Technology
THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Source: Finance Derivative
Jennifer Sims, Senior Consultant at Xledger
The world of finance software is evolving quickly, but with many new software contenders entering the market it can be a mindfield for organisations. Many finance teams are already using multiple accounting apps and software packages for bookkeeping, payroll and invoicing to service individual needs. Whilst it may work fine for now, this segregated approach isn’t sustainable for long-term growth. The world is swiftly moving to agile, automated ways of working. As a result, there is a growing need to choose suppliers that can fulfil multiple functionalities within the one platform.
Financial software is evolving at such a pace that it can be difficult to keep up. Changing up a finance solution is a big step and ease of migration can be a substantial factor in determining which solution provider to go with. But how do you choose a solution that will grow with your business and still offer something innovative in five or ten years down the line? The fear is always that non-techie organisations will end up falling behind, but in such a highly concentrated industry, how do you decide which solution would work best for you?
Cloud-first: the term that makes all the difference
You could find a ‘cloud-based’ service with an application that comes with automated audit trails to make it easier to meet compliance and record-keeping obligations, for example. But for a solution to offer all of the many future benefits promised by the cloud, it needs to have been built specifically for a cloud environemt from the outset – ie. not an on-premise built system that has been later adapted. Cloud-first services (true cloud) were always intended to leverage economies of scale, cope with live updates, be accessible from anywhere with an internet connection, and to scale rapidly, to name just a few of the many benefits.
When we talk about innovation in financial technology, we’re not just talking about software that makes it easier for the financial controller to create reports. If eliminating reliance on Excel spreadsheets is the only tangible benefit you have to really shout about, you are missing out on the real deal. With ‘true’ cloud finance software the sky is the limit.
Finance and accounting technology needs to directly meet the needs of the finance function and support the wider business needs. When looking at accounting software platforms you’d be hard pressed to find one that doesn’t now promise ‘cloud-based’ enterprise resource planning (ERP) capabilities. The cloud is nothing new, but it’s the way that a solution harnesses this environment that makes a real difference. And here is where there is a need to read between the lines.
Automate more with true cloud
Historically, repetitive and manual tasks are typical of the finance role – from invoice postings to expense claims handling – these can overwhelm the finance team. Research by Xledger[1] has found that an enormous 91% of CFOs and finance decision makers are carrying out at least one of these repetitive tasks as part of their job. What’s more, senior finance leads are averaging a whopping 25 hours per week carrying out repetitive and manual tasks, compared with 15 hours for other finance decision makers.
A modern, true cloud finance system can enable your business to automate repetitive tasks and provide one source of truth so that teams can make informed business decisions that will help to scale a business. Bank reconciliation, dashboard creation and reporting are just some of the tasks that can be handled automatically.These capabilities are aiding overtasked finance teams and saving hundreds or thousands of hours a year.
Whilst different companies are at different stages in their digital transformation what is clear is keeping up with the latest technology is fundamental to the future success of an organisation.
Xledger is a true cloud finance solution. The basics include invoicing, robust general ledger accounting, detailed slice and dice reporting, purchase orders, billing, VAT reporting, and cash and bank payments. It also adds process and structure to the enterprise with procurement and inventory, budgeting and forecasting, and project accounting. Users are always on the latest version of the software and with regulation more stringent than ever today, Xledger is ISO 27001 accredited.
Choosing the right provider for your financial ERP solution comes down to whether it has the fundamentals right. When hosting all of your vital data in the providers’ own servers, it should evidence a highly tested security process that comes with backup services as standard.
As our demand for technology capabilities grows and as ERP models progress, innovation will become the structure for growth – and there is no end to the possibilities.
You may like
Business
Cultivating an Intuitive and Effective Security Culture

John Trest, Chief Learning Officer, VIPRE Security Group, explains how businesses can cultivate a security culture by overcoming security training barriers.
Research shows that human behavior remains the leading driver of data breaches — whether through stolen credentials, phishing attacks, misuse, or simple, inadvertent mistakes by well-meaning individuals. Under pressure, employees become susceptible to manipulation, and when confronted with the complexity of day-to-day work, human vulnerability becomes evident, which the bad actors actively look out for and take advantage of.
