Global Banking & Finance Review Issue 62 - Business & Finance Magazine

Chairman and CEO

Varun Sash

Editor

Wanda Rich email: wrich@gbafmag.com

Head of Distribution & Production

Robert Mathew

Project Managers

Megan Sash, Amanda Walker

Video Production and Journalist

Phil Fothergill

Graphic Designer

Jessica Weisman-Pitts

Client & Accounts Manager

Chanel Roberts

Business Consultants

Rick Saikia, Monika Umakanth, Stefy Abraham,

Business Analysts

Samuel Joseph, Dave D’Costa

Advertising Phone: +44 (0) 208 144 3511 marketing@gbafmag.com

GBAF Publications, LTD

Alpha House

100 Borough High Street London, SE1 1LB United Kingdom

Global Banking & Finance Review is the trading name of GBAF Publications LTD Company Registration Number: 7403411

VAT Number: GB 112 5966 21 ISSN 2396-717X.

The information contained in this publication has been obtained from sources the publishers believe to be correct. The publisher wishes to stress that the information contained herein may be subject to varying international, federal, state and/or local laws or regulations.

The purchaser or reader of this publication assumes all responsibility for the use of these materials and information. However, the publisher assumes no responsibility for errors, omissions, or contrary interpretations of the subject matter contained herein no legal liability can be accepted for any errors. No part of this publication may be reproduced without the prior consent of the publisher

editor

Dear Readers’

Welcome to Issue 62 of Global Banking & Finance Review. As we navigate through a rapidly changing digital landscape, this edition brings to the forefront crucial topics that will influence the future of banking and finance. We delve into the challenges and opportunities presented by advanced cyber threats, regulatory requirements, and the pursuit of enhanced digital identity frameworks. Our mission is to equip you with insights and strategies that not only inform but also empower your decisions in this dynamic industry.

In cover story on page 44, Paul Robichaux, Senior Director of Product Management at Keepit, addresses a critical issue: ransomware. With an increasing rate, scope, and complexity of attacks, "You will get hit by ransomware. Here’s how to ensure business continuity," explores the inevitable challenge of cyberattacks and the essential preparations your organization needs to withstand and recover from such disruptions. This piece underscores the importance of robust, segregated backup systems and granular recovery solutions, emphasizing preparedness as the cornerstone of resilience.

On page 18, we delve into the regulatory landscape that is set to reshape the operational frameworks of financial institutions. "Demonstrating Digital Resilience with DORA Compliance", Simon Maharaj and Daniel Maw from D2 Legal Technology, discuss the impending Digital Operational Resilience Act (DORA). With a 2025 compliance deadline looming, this article outlines the critical steps and strategic considerations necessary to align with these new mandates, enhancing cyber resilience across Europe’s financial sector.

Turning to page 26, Alex Ford, President of North America at Encompass Corporation, presents "The Evolution of Corporate Digital Identity Technology in Banking." This article highlights how Corporate Digital Identity (CDI) is becoming integral in redefining client onboarding and KYC processes. By integrating real-time public data with proprietary client information, CDI offers banks a transformative approach to customer interaction, significantly improving efficiency and compliance.

Head to page 16 to join Axel Rebien, CEO of Serrala, as he shares his philosophy in "When I go into a meeting, I’m not the CEO; I’m the customer." This narrative dives into the heart of customer-centric leadership, exploring how embodying the customer’s perspective can drive successful, impactful business decisions. Axel’s approach offers a unique insight into nurturing a business culture that truly values customer outcomes as the pathway to business excellence.

We appreciate your continued readership and invite you to share your thoughts on how we can better serve your needs in future editions. What topics would you like us to cover next? Let us know!

Enjoy the journey through our latest issue!

Stay caught up on the latest news and trends taking place by signing up for our free email newsletter, reading us online at http://www.globalbankingandfinance.com/ and download our App for the latest digital magazine for free on Google Play and the Apple App Store

BUSINESS

A considered AD strategy will ensure heritage bank brands stay relevant

Matt Forrester, Senior Manager, Snapchat

The evolution of Corporate Digital Identity technology in banking

Alex Ford, President, North America, Encompass Corporation

Jakub Piotrowski, VP of

The Unseen Ethical Considerations in AI Practices: A Guide for the CEO

Eric Huiza, Global Chief Technology Officer, Aionic Digital

Bridging the gap: how CMOs can win the affection of the CFO

Greg Dos Santos, CFO, Incubeta Americas

When I go into a meeting, I’m not the CEO; I’m the customer

Axel Rebien, CEO, Serrala

Demonstrating Digital Resilience with DORA Compliance

Simon Maharaj, Managing Consultant, D2 Legal Technology (D2LT) Daniel Maw, Consultant, D2 Legal Technology (D2LT)

Don’t Let Entity Structure Hold Back Your Global Expansion Plans

Bjorn Reynolds, CEO, Safeguard Global

Tom Eyre, Co-Founder and Co-CEO, Loqbox

Why financial institutions need to set KPIs for effective AML

Gabriella Bussien, CEO, Trapets

Harnessing Generative AI for Compliance in Financial Services

Fabio Ardossi, Partner, Data Reply

What the UK Procurement Act 2023 means for B2B payments

Pat Bermingham, CEO, Adflex

Top concerns among CFOs for 2024, and how they can mitigate against external risks

Rene Ho, Chief Financial Officer, Taulia

Svetlio Todorov, Managing Director,

Balancing Convenience and Security: Navigating the Potential of Super Apps

Chris Roeckl, Chief Product Officer, Appdome

Top 10 Tech Trends In 2024 Everybody Must Be Ready For

Greg Virgin, CEO, Redjack

Fixing the Public Sector IT Debacle

Mark Grindey, CEO, Zeus Cloud

Female Leadership is Shaping the Italian FinTech Sector

Clelia Tosi, Head of Fintech District

You will get hit by ransomware. Here’s how to ensure business continuity

Paul Robichaux, Senior Director of Product Management, Keepit

The Unseen Ethical Considerations in AI Practices: A Guide for the CEO

Artificial Intelligence (AI) is only accelerating its adoption among global corporate enterprises, thus CEOs and business leaders are positioned at the confluence of innovation and ethics, as it relates to implementing AI projects, in their businesses.

While technical prowess and business potential are usually the focus of conversations around AI, the ethical considerations are sometimes overlooked, especially those not immediately obvious. From a perspective that straddles the line of business leadership and technical acumen, there are five critical, yet often missed, ethical considerations in AI practices that should be part of your due diligence in starting any AI projects:

1. Bias versus Morals: The ethical design imperative

While much has been said about data bias, less attention is paid to bias in AI design and development phases. Ethical AI necessitates considering not just the data inputs but also the underlying algorithms and their predisposition towards certain outcomes.

Bias and morality diverge in the domain of AI due to their distinct natures. Bias refers to systematic errors in judgment or decision-making, often stemming from ingrained prejudices or flawed data. However, an ethical AI framework begins with inclusive design principles that consider diverse perspectives and outcomes from the outset. In contrast, morality embodies principles of right and wrong, guiding ethical behavior and societal norms.

While bias is generally viewed as detrimental, AI often requires a degree of bias to function effectively. This bias isn’t rooted in prejudice but in prioritizing certain data over others to streamline processes. Without it, AI would struggle to make decisions efficiently or adapt to specific contexts, hindering its utility and efficacy. Therefore, managing bias in AI is essential to ensure its alignment with moral principles while maintaining functionality.

