IBSi Blogs

By Kamal Sharma, a certified data warehouse management consultant, a veteran in India RBI regulatory reporting and he leads business development for the regulatory practice at Profinch Solutions.

In a deeply interwoven world, where a flutter here can induce a burst there, global financial systems function as a unified organism, whose movements greatly impact the world economy. Regulatory reporting and banking supervision is a systemic approach to ensure the health of this organism and pre-empt issues before they snowball into crises. Precipitated by the global financial crisis of 2008, adequate risk data systems and processes have helped banks build resilience and ability to weather crisis, as has been largely evident in pandemic ridden times. In continuing to supply the financing the economy required, the financial system has alleviated, and not amplified the impact of the crisis. There is no gainsaying that a robust banking sector, ably backed by effective global regulatory standards is of paramount importance.

The vertebral column of regulatory reporting

The Basel Committee on Banking Supervision (BCBS), first formed in 1974, is the primary global standard setter for the prudential regulation of banks and provides a forum for regular cooperation on banking supervisory matters. Its 45 members comprise central banks and bank supervisors from 28 jurisdictions. The Committee has established a series of international standards for bank regulation, most notably its landmark publications of the accords on capital adequacy which are commonly known as Basel I, Basel II and, most recently, Basel III. Through various guidelines and frameworks through the decades, BCBS ensures that international supervision coverage is all-encompassing and all banking establishments are adequately and consistently supervised. One of the core regulatory initiatives in recent years is BCBS 239 – Principles for effective risk data aggregation and risk reporting (RDARR). With the explicit intent of enhancing banks’ ability to proactively identify bank-wide risks by augmenting data aggregation and risk assessment capabilities, BCBS 239 has been an opportunity for banks to go beyond basic compliance and derive significant strategic value for their business. While implications of non-compliance by designated timelines like regulatory penalties & increased capital charges, regulatory & reputational risk and loss of competitive advantage have been spelt out, data and infrastructure platforms across banking institutions are yet to be fully revamped to meet the BCBS 239 guidelines. As per a progress report published by Basel Committee in Apr 2020 for G-SIBs (global systemically important banks), none of the banks are fully compliant with the Principles, even though there has been notable progress in key areas like governance, risk data aggregation capabilities and reporting practices.

A necessary woe

While its importance cannot be emphasized enough, compliance and regulatory reporting is a rather challenging area for banks to navigate. Since GFC in 2008, the regulatory pressures have burgeoned, with an astounding number of data points required at a high frequency and uncompromisable accuracy. More than 750 global regulatory bodies are pushing over 2,500 compliance rule books and giving rise to an average of 201 daily regulatory alerts.

Some of the challenges faced by financial institutions around core regulatory reporting are:

• Ever-increasing complexity in the reporting system.
• Keeping pace with frequent changes and being able to correctly interpret regulatory requirements.
• Reporting timeframes crunched from months to weeks to ensure a timelier view of financial risks.
• Dependence on manual processes, multiple siloed systems to meet various complex requirements – puts huge pressure on resourcing, time, efficiencies, accuracies. The inflexibility impairs adaptability to changing regulatory demands.
• Data quality and integrity with ineffective data quality frameworks.
  As per a study, 31% of institutions identify data quality issues as a major impediment in effectively meeting compliance requirements. Furthermore, analysts spend most of their time on data collection and organization and abysmally less on data analysis.
• Maintaining end-to-end data lineage to be able to trace back the final numbers to the origin and validate them during onsite inspection.

How COVID pulled the strings for regulatory reporting

The pandemic has led to heretofore inconceivable actions by governments of the world like the shutdown of economies to contain the spread. In the face of this, ensuring economic and operational resilience of the global financial system has been the topmost priority of global regulators. Banks are faced with ensuring continued lending despite shrinking revenues, mounting cost reduction pressures, growing liquidity risk and erratic workforce productivity due to remote working. Regulators are attempting to strike a balance between implementing adequate measures for risk assessment and mitigation to avert a full-blown financial crisis, and relaxing several other activities like

• Loosening implementation deadlines of new regulations.
• Deferring submission deadlines for existing regulatory reports.
• Suspending non-critical supervisory examination activities.
• Allowing early adoption of risk/ exposure calculation methodologies.
• Relaxing various buffers and reserve ratio requirements.

