65% of UK large businesses experience a cybersecurity breach / attack

BRG cyber securityIpsos MORI and its partner, the Institute of Criminal Justice Studies (ICJS) at the University of Portsmouth, were commissioned by the UK Government’s National Cyber Security Programme to survey UK businesses on their approach to cyber security and the costs they have incurred from cyber security breaches.

The Cyber Security Breaches Survey found that 65% of large businesses experienced a cybersecurity breach or attack in the past year with 25% of these experiencing a breach once a month.

The most common attacks detected (68%), involved viruses, spyware or malware. Key areas for improvement included incident response and staff training.

Ed Vaizey, Minister of State for Culture and the Digital Economy said: “We see a steady stream of breaches and attacks on firms which assume they are on top of security, but still haven’t got a good understanding of the possible impact on their business or what they should do about it”.

Results from the survey are being released alongside the Government’s Cyber Governance Health Check (launched following the TalkTalk cybersecurity attack); the Health Check found that almost half of the top FTSE 350 businesses regarded cybersecurity attacks as the biggest threat to their business when compared with other key risks – up from 29 per cent in 2014.

BRG recently undertook its own Cybersecurity Preparedness Benchmark Study. The study examined six main areas:

  • Leadership
  • Information Governance
  • Risk Management
  • Essential Protection
  • Incident Response and
  • Security Culture

For financial services, BRG partnered with the Institute of Operational Risk.

The results of the Benchmark will be released shortly. For further information, please contact:

USA:                      Faisal Amin

UK/EMEA            Tony Moroney

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.

Digitalisation – old game, new rules or an entirely new game?

Bank Reg

Erkki Liikanen, the Governor of the Bank of Finland, delivered a fascinating speech at the at the Payments Forum in Helsinki

Some of his key points:

Digitalisation and Financial Services

  • Digitalisation is a wide-ranging use of information and communications technology in the renewal of business models; it may also help create entirely new products and services.
  • Digitalisation also facilitates completely new kinds of operating practices in the financial sector. Traditional players are being challenged by Apple, Google, Amazon, Facebook and Alibaba, i.e. operators whose success is based on the intelligent harnessing of digital platforms and networks e.g. payments and trade financing. In addition, challenge is coming from specialised financial services providers i.e. FinTech.
  • Some traditional operators have forged new partnerships with each other and/or have started cooperating with new players; many banks have established start-up accelerators and incubators for FinTech businesses and/or have made significant private equity investments in start-up companies.

Digitalisation and Financial Platforms

  • The success of many new companies has been based on platforms i.e. an operating model that facilitates value-creating interaction between external producers and consumers e.g. Uber, Facebook, Alibaba and Airbnb.
  • A platform has two functions: it provides a framework for interaction and it sets the ground rules for interaction. Its aim is to create a favourable environment for parties to innovate and generate added value from which everyone benefits.
  • Underlying the enormous growing power of platforms are network effects i.e. each new user also increases the value of the platform for old users.
  • New digital technologies have removed constraints on growth, enabling rapid scaling of business operations; particularly where information is a key production factor.
  • Notable financial market platform phenomena include, for example, peer-to-peer lending and crowdfunding platforms.
  • Platforms and networks are also at the heart of blockchain technology.

Digitalisation and the Payments Market

  • An essential driver of digitalisation is young people who are accustomed to doing everything via the internet, often on a mobile device; new players entering the market have created operating models that place the user at the centre of payment services.
  • Ease and convenience are the features required of payments in the future; from a monetary authority’s perspective, security and reliability should be added to the list as without trust, even the easiest to use payment method will not survive.
  • Real-time payment transmission will be an essential element of the digitalisation of payments in the future, as will 24/7 availability of services.

Digitalisation and Regulation

  • Reliable, secure and efficient payment services that openly and extensively utilises the opportunities of digitalisation may help stimulate productivity growth in an economy.
  • The task of central banks is to ensure the credibility and efficiency of the financial system; and to set common ground rules and regulation to ensure its stability.
  • Technological advances and the entry into the market of new actors and practices are a challenge to regulation; striking the right balance between reliability and safety (of payment services) and the introduction of new innovations is key.

Digitalisation and FinTech are now ubiquitous in Financial Services. And while there are many consumer benefits, there are also risks which creates a real challenge for regulators.

