Global Banking & Finance Review Issue 53 - Business & Finance Magazine

You went from playing with dolls to becoming a fashion powerhouse

Let’s elevate your great with Absa Business Banking solutions.

Whatever inspired you to start your business, we offer a variety of business banking solutions to help you take it to the next level.

We see your great. Now let’s elevate it. Speak to an Absa Relationship Manager today. That’s Africanacity. That’s Absa.

Chairman and CEO

Varun Sash

Editor Wanda Rich email: wrich@gbafmag.com

Head of Distribution & Production

Robert Mathew

Project Managers

Megan Sash, Amanda Walker

Video Production and Journalist

Phil Fothergill

Graphic Designer

Jessica Weisman-Pitts

Client & Accounts Manager

Chanel Roberts

Business Consultants

Rick Saikia, Monika Umakanth, Stefy Abraham,

Business Analysts

Samuel Joseph, Dave D’Costa

Advertising Phone: +44 (0) 208 144 3511 marketing@gbafmag.com

GBAF Publications, LTD

Alpha House

100 Borough High Street London, SE1 1LB

United Kingdom

Global Banking & Finance Review is the trading name of GBAF Publications

LTD

Company Registration Number: 7403411

VAT Number: GB 112 5966 21 ISSN 2396-717X.

The information contained in this publication has been obtained from sources the publishers believe to be correct. The publisher wishes to stress that the information contained herein may be subject to varying international, federal, state and/or local laws or regulations.

The purchaser or reader of this publication assumes all responsibility for the use of these materials and information. However, the publisher assumes no responsibility for errors, omissions, or contrary interpretations of the subject matter contained herein no legal liability can be accepted for any errors. No part of this publication may be reproduced without the prior consent of the publisher

editor FROM THE

Dear Readers’

I am pleased to present Issue 53 of Global Banking & Finance Review. For those of you that are reading us for the first time, welcome.

Our cover story in this issue promises to be an engaging read. The financial landscape is ever-evolving, demanding a delicate equilibrium between growth and adaptability. We dive into this subject with Jemmy Paul Wawointana, the President Director of PT Sucorinvest Asset Management. Jemmy discusses with Phil Fothergill of Global Banking & Finance Review the intricacies of steering a company through 25 years of dynamic market conditions. Our conversation reveals how the last five to eight years, in particular, have been transformative for PT Sucorinvest. (Page 24)

On page 10, Adam McLaughlin, Global Head of AML Strategy and SME at NICE Actimize, elucidates the U.K. Economic Crime and Corporate Transparency Bill in this edition. Aiming to address vulnerabilities in financial crime legislation, this bill, introduced post the influential Economic Crime Act of 2022, stands on the brink of becoming law. Dive into its core components and their potential ramifications for the financial sector in the U.K.

Explore the European Union's groundbreaking regulations on retail investing with Michael Geiger, CEO of Libertex Group. Unveiled amid market scandals and economic challenges, these rules amplify investor protection and transparency. Geiger sheds light on their implications for investment firms and potential shifts in the financial landscape. (Page 40)

We tirelessly aim to present breaking news from the world's economic arenas, insights from industry leaders, and diverse perspectives. Our goal? A comprehensive snapshot of the financial world. We're committed to delivering only the best. Whether you're a finance professional or someone keen on industry strategies, our features promise in-depth insights into the pillars of sustainable growth. Immerse yourself, and we'd love to hear your feedback.

Enjoy!

16

Setting the standard: Advancing ID verification in banking and finance

Nir Stern, VP product management, AU10TIX

14

BUSINESS

Speeding up chargeback resolutions to boost financial performance

Gaurav Mittal, Executive Vice President, Ethoca

22 32 44

The three P’s of preparedness: A blueprint for crisis management planning

Daniel Kilburn, Founder, Emergency Action Planning LLC

See no invoice, pay no invoice: the ERP “black hole” fuelling late payments

Stephen Carter, Smart Procurement Evangelist, Ivalua

Communications surveillance: A company-wide consideration

TECHNOLOGY

20

Key risks in the FedNow era

Phong Q. Rock, EVP Global Strategy & Growth, Feedzai

Ready-to-assemble digital strategy: why Europe should look to Scandinavia for digitisation inspiration

James Keating, Chief Marketing Officer, Pleo

PCI SSC takes aim at APIs

Best practice to improve missioncritical software during a crisis – through improved software development practices

10

FINANCE

The UK Economic Crime & Corporate Transparency Bill Fosters Information Sharing, Making It More Difficult for Criminals to Succeed

Adam McLaughlin, Global Head of AML Strategy and SME, NICE Actimize

18

Are virtual wallets the future of payments?

Tareq Shaheen, PDM Director, Payment Solutions, Eastnets

28

Staying ahead of the curve –what the FCA’s Dear CEO letter means for fund managers

Patric Foley-Brickley, Managing Director, Apex FundRock UK

42

Fintech is challenging the reign of cash to all our benefit

Tosin Enilorunda, CEO, Moniepoint – Africa’s largest Fintech

INVESTMENT

38

Gearing up for investing in the EV revolution

Benedikt Sobotka, CEO, Eurasian Resources Group (ERG) and Co-Chair Global Battery Alliance (GBA)

40

10

EU’s New Rules on Retail Investing: A Game Changer for Financial Markets?

Michael Geiger, CEO, Libertex Group

The UK Economic Crime & Corporate Transparency Bill Fosters Information Sharing, Making It More Difficult for Criminals to Succeed

Gaps in financial crime legislation and controls have created opportunities for criminals to hide in the void between organisations and behind corporate entities and opaque digital identities. The upcoming U.K. Economic Crime and Corporate Transparency Bill could be one way to fight these weaknesses and revolutionise how we fight financial crime. The ground-breaking bill is intended to strengthen data sharing between the public and private sectors, create stricter regulations on company registration, and reform limited partnerships to develop a more robust defence against criminal activity.

What do financial crime and compliance professionals need to understand about this bill? The Economic Crime and Corporate Transparency Bill was first introduced in the U.K. House of Commons on 22 September 2022. It comes hot on the heels of the Economic Crime Act of 2022, which introduced broad sweeping reforms of ultimate beneficial ownerships (UBO) identification for high-value properties owned by corporate entities.

The new bill passed through both U.K. parliamentary bodies, the House of Commons, and the House of Lords. It is now awaiting royal assent, the formal process through which the King agrees to turn a bill into law. As the latest in a raft of game-changing legislation, this bill will make it harder for criminals to succeed and finally give the good guys some teeth to help fight financial crime.

The Economic Crime and Corporate Transparency Bill will impact three key areas—information sharing, company registration, and limited partnership reform. These focus areas will result in

greater information sharing at financial institutions (FIs), higher-quality corporate registry information that can be used during onboarding and for perpetual KYC (pKYC), and the need for greater monitoring of limited partnerships.

Key Area: Information Sharing

The main emphasis of the bill is on enhanced private-to-private and private-to-public information sharing. Currently, data sharing is limited because the existing legislation is voluntary and lacks firm guidance. Current information sharing gateways are open for interpretation and can be interpreted differently by various legal teams. This often results in limited, or no, information being shared between relevant parties because legal teams will err on the side of caution.

The proposed bill aims to change this by providing clearer gateways and stronger legislation to enable better private-private and public-private information sharing.

In essence, the bill will grant legal immunity from civil liability when sharing information pertaining to suspected financial crime. Law enforcement will also be permitted to proactively gather intelligence from FIs on suspected illegal activity without needing a pre-existing Suspicious Activity Report (SAR) from the organisation.

This change allows organisations to share sensitive information without fearing reprisal— if the sharing is done in the spirit of the law. This new structure is expected to help FIs, and law enforcement prioritise high-risk

cases by allowing information about high-risk entities and those potentially linked to financial crime to flow more freely between organisations and be escalated to the right teams. It is also expected to reduce the reporting burden on FIs, as they will have much more accurate information on suspicious and non-suspicious entities and be able to make better decisions on who to report.

Company Registration Reform

The bill proposes the largest reform of Companies House, the official Registrar of U.K. businesses, and the U.K. company incorporation process since its inception in 1844. Under the new rules, companies must verify the identity of all new and existing directors, persons with significant control and those delivering documents, resulting in more accurate and up-to-date information on the company registry.

Companies House, under the new legislation will now have the authority to check registrations, challenge discrepancies and reject information submitted to or already on the company’s register. This will help Companies House become an active gatekeeper. They can identify if there is suspicion of criminal activity or if the company provides insufficient, conflicting information or fails to sufficiently answers questions raised during registration or about existing registration information, and act accordingly. This change will be the first of its kind globally and deter criminals seeking to use opaque and complex U.K. company structures as a front for illicit operations.

Finally, Companies House will have greater powers to share information, helping to cross check data with other public and private-sector bodies. It will be able to proactively share information with law enforcement agencies when there is evidence of suspicious activity or anomalous filings.

The changes to Companies House will result in more accurate and complete register information. Therefore, organisations can rely more on it for KYC and other verification and validation checks. With Companies House having the power to be a proactive gatekeeper of information, organisations using the data can make better business decisions and more quickly identify discrepancies between data provided during onboarding or remediations and data provided on the company’s register.

Limited Partnership Reform

Another area targeted by the legislation is the reform of limited liability partnerships (LLPs). The goal of the LLP reform is to make it more difficult for criminals to exploit the structure of limited partnerships for illicit purposes.

In this reform provision of partner information, including personal details like name, date of birth, nationality, any former names, and residential address, becomes mandatory. General partners will also need to provide a service address. For a partner that is a legal entity, the information required includes their registered or principal office address and a service address. A general partner who fails to notify the Registrar of partnership changes within in 14 days will commit an offence and be liable to a conviction which could result in a fine.

Additionally, the bill states that limited partnerships must always have a registered office within the U.K., as opposed to the current model where the office can be based anywhere in the world. The Registrar for Companies will have the power to request a change the registered office of a U.K. limited partnership if it deems that the given address is not an appropriate address as defined by the Bill.

Another legislative change is that an LLP must have at least one individual appointed as a registered officer. A general partner of an LLP cannot just be a corporate vehicle or another LLP. This registered officer cannot be a disqualified director and must be contactable by the Registrar. Limited partnerships must file annual confirmation statements, ensuring accurate and up-to-date information is reported to Companies House. This brings LLPs’ requirements in line with those adopted for U.K. limited companies (LLCs). LLPs must file their annual confirmation statements within 14 days of when the annual report is due.

There are many other new changes under this bill, but to manage an organisation’s risk when the new legislation becomes law, it must ensure that any LLPs on the books are compliant with the new legislation, checking that: they have a U.K. registered office; that there is at least one individual appointed as a registered officer; and they are filing annual confirmation statements.