Cybersecurity culture
According to behavioural science, employees’ behaviour in the workplace is greatly influenced by the organisation’s existing culture. Whether it’s the successful implementation of technical controls, the likelihood of individuals reporting security incidents, or instances of accidental or malicious insider activity – they are all intricately linked to the cybersecurity culture.
Cybersecurity awareness is the first step to strengthening the human firewall
Good cybersecurity awareness training helps to embed a cybersecurity-conscious culture and security-first attitude in the workplace. Employees and organisations can establish stronger protective measures by enhancing cybersecurity consciousness. Rather than being seen as the “weakest link”, the human should be regarded as the critical defensive barrier for organisations.
With organisations facing increasing risks from social engineering attacks that manipulate behaviour and exploit human error, cybersecurity awareness and training equip employees with the ability to protect digital data from unauthorised access, and respond effectively to threats, countering intentional and unintentional security compromises.
Barriers to effective cybersecurity awareness training
Some key barriers typically impede the successful delivery of cybersecurity awareness training programs, jeopardising organisations’ security posture.
Poor employee engagement –When employees see training as boring or disconnected from their work, engagement suffers. Many security awareness programs compound this issue through complexity, excessive length, lack of relevant scenarios and imagery, and poor accessibility, creating barriers to participation and knowledge retention.
Lack of knowledge retention –Studies demonstrate that significant portions of newly learned information fade from memory rapidly, particularly when cybersecurity training occurs only annually. Such large breaks in training frequency create dangerous knowledge gaps that expose organisations to various security vulnerabilities.
Poor motivation –Cybersecurity training must inform and inspire employees to become active security defenders. Explaining the “why” effectively helps drive behavioural change through extrinsic motivation. However, addressing the “why me” question is crucial for developing more compelling intrinsic motivation. This personal context helps employees understand not just cybersecurity’s general importance, but its specific relevance to their workplace roles, themselves, and their loved ones. Intrinsic motivation is essential for lasting behavioural change and cultivating a truly security-conscious organisational culture. When employees personally connect with security practices, they transform from passive rule-followers to engaged protectors of company assets.
Content obsolescence –The dynamic evolution of security threats challenges cybersecurity awareness efforts, as today’s effective training may prove inadequate against tomorrow’s threats. When content becomes outdated, employees remain vulnerable to new attack techniques. Organisations must embrace continuous learning by implementing dynamic training programs that integrate seamlessly into employee workflows, incorporating emerging threats. By maintaining current, relevant training materials, organisations can ensure employees remain prepared to recognise and respond to evolving cybersecurity threats, ultimately preserving a robust security posture.
Undue focus on regulatory compliance –While regulatory compliance matters, it shouldn’t be the primary metric for cybersecurity awareness and training. Instead, programs should be evaluated by quantifiable improvements: reduced phishing clicks, increased reporting rates, fewer intrusions and breaches, decreased damage, and lower overall cyber risk.
Overcoming security awareness and training barriers
Adopting a more positive approach to security awareness, and viewing employees as positive assets that contribute to a cybersafe workplace, must be the goal. It helps to foster a positive culture in which employees feel more confident about their own actions when handling potential threats.
The cornerstone of engaging security training is twofold: convenience and relevance. When employees can easily access content that directly applies to their roles, they’re naturally more inclined to participate fully and retain critical information. This approach transforms security awareness from an obligatory task into a valuable, integrated part of the workday.
Some thoughts to help overcome the security awareness and training barriers:
Regular reinforcement and knowledge retention focus –To address retention challenges, implement training solutions featuring current, applicable, and engaging content. Incorporate evidence-based learning techniques including interactive elements, straightforward messaging, and real-life scenarios, to enhance retention of information and best practices.
Critical to long-term knowledge retention is the adoption of microlearning approaches. These methodologies divide security education into brief, compelling modules delivered frequently throughout the year. This short-form content helps keep the focus and maintains the attention of employees. By reinforcing key concepts shortly after initial exposure, microlearning creates multiple touchpoints that combat natural memory decay. In doing so, organisations transform cybersecurity awareness from an annual chore into an ongoing, sustainable practice that strengthens organisational security posture.
Gamification –Gamification can be a very useful tool in motivating learners to pay attention to and engage with a learning experience. Given the nature of how the human brain is stimulated by rewards in games, the knowledge obtained from this type of learning experience is retained for longer periods of time.
