7 minute read
our Business
Enabling modernized payments
By Pamela Steer N s ew technology and payments innovation are transforming the way Canadian consumers and businesses make and process payments.
According to data from Payments Canada’s annual Canadian Payments Methods and Trends Report, Canadian businesses are writing less cheques while expanding the range of electronic payment options they offer to their customers.
To put this in perspective, in 2018 there were 277 million fewer cheque and paper items exchanged than in 2013, a decline of 29 percent, while electronic payment options, such as electronic funds transfers, increased by 21 percent. The juxtaposition in these trends does not come as a surprise. The report also indicates that businesses are actively looking to adopt new and innovative payment methods that are fast and easy to use, appealing to the “instant” and “always on” experiences that customers, including business customers, have come to expect. collections, limited predictability of cash inflows and outflows, difficulty tracking cross-border payments and continued reliance on manual processes and legacy technology.
ayments modernization in Canada Payments Canada — the organization that owns and operates Canada’s payment clearing and settlement infrastructure, including associated systems, bylaws, rules and standards — is leading a multi-year industry program to modernize Canada’s payment infrastructure. One of the objectives of this program, is to enable financial institutions and other payment service providers to offer new, secure and innovative products and services for businesses.
Setting the groundwork for payments modernization was the release in 2016 of Payments Canada’s Vision for the Canadian Payments Ecosystem, which identified eight needs for a modern payments system. The Vision represented feedback gathered from a multitude of stakeholders, including SWIFT is spearheading a global initiative to implement ISO 20022 for cross-border payments.
Another significant reason why businesses are looking for alternate payment options is to support more efficient payments processing. A Payments Canada study, in partnership with Ernst & Young LLP, quantified that the lack of adequate payment processing capabilities is costing Canadian businesses upwards of $6.5 billion a year. This is due to factors including labour-intensive matching of customer payments to invoices, poor visibility into supply chain and businesses, financial institutions, government, regulators, payments service providers and new entrants.
One of the eight needs from the Vision was the introduction of ISO 20022. ISO 20022 is an international messaging standard or common global “language” that will allow structured data to flow with electronic payments and help businesses facilitate the move away from paper. This standard is fundamental to Canada’s new and improved systems, starting with the implementation of ISO 20022 messaging for Canada’s new highvalue payments system, Lynx, which will replace Canada’s current Large Value Transfer System in 2021.
The introduction of smarter payments — payments that are data-rich — will bring highly efficient options to Canadian businesses that will lower operational costs and boost bottom line returns over time. An example of an efficiency is the opportunity of straightthrough processing, a change that has the potential to improve automation and reconciliation efficiency, thus reducing many of the pain points in accounts payable and receivable.
Why now is the right time SWIFT, the global provider of secure financial messaging services, is spearheading a global initiative to implement ISO 20022 for cross-border payments. This means all financial institutions on the SWIFT network in Canada must be in a position to receive and process payments using the ISO 20022 messaging standard by November 2021. With this deadline approaching, now is the time for businesses to prepare to unlock the potential of the standard. A starting point for all businesses is to ask the question “what can ISO 20022 do for my business” and to connect with key partners on ISO 20022, including suppliers, vendors, contractors and financial institutions. A go-to for information is 20022Labs, a Canadian not-for-profit organization that aims to connect corporations and other ecosystem members to help accelerate the global adoption of ISO 20022. Ultimately, the transition to ISO 20022 is a strategic business decision that will support interoperability with global payment ecosystems, enable new opportunities for financial products and services and bring new levels of efficiency to the Canadian economy.
Cybersecurity more important than ever
By Yves Paquette
At a time when data breaches are the matter of the moment, our fourth annual NOVIPRO/Léger Portrait of IT Trends could not be more relevant. But while the data gathered in the study reveals a shift in some trends, the pace at which companies are changing their approach to cybersecurity clearly needs to gather speed. The most significant revelation is not a comforting one. For despite the current landscape, Canadian financial services companies don’t seem to feel the urgency to protect themselves and ensure the security of their data.
The survey, a status report on IT in Canadian businesses, was conducted over a one-month period in the fall of 2019 and involved 496 respondents from medium and large Canadian companies, 300 of whom were IT decision-makers with the balance from other fields. The data gathered offered a strong picture of current attitudes towards cybersecurity, particularly in the banking sector, where breaches have repeatedly made headlines. With finance being a conservative, tightly regulated field with rigorously enforced standards, this may explain why the IT infrastructure of so many financial sector companies were described as merely functional. I’m referring here to statistics that show a laxness on the part of such companies. For example, only 25 percent of financial industry respondents described their company’s infrastructure as “state of the art.”
Awareness not enough Overall, the survey shows that organizations have a better and better understanding of the risks associated with cybersecurity.
But it’s not enough to be simply aware. There need to be concrete actions to defend oneself against all kinds of attacks. And this responsibility doesn’t just concern IT teams; it needs to be a priority for all decision-makers.
That said, even in the context of widely publicized leaks, not all companies in the financial services sector have made proactive changes. A full 38 percent maintained their existing practices. This wasn’t the worst of the lot; 39 percent of health care organizations kept the status quo.
In contrast, agriculture businesses showed definitive prudence, with 60 percent having revised their cybersecurity practices. And that’s a good thing — and worth emulating by other especially financial businesses — because attacks are on the rise.
More than one in three companies (37 percent) claimed they’d been victim to a cyberattack in the last year: a significant increase over the 28 percent cited in last year’s survey. But out of the 40 percent of companies in the financial services sector that were targeted, 57 percent confirmed that the threat came from inside the organization.
Our director of technology solutions, Éric Cothenet, recommended that organizations bring in sound processes and methods of governance to make employees aware of IT threats.
“Threats from inside an organization are very real,” he said. “Problems often occur unintentionally, with too few employees trained to identify risk.”
Companies making halting steps In 2018, nearly one in four companies (74 percent) trained their employees on cybersecurity in 2018 and more than half want to do so again next year. And although one in two companies did not review their practices after the news of high-profile breaches and data theft, almost all of them took at least one action to prevent further breaches.
Despite these moves toward process improvement in cybersecurity, it was disturbing to learn that companies are generally not all that transparent. Just over a third (38 percent) of respondents would notify their customers in the event of a cyberattack, whereas less than half (49 percent) would have done so in 2018. Organizations in Quebec (39 percent) and Ontario (40 percent) were the most likely to reach out to their customers. These low figures are worrisome. Particularly given that 61 percent of these organizations were holding critical and confidential customer data such as credit card numbers and Social Insurance Numbers.
It’s certainly not all doom and gloom. In addition to the cybersecurity training that most companies are putting in place with employees, the perception of IT is changing. In 2016, it was considered a strategic partner by only 21 percent: a figure which rose dramatically to 41 percent in 2019. In 2016, 47 percent of respondents threw IT into the “investments” category: less so in 2019 with only 28 percent seeing it as such. Indeed, IT has become so much more strategic in the minds of many.
An expert who commented on our report, Alina Dulipovici, who is associate professor of Information Technologies at HEC Montréal, said that companies need to quit thinking of information assets as a sunk cost.
“It’s actually a strategic investment that helps achieve business objectives,” she said. “Not only that, companies would benefit from doing more to make their employees — and even their business partners — stronger links in the information asset protection chain by raising their awareness of security risks.” Fortunately for consumers, whose precious data is constantly hanging in the balance, indicators suggest that change is underway.
