Connect with us

Technology

What can we expect from data protection in the year ahead?

Camilla Winlo, Head of Data Privacy at Gemserv

The past year has been a turbulent one for cybersecurity, with a number of high profile breaches hitting the headlines. The pandemic has of course played a central role in conversations around data privacy, while entire industries have been accused of data handling malpractice. So, what are the stories we can expect to see shaping the agenda in 2022?

Here are four developments we expect to see in the year ahead:

  • Polarisation around Covid vaccination data will increase

While there are early indications that the combination of vaccination, immunity from previous infection and the evolution of the virus may cause less significant symptoms in most, it still appears that Covid is capable of making unvaccinated and immunocompromised individuals very ill. In winter, this puts huge pressure on the NHS and the public purse, and we expect this to translate over time into increased pressure to encourage the unvaccinated to get vaccinated, and for society to impose different rules on the unvaccinated. We started to see this in 2021 and expect it to continue into 2022.

With different quarantine rules for vaccinated and unvaccinated employees and the possibility of compulsory vaccination on the horizon, more and more organisations are going to find themselves processing Covid vaccination data. Quarantine measures are set to continue to help stop the spread of the virus, which in turn, will mean that organisations will still need to incorporate a hybrid approach to work. Some employees will test positive for Covid and therefore will not be allowed to leave their homes, but they won’t have symptoms that would otherwise stop them from working. Others may have come into close contact with a positive case and will also need to isolate. All of this will have an impact on employers.

Going into 2022, we expect tensions between pro and anti-vaxxers to rise. This is unlikely to be mitigated much by the amount of real-world vaccine safety data that is available, which is what a lot of vax-hesitant people say they are waiting for, due to the polarisation of information availability and the fact that in some cases, vax hesitancy will be rooted in genuine and founded concerns, for example where individuals have health conditions that make taking the vaccine a more personally risky choice. That makes Covid status an employee safeguarding issue due to the risk of discrimination between employees. There will also be companies that want – or are compelled – to terminate unvaxxed employees, as well as some that will do the reverse.  We can expect to see these decisions appealed as the ‘grey area’ around what counts as a medical exemption is clarified.

  • Tighter regulations around ad tech

The European Data Protection Board (EDPB) published its 2021-2023 strategy in December, and part of that strategy includes more proactive monitoring of ad tech. Ad tech is under huge pressure to tighten up its data protection practices after the Irish Council for Civil Liberties sued a branch of the Interactive Advertising Bureau (IAB) and others over what it described as “the world’s largest data breach” in 2021.

IAB found itself under fire for its role facilitating a process known as real-time bidding, where personal data is passed between hundreds of ad brokers and related firms during an auction process in the moments before a website loads, on behalf of paying brands. During the milliseconds between clicking on a page and it loading, everything from the type of device an individual is using to limited location data and browsing history can be shared with brokers to better target that person.

The breach spurred numerous complaints from the likes of none of your business (noyb), the European centre for digital rights, and various court cases after finding that the ad tech industry is fundamentally unlawful because of the way it is structured. Better regulation around ad tech needs to be put into place not just for the advertisers themselves, but for online retailers, too. It’s going to be incredibly important for the economy as a whole that the ad tech industry gets this right, but there is a lot of work to do to get there.

  • Regulatory action around Artificial Intelligence (AI) will ramp up

While the European Data Protection Board (EDPB) strategy highlights the need for more proactive monitoring of AI use, the UK National Data Strategy focuses on making sure AI works and that the UK is a leader. Data privacy must be a priority or the result will be poor quality solutions that don’t work as intended. AI-specific regulations are set to be enforced and I think we’ll see some interesting actions.

After facial recognition company Clearview AI was issued a Notice of Intent to fine following a number of breaches of national data protection law, conversations around the practices of ethical data collection and analysis have come to the forefront of public attention. It’s essential that organisations that want to harness the possibilities of AI and data-driven innovation in the UK do so in a way that protects individuals.

Organisations should be entitled to trust that providers like Clearview AI are engaging in ethical practices and that their services can be used lawfully. It’s very reassuring to see the regulator taking strong action to make AI innovators trustworthy. Whether it’s fighting crime, preventing fraud or other forms of safeguarding through data, when the public and private sector combine, they must ensure the right processes are put in place in order to comply with data protection regulation.

  • Privacy Shield 2: A new basis for sharing data between the EU and the US

The Privacy Shield framework was the second attempt by the EU and the US to create a secure mechanism for data sharing. It was thrown out in court after judges deemed the framework insufficient to provide adequate safeguards for the transfer of personal data from the EU to the US, and they’ve been working ever since to replace it.

The exchange is a one-way deal – there are cultural differences between the EU and the US that mean that personal data in the EU is protected in different ways to personal data in the US. The purpose of Privacy Shield is to provide a way to allow EU data to be processed by US companies without losing those protections. I expect we will see some major announcements coming next year, which will include technological changes by Big Tech household names, and that in turn will lead to work for UK and EU businesses.

