Connect with us


Modern payments and charities: a changing world

Source: Finance Derivative

By Shaf Mansour, senior product manager at the Access Group’s Not For Profit division.

The world around us is changing, with technology evolving the way people spend their money. As a sector that has been characterised as slow to change, charities are now having to adapt and offer new ways for people to donate. Whether it is through contactless card payments, Direct Debits, or online payments on a fundraising website, there is more to consider when it comes to payments than ever before.

The adoption of digital payments, such as online card donations and mobile payments, is growing within charities. In part this has been driven by the adoption of digital wallets. The most recent report from UK Finance highlights the continuing drop in popularity for paying with cash which now makes up only 15% of payments, a figure which has dropped 15% a year since 2017.

The rise of online and contactless payments, as well as digital wallets, has led to the change. While retail and ecommerce businesses have spearheaded this shift, consumers increasingly expect flexibility and choice when they make any payment so charities need to take note.

Squeezed household budgets mean that the finances of many donors are tight but, at the same time, charities have never needed their donations more to cover rising costs and increased demand for their services. Therefore, it is important for charities to offer their supporters flexibility in all aspects of contributing, including the method and frequency. Doing so will help to maximise income when people feel able to contribute.

Digital payments are no longer a ‘nice to have’ but an increasingly essential part of operations.

Why charities need to adapt

As the number of people carrying cash dwindles, fewer people are dropping coins and notes into fundraising buckets as they wander through town and city centres – which was previously a cornerstone of collecting donations. This isn’t to say that traditional methods of fundraising no longer hold any merit, but if charities want to make the most of their efforts, they should consider updating and modernising their tactics.

In-person fundraising efforts all have to be adapted. Instead of sending volunteers or paid fundraisers out into communities with collection tins, charities can now use portable card machines to collect contactless payments from anywhere, opening the door to a whole new group of one-off supporters – or even starting someone on their long-term donor journey.

Charities can even go one step further away from the physical buckets. By using a QR code that links through to a donation page, charities that don’t have the infrastructure to use a card machine can still benefit from convenient, fast digital payments. Printed QR codes can even be displayed in shop windows and easily shared by members of the public who can take a picture while walking by.

While some charities may have had reservations about moving their payments online, modern charity management and payment systems have security and compliance built in at every stage as standard.

What can charities do?

Digital payments offer your supporters a more convenient and secure way to pay than donating by cash or a cheque in the post, and importantly they can be automated through Direct Debits to guarantee a regular donation coming in.

Every supporter will have their own financial rhythm, which they will have to work their donations around. The ability to set up a bespoke and flexible Direct Debit means donors can do exactly that. Similarly, if supporters need to cut back on their expenses at any point, a modern payment system means they are able to pause recurring payments for a certain period of time. Doing so gives them some time to improve their own financial situations before picking the contributions back up again, if they are able to, without having to refill signup forms.

Compared to cancelling their contributions entirely and never returning, or going through the signup process again later, pausing donations helps to retain customers in the long-term and saves invaluable time for charity supporters and staff.

It can take a long time and a significant investment to establish an engaged, frequent donor – but for those who are forced to make the hard decision to put a hold on their contributions, donation pausing will help reduce churn. In turn, flexible functionality gives donors more control over their own finances, as well as a peace of mind that comes with that.

Updating fundraising

Fundraising possibilities online are almost endless, due to this digital payments become even more important. Online, website embedded payments make the journey from seeing an advert, article, or social media post to completing a donation seamless.

Customers reaching their chosen charity’s website hoping to donate won’t have to be redirected elsewhere to enter payment details – which can be concerning for those worried about their online security, and more time consuming than it needs to be. Instead, they can simply enter their details on one page and feel confident that their payment and data is secure.

Using the information from integrated online payments feeding into the customer relationship management system (CRM), automatic personalised communications can be sent out to give thanks for donations of certain amounts, share good news and impact, or pick the relationship back up if it has been some time since a donation. These automations take some of the strain off donor management teams, so they can work on improving existing relationships or completing new outreach to potential donors instead.

