Technology
IMPROVING OPERATIONAL RESILIENCE WITHIN FINANCIAL ORGANISATIONS
Source: Finance Derivative
By Owen Miles, field CTO at Everbridge
Financial institutions play a critical role in the international economy by enabling the transactions that power businesses, foster innovation, and fuel the everyday lives of people around the world.
With billions or trillions of dollars under their purview, financial enterprises have an enormous responsibility to safeguard their assets from hackers, fraudsters, and thieves – not to mention the equally serious threats of the physical environment and the natural world. It is not an easy task. The risks are everywhere, and many threat vectors are increasing in scope and intensity.
Financial organisations are also a number one target for malicious cybercriminals, with recent data revealing that cyberattacks are increasing at a dramatic rate, impacting almost all businesses across the globe.
For instance, the FBI recently reported a 300 percent increase in cybersecurity activity since the start of the COVID-19 pandemic. Businesses and individuals are now lodging between 3000 and 4000 complaints every day as bad actors take advantage of the pandemic’s uncertainty and the changing online habits of employees and consumers.
When these cyberattacks are successful, they can cost enterprises dearly. In 2020, the average cost of a cyberattack was $3.86 million, with total losses from these events projected to reach $6 trillion by the end of 2021. In addition to this, the world is also in the midst of a ransomware pandemic, where cybercriminals are using malware to hold systems and data hostage in return for payment. These attacks are reportedly happening every 11 seconds and netted cybercriminals over $590 million in the first half of 2021.
Unfortunately, many enterprises feel poorly equipped to protect their interests in the cyber environment. In 2021, an IDG survey revealed that 78 percent of senior IT and IT security leaders believe their organisations do not have the processes and controls in place to fend off a cyberattack. Participants expressed dissatisfaction with their organisation’s security roadmap, technologies and tools, and the skills of their internal teams.
While these doubts are prompting a significant hike in spending on cybersecurity over the next 12 months, true operational resilience can only be attained when financial organisations take a holistic, coordinated approach to addressing digital and physical risks across the entire enterprise.
So, what are the best strategies to achieve lasting operational resilience?
Below are some top recommendations from some of the world’s most experienced security, compliance, and risk management executives from high-profile financial institutions on the best strategies to achieved operational resilience in the face of the increasing risks posed by cybercrime. The recommendations will help any enterprise accelerate its progress into true operational resilience.
- Take the 360-degree view of risk across the enterprise:
Cybersecurity is critical, but being able to respond to threats in the physical environment is equally important. Create a multidisciplinary risk response taskforce that includes everyone involved in keeping the enterprise secure.
- Break down existing siloes and avoid creating new ones as the enterprise grows:
A common taxonomy is key for busting siloes and ensuring that everyone is able to effectively monitor threats. When integrating new units into the business, consider ways to retool their processes and systems to align with shared frameworks.
- Foster communication with leadership and across internal teams:
Engaging leadership to generate buy-in and understanding who to contact when is crucial for meeting regulatory requirements and remaining agile.
- Assess risk early and often to stay ahead of potential threats:
Real-time risk identification may still be somewhere in the future, but keeping a regular schedule of thorough risk assessments can prevent issues from slipping through the cracks. Making frequent risk assessment a core competency for the enterprise can help prepare organisation for taking a proactive, predictive stance.
- Reinforce the ongoing value of security, risk management, and resilience activities:
Work closely with senior leaders and staff at all levels of the organisation to explain the importance of investing in risk management and mitigation. Provide accessible and impactful educational resources to encourage positive behaviours – and don’t get discouraged if widespread change takes time.
As digital and physical risks continue to rise for financial enterprises, operational resilience is more important than ever. By identifying common challenges and deploying effective solutions, risk management executives can support the monetary, reputational, and regulatory health of their organisations when unexpected threats put stress on the enterprise.
You may like
Business
The need for speed: Why fintechs must supercharge background checks to stay competitive
Source: Finance Derivative
By Luke Shipley, Chief Executive Officer and co-founder at Zinc
In the fast-paced world of finance, and particularly where finance and technology intersect, hiring candidates with the right skills is crucial for staying ahead of the competition. For fintech firms, conducting fast yet thorough background checks is key to balancing regulatory compliance with the need for speed.
