Securing Financial Services
8th July 2020
How the convergence of fraud, KYC/AML, security and privacy makes cyber a manageable operational risk
Cybersecurity is a top investment priority for financial services firms globally, with the big banks spending up to a billion dollars a year on the problem.
FS firms are prime targets in cyberspace for the same reason they have always been targets: the money.
Smart criminals have long since abandoned guns and dynamite as their tools of choice, and now see direct cyberattacks on financial infrastructure and digital fraud on banks' retail, high-net worth and wholesale customers as an attractive moneymaker.
In addition, disabling a prominent financial organisation is a high-profile way to embarrass a government. Disrupting the data flow between institutions can cause volatility in key markets and unsettle the public.
And a full-scale attack on, say, an ATM system could cause panic and provoke uncontrolled bank runs. So banks are also a CNI target for both organised crime and nation-states.
Retail banks, and also asset managers and insurance companies, with their millions of dependent customers, are under threat as digital transformation is rolled out, as mobile becomes the key customer platform, as open banking and PSD2 create new risks around new Fintech players and APIs.
As one researcher points out: "Mobile malware authors have set their sights firmly on monetization... this is no doubt a response to the explosion in mobile banking and financial applications that we have seen during the last couple of years."
And of course data privacy and GDPR, and payment standards such as PCI DSS, are critical pieces of the FS compliance jigsaw.
Wealth management firms also see cybersecurity as a material threat to their business. Client PID is an absolute priority: the damage that would be done to a private bank if the details of its ultra-high net-worth individuals were leaked would be what one private banker calls a "disaster scenario".
Wholesale and investment banks are also vulnerable. They may not fear so much the DDoS or ransomware attacks that can hit retail institutions so hard, but in payments, FX, transaction banking, trade finance and capital markets, the need for more speed, better connectivity, mobile device access, a better user experience and better analytics has led banks to kick-start the development of digital versions of their products and digital delivery mechanisms.
Clients have continued to demand bank-agnostic platforms and have themselves connected to an increasing number of new platforms and fintechs. This new ecosystem of wholesale financial technology is another area ripe for cyberattack.
In payments, banks are joining global automated clearing-house (ACH) platforms such as PayCommerce and Earthport (now part of VISA), as well as self-described alternative to Swift (hacked in the Bangladesh Bank episode), Ripple.
The cybersecurity problem extends to other areas of wholesale markets. In trade finance, banks are digitizing the physical and financial supply chains as well as the information supply chain - while various fintech platforms are solving specific problems, such as supply-chain finance, for specific types of client.
And Central Banks, from Bangladesh to the Netherlands, are now constantly bombarded with cyber attacks, threatening the stability of the global financial system.
Beyond banking, the asset management industry too is wrestling with problems of data, digital transformation and cybersecurity. Building resilience is now a top priority.
Securing Financial Services will cover these and other key subjects for its audience of professionals tasked with safeguarding digital assets and sensitive data. There will be real-life case studies, strategic talks and technical break-out sessions from security teams behind some of the world's most admired brands, who know, just like you, that security is now more important to business than ever.