With modern payment solutions charities gain complete oversight of their income, and integration to their finance department makes keeping an eye on finances simple – reducing the risk of human error in translating information between departments. More accurate insight into the charity will lead to better, more accurate decision making – and armed with better information, staff have more time to focus on improving campaigns.

While digital upgrades may make sense to more tech-savvy supporters, a large proportion of donors may not have the skills or equipment to use them. It’s vital for charities to consider all of their supporters and choose a system that will support and improve both new and traditional methods of donating.

Those without a laptop or mobile phone who still want the convenience of not filling out lots of paperwork may prefer to set up or manage their donations over the phone. A charity CRM with the ability to accept donations over the phone will allow fundraisers to reach out to donors, and take one off payments or manually set up recurring direct debits.

As all updates or new donations are easily entered into the database, where they remain safely stored, contact centre staff have more time to spend helping more digitally-excluded supporters, instead of updating records. One centralised and secure database for donor information ensures that GDPR requirements are adhered to – as sensitive data is not moved around or accessed unless absolutely necessary.

The landscape of payments may be rapidly changing for the charity sector, but in turn it’s bringing a whole new world of possibilities in fundraising. Donations both big and small are at the fingertips of potential and existing donors, and it has never been easier to fit them around a donor’s personal financial circumstances.

There are many who argue that a truly cashless society may be a long way away, but it is undeniable that the preference of online and digital payments will open the door to a new wave of convenient, secure, and reliable donations for charities.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Harnessing AI to Navigate Regulatory Complexity in Banking and Finance

Source: Finance Derivative

By Harry Borovick, General Counsel, Luminance

The global banking and finance sector is navigating an increasingly complex regulatory landscape, compounded by uncertain macroeconomic conditions, marketplace competition, and heightened customer expectations. These pressures have increased the volume and difficulty[RW1]  of compliance requirements and raised the risk of substantial fines for businesses operating in this sector. Amidst these challenges, AI can offer practical solutions to ensure compliance and mitigate risks.

The Challenge

Whether it’s successfully navigating the London Interbank Offered Rate (LIBOR) or remaining compliant with newly implemented regulation like Digital Operational Resilience Act (DORA), financial institutions are no stranger to new regulations. From antitrust and competition laws to sustainability-focused regulations like the Financial Disclosures Regulation 2019/2088, growing regulatory complexity presents significant hurdles for legal departments within financial institutions. Additionally, the sheer volume and fragmented nature of the data at hand adds significant friction to legal workflows.[RW2] 

Legal teams in financial institutions are mandated to stay aware of incoming changes and must be equipped to handle them. After all, non-compliance carries severe economic, operational, and reputational consequences. In 2021, the UK’s Financial Conduct Authority (FCA) issued over £500 million in fines for non-compliance. The stakes are higher than ever, and the repercussions of failing to meet regulatory standards can be catastrophic. For instance, a prominent financial institution faced massive fines for failing to comply with anti-money laundering regulations, even being subjected to the first ever criminal charge issued by the FCA. This event highlights the significant financial and reputational risks involved when institutions fail to adhere to regulatory measures.

However, the issue extends beyond fines and potential financial loss. The stress exerted on industry professionals tasked with ensuring compliance is leading to increased mental health issues and high turnover rates. Reportedly, 60% of compliance staff feel burned out by the responsibilities they face. The pressure to maintain compliance amidst an ever-evolving regulatory environment should not be overlooked, as it may lead to a talent drain within the sector.

The Solution

AI provides a tangible solution to the compliance challenges faced by financial institutions. But what does that look like in practice?

