moved online, giving thousands of hours back to employees. Human-in-the-loop features enable employees to intervene to ensure automations are producing intended outcomes and that governance is maintained. Applications can be built to accommodate robust compliance and security measures, protecting consumers and employees.

Further, by easing the load on employees, they are able to be more creative, offer better customer support, and devote more time to value-adding tasks.

  1. Innovative solutions

Faster development through low-code also facilitates innovation because the speed, cost-effectiveness and ease of it allow for repeated iterations. This means businesses can trial new automations and make immediate adjustments to accommodate rapid changes and unstable market conditions.

Low-code provides business users within financial services the ability to contribute to their organisation’s digital transformation. This is advantageous as business users have a different perspective than IT teams. They’re involved in the day-to-day running of things, so they’re going to be well-positioned to suggest the processes that would most benefit from being reimagined through low-code.

Low-code development allows these digital solutions to be tested and tweaked until they are optimised. Even once they have been deployed, the ease of making adjustments encourages innovations, allowing applications to be continually amended to foster more productivity.

Low-code applications reflect the imagination and creativity of employees. If they can imagine a solution, they can create it – and the right low-code application platform gives them the resources they need for this.

  1. Easy integration with existing systems and new ones that emerge

When it comes to digital transformation, many financial services organisations struggle with their legacy systems. Extending, adapting or changing the function of legacy technology can be expensive, time-consuming and fraught with risk. Low-code’s ability to work around this issue has made it popular within the sector.

Low-code applications and robotic process automation provide the capability to create new functions and applications that integrate, unify and extend legacy systems. Most significantly, this can be achieved without making changes to the underlying system. With this approach, data silos are broken down, creating a single view of processes and single point of access to data, which enable seamless customer and user journeys. This is all accomplished faster, more efficiently and without risk, presenting huge opportunities for financial services institutions.

  1. Actionable data insights

By eliminating data silos through low-code, employees have access to the right information when they need it. They have a comprehensive view of a client’s contextual information and previous interactions with the organisation.

When a low-code application platform with artificial intelligence and machine learning features is adopted, decision making capabilities are unearthed, producing rich insights that inform more strategic decision making, drive productivity, save costs and generate growth.

An approach to digital transformation that incorporates low-code development platforms and robotic process automation will increase productivity, reduce expenses and generate operational efficiency to help financial services organisations achieve excellence. Agile, iterative development capabilities expand their ability to rapidly streamline and smoothen customer and user experiences.

The businesses that commit to this approach are going to be best positioned for fast returns on investment and long-term competitiveness. For those who have yet to start, it presents an opportunity to start small and scale fast. For others who are further along in their transformation journey, it provides the opportunity to accelerate their efforts and avoid costly missteps thanks to inherent agility. Intelligent automation using an AI-powered low-code and robotic process automation platform is going to help you get to where you need to be on your digital transformation journey faster.

Continue Reading

Copyright © 2021 Futures Parity.