As the financial sector embraces cloud technologies what are the critical factors for success?

Today in order to maintain competitive advantage, financial institutions need to be increasingly agile and quick in how they respond to fast-changing customer expectations and ultimately beat their competitors. To this point, last month the EBA — European Banking Authority published a Report on the Prudential Risks and Opportunities Arising for Institutions from Fintech.

by Roberto Mircoli, CTO Virtustream

The report provides an analysis of the risks and opportunities relating to the adoption of new innovative technologies, providing seven Fintech use cases, one of which is focused on outsourcing core banking and payment systems to the public, hybrid and private cloud.

The report looked at how cloud computing, which is an important enabling technology, is being leveraged by financial institutions to deliver innovative financial products and services. In particular it highlights that in recent years there has been increasing interest from institutions in working with cloud service providers. And although that interest was initially focused on migrating non-core applications to the cloud, the EBA found that many financial institutions are now exploring how to migrate core mission critical systems to the cloud. The report goes on to talk about how flexibility, scalability and agility are seen as the main benefits of public cloud, but adds that most cloud services have been standardised in order to allow services to be provided to a large number of customers in a highly automated manner on a large scale.

The underlying concern of course is that in such a security‑intensive and highly‑regulated industry, no one size ‘cloud’ fits all. So while it’s key that cloud providers standardise to very high service standards, those who also provide specialised service offerings and keep themselves open to individual use cases and customers’ requirements — e.g., for mission critical workloads ‑ clearly have an edge. This is precisely what Virtustream was built for, combined with a very high level of automation which reduces human intervention in the most complex IT operation processes, increasing efficiency and lowering risk exposure.

The EPA report goes on to outline two main criterion that need to be met to ensure financial institutions are making the move to cloud correctly. These include “choosing the right cloud service partner (CSP) on its journey” and “ensuring the internal organisation can meet the needs for this transformation alongside its CSP partner”.

Choosing the right CSP
Financial institutions must carefully select the CSP that is right and suitable for their needs. This will depend on the project in question, the institution’s overall strategy and the regulatory requirements that the organisation must meet. The organisation must also consider what data is appropriate and necessary to migrate to the cloud; remembering that they don’t necessarily need to take an ‘all or nothing’ approach to cloud services. Likewise any CSP that an institution works with must have a firm understanding of the relevant compliance landscape. It is important to be able to demonstrate that a judgment call can be made when required. For example this involves documenting the reasonable action that has been taken to prevent or mitigate a data breach or loss, creating a full ‘audit trail’ and evidence of the company’s compliance.

This is where the CSP must have the deepest and broadest expertise on what it takes to migrate complex mission critical systems to the cloud, as we know quite well at Virtustream, having undertaken thousands of such migrations including the creation of an L3 extension of our users’ private data centres into our cloud nodes and integrating with their existing system monitoring and management tools via a broad set of APIs.

Likewise it is really important that the CSP is not only experienced but has a robust methodology and operating model. For example, in addition to our advisory services at Virtustream we also take a greatly optimised approach to cloud onboarding, migration and operation that includes:

Assessment
Identifying all workloads across the application landscape, in order to analyse system configurations and interdependencies with an estimate of initial cost benefits.

Onboarding
Project planning and management, documentation of all applications and workloads, determination of the move sequences and thorough testing in order to identify any risks and issues, in order to finalise a full cutover plan.

Migration
The actual migration of production systems, technical checks for data consistency, conversion to production operations. GoLive™ migration checks, handover and transition to steady-state.

Managed Services
A range of flexible choices which include infrastructure managed services and application managed services. We also have expertise in a wide variety of databases, these include physical‑to‑virtual and virtual‑to‑virtual migrations, and database management.

The role of IT teams
The report also went on to outline how the role of IT staff in financial institutions could possibly undergo a significant transformation with increased cloud outsourcing services, whereby roles convert into support and consultation for cloud service selection, engagement and management. This is where the adoption of an enterprise‑class cloud provider with managed public cloud services that deliver private cloud attributes is really important, as this strategically enables a new operating model for IT; one that is based on business outcomes and has close alignment between IT and the business.