However, financial regulations in the UK demand rigorous oversight to safeguard consumer data, prevent fraud, and maintain financial stability. As part of these regulations, fintech companies must conduct thorough background checks to ensure new hires align with compliance standards, mitigating risks to both the company and its customers. These checks involve verifying critical information such as financial history, credit reports, criminal records and employment history, which are essential for determining the suitability of candidates handling sensitive financial data. These checks are both time-consuming and resource-intensive, slowing down the hiring process.
Fintech firms can sustain rapid growth and meet regulatory obligations without sacrificing operational efficiency by streamlining this crucial part of the hiring process with the right tools. This also enables HR teams to focus on creating a positive experience for new hires, rather than burdening them with additional administrative tasks. Implementing efficient systems that reduce these checks from weeks to days allows companies to swiftly onboard talent, maintain customer trust, and stay competitive.
Challenges of traditional background checks
Traditional background checks in the fintech industry are complex and time-consuming due to the stringent regulatory requirements that financial organisations must follow. Verifying candidates’ financial history, running credit reports, conducting Disclosure and Barring Service (DBS) checks, and confirming employment history for the past several years are all critical tasks. These checks are not only meticulous but also require coordination with external agencies, which often slows down the process.
Manual handling of these background checks can extend the hiring timeline by weeks or even months, creating operational inefficiencies for fintech companies that need to scale quickly in a competitive industry. Prolonged hiring cycles can also lead to delays in onboarding vital talent, putting added pressure on already stretched teams.
For HR departments, managing these extensive checks manually places a heavy administrative burden. The time spent gathering documentation, verifying information, and coordinating with third parties diverts HR professionals from focusing on more strategic initiatives, such as talent acquisition and improving the candidate experience. As a result, the manual process not only hinders recruitment efficiency but also affects the company’s ability to attract top talent in a timely manner.
Role of technology in streamlining background checks
Here, technology plays a crucial role as it revolutionises the background check process in fintech by reducing manual interventions and simplifying time-consuming tasks. Automated platform systems now handle complex steps like identity verification, credit checks, and employment history validations far more efficiently than traditional methods. These technologies not only speed up the process but also provide one centralised place for employee documentation and improve accuracy by reducing the risk of human error in verifying critical information.
Automation also allows fintech companies to complete thorough background checks in a fraction of the time, continuing to ensure global compliance without delaying the hiring process. HR teams are freed from the burden of manual data gathering by automating repetitive tasks and reminder emails so they can focus on higher-value activities, such as candidate engagement and talent strategy.
Moreover, integrating background check platforms with existing HR systems streamlines recruitment workflows. This integration ensures a seamless transfer of data, and provides real-time updates on the status of each candidate’s background check. The result is a faster, more efficient hiring process that allows fintech firms to onboard new employees quickly, creating a positive reflection of their brand at every stage of the onboarding process.
Improved candidate experience
Technology in recruitment not only benefits HR teams but also significantly enhances the candidate experience. Automated systems cut down lengthy waiting periods, helping candidates move through the hiring process more swiftly.
From digital applications to real-time status updates, candidates enjoy a seamless, transparent process, which minimises stress and uncertainty. This streamlined approach improves communication and ensures that candidates are informed at every stage of their check progress, fostering trust and keeping them engaged. Additionally, modern tools like AI-driven assessments or automated interview scheduling save time, allowing candidates to focus on showcasing their skills rather than dealing with logistical hassles. Fintech companies can improve their overall employer branding by providing a more efficient and organised hiring process, attracting top talent who appreciate a modern and tech-forward experience.
It is why speeding up background checks is crucial for fintech companies aiming to stay competitive. By leveraging modern technology, these companies can benefit from greater efficiency, regulatory adherence, and an enhanced candidate experience. Fintech firms should embrace tech-driven solutions to balance speed and regulatory requirements, ensuring a smooth, transparent, and efficient hiring process.