  1. Effective Third-Party Risk Management: Financial institutions must maintain effective third-party risk management to identify and reduce risk across their service providers. This is often a manual, labour intensive task, but remains deeply important to compliance. Financial institutions can conduct thorough due diligence by centralising service provider contracts to ensure comprehensive oversight and risk management. AI provides a far more comprehensive ability to search through these documents, automatically surfacing key figures and grouping documents which are conceptually similar.
  • Accelerated Compliance Process: AI can automate documents routing across the team, ensuring an effective review process. AI automtically flag renewal dates in contracts, reducing time spent searcging for these vital data points.
  • Empowering Non-Legal Teams: Non-legal departments can use AI to generate standard agreements based on compliant, gold-standard language through self-service contract generation tools, streamlining approvals and reducing delays.
  • Navigating Global Complexity:  Global companies are often juggling multiple regulatory regimes, making compliance an even more complex, labour-intensive task. AI tools [AM3] can quickly and comprehensively analyse data sets [RW4] in multiple languages, removing barriers in global operations and expediting the document review process.

But what does this look like in practice? A leading US-headquartered private equity firm used Luminance to review nearly 1,000 documents, including NDAs, credit agreements, and fund documents. A project estimated to take two weeks manually was completed significantly faster, with over 350 LIBOR definition clauses identified upon upload. This kind of saving is instrumental to company success, particularly in such a competitive environment.

In an era where regulatory requirements are becoming more stringent and the consequences of non-compliance are more severe, financial institutions must leverage AI to navigate the evolving compliance landscape and maintain a competitive edge in a challenging sector. [RW5] Within a trend towards both financial transparency and environmental intervention which will only keep growing, taking steps now will be a key step for business continuity tomorrow. Adoption of AI-driven solutions enables compliance teams to keep up with the pace of regulation, even as it rapidly changes and evolves.

Just avoiding repetition of ‘complex’ – some other word than ‘difficulty’ might be better, if you prefer. [RW1]

Again, just finding ways to paraphrase complex/add some nuance. [RW2]

We want to be careful about appearing too self promotional, or the editor will reject. We should flag when we share the byline that the editor may reject the para which talks about lumi tech specifically due to neutrality guidelines.  [AM3]

Is ‘data room’ a term of art Luminance uses? It’s new to me, if so. [RW4]

This is fine in itself, but feels like it’s repeating what’s already been said in the byline. We could do with a bit of a step forward in the thinking that really brings the point home. [RW5]

One option would be to say something like:

“The 60% of compliance staff who report burnout might tell us all we need to know about the landscape right now, but there’s no reason to believe that this challenge will ebb in the future. Within a trend towards both financial transparency and environmental intervention which will only keep growing, taking steps now will be a key step for business continuity tomorrow…”

And then spell out the adoption of AI-driven solutions (which themselves will evolve at pace alongside changing legislation/regulation)?

Continue Reading


Three ‘Must Haves’ to Convert Data Disaster into a Triumph

By Richard Connolly, Regional Director for UKI at Infinidat

When we think about disaster recovery planning, our thoughts tend to focus on natural disasters.  While flood, fire, earthquakes and other natural disasters are an IT disaster too, they are not as frequent as many think.

But another type of disaster is looming large. It’s entirely preventable. I’m talking about a cyberattack. Cyber threats are much more likely to occur than a natural disaster. Cyberattacks are now widely regarded as one of the single biggest risks that any organisation faces and almost always cited by CEOs as their #1 or #2 existential threat.

The risks of a cyber attack are evident in the UK Government’s Cyber Security Breaches Survey 2024. This study reported that half of UK businesses (50%), have experienced some form of cyber security breach or attack in the last 12 months. Among the largest businesses in the study, the frequency of cyber incidents is even higher. Seventy percent (70%) of mid-range businesses and 74% of large businesses (74%) reported an attack.  And these threats are not limited to the UK, as both the European Union and the United States have put out cyber security guidelines for business to follow to try to reduce the impact of cyber crime.