What I mean by this is having an operating model in place that delivers the ability to quickly implement new ideas so that the organisation can tap into new revenue streams and acquire new customers; a model that lowers complexity and — with that ‑ also actively improves the risk posture.

Adopting a cloud operating model across all areas of the business is probably the most difficult part of the transformation. The key aspect to remember here is that it means working more closely with the business; it means adopting an IT operating model that isservices and software product-oriented, not technology or project-oriented.

Looking to the sky
As cloud services become more integral to the whole organisation, so CSPs are going to quickly become part of the financial/banking infrastructure. However the risks involved in outsourcing data to the cloud carry wider potential consequences for any financial institution. This is why it is so important that regulatory bodies such as the EBA are able to respond to changes in the use of cloud and can continue to place strict compliance requirements on financial institutions and their partners.

To their credit many CSPs have started to accept this as part of their ‘joint responsibility’ when they engage with a financial institution, but as cloud adoption continues to grow, financial institutions will need to carefully plan for and monitor their compliance, while CSPs look to provide an adaptable framework — one that is agile and able to flex to meet the ever-evolving needs of the finance industry. If you are interested in reading the full report, you can download it here: Report on the Prudential Risks and Opportunities Arising for Institutions from Fintech.

Thanks for reading. We hope you enjoyed another contributed article by hands-on industry experts. Let them know you liked it by clicking the 👏 button — as often as you like.

Visit us on Twitter and don’t miss the current fintech newsletter issue here.


As the financial sector embraces cloud technologies what are the critical factors for success? was originally published in Fintech Weekly Magazine on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read More

Security, Security… (+ Tokens)

TL;DR:
Real-world assets represented by ERC721 non-fungible tokens is one thing. Saying that this kind of token is a security is confusing, inaccurate and sometimes plain wrong. Let’s talk about Asset-Based Tokens, specifically to differentiate between an ERC20 token interpreted as a security and a project seeking to bring use-cases to the Blockchain with a non-fungible token.

Representing real-world assets on the Blockchain in a legally binding way requires a methodology wich includes the application of local regulation and partners, along with an in-depth knowledge of the underlying offline processes. The current regulatory body in many countries seems to be already up to the task, but a ‘Proof-of-Concept‘ is not there yet. CoopCoin aims to execute its first legally binding factoring on the blockchain in the upcoming weeks.

Security for techies

Back in a former life as Information Security consultant, questions about security were mainly concerned with an asset’s CIA: confidentiality, availability and integrity. We would help a company put a value to that digital or non-digital asset, identify and evaluate where and how they were stored (and backed-up…), exchanged through which networks, accessed by what software, controlled through which IAM and so on. The company would then have to estimate the financial impact of non-conformance to CIA requirements for each asset to finally implement the all mighty Information-Security-Management-System (ISMS). Relatively straight forward if one had the right questions to ask.

The word ‘security token’ in a Blockchain context seems to have become the ‘one-size-fits-all’ word for referring to the representation of real-world assets as tokens. This approach is a questionable choice of words and oversimplification. First, not every real-world asset falls under a security’s regulation framework (and those vary widely from country to country), and second, it imposes ‘fear’ regarding the feasibility of a project that wants to work with tokens representing real-world assets.

Information Security and ‘Securities‘ nonetheless have an important goal in common regarding the representation of real-world assets: One needs to ensure the asset’s

  • Confidentiality: Who is the owner (or: how can one verify the owner)
  • Integrity: Does the asset represent what it was supposed to initially
  • Availability: Ensured through decentralization of Blockchain

ERC20- or ERC721 -Security?

At CoopCoin we prefer to talk about Asset-Based Tokens when we refer to a Non-Fungible ERC721 compliant Token(NFT) that is minted on CoopCoin to represent a real-world asset or its underlying claim. Scary enough that at times in talks with potential investors we have to explain what an NFT is, that it is unique and how it is different from an ERC20 Token.