2. Transparency and Explainability: Beyond the “black box”

AI’s “black box” problem is well-known, but the ethical imperative for transparency goes beyond just making algorithms understandable and its results explainable. It’s about ensuring that stakeholders can comprehend AI decisions, processes, and implications, guaranteeing they align with human values and expectations. Recent techniques, like Reinforcement Learning with Human Feedback (RLHF) that aligns AI outcomes to human values and preferences, confirm that AI-based systems behave ethically. This means developing AI systems where decisions are in accordance with human ethical considerations and that can be explained in terms that are comprehensible to all stakeholders, not just the technically proficient.

Explainability empowers individuals to challenge or correct erroneous outcomes and promotes fairness and justice. Together, transparency and explainability uphold ethical standards, enabling responsible AI deployment that respects privacy and prioritizes societal well-being. This approach promotes trust, and trust is the bedrock upon which sustainable AI ecosystems are built.

3. Long-term Societal Impact: The forgotten horizon

As leaders, it’s our duty to ponder the future we’re building. AI is and will continue to change how we work, live, and play–all while being more productive. Ethical AI practices require a forward-thinking approach that considers the lasting imprint of AI on society. Aiming for solutions that benefit humanity as a whole, rather than transient organizational goals, is crucial for long-term success.

Ensuring ethical AI involves anticipating and mitigating potential negative consequences, like exacerbating inequality. Proactive measures include comprehensive risk assessments, ongoing monitoring, and robust regulatory frameworks. Moreover, encouraging interdisciplinary dialogue and public engagement enables informed decision making and promotes accountability. By prioritizing human values and well-being, ethical AI endeavors to enhance societal resilience, promote inclusivity, and create a sustainable future where technology serves humanity equitably and responsibly.

4. Accountability in Automation: Who takes responsibility?

Automation brings efficiency but also questions of accountability. AI’s rapid advancement demands government regulation and legislation to mitigate risks and ensure ethical use. Regulation is imperative to address concerns like privacy breaches. Legislations can establish standards for transparency, accountability, and safety in AI development and deployment. Regulations like these aid innovation by providing clear guidelines and helping bridge public trust. Collaborative efforts between policymakers, developers, and ethicists are imperative to strike a balance between promoting AI’s benefits and safeguarding against its potential harms.

CEOs must advocate for and implement policies where accountability is not an afterthought but a foundational principle. Ethical AI practices must establish clear accountability frameworks, which involves comprehensible delineation of roles and responsibilities among developers, operators, and stakeholders. This includes implementing feedback loops, robust auditing processes, and avenues for redress in case of unintended consequences. In an automated world, when errors occur, determining responsibility can become murky; stay ahead of government regulation by introducing ethical AI practices from the start.

5. AI for Good: Prioritizing ethical outcomes

Prioritizing ethical outcomes with AI necessitates deliberate consideration of societal impacts and values throughout the development lifecycle. Ethical AI practices involve actively seeking opportunities where AI can contribute to societal challenges—healthcare, environmental sustainability, and education, to name a few. It’s about coordinating AI initiatives with broader societal needs and ethical outcomes, leveraging technology that will facilitate and accelerate ethical practices.

Why Starting with Ethical Considerations Makes Sense

Harnessing the power of AI in business is quickly becoming table stakes, leaving those who don’t begin initiatives behind. Ethical considerations are the guardrails for sound decision making so that clients prevent potentially catastrophic results in the future, like regulatory and legal risks, averting potential fines or lawsuits. Ethical AI deployment also enhances employee morale and productivity, promoting a culture of responsibility and integrity within any organization. Starting with ethical expertise ensures that AI initiatives are not just technically sound but are also ethically responsible, sustainable, and in-step with corporate and societal values. Prioritizing ethics strengthens public and stakeholder trust, crucial for long-term reputation and customer loyalty.

Ultimately, beginning with ethical considerations demonstrates a commitment to corporate social responsibility and contributes to building a more ethical and sustainable business ecosystem. The future of AI is not just about what technology can do; it’s about what it should do.

A considered AD strategy will ensure heritage bank brands stay relevant

There are few sectors of industry that escaped disruption from the advancement of technology and changing consumer behaviour, but banking is possibly the one where there is the biggest division between the old guard and the new.

With the rise of digital-first challenger banks – the ‘heritage’ brands that have existed as bricks and mortar on our high streets for decades, should consider their customerfacing approach in order to stay relevant with the younger generation.

Studies show that a significant number of people stay with their first bank for more than 20 years (a surprisingly high number of people have a longer relationship with their bank than their spouse) so signing up new customers can mean more than a short term win for banks.

The banks that people my age grew up with have a longstanding foothold in culture – for example, Barclays sponsored the Premier League for years, Natwest the cricket and now Team GB at this year’s Olympics – but when it comes to engaging with young people, ways in which banks can get involved in cultural moments have grown and evolved, which is why digital-first banks with smaller budgets are gaining a market share.

So what do banks need to do to reach the next generation who are looking to open a current account, start saving, apply for a loan or credit card and even, in a few cases, start thinking about a mortgage?

Choose the right channel

Consumer behaviour is unrecognisable from 30 years ago when banks could lure young savers in with piggy banks and football stickers. Then, when TV was the primary advertising channel it was all so simple. Today, digital platforms have made word of mouth and recommendations from friends and family a very credible route for pre-purchase advice.

When making a financial decision we are considerably more likely to seek advice from close friends and family, and to demonstrate just how active this type of conversation is in group chats on Snapchat, our insight tools tell us the terms referencing ‘financial services’ comes up five times more than the term ‘Taylor Swift’.

Banks who have an ad presence in this type of online community will be in the right place at the right time. Then add in the digital advertising capabilities such as clicking through for more information (for 18+) or applying for a loan / account / mortgage on the same screen, and you are removing every single barrier to action, something no other advertising medium can deliver.

Opt for age appropriate messaging

This seems obvious but for too long banks have spent a disproportionate amount of their budget marketing to over 40s, when most of our big first financial decisions – from opening savings accounts and credit cards to taking out mortgages and loans – are made before we’re 30. If you want to reach younger audiences, digital advertising through online communities is the most obvious place to start.

The highly targetable parameters on offer mean that ads promoting specific, age-appropriate products can be tailored to the precise target audience with incredible accuracy, ensuring your ad spend works as hard as possible.

Be consistent with your creative output

Tailoring your messages to different audiences is something that is eminently possible but not implemented as much as you might think, but keeping your visual look and feel consistent across every message and touchpoint, with content that looks and feels like the brand, will have maximum impact.

As for the message itself, it’s a misnomer that young people need to be constantly amused with brand messaging, and funny is so subjective I’d never advise it as a priority particularly for something as important as financial services marketing. However, entertaining is definitely something to strive for, in order to engage and be memorable. Oh, and offers. Everyone loves an offer.

Be helpful and interesting

We all know financial education in schools is not as strong as it could be, so any bank that can join the conversation in an authentic and unpatronising way to offer actionable, nonpartisan, qualified advice about financial matters will create an important connection with the audience.

EE does this very well in the telco space, offering an online tool for people to use whether they’re customers or not, including a free course to help prepare children for the digital world, as well as countless videos designed to help young people navigate school and life, covering everything from STEM to self-care.