Business
Three key questions on the road to AI adoption
By Gert-Jan Wijman, VP & GM EMEA, Celigo
In the world of IT, there is rarely a period when some technology trend isn’t promising to deliver greater efficiency, productivity, and competitive advantage.
Few trends, however, have ever been met with the level of attention, expectation, and investment that AI is currently receiving. Usually, we would expect to see diversity in how businesses react to new technologies as they learn and experiment, but in a recent survey of more than 1,200 global enterprise Operations and IT leaders, Celigo found that 97% of respondents already view AI as ‘critical to driving operational improvements in the coming year’. That’s amazing when you consider that less than 10 years ago, there weren’t machines considered reliable enough to provide language or image recognition at a human level.
Of those 97%, the vast majority are already well into the swing of actively investing in AI: over three-quarters of businesses indicate that they have dedicated specific resources and budget to AI, while over four-fifths have a formal strategy or roadmap in place for AI implementation. However, usage does not automatically turn into benefits, and the sheer level of interest and effort in AI adoption only raises the stakes for businesses that need to show real ROI from their exploration of this new technology.
The data, and our experience based on working with IT customers, suggest that there are a few key questions which can point the way towards successful strategies that overcome roadblocks on the path to AI adoption.
Who leads the AI charge?
Whether the technology in question is a tailor-made solution or a plug-and-play tool, the process is usually driven by IT teams. However, there are signs that for AI that isn’t the whole story. Just 26% of businesses, in fact, say that IT is at the forefront of their AI mandate, and over half allow users to implement AI solutions without formal IT oversight.
There are multiple reasons for this. For one, IT teams are often overburdened as it is, leaving them with little breathing room to take charge of something as all-encompassing as AI adoption. But at the same time, part of the promise of AI is the way that it can democratise access to technology, making complex processes more intuitive.
Indeed, 68% of businesses say they approve of a Citizen Developer mindset, in which knowledge workers are empowered to innovate processes in ways that were typically reserved for technology specialists. Such an approach has obvious benefits in terms of sharing the workload, and has the advantage that departments and teams are the experts in what capabilities would best augment their own workflows.
While there are clearly advantages to allowing citizen developers to play a role in implementing AI, it also exacerbates risks, particularly on grounds of security and data governance.To empower Citizen Developers safely, businesses first need a modern approach to integration.
Where does AI happen?
All AI applications start with good data. While any given department will have its key platforms for gathering and managing data – customer relationship management platforms, enterprise resource planning platforms, collaboration and productivity platforms, and so on – the best results will come when those data sources are brought together in a holistic way that can generate deeper insights.
The challenge of integration has been growing for a long time, as businesses lean on ever more cloud services to carry out day-to-day business. Having many specialised tools available can help teams to excel in their work, but it also makes connecting the business’s IT infrastructure together in a unified way exponentially more complex.
The arrival of AI is adding real urgency to this challenge: while employees may be able to find ways of navigating across many data sources, AI needs data to be available in a more frictionless way. Our survey found that businesses are expecting to exploit a huge diversity of data sources and types through their AI adoption, from cloud platforms and APIs to user interaction tracking and user feedback data.
In this context, investing solely in the end-goal of AI implementation risks either outcomes that underperform due to a lack of data or outcomes that create governance issues through inexpert data integrations. Attention should also be paid to technologies like Integration Platforms-as-a-Service (iPaaS), which can significantly simplify and normalise the underlying data integration challenge. Organisations should also place attention on the upskilling of staff through training so as to maximise the benefit of AI to the business.
How are AI benefits shared?
While security was the most common risk identified by respondents to our survey, 46% said that fears around jobs being replaced by AI are a concern in their organisations. As the Citizen Developer mindset suggests, however, AI is no different to any other technology in that it is ultimately by and for people.
Just as the adoption of specialised platforms by different teams can create data silos and integration challenges, permitting unchecked team-level innovation without IT oversight can ironically reinforce the very barriers that data integration aims to dismantle. This paradox highlights the delicate balance between fostering innovation and maintaining a cohesive, interconnected IT ecosystem. While team autonomy can drive rapid advancements and tailored solutions, it may inadvertently perpetuate isolation and fragmentation across the organisation’s data landscape. The challenge lies in cultivating an environment that encourages innovation while simultaneously ensuring new technologies and processes align with broader organisational goals for data accessibility and integration.