The confusion is understandable and by no means their fault. Everywhere one can read of stories from cease-and-desist orders the SEC sends out to Blockchain projects. The reasons are numerous, but one of them is that promising the investor of an ERC20 Token a profit, makes it a Token that (in the USA) can be regarded as a security and as such the project most likely did not comply with applicable regulation when selling their tokens to whomever send them some funds. (If giving discounts on your Token for early buyers falls in the same category can only be speculated)

When reading or watching a conversation about securities on the Blockchain, I always hold and try to figure out which one they mean: the ERC20 Token or a ‘security‘ representing an asset. At times one wonders if the participants know the answer themselves.

Legally binding real-world assets on the Blockchain?

In many countries, from Chile to Mexico, the USA, European Countries and the even more progressive countries further east, digital invoicing, if not by law, is very common, often the norm. What does this mean for projects aiming to bring real-world assets onto the Blockchain?

At CoopCoin for example we will be factoring accounts receivable as our first business case.

Background: When a supplier (example: a Banana producer) sells goods to his client (example: a Supermarket), the client becomes the supplier‘s debtor and as such owes the supplier an amount of money (X) at a particular time in the future. Depending on the sector and the bargaining power, the debtor might have 30, 60, 90 or even more days to pay his debt. Recently those time frames have become ever longer, putting pressure on the suppliers as they have to finance their production and sales.

For this reason, companies turn to factoring, where they sell this claim of the invoice to an investor at a discount, so that they can receive a substantial part (maybe 70–80% of the total invoice) today, rather than in 90 days, and the remaining balance when the debtor pays the invoice, minus the discount.

To be able to factor the accounts receivable/invoice, various steps have to be undergone, for example:

  • make sure that the seller of the invoice is its legal owner and he has fulfilled his duty to claim the invoice
  • the invoice is of certain value, has not been paid already or been sold to a third party
  • the debtor exists and its default-risk is adequate to the proposed factoring terms

Today many companies already use services which provide these assurances in digital form (for example from EDI systems). In the USA through SPSCommerce, DiCentral or EZCom alone more than 120.000 companies receive their legally binding orders in digital form. How did they get here? By defining certain norms for the systems and interfaces (APIs) to create interchangeable files that are worth real money (or assets for that matter). (The interested reader can also refer to the ISO/IEC Standard 20022 for financial institutions that is slowly becoming the norm for accounting)

CONCLUSION

Bringing real-world assets onto the Blockchain will require that local regulation is known and applied in the least manual way possible. Similar to digital invoices in EDI systems, the Blockchain equivalent needs to provide the same assurance of the tokenized asset, giving both the seller and the investor the ‘security’ of trading a Token that will hold.

In an EDI system, the company tenant provides the ownership, a company-user, and its password. On the Blockchain, this is similar to the Ethereum Address.

The tokenization of assets will have a big impact on traditional processes and has the potential to (for lack of a better word) disrupt industries and today’s players. Current regulation in certain countries should already be sufficient to start using the Blockchain to trade tokenized assets.

Advantages are not only the mere elimination of manual processes, increased speed or transparency, but the possibility for entirely new functionalities regarding the usage of assets, for example, their splitting and bundling, collateralization in markets such as MakerDAO and other creative applications..

We are excited to see various projects going a similar way, aiming to bring real-world assets onto the Blockchain. We hope that they will do so only after extensive due diligence respecting applicable regulation to not create bad examples, unnecessary claims and with bad press and ‘fear’.

Please have a look at our prototype video where we show some of the steps it takes to mint an invoice into a non-fungible token.


Security, Security… (+ Tokens) was originally published in Fintech Weekly Magazine on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read More

How DApps Can Encourage Better Social Media Engagement

Have you ever delved into the comments section on a post by a favorite self-help guru, author or actor only to notice that she never responds to or acknowledges comments from her followers? That, in fact, the only interaction that this social media personality has with fans is through content that is posted and then left to die a slow death from lack of interest?

by Heidi Yu

It is a fact that a low level of engagement is almost guaranteed when followers habitually go unacknowledged by would-be influencers. When people see that there will most likely be no response, they are far less liable to comment on or like a post. This failure to follow up and nurture connections is a crucial yet common error made by content creators. Nobody likes to be ignored, and this behavior is the social media equivalent of delivering a rambling monologue and then immediately leaving the room, never allowing any input or response from those that you are supposedly trying to engage.