A bank that offers this level of education – explaining interest rates and how they affect us, for example –in an informative and useful way would gain traction easily.

Take care when using finfluencers

However, while online communities are synonymous with influencers and creators, I would advise caution when seeking the right fit when it comes to working with ‘finfluencers’. According to McCann Relationship Marketing, 62% of 18 to 29-year-olds follow finfluencers and 74% said they trusted their advice. But financial decisions and financial matters are of the utmost importance and so it’s extremely important to work with influencers who really know what they are talking about and who are qualified to speak on the topic, and as a result, the Financial Conduct Authority recently announced that they are cracking down on this.

Competition to heritage bank brands has been around for a long time but thriving through this will come down to their approach to marketing, specifically the way they utilise the wealth of possibilities that online communities offer when it comes to building awareness, confidence, trust and, ultimately, loyalty.

Bridging the gap: how CMOs can win the affection of the CFO

In the ever-evolving business landscape, the relationship between marketing and finance is crucial. While they may have traditionally been seen to operate in different spheres, they are both ultimately working towards the same goal – and that is growing the business.

Yet there is often still a divide between the two. Marketing may feel like finance doesn’t understand the nuances in its strategies and the potential of its technology. Finance, on the other hand, might think that marketing is focussed on the wrong metrics – those that fail to demonstrate ROI and value creation – and therefore is not managing its budgets responsibly. This creates a tension that is holding both parties back.

To achieve success, we need to find a common ground and align our strategies. Marketers have more tools than ever to help provide the insight their finance team needs for reporting, budgeting, and forecasting, and finance can support marketing by further demonstrating the impact of their campaigns on business performance. It is all simply a matter of collaboration.

Speaking the CFO’s language

Communication is key to any relationship, and the partnership between marketing and finance is no different. As the marketer’s toolbox continues to grow and they have access to increasingly detailed analytics, it is crucial that other departments are kept up to date with marketing activities and how these will impact the business.

When sharing this information with finance, it needs to be conveyed in a way that aligns with the team’s objectives. This means moving away from qualitative brand metrics, and instead presenting quantifiable data that connects marketing activities to financial outcomes and shareholder value.

With the sophisticated tools marketers now have available to them, it has become far easier to depict the customer journey and accurately demonstrate the success of a campaign. Much of the insights gained can be used to drive future strategies, however, to secure buy-in and budget from the CFO, there needs to be a focus on the key financial drivers, such as customer acquisition costs, customer loyalty, lifetime value and retention.

Getting the tech team involved

There is some very exciting technology available to marketing teams at the moment and as the capabilities of AI continue to unravel, there will no doubt be more outstanding tech to come. New technologies, however, come at a price, and for finance teams to have confidence in such an investment, they need to see evidence of the benefits it will bring.

Any proposal for a new piece of technology also needs to be quantifiable, with a clear business case tying it to ROI. To achieve this, marketers should collaborate cross-functionally with tech teams to understand and effectively communicate exactly what is expected from a proposed solution; not only highlighting how it will contribute to the brand’s success or drive efficiency, but also proving it is practical, technically sound, and can scale within the company’s existing ecosystem.

CFOs, for their part, can help by aligning on testing and experimenting with new tech. Though a clear business case should be presented first, in many cases, the true impact of a new solution won’t be seen until it is used. It is wise to undertake a proof of concept, and/or a trial

period depending on the tech, to help validate key assumptions and measurable impact prior to further commitments. Business leaders from all departments, including the CMO, CFO and CTO, should work together and set goals for implementing pilot programs for new technology; supporting additional funding by testing it on a smaller scale and providing concrete evidence of its impact and effectiveness.

Promoting a culture of collaboration

Ultimately, the best way to build and maintain a healthy relationship between marketing and finance is to encourage on-going collaboration. This shouldn’t be limited to quarterly planning meetings; it should be an integral part of day-to-day operations.

Running regular workshops with both the marketing and finance teams is a good starting point for this. Both teams can use these sessions to openly discuss their visions, strategies and concerns, with scenario planning and forecasting to help determine the potential impact of various marketing strategies on the company’s finances.

Additionally, establishing congruent goals is another important element of bringing the two teams together to drive overall business success.

Shared goals can be used to work towards common outcomes, encouraging teamwork and removing the likelihood of departmental silos. They will also lead to more regular, open communication between finance and marketing, helping to further strengthen their relationship.

A united approach to marketing and finance

Simply put, the solution to building and maintaining a healthy relationship between marketing and finance is communication. The CFO is far more likely to endorse budgets for a campaign or a new technology if they can see a tangible impact, so the focus needs to be on presenting results and business cases using metrics that showcase outcomes such as better website conversion rates, higher quality of leads generated, lower customer acquisition costs, improved customer retention, cost efficiencies and revenue growth.

Doing this can result in a formidable alliance between both teams – one that is clear on goals, aligned on how to achieve them, and helps everyone involved to better understand the impact, success, and opportunities.

Balancing Convenience and Security: Navigating the Potential of Super Apps

The rise of mobile “Super Apps” gives financial services organisations an unprecedented opportunity to consolidate brand power and extend the business into new consumer offerings. It’s also a boon for consumer behaviour, promising unmatched convenience by integrating diverse services like banking, messaging, and e-commerce into a unified platform.

Revolut‘s planned venture into telecoms further underscores the growing influence and versatility of Super Apps. Other industries are following this path, including transportation (Uber), commerce (Amazon and Walmart), and even entertainment (Spotify), signalling a significant shift in the industry. However, as convenience expands, so does the realm of cybersecurity challenges.

The shift to mobile

The Covid-19 pandemic forever changed the digital landscape, laying waste to traditional bank branches and access via a desktop web browser. Mobile is now king of all digital transaction, creating new opportunities for mobile brands. With the broad adoption of mobile, especially with traditional bank branch continuing to close, cybercriminals are increasingly looking at mobile as their main attack vector. Just looking fraud alone, about 580 million was lost to fraud in the first half was lost to fraud in the first half of 2023 alone, highlighting the gravity of this security concern. alone, highlighting the gravity of this security concern.

The diversity and complexity of new attacks and threats against mobile apps, sadly, is staggering. Gone are the days when protection against fraud and attacks were the responsibility of the mobile consumer. The responsibility has moved squarely with the mobile brand to protect their mobile end users. A major security event will destroy a brand –costing millions to remediate and millions more to regain consumer trust.

As such, for financial service organisations wanting to invest in a Super App they must ensure it coincides with security measures that are properly implemented. This means asking themselves if there is a clear plan to oversee and track the integration of security measures throughout the development process. Determine whether there are systems in place to monitor potential real-time security threat. And finally, ensure the implementation of security measures are seamlessly integrated into the development and deployment process.

Enter the era of Super Apps

The emergence of Super Apps introduces a new dimension to these risks. Super Apps host vast reservoirs of data and provide developers with the ability to integrate multiple services, such as bill payments, loan applications, digital wallets, wealth management, and even being able to purchase insurance.

The challenge is that integration opens new doors to threats and attacks. Incorporating third-party components into Super Apps, coupled with extensive data storage, escalates the risk of security attacks. Overlooking these risks can lead to non-compliance with forthcoming regulations such as the NIS2 Directive. Initially designed for network and information systems, the directive has been extended to include mobile devices, establishing requirements for security measures, incident reporting, risk management, and cooperation.