National and international regulatory bodies, the federal bank regulators, ECB, governments in APAC etc swung into action starting March ’20 to ensure the post GFC resilience of banking system keeps the economies afloat. BCBS has taken several measures to amplify the effect of the range of government support measures and payment moratoria programmes. While banks have been able to absorb losses until now, the credit losses are only going to mount as the pandemic shows no sign of abatement. As per the latest annual banking report by McKinsey, amidst a muted global recovery after 2021, banks are likely to face a huge challenge to ongoing operations that may persist beyond 2024.

Resilience is the mantra here – entering the crisis armed with resilience and braving it, and moving beyond the crisis with the resolve to build resilience into the DNA of banking systems. A robust regulatory framework has a major role to play in this.

Emerging themes

Technology is at the heart of cultivating a culture of proactive and comprehensive approach to regulatory reporting. According to Accenture’s Compliance Risk Study, compliance can no longer depend on adding new resources to increase effectiveness. Strategically planned adoption of Big Data and AI technologies can help arrest/ better handle the above listed challenges faced by banks.

The voices demanding respite from labour and time-intensive process of repeated reformatting of data points are becoming louder, leading to discussions around real-time regulatory reporting giving regulators direct access to source data. Austria implemented a similar reporting model with an intermediary in place to collect data and interface with the regulator. While we may be looking down the barrel of real-time reporting, it comes with implications for quality of information delivered, complete overhaul in how banks function like moving from month end closing to day end or week end closing, ability of regulators to process colossal amounts of raw data.

While digitalization promises to revolutionise how banks operate, there are risks and challenges that come with it. The rapidly evolving cyber-crime and increasing reliance on third-party service providers calls for closer regulatory monitoring and supervision.

Supervision and Regulation may have to factor in longer-term systemic challenges arising from outside the financial system, but with very clear implications on it. While COVID-19 is an example of low-probability high-impact factor, there can be slow-moving but long-term structural changes in our ecosystems that can have a far-reaching impact like climate change, changing demographics, income inequality & ensuing need for financial inclusion and sustainability.

There is clear global multilogue around whether some aspects of the regulatory system are unduly complex, hindering the resilience of the banking system on one hand and financial dynamism and innovation on the other hand. There is a case for rebalancing the degree of simplicity, comparability and risk sensitivity of the global frameworks.

By Tom Ainsworth, Head of Customer Engagement, Jitterbit

Despite our best hopes, 2021 is shaping up to be another year of continued disruption. Many organisations in the financial industry will have moved heaven and earth over the last year to meet seismic changes in customer needs and behaviours.

Some of those innovations will have been on the digital transformation roadmap well before the pandemic. Others will have been quick fixes, often delivered by IT teams under enormous pressure and in record time.

This year, then, is the time for financial organisations to take stock and solidify new ways of working while ensuring they are responsive and resilient to the ever-changing business environment. Here are four trends already emerging in how IT teams are planning to meet the challenges that undoubtedly still lie ahead in 2021.

1. Embrace low- to no-code

Moving to a low- or no-code methodology helps an organisation address the everyday tactical challenges that arise in a fast-moving business environment. Let’s look at the example of a team that has yet to invest in low- or no-code solutions. They might be using an older, incumbent piece of legacy software, where only one or two developers internally know the tool. When a tactical requirement arises – say, a change to an existing process or workflow – it goes into a backlog until one of the developers who is familiar with the legacy software has availability to custom code a solution. Immediately, there’s a bottleneck in the business.