There are any number of reasons why a social media personality may feel wary of one-on-one interaction with fans. Some may be overwhelmed by the volume of comments on a post and feel unable to respond adequately. Others may feel concern about maintaining boundaries, even to the point of worrying about their personal safety. Still others may be unaware of the effect that their negligence is having on their fans.

Walking the fine line between engaging with fans and setting personal limits can seem daunting, especially if you are an appealing and knowledgeable personality with a lot of people clamoring for your attention. In the end, however, challenging though it may be to strike this balance, it is a situation that you must learn to navigate successfully if you are an aspiring social media influencer. You simply cannot afford to make the mistake of neglecting your followers. Fortunately there are intriguing newer technologies on the horizon to help you more effectively manage your social media presence.

Blockchain Technology Brings Safety and Transparency to Interactions with Fans
Blockchain-based technology is an emerging technology that is poised to forever change the way social media content creators interact with their fans. For those who need a little more background, a blockchain is a database in which records are stored on a decentralized network of computers instead of in one location, like on a conventional central database. Applications that run on blockchain technology are called decentralized applications, or dApps for short.

DApps are a relatively new technology with their defining characteristics still evolving, but they generally possess several common traits. First of all, they are open-source, meaning that any changes to them are decided by a consensus of all users in the blockchain database. Second, they are decentralized (stored on public, decentralized blockchains). Third, they generate cryptographic tokens to incentivize validators of the blockchain. And lastly, these tokens are generated by way of a cryptographic algorithm, like a Proof of Work (PoW) or a Proof of Stake (PoS) that demonstrates their value.

So now that we have a pretty good idea of what dApps are, just how can they help to foster the peace of mind that encourages deeper and more trusting relationships between influencers and followers? By nature, dApps and the blockchain technology on which they run have a built-in integrity and trustworthiness that can be missing from traditional applications. In the blockchain environment, every computer, or node in the decentralized database must validate each transaction in order for it to complete. Transactions are immutable once they are added to the blockchain record, that is to say that once a transaction happens, the record of it can never be altered or destroyed. This innate transparency of the blockchain environment also makes it much more difficult to perpetrate any type of fraud than it is on a conventional platform.

How dApps Can Help You to Engage with Fans
Now back to the reasons that an up-and-coming social media star may not be actively nurturing relationships with followers. If time and scheduling are issues, there’s a dApp for that. BOOSTO is a dApp marketplace that allows you to choose dApps that cater to your particular needs as an influencer and assemble them into a unique online “store.” If you don’t see the dApp you need, you can team up with a developer to create exactly what you envision. It’s like designing your own social media platform.

Maybe you need a dApp that schedules posts, and reminds you to check comments and likes at particular intervals. You can check the comments and choose a few to reply to once or twice a day, so that you don’t become overwhelmed by the volume of comments. If you don’t have time to reply right away, perhaps you can earmark certain comments with your dApp so that you will remember to reply to them later. Additionally, you could have your dApp prompt you to like a select number of comments to ensure that your followers always feel seen and heard. And remember, in order to make followers feel valued, it is always best to emphasize quality over quantity. In order to maintain an engaging level of responsiveness and enjoy meaningful discourse with fans, make sure that you aren’t posting more content than you can realistically manage.

Blockchain technology is also a wonderful solution if you are concerned about your safety and privacy as a public personality. Suppose you are a social media influencer who has found it necessary to block a follower who is giving you too much attention, or attention of the wrong kind? It would be easy on a traditional social media platform for that fan to simply assume a new identity and to insinuate him or herself into your following all over again, but since identities are verified in the blockchain ecosystem, assuming a fraudulent identity would be substantially more difficult to do.

In the end, whatever your specific concerns and challenges as a content creator, the transparency of the blockchain and the flexibility decentralized applications will go a long way toward inspiring the confidence that breeds more meaningful and authentic relationships between you and your followers.