Looking out the curve, regulation will most likely driven by “what a firm does” as opposed to “what the firm is”. Numerous regulators in Europe, the USA and elsewhere have already alluded to this.

The OCC has gone a step further, opining that ultimately consumers will want the protection of buying products and services from firms that are regulated.

It only takes a couple of incidents of market failure and/or consumer detriment for this to become a reality.

In terms of the latter, new players must ensure that “good customer outcomes” feature just as strongly as “customer experience / satisfaction” in their product design and on-going product governance objectives.

For the avoidance of doubt, they are not the same thing!

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.

Banks not working hard enough for customers


The Competition and Markets Authority (CMA) has set out proposals to reform retail banking, improve competition and get a better deal for customers.

In its provisional decision on remedies, the CMA outlines a wide-ranging package of proposals to tackle the issues hindering competition in personal current accounts (PCA) and in banking services for small and medium-sized enterprises (SMEs); its proposals include new protections for overdraft users.

Alasdair Smith, Chair of the Retail Banking Investigation, said:

For too long, banks have been able to sit back and not work hard enough for their personal and small business customers. We believe the strong and innovative package of measures we are proposing will give customers the information and tools they really need to get a better deal out of the banks. They will also protect those who fall into overdraft from being stung with unexpected fees”.

The CMA believes it is hard for bank customers to work out if they are getting good value due to the complicated and opaque nature of charges, exacerbated by the perceived riskiness of changing banks:

  • 60% of personal customers have stayed with the same bank for over 10 years
  • 90% of SMEs get their business loans from the bank where they have their current account

The CMA considered whether the largest banks should be broken up but it came to the view that this would not address the fundamental competition problems. It also considered whether to get rid of ‘free if in credit’ (FIIC) current accounts but concluded that even though FIIC accounts are not really ‘free’, they do work well for some customers.

The CMA remains concerned however that competitive pressures are weak and that to transform the market, customers should be provided with the right information so that they can determine which bank offers them the best value. This includes the development of new online comparison tools and an improved current account switch service (CASS).

Its proposals include new measures targeted at overdrafts, with a particular focus on users of unarranged overdrafts; in 2014 this contributed £1.2 billion to bank revenues. Going forward, banks may need to set a monthly maximum charge and to alert customers they are going into unarranged overdraft in order to give them the opportunity to avoid the charges.

The CMA also wants to harness big technology to empower customers to compare and switch accounts e.g. the ability for bank customers to click on an app and get comparisons tailored to their individual circumstances and information on that bank offering the best deal. It estimates that personal and SME bank customers could benefit to the tune of £1bn over 5 years.

No doubt the Financial Conduct Authority (FCA) will be watching closely as many of the issues being tackled by the CMA also fall under the heading of Behavioural Economics i.e. some errors made by consumers are persistent and predictable.

The FCA believes that consumers do not always make choices in a rational and calculated way. In fact, most human decision-making uses thought processes that are intuitive and automatic rather than deliberative and controlled.

Academic literature identifies ‘behavioural biases’ as specific ways in which normal human-thought systematically departs from being fully rational.

For its part, the FCA is particularly interested in how:

  • consumers make predictable mistakes when choosing and using financial products
  • firms respond to these mistakes
  • behavioural biases can lead firms to compete in ways that are not in the interests of consumers

Firms play a crucial role in shaping consumer choices. Product design, marketing and/or sales processes can exacerbate the effects of biases and cause problems. Biases can also create de facto market power.

Making financial services work well for consumers is an overall strategic objective for the FCA. And as firms will be aware, the CMA and the FCA have a MOU in respect of their concurrent powers to enforce consumer protection legislation in financial services.

Boards and senior executives need to ensure their actions do not result in customer detriment and/or a distortion of competition. Conduct Risk has not gone away. If anything it has a sharper focus under the Senior Managers (Certification) Regime.

The CMA invites submissions in writing by 7 June and will publish its final report on the retail banking market investigation by 12 August 2016.

See BRG white paper: The Behavioural Regulators’ Agenda

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.