Unlike standalone apps, where developers have total control over workflows, Super Apps amalgamate functionalities from diverse providers. This complex integration expands the app’s vulnerability surface, complicating efforts to bolster its defences against potential threats.

Further complications and solutions

Financial institutions managing vast amounts of sensitive data face heightened risks of data leakage due to insecure storage or misconfigurations. Inadequate encryption and weak jailbreak/root detection mechanisms further expose vulnerabilities, enabling malicious actors to exploit security loopholes and compromise user data.

Given the evolving nature of cyber threats, a comprehensive security framework starting with data protection and anti-debugging measures is imperative within financial services. Robust fraud and malware prevention mechanisms are equally essential to maintaining user trust in Super Apps that handle sensitive financial and transaction information.

Encouraging collaboration and looking ahead

Successful defence of standalone financial services apps –and the new generation of Super Apps – require prioritisation of mobile app defence. Crucially, it starts with a system that empowers collaboration between the two teams on the front lines of app development and defence: mobile app developers and cybersecurity teams.

By adopting agile security measures, embracing DevSecOps practices and putting in systems that automate mobile app security, developers can effectively mitigate risks and ensure regulatory compliance throughout the app lifecycle. This approach streamlines security integration at every development phase, enhancing overall app security. Consolidating multiple services into a cohesive platform promotes customer loyalty and drives engagement for online banking apps.

Despite facing inherent security challenges, Super Apps are poised to revolutionise consumer interactions with banking service providers. They offer unparalleled convenience and personalised experiences, driving their adoption among users.

However, balancing convenience and security remains paramount to safeguarding user trust and preserving business reputation while mitigating cyber threats. As digital banking continues to evolve and Super App usage grows, maintaining a robust security infrastructure and staying proactive in addressing emerging challenges will be essential for long-term success.

When I go into a meeting, I’m not the CEO;

I’m the customer

Business leaders all have motivations that drive them in the pursuit of excellence. Some are drawn to the sense of achievement when overcoming challenges, while others enjoy being at the helm of a ship powering innovation. One goal, however, is universal: to nurture a successful business and take it on a journey of excellence, and I believe the secret to achieving this lies in true customer centricity at every part of your business journey.

While I do not doubt that those other motivations drive CEOs to excellence, I believe there is one motivation that keeps some leaders ahead of the game, and that is the motivation that isn’t even yours. To guide your business and the direction of every decision to a fruitful outcome, it is important to ‘become’ your customer in mind and spirit. If you ensure that each decision is making a noticeable impact on the life of your customer, then more likely than not it will be a successful decision for your business.

To serve a customer well, walk a mile in their shoes

In my business, the customer we serve is the finance function, and the office of the CFO, so when I go into meetings, I take off my CEO hat and get into the mindset of the CFO – a role I have previously held – to walk in their shoes and consider them at every point of our discussion. Becoming the customer in this setting, “method acting” to an extent, and considering “my” pain points at every step of the way means that I can make sure we stay laser-focused on only developing solutions that make a notable difference to “me.”

For example, I know that one of the main things that keeps the CFO up at night is cash count. With this in mind, when I go into a meeting as the customer, I always bring the conversation back to how what we are developing actually supports working capital optimisation. As the “CFO,” is this making a notable difference to my role? Am “I” being liberated from inefficient manual processes? What is the time to value? If I don’t see how what we are developing improves “my” world, we go back to the drawing board, and the team is challenged to delve deeper.

As a result, I’m confident that our solution is making a difference. At Serrala specifically, we are providing a more effective way to optimise in-the-moment working capital by providing near real-time visibility into the financial health of the organisation through AI-driven scenario modelling, and predictive analytics, among other capabilities. I know that this alleviates concerns about cash count and means that finance leaders can instead focus on being a strategic partner to the business.

Staying within the customer mindset

This has by far been the most successful strategy I have implemented for running a successful business, and I wholeheartedly believe that more CEOs should adopt this approach. I’ve been fortunate enough to be in a unique position as I was previously the CFO of Serrala and I have held other CFO roles over the course of 20 years. This has given me the intrinsic need to solve the pain points of my previous role, but most of all, it allowed me to, even now, to stay within the mindset of my customers through a range of ways.

Customer-centricity is something my team and I implement day-to-day. I meet with customers face-toface at their offices or at industry events to understand their daily challenges, and I am still an active member of CFO networks, reading magazines and blogs that delve into the issues they are encountering. This mindset also goes beyond my own role; we have a dedicated customer experience team that hosts user group sessions, where we invite customers to our headquarters and spend a day learning from their challenges. We also organize yearly customer summit events, enabling us to connect with and celebrate our customers. I believe any business leader can do this.

There is nothing stopping a CEO from seeking out different customers in their network, spending a day with each of them, and asking the right questions to understand their perspective and “become” them to support the development of their offering. I would strongly encourage CEOs to invest in customer-centricity at their level, but also at a company scale, encouraging every department and every employee to constantly ask themselves: Is this benefiting the customer?

While there are many different approaches to running a business, a business is nothing without its customers, so their pain-points, motivations, and ambitions should be at the core of everything a leader does. Developing that deep understanding of the customer mindset and walking in their shoes whenever you consider any decision that will impact them can unlock potential you never knew. Through this approach, I believe leaders can build businesses that are truly valuable to those they serve, today, and into the future.

Demonstrating Digital Resilience with DORA Compliance

While the European Union’s (EU) Digital Operational Resilience Act (DORA) has been under development since 2020, the 2025 deadline for compliance is timely given the escalating demands for improved digital resilience. Geopolitical unrest and rising cyber threat are adding significant risks for financial institutions, making it vital to strengthen the operational resilience of the sector and ensure service continuity.

While FCA authorisation already requires financial institutions to have some level of cyber security and disaster recovery infrastructure, DORA takes it to a new level. Notably, the regulation adds both a responsibility for ICT supplier(s) performance and introduces a cross-business approach to resilience – rather than accepting the diverse plans of each isolated business unit. Furthermore, by demanding a consistent, industry-wide focus on operational uptime and security, DORA should foster a dialogue that is accelerating understanding, information sharing and innovation to create a far more consistent market-wide model.

SM photo - Global Banking | Finance

DORA heralds a new era of digital resilience best practice – but with awareness low and less than 12 months to achieve the required due diligence and execute any potential rework, Simon Maharaj, Managing Consultant and Daniel Maw, Consultant, D2 Legal Technology (D2LT), explain why it is vital for financial institutions to place the roadmap to compliance on the board agenda today.

Critical Concern

Digital resilience is now a board level concern for financial institutions, with fears fuelled not only by the escalation in cyber threat but also the spiralling geopolitical uncertainty. Deglobalisation and conflict across both Europe and the Middle East raise new threats for all businesses, but for a financial industry that is now dependent upon digitalisation, the potential devastation associated with interference with digital systems is an extremely serious concern.

The timely introduction of European Union’s (EU) Digital Operational Resilience Act (DORA) provides a framework and guidance for organisations to manage and address ICT and cyber related risks and

threats. Applying to any financial institution with a nexus within a European jurisdiction, DORA compliance must be achieved by January 2025. UK entities, in particular, will need to assess their level of DORA exposure, based on the breadth of financial markets activities included, and whether they occur in EU jurisdictions. With failure to meet DORA requirements incurring fines of up to 10 million Euros or 5% of total annual turnover, non-compliance is a significant risk for any financial institution.