40% of big business cyberattacks are malware related

Cybersecurity attacks come in many forms and include a broad range of activities. Of all the possibilities, a malware attack is known to be the most disruptive to business operations. Malware incidents account for 40% of all cyberattacks on large businesses in the UK specifically and are a significant threat because of the risks they pose to data integrity. Regarded as ‘data disasters’ by storage experts, even a small malware incident can result in a business being shut down for days or weeks. Could your business survive an incident like that?

Minimise the threat of a cyberattack

If your business becomes the subject of a cyber attack, what steps can you take to minimise disruption and ensure the fastest possible recovery? In the past, one way a business could protect its data from disaster was by having data backups stored at multiple locations. If one site was hit, there would always be another copy available. Unfortunately, things are no longer that straightforward. Data disasters, like massive ransomware attacks, have completely changed the rules of disaster recovery and business continuity. Added to this, the significance of business data as a strategic asset is much greater today than it was previously. It’s why KPMG advises that ‘data is the most significant asset many organisations possess’ and protecting it isn’t just a case of having it stored at multiple locations.

3 must haves for a data disaster triumph

There are three absolute ‘must haves’ when it comes to being prepared for a data disaster with an iron-clad recovery strategy. These are as follows:

Must have #1 The ability to take ‘immutable snapshots’ of data that cannot be altered in any way and then isolate them in a forensic environment, when an attack hits. This means the copies can safely be analysed to identify a good replica of the data to recover.

Must have #2 The ability to perform cyber detection on primary storage, i.e. the data, programmes and instructions that are being used in real-time by the business; and secondary storage – data that is accessed less frequently or retained for compliance and historical reasons. Both are critically important.

Must have #3 The ability to instantaneously recover data.

Why are the data recovery ‘must haves’ so critical?

Looking into each of these capabilities in detail, immutable snapshots are the foundation of a robust data disaster recovery. Without a good copy of your data, you cannot recover quickly after a ransomware attack, which is likely to have corrupted or encrypted your data. By segregating the data copies with logical air-gapping and then having a fenced forensic environment, you can create a safe space to review the data prior to recovery. Even if datasets have been taken “hostage,” it’s possible to complete a recovery back to the most recent known good copy of data. This can completely obliterate the impact malware attacks can have because if the data is fully recoverable, there’s potentially no need to pay the cybercriminals.

The second “must-have” ability is cyber detection on primary and secondary storage. This is important because it can be an early warning sign of a cyberattack. It also ensures that there is no ransomware or malware hidden in the last known copy of data that you could revert back to. But before going through to the recovery stage, how do you know that a data copy is really “clean?”

This is where advanced cyber detection capabilities built into a software-defined primary storage platform can make the difference. They make it possible to do highly intelligent, deep data scanning and to identify any corruption whilst the data is still segregated in a fenced forensic environment. Additionally, identifying the highest integrity copy is more straightforward and it also provides indexing to identify potential issues.

The third “must-have” ability is rapid data recovery. This is obvious, but it’s easier said than done. When a business experiences a data disaster, time is of the essence. They can’t wait for days or weeks to recover a known good data copy. Even six hours of downtime is too much. Recovery should ideally take minutes to avoid a negative impact on the business. For this reason, experts measure how quickly you can recover your data and the quality of the data. Can you bounce back from a cyberattack quickly? Would your employees and customers notice if you were hit by a malware incident?

1 in 2 UK businesses experienced a cyberattack in 2023

The Government’s research says it all. Cyberattacks are taking place all the time and the latest study shows that 1 in 2 businesses are being affected. 40% of the attacks involved ransomware. As data becomes ever more important as a business asset, we can expect that these types of data disasters will become even more commonplace.

Although, your business might not be able to completely avoid a malware or ransomware attack, you can avert a full blown disaster and avoid the disruption they cause. By protecting your business with the three disaster recovery must haves – immutable snapshots, fenced forensic environments and advanced cyber scanning and rapid recovery – you will have done everything possible to mitigate this risk.