Contrast this with a low- to no-code environment, where these sorts of integrations are ‘plug and play’, often using pre-built templates. Updates and integrations can be managed by business analysts as well as any developer so tactical requirements end up being shipped much faster. And we see how that trickles down through the entire organisation. In the financial services, this is mission-critical because there’s a high dependency on delivering on the promised customer experience and maintaining customer confidence. People often ask me when’s the right time for them to invest in low-code. My answer is, assume you need low-code solutions, don’t wait for red flags in the business.

2. Face up to your technical debt

Oftentimes, IT teams will respond to a red flag in the business with a quick fix – something which typically incurs an amount of technical debt. A bit of custom code or a work-around process which an individual on the team hacks together, usually under pressure of time. And, in a team without a low-code culture, this can seem a reasonable way forward. But in six months’ time, when that employee leaves, the knowledge about that fix leaves too. Suddenly there’s a black box in the business which now needs ever more quick fixes to work around, accruing yet more technical debt.
At Jitterbit, we recently onboarded a new customer from the financial services. It’s a challenger bank where this kind of hidden technical debt suddenly became apparent during the pandemic’s first lockdown. Calls to their call centre increased and it transpired that several ‘fixes’ in the business could not scale to meet demand. The technical debt they’d accrued over time had to be paid back immediately and without warning.

This customer came to us because firstly they needed an immediate solution – and secondly, because they realised they could have avoided all this pain in the first place. An integration platform-as-a-service would have solved their tactical challenges without the need for custom code workarounds and all that associated technical debt.

3. Work towards becoming vendor-neutral

Organisations in the financial services are, in the main, on board with the need to become more vendor-neutral. It’s a fast-moving vendor marketplace and Technology and Information leads want the agility to work with the best-of-breed for any given aspect of their stack so their organisation can stay competitive and resilient. Contrast that to ten years ago, when CTOs wanted monolithic partners who could provide hardware, software and services in order to remove the integration complexity of having multiple vendors in play.

In a sense, the monolithic approach did the job. But in return for greater operating simplicity, buyers had to accept a ‘middle of the road’ type standard of tools and services – and less ability to respond quickly to changes in their business environment. With the rise of integration platforms and pre-built templates, CTOs today no longer have to make a choice between the quality of their solutions and the complexity of managing them. Integration platforms are like a connective layer on which to build. Having this foundation means it’s simple to integrate multiple best-of-breed vendors and manage hundreds, even thousands, of API connectors. This is the key for any financial organisation wanting to stay competitive, responsive to customer needs and resilient to change.

4. Prepare for hyper-automation

The way we work is changing. Not only has remote working swept the world. Increasingly, organisations are realising that to stay competitive, any task within the business that could be automated should be automated. This creates significant new efficiency gains within the business while at the same time liberating people to focus on more innovative or customer-orientated tasks. Being able to deploy ever-greater automation requires the right technology foundations within a business. If you are starting out on this journey, think of hyper-automation not as a destination but as the technology toolbox you’ll need to make progress.

At its heart, hyper-automation is about data and removing manual processes in the way an organisation gathers, analyses and deploys data. Every hyper-automation toolbox will therefore need to include Robotic Process Automation (RPA) solutions which enable the automatic processing of data. Data Lakes, Data Integration Hubs and Virtual Data Warehouses will help organisations store and process data into information. Analytic tools will allow information to be turned into knowledge, ready for action at every level of the business.

By coupling these technologies with an integration platform-as-a-service, technology leads within financial organisations can focus on choosing the best-of-breed suppliers for their particular needs rather than how they need to be integrated. Many financial organisations are large, spanning investments, insurance, retail and commercial banking and beyond. Because of integration challenges and data silos, the historic challenge has been to derive actionable business knowledge across the entire business portfolio. Hyper-automation now makes a 360-degree view of the whole business not only possible but requisite. Much like the move to digital 25 years ago, the companies that embrace hyper-automation first will be at a distinct ‘first mover’ advantage, seizing a vantage point which could prove hard for competitors to assail.