Given the reputational damage and the cost associated with a breach or outage, organisations are already strongly motivated to embrace digital and operational resilience. DORA not only brings a drive toward consistency and best practice but it also elevates corporate and marketwide resilience strategies by demanding an overarching business level perspective.

Five Pillars

The DORA framework comprises five pillars: risk management, incident reporting, digital operational resilience testing, ICT third-party risk management and information and intelligence sharing. Organisations will have already put in place a lot of the risk management, incident reporting and digital operational resilience testing – although typically this will have occurred at business

unit level and must now be reviewed from an organisation-wide perspective. Furthermore, digital operational resilience testing now includes different gradients of seriousness relating to critical functions.

A holistic view of the organisation’s ICT infrastructure and risk framework is vital to bring together the isolated, business unit specific policies that have been deployed to date. If these existing models are not adequate to align with DORA, rework will be required. Inevitably senior level oversight will be needed, ideally from a Chief Risk Officer, who will work closely with an organisation’s nominated DORA champion.

Implications and implementation will vary dependent upon the maturity of each institution’s current resilience posture and specific operational risk profile – and until an organisation starts to assess its position with regards to DORA requirements, the level of rework and time required to undertake that work will remain unknown.

Managing ICT Risk

One of the most significant changes for financial institutions demanded by DORA is the introduction of explicit contractual provisions with ICT providers. These conditions are clearly outlined within DORA and a basic renegotiation of the contractual terms with any service provider is a fundamental requirement. As long as the ICT provider is willing and able to comply, this process should be fairly self-contained, using the DORA wording to renegotiate matters.

However, the sheer scale of the industry compliance required cannot be underestimated, given over 20,000 financial institutions and ICT providers are in scope for DORA. In addition to contractual renegotiation, including guidance on terminating relationships, financial institutions must also maintain a register of information related to contractual arrangements on the services provided by ICT third parties. Firms must also distinguish those ICT third parties supporting critical or important functions, ensure that financial entities can exit relationships without disrupting business activities, surface any conflicts of interest and identify sources of concentration risks.

This is clearly not an overnight exercise and while it is likely over time that some form of DORA certification will be introduced for ICT providers to support a more streamlined compliance process, that is still in the future.

Propagating Best Practice

Naturally, organisations want to align DORA compliance to the furthest extent possible with existing practice. This will require technical skills, insight into operational and market risk and an understanding of the impact of data breach and/ or service interruption on the business. If this expertise is not available internally, it is important to look to the market for support, especially given the limited timeframe.

Indeed, with DORA affecting not only the top tier financial institutions and large ICT providers, but any organisation of any size operating within the European financial markets, there is an essential role for external providers to play. Small and medium sized organisations will lack the resources to handle extensive change management programmes, and the adoption of streamlined processes for DORA compliance will be key in ensuring every affected business can achieve the level of digital resilience required to remain competitive within this market.

The important steps organisations will need to consider in adopting DORA compliance include:-

• Initiating a gap analysis between the existing practice and the target operating model of full DORA compliance

• Design of the new infrastructure

• Implementation; and

• Operationalisation

Firms should consider how best to achieve these steps with the resources they have available including internal questionnaires, stakeholder interviews and end-to-end documentation and process reviews. The new legal requirements should ultimately be interwoven into the existing landscape of the organisation’s technology, data flows and network infrastructure.

The additional challenge for the market is that this expertise is highly specialised, demanding both an in-depth knowledge of financial institutions’ operational and data infrastructure and an understanding of DORA’s legal changes. There is, by default, a limited pool of talent offering this combined expertise; even fewer that can also provide the support in the vital process of ensuring all legal contracts with ICT third parties are renegotiated in line with the DORA requirements.

Conclusion

At a time of escalating, global geopolitical instability and the rise of state-sponsored cyber-attacks designed to destabilise European economies, the introduction of DORA reinforces the fact that digital resilience is a serious, board level concern. And while many organisations should have in place robust policies, DORA’s focus on business level rather than department level strategy will demand a new level of strategic oversight and commitment from the Chief Risk Officer. With the additional scrutiny required for third party ICT providers, achieving DORA compliance is not a simple tick box exercise.

The deadline is less than 12 months away, giving organisations a limited timespan to achieve compliance. It vital to quickly undertake due diligence to identify potential shortcomings in compliance and assess the level of external input and internal resources required to address those gaps and undertake the rework required.

And to be honest, why wait for the deadline? When achieving best practice will deliver significant operational benefits over and above DORA compliance by reducing the risk of breach or compromise, the benefits are clear.

Top 10 Tech Trends In 2024 Everybody Must Be Ready For

A lot of ink has been spilled about current cybersecurity threats to the financial services industry. It can seem like you’re under attack by a veritable laundry list of threats while you focus on preventing data breaches and ensuring regulatory compliance. In the end, you need to be able to keep money flowing safely and securely, keep customer data safe, and keep regulators off your back while minimizing the cost of compliance.

Here are ten of the top tech trends to be aware of in 2024.

1) Resilience planning is increasingly important

Cyber resilience planning is paramount for financial services companies due to the criticality of maintaining trust and confidence in financial systems. Even the best cyber security can’t guarantee 100% protection. Cyber resilience focuses on mitigating potential disruptions and ensuring continuous operations during an attack or other disaster, thereby protecting both your organization and customers from loss and damage. By proactively identifying critical business functions and asset dependencies, your organization can uphold regulatory compliance standards and adapt to evolving cyber threats in a dynamic digital landscape.

2) The rise of artificial intelligence (AI)

AI is increasingly incorporated into solutions ranging from portfolio management to customer service. For cybersecurity, AI can be both an asset and a liability. Incorporating AI into cybersecurity solutions helps them detect and respond to cyber threats quickly. Leveraging AI also helps fill the cybersecurity skills gap and manpower shortage by allowing analysts to operate at a higher level. However, threat actors are also using AI to improve their operations. Attackers are using AI to create new strains of malware and to fine-tune social engineering attacks.

3) Transformation of third-party relationships to reduce risk

Instead of using due diligence checkbox surveys, companies are moving toward mutually beneficial partnerships to lower risk and safeguard against breaches.

4) Increased regulation and oversight

New regulations include the EU Digital Operational Resilience Act (DORA) which creates a regulatory framework for digital operational resilience for financial institutions, the updated NIST Cybersecurity Framework (CSF) 2.0 guidelines to manage cybersecurity risk, and the updated New York State Department of Financial Services (NYDFS) Cybersecurity Regulations.

5) Nation-state attack risks

Even if not the direct target of a nation-state attack, organizations can become collateral damage. For example, when NotPetya was deployed against Ukraine in 2017 it also took out several companies including Maersk, Mondelez International, and DHL. Outside of conflicts including Ukraine/ Russia, US/China, Armenia/Azerbaijan, Israel/Gaza, and others, there are also major elections taking place in countries including the US, UK, and India where cyberattacks may be used to disrupt the process.

6) Digital currencies and blockchain

Digital currencies and blockchain technology have introduced new cybersecurity challenges and opportunities. While blockchain’s decentralized nature enhances data integrity and reduces the risk of fraud, cryptocurrency transactions have facilitated ransomware attacks and illicit activities. Consequently, cybersecurity must evolve to address the unique threats posed by digital currencies, including securing cryptocurrency wallets, protecting against cryptojacking, and ensuring the integrity of blockchainbased systems against manipulation and exploitation.