How DApps Can Encourage Better Social Media Engagement was originally published in Fintech Weekly Magazine on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read More

Marketing for fintech — mistakes to avoid

Marketing for fintech — mistakes to avoid

Marketing in the fintech sector can be tricky. You need to ensure that you launch and manage a marketing campaign that promotes your brand in the best possible way, showing customers why they should choose you over your competition.

by Where the Trade Buys

However, this may seem easier said than done. To help, this guide will show you what you shouldn’t do when marketing in the fintech sector and how to ensure your next advertising strategy delivers the best possible ROI.

Not considering social media

Each fintech business needs to be mindful of the audience potential of social media. In fact, many sectors have fallen foul to ignoring and avoiding social media. According to Incisive Edge, banks were a prime example of this, citing a report from Carlisle and Gallagher Consulting Group that revealed 87% of consumers perceived social media usage by banks as being dull, irritating, or unhelpful.

Your audience spends so much time on social media. Securion Pay noted that an effective marketing campaign needs to consider Millennials, of who 84% have smartphones and 78% are on them for more than two hours every day. Embrace this and establish a strong presence on social media! Just make sure you have an effective plan for each channel — content for Twitter might not work as well on say, LinkedIn.

Social media is a fantastic opportunity to build rapport with your customers too. Even in the event you get negative feedback, the way you deal with it will be seen just as much as the original comment. You can turn a negative into a positive: show ownership of the feedback and resolve it quickly. If you ignore it, the chances are the unhappy consumer will feel stung that you have ignored their attempt to reach out to your directly and give you a chance to respond. They will turn to other websites to tell other people of this experience. As social media and customer services expert, Jay Baers says: “A lack of response is a response. It’s a response that says, ‘We don’t care about you very much’.”

Announcing everything the second it happens

Had an exciting development? Great! But before you rush off to tell the world, take a moment to pause. Would the news be better used slowly? Incisive Edge advises FinTech companies to consider an embargo if you’re heading to a trade show soon.

Go ahead and create your press release, but don’t let it be published just yet. Place an embargo on it, so that your press sources can’t publish the news until a certain date, such as the trade show or another effective date for your company. This not only stirs up a sense of excitement, but it also lets the journalists and content writers have more time to write an engaging and detailed piece.

Focusing only on online

It would be a mistake for a tech company to avoid all forms of offline marketing. But the world of offline marketing is still going strong, and it’s a great way to build your brand and get it noticed.

There have been some highly effective offline FinTech marketing campaigns, as reported by Delineo. In the report, a robo-advisory firm was shown to have created a brilliant offline campaign that saw printed adverts placed through the underground tube network. People don’t have great signal on their phones at underground stations, so tend to notice and read printed adverts more!

If you’re just starting out you might not have the marketing budget to do a wide-scale campaign, but that doesn’t mean print marketing is cut off from you. Are you headed to a trade show or exhibition soon? Seek out a provider of PVC banners and get your brand and goals printed up for your stand! Banners are a great tool at exhibitions, and tend to be more effective than digital ads at these events, with customers recalling the brand from a banner long after the show has ended.

Poor choice of words

Both your offline and online campaign need strong text. There’s no use having a well-placed digital advert or a beautifully designed banner if the language used is dull and uninspiring. Often overlooked, the use of language is a complex skill that can make or break your intended message. There’s a reason why so many people study language at high academic levels!

Think about what the goal of your marketing campaign is. What are you trying to tell the customer? At a basic level, new technology is designed to solve a problem, so tell your audience this. Words like “innovative”, “cutting-edge”, “rapid”, and “simple” can help address technology woes such as slow loading apps or complicated processes. After all, FinTech is a disruptive innovation — tell the world how it’s shaking up the banking and financial sector.

Make your business stand out for all the right reasons. FinTech is a fast-growing sector, so it’s vital that you keep ahead of the game. Keep your marketing strategy strong and wide-reaching with these campaign tips.

Thanks for reading. We hope you enjoyed another contributed article by hands-on industry experts. Let them know you liked it by clicking the 👏 button — as often as you like.