In order to maintain security while promoting the freedom to self-implement, it’s imperative that companies have a clear strategy on balancing the two. Establishing a clearly documented AI policy, for instance, can alleviate uncertainty over what is and isn’t allowed as people explore the technology. Creating an open culture of learning and experimentation can be helped with social feedback loops like lunch-and-learns, where non-technical employees share what has worked for them and IT leaders can offer their expert advice.
Over time, almost every business will experience AI as a critical driver of operational improvement. When so many businesses are investing so heavily, though, the real winners will be those who take the smartest path to the destination.
Business
How can the financial sector ensure a safe future with software escrow?
Source: Finance Derivative
Director of Global Strategic Accounts at Escode, Andy Ramsbottom, highlights the importance of software escrow in a volatile financial climate and how venture capitalists and private equity firms can mitigate the risks of investment in tech.
Recent volatility across global markets has underscored the importance of being proactive in protecting capital, particularly when investing in the tech sector. For venture capitalists (VCs) and private equity firms (PEs), protecting investments whilst navigating a turbulent financial climate is paramount.
With the UK’s tech funding showing signs of recovery, now is the time for investors to take decisive steps to make sure their investments are sound. One of the most effective tools at their disposal is software escrow—a crucial mechanism that ensures the security and continuity of their investments.
Preparing for volatility
Financial shocks can happen unexpectedly. So, VCs and PEs must adopt strategies that protect their investments from unforeseen risks. Software escrow provides an invaluable safety net that allows investors to verify the assets they are investing in and ensure that their capital is being used wisely.
By leveraging escrow agreements, investors can mitigate risks associated with the software lifecycle. This includes ensuring that source code and intellectual property (IP) are securely held by an independent third party, ready to be released if certain conditions are met, such as a default by the software developer. This mechanism not only protects the investors’ capital but also gives them greater confidence in their investment’s long-term viability.
When does an investment need software escrow?
- Single lender agreements: In high-risk software investments, a single lender agreement is invaluable. It ensures that a developer’s IP is securely held and can be transferred to the lender in case of a default. This safeguard is particularly critical in scenarios where the success of the investment hinges on the continued operation and development of the software.
- Mergers and Acquisitions (M&A): During M&A transactions, software escrow offers a layer of security by ensuring that the acquired code and platforms have been independently verified. This process not only strengthens the credibility of the vendor but also reduces the risk for the acquiring entity. The escrow agreement also consolidates all necessary documentation, simplifying compliance with legal and regulatory requirements.
- In the due diligence process: During the investment process, an investor and their legal counsel can use Escrow as part of their due diligence. Escrow agreements can include regular verification testing, ensuring that the software being invested in remains functional and compliant with all regulations. For VCs and PEs, software escrow isn’t just about mitigating risks—it’s about ensuring the success and continuity of their investments. By putting these safeguards in place early, investors can protect their capital and ensure that their investments are resilient to any future disruptions.
A proactive approach to risk mitigation
A well-structured software escrow agreement can be the difference between a successful investment and a costly failure. By preparing for potential disruptions early on, investors can safeguard their interests and ensure the long-term success of their investments. Escrow agreements not only protect the current investment but also enhance the prospects of a smooth and profitable exit for investors.
With the assurance of a secure investment, VCs and PE firms can focus on planning their exit strategies. Escrow agreements provide an additional layer of security, making the business more attractive to potential buyers. When selling a software company, having an escrow agreement in place reassures acquirers that, in the event of significant disruptions, the source code and other critical assets will remain accessible. This reduces perceived risks, potentially expediting the sale process and leading to a higher valuation.
A software escrow agreement signals that the company is proactive in mitigating risks, showcasing robust governance and risk management practices. This is particularly appealing to buyers and investors who prioritise stability and continuity in their acquisitions.