Though even simple gamification, such as points or leaderboards can have a positive impact on learners, the best way to leverage gamification elements into a learning experience is for them to be interwoven and inherent to the content. For instance, in a gamified cybersecurity scenario, players could assume the role of a White Hat hacker tasked with crafting convincing scam emails to fool unsuspecting staff. Players learn how cybercriminals operate and how to protect themselves by spending time in a hacker’s shoes. And the narrative built around the mechanics of the game makes the interactivities more relevant and compelling.
Role-specific training –Far too often, a broad-brush approach to cybersecurity training is used, making it less relevant for some staff. Targeted training designed for different workplace roles is more effective. For example, a company’s risk and compliance team needs cyber training that takes into account the demands of regulatory bodies, finance teams need to know about business email compromise, security teams must be trained on advances in threat detection, end users must understand how to spot a phishing email or deepfake, and so forth. Training that is tailored specially for business leaders is equally important.
Quality training –The quality of the training experience can make all the difference. Security awareness training is an expertise and a skill with adult learning trends, technology, and best practices. Specialist security trainers and instructional designers know how to get employees to engage with the program, based on an appreciation of employees’ intrinsic and extrinsic motivations, alongside their role-specific requirements.
Cybersecurity culture refers to the collective mindset and behaviours of an organisation’s employees toward protecting information assets. It involves integrating security practices into daily activities, fostering awareness and vigilance, and encouraging proactive reporting of incidents. It also reflects the unspoken beliefs towards security in the organisation. A strong cybersecurity culture is important to help reduce risks by making security a shared responsibility.
Business
Empowering banks to protect consumers: The impact of the APP Fraud mandate

Source: Finance Derivative
Thara Brooks, Market Specialist, Fraud, Financial Crime & Compliance at FIS
On the 7th October last year, the APP (Authorised Push Payment) fraud reimbursement mandate came into effect in the UK. The mandate aims to protect consumers, but it has already come under immense scrutiny, receiving both support and criticism from all market sectors. But what does it mean for banks and their customers?
Fraud has become a growing concern for the UK banking system and its consumers. According to the ICAEW, the total value of UK fraud stood at £2.3bn in 2023, a 104% increase since 2022, with estimates that the evolution of AI will lead to even bigger challenges. As the IMF points out, greater digitalisation brings greater vulnerabilities, at a time when half of UK consumers are already “obsessed” with checking their banking apps and balances.
These concerns have contributed to the implementation of the PSR’s (Payment Systems Regulator) APP fraud mandate, which was implemented to reimburse the victims of APP fraud. APP fraud occurs when somebody is tricked into authorising a payment from their own bank account. Unlike more traditional fraud, such as payments made from a stolen bank card, APP fraud previously fell outside the scope of conventional fraud protection, as the transaction is technically “authorised” by the victim.
The £85,000 Debate: A controversial adjustment
The regulatory framework for the APP fraud mandate was initially introduced in May 2022. The maximum level of mandatory reimbursement was originally set at £415,000 per claim. The PSR significantly reduced the maximum reimbursement value to £85,000 when the mandate came into effect, however, causing widespread controversy.
According to the PSR, the updated cap will see over 99% of claims (by volume) being covered, with an October review highlighting just 18 instances of people being scammed for more than £415,000, and 411 instances of more than £85,000, from a total of over 250,000 cases throughout 2023. “Almost all high value scams are made up of multiple smaller transactions,” the PSR explains, “reducing the effectiveness of transaction limits as a tool to manage exposure.”
The reduced cap makes a big difference on multiple levels. For financial institutions and payment service providers (PSPs), the lower limit means they’re less exposed to high-value claims. The reduced exposure to unlimited high-value claims has the potential to lower compliance and operational costs, while the £85,000 cap aligns with the Financial Services Compensation Scheme (FSCS) threshold, creating broader consistency across financial redress schemes.
There are naturally downsides to the lower limit, with critics highlighting significant financial shortfalls for victims of high-value fraud. The lower cap may reduce public confidence in the financial system’s ability to protect against fraud, particularly for those handling large sums of money, while small businesses, many of which often deal with large transaction amounts, may find the cap insufficient to cover losses.