Visit us on Twitter and don’t miss the current fintech newsletter issue here.

Sources:

https://www.callboxinc.com/b2b-marketing-and-strategy/fintech-marketing-strategy-tips/

https://blog.incisive-edge.com/blog/6-fintech-marketing-strategy-tips

https://www.delineo.com/culture/4-fantastic-fintech-marketing-campaigns/

https://securionpay.com/blog/6-marketing-trends-fintech-industry/

http://www.brightnorth.co.uk/whitepapers/Image_Quality_and_eCommerce.pdf

https://skift.com/2016/05/13/why-the-tourist-brochure-is-still-surviving-in-the-hotel-lobby/

https://www.forbes.com/sites/rogerdooley/2015/09/16/paper-vs-digital/#7de095dc33c3

https://www.pinterest.co.uk/pin/307300374549933402/

https://www.ama.org/partners/content/Pages/6-dos-and-donts-of-promotional-product-marketing.aspx

https://expandedramblings.com/index.php/tripadvisor-statistics/

https://www.prnewswire.com/news-releases/print-ads-in-newspapers-and-magazines-are-the-most-trusted-advertising-channel-when-consumers-are-making-a-purchase-decision-300424912.html

https://www.forbes.com/sites/matthunckler/2017/02/01/jay-baers-top-3-tips-for-acing-customer-service-in-the-age-of-social-media/#1cbbd1764a08

https://www.forbes.com/sites/rogerdooley/2015/09/16/paper-vs-digital/#31d49c533c34

10 tech buzzwords marketers need to know |

This article was created by Where The Trade Buys. The UK brand has around 150 employees with bases in London and Sunderland.


Marketing for fintech — mistakes to avoid was originally published in Fintech Weekly Magazine on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read More

A Value-at-Risk Model for Cyber?

Yes, It Exists. And Watch Out for Fakes.

by Nick Sanna, CEO, RiskLens

From the $81 million sucked out of the central bank of Bangladesh in 2016 as a fraudulent funds transfer through the interbank SWIFT system, to the daily attempts to penetrate consumer-facing applications on bank websites with stolen user credentials, the banking industry knows that cyber-attacks pose a real risk, and cost, of doing business.

But while banks pay strict attention to value-at-risk (VaR) models to meet capital requirements for credit, operational and market risk, that level of discipline doesn’t often extend to the information security department. The conventional wisdom has been: You can’t quantify cyber risk in financial terms because it’s too complicated, too unpredictable, and we don’t have enough data to work with.

Without an estimate of the value at risk in cyber-attacks though, financial institutions or any type of organization can’t plan proportionate investments in cybersecurity or make informed purchases of cyber insurance. They also can’t meet the rising expectations of regulators that require cyber risk to be reported in financial terms: See the recent regulations and guidance documents from the New York Department of Financial Services and the U.S. Securities and Exchange Commission, and the proposed model for cyber risk analytics from the IMF.

Information security risk officers have come up with some clever workarounds. For the longest time, they have resorted to reporting on risk using vague, non-quantified output, often in the form of stoplight charts that show red, yellow, and green risk levels. Estimates about the probability of loss events and their impact were compiled using incomplete and flawed models, partial information and riddled with unfounded assumptions.

More recently, many financial services organizations have focused on maturity models — the more boxes you can check on a list of best practices, such as the National Institute of Standards Cybersecurity Framework (NIST CSF) and the better score you achieve on a scale 1–5, the less risk you can assume you have. You still don’t have an idea of whether you have more value-at-risk from a fake funds transfer or a user credentials spoof — but you are more “mature,”

Enter the marketers. In the past year, security software vendors have repackaged the maturity concept as “cyber risk exposure.” Combining an organization maturity score with scans for vulnerabilities, i.e. unpatched software, and evidence of threat activity, they put a number on your assumed level of risk, and call it risk quantification. Another approach now on the market: A black-box model that translates a scorecard into dollar figures of implied risk. These are steps that seemingly move in the right direction but fail to deliver what the market really needs — true cyber risk quantification. As a result, forward-thinking bank management just isn’t buying these watered down approaches that fail to enable cost-effective decision making.