Tom Ainsworth
Head of Customer Engagement
Jitterbit

Financial services businesses have bold ambitions to cater to today’s digital natives and deliver better service and usability for customers overall. But could better customer service come at a security cost?

By Michael Down, Principal Solutions Architect, Elastic

Improvements to customer service can increase security risk by expanding the attack vector of the business and introducing evermore security vulnerabilities that can be exploited by cybercriminals.

I see many firms at the edge of the new digital transformation era that are hampered by their security provisions, which either do not scale or are not flexible enough to meet the growing demands of the business. Security can never be an afterthought. In a tightly regulated industry where security is a critical element of every bank’s function, it’s imperative that every bank gets it right from the outset.

Large global banks with distributed departments in markets worldwide that are looking for ways to solve the security problem can’t just throw more security personnel at the issue. That just increases OPEX and in many cases does not actually increase the overall security of the bank.

Businesses must continually weigh up risk and cost. They want to know the risk and cost of deploying new technology that will enable new services. It’s the same for security. Today’s businesses have less free capital to invest and need to grapple with how they use existing systems better and unlock more value with new investments. That comes from better use of data.

Businesses need to start using data and algorithmic thinking to solve security problems. Collect and analyse the data available to them in real-time, using machine learning to create an automated response, and not as isolated departments but as a holistic organisation to strengthen trends and pattern monitoring.

By making better use of existing data and systems, the cost issue that plagues so many banks is more easily solved. What’s more, the time to value investments is improved through increased understanding of how they work and creating baselines that mean anomalies are easier to spot and act upon. It’s a smarter approach to security that means banks shouldn’t be afraid to make investments and prepare for the future.

Elastic is a search company built on a free and open heritage. Anyone can use Elastic products and solutions to get started quickly and frictionlessly. Elastic offers three solutions for enterprise search, observability, and security, built on one technology stack that can be deployed anywhere.

By Jason Harrell, Executive Director, Technology Risk Management, Head of Business and Government Cybersecurity Partnerships at DTCC

2020 has been filled with many significant events. Brexit, the upcoming US elections, and the ongoing COVID-19 pandemic have dominated headlines and have driven market behaviour. The financial sector closely monitors these current events with a focus on continually enhancing its ability to be resilient to the increased and ongoing cyber activity that often results from them.

Resilience, or the ability to prevent, adapt, respond to and recover from events that affect a firm’s operations, requires a comprehensive strategy. As a result, market participants, working alongside supervisory authorities, vendors and their peers, must consider how they can continue to bolster the preparedness and response of the collective global financial system in the face of disruptive events.

This on-going assessment has revealed three areas which can continue to be improved: workforce displacement, third party/supply chain risk, and incident reporting.

Workforce displacement
The coronavirus pandemic shifted the workforce from largely centralized office locations to countless home networks. This sudden shift has increased the pressures on millions of families to adjust to a new work-life approach. For financial institutions, this displacement created a greater reliance on its employees to protect their home networks from compromise while increasing vigilance around the current safeguards to protect the organization from this new threat vector. For individuals, the shift from office to home can potentially lower an employee’s focus and ability to identify phishing and business email compromise attacks. Cybercriminals have sought to capitalize on this area with numerous attempts to lure individuals to click on malicious links related to the pandemic. COVID-19 heat maps, information sites, donations, and other emails are constantly being used to entice individuals. Financial institutions must continue to be vigilant in providing their workforce with the tools and information needed to fully understand these attacks and protect themselves, their home networks and ultimately their organization from compromise.

Third-party/supply chain
Firms are increasingly leveraging third-party providers to accelerate innovation and reduce costs by outsourcing operational services. While this approach has advantages, it is important that financial institutions understand the operational impacts of a third-party supply chain disruption during times of stress or volatility. This presents a strategic challenge, as it can be difficult for firms to fully understand the resilience capabilities of third-party vendors. These third parties may also use vendors and other service providers which increases the difficulty for financial institutions to understand the complexity of their supply chain. An expanded supply chain also increases the surface area for potential threat actors to disrupt a firm’s activities and overall financial market stability.