Continue Reading


Preparing data for DORA compliance

Source: Finance Derivative

By Andrew Carr, Managing Director, Camwood

The financial sector is increasingly looking towards technology as the way to introduce new products and services and achieve competitive differentiation. But this reliance opens up avenues for cyber hackers to exploit weaknesses, and it’s a risk that the World Economic Forum has taken note of. Funding issues, reputational damage and a detrimental impact on other critical services could ensue from a successful attack, and the EU is making moves to counteract the threat.

The Digital Operational Resilience Act (DORA) will be applied on 17th January 2025. It’s a framework that makes prevention the priority, with the IT security of financial entities including banks, insurance companies and investment firms coming under its scope. Primarily applying to EU-based firms, UK organisations that work in EU markets also need to be compliant. With the implementation date nearing, businesses should review their preparations and ensure everything is ready, with a particular focus on their data management processes.

The details behind the regulation

The DORA regulation encompasses several key areas, including ICT-related incident reporting, digital operational resilience testing, ICT risk management and even monitoring of primary third-party providers. It also emphasises information sharing for exchange of data and intelligence around the latest cyber threats. Failure to comply can bring significant consequences. Fines can be up to 2% of total annual  turnover or up to 1% of average daily turnover worldwide.

Firms need a strong understanding of their data to meet the criteria, such as timely reporting of cyber incidents and sharing relevant intelligence. For example, there needs to be awareness of where each piece of data is located, who has recently accessed it, the access permissions attached to it and the type of storage being used. For numerous businesses, this information isn’t privy to them. A mixture of data is likely to sit in a complex mix of cloud, on-premise and multi-cloud deployments.

Data in numerous locations

A significant amount of data is hiding in places that financial organisations aren’t aware of. This is not because of any malicious activity, but simply due to natural data sprawl in different hosting solutions over so many years. Multi-cloud has achieved widespread adoption, with nine-in-ten organisations following this strategy according to the Flexera 2024 State of the Cloud Report.

This widespread distribution of data complicates locating specific information for sharing and presents security risks that jeopardise compliance with the DORA regulation. For example, it’s possible to have multiple copies of the same sensitive document stored in different locations. This not only wastes available storage space, but also increases the chances of unauthorised access to the data.

Supplier relationships are another key aspect of the regulation. Strategic partners will likely need access to a specific part of a financial firm’s system, and this data must be readily available, all while ensuring they can’t access other sensitive information. If a supplier fails, is the financial firm able to call on a readily available list of alternative service providers to ensure continuity? Data needs to be organised and in the right place for this to be made a reality.

Organising data

Achieving DORA compliance requires organising data into a manageable structure through several key steps. This starts with a data audit or assessment to identify data locations, storage types, retention periods and last access dates. This process provides a snapshot of the current data situation and highlights any necessary changes or alterations before January.

Next, fragmented data can be relocated from obscure locations to more logical ones and be clearly tagged. This allows users to easily identify data for sharing or reporting purposes. Duplicate documents can be identified and deleted in a move to free up space, reduce storage costs and lower cyber risks.

Finally, access controls and governance can be implemented to ensure that only authorised personnel, whether internal or external, can access specific data. Previously, 73% of leaders and employees have admitted that a lack of trust and data overload has hindered decision-making. With data properly organised, leaders and staff can make informed decisions based on accurate and trusted insights.

Planning ahead

As the financial sector increasingly relies on technology to move ahead with innovation, it must also address the associated risks. With the application date of DORA looming, which has strict requirements including incident reporting, ICT risk management, operational resilience testing and third-party oversight, firms need to tackle their data challenges head-on by assessing their current situation and implementing sufficient data management practices.

Data sprawl is a significant challenge, but detailed audits and structured data management can reduce risks and enhance operational resilience. By identifying where data is sitting, eliminating any duplicates and integrating strict access controls, financial organisations can ensure compliance while simultaneously strengthening their defences against cyber threats.

Continue Reading

Copyright © 2021 Futures Parity.