But there is hope. In the financial services industry, VaR modeling is a statistical methodology used to quantify the level of financial risk within a firm or investment portfolio over a specific time frame. Value-at-risk is measured in three variables:

  • The amount of potential loss
  • The probability of that amount of loss
  • The time frame

New cyber VaR models have now emerged using probabilities to estimate likely losses from cyber threats during a given timeframe. A growing number of banks have adopted the Factor Analysis of Information Risk (FAIR) model for cyber value at risk developed by Jack Jones, a former chief information security officer at Huntington Bank. FAIR is an international standard maintained by the Open Group — far from a black box, its workings are documented for all to see. More than 3,500 risk management professionals belong to the FAIR Institute, the non-profit expert organization that promotes education on FAIR and sharing of best practices. FAIR is estimated to be in use at about 30% of the Fortune 100, including several of the largest banks in the world.

Cyber risk assessments performed with the FAIR standard allows risk analysts to make defined measurements of risk, be transparent about assumptions, inputs and outcomes, and show specific loss probabilities in financial terms (dollars and cents). Because much of FAIR assessments are defined in business and financial terms, executives, line of business managers, and other stakeholders can learn to speak the same language and participate in the decision-making related to cyber investments and define how much tolerance they have for certain forms of risk.

What is more useful in decision making? Knowing that you score a yellow, a 3.5, or knowing that there is a 10% probability that your bank can incur a loss of $95 million in the next 12 months due to fraudulent wire transfers? Knowing that 10 risk scenarios are marked as red, or understanding the probable amount of financial losses for each?

True cyber risk quantification enables a whole new class of decision-making. Now organizations can not only understand the financial impact of their top cyber risks. They can iterate those analyses and understand the effectiveness of security investments in terms of their capability to reduce financial losses, prioritize them, and determine the right amount of spending.

This quantitative approach can reveal some counter-intuitive surprises. As mentioned earlier, the customer credentials scam impact may be far lower than the fraudulent SWIFT transfer in terms of a single incident. However, the high frequency of the credentials scam may be costlier on an annual basis than the very low frequency SWIFT scam that requires a very high level of sophistication to pull off.

While the conventional wisdom may still claim that cyber risk quantification can’t be done, that’s not the direction that banking regulators are heading. The New York State Department of Financial Services (NYDFS) and SEC’s latest cybersecurity directives demand periodic risk assessments based on clear criteria for evaluating cybersecurity risks and existing controls. Their message to banks and other financial institutions is clear: Follow a standard cyber value-at-risk model and report cyber risk in financial terms or you’ll hear from us.

Thanks for reading. We hope you enjoyed another contributed article by hands-on industry experts. Let them know you liked it by clicking the 👏 button — as often as you like.

Visit us on Twitter and don’t miss the current fintech newsletter issue here.

Nicola (Nick) Sanna is the CEO of RiskLens. He is a regular lecturer at universities across the US on the subject of social entrepreneurship and is an advisory board member of the business school at CUA.


A Value-at-Risk Model for Cyber? was originally published in Fintech Weekly Magazine on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read More

Open banking is opening up business everywhere

Even though it’s early days for open banking there are already plenty of trailblazers offering new services.

by Huw Davies, CCO, Token

From forex to rental accommodation, personal identification to loyalty schemes, many customer experiences are starting to be transformed by the effects of Europe’s Second Payment Services Directive (PSD2) just months after it was introduced.

Low-cost travel currency provision, securing a new rental flat, buying goods online and viewing your complete financial position across multiple bank accounts have all become easier thanks to third parties taking advantage of the access the regulation gives them to customer bank details to provide new services. Innovation is alive and kicking and motivation to succeed is high.

For banks, initially concerned that PSD2 would allow others to come between them and their customers, the prize comes in keeping themselves at the centre of their customers’ digital banking experience. This will allow them to continue to collect valuable transaction data that will help them cross-sell and up-sell their own products and services.

For merchants and service providers, open banking promises to remove some of the hassle — known as friction — of registering new customers, recognising existing customers and completing purchases. It could also make it easier to make targeted offers and build loyalty.

