Friday, 2 December 2016

Tesco cyber-attack provides regulatory food for thought

Every little helps when it comes to controlling the financial system, but Giles Kenwright of Delta Capita explains why the Tesco cyber-attack will hopefully trigger banks and regulators to look at the bigger compliance picture 

A cyber-attack that wiped £2.5 million from a major supermarket’s client accounts in just a few hours, should ring alarm bells across the boardrooms of Britain’s biggest banks. While the damage to Tesco’s brand reputation may be substantial, more significant still is that this attack could be a sign of things to come for the wider banking sector.

It is not as if the major players have been burying their heads in the sand. Eight of the largest firms, including JP Morgan, Bank of America and Goldman Sachs, teamed up earlier this year to tackle the growing cyberthreat. While still in its infancy, the group is already sharing information with eachother about where future threats could materialise. The trouble is that, at the same time, these conglomerates are entangled in the weeds of other regulatory issues, which is eating into time that could be spent developing a longer-term plan to tackle cybercrime.

Wednesday, 30 November 2016

Back to the future for IBOR

The complexity of the investment management industry is growing and the data that needs to be analysed is richer than ever before. This is a consequence of the thinning geographical boundaries within portfolios and the search for alpha that drives managers to incorporate different and more esoteric asset classes within a single portfolio.

The impact of this changing environment has been a resurgence in the industry's use of the Investment Book of Record (IBOR), a central and comprehensive source that tells the complete story of a firm's portfolio activity. An IBOR provides a timely view of a firm's exposures, portfolio positions and cash. The fullness and clarity of the picture it paints means that it provides the intelligence and insights on which many portfolio decisions are made.

Monday, 14 November 2016

The new Basel IRRBB: regulatory and internal consequences

Last April, the Basel Committee issued its new standard on the interest rate risk in the banking book presenting a new standardised framework. This new standard is to be implemented by 2018. Here Xavier Dubois, Senior Risk & Finance Specialist for Wolters Kluwer’s Finance, Risk and Reporting business looks at some aspects of the standardised framework, how it could be implemented in Europe and its interest for the bank governing bodies.

In April, the Basel Committee on Banking Supervision issued standards for Interest Rate Risk in the Banking Book (IRRBB). The standards revise the Committee's 2004 Principles for the management and supervision of interest rate risk, which set out supervisory expectations for banks' identification, measurement, monitoring and control of IRRBB as well as its supervision.

In a nutshell the new standard realises a significant improvement in the management of interest rate risk in the banking book. Not only does it provide a standardised measurement closer to economic reality, and thus more useful for the bank management, particularly in this time of low interest rates, but it also provides standardisation that increases transparency, not only from banks, but also from supervisors. Banks will have to adopt this new framework and should take this opportunity to move towards a technologically sound and solid risk framework with automation and integration, for supervision and, last but not least, for the governing body.

Tuesday, 8 November 2016

Why banks need consumers to detect imposters

In the first half of 2016 alone, there were more than one million incidents of financial fraud, an increase of 53 per cent on the same period last year; with identity fraud against individuals costing an estimated five billion pounds last year.

Identity fraud occurs when an imposter pretends to be someone else. To prevent this, banks ask customers for passwords, but judging from the fraud figures, this isn’t working and things are getting worse. The reason is simple: data cannot differentiate. A password provided by the true customer is exactly the same when that same password is provided by an impostor.

Wednesday, 2 November 2016

Key to the highway: The changing face of high and low touch execution

In the beginning, there was high touch where brokers provided a high-value, solution-based approach to finding the liquidity their buy-side clients were looking for. This worked in an era of high fees and low scrutiny of what end investor trading commissions were actually funding. But as markets electronified, and buy-side operations tooled up, a new paradigm was born, low touch. This reflected the buy-side's growing desire for cheaper execution, especially for trades that weren’t that hard to execute, and it also offered a path that minimised information leakage.

The result? Two routes to market with very different price tags. The problem was that brokers had to duplicate their trading infrastructure despite receiving fewer net commission dollars. This spawned the short-lived concept of mid touch which offered the worst of both worlds: junior sales traders with neither the experience nor the expertise to manage either. And so the industry muddled along ignoring the operational overhead of running two technology stacks.

Thursday, 27 October 2016

Lost in translation: Smart contracts for financial services

The concept of smart contracts is simple; clauses and rules are embedded in software which is distributed via networks to provide an interface which formalises a transaction. Bitcoin has a distributed ledger a distributed consensus mechanism, and a distributed set of business rules and conditions. The contract for Bitcoin is relatively simple: ‘are the parties who they purport to be’, ‘do they have permission to buy/sell’ and ‘does the buyer have funds’. This is a straightforward smart contract which is actioned and then fulfilled for every buy or sell on the Bitcoin network.

The idea of a smart contract is very powerful; putting your trust in a set of rules and a shared consensus mechanism rather than any one party seems, on the face of it, an ideal solution. In finance we already trust in rules and triggers such as ‘stop loss orders’ and ‘buy triggers’ for share trading. This kind of trigger is relatively simple but still this transaction has its fair share of intermediaries and parties. For a wealth product, where I may be buying units in a fund which will trigger purchases in multiple markets and assets there are many more intermediaries and contracts. This increasing level of complex relationships and parties means that the contracts and rules must also be more complex and brings me to my concern in developing even medium complexity smart contracts with high levels of automation.

Monday, 17 October 2016

MAS: Bringing compliance closer to the cloud

The Monetary Authority of Singapore (MAS) has helped dispel some of the uncertainty around outsourcing and cloud-based models in the governance, finance, risk and compliance (GFRC) context, with the inclusion of guidance on cloud computing services in its updated guidelines on managing the risks associated with outsourcing. Here Wouter Delbaere, Asia-Pacific Market Manager, Regulatory Reporting, for Wolters Kluwer’s Finance, Risk & Reporting business, explores this welcome development that should pave the way for greater adoption of these services - and hence a more efficient and cost-effective approach to GFRC - among financial institutions.

Banks in Asia are increasingly aware of the potential of cloud computing to reduce the costs and enhance the flexibility of their information technology infrastructure, and many are turning to cloud solutions in areas such as software development or customer relationship management. However, the security concerns and regulatory restrictions surrounding sensitive customer and financial data make service-based IT approaches to governance, finance, risk and compliance (GFRC) less common.