Islamic finance grabbles with FinTech

FinTech brg

Earlier this week, Datuk Muhammad bin Ibrahim, the Governor of Bank Negara Malaysia (the Central Bank of Malaysia) gave the Keynote Address at the Global Islamic Finance Forum 5.0 – “Future of Islamic Finance“.

The Governor pointed out that in many parts of the world, Islamic finance is one of the fastest growing segments of the financial industry: “Its reach and influence has expanded beyond the traditional Islamic markets, with increasingly strong footholds in banking, takaful and the capital markets”.

According to the Central Bank, Islamic banking now represents more than 20% of total banking assets in at least 10 jurisdictions (a feat that has been achieved in under a decade), with Islamic financial services are now available alongside conventional financial services in many markets.

The Central Bank acknowledges that the FinTech revolution, coupled with the digital revolution and the widespread penetration of technology, is also impacting Islamic Finance:

FinTech opens up new possibilities for improving efficiencies, reducing wastage and enhancing the customer experience… equally, it is not without risks, particularly with rising cybersecurity threats that could compromise safeguards that protect financial assets and customer data”.

The Central Bank of Malaysia has commenced a review of the changes and additional guidance needed to ensure that the regulatory framework remains appropriate to manage FinTech risks using three lenses:

  1. the impact of FinTech strategies on the management of risks by financial institutions;
  2. the potential for FinTech start-ups to introduce new risks to the broader financial system as a result of regulatory arbitrage;
  3. the impact on consumers

Islamic financial activities in Malaysia are governed by a comprehensive contract based regulatory framework designed to achieve end-to-end Shariah compliance whereby financial institutions are expected to evaluate and manage the impact of their activities, beyond that which is solely concerned with financial gains.

Arguably, FinTech and Islamic finance techniques are both disrupting traditional structures in the conventional financial industry. It is appropriate therefore that consumers, companies and investors in Islamic finance are equally able to optimise digital developments.

According to the Central Bank Governor “to elevate the Islamic finance industry to the next level, the formulation of game-changing strategies must bring in elements that leverage on technology, accelerate innovation and develop well-rounded talent to meet future needs of Islamic finance”.

The challenge for regulators around the world is how to regulate FinTech in a manner which does not kill innovation. In reality, “what you are” should not determine the regulatory approach; regulation should be based on “what you do”! And central to this, in every market, is the protection of consumers.

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.

US Treasury Intent on Improving Online Marketplace Lending

US Treasury 2.PNG

The US Treasury Department has issued a white paper “Opportunities and Challenges in Online Marketplace Lending”.

Online marketplace lending refers to the segment of the financial services industry that uses investment capital and data-driven online platforms to lend either directly or indirectly to consumers and small busi­nesses.

This segment initially emerged as a “peer-to-peer” marketplace, with companies giving individual investors the ability to provide financing to individual borrowers. As products and business models have evolved, the investor base for online marketplace lenders has expanded to institutional investors, hedge fund, and financial institutions. In recognition of this shift in investor base, the market is no longer accurately described as a “peer-to-peer” market.

Treasury now refers to these companies as “online marketplace lenders.” In its white paper, it provides an overview of the evolving market landscape, reviews stakeholder opinions, and provides policy recommendations.

It also acknowledges the benefits and risks associated with online marketplace lending and highlights certain best practices applicable both to established and emerging market participants.

Several common themes emerged, including the following:

  1. Use of Data and Modelling Techniques for Underwriting is an Innovation and a Risk: While data-driven algorithms may expedite credit assessments and reduce costs, they also carry the risk of disparate impact in credit outcomes and the potential for fair lending violations. Importantly, applicants do not have the opportunity to check and correct data potentially being used in underwriting decisions.
  2. An Opportunity Exists to Expand Access to Credit: The online marketplace lending is expanding access to credit in some segments by providing loans to certain borrowers who might not otherwise have received capital. Distribution partnerships between online marketplace lenders and traditional lenders may present an opportunity to leverage technology to expand access to credit further into underserved markets.
  3. New Credit Models and Operations Remain Untested: New business models and underwriting tools have been developed in a period of very low interest rates, declining unemployment, and strong overall credit conditions. However, this industry remains untested through a complete credit cycle.
  4. Small Business Borrowers Require Enhanced Safeguards: Commenters drew attention to uneven protections and regulations currently in place for small business borrowers.
  5. Greater Transparency Can Benefit Borrowers and Investors: Responses strongly supported and agreed on the need for greater transparency for all market participants including pricing terms for borrowers and standardized loan-level data for investors.
  6. Secondary Market for Loans is Undeveloped: Although loan originations are growing at high rates, the secondary market for whole loans originated by online marketplace lenders is limited.
  7. Regulatory Clarity Can Benefit the Market: A large number argued that regulators could provide additional clarity around the roles and requirements for the various market participants.