Meanwhile, fintechs are hoping that the new services they can provide, such as bank-account aggregation, will capture the public’s imagination, helping them create new businesses.

Payments

The sheer variety and success of those already operating in the payments area proves open banking’s value.

Online property portals are developing open banking services that help both landlords and tenants kick off a new tenancy faster and at a lower cost. Traditionally, the first rental payment is often made by debit card, incurring high processing fees. The alternative is to set up a Bacs payment, which can involve visiting a bank branch and filling in forms. The whole process can take up to 10 days to complete.

For landlords and tenants alike, this can be too long and there’s no guarantee that any payment will ultimately go through. Meanwhile, the landlord may have lost alternative tenants. Savvy online property marketplaces will begin using open banking to take immediate payment directly from the renter’s bank accounts by the end of the year.

This approach not only circumvents the high fees but also cuts the amount of time it takes to make that first payment from days to seconds. Down the line, we expect these portals to incorporate identity and credit checks as well as recurring monthly payments into their solutions, removing further areas of friction.

In travel money and investments, there’s also plenty of activity. Caxton, for example, aims to remove the pain points associated with registering for and using a pre-loaded foreign-exchange card. These include high fees, delays in clearing the first payment from the customer’s bank account and the need to log into both bank and forex provider. Like the property portals, forex providers can take immediate payment directly from bank accounts, cutting the cost and closing the time gap from registration to live accounts.

Online investment services are also looking to offer similar services to streamline account setup and moving funds.

In all these areas, open banking is cutting the hassle and increasing automation, helping to bring down costs and improve the customer experience.

The scope of these services can and will be broadened out as open banking payment services take off and the simple use cases are proven. Expect to see recurring and bulk-payment facilities that will take the strain out of volume transactions, as well as services that offer lending on the back of payments.

Data aggregation

Allowing third-party access to bank data will open up the opportunity for far wider data aggregation than previously possible. Until now customer data was held in silos by different companies — banks, merchants and service providers. Post PSD2, those silos can be connected and the data within them pooled and analysed to create a richer customer picture. This can be used to offer new, relevant services and build loyalty.

There are many fintech and banking propositions that allow customers to view all their bank accounts from different providers in one place. At present, what you can do with the service is limited to views of account information. Soon, a more advanced version will allow customers to unlock the value of these services and act on the information — make payments between accounts held at different banks to pay off an overdraft, for example, or sweep money from a zero-interest current account into a savings account. Users will even be able to set up rules-based parameters around events that will automatically trigger money movement, helping them manage their finances better.

Similarly, loyalty programmes are more effective when they know more about a customer. Many are merchant-specific — think Tesco Clubcard or Boots Advantage. When the retailer can see beyond the customer activity within their own store they can make timely and relevant offers to tempt customers away from rivals to spend more with them. It’s no surprise, then, that we’re starting to see loyalty card providers expand the range of what they collect to include bank data.

Identity and verification

When it comes to identity, verification and authentication, cumbersome processes create friction, which is a huge problem. Passwords are the bane of modern life. But PSD2 promises to change all that. Consent to access relevant customer bank details need only be given once so forms for a car loan, for example, could be filled in automatically by the loan provider. This not only improves the customer experience — less paperwork — but because the data is coming from the bank it has already been checked and verified so the loan can be processed quicker too.

As identification and verification services mature and develop, recurring payments and subscription facilities will be added.

Open banking is a new way of accessing financial services. While today’s offers may be limited in their functionality, their providers have clear road maps for further development. Just as with other revolutionary processes and technologies, it will take time to see how far they will go. But open banking’s capacity to reduce friction, risk and cost as well as make processes faster and more efficient means it will undoubtedly become an important part of our everyday lives. It’s over to the innovators.

Thanks for reading. We hope you enjoyed another contributed article by hands-on industry experts. Let them know you liked it by clicking the 👏 button — as often as you like.

Visit us on Twitter and don’t miss the current fintech newsletter issue here.


Open banking is opening up business everywhere was originally published in Fintech Weekly Magazine on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read More