While industry discussion around third-party risk and resilience are ongoing, two clear themes are emerging. One, third-party risk is a growing area of interest among global supervisors looking to ensure their regulated entities have business models and operating structures in place that manage these potential risk exposures. Two, there is a shared responsibility between financial institutions, supervisory authorities, and critical service providers to affirm sector resilience from third-party service disruptions and address any cybersecurity gaps that may be created by expanding supply chains.

Incident reporting
Financial Institutions that provide multiple financial products or operate in several jurisdictions may be subject to examination by numerous supervisory authorities. These same authorities must be notified of material operational events that impact the delivery of financial services to the market. These notifications may differ around the amount of time given to report an incident, the information required in the notification, and how these reports are submitted (e.g., email, web form). These deviations make it challenging to comply with regulatory obligations while simultaneously managing the resources necessary to effectively respond to an incident. Therefore, any opportunity to better align incident reporting across regulatory authorities and reduce the resources required to report an incident could increase the resilience of the financial sector and should be considered. Harmonization around incident reporting may also provide greater insights into operational incidents across the financial services sector, which could be used by financial institutions to focus on potential weaknesses or changes in the threat landscape.

Since 2013, cybersecurity has consistently claimed the top spot on DTCC’s annual Risk Forecast since the survey launched. The survey that will inform the 2021 forecast is currently underway, and while the pandemic and geopolitical factors are likely to rank high on the list, it is expected that cybersecurity will remain a chief concern and a continued threat to resiliency. By working to better address areas such as workplace displacement, third party/supply chain risk, and incident reporting, institutions can help to ensure the resilience of an increasingly digitized and interconnected financial services industry, while cultivating trust that the markets will continue to operate smoothly.

Jason Harrell
Executive Director, Technology Risk Management, Head of Business and Government Cybersecurity Partnerships
DTCC

Many of us use physical biometric authentication every day when we log into our mobile devices. It relies on innate human characteristics such as fingerprints or iris patterns. But what are behavioural biometrics?

By Abdeslam Alaoui Smaili, CEO, HPS

The pandemic has accelerated the global journey towards cashlessness and digitalisation. The transition away from cash and towards digital payments has brought with it many benefits, including greater financial inclusion in developing countries, since those who were previously unbanked now have greater access to merchants and services through the use of mobile money.

With the emergence of real-time confirmation and settlement, merchants have greater visibility and view on liquidity. This greater transparency is also helping governments to develop better-regulated tax systems and to more easily identify fraud and financial crime.

In order to combat the heightened risk of fraud that comes with the increased use of digital payments, it is vital to adopt rigorous digital authentication and security measures to protect consumers – and biometric measures can help to bridge this gap.

It is estimated that nearly 90% of smartphones around the world will have a form of biometric capability by 2024, according to research by Juniper. It also forecasts that $2.5 trillion in mobile payments will be facilitated by biometric data by 2024.

But what are behavioural biometrics?

In the payments world, behavioural biometrics, also called DNA mapping, are used to prove the identity of the user, authenticate the user and prevent fraud. For instance, mobile and online experiences built with behavioural DNA mapping can ensure a seamless and secure customer experience by analysing multiple data sets including the way a user holds their phone (in their left hand or right hand), the sizing of their hand, the way they swipe, navigate, or even the way they turn on the mobile.

Today’s behavioural biometric platforms can collect more than 2,000 parameters from a mobile device by leveraging artificial intelligence (AI) and machine learning (ML) techniques. The collected data is used to create and train a customised security model for each user in order to secure his account and differentiate him from impersonators and robots. The trained models are polled to give an optimal prediction in real-time while the user is logging in, and as result the fraud detection can be accomplished without impacting the login performance.