7) Migrating to the cloud

While cloud adoption improves scalability, agility, and cost-efficiency, it also introduces risks related to data privacy, compliance, and unauthorized access. Financial institutions must implement robust security measures, such as encryption, access controls, and continuous monitoring, to safeguard sensitive financial data in the cloud environment.

8) Move to hybrid work

The shift to hybrid working has expanded the attack surface as employees access corporate networks from various locations and devices. Asset inventory plays a crucial role by providing visibility into all devices and endpoints accessing the network, allowing organizations to monitor and secure their digital assets effectively.

9) Continuous threat exposure management

Continuous threat exposure management prioritizes the real-time monitoring of evolving cyber threats and vulnerabilities in your attack surface. By continuously assessing and prioritizing threats, organizations can proactively mitigate risks and enhance their cybersecurity posture. This approach ensures that financial institutions stay ahead of emerging threats, safeguarding sensitive data, and maintaining customer trust in an increasingly dynamic threat landscape.

10) Cybersecurity moves to the boardroom

Gartner has predicted that, by 2026, 70% of boards will include one member with cybersecurity expertise. Including cybersecurity in boardroom discussions ensures that leaders understand the strategic implications of cyber threats and vulnerabilities. By having cybersecurity on the agenda, boards can allocate resources effectively and align business objectives with security goals. This proactive approach not only protects the company from potential breaches but also enhances resilience and fosters a culture of security throughout the organization.

The evolution of Corporate Digital Identity technology in banking

In today’s modern financial services landscape, Corporate Digital Identity (CDI) is rapidly emerging as the lynchpin when it comes to solving the challenge of the identification and verification of corporate and institutional clients.

Facilitating a truly customer-centric approach to client onboarding and Know Your Customer (KYC) processes, CDI combines real-time data in the public domain with data acquired from clients privately to deliver ready-made customer profiles into internal systems. These can be tailored to meet specific regulatory requirements and risk appetites. For institutions, this unlocks entirely new operating models that present immense opportunities for banks and customers alike.

As a consequence, banks can see dramatically improved business outcomes, powering the path to sustainable growth and profitability. By taking tangible action that addresses a problem they have struggled to address up to now, despite significant investment, banks can achieve a deeper and more widespread level of cost efficiency.

The challenges hindering current processes

In recent years, we have witnessed retail banks transform KYC, the customer experience, and, in turn, their commercial outcomes by leveraging digital identity. However, in contrast, a unique set of circumstances, such as a lack of unified corporate identity standards, transparency and access to business information, represent hurdles for corporate, investment and business banks when it comes to making similar strides.

Without this unified picture, banks must curate and create their own view of an entity to perform KYC involving a vast amount of public and private data. This view will then change in line with fast moving regulations and geopolitical developments.

Current efforts to overcome this are focused on either allocating more human resources to the issue or building homegrown solutions. However, people are expensive and manual processes introduce errors and risks. Money spent on building internal solutions is often wasted as these mammoth projects stall or halt altogether due to limited resources, a lack of skills or competing business priorities,

As a result of these inefficient practices, many businesses are still waiting up to 120 days for access to accounts and services. In today’s pressured environment, this is simply not sustainable, and they are, as a consequence, responding by abandoning long and arduous processes in their droves. The result? $3.3 trillion in lost revenue.

This is one problem that cannot be solved by doing more of the same. A completely new approach is the only solution.

Transforming approaches with CDI

KYC, especially at the point of onboarding, should be seamless, thorough, and consistent. This is why CDI is transforming the landscape. Dynamically generated from the most upto-date authoritative public and private data sources, CDI profiles contain all the attributes and documents needed to make and – crucially – evidence sound business decisions.

Designed to be leveraged directly within internal systems, CDI ensures banks are provided with a consistent and accurate view of a customer at all times. Complex and disparate information is distilled into a digestible profile that persists through downstream activities, reducing processing times and costs. When implemented, the gains at play are clear, with CDI bringing the potential to drive efficiencies of up to $700 million over the course of five years. These efficiencies, imperative to business success across the board, span all functions, from operations to the front office.

With CDI, corporate customers can also benefit from the same seamless digital journeys they experience in their personal lives. Thanks to a quick and smooth process, abandon rates can be reduced by 20-40%, further fuelling growth and improving profitability.

With its fresh approach to enabling business with corporate customers, CDI addresses the most pressing challenges facing banks like never before.

For forward-thinking institutions, CDI can be gamechanging, with its evolution marking a significant shift in the way banks tackle identity verification. As well as improving compliance outcomes, it also allows for new, far-reaching potential to be unlocked when it comes to identifying revenue building opportunities and supporting long-term growth.

Paving the way for a future that puts the customer at the heart of the experience will bring hugely positive outcomes for all parties. Banks that take the chance to embrace the unique potential that CDI offers will put themselves in the position to reap the benefits during a time when digital identity is key to an evolving ecosystem.

The Future of Banking: 10 US Tech Trends and Innovations in 2024

The banking sector is continuously evolving, influenced heavily by advancements in technology, changes in regulations and changing consumer needs. Looking forward to 2024, several significant trends and advancements are set to mold the industry’s future. Developments such as the increasing prevalence of artificial intelligence and the renewed interest in cryptocurrencies are set to transform the familiar faces in banking.

1. GenAI enhanced apps – inevitably, we’ll see the next generation of chatbots in banking hit the market in 2024. However – most of them will be “interim,” not really reasoning or able to provide the most accurate financial advice. Their primary focus will be on ensuring customer support conversations are more natural (and perhaps more likely to lead to positive resolutions). For true advice, deep insights and conversations designed to drive positive financial outcomes to become a reality, we first need both general GenAI and also fintechspecific regulations.

2. Big tech/big retail trying banking again – Due to its larger market size and the availability of capital and talent, it’s no surprise that the US is a key driver of financial innovation. As we are about to see a 1033-driven open banking wave, many tech giants are looking at how best to expand their businesses and capitalize even more on the now captive audiences. Apple, for example, launched AIS in the UK – clearly testing the waters in terms of viability – and others are also venturing into this field too. But in 2024, another organization will undoubtedly try to do it and in a more meaningful way than the Apple-GS card.

3. Renewed enthusiasm in crypto– with so much money at stake and the expected hype surrounding regulation, cryptocurrencies will once again see a slight resurgence – hopefully in a much less chaotic way than previously.

4. Banking investments into tech and data –the growing interest in generative AI and the promise of optimization, reduction in menial tasks and bureaucracy will make banks follow easy wins. Operations will be slimmed down, streamlined, supported with AI and then hit a wall. Why? Because there’s only so much that can be achieved without serious investment into the data infrastructure. Money spent on operations will end up being used to make sense of – and consolidate – data to enable more advanced AI solutions. Remember, AI is only as powerful as the data it is fed and trained on.

5. Improved customer-centricity and hyperpersonalization– With AI, more spend on data and more focused organizations, we are finally getting to the point where it is commercially feasible to get to the level of analytics that supports true hyper personalization. Not rule based, not eyeballed by an advisor – but rather automated, accurate hyper-personalization that’s deployable at scale and able to both meet the needs of customers and empower them to achieve their financial goals.