The impact on PSPs and their customers
With PSPs responsible for APP fraud reimbursement, institutions need to take the next step when it comes to fraud detection and prevention to minimise exposure to claims within the £85,000 cap. Customers of all types are likely to benefit from more robust security as a result.
The Financial Conduct Authority’s (FCA’s) recommendations include strengthening controls during onboarding, improving transaction monitoring to detect suspicious activity, and optimising reporting mechanisms to enable swift action. Such controls are largely in line with the PSR’s own recommendations, with the institution setting out a number of steps in its final policy statement in December 2023 to mitigate APP scam risks.
These include setting appropriate transaction limits, improving ‘know your customer’ controls, strengthening transaction-monitoring systems and stopping or freezing payments that PSPs consider to be suspicious for further investigation.
All these measures will invariably improve consumer experience, increasing customers’ confidence to transact online safely, as well as giving them peace of mind with quicker reimbursement in case things go awry.
Going beyond the APP fraud mandate
If the PSR’s mandate can steer financial institutions towards implementing more robust security practices, it can only be a good thing. It’s not the only tool that’s shaping the financial security landscape, however.
In October 2024, the UK government introduced new legislation granting banks enhanced powers to combat fraud. An optional £100 excess on fraud claims has been introduced to encourage customer caution and combat moral hazards, while the Treasury has strengthened prevention measures by handing out new powers to high street banks to delay and investigate payments suspected of being fraudulent by 3 days. The extended processing time for suspicious payments may lead to delays in legitimate transactions, making transparent communication and robust safeguards essential to maintain consumer trust.
Further collaborative efforts, such as Meta’s partnership with UK banks through the Fraud Intelligence Reciprocal Exchange (FIRE) program, can also aid the fight against fraud. Thanks to direct intelligence sharing between financial institutions and the world’s biggest social media platform, FIRE enhances the detection and removal of fraudulent accounts across platforms such as Facebook and Instagram, not only disrupting scam operations, but also fostering a safer digital environment for users. The early stages of the pilot have led to action against thousands of scammer-operated accounts, with approximately 20,000 accounts removed based on shared data.
Additionally, education and awareness are crucial measures to protect consumers against APP fraud. Several high street banks have upgraded their banking channels to share timely content about the signs of potential scams, with increased public awareness helping consumers identify and avoid fraudulent schemes.
Improvements in policing strategies are also significantly contributing to the mitigation of APP fraud. Specialized fraud units within police forces have enhanced the precision and efficiency of investigations. The City of London Police and the National Fraud Intelligence Bureau are upgrading the technology for Action Fraud, providing victims with a more accessible and customer-friendly service. Collaborative efforts among police, banks, and telecommunications firms, exemplified by the work of the Dedicated Card and Payment Crime Unit (DCPCU), have enabled the swift exchange of information, facilitating the prompt apprehension of scammers.
How AI is expected to change the landscape
The coming months will be critical in assessing these changes, as institutions, businesses and the UK government work together to shape security against fraud in the ever-changing world of finance.
While fraud is a terrifyingly big business, it’s only likely to increase with the evolution of AI, making it even more critical that such changes are effective. According to PwC, “There is a real risk that hard-fought improvements in fraud defences could be undone if the right measures are not put in place to defend against fraud in an AI-enabled world.”
Chatbots can be used as part of phishing scams, for example, and AI systems can already read text and reproduce sampled voices, making it possible to send messages from “relatives” whose voices have been spoofed in a similar manner to deepfakes.
Along with other innovations, tools and collaborations, however, the APP fraud mandate, UK legislation and FIRE can all contribute towards redressing such technological advances. Together, this can give financial institutions a much-needed boost in the fight against fraud, providing a more secure future for customers.
Business
AI and Data Interoperability are Crucial for Success in the Financial Industry

Source: Finance Derivative
Written by Yohan Lobo, Senior Industry Solutions Manager, Financial Services at M-Files.
Businesses within the financial services sector are among the industries leading the way in delivering AI initiatives to enhance services and improve decision-making however, rich data and strong infrastructure is the essential foundation for successful implementation.
Still plagued by inefficient manual processes and lack sufficient data resources, only 31% of organisations are on track with AI integration. Models that operate with AI are only as good as the data we feed into them so firms need an optimised system that can handle the high volumes of client and business data.
Financial institutions should address these gaps by investing in a robust data infrastructure that connects these siloed sources, creating a firm foundation on which they can build new AI initiatives.