The white paper also introduces a number of recommendations for consideration by the federal government and private sector participants:

  1. Support more robust small business borrower protections and effective oversight;
  2. Ensure sound borrower experience and back-end operations;
  3. Promote a transparent marketplace for borrowers and investors;
  4. Expand access to credit through partnerships that ensure safe and affordable credit;
  5. Support the expansion of safe and affordable credit through access to government-held data; and
  6. Facilitate interagency coordination through the creation of a standing working group for online marketplace lending.

The white paper identifies potential trends that will require on-going monitoring. These include the evolution of credit scoring, the impact of changing interest rates, potential liquidity risk, increasing mortgage and auto loans originated by online marketplace lenders, potential cybersecurity threats, and compliance with anti-money laundering requirements.

Critically, the business models and data-driven algorithms supporting this industry have largely developed in favourable credit conditions. Treasury believes it is important to consider policies that could minimize borrower risks and increase investor confidence in a less favourable credit environment.

A few other points of note:

  • The Consumer Financial Protection Bureau (CFPB) began accepting consumer complaints against marketplace lenders in March
  • The US Supreme Court is embroiled in a case that has major implications for online marketplace lenders: Madden -v- Midland Finance. At issue is whether the National Bank Act, which pre-empts state usury laws regulating the interest a national bank may charge on a loan, continues to have pre-emptive effect after the national bank has sold or otherwise assigned the loan to another entity
  • The ousting of the chief executive of LendingClub after a board review will increase the pressure for further regulatory scrutiny of the online marketplace/peer-to-peer lending businesses

Looking forward, it’s not “what you are” but “what you do” which is likely to determine the regulatory and governance framework for online marketplace lenders; and the expectations of directors and senior executives.

Consumer protection will be centre stage of the evolving regulatory agenda.

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.

Culture in financial services – the UK regulator’s perspective

Moral Compass

Andrew Bailey – Deputy Governor for Prudential Regulation and Chief Executive Officer of the Prudential Regulation Authority addressed the City Week 2016 Conference today.

Bailey stated that the culture of firms and the people that make them up, is of the utmost importance to financial regulators.

“Culture is a product of a wide range of contributory forces:  the stance and effectiveness of management and governance, including that well used phrase “the tone from the top”; the structure of remuneration and the incentives it creates; the quality and effectiveness of risk management”.

“As important as tone from the top, the willingness of people throughout the organisation to enthusiastically adopt and adhere to that tone.  Out of this comes an overall culture.  It is not something that has a tangible form”. 

Bailey acknowledged that as a supervisor, it can’t go into a firm and say “show us your culture”.  But it can, and does, tackle firms on all the elements that contribute to defining culture, and from that it builds a picture of the culture and its determinants.

“Culture has laid the ground for bad outcomes, for instance where management are so convinced of their rightness that they hurtle for the cliff without questioning the direction of travel. We talk often about credit risk, market risk, liquidity risk, conduct risk in its several forms. You can add to that, hubris risk, the risk of blinding over-confidence”. 

The UK regulator seeks to ensure that firms:

  • Have robust governance, which includes appropriate challenge from all levels of the organisation
  • Promote the acceptance that not all news can be good and the willingness to act on and respond promptly to bad news
  • Ensure that remuneration is structured to ensure that individuals have skin in the game; a meaningful amount of past remuneration is retained or deferred and for senior people is at risk should problems emerge
  • Ensure that risk management and internal audit in firms are effective to root out poor incentives and weak controls

Bailey reinforced the point that culture begins and lives with firms and that responsibility is the central plank of the new Senior Managers Regime; this includes responsibility for forming and implementing a positive culture throughout the organisation.

“Responsibility, as embedded in the Senior Managers Regime, is an important hook to assist in firms’ shaping their own culture. If we have to step in, and occasionally we do, the overriding conclusion is that management has failed”.