Regulations are indispensable to the proper functioning of economies and societies, and to protect those structures, we need to implement the right data protection measures. Having the right data protection regulations in place is critical to ensuring the proper functioning of organisations, and for ensuring that both customer and employee data is handled correctly. As businesses and governments continue to generate more data than ever, we need to take regulatory action to create secure, ethical data storage and sharing practices.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Resilient technology is the most important factor for successful online banking services

Source: Finance Derivative

By James McCarthy, Director of Solutions Engineering, NS1

More than 90 percent of people in the UK use online banking, according to Statista and of these, over a quarter have opened an account with a digital-only bank. It makes sense. Digital services, along with security, are critical features that consumers now expect from their banks as a way to support their busy on-the-go lifestyles.

The frequency of cash transactions is dropping as contactless and card payments rise and the key to this is convenience. It is faster and easier for customers to use digitally-enabled services than traditional over-the-counter facilities, cheques, and cash. The Covid pandemic, which encouraged people to abandon cash, only accelerated a trend that was already picking up speed in the UK.

But as bank branches close—4865 by April of 2022 and a further 226 scheduled to close by the end of the year, Which research found—banks are under pressure to ensure their online and mobile services are always available. Not only does this keep customers satisfied and loyal, but it is also vital for compliance and regulatory purposes.

Unfortunately, their ability to keep services online is often compromised. In June and July of this year alone, major banks including Barclays, Halifax, Lloyds, TSB, Nationwide, Santander, Nationwide, and Monzo, at various times, locked customers out of their accounts due to outages, leaving them unable to access their mobile banking apps, transfer funds, or view their balances. According to The Mirror, Downdetector,  a website which tracks outages, showed over 1500 service failures were reported in one day as a result of problems at NatWest.

These incidents do not go unnoticed. Customers are quick to amplify their criticism on social media, drawing negative attention for the bank involved, and eroding not just consumer trust, but the trust of other stakeholders in the business. Trading banks leave themselves open to significant losses in transactions if their systems go down due to an outage, even for a few seconds.

There are a multitude of reasons for banking services to fail. The majority of internet-based banking outages occur because the bank’s own internal systems fail. This can be as a result of transferring customer data from legacy platforms which might involve switching off parts of the network. It can also be because they rely on cloud providers to deliver their services and the provider experiences an outage. The Bank of England has said that a quarter of major banks and a third of payment activity is hosted on the public cloud.

There are, however, steps that banks and other financial institutions can take to prevent outages and ensure as close to 100% uptime as possible for banking services.

Building resiliency strategies

If we assume that outages are inevitable, which all banks should, the best solution to managing risk is to embrace infrastructure resiliency strategies. One method is to adopt a multi-cloud and multi-CDN (content delivery platform) approach, which means utilising services from a variety of providers. This will ensure that if one fails, another one can be deployed, eliminating the single point-of-failure that renders systems and services out of action. If the financial institution uses a secondary provider—such as when international banking services are being provided across multiple locations—the agreement must include an assurance that the bank’s applications will operate if the primary provider goes down.

This process of building resiliency in layers, is further strengthened if banks have observability of application delivery performance, and it is beneficial for them to invest in tools that allow them to quickly transfer from one cloud service provider or CDN if it fails to perform against expectations.

Automating against human error

Banks that are further down the digital transformation route should consider the impact of human error on outage incidents and opt for network automation. This will enable systems to communicate seamlessly, giving banks operational agility and stability across the entire IT environment. They can start with a single network source of truth, which allows automation tools to gather all the data they need to optimise resource usage and puts banks in full control of their networks. In addition it will signal to regulators that the bank is taking its provisioning of infrastructure very seriously.

Dynamic steering 

Despite evidence to the contrary, downtime in banking should never be acceptable, and IT teams can make use of specialist tools that allow them to dynamically steer their online traffic more easily. It is not unusual for a DNS failure (domain name system) to be the root cause of an outage, given its importance in the tech stack, so putting in place a secondary DNS network, or multiple DNS systems with separate infrastructures will allow for rerouting of traffic. Teams will then have the power to establish steering policies and change capacity thresholds, so that an influx of activity, or a resource failure, will not affect the smooth-running of their online services. If they utilise monitoring and observability features, they will have the data they need to make decisions based on the real time experiences of end users and identify repeated issues that can be rectified.

Banks are some way into their transformation journeys, and building reputations based on the digital services that they offer. It is essential that they deploy resilient technology that allows them to scale and deliver, regardless of whether the cloud providers they use experience outages, or an internal human error is made, or the online demands of customers suddenly and simultaneously peak. Modern technology will not only speed up the services they provide, but it will also arm them with the resilience they need to compare favourably in the competition stakes.