The perfect match for payments

Since behavioural biometrics offer a frictionless authentication method, it is ideal for digital transactions. It does not exert any change into the user experience which keeps the effort required on the part of the consumer to a minimum.

Behavioural biometrics have strong fraud detection capabilities: it is possible to distinguish a real user from an impostor by recognising normal user behaviour and fraudulent behaviour in real time. For example, if you somebody was to steal your phone and try to log into your phone, your mobile wallet or your online banking applications, an efficient behavioural biometrics solution will be able to block the user, even if the password used is the correct one – simply because the way the thief used your phone would be different to the way that you use it.

It can also be used to detect fraudulent activity online and to help distinguish a robot to a human user by analysing several elements. For example, how is the text being typed? How long does it take the user to fill in each field? How does the user navigate the website? Do they usually scroll this fast? Are they taking longer than usual to answer their memorable information?

Behavioural biometrics continues to strike the right balance demanded by the payments landscape. The authentication is invisible, but mobile and online payments remain secured. As more businesses, governments and countries begin to digitalise in response to the Covid-19 crisis, the demand for behavioural biometrics technology and its ability to protect consumers looks set to grow.

2020 has been a year of challenging moments in wealth management. From a pandemic to a recession, and Brexit. For investors, these challenging moments are represented in asset price volatility, ultra-low interest rates and an uncertain financial market.

By Christophe Lapaire, Head Advanced Tax Services,  Swiss Stock Exchange

As we approach and sail past these various milestones, how are investors expected to fare over the next couple of years? Although markets seem to be coming back on track, both private banks and wealth managers globally still have big questions around what they can do to ensure performance in investment portfolios.

With that in mind, many private banks and wealth managers are starting to carry out the act of utilising tax optimisation. Helping them to stay prepared for any more upcoming uncertainty.

The impact of unexpected changes in our ecosystem on tax optimisation

Many private banks, investor clients or wealth managers may be aware of the benefits that it brings, however, not all have the capability to utilise it. Outdated technologies and manual processing within their infrastructure are not ideal for delivering tax optimisation services.

That said, due to regulatory changes that have cropped up around unexpected situations such as the pandemic and the following recession, some businesses have been pushed to update their technologies, now putting them in a better position to deal with current and potential uncertainties.

The private banks and wealth management firms that have been utilising tax optimisation view it as integral to the overall investment offered as it helps to reduce tax charges to a minimum by using the advantages of the law, without violating tax laws, whilst reclaiming all foreign withholding taxes.

Effective tax optimisation

Although tax optimisation benefits all, it is not necessary for every country as many provide capital gains exemptions. However, the tax performance of those countries that do not, will suffer, impacting any and all portfolio’s that are not optimising effectively.

Effective tax optimisation is essential if you want to manage and reinvest funds easily, whilst not being impacted by the worst of any tax leakage. Taxation requirements are not always uniform within countries and this lack of expertise can also lead to incurring tax that should have been avoided or mitigated.

Tax optimisation should be seen as integral and those who do not jump on-board sooner rather than later risk falling behind to the private banks and private managers that do.

There’s no ‘one size fits all’ answer

Nonetheless, tax optimisation is not always the answer for every private bank or wealth management firm. They all have different systems and infrastructures and there is no ‘one size fits all’. Without those up to date systems in place, some of these processes would have to be done manually, and this can end up being incredibly labour intensive.

Wealth management providers that offer tax optimisation services must make sure that they have the appropriate setup to report their clients’ tax information. Fortunately, it’s not the end of the road for those who don’t have the right software for maximum efficiency as they still have the option of using tax reclaim services – such as the Swiss Stock Exchange’s advanced tax service. This will help them to be sustainable and create savings without increasing labour levels, generally at an affordable cost that brings value to their clients.

Within our current climate, investors are continuously seeking out innovative solutions for tax optimisation and the private banks and wealth management firms that have the capability to offer it will be the ones that investors go to. Unfortunately for the providers without these services, the risk of falling behind and losing clients to companies that do provide them is great.