Organizations should make sure that a customer’s KYC record is updated with this new information. It is not an organisation’s responsibility to enforce these requirements, but any LLP customer who fails to conform to the new legislation should become a high-risk customer and questions should be asked why the LLP is failing, willingly or not, to meet the new legislation. It could be because the LLP is a criminal entity which, up until that time, was exploiting the existing LLP structure loopholes.

Organizations should also be monitoring the transactions of LLPs to identify any suspicious transactions which could suggest they still maintain a suspicious or complex offshore structure.

Impact of New Legislation & Technology

The impact of the Economic Crime and Corporate Transparency Bill on fighting financial crime cannot be overstated. It represents a new era in legislative response and is a testament to the ongoing commitment of authorities to fight financial crime and protect the integrity of the financial system.

By strengthening data sharing between the public and private sectors, tightening regulations on company registrations, and adding robust reforms for limited partnerships, this legislation represents a significant step forward in the fight against money laundering and other financial crimes. The bill's success, however, ultimately depends on its effective implementation and the collaboration of all involved parties. As other countries take note of the U.K.’s progress, the hope is that pioneering legislation like this will inspire similar action worldwide, paving the way for a truly global effort to combat financial crime.

Technology can help organisations maximise the benefit of these changes in their risk and compliance programs. Firms can use technology to aid in information sharing, whether that be sharing new detection models and typologies or suspicious activity information, or to automatically update customer records with the latest corporate or LP information from Companies House. Technology can ensure that firms are maximising the value of the richer corporate registry information to identify, manage and mitigate customer risk.

Speeding up chargeback resolutions to boost financial performance

Commerce has been even expanding rapidly. In the US, for example, retail sales are increasing by 8.8% each year, and eCommerce sales are also up by 8.4%, according to recent data. However, many challenges lie ahead despite this resilience in customer spending.

Take the example of the growing trend of purchase confusion. This is where a consumer reviews their bank statement and sees a list of unfamiliar names or references, alongside their outgoing payments. The person then mistakenly requests their money back from said bank.

This is known as a chargeback – it can be extremely costly and time-consuming for all involved. Chargebacks are estimated to cost businesses around $117.46 billion per year, and the average chargeback would cost a business $191 with an estimated 615 million chargebacks happening worldwide per year.

Getting to grips with the chargebacks process

The chargebacks process is also extremely complex as the customer’s card issuer (i.e. bank), card network and the merchant’s acquiring bank all have to work together to determine whether the dispute is warranted and whether the customer’s money should be refunded.

Although businesses and financial institutions should take steps to manage changing consumer behaviours and complexities, preventing chargebacks from negatively affecting their profits is also crucial.

Implementing the right solution to manage chargebacks

Nearly all consumers want their bank to increase clarity by providing more transaction detail. Therefore, finding a solution that makes transaction information more transparent to everyone is essential. Adding a logo or using digital receipts to each outgoing payment could help reduce consumer confusion by jogging customers’ memories on purchases they’ve made. For a financial institution, this digital-first approach is the best method of prevention because it enables them to address disputes earlier in the process before they become a chargeback.

However, when a chargeback does occur, an alerts-based system can be utilised to receive fraud data from issuers in real time. We’ve seen an example of a leading USbased card issuer that was able to address this, having experienced a growing volume of chargebacks. This, combined with the changing nature of fraud, meant they were spending an unacceptable amount of time and money in addressing these challenges.

The obvious solution was to automate the chargeback and fraud processes. The benefit of a digital solution means it can scale along with sudden surges in chargeback volumes. It also doesn’t require any new, additional staff or training and is faster and more accurate than challenging chargebacks manually.

The use of near real-time data transformed its chargeback prevention and management programme and helped the issuer prevent $8M worth of fraudulent and non-fraudulent chargebacks over the course of 12 months. The solution’s automated and scalable nature enabled the issuer to both more easily handle its monthly volume of disputes and still meet customers’ expectations.

The advantages of quicker chargeback resolutions

Businesses and financial institutions can reap significant advantages and increase their bottom line if they prioritize streamlining and preventing chargebacks.

Firstly, it can benefit smaller companies which may not have the resources to absorb the costs associated with chargebacks and reduce the financial impact. Moreover, effective chargeback solutions builds more trust with customers and improves customer loyalty, which in turn can improve the overall customer experience and service.

Businesses can achieve these goals by implementing a more comprehensive strategy around collaboration and technology. By doing so, they can reduce the risk of chargebacks, improve their operations, and ultimately reap dividends in the form of increased profitability and customer loyalty.

Retaining customers and building trust in the long term

Preventing problems and resolving issues are the key to retaining customers and building trust.

We believe that, by enhancing the customer experience, we can help to reduce transactions, lower dispute costs and increase customer retention. This will help boost Lifetime Value, create trust with consumers and help to encourage a longterm relationship.

About the author

Speeding up chargeback resolutions to boost financial performanceGaurav Mittal is the Executive Vice President of Ethoca, a Mastercard company. Gaurav is focused on executing and evolving Ethoca’s global strategy to help businesses further reduce fraud and disputes and create better digital customer experiences.

Gaurav joined Mastercard in 2014. Immediately prior to his role at Ethoca, Gaurav led Global M&A for Mastercard. He has also held leadership positions across Product Development and Enterprise Strategy. Prior to Mastercard, Gaurav worked at Booz & Company where he helped customers develop and focus on their strategic initiatives. Before Booz, Gaurav worked as an early employee and senior executive GEP, a B2B procure-to-pay technology company, where he oversaw rapid growth of the firm. .

Gaurav received his MBA from Columbia University and an undergraduate degree in Computer Science from Denison University.

Setting the standard: Advancing ID verification in banking and finance

In the banking/finance industry, robust ID verification (IDV) has long been important for compliance with KYC and other regulations. However, the new generation of AI-based IDV technologies authenticate identities so rapidly and offer such a positive user experience that they enable new use cases for banks. For example, it is a much more secure and fraud-proof method of strong authentication than traditional second-factor authentication. Also, banks may soon face more liability for P2P fraud, so it is imperative that they make sure the people opening accounts are who they claim to be.

Unfortunately, it can be difficult for organizations to evaluate whether the IDV solution they are using is the best option for their needs. The absence of standardized protocols and benchmarks, compounded by the sheer number of vendors in the space, create considerable complexity and confusion.

Comprehensive collaboration among industry stakeholders is necessary to ensure effective standards that meet the evolving needs of banking and finance. By setting clear benchmarks for ID verification, the sector will be better positioned to combat fraud, bolster compliance efforts, and deliver seamless user experiences.

In the absence of IDV industry standards, I would argue that the following qualities are the most important for financial institutions (FIs) to keep in mind when selecting an IDV solution:

The Right Balance

An IDV solution’s most important job is to find the right balance between accuracy and security. It is critical that the pursuit of high conversion rates doesn’t compromise fraud detection.

Speed and Efficiency

Banking/financial organizations must be able to provide customers with a superior user experience, and speed and efficiency are a priority. If it takes customers several minutes to have their identities verified during the onboarding process, they are likely to give up and try a competitive service. IDV vendors must be able to provide fast, efficient service and handle large volumes of verification requests without sacrificing accuracy or security.

Compliance-Focused

The consequences of non-compliance with financial regulatory requirements can be severe. Financial penalties and the loss of licenses are significant risks faced by institutions that fail to meet the necessary standards. To mitigate these risks, it is essential to work with vendors who possess regulatory expertise and have a track record of compliance with diverse requirements.

In recent years, data privacy has also emerged as a critical concern. Noncompliance with data protection regulations has resulted in substantial penalties for organizations across multiple industries. Partnering with non-compliant vendors exposes institutions to legal and financial consequences. To mitigate risks, FIs must ensure that their chosen ID verification vendors prioritize data privacy and comply with relevant regulations.

Global Experience

FIs that operate globally require IDV solutions that can support a wide range of identification documents and adapt to changing regional regulations. If they are unable to comply with global and local regulatory frameworks, they are opening the door to costly noncompliance fees.

Future-proof

New threats are constantly arising, and IDV vendors must be willing and able to adapt to them. For example, we are now seeing fraudsters using AI-generated deepfakes to trick detection solutions. Some solutions are able to identify them, but many others are not.

Industry-Specific Benchmarks

Although standards are important to all customer-facing businesses, it’s interesting to note that different industry sectors prioritize different aspects of ID verification. For example, e-commerce and digital entertainment sectors often prioritize high conversion rates over maintaining security. In contrast, sectors with strict security requirements, such as finance and government, prioritize fraud detection to protect their customers and assets.

The banking and payments industries place a premium on accurate identification to prevent financial fraud and ensure compliance with AML regulations. Additionally, geographic regulations influence the KYC flows, with different regions requiring specific ID verification methods. For example, some jurisdictions may require video recordings or proof of address as part of the verification process.

Conclusion

Due to the nature of the banking industry, effective and efficient ID verification is crucial for financial fraud prevention, regulatory compliance, and an optimized user experience. The establishment of industry-wide benchmarks is pivotal for success, but in the meantime, banks must develop the strongest IDV toolbox possible. By collaborating with reliable vendors that meet the standards outlined in this piece, institutions can mitigate risks, build trust, and safeguard the integrity of the financial ecosystem.

Are virtual wallets the future of payments?

With the ‘wallet wars’ being waged over recent months, there has been much talk of virtual wallets becoming a vital part of the payments system. Whether a digital wallet (which links to a payment card) or an eWallet (which uses funds deposited into it), the popularity of virtual wallets is clear.

This has been captured in a report from Juniper Research that predicts 60 per cent of the global population will use digital wallets by 2026.

But as the payments system landscape grows, do virtual wallets have what it takes to emerge as a dominant player? Will they be shaping the future of payments or are they destined to fade away as a passing trend?

Adoption on a global scale

A report from Facts & Factors places the global value of mobile payments at $607.9 billion by 2030, growing at a CAGR of 35.5 per cent between 2023 and 2030. But not all data houses agree with this number.

For example, data compiled by GlobalData surpasses the Facts & Factors predictions, with expectations that the Indian market alone will be worth over $5 trillion by 2027. Despite this disparity, the one thing all analysts have in common is that the use of virtual wallets will surge in the next few years.

The enthusiasm for virtual wallets is palpable, with a myriad of benefits driving their widespread adoption. They’re gaining ground, offering customers convenience, improved customer experiences, and a flourishing eCommerce and eRetail landscape.

A world-wide potential

Deloitte’s latest findings reveal that almost every developed country has over 90 per cent smartphone penetration, each with the potential to hold a virtual payment wallet.

However, except for China, currently less than 15 per cent of people in these countries use a smartphone to make a payment because of negative perceptions about security and lack of benefits. Nevertheless, this untapped potential indicates that once these concerns are addressed, virtual wallets could become mainstream and widely adopted, revolutionizing the way we make payments.

As this financial revolution unfolds, some regions are racing ahead while others are taking their time to join the wave.

China

In the bustling world of mobile payments, China has emerged as a trailblazer, with Alipay and WeChat Pay dominating the market. For scale, WeChat alone boasts a jaw-dropping 1.67 billion monthly active users.

Southeast Asia

A series of McKinsey interviews with field experts in Southeast Asia noted extensive opportunities for payments using virtual wallets. The region has around 60 per cent of citizens being unbanked and only about 17 per cent of transactions being cashless.

Africa

In Kenya, the digital payments wallet M-Pesa has been a success, opening up payment rails for the unbanked. As of 2021, M-Pesa had over 50 million users (and rising) across Africa.

Middle East

A Research and Markets survey revealed an exciting future for digital wallets in the Middle East and Africa. According to respondents, digital wallets are set to become the preferred payment method by 2025.

USA

According to YouGov, 60 per cent of American adults in the USA used mobile payment wallets in 2021; the most popular payment apps were Apple Pay, Amazon Pay, Google Pay, and PayPal.

Big tech is normalising virtual wallets

As major tech players push for widespread adoption of virtual wallets, we can expect the public’s acceptance of these payment methods to grow. With user-friendly systems from giants like Apple and Google, consumers are getting comfortable with these convenient options. Moreover, as more businesses, including Netflix and public transportation, embrace mobile payments, the use of virtual wallets is becoming a norm.

Apple, known for its elegant designs, is making waves in the virtual wallet space with its popular Apple Pay. It has become a central figure in the eCommerce payment landscape, with 85 per cent of US merchants accepting it. Though in-store transactions using Apple Pay were slow to take off initially, this is changing.

While Apple Pay had 535.8 million users in 2022 – still far behind WeChat – its potential to dominate the payments sector outside of AsiaPac is undeniable. As the digital wallet revolution continues, Apple is on track to become a powerhouse in the global payment landscape.

Riding the virtual wallet wave

According to a 2022 report from ACI Worldwide, Prime Time for Real Time, more than half of global consumers now hold and use a mobile wallet, with some analysts suggesting that the virtual wallets’ usefulness has reached its limit. Despite these concerns, the tide seems to be turning in favour of digital wallets, as their ease of use in payments becomes a more significant factor.

In addition, there is a strategic perspective for banks to compete with Big Tech in the virtual wallet space. Rather than focusing solely on payments, banks should prioritise identity and expand the ecosystem around their wallet. By doing so, virtual wallets could transform payments, linking them intrinsically to the user’s identity and potentially playing a part in Know Your Customer (KYC) and Customer Due Diligence (CDD) processes.

As virtual wallets become more popular, consumer trust will begin to develop – but this trust can only be sustained with robust security measures across real-time and instantaneous payment rails. Anti-fraud measures become paramount in protecting users’ sensitive information and financial transactions.

Security is key

While virtual wallets and mobile payments look set to become an intrinsic, and perhaps even ubiquitous part of the payments ecosystem, the rise in their adoption also draws the attention of cybercriminals. No matter the type of wallet used, security is essential.

As with any digital payment method, virtual wallets are susceptible to exploitation by cybercriminals, who may employ fraudulent tactics to steal funds or sensitive data. To safeguard users and the payments ecosystem, transactional, real-time fraud checks must become a vital part of the virtual wallet experience.

Regardless of where the payment journey begins or ends, implementing stringent security measures will be crucial to ensuring the safety and confidence of consumers in this transformative payment technology.

Key risks in the FedNow era

FedNow has arrived. Aiming to modernize the existing payment infrastructure to meet the convenience and speed consumers expect, the US is finally joining a growing family of nations that have already launched their own payments systems.

Deployed by the Federal Reserve, FedNow will enable individuals and businesses to send and receive instant payments, operating on a 24/7/365 basis. Through the click of a button, customers will be able to access funding through interconnected payment infrastructure, unlocking the full potential of real-time payment capabilities for US financial institutions.

While the benefits are significant and should be welcomed, the arrival of FedNow does also bring about risks. Bad actors count on using real-time payments and settlement to their advantage, meaning banks and payment service providers participating in FedNow must remain vigilant.

The first step to combating financial fraud is for businesses, and consumers, to understand the risks, so they can better mitigate them. From account takeover fraud, right through to CEO fraud and money mule schemes, we’ve outlined the most significant risks to consider with the arrival of FedNow.

Account Takeover fraud

One emerging risk type that banks will have to navigate is account takeover fraud. By taking control of a business or individual account, fraudsters have the power to inflict significant harm. Bad actors are able to send payments to different accounts in their control, with funds settling instantly before the real account holder or bank realizes an account takeover attack is underway.

Business Email Compromise

Company employees with payment responsibilities must be vigilant – they are the high-value targets for criminals. Fraudsters can create fake websites or send fake emails (phishing), send highly personalized text messages (smishing) or target employees over the phone (vishing). With instant payments and settlement, criminals can convince employees to approve fake invoices that are immediately transferred to another bank, and will be extremely hard to claimback.

CEO Fraud

CEOs and C-suite executives will continue to be key targets for scammers. CEO fraud intensified during the pandemic when many began working remotely. After obtaining employees’ contact information from social media or data breaches, fraudsters send victims an email or SMS pretending to be the company CEO. This type of fraud has typically involved tricking victims into buying physical gift cards and sharing the codes.

In the FedNow age however, fraudsters may instruct employees to initiate payments from company accounts while pretending to be the CEO and jeopardizing the security of financial institutions in the process.

Malware and Phishing Attacks

The widespread and quick adoption of AI technology has intensified the use of phishing attacks, a fraudulent activity centered on various scams, including impersonation scams, romance scams, or tech support scams.

Cybercriminals have taken advantage of generative AI to target victims, creating increasingly realistic messages tricking unsuspecting individuals. Fraudsters can also use malware to steal a target’s personal information to take over their bank accounts and initiate unauthorized transfers.

Money Mule Schemes

Another risk in the FedNow era is the rise in money mule schemes, a type of money laundering activity. A money mule scheme happens when a person who receives money from a third party, transfers it to another, in order to obtain a commission for it.

Being able to send and receive money instantaneously creates money laundering opportunities. Bad actors can recruit victims using fake job listings into acting as money mules. Once money is received on the criminal’s behalf, funds to another account can be deposited quickly and repeated multiple times through different mule accounts. The more layered the money laundering approach, the more difficult it is to trace or recover funds.

Scams

Scams are one cause for concern that banks are currently firefighting at an increasing rate. While FedNow will initiate greater convenience for the consumer, fraudsters will view this as a prime opportunity to target victims.

Even though banks have bolstered their defenses against fraudsters, authorized push payment (APP) scams have been exploited by criminals to trick customers into committing fraud on their behalf.

As FedNow adoption picks up, financial institutions should expect an increase in APP scam variations, including investor, imposter, romance, phishing, smishing, and vishing scams – all of which banks will be fully acquainted with and briefed on.

Social Engineering Fraud

Finally, banks and employees must be mindful of social engineering fraud. Fraudsters can carefully study the victim’s habits and lifestyle, including their jobs, social media profiles, and more. This is called a social engineering scheme, where the criminal collates this information with the aim of manipulating or deceiving victims in order to gain control over computer systems. In many instances, criminals curate a social engineering scheme to convince their targets to send money for fake emergencies, such as an outstanding payment or helping a loved one.

Banks must be vigilant and prepared to tackle these risks. FedNow is an exciting development for US payment infrastructure, making payments as easy and efficient as possible. In a financial landscape that has faced a whole host of tests recently, FedNow will raise the pressure on banks to be alert to these risks, with little margin for error.

As new risks emerge on the financial fraud frontier, so too do solutions adapt and improve. New technology, like that offered by Feedzai, uses AI to help banks and financial institutions stay ahead of scammers, silently protecting millions of US citizens in the background and snuffing out financial fraud before it becomes an issue.

The three P’s of preparedness: A blueprint for crisis management planning

Introduction

In the unpredictable and fast-paced world of business and life, a crisis, an emergency, or disaster can strike at any moment, disrupting operations, endangering employees, and threatening financial stability. In this article, we will explore the three P’s of Preparedness – Planning, Playfulness, and Perseverance – and understand their significance in crafting effective strategies for emergency preparedness.

1. Crisis Management and Its Impact on Companies

Crisis Management, or Emergency Action Planning is the art of responding to emergency events while mitigating the negative impact on a company’s reputation, operations, and financial standing. A well-prepared organization can turn a crisis into an opportunity for growth and resilience. Let’s consider the possibility of a midsize IT services company that faced a massive cyber-attack, compromising sensitive customer data and crippling their IT infrastructure.

Despite the unforeseeable nature of the attack, the company’s crisis management team had a robust emergency plan in place. This plan outlines a clear chain of command, designated communication channels, and preplanned roles and responsibilities for each team member. Thanks to their swift response and well-rehearsed actions, they were able to successfully restore their systems and communicate transparently with their customers, earning their trust. As a result, the company not only recovered quickly but also enhanced its cybersecurity measures to prevent future attacks. This result will only be possible if a plan is in place, practiced, and activated.

What story would you like to hear about your company after an emergency or disaster strikes?

2. The Three P’s of Preparedness: 2.1. Planning

A vital part of crisis preparedness is planning. Develop a comprehensive emergency action plan tailored to your company’s defined risks and needs. Identify potential threats, such as natural disasters, man-made disasters, medical emergencies, economic downturns, and service or supplier disruption. Outline specific actions for each scenario. Include evacuation procedures, communication protocols, and strategies for ensuring the safety and well-being of employees and stakeholders. Planning needs to be at the forefront of risk management for any company, not an afterthought.

2.2. Playfulness

The concept of playfulness may seem unconventional in the context of crisis management, but it refers to the ability to approach challenges with creativity and adaptability. Encourage your team to think outside the box, brainstorm innovative solutions, and maintain a positive mindset during trying times. Instead of trying to make a plan perfect, try to break it first. Having fun at something impacts the information retention rate and ability to follow through. Embracing playfulness allows companies to explore unconventional strategies that could lead to unexpected benefits.

2.3. Perseverance

Resilience in the face of adversity is a hallmark of successful crisis management. Perseverance involves staying committed to your long-term goals, despite the challenges and setbacks you may encounter. Stand by your values, communicate openly with employees and stakeholders, and demonstrate unwavering determination to weather the storm.

As a business executive, parent, or team member, you are responsible for your outcomes 100% of the time. Often, we are derailed by the demands of life. It is crucial to remain committed to developing your crisis management plan before you need it.

3. Building a Culture of Preparedness

Creating a culture of preparedness in your organization is instrumental in ensuring that crisis management strategies are ingrained in every level of your company. Encourage active participation in emergency drills and exercises to familiarize employees with protocols and promote a sense of collective responsibility. The ability to think in a risk-averse way in events other than finance will have benefits not only for your business and will benefit your employees long after they leave work for the day.

4. Developing Comprehensive Communication Plans

Effective communication is paramount in crisis management. Establish clear lines of communication within your organization, ensuring that all employees are well-informed and able to disseminate critical information to the relevant parties promptly.

5. The Role of Contingency Plans

Everyone has a Plan A: But what about Plan B, C, or D? Backup plans act as a safety net, providing alternative responses to potential crises. Develop plans that cater to various scenarios and designate responsible personnel to implement them promptly. Regularly update these plans to reflect changes in your business and external environment.

Conclusion

As we have explored the three P’s of Preparedness – Planning, Playfulness, and Perseverance – we can see their decisive role in building resilient businesses, and individuals capable of weathering any storm. Crisis management plays a critical role in preserving a company’s reputation, financial stability, stakeholder confidence, and employee satisfaction. By embracing the principles of preparedness, fostering a culture of readiness, and refining communication and contingency plans, businesses can emerge from crises not only unscathed but also stronger and more adaptable than before. The decision is yours, natural disasters, pandemics, economic downturns, and service or supplier disruption are only events. How you decide to react to these events can become the crisis.

Until next time, stay informed, and stay safe.

Driving Success through Retail Focus, Ethical Investments, and a Customer-Centric Approach.

PT Sucorinvest Asset Management, headquartered in Jakarta, has garnered significant recognition. Notably, they received awards such as the Asset Management Company of the Year for both Southeast Asia and Indonesia in 2023, in addition to marking 25 years of Excellence in Asset Management during the 2023 Global Banking & Finance Review Awards. Their ambition is to become the foremost retail asset management operation in Indonesia. They've achieved remarkable growth in the past years, with their Asset Under Management value having more than quadrupled in just four years. The company is steadfast in its commitment to providing the most suitable investment solutions tailored to its customers' needs.

Recently in London, President Director of PT Sucorinvest Asset Management, Jemmy Paul Wawointana, met with Phil Fothergill, Global Banking & Finance Review to discuss the company's successful growth over the past 25 years.

Reflecting on the company's journey over a quartercentury, Jemmy pointed out that the past five to eight years have been instrumental in shaping the company's current status. Initially, the firm was primarily engaged with institutional clients.

However, due to a strategic shift in marketing, their focus transitioned more towards retail. With a mix of both bank and non-bank distribution channels, they've seen a significant surge in asset management, attributing their recent growth to catering specifically to retail and highnet-worth individual investors' needs.

When asked about their notable achievements, Jemmy proudly mentioned that they hold one of the largest market shares for mutual fund investments in Indonesia. They serve around 738,000 customers, which roughly translates to an 7% market share of the total number of individuals who have invested in mutual funds in the country. Their significant presence in the intersection of Fintech and asset management is evident as they dominate in selling products through securities companies. At the heart of it all, Sucorinvest's mission revolves around helping individuals build and sustain their wealth for future generations.

Jemmy explained their investment policy, which emphasizes looking at the fundamentals combined with understanding market and business cycles. This philosophy has proven fruitful over the past 6-7 years, enabling them to outperform the benchmark consistently. Presently, their assets under management are almost worth $2 billion, solidifying their position among Asia's leading asset management companies. This success isn't solely measured in terms of assets; they also boast one of the largest investor base in the retail segment within Indonesia.

In the age of digitization, Jemmy acknowledged the pivotal role technology plays in banking and investment. The pandemic accentuated this aspect further. Their digital media campaigns and online education platforms bore fruit during the Covid period when the industry was stagnant. A staggering 70% of their clientele comprises of investors under the age of 30, demonstrating the effectiveness of their digital strategy.

On discussing their best-performing funds, Jemmy highlighted the success of their Sucorinvest Flexi Fund and Sucorinvest Equity Fund, which have consistently beaten benchmarks over the years. They also take pride in their philanthropic endeavours, such as their Balanced Fund, Sucorinvest Anak Pintar which allocates a phillantrophic fees to educational foundations in Indonesia.

Jemmy announced that they recently launched a Sharia ESG Equity Fund to cater to the increasing demand for sustainable investments. As for future plans, they are planning to introduce a Sharia Global Equity Fund aimed at allowing Indonesians to invest overseas.

Jemmy also touched upon the challenges of the times, particularly the pandemic and global geopolitical tensions. In response, they've hosted a series of educational events, on platforms like Zoom and social media, aiming to improve financial literacy, particularly among millennials. Their strategy has been to help individuals understand their investment goals and risk profiles, whether they're conservative or aggressive, and tailor their investment approach accordingly.

Customer-centricity stands at the forefront of Sucorinvest's priorities. They dedicate significant resources to ensure all client queries are addressed promptly and comprehensively, even if they don't directly sell to these clients. This strong emphasis on customer support is one of the reasons they've managed to build such a loyal client base.

Looking ahead, the company plans to intensify its focus on sustainable development goals. They aim to promote ESG within their organization and are introducing initiatives rooted in these principles. The vast potential that still lies untapped in the Indonesian market, given that only 2-3% of its population currently invests in mutual funds, is also on their radar. They're poised to exploit this potential through aggressive marketing and educational campaigns, ensuring that more people are informed about investment profiles, associated risks, and the products that can help them secure their financial future.

As the world of finance remains ever-evolving, PT Sucorinvest Asset Management continues its relentless pursuit of excellence. With an emphasis on retail focus, technological adoption, and a customer-centric approach, they are well-positioned to harness Indonesia's vast potential — signalling a bright future ahead.

Staying ahead of the curve – what the FCA’s Dear CEO letter means for fund managers

While there are signs emerging that inflation may have peaked, central banks nevertheless remain cautious and interest rates continue to rise. Market volatility and these rising interest rates continue to spook investors, leading to greater redemptions being sought.

With an eye on avoiding a repeat of the Woodford scandal of several years ago, in which many investors lost money, the FCA earlier in the summer published a ‘Dear CEO’ letter reminding funds to implement sufficient liquidity oversight, management and procedures to respond to any increase redemption scenarios.

This is a growing concern, with the cost of living making crisis many people rebalance their portfolios, seeking greater liquidity in their investments by moving money into lower-risk, interest rate pegged savings vehicles that have suddenly become more attractive.

So, what new detail did the FCA letter contain, and what are the implications for fund managers?

With ongoing inflation and the fallout of the pandemic still working its way through the economy, the FCA recently undertook a multifirm review of liquidity management by Authorised Fund Managers (AFMs). The FCA’s letter called on asset managers and managers of Alternative Investment Funds to consider the implications of the review’s findings for their businesses.

For some, the review will make for uncomfortable reading. It found “a wide disparity” in how firms comply with regulatory standards with regards to liquidity and in the depth of their liquidity risk management expertise. It was also discovered that most funds fell short in some aspects of their liquidity management framework. And despite the risks and the high-profile reputational fall-out of the Woodford case, many firms were found not to be giving liquidity management the priority it deserves in governance structures.

Feeling the stress

The review also discovered wide variance when it came to stress testing with some firms carrying out detailed and sophisticated modelling, while others treated stress testing as little more than a box ticking exercise. Of particular concern, the FCA found that at some firms, few funds ever failed stress tests. This might suggest that stress thresholds may not be challenging or stringent enough, especially given increased market volatility and macroeconomic uncertainty.

Many firms operated models on the assumption that the most liquid assets would be sold first, creating a false sense of security. If enacted, this strategy would also lead to negative outcomes for remaining investors in the funds. The FCA instead recommends a pro-rata approach where a proportionate ‘slice’ of every asset in the portfolio is sold to accommodate the redemption.

The FCA also found that, when it comes to redemptions, many firms only triggered enhanced governance at a large redemption threshold. This might mean that multiple smaller redemptions – and their cumulative impact – could go relatively unnoticed. In light of the forthcoming Consumer Duty changes, the FCA is calling on firms to ensure investors understand the impact

of redemption in stressed market conditions. This will be particularly important in cases where firms are offering more illiquid funds (e.g. longterm asset funds) to retail investors.

Next steps

So, what are the implications of this review for fund managers and how can they meet the FCA’s expectations on liquidity management?

The FCA outlines a number of suggestions for actions fund managers can take. These include the following; the introduction of a liquidity management committee; reviewing current liquidity risk management frameworks; creating a range of liquidity playbooks to be activated should various liquidity stress events occur; consider engagement of third parties such as delegated investment managers and third-party administrators, to support the design and implementation of appropriate liquidity risk management protocols and processes.

On the last point, many managers are seeking third independent partners –like FundRock and Apex Group – which can help firms stay ahead of FCA regulation and ensure stress testing and liquidity management is robust, and leaves firms prepared for any and all scenarios. The broader view of a third party, and the ability to see a business objectively and from the outside, gives a much clearer picture of current risk management strategies which will keep both investors, and regulators, reassured.

Following the FCA letter, it is likely that other regulators across Europe will also be looking more closely at liquidity management. The FCA’s multi-firm review findings have fed into the FSB and IOSCO’s work on liquidity with regard to open-ended funds. On July 5, 2023 the FSB consulted on its

recommendations to address structural vulnerabilities from liquidity mismatch in open-ended funds, and IOSCO consulted on guidance on anti-dilution liquidity management tools. While the FSB and IOSCO recommendations are not yet applicable to firms, they indicate a clear direction of travel for global regulatory priorities in this regard.

In conclusion, it’s clear that managers will have significant work to do over coming months, to ensure their liquidity management approach is on a firm footing and ready to withstand any potential economic shocks. Regulators are focused on proactively managing any fall-out from macroeconomic uncertainty, and crucially, avoiding a repeat of what was seen with Woodford. Fund managers should act now to ensure they can withstand whatever the wider economy might throw at them and give investors and the FCA confidence in the prudence of their liquidity operations.

The FCA is likely to scrutinise fund liquidity management arrangements just as closely going forward and demonstrating the development, testing and implementation of robust liquidity management arrangements will also be essential for firms to show commitment to ensuring good investor outcomes under the forthcoming Consumer Duty standards.

Ready-to-assemble digital strategy: why Europe should look to Scandinavia for digitisation inspiration

If you’re currently in an office, take a look over your shoulder and see if you can locate the oldest of office technologies – the fax machine. Despite being an office stalwart, chances are you’ll have no idea how to use it, and it’ll be older than most of your colleagues.

Yet this is emblematic of the digitisation conundrum (say that three times fast) that pervades most workplaces across the UK and Europe. While the pandemic ushered in a fresh approach to digitising existing systems, the old ways stubbornly remain. And now that people are able to leave their homes once more, there is the risk that people and businesses alike fall back into paper-based habits.

When it comes to Europe and digitisation in general, the bloc’s digital competitiveness has a way to go, with France, Germany and the UK all sitting outside of the top 10. That’s not to say the appetite isn’t there of course. Research from Amazon Web Services (AWS) and Gallup shows that 67% of digital workers in the UK want to gain more digital skills, rising to 70% in France and an above-average 78% in Germany. Yet, overall 92% of those interested in developing these skills say there are obstacles, including a lack of time and resources, in their way.

To remedy this and accelerate its digitisation efforts, countries shouldn’t look to the US or Asaia but their Scandinavian neighbours – Finland, Denmark and Sweden – who sit atop The Digital Economy and Society Index 2022 as the most digitised countries.

A digitised Scandinavia

Outside of the DES Index, the digital credentials of all three Scandinavian countries are well-known. For instance, Finland and Sweden are well on their way to becoming cashless societies. While The Netherlands and the UK aren’t far behind, in Germany banknotes and coins made up a total of 58% of purchases in 2021, while in France 91% of the population still frequently use cash.

The Nordics are similarly leading the pack when it comes to the percentage of households that have broadband access. While they are also giving the US and China a run for their money when it comes to the AI race and robotics.

One of the reasons why Northern Europe is a step ahead of the rest of Europe is that the political and economic framework has been, and continues to be, stable for the most part. While there is correspondingly strong and enthusiastic support from the population, and also from the business community, with this trust building up over decades.

For example, in ‘90s Sweden, there was a major “home PC reform” where one million Swedes were given their first computer. 850,000 computers were distributed to the tune of our billion SEK in taxpayer money, yet this was seen as an investment, with 71% of people feeling their computer knowledge increased as a result. Not a bad investment considering that in 2019, Sweden had by far the highest research and development spending in the entire EU.

This is one example of how a country’s government identified the long-term opportunity getting its citizens hands-on with technology could deliver and poured its efforts into something that can make all the difference – education.

Levelling up digital education

So, how did Sweden and its Nordic neighbours get to this stage? One way is through education. As the “home PC reform” shows, education can have a profound impact on the rate of digitisation. At the beginning of their time at school, there is an opportunity to naturally introduce children to technology and software tools, encouraging the need for schools to be equipped with state-of-the-art technology to teach skills such as programming and coding.

Not every country’s education sector will have the budget for this, but this is an opportunity for the tech sector to step in and take on more responsibility in educating its younger generations. They should think of it as an investment – planting the seeds of digital competence to sit in the shade of individuals’ innovation later on.

In Denmark, for example, tech companies go directly into schools, where experts from the field answer student questions, share their experiences, and provide insights into their daily work. While in Sweden, there are numerous private-sector initiatives, such as the SPACE Academy, which provide children and young people with targeted digital training.

This is not just about the youngest generations though. More support is needed for upskilling workers already at the beginning, midpoint, or even the end of their careers. Amidst a growing digital skills shortage, Europe is making very slow progress towards its goal of having 80% of adult citizens with basic digital skills and 20 million employed ICT specialists by 2030.

In a climate where 65% of over 55s in the UK say they have never received any digital upskilling, businesses must work harder to elevate the skillsets of everyone and to create an understanding of the steps needed to develop their skills. Not just in digital-facing teams either, but in everything from finance to production to human resources. This can prove a decisive factor in international competition in the mediumto-long term and something that is even more manageable in an era of user-friendly platforms.

Cooperation instead of digital islands

Sweden’s motto is “Together we are innovative”. And it shows too, as instead of focussing their efforts on national digital competitiveness, Swedish companies have instead cultivated a culture of broad-based cooperation. The advantage is that a collaborative mentality, flat organisational structures and an informal business culture are now the tradition.

In dozens of Nordic incubators and so-called science parks, global corporations such as Ericsson or Volvo meet startups and small companies, and together they tackle challenging topics like AI, sharing their expertise.

To catch up with their Scandi neighbours, countries across the EU need to have an increased degree of pragmatism when it comes to digitisation. This starts with decisionmakers from the smallest companies up to the government, and must be formed of small but bold steps where progress is constantly reassessed and responsibility is shared.

If we can achieve this, then they are setting themselves up for success. And, with any luck, you won’t be reading this on a fax.

See no invoice, pay no invoice: the ERP “black hole” fuelling late payments

Late payments continue to make a serious dent in the economy, costing UK businesses £27 billion each year. But the impact of late payments is farreaching, leading to stalled cashflow and production, supply chain disruption, and damaged relationships. In fact, research shows that 59% of UK businesses reported suppliers have ended the relationship with them due to repeated late payments.

It’s not surprising to hear this. Timely payments are often the key to suppliers’ survival, especially when times are tough. If late payments had been made on time and as promised, the Federation of Small Businesses claims 50,000 UK business closures could be avoided each year. With fewer businesses closing their doors, there’s less threat of supply chain disruption, as organisations won’t have to spend time or resources identifying new suppliers and building new relationships.

The issue has grown so large that the UK government has taken action. It is considering how to update the UK’s Payment Practices and Performance Regulations ahead of their expiry date on the 6th April 2024. This means organisations need to act now to improve payment practices, but first, they need to overcome some technological and operational challenges.

Lack of visibility impacting relationships

With late payments impacting supply chains, something must change – but organisations need to understand where the problem starts to truly address it. Typically, the biggest issue causing delays to payments is low visibility into spend. All too often, the supplier payment function lives in an ERP “black hole” that’s highly inflexible and disconnected from upstream processes like procurement or banking systems. Without any insight into supplier payments, it’s almost impossible for firms to track if payments have been made.

In fact, Ivalua research found a third (35%) of UK businesses have a severe lack of visibility into payments, and 58% reported a disconnect between procurement and finance teams, making it hard to ensure suppliers are paid on time. With so many businesses lacking visibility, they run the risk of negatively impacting supplier relationships and the stability of their supply chains.

Without the ability to understand and control when suppliers have been paid, firms also won’t be able to work with suppliers to make strategic payment decisions that incentivise supplier performance.

Don’t be late, automate

There is a better way of managing supplier payments. With a cloud-based procurement platform, organisations can generate a single view of their supplier payment landscape and automate the payment process from end to end. This will ensure collaboration between accounts payable, the business, and suppliers. With this bird’s eye view, firms can better understand, and control their spend. They can also use this single source of truth to automate manual payments processes to drive same-day approvals, eliminating late payments altogether.

With improved visibility into spend, organisations can also start to benefit from modern payments technologies like virtual cards. With the right technology foundation, virtual cards can be automatically generated with set amounts so employees can spend allocated budget directly and make payments instantly and securely. This eliminates the need for lengthy approval processes, further speeding up payments for projects, and providing detailed spend data that can be tracked against budgets.

But why stop there? Once payments are automated, organisations can use this information to add strategic value – using payments to drive performance, generate savings, and reduce financial risk.

A strategic approach to payments

One of the most obvious examples of using payments strategically is paying early. This can often result in discounts, helping towards the organisation’s bottom line. What’s more, in times of supply shortages, the ability to offer early payments could be the deciding factor on who a supplier chooses to offer their in-demand stock to. This is critical to organisations’ survival as geopolitical instability continues to rock supply chains across the globe – with Make UK predicting supply chain pressure will continue until at least 2024.

For firms who need to manage suppliers and incentivise them throughout long projects, staggering payments throughout can also be a vital tool to drive performance and efficiency. By timing payments against key milestones throughout a project, organisations can promote collaboration and communication, while ensuring that suppliers are paid on time when the work is done.

With better insight and control over payments, organisations can also utilise their newly freed-up liquidity to drive further savings across the supply chain. For example, organisations can bulk-buy goods up-front at a discount to help reduce costs, provided that additional inventory costs remain under control.

No time like the present

While the UK government is revisiting its approach to tackling late payments and will likely increase its scrutiny, now is the perfect time for organisations to transform their payments processes. By improving payments practices now and eliminating the ERP “black hole”, firms will be able to get ahead of any updates to regulation.

But more than this, organisations will be able to use their greater insight into and control over payments to start reaping the rewards before any new regulation comes into force. Firms that enable strategic payments will start benefiting now as they build better ties with suppliers, and work alongside their suppliers to identify cost savings and find new ways to mitigate risk.

How the Bank of England is Driving Trust and Transparency with the LEI

In a report published in July 2022, the Financial Stability Board (FSB) encouraged global standards-setting bodies and international organizations with authority in the financial, banking, and payments space to drive forward LEI references in their work.

The Bank of England is a high-profile champion of the LEI; the UK’s central bank affirmed its position to support wider LEI uptake and will introduce the unique identifier into the ISO 20022 standard for CHAPS payment messages on an ‘optional to send’ basis in June 2023. All CHAPS Direct Participants – which include traditional high-street banks and a number of international and custody banks – are encouraged to start using LEIs as early as possible.

As the next step in its phased approach, the Bank of England will begin the mandatory inclusion of the LEI in certain CHAPS payments in November 2024, with a vision to widen out the requirement to all CHAPS participants over time. Specifically, the Bank will mandate the use of the LEI, where the payment involves a transfer of funds between financial institutions.

Tanveer Bhatti, Lead Policy Analyst at the Bank of England, explains why the Bank is driving LEI adoption and the benefits that can be realized across the payments ecosystem by leveraging this standardized identifier.

Why did the Bank of England choose the LEI for CHAPS Direct Participants?

In an increasingly globalized world, data standards are a strategic focus for the Bank of England. Promoting uptake of the LEI is a key part of our approach, as it provides a unique, global identifier that can be used across borders by all entities participating in financial transactions. Importantly, this identifier is connected to a free and open database of verified business information that is updated daily.

Implementing the LEI for CHAPS payments has the potential to unlock a range of benefits and is supported by broad industry and international consensus. Guidance and recommendations on LEI use come from leading global experts setting standards for payments data, such as the Payments Market Practice Group (PMPG) and both the High-Value Payments Plus (HVPS+) and Cross-Border Payments and Reporting Plus (CBPR+) working groups.

What specific benefits can the LEI deliver?

Wide usage of the LEI can improve payment service providers’ efficiency in customer due diligence, compliance and fraud screening processes, and regulatory reporting. Ultimately this supports faster and cheaper payments for end-consumers.

The LEI can also help efforts to tackle financial crime, particularly by helping payment service providers connect to shared data repositories to enhance detection rates. It can also assist regulators when undertaking resolution activities to understand organizationwide liabilities across jurisdictions and asset classes promptly.

More broadly, the LEI delivers the underlying trust and transparency needed to catalyze the creation of innovative new products and services.

How do these benefits extend to support cross-border payments?

The challenges facing the crossborder payments market – namely high costs, low speed, limited access, and insufficient transparency – are well-documented. Fortunately, the LEI benefits outlined above are particularly pronounced for cross-border payments. A consistent standard for entity identification can play a key role in supporting improved payment routing, customer due diligence, and financial crime detection.

As part of the G20 roadmap to enhance cross-border payments, the FSB is leading work to encourage the wider use of LEIs in payments. National regulators and relevant stakeholders are now exploring the role the LEI can play in streamlining customer due diligence. Stakeholders are also collaborating on pilot projects, including, among others, using the LEI in payment standards and sanctions screening.

For stakeholders that want more information on the benefits of the LEI, we have published the Bank of England’s response to its consultation with the UK industry: Policy Statement on Implementing ISO 20022 in CHAPS. Our Real-Time Gross Settlement (RTGS) Renewal Key Benefits webpage also explains how the LEI is a key enabler to unlock the full potential of the enhanced data in the ISO 20022 payment messaging standard.

What lessons have been learned in preparing for this transition to leverage the LEI?

While the use of the LEI among certain financial institutions is established, registration rates for LEIs among non-financial businesses in the UK are relatively low. This is why the Bank of England is taking a proportionate approach to compliance with the mandatory usage of the LEI in CHAPS. Nevertheless, LEI adoption is growing, and new issuance models being advocated and promoted by GLEIF, such as bulk issuance via business registries and the Validation Agent (VA) role, promise to drive further momentum.

Bulk LEI issuance is an initiative by which LEIs could be issued to all the companies registered in a registration authority, allowing business registries to serve as LEI issuers to all their applicants – provided that the registry meets GLEIF verification requirements. The Validation Agent role allows financial institutions and other organizations involved in identity verification and validation to obtain and maintain LEIs for their clients in cooperation with accredited LEI Issuer Organizations.

Are there specific gaps in LEI coverage for CHAPS Direct Participants?

No, there are no gaps in the LEI coverage for any current CHAPS Direct Participants, and the LEI is required when onboarding any new participants.

Is the Bank of England already realizing benefits from preparatory work or initial data flows?

Ahead of the LEI field going live in CHAPS in June 2023, we have seen data flows in our test environments. Our policy approach aims to give the industry the certainty it needs to plan, design and invest to make the most of the new LEI data. We continue to engage with our Direct Participants on their implementation approaches, and last year we published Additional Guidance: Detail on Mandating ISO 20022 Enhanced Data in CHAPS to give more practical detail.

Within the Bank, the use of LEI data has become increasingly important as an identifier and as a source of address and relationship information. We use GLEIF’s daily file export and have designed validation rules to alert when changes have been made. GLEIF’s API is also used by both the Bank’s data and business teams to investigate any queries.

By increasing the use of LEI data within internal systems, our analytical outputs are improving. As LEI adoption increases, we expect these benefits to multiply – particularly if bulk LEI issuance is adopted.

Using the LEI also reduces the need for new identifiers to be created, as well as enabling the decommissioning of existing identifiers when it comes to system replacements and upgrades.

PCI SSC takes aim at APIs

Application Programming Interfaces (APIs) are the glue between mobile and web applications work and play a vital role in online payments. Consumers and businesses expect a smooth and engaging application experience when conducting transactions and APIs have facilitated this, enabling merchants and financial organisations to swiftly rollout new services. However, as APIs act as highly visible and well-defined doorways into the data and business processes of organisations, they’re also now a prime target for attackers.

Seen as the Achilles heel in ecommerce, attacks against APIs are resulting data breaches are expected to double by next year, according to Gartner. Consequently, the PCI Security Standards Council (PCI SSC) has taken a number of steps to better protect them, starting with new provisions for API security in the latest version of the Payment Card Industry Data Security Standard, PCI DSS 4.0. Largely unchanged for the past decade, version 4.0 is set to become mandatory from April 2024, and all those in scope will need to adopt these new practices to secure their APIs.

The main area pertaining to APIs is in Requirement 6 which requires those in scope to Develop and Maintain Secure Systems and Software. Section 6.2 which applies to custom-developed software stipulates how code should be developed and subjected to code reviews to ensure it is developed according to secure code guidelines, that existing and emerging vulnerabilities are looked for and corrections made prior to release. The section essentially formalises the need to adopt a shift-left approach with regards to API development thereby helping to prevent vulnerabilities making it into production.

API attack patterns demand unique defence

Of particular interest is the list of attacks to prevent/ mitigate in section 6.2.4 which now includes business logic abuse for the first time which are “attempts to bypass application features and functionalities through the manipulation of APIs”. Even perfectly coded APIs can be exploited via business logic abuse which means those that are deployed can still be compromised even after being subjected to rigorous development testing. Signature-based defence systems are unable to detect this type of exploit, making it notoriously difficult to spot. However, continuous monitoring of all API calls will enable AI models to learn business logic, leading to Generative AI test suites for each API. This will see the shift-left concept of testing API code move beyond the standard test suites we have today. It’s also worth mentioning that business logic abuse is often perpetrated by bots, so this highlights the need to use bot mitigation and API defences together.

Section 6.4 focuses on protecting publicfacing web applications against attack. External as opposed to internal APIs are at higher risk of discovery and abuse and this section makes provision additional safeguards in the form of regular annual reviews or automated technical solutions that seek to detect and prevent web-based attacks (6.4.1). The following section (6.4.2) then provides further detail on what that automated technical solution should look like and be capable of. In addition to being in front of the application and configured to detect and prevent web-based attacks, it should also be actively running ie continuous, generate audit logs, and either block or generate an alert that is immediately investigated.

The example given is of a Web Application Firewall (WAF) but as the name suggests, these have been developed to protect web applications, not APIs. A WAF uses signature-based threat detection to look for attacks with tell-tale code but as previously mentioned, business logic abuse sees the functionality of the API used against it. It is therefore not strictly an attack but a form of exploitation and leaves no signature. Rather, the giveaway is the behaviour and the requests being made to the API, changes in web traffic volumes and burst rates etc. Therefore, an API-specific automated security tool is advisable in order to meet these requirements and to detect and block such attacks.

Additions to the PCI SSS

In addition to the PCI DSS requirements the PCI SSC has also recently updated the PCI Secure Software Standard. First released in 2019 this was updated in May 2023 and seeks to ensure payment software is designed, developed, and maintained in a manner that protects transactions and data, minimises vulnerabilities, and defends against attacks. The latest version includes additions to the Web Software Module and API-specific requirements for “documenting and tracking the use of open-source and third-party software components and APIs in payment software” and “controlling access to payment software web APIs and other critical assets”.

These two additions are important because they help to amplify the importance of several API vulnerabilities, where attackers are actively mixing and matching attack methods. Indeed, it’s a practice that has recently been recognised in the Open Web Application Security Project API Top Ten list of categorised security threats updated for 2023. It now features category API6:2023 which reflects the fact that API security that isn’t functioning properly can be targeted by automated bot attacks which bombard the API with numerous techniques.

What the changes to both the PCI DSS and PCI Secure Software Standard reveal is that API security will now need to be prioritised by merchants and processors. APIs will need to be securely developed, continuously monitored and managed in order to better protect the transaction landscape. And, while shift left testing can help, steps will need to be taken to protect production APIs, especially those that are public facing. Existing automated solutions cannot spot the type of business logic abuse attacks or defend against bot-automated attacks that pivot through numerous tactics, techniques and procedures that we are seeing. In order to do that, the sector will need APIspecific tools that use behaviour-based detection and defence tactics for blocking and frustrating attackers.

Gearing up for investing in the EV revolution

The wheels are in motion: Investors must be ready for decades of historic growth amid surging demand for electric vehicles and critical raw materials.

News about the climate crisis rarely makes for good reading. Take, for example, the latest news from Europe. According to data from the Copernicus Climate Change Service, Europe saw its hottest ever summer in 2022 (the previous hottest was in 2021), with the third warmest autumn on record. What’s more, in recent weeks, oppressive heatwaves have returned to Europe. Wildfires are back in ruinous fashion, with thousands evacuated from the Canary Islands, whole cities in Italy shut down amidst 40-degree heat, and popular sites like the Acropolis in Greece closed to tourists for the foreseeable future.

EV Market Expansion

Yet, amongst the worrying pronouncements from the media and climate scientists, there is some cause for hope. According to one of the International Energy Agency’s (IEA) latest reports, the total market share of electric vehicle sales has more than tripled in the last three years, moving from a lowly 4% in 2020, to a 14% market share in 2022. What’s more, the IEA predicts sales will grow an additional 35% in 2023, as the electric vehicle revolution gathers pace.

The immense growth in global EV sales can be characterised as a mass popular awakening. Consumers across the globe are sitting up and take notice of the non-stop climate news coverage. The behaviour dial is shifting and markets are reacting, as prospective buyers now consider the environmental impact of a new vehicle as salient as performance power or safety rating. According to a 2022 study from Ernst & Young, for the first time in history, 52% of consumers who were intending to buy a car over the following 24 months said they would choose an EV or hybrid vehicle.

Investing in High-Growth Opportunities

But what does this mean for the financial markets, and where do investors now hedge their bets? Which stocks should investors direct their capital to in an age of growing uncertainty? Electric car manufacturers like Tesla, Rivian and Xpeng have already delivered strong investment returns over the years: the data shows that stocks of EV-related companies have been consistently outperforming traditional carmakers since 2019. Yet there are plenty of promising – and often overlooked –investment opportunities outside of car manufacturers.

With any new mobility product comes the need for greater infrastructure, support systems, technology and end-of-life treatment centres. The EU’s EV Charging Infrastructure Masterplan estimates that by 2050, approximately €1,000 billion needs to be invested in private and public charging infrastructure, power grid upgrades and capacity for renewable energy power generation. Historically, demand uncertainty has hampered investor appetite for EV charging opportunities, but as the recent figures show, demand has been growing at an extraordinary pace. Deploying investment in areas such as charging infrastructure will bolster consumer confidence in electric vehicles and encourage further uptake – which, in turn, will result in better investment returns for the long term.

Likewise, investing in EV battery stocks may be an attractive option for investors seeking growth opportunities. Industry research platform MarketsandMarkets estimated that the global EV battery industry was worth $56.4 billion in 2022. It is set to grow at a compound annual growth rate of 19.9% to reach a value of $134.6 billion by 2027. There is increasing recognition of the opportunities this presents; for example, approximately $73bn in planned US battery plants were announced in 2022 alone, according to consultancy Atlas Public Policy.

Investing in Minerals of the Future

However, beyond charging stations, power grid upgrades and batteries, there is another area of the EV market that requires urgent investor attention. The production of electric transport solutions is not possible without a few key ingredients, such as lithium, cobalt, copper, nickel, germanium, and manganese. Whilst at first glance, it may seem counterintuitive to allocate more capital to minerals extraction and mining exploration when trying to save the planet, this is in fact necessary to avoid future supply shortages and achieve the transition to clean transport.

Without this, we will simply not be able to extract enough critical raw materials to build the batteries that will power the cars, planes, and locomotives of the future. Take for example, the lithium market, where prices have risen 800% over the past three years on the back of soaring demand and supply crunches. In order to meet net-zero goals, the mining and metals sector will need to deliver its biggest purchase order in human history. That is to say, mining companies must move to radically scale-up the production of these materials, following decades of underinvestment.