Continue Reading

Business

Digital Banking – a hedge against uncertainty?

Source: Finance Derivative

Ankit Shah, Head of Digital Banking, Apex Group

The story of the 2020’s thus far is one of crisis. First the world was plunged into a global pandemic which saw the locking down of people and economies across the world. Now we deal with the inevitable economic consequences as currencies devalue and inflation bites. This has been compounded by Russia’s invasion of Ukraine and subsequent energy politics.

And the outlook remains uncertain. Tensions continue to build between China and Taiwan and inflationary conditions are forecast to continue well into 2023. This uncertainty is impacting everyone, and every sector. And finance is no exception with effects being felt everywhere from commodity and FX markets to global supply chains.

But it’s not all doom and gloom. Rollercoaster markets and an ever-evolving geopolitical situation have made 2022 a tricky year far, but, despite the challenges, digital banking has proven resilient. In fact, the adoption of digital banking services has continued to grow over the last few years, and is predicted to continue.

So, what are the forces driving this resilience?

In an increasingly digital world and economy, digital banking comes with some advantages baked in, which have seen the sector continue to succeed despite the tumult in the wider world. In fact, the crises which have shaped the decade so far may even have been to the advantage of digital banking. Just as during the pandemic, technologies which could facilitate remote working saw a huge uptick in users, so to digital banking is well suited to a world where both people, and institutions demand the convenience that online banking services offer.

And while uptake of digital banking services is widespread amongst retail consumers, a trend likely to continue as digital first generations like Gen Z become an ever-greater proportion of the consumer market, uptake amongst corporate and institutional customers has been slower. This is largely down to a lack of fintech businesses serving the more complex needs of the institutional market, but, in a post-Covid world of hybrid working business, corporate clients are looking for the same ease of use and geographic freedom in their banking that is enjoyed by retail consumers.

This is not just a pipe dream – with the recent roll out of Apex Group’s Digital Banking services, institutions can enjoy the kind of multi-currency, cloud-based banking solutions, with 24/7 account access that many of us take for granted when it comes to our personal banking.

Staying compliant

One significant difference between retail and business accounts however, for banking service providers, is the relative levels of compliance which are needed. While compliance is crucial in the delivery of all financial services, running compliance on multi-million pound transactions between international businesses brings with it a level of complexity that an individual buying goods and services online doesn’t.

For digital banking services providers, this situation is further compounded by guidance earlier this year from HM Treasury – against the backdrop of the Russia-Ukraine conflict- requiring enhanced levels of compliance and due diligence when it comes to doing business with “a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country or with a sanctioned individual.”

So, can digital banks meet these standards while also providing institutions with the kind of easily accessible, mobile service which retail customers enjoy?

The answer is yes and again, once initial hurdles are overcome, digital banking brings with it features which give it the edge over traditional banking services. Paperless processes, for example, mean greater transparency and allow for better and more efficient use of data. This means AI can be employed to search documents, as well as provide verification. It also means compliance processes, often notoriously complicated, become easier to track. Indeed, digitising time intensive manual process means the risk of human error in the compliance process is reduced.

Digital banking can also better integrate transaction monitoring tools, helping businesses identify fraud and irregularity more quickly. This can be hugely important, especially in the times of heightened risk we find ourselves in, where falling foul of a sanctions regime could have significant legal, financial and reputational consequences.

Cross-border business

Our world is increasingly globalised, and so is business. For corporate and institutional banking customers, being able to operate seamlessly across borders is key to the operation of their business.

This brings with it challenges, which are again compounded by difficult geopolitical and economic circumstances. In recent weeks for example, we’ve seen significant flux on FX markets which can have real consequences for businesses or institutional investors who are buying and selling assets in multiple currencies and jurisdictions. The ability to move quickly then, and transact in a currency of choice, is vital. Advanced digital banking platforms can help – offering automated money market fund sweeps in multiple core currencies to help their clients optimise their investment returns and effectively manage liquidity.

Control admin uncertainty

In times of uncertainty, digital banking can provide additional comfort via customisable multi-level payment approvals to enhance control of what is being paid out of business accounts, with custom limits available for different users or members of a team. Transparency and accountability are also essential, with corporate clients requiring fully integrated digital reporting and statements and instant visibility with transaction cost and  balances updated in real-time.

Outlook

For some, the perception remains that digital banking is the upstart industry trying to offer the services that the traditional banking industry has built itself upon. Increasingly however, the reality is that the pressure is on traditional banks to try and stake a claim to some of the territory being taken by digital first financial services.

With a whole range of features built in which make them well suited to business in a digital world, digital banking is on a growth trajectory. Until now, much of the focus has been upon the roll-out of services to retail consumers, but with features such as automated compliance, effortless international transactions and powerful AI coming as standard for many digital banks, the digital offering to the corporate world looks increasingly attractive.