6. Offshoring retreat – a lot of the tasks that banks have been happily moving offshore are now at risk of being automated. As people are moved to more productive and creative tasks, a much closer cooperation between traditional banking siloes will be needed. Signs of this have been already seen in the past, but this time it might be a significant change in where the work is done.

7. Data regulation-driven innovation – arguably, for the amount of investment in open banking providers there hasn’t been enough return. With only payments generating somewhat decent revenue, it’s difficult to see this cycle repeating. However, as regulations are clarified and get closer to going live, there will be a sustained increase in the stream of ideas on how to capitalize on them.

8. The end of BNPL is not in sight –“Buy Now, Pay Later” providers are enjoying a mixed period. The regulators are taking a closer look at their operations, profitability is not always there and challenges are mounting. However, unlike high cost short term borrowing, BNPL is sufficiently embedded in the retail ecosystem and therefore more likely to survive. While it can be argued that BNPL doesn’t often lead to good customer outcomes, it seems to have enough influence to be treated with care. Simply put, no regulator wants to be branded as the organization slowing down the economy in these difficult times.

9. More nimble lending – but still tight – banks are continuously tightening their lending operations, especially in the US but this isn’t sustainable. With open banking’s arrival, there is slight discontent amongst credit bureaus as the threat of big tech looms. Perhaps this will entice some of the big players to borrow strategies from the FinTech playbook and work to diversify their portfolio while also improving their ability to manage risk. And more data and AI solutions can help.

10. GenAI goes wrong – someone somewhere will push GenAI too far or launch it with insufficient guardrails, resulting in a mistake which will receive a lot of negative attention. AI Detractors will use this as yet another argument against adoption but in reality, it will be a result of yet another failed (or rushed IT project). Hopefully, however, this incident will not become a trend.

As we continue to navigate the ever changing landscape of banking in 2024, US banks must adopt the new and changing trends to remain relevant and meet the needs of customers. While challenges may be presented, the future of banking holds tremendous promise for innovation and industry advancements.

Jakub Piotrowski is an experienced fintech leader with R&D, commercial and product experience, serving as a VP of Product at Bud.

A transaction and data intelligence platform for the financial services industry, Bud Financial (“Bud”) enables its clients to simplify financial decisions by transforming transactional data into rich customer insights. For half a decade, Bud has been a trailblazer in its development and application of AI, machine learning, and natural language processing in banking and financial services.

With over 50 billion transactions processed in half a decade, Bud’s categorization, aggregation, analytics, deep AI and ML capabilities unlock a suite of actionable insights for our clients. Bud empowers financial institutions to supercharge marketing efforts, refine customer segmentation, assess and manage risk, deliver smart PFM features and even optimize processes using AI.

Teaching healthy financial habits today for a more prosperous tomorrow

Consider all the things that you were taught in school that never came in handy in adulthood. Strange then that so many of us were never taught the basics of financial management when it’s a skill we need every day.

Nevertheless, a Financial Times survey in 2021 found that 90% of people in England felt they’d learnt “nothing at all” or “not very much” about finance at school. It’s an educational gap that persists today.

As soon as a child reaches 18, they are eligible for all sorts of financial products like credit cards, student loans and overdrafts. While these services can be extremely useful, understanding how to use them is key to fostering a positive relationship with money.

That’s why it’s so important for parents to instil good financial habits from an early age. Like when learning a language, teaching financial skills is a case of ‘the sooner, the better’. Children soak up information like sponges, and the earlier we begin nurturing good habits, the more empowered and confident young people will be in managing their finances.

Paving the way for financial wellbeing

For kids, the lessons that stick, usually involve an element of fun. By incorporating practical examples that align with typical childhood activities involving money, we can make the learning experience enjoyable and positively shape their financial understanding.

Here are a few ideas for incorporating financial lessons into everyday life:

• Get the kids involved in real-life financial situations. Look for opportunities to engage them with financial management, such as handling bills at a restaurant or during your weekly grocery shopping. Give children a view of the transactions you’re making to help them build familiarity with the process. Show them where the money you use comes from, how your card links to your bank account, and let them see how much things cost. All this helps them understand financial accountability.

• Let them use their own money. Give your children pocket money and encourage them to set a savings goal for something they want – like a toy, clothing or console game.

• Create a simple budget with them so they can see how long it will take to get enough money together. This way they can see how savings grow, while safely discovering the fundamentals of money handling at home.

These experiences will help create a happier, healthier relationship with money that people can carry with them throughout their lives.

The right tools for the job

However you choose to teach your children about handling money, the most important takeaways for them should be:

• How important it is not to spend beyond their means

• Why making timely repayments is a good thing

• How financial wellbeing can affect the body and mind too

Thanks to a new generation of prepaid cards for children, which can be protected with parental controls and in-app learning, it’s easier than ever to help kids build their financial knowledge.

These tools are great for introducing children to using payment cards responsibly, enabling them to view how much money they have available and where they’ve spent it. Prepaid cards give young people a degree of financial independence while keeping them in a safe space to explore paying for things on a card before they get their hands on a real credit card (and the line of credit attached to it). They also offer parents and caregivers an opportunity to explain how bank statements, overdrafts, credit scores and reports, and high-interest debt work.

It’s often the case that young people have no idea what credit is until it’s being offered to them. So, it’s a good idea in general to make children familiar with credit scores before they turn 18 – that way they have a good understanding of what impact their decisions will have on their financial future.

Getting it right early can save them thousands of pounds on credit cards, student loans, mortgages and other products when the time comes for them to apply – not to mention a whole lot of time. If you are happy for your young dependant to see your credit history, why not get them interested in how it works by showing them your credit score?

Why it matters

When we feel like we have enough money to cover the basics – and enough to cover emergencies and the things we enjoy – money can help us to feel safe and secure. On the other hand, when money is tight or if we’re having a tough time financially, it can sometimes feel like money is affecting our overall wellbeing. Money can make us feel worried, uncomfortable, anxious, or even guilty.

Maintaining a good understanding of financial products can contribute to a healthy credit score, access to more affordable financial services and products, and avoids higher-cost alternatives.

At Loqbox, we understand that when people are empowered with financial literacy, they have the knowledge, tools, and healthy money habits to move forward in their financial journeys with confidence. Providing children with a solid foundation of financial education is one of the best ways we can prepare them for the future and protect their longterm wellbeing.

Why financial institutions need to set KPIs for effective AML

NASDAQ’s recent report on how $3T in dirty money is flowing through the world’s financial system also highlighted the role banks’ shortcomings play. One of the main culprits harming banks’ ability to fight financial crime is: a “Lack of Measures for Success.”

Banks and financial institutions (FIs) need stronger KPIs for financial crime prevention that break free of ineffective traditional benchmarks. Companies often attempt to measure their results in terms of reducing the number of false positives or suspicious activity alerts. But these “easy” indicators are actually red herrings, either unattainable or distractions from the true problems.

For example, while FIs track the number of “suspicious activity reports” (SARs) filed, they have no idea how many of them accurately identified a crime, because once they’re handed off to law enforcement, tracking stops.

There are better ways to measure an FI’s success in fighting crime, improving their risk models, and setting future goals that aren’t just vanity metrics, but truly move the needle.

Here is a strategy all FIs can follow in implementing robust anti-crime KPIs.

1. Start with Key Risk Indicators – KRIs

Before even thinking about KPIs, FIs have to set Key Risk Indicators, or KRIs. This means essentially understanding your crime exposure in every aspect of your company, meaning there is no one-size-fits-all.