“Firms exist to service customers, which of course means that service includes the notion of not exploiting customers, a value one might expect to be given in an organisations culture”. 

“Trust is important.  Consumers need to be confident in the firms that they choose to use, and inevitably trust is an important part of that confidence”. 

“Likewise, as supervisors, our judgements are inevitably conditioned on whether we can trust the people with whom we deal.  Good culture is a product of trust and it matters a lot for both prudential and conduct regulators”. 

For Boards and Senior Executives to really understand and influence culture(s) in their firms, they need to understand the behaviours that exist all levels.

Traditional econometric reporting will not suffice. For example, the regulator mystery shops, reviews complaints and FOS determinations. It also undertakes thematic reviews and market studies. All geared towards what actually happens!

Observation is therefore key if Directors are to be confident that their firm is:

  • delivering good customer outcomes
  • preserving market integrity and
  • not distorting competition

This is the world of behavioural regulation. For further information, see BRG white paper: The Behavioural Regulators’ Agenda

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.

Irish Regulator Joins FinTech Debate

Bank Reg

The Central Bank of Ireland Director of Consumer Protection, Bernard Sheridan, addressed the European Tech Summit on the 5th May

Sheridan acknowledged that FinTech is becoming more evident in the scale and pace of change taking place in traditional retail financial services marketplace. He also pointed out that:

  • the Chair of the Financial Stability Board (FSB), Mark Carney, recently announced that global regulators are evaluating potential stability implications that emerging financial technology poses to the global financial system; “systemic implications of financial technology innovations and the systemic risks that may arise from operational disruptions”
  • the European Commission is also taking an active interest in the impact of digitalisation, as reflected in its Green Paper on Retail Financial Services published late last year; “New business models are emerging: online-only providers and technology companies are entering the market, offering services (within Member States and sometimes cross-border) including electronic money transfers, intermediation in online payments, financial data aggregation, peer-to-peer funding and price comparison”
  • ESMA has also addressed the challenges of financial innovation at the launch of its discussion paper on automated advice; “financial innovation is important and, at its best, contributes to economic growth. However, this can only be achieved and sustained where consumers have confidence in such innovations”.

From an Irish perspective, the Central Bank’s Strategic Plan has identified the increased risks arising from technological developments and the increased reliance on information technology by regulated firms, their customers and suppliers.

Sheridan acknowledged that FinTech is transcending traditional boundaries and borders, not just physical but also regulatory as it blurs the lines between regulated and unregulated activities. The Central Banks statutory objective is to provide effective regulation of financial service providers and markets, while ensuring that the best interests of consumers are protected.

Regulated firms must meet financial soundness rules as well as fitness and probity standards for their senior executives.  They must have appropriate internal governance and controls to ensure they are properly run and importantly must ensure that they treat their customers fairly and ensure that any customer money and assets are securely held.

In terms of FinTech, the Irish Regulator is focused on four key areas:

  • Monitoring of Emerging Risks

The Central Bank monitors current and emerging consumer risks arising from the rapidly changing face of financial services, products and business models.

  • Authorisation Process

In 2015, the Central Bank enhanced its authorisation process for payment and e-money institutions based on three key principles: Accessibility, Transparency of Process and Clarity on Timelines

  • New Product Development  

Product oversight and governance arrangements: firms must identify their target market, test products before launch, monitor performance and take remedial action where problems arise; product monitoring will be required on an on-going basis.

  • Assessing Consumer Protection Risks

The Central Bank is developing a Consumer Protection Risk Assessment supervisory model to include the assessment of how firms utilise technology to support their consumer risk management including:

  • how systems are used to alert firms to emerging and existing consumer risks through exception reporting, reporting on breaches and near misses, complaints analysis and employee performance management;
  • how firms consider consumer risk management and reporting when developing new systems;
  • the maturity of firms’ analytics techniques in terms of identifying and escalating emerging and crystallised consumer risks

Sheridan concluded “while it is not possible or realistic for us to be ahead of every innovation, it is essential that our focus is firmly on ensuring that the appropriate framework is in place to ensure that innovation develops in a manner that ensures the best interests of consumers are protected”.

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.

%d bloggers like this: