As is usual at this time of year, the Bobsguide bunker HQ, has been receiving many submissions from vendors predicting what they think will be the big technology issues in the year ahead. In this compilation, collected by Neil Ainger, we take a look at some of the predictions for the compliance sector, including AML and the new regulatory structure in the UK, plus some predictions for the retail banking and security sectors.
Compliance Predictions: AML & Sanctions Screening
Henry Balani, managing director of compliance solutions at BankersAccuity has a number of predictions about the anti-money laundering (AML) sector, following last year’s US regulatory fines against HSBC and Standard Chartered Bank for respectively allowing banned Iranian transactions to pass and Mexican drug cartel money to be laundered.
As Balani says AML dominated the headlines last year and banks should be looking to strengthen their procedures and technology offerings in this space in 2013. Things to consider include:
• The potential impact of outsourcing as a cost efficiency tool: The trend for US financial institutions is to leverage offshore resources for various business processes, including AML sanction screening, and others may follow. India’s outsourcing industry is currently valued at $100bn and growing at 14% annually, so it could well pick up some business here [as banks fear more fines]. The impending supranational Foreign Account Tax Compliance Act (FATCA), emanating from the US which seeks to track US company and individual tax liabilities abroad, will also shortly be placing extra monitoring and tracking burdens on banks and companies.
• Rising demands: There are a growing number of risk factors that AML officers need to consider when developing a comprehensive sanctions programme in 2013 as demands for data and information continue to rise. Traditionally, financial institutions (FIs) would cover the basic requirements of screening against regulatory sanction lists from the ‘big four’ consisting of the US Office of Foreign Assets Control (OFAC); Her Majesty's Treasury in the UK; the European Union; and UN. There are now multiple regulatory agencies issuing sanction lists, however, and this places extra burdens on FIs. Apart from the increased volume, institutions also need to consider other components of payments and transaction risk, including anti-corruption and financial crime rules, tax evasion stipulations such as FATCA, and the traditional risks arising from money laundering and terrorist funding activities.
Compliance Predictions: RDR
The Retail Distribution Review (RDR), which comes into full force in the UK during 2013, impacts any FI giving financial advice to consumers such as pensions, mortgages or investments. It places increased transparency demands on practitioners and removes the traditional tied commission structure for such products. Conor Murphy, managing director of the Capricorn Financial wealth management and mortgage advisory firm, is convinced it will mean big changes in the UK.
From the 1 January onwards, new rules for financial advisers in the UK will come into force, confirms Murphy. Instead of financial advisers being paid commission, he continues, they will only be allowed to charge a fee which has been agreed in advance from now on. Under the new UK FI advisory regime, all charges have to be agreed in advance. Clients will be told in writing the cost of financial advice as well as any charges for managing their money. Slightly different rules will apply for insurance, but the principle has been established.
The aim of the new RDR regulations is to improve the advice given to consumers, ensuring they are always given best advice rather than being encouraged to take up products which offer the best commission to the advisor.
Consumers will become much more confident that the financial advice they are receiving is in their best interests, says Murphy, and that is significant when the economy [and investments] remain so challenging.
Initially we expect consumers to be wary of paying for advice, he adds, as they are simply not used to it, but this will slowly change. Regular client contact and reviews will ensure that the customer is still getting good advice and means extra reporting burdens – and technology requirements – for firms. Customer relationship management (CRM) systems, such as the specially developed ApptrackCRM solution from OCC Finance Technologies, will especially be needed to build up a detailed and on-going picture of client needs.
New Regulatory Structure in the UK as FSA Departs
The other key regulatory change in the UK is the replacement of the Financial Services Authority (FSA). The UK Financial Services Bill was introduced to Parliament on 26 January last year and will take effect in 2013 with the FSA being replaced by the retail-focused Financial Conduct Authority (FCA), while the Bank of England will run the new Financial Policy Committee (FPC) overseeing systemic risks and stability, plus the Prudential Regulation Authority (PRA), which will focus on macro-prudential issues.
For more information about the new UK regulatory structure in 2013 please click here. At the very least, the new structure will need existing systems and procedures to be updates, with some extra technology investments perhaps needed by FIs running old reporting and monitoring solutions – at least if they want to achieve any efficiency benefits while meeting the needs of a more demanding regulator.
Retail banks will increasingly have to cater for ‘digital natives’ in 2013, thinks Udayan Goyal, the founder of Anthemis Group, an FI investment and advisory group.
2013 will see a host of digitally native banks, which aim at tech-savvy customers and youngsters, start to take market share from more traditional retail banking institutions that are still relying on branch, phone and online banking while ignoring social media, the mobile channel and other ways to connect with customers. Unlike vertically-integrated ‘old FIs’ with high fixed costs, these ‘digitally native’ challenger banks are built from the ground up combining the philosophies of bank 2.0 and social 2.0 technologies, reckons Goyal.
He thinks FIs such as Fidor Bank, Movenbank and Simple are designed for the digital consumer. “They focus on design-led user experience, transparency and simplicity,” explains Goyal. “Simple, for instance, offers sophisticated mobile applications giving customers access to a full range of banking services on their iPhones, enabling users to easily track their expenditure, disposable income and saving goals on a single screen. Fidor Bank provides banking services for the social generation - interest rates are dictated by its number of Facebook likes and a single interface shows all your holdings from precious metals to virtual currencies like World of Warcraft Gold. Movenbank is the first bank designed to be used on your mobile phone with sophisticated analytics which will allow customers to track their spending against their usual patterns as well allowing them to modify behaviour based on instant feedback."
“Digitally Native banks have extremely streamlined business models,” he continues. “They have very low fixed costs, are not lumbered with legacy IT systems, have few employees and usually no physical branches. Some firms like Movenbank and Simple do not even have risk capital: they use other institutions’ banking licences. They are not real banks as such but offer a banking experience for what is becoming the only part of the consumer banking process that matters - customer interaction."
Some digital native-focused banks are already successful. Simple only recently launched but has on-boarded 50,000 customers and has another 250,000 on its waiting list. Fidor Bank has 250,000 live customers but operates on just over 30 employees. This spectacular growth is set only to continue in 2013 and is likely to be a seriously disruptive force in the global retail banking industry.
Top 5 Classic Security Threats for 2013
nCircle’s Lamar Bailey, director of security research and development with the security vendor, shares his top five traditional security threats to watch out for in 2013 with Bobsguide below:
• Adobe Acrobat and Reader security flaws: although Adobe’s extensible code has been around since 1982, we continue – to this day – to see a steady stream of attacking code that needs to be guarded against, warns Bailey, especially as older threats are sometimes erroneously ignored.
• SQL injection threats: SQL first became an industry standard back in 1986, since when it has been central to database software and poses a juicy target for all manner of cybercriminals. Vulnerabilities still exist.
• Compromised and malicious web sites: These have been around since the mid-1990s. The evolution of the new HTML5 protocol and other new web advances has shifted the threats/solutions balance up significantly in recent years and these new formats will be as vulnerable as the old ones.
• Watch out for exploit kits: the BlackHole exploit kit is relatively young, only dating from last year, but it has evolved rapidly to become the number one web threat. It, and its ilk, will continue to be a problem in 2013.
• Zero-day web browser threats: the evolution of the three main web browsers – comprising of the relative newcomers in Google Chrome, Mozilla Firefox and old stager in Microsoft’s Internet Explorer – has been rapid over the last 12 months, with silent updates and plug-ins/apps changing the dynamics of browser defence requirements. With large numbers of legacy browser client users, this poses a potentially significant security problem and is something that should be graded against in 2013.
The new year will be a time of highly adaptive security threats, predicts Bailey, with four main sources of threat – cyber-criminals, cyber-terrorists, political hacktivists and rogue employees – conspiring to create severe headaches for IT security professionals.
“The key thing to remember about these threats is that while some of them may ostensibly appear to be old, they are still very much alive and kicking and will be exploited further in 2013 as the hackers upgrade and reinvigorate them. This is an important issue, as some security vendors allow older exploits to `drop off’ their first line defences in order to store as many attack methodologies in memory as possible [neglecting the old threats].”
“This trend is something we know that today’s cybercriminals are very well aware of, as they monitor the IT security newswires and reports as all professionals do on a regular basis - and then optimise their planned attack strategies to maximise the chances of compromising a targeted system.”
Put simply, he adds, this means that cybercriminals can, and will, discover new malware insertion methodologies that allow them to monetise their frauds against bank customers, steal data, raid company bank accounts and hit corporate reputations where it hurts most: on the bottom line.