Crucially though, the ramp up in mining capacity has to take place in a responsible and sustainable manner, without damaging the local environment, releasing vast amounts of greenhouse gases, or negatively impacting local communities. Investors and industry actors must therefore direct funds to projects with a clear plan to mitigate these risks and promote responsible sourcing practices, such as operations powered by renewables or those reprocessing waste tailings in the region. This is particularly important in more complicated jurisdictions, such as the Democratic Republic of the Congo, which produces around 70% of the world’s mined cobalt, a key component of EVs.

And investment is more than just money, more than returns, portfolios, and certainty for stakeholders, but also about collaboration. No one country can achieve net zero on its own. Global low-carbon economies are only possible when we all work together, and that includes the financial markets. The battle to reach net zero is far from won. In fact, without the full force of private investment, we are likely to fall short of the IEA’s Net Zero 2050 Scenario. The good news for investors is that the EV sector’s unprecedented market growth presents promising opportunities to be taken advantage of.

EU’s New Rules on Retail Investing: A Game Changer for Financial Markets?

The European Union (EU) has recently introduced new rules governing retail investing, aiming to enhance investor protection and promote market transparency. These regulations, which come in the wake of several high-profile investment scandals and market volatility caused by the ongoing global economic uncertainty, have sparked debates about their potential impact on financial markets.

One of the primary objectives of the EU’s new rules on retail investing is to enhance investor protection. The regulations impose stricter requirements on investment firms, particularly when offering complex financial products to retail investors. Firms will now be required to provide clearer and more comprehensible information about the risks associated with these products, ensuring that investors have a better understanding of

The new rules also aim to improve market transparency by addressing issues such as conflicts of interest and the role of technology in trading. Investment firms will need to disclose any potential conflicts of interest that could influence their advice or recommendations to clients. Moreover, the regulations seek to ensure that retail investors have access to fair and transparent pricing information, reducing the likelihood of market manipulation and unfair trading practices.

Globally, there has been a steep increase in the number of retail investors and this can be attributed to the ease of access of trading applications, increasing number of stocks, assets and options available for investment. Retail investors accounted for over half (52%) of global assets under management in 2021, and this is expected to reach over 61% by the end of the decade.

This has however also meant more cases of unfair trading, bigger risks, and increased misinformation – which is especially important as younger generations have been found to carry out more research before making a decision on an investment, and therefore need the right information. These rules should help resolve these issues to an extent.

Additionally, a tougher economic climate has also increased the pressure on consumers to diversify their streams of income, and therefore approach retail trading as a way of making money through both long-term and short-term gains. These new rulings provide further protection to retail investors looking for ways to make an income to support during an economic downturn.

Potential Market Disruptions

While the new rules are intended to protect investors and promote transparency, there are concerns that they could lead to some disruptions in the financial markets. The increased regulatory burden on investment firms might result in additional compliance costs, which could, in turn, impact their profitability. Some argue that these added costs could prompt firms to limit their offerings or raise fees, potentially reducing access to certain investment products for retail investors.

There is also a possibility that these new guidelines result in the detriment of the very products and investors it aims to protect. Due to the enhanced investor protection measures, it may result in an overall more risk-averse environment, with investment firms becoming cautious about offering complex or innovative products to retail investors. This could stifle market innovation and limit opportunities for investors seeking higher returns.

Market Adaptation and Potential Benefits

While the initial implementation of the new rules may pose challenges, the financial markets have a history of adapting to regulatory changes. Investment firms are likely to adjust their business models and practices to comply with the regulations, potentially leading to a more sustainable and resilient financial system in the long run.

Furthermore, the proposed enhanced investor protection measures could help restore confidence in the markets, attracting more retail investors who may have been previously wary of complex financial products. By fostering a more transparent and trustworthy environment, the regulations have the potential to strengthen market integrity and stability.

These proposed rules will ultimately be beneficial to the market by promoting market transparency, efficiency and trust, and to the investor due to the added investor protection being put into focus. Positives on both sides will therefore lead to greater advancements in this growing industry.

It has long been said that cash is king. After so much time unchallenged, its rule is under threat like never before due to the rise of alternative payment methods. These alternatives tend to share something in common: they are made possible through innovative digital technologies.

We can see the effect, globally, in the numbers regularly shopping online or using their smartphones to pay for items in person. This has only been turbocharged by the Covid-19 pandemic, as people were driven to use contactless payments.

The fundamentals of the financial world have pointed this way for a long time. There has been a clear and consistent decline in the use of physical currency over the last two decades, with the use of notes and coins falling by a third.

Fintech is challenging the reign of cash to all our benefit

Meanwhile, the growth in digital payments has remained robust and resilient. The cumulative result was laid bare by a recent report from the World Bank, which estimated that as many as two in three adults now make or receive digital payments.

At the same time, big banks have continued over recent years to gradually shut local branches or reduce their hours of operation. Such decisions made it harder for people to access cash, especially in rural communities.

Money is going digital across the globe, with Africa at the centre of this phenomenon. As the Global System for Mobile Communications Association found, the continent is home to most of the global value of mobile money transactions —at $495 billion out of $767 billion.

I know this only too well having built Moniepoint into Africa’s largest fintech by transaction volume, now servicing over 600,000 businesses across the continent and beyond.

In these tough times, we used our cuttingedge technology such as point-of-sale terminals to help companies sustain their operations. Through digital payments, businesses have been able to count on smooth, secure and fast transactions.

Digital payments can level the playing field for small businesses and entrepreneurs by providing them with access to a fast, secure, and affordable payment system, helping them to grow their businesses and create jobs.

Of course, technology needs a robust banking infrastructure to be used successfully. We have found this for ourselves, taking measures to reduce processor failure disputes to very low daily levels, and reduce downtime by 60%.

Such work is technically demanding, but it is vital in order to maximise user confidence and facilitate business operations. By minimizing downtime, we ensure uninterrupted services, allowing people to get on with their lives and for entrepreneurs to do more of what they do best.

The future of digital payments is clearly positive. By 2025, over half of all payments around the world are expected to be made digitally. We need to be ready to make the most of the digital revolution as it continues to disrupt the way we live and work.

But there is still more to be done. We know cyber-criminals will continue trying to find weaknesses in digital banking infrastructure to exploit, which is why fintech firms like ours work overtime to ensure our systems have the highest security possible. We also know people still have limited internet access or ability to use a smartphone, so financial education and inclusion remains key.

Finally, it is important to remember that digital payments are not a one-sizefits-all solution. Different people and businesses have different needs, and there is no single payment method that will work for everyone. The key is to have a variety of payment options available so that people can choose the one that best suits their needs.

When many people are feeling the cash crunch around the world, we must be ready for a digital-first financial future. By grasping the benefits and challenges of these new alternative methods of payment, we can make sure everyone is better off.

The Securities Exchange Commission’s (SEC’s) primary function is to protect investors, by drafting and enforcing regulations which hold firms accountable for their actions. One fundamental example of this is that all interactions between brokers and investors must be scrutinized, to ensure no wrongdoing.

The prevalence of digital communications in the modern world has prompted a regulatory overhaul, and since September 2022, the SEC has expanded record-keeping requirements significantly. Two of their standout actions are listed below.

i) Rolling out a new marketing rule, which has fundamentally altered which communications must be captured by regulated firms.

ii) Alongside the Financial Industry Regulation Authority (FINRA) and Commodities Futures Trading commission (CTFC), administering billions of dollars worth of penalties in an industrywide crackdown on the illicit use of mobile devices.

As a result of this activity, compliance has taken center stage. Communications surveillance platforms are now less of an insurance policy and more of a mandatory requirement. More than ever, the compliance function directly impacts staff behaviors, and so its implementation will affect the entire organization it serves, rather than just the compliance team. It’s no longer just a box to be ticked.

We’ll take a deep dive into the critical roles within any organization, and how they influence a buying decision for monitoring and surveillance vendors.

CHIEF FINANCIAL OFFICER Cost-effectiveness

As with every product or service that the firm uses, cost is a major consideration for the CFO. Compliance can be a costly business, and mitigating as much risk around non-compliance will be forefront for the CFO. Assuming value from any potential vendors will also be critical, meaning priorities will lean towards competitively priced offerings.

Transparent fees

When considering service agreements, it’s important to understand that ‘hidden’ fees are common in the surveillance sector. Firms may be billed additionally for platform training, for example, a feature which could reasonably be expected to be included in the cost of service.

The SEC Rule 17a-4 mandates that records of business communications must be maintained for 6 years. In order to achieve this, firms may be charged data export fees when they leave their surveillance vendor. This ties users into the working relationship indefinitely, as the export fees can be extremely costly, as it’s generally based on the volume of data.

Hidden fees make budgeting very difficult as the CFO can never be certain what’s around the corner, or what’s waiting at the end of the contract.

Modern Platform Capture

As mentioned, the SEC and CTFC issued over $2 billion worth of penalties last September over the unauthorized use of WhatsApp across the industry. Any CFO will be keen to keep their firm out of the financial firing line, so while there is greater cost in monitoring additional channels (WhatsApp, Telegram), they may deem it worthwhile for full peace of mind.

Regulators take time to legislate for new forms of misconduct, but have shown a willingness to issue retrospective penalties once they have done so. From SMS to WhatsApp, iMessage, WeChat and Telegram,

the list of different (largely mobile) corporate channels has grown as digital platforms have proliferated. Partial compliance is just another phrase for noncompliance, and so it would make sense for the CFO to support their COO in capturing as many of these channels as possible, to avoid any nasty surprises in the future.

Evolving capture capabilities

The CFO should look for a vendor that is able to react quickly to develop their product and evolve with regulatory demand. Some leading providers are built on antiquated systems and require longer product development cycles, which could have damaging financial repercussions.

CHIEF OPERATING OFFICER

Minimal restrictions

For any business, communicating on their clients’ terms gives a competitive advantage. By limiting the number of authorized channels that brokers can use, it may mean binding them to a platform which a client or prospect is not comfortable with using. Deals come down to making people’s lives easier, and a COO will know that the less restrictions they impose, the better. For example, SMS is the preferred avenue of brand communication for 48% of consumers. Email is the next highest, with just 24%.

It’s not only about making consumers happy; the COO can optimize efficiency by enabling brokers to operate compliantly, whatever their preferred channel of communication may be.

Finger on the pulse

Capturing many platforms is not just about regulatory cover. There’s a reputational risk if firms can’t capture modern platforms, as they won’t engage tech-savvy prospects. The COO will recognize that a conservative approach is not sustainable in the current digital landscape, and should look for adaptability and modern platform capture in their solution.