Continue Reading

Business

Anyone Can Become an R&D Tax Expert with the Right Foundations

Source: Finance Derivative

Ian Cashin is a Customer Success Manager at Fintech company and R&D tax software provider WhisperClaims

For accounting firms, R&D tax credits offer a substantial opportunity to boost revenue and strengthen client relationships. According to Ian Cashin, Customer Success Manager at WhisperClaims, perceived complexities can be overcome with the right approach and support. Indeed, by embracing a few simple practices, any company can become an expert in R&D tax.

Building Confidence

Growing revenue through new business is far more challenging than unlocking revenue from an existing client base. However, a significant number of accounting firms are losing out on value-added opportunities as a result of their lack of confidence or knowledge in R&D tax relief.

Yet, advisors who follow best practice are now in an ideal position to use their extensive client knowledge to mitigate their clients’ risk of and potential exposure to interrogation over fraudulent claims, ahead of HMRC’s introduction of more stringent R&D tax processes in April 2023.

So why are firms reluctant? There is no doubt that the R&D tax credit procedure is different. Compared to other areas of tax regulation, it leaves greater room for interpretation. But it is readily understandable by a qualified accountant – even an unqualified trainee. Understanding what HMRC considers to fall under the scope of research and development is key. Astrophysicists and Formula 1 manufacturers are not the only people who employ science and technology to overcome business challenges. Every day, UK firms of all sizes engage in R&D activities, from civil engineers to food manufacturers, yet far too many have not yet filed claims, losing out on critical cash.

The most important thing to keep in mind is that, as an accountant, you already have a far deeper relationship with your client compared to any other service provider. Once you have raised your level of understanding, you are in the perfect position to optimise this.

Leveraging  Insight

Accountants already have a unique understanding of their clients’ operations –  insight which,  as professional advisors, will help to highlight companies most likely to qualify for an R&D tax rebate. Furthermore, with access to tools like R&D tax claim preparation technology, developed by R&D tax professionals, they are able to significantly speed up the process. This technology enables accountants to easily determine the top targets within their client base, indicating where to focus the efforts of their emerging R&D tax service.

Using this priority list in conjunction with their understanding of the criteria HMRC stipulates, an accountant can leverage their client knowledge and relationship to engage in a conversation regarding daily R&D activities and unlock potential tax relief opportunities.

Moreover, facilitated by a specialist R&D tax claims preparation platform, accountants can be assured of a structured process that prompts the right questions to ask clients during these conversations, and highlights answers that are either in sync with, or fall outside of, the HMRC parameters. For instance, ca restaurant owner adding vegan alternatives to the menu is not on the same level as a food producer starting the development and manufacturing of a fully plant-based product line. The latter will undoubtedly be eligible for R&D tax assistance, but not the former. Accountants should use their position as “professional advisors” in this situation to push back against clients, especially those who may have previously been unwittingly misled.

Best Practices

For the last twenty years, since the introduction of R&D tax rebates in 2001, best practice has been the provision of a detailed report, complementary to the CT600 form, to mitigate the chance of HMRC asking supplementary questions. The technical purpose of the claim as well as the business context must be covered in this report, e.g. the challenges faced; how science and technology were used to overcome these; and the professionals employed who overcame them. Simply put, if the challenges weren’t difficult to solve, it wasn’t R&D.

It’s also critical to keep in mind that R&D claims cannot simply be copied and pasted from year to year. R&D is not necessarily a constant; demand for it changes in line with the evolution of the business’ activity or stage of development. as businesses change and go to the next stage of development.

The accountant’s already solid client relationship and interpersonal abilities come into their own in such situations. Particularly if the appropriate course of action is to suggest that the client should not submit an R&D claim, an accountant must feel comfortable advising the client accordingly. The claim belongs to the client; if it is contested, the client will be the one facing an HMRC investigation. An advisor must be self-assured enough to refuse to input erroneous claims without endangering the client relationship.

Conclusion

Recent years have seen accountancy firms strengthen their position as dependable, trusted business advisors. Discussions regarding a business owner’s long-term objectives, succession and exit plans, as well as pensions and investments, have become commonplace. It should be natural to include R&D tax into these conversations . Asking a customer about their investment in R&D should be a common practice – business as usual –  just as it is to inquire about investment in infrastructure or buildings.

The only thing preventing accountants from successfully adding R&D tax to their suite of services  is a lack of confidence. Yet, any reservations can be addressed with a straightforward ‘back to basics’ R&D training course, as well as using technology to gain access to a completely new revenue stream with their current clientele. Now that HMRC is openly calling for a much more rigorous, trusted, and evidence-based approach to R&D tax from 2023, accountants hold all the cards they need to gain confidence and give clients the trusted service they desire.

Continue Reading

Copyright © 2021 Futures Parity.