The Pitfalls of Unorganised Data
Financial information can often be scattered across various locations in a range of formats, such as market insight presentations analysis, underwriting documents, or client emails. Without a predefined format, this disconnected data makes it challenging for AI systems to interpret information effectively and delivers inaccurate analytics that could take the business in the wrong direction.
Many institutions need help organising documents generated across disconnected systems and stored in duplicate data stacks which may produce conflicting versions of the truth. In a sector where client relationships are built on trust, responding to these data issues using obsolete tools, disrupted workflows, and any misstep in data consistency could lead to reputational damage, financial loss, or regulatory fines.
Organizing financial data like transaction records, customer data, and financial reports under centralised and labelled repositories, will make data collection and analysis for projects more accessible.
With these data management tools, firms can automate the process of organizing unstructured data that is easy to find, store and use. This can liberate their teams from the drudgery of manual processes while eliminating the potential for human error, resulting in richer data sources that is ready to fuel AI powered productivity.
Demystifying AI into a Workforce Ally
Workforce preparation and readiness may be an underestimated aspect of AI business readiness employees might be sceptical of AI accuracy and capability based on anecdotal stories following the failed usage of this new technology.
In 2023, a US attorney found himself embroiled in an AI disaster after using an AI chatbot to research precedents in a lawsuit against Colombian airline Avianca. In this case false names, numbers and internal citations were provided based on unverified online sources. The financial services sector is not immune from these types of incidents if generative AI tools are not used appropriately with a clear understanding of the source data. AI tools built on poorly managed inaccurate or incomplete company data can also provide outputs that suffer from similar “hallucinations”.
The rapidly evolving nature of AI tools means that means that both the value and risks are unclear to many users. Firms that do not properly articulate the value and limitations of AI may face inertia amongst workers. It is important to demystify the technology and show how it can improve work experience whilst setting out a framework for appropriate usage that aligns to client and regulatory expectations.
Training and upskilling workers can help explain the fundamentals of AI and teach hands-on skills in using these tools within their job functions, bridging any existing skills and knowledge gaps. This contextual understanding can showcase operational use of AI to assist with dull, repetitive tasks, thus opening up time for teams to focus on growth work that they enjoy and also adds value to firms’ progression.
Managing High Traffic and Data with Cloud
A recent report by Microsoft identified significant bottlenecks that can disrupt AI momentum; a key factor being low levels of compute capacity and adoption of background technologies such as cloud. Despite all its benefits, AI within data infrastructure does require substantial computing power and storage, making on-premise solutions cost-prohibitive. 31% of business have yet to adopt cloud and with the UK lagging other countries in digital technology infrastructure, businesses will need to become more familiar with this technology. Here, cloud computing emerges as a game-changer to grant businesses the flexibility needed to keep sensitive data secure while providing the computational power needed.
Leveraging cloud-based data management tools allows firms to store, process, and scale to accommodate increased traffic, which is particularly beneficial for handling data loads during high transaction periods. This ensures smooth user experiences and utilises decentralised networks for distributed low costs.
The successful deployment of such cloud-based services can help financial companies process enormous amounts of customer data and connect them with AI-processing capabilities without investing in expensive servers. With its ability to accommodate various infrastructure and AI capabilities, cloud solutions can easily handle changes in data to deliver unparalleled employee and customer experiences.
Future Success with Strong AI Foundations
A well-structured and forward-thinking approach to AI is essential, but the quality of AI outputs will only be as good as the data infrastructure that supports them. With the right foundation, even the most advanced AI systems will be able to deliver actionable insights. While it is a complex undertaking, a supported data infrastructure can yield significant rewards for improved decision-making and enhanced customer experiences.
A holistic approach encompassing AI technology, processes, and people can build an AI-ready data infrastructure, allowing financial institutes to remain competitive and adapt to evolving demand. This will secure their position in an increasingly competitive market and ensure sustained success as the financial industry continues its digital transformation.

Navigating the risks of return-to-office mandates

Cultivating an Intuitive and Effective Security Culture

Empowering banks to protect consumers: The impact of the APP Fraud mandate

Stealthy Malware: How Does it Work and How Should Enterprises Mitigate It?

Future-proofing the workforce for AI innovations with continuous learning