Native Threading

Native threading should also feature on the COO’s wishlist, as once again, the less habits need refining, the more efficient the compliance process will be. In the communications surveillance sector, frustration has intensified around messages not being displayed in their native format, making compliance reviews confusing and time-consuming. By reviewing content in the format they recognize, they’ll save time and speed up the entire operation.

Actionable Insights

The insights from archived data are valuable business drivers. While all vendors will provide this information to a certain extent, one key differentiator is the quality of website capture. Website performance can be best evaluated and experienced through ‘replay’ – the ability to access an interactive version of the website as it appeared at the time of capture.

This is more effective than the relatively disjointed process of analyzing screenshots, as it gives a more authentic feel for the user journey. It is more appealing to regulators too, for the same reason. As a result, the COO should only settle for full replay capabilities in order to better understand their customers.

Customer Service

Communications surveillance software is technical, and as its capabilities expand, its implementation across a wider team becomes more complicated. This is often difficult with older, less digitally-adept employees, and so a reputation for prompt, effective training and customer service is extremely valuable. This should be a key consideration for the COO, to avoid damaging bottlenecks.

LEGAL DEPARTMENT Marketing rule compliance

Ideally, the surveillance solution will capture all digital channels in order to comply with the new SEC Marketing Rule, which is mandatory. By capturing everything, from Slack to email, websites and social media, the legal department won’t need to worry about the implications of digital ‘advertisements’ being missed. Mobicomms compliance

We have already discussed the huge fines issued across financial services in the past year, for the improper use of mobile messaging apps. The legal department will need to consider that even if a compliance risk is identified and certain channels are banned, they could still be used, unauthorized, by employees that have come to rely on

their convenience. It is therefore in the legal team’s interest to capture as many platforms as possible.

Furthermore, if a solution can be implemented which separates business and private communications on personal (BYOD) devices, this would certainly be worth exploring as an additional layer of protection.

Full-Text Search

When a legal hold (or litigation hold) is activated during the process of eDiscovery, the organization in question can suddenly be compelled to produce six years worth of electronic records. Archived content can be used to support such situations, and it’s extremely useful if the accumulated data is easily searchable, so the legal department can pinpoint the appropriate sections without rooting through vast swathes of data. Searchability is therefore a very valuable feature, and one that legal teams will depend on.

Evolving capture capabilities

Legal monitoring takes up a large chunk of the legal team’s day to day workload. It’s important that the solution they select is able to pivot quickly and adapt in the transitory compliance landscape, which they will be pushing to keep pace with.

CHIEF TECHNOLOGY OFFICER

A future-proof solution

The CTO is likely to favor a vendor that is in tune with modern communications channels. This means less limitations, greater adaptability, and simpler integrations with any wider tech projects. Even if the firm is not currently using a full suite of modern platforms, the wider surveillance capability is useful should they wish to expand their communications channels in the future.

Onboarding

While the CTO will be technically-minded, they’ll benefit from a vendor that leads on onboarding, ensuring that everything is in place for a smooth transition while projectmanaging the vital (and sensitive) process of data migration. Poor response times and connection difficulties should be avoided, so it’s worth conducting some research to ensure no time is wasted.

Certification

Data surveillance is a complex procedure, fraught with technical and legal considerations. The CTO will need peace of mind that their company data is being handled appropriately in a reliable, robust, platform. Appropriate ISO & SOC certifications and listings with the relevant authorities (such as the FINRA Compliance Vendor Directory) should provide reassurance.

THE GREATER GOOD

There are clearly myriad factors when considering a communications surveillance vendor. Success looks different in every role, and so different features provide different benefits to different stakeholders.

Many of these details are intrinsically linked. Technological shortcomings could eventually have legal repercussions, which will in turn impact the firm’s finances, and so on. Businesses should therefore strive to choose a solution that has the best holistic impact on your organization, keeping them out of the headlines while having minimal impact on employees’ day to day behavior.

Most importantly, they should do their research. The status quo shifts frequently in the compliance landscape, and it would be smart to equip themselves with a solution that can adapt with it.

About the Author

Harriet Christie, Chief Operating Officer – Harriet graduated from the University of Sheffield in 2010, with a BA in Management Accounting, Entrepreneurship, Business Law, BSR, HR. She entered the Tourism space, starting as an Accounts Executive at LateRooms.com, and earning the title of Global Accounts Manager within 3 years. She occupied this role for a further 5 years as the business continued to evolve and flourish, before taking up her role as a Key Account Manager with MirrorWeb, a communications archiving solution based in Manchester.

Harriet was appointed Chief Operating Officer in 2020. Since then, she has helped oversee the evolution of the MirrorWeb product and service offering, as well as the business’ impressive growth since her taking on the role.

Best practice to improve mission-critical software during a crisis – through improved software development practices

Utilities, communications networks, defence, and finance systems are all critical to keeping up and running as much as possible during natural disasters and other crises. One thing they all have in common is their increasing dependency on software systems to ensure continued operation. And that means that the code used to create all that software must be robust and able to cope with sudden peaks in demand and secure against cyberattacks. Techniques such as continuous testing, automated code inspection, coding standards, adopting a more securityfirst approach, and making the most of available knowledge sources can contribute to a safer, more secure software development environment.

Baking security into software’s creation is vital, because one of the primary ways vulnerabilities are created is during the software development stage, caused by errors when source code is written. For example, when an SQL statement is made using unvalidated input, this could lead to an attacker being able to read or modify confidential data or execute arbitrary commands, such as deleting all the information in the database. During a crisis, a cyberattack is the last thing anyone needs.

However, the risk of cyberattacks aside, having the confidence that systems that support citizens and their country will be fit for purpose during a crisis is also paramount. Vulnerabilities that creep in during the software development process can lead to performance issues, malfunctioning, or even downtime at a later stage.

This is why ensuring that software development processes supporting all these critical systems are rigorously managed and as securely as possible is essential. Also, many organisations and firms involved in these markets must ensure that their software development processes comply with compliance requirements.

However, the increasing complexity of software can create challenges, plus traditionally security has not been an inherent focus for developers (though this is changing). However, there are multiple steps that organisations can take to address the situation.

Look at the bigger picture

Start by looking at the bigger picture and examining all software sources internally and across the supply chain. Areas to scrutinise include legacy code, which can present issues, especially in the absence of prior testing or current technical support. Open-source software has significant benefits, but its easy accessibility makes it a target for malicious attacks. Likewise, unless commercial off-the-shelf software (COTS) is supported with strict requirements and proper testing, integrating it into mission-critical systems could present some risks.

Once this bigger picture is identified and understood, the next stage prioritises cybersecurity and code quality as part of software development processes. In practice, this includes alignment between the development and other business teams and finding strategies to adapt to various situations.

Continuous testing

Also consider applying a continuous testing strategy, a practice that plays a vital role in improving code quality and security throughout the development lifecycle. By continuously testing software, organisations can identify and address issues early, reducing vulnerabilities and enhancing overall robustness.

In addition, continuous testing helps identify and address vulnerabilities in various software sources, including legacy code, open-source software, and commercial off-the-shelf software. By rigorously testing these sources, organisations can mitigate risks and ensure the resilience of mission-critical systems.

Using industry-wide resources and standards

In addition, teams can draw on a vast set of industry-wide knowledge, for example, the community-led Common Weakness Enumeration (CWE) Top 25 list of the most widespread and critical vulnerabilities. Similarly, the Open Web Application Security Project (OWASP) Top 10 covers critical security risks for applications based on analysing exploits most used by hackers and the level of subsequent damage. There are also tests standards and frameworks

available, such as the OWASP Testing Guide. Plus, some vertical markets have specific security standards of their own, such as DISA ASD STIGs for defence, and PCI PA-DSS for financial services.

Another valuable resource is coding standards, which are, in essence, sets of rules or guidelines that say ‘do this’ or ‘do not do that’. Returning to the earlier SQL example, a coding standard might instruct users to use only constant strings when creating SQL statements. However, coding standards are not just for security purposes; they are often used as part of compliance processes or purely to enhance to quality of code being created. Coding standards are a great way to encourage more consistency of ‘clean’ code across an organisation’s development teams.

Popular coding standards include MISRA and MISRA C:2012, which ensure that code created in C and C++ programming languages is safe and secure. Furthermore, the MISRA C:2012 addenda include guidance on mapping to the secure coding rules within ISO/ IEC TS17961:2013 and CERT C. Some organisations also write their own in-house coding standards, and, in addition, it is common to use more than one coding standard.

Automation

However, it is essential that observing known vulnerabilities and working towards coding standards does not demand unreasonable amounts of extra effort and time from developers, who typically already over-stretched resources. So, ways must be found to automate code quality into software development as much as possible.

For instance, coding standards would be time-consuming to apply manually, so they are increasingly implemented using static analysis tools, which examine source code for weaknesses, non-conformity, or and in compliance. This takes place while the code is being written, in background mode, giving developers confidence that they are developing code that adheres to guidelines.

A further automation example can be found within continuous testing. By automating various tests, such as unit, API, UI, security, and performance tests, organisations can efficiently execute tests at every stage of the development lifecycle. This automation saves time, provides thorough test coverage, and enhances the reliability of missioncritical software.

Visibility

By using a continuous security and code compliance platform, organisations have a single pane of glass and a centralised store of analysis data, trends, and information for codebases. For instance, continuous testing provides real-time insights into code quality, compliance, and project trends. As a result, developers can view trending data for project quality and compliance purposes, make more informed decisions, and have access to valuable data for report generation.

Beyond in-house teams, it is also vital that code quality and risk management extends across the supply chain, based on visibility, so that newly procured software can be validated and existing code audited.

Shift Left

Another method increasingly used to improve code quality and security without slowing down development velocity is Shift Left. Over the past few years, the Shift-Left movement has been growing, based on the theory that by doing as much as possible in the software development life cycle (SDLC), costs and rework later on can be minimised.

Many teams already embrace Shift-Left via CI (Continuous Integration) systems, encouraging the integration of changes as early as feasible. This also fits within DevOps, of which DevSecOps is an extension, whereby the focus shifts from the development and operation of systems to include security and robustness. Now, there is also the concept of Shift-Left security, applying the same Shift-Left principles to security practices and requirements. Both static analysis and continuous testing tools align with the Shift-Left security concept, ensuring that security practices and requirements are addressed early and throughout the development process.

All these processes and tools will help support the quality, safety and security of codesupporting critical systems during a crisis. Of course, this is just one of many aspects to consider, but in a world increasingly dependent on software, it is increasingly important and deserves a solid foundation that prioritises code quality and security.

Gordon Saladino has over 40 years of experience in software technology. He has applied his skills and experience to the analysis, design, development, debugging, packaging, and delivery of software products. Currently, he is a Solutions Architect for Klocwork, and provides post-sales technical account management, which includes: planning, guidance, production deployment, custom configuration, custom integration, product tuning, dynamic problem solving, issue citing, training, system health checks, proactive product support, ROI management, and customer relationship management.