KRIs will depend on the FI’s size, geographical presence, customer base, distribution channels and product offering. Every bank should already have a thorough risk assessment. What they need to do is make sure that it is differentiated across variables that affect risk, such as the industries and countries in which your customers operate (a company offering gambling services requires a stricter risk assessment from one selling sports equipment); the risk level of your different branches (are they cash or credit-intensive?); and the types of product you’re offering (a loan for a cash-heavy business is riskier than offering car insurance).

FIs must also make sure that the risk assessment is being regularly updated with new contextual information, such as any national risk assessments and internal data on customer behaviour, transactions and more.

Then, you can use that assessment to determine what your unique Key Risk Indicators are. For example, if your bank has opened a branch in a country that is inherently at higher risk of AML, then your local customers might all be considered high-risk because of their area of operations alone. The KRIs in that branch are a lot more nuanced to local dynamics. In this case, it would be irrational for your resulting KPI to be “reduce the number of high-risk customers,” as that would basically mean closing down the branch. You want to keep those “high-risk” customers, but lower the incurred risk for your institutions. One way to do this, for example, could be to establish a KPI that increases the frequency of enhanced due diligence on local customers, or increases the level of local risk training of your branch employees.

Risk indicators are snapshots of historical data – they only measure what has already happened. KPIs are a future indicator – where you want to be in the near future. But you have to know where you are now to know where you want to be.

2. Don’t use traditional indicators as vanity metrics

Once you have established your unique KRIs, turn to the metrics you’ve currently been using to assess your anti-crime strategy.

A lot of the figures presented to management – such as false positives, the number of high-risk customers, the number of alerts generated – are used as “vanity metrics” because they look good when they trend downwards. But typically they are an unreliable snapshot of the superficial situation. They’re so volatile that they can jump erratically from one day to the next, as reporting might not be consistent across days.

Here are some examples – the number of customers with KYC overdues is a highly valued metric in FIs. It measures the number of customers whose KYC data should have been updated, but is now overdue. While it might be low today, tomorrow the threshold could push a large part of your customers to overdue.

The real issue you’re chasing shouldn’t be the number, but the efficiency of the mechanism you have in place to update KYC info. An alternative tracker could be the diffusion of automated options to customers for hassle-free updating of KYC data.

Another common indicator is the number of false positives, or how many of the transaction alerts generated by the system are dismissed as false alarms upon review. But what does that % really say? If false positives have decreased by 20%, does that mean that your transaction monitoring system has become more discerning, or does it mean you’ve been completely missing a sector of transactions because criminals’ MOs have changed? You should instead be looking at whether your transaction monitoring system is working correctly and whether it has been updated regularly with new scenarios and risk models.

Finally, you need to be looking at these metrics for an extended period of time to truly decipher trends and peak periods, and understand the purpose behind their measurement (which feeds back into the KRIs).

3. KPIs for your team are essential

While all the aforementioned metrics come with some level of ambiguity, the clearest metrics for any FIs are those that measure the proficiency and trustworthiness of your employees, from the first line of defence all the way to top management.

Several KPIs can serve this purpose. In terms of proficiency, you can measure the team’s efficiency in, for example, the processing time of onboarding and updating KYC; or the processing time of an alert.

An essential KPI is ongoing training for employees. Awareness and compliance training can be monitored in terms of courses completed and resources distributed. Also make sure your internal intelligence is constantly growing by tracking how often you send employees to conferences, read new papers on emerging trends and more.

Your employees can be a liability if you don’t have good KPIs on conducting background checks and continuously reviewing your team members.

4. Set up a KPI refinement wheel

Your main global objective with KPIs should be to keep fine-tuning them constantly. You need to set a wheel in motion: Set KPIs – Risk assessment –Routine monitoring and data analysis – Update risk assessment – Update KPIs.

For example, suspicious activity alerts can give you a broader picture of the factors impacting your risk assessment and where it might need to be refined. You may see multiple alerts coming up within a specific channel, such as when customers are paying online, or when they’re conducting cash transactions at a specific branch. You can take that information and use it to update the risk assessment and rework your transaction monitoring systems. That could lead to new KPIs on increasing enhanced due diligence on customers at a specific branch, or using specific channels.

Your work is never done. As I said before, this process is not about the numbers. It’s about having an effective, working risk management system. Use your KPI journey to upgrade your financial crime prevention strategy as a whole.

Harnessing Generative AI for Compliance in Financial Services

The financial services industry is highly regulated, and with the recent reforms in the Financial Services and Markets Act 2023 transforming the post-Brexit financial services landscape, compliance teams have a host of new processes to incorporate into their workflows. These changes necessitate a thorough understanding and integration of updated regulations, increasing the complexity of compliance tasks. While much of the generative AI attention has been focused on image and text generation, the potential of this groundbreaking technology extends beyond artistic expression and holds immense promise for transforming regulatory compliance in the financial services industry. Generative AI can automate complex compliance procedures, enhance the accuracy of regulatory reporting and streamline the management of vast amounts of regulatory data, thereby reducing the burden on compliance teams and enabling them to focus on more strategic activities.

Streamlining processes

Rules governing financial services are vast and found across various sources, such as company handbooks, guidelines from industry regulators, as well as parliamentary and international law. In addition to this spread of rules, constant updates and amendments to existing regulations pose an additional layer of complexity that compliance teams must contend with.

Given the volume, spread, and pace of legal evolution, compliance teams without the necessary advanced technology risk falling behind and facing potential sanctions for non-compliance.

While AI is nothing new for the financial industry, generative AI represents a significant upgrade. Where traditional AI relies on structured data, generative AI models can work with vast amounts of unstructured data formats to sift through policy developments across multiple jurisdictions and update monitoring systems in real time. Streamlining these cumbersome processes, often subject to human error, enables enhanced compliance and improved overall business performance.

Mitigating risk

In a fast-paced industry like finance, the ability to quickly adapt to new rules and regulations can make all the difference in mitigating reputational risk and potential business harm. Generative AI excels in this regard, using its advanced capabilities to “connect the dots” and highlight connections between disparate documents.

In the case of regulator requests, this makes it easier for compliance officers to find exactly which document contains the relevant procedures aligning with new laws. Moreover, it greatly shortens the time taken for creating new internal policy descriptions in response to new regulations. While it’s important to retain human review to double-check for hallucinations, it’s clear that generative AI helps firms become more agile and nimble in the face of regulatory developments, enabling rapid responses to regulator queries and the creation of updated policies.

Improving employee experience

Beyond its technical capabilities, generative AI can greatly enhance the employee experience more broadly. The technology is easily integrated into intuitive chatbot interfaces, empowering even non-technical employees to search and retrieve vital information on regulatory developments in natural language. For instance, an employee can simply ask, “What are the latest changes in the KYC requirements for onboarding new clients?” and benefit from a concise, easy-to-understand summary. This accessibility reduces the learning curve associated with navigating complex regulatory information, making it easier for employees at all levels to stay informed and compliant.

This technology acts as a powerful assistant to domain experts, empowering them to search and navigate complex documents and policies with ease. By streamlining access to critical information, generative AI can significantly reduce the time and effort required for employees to stay up to date with regulatory changes. Additionally, it can help minimise errors and ensure that employees are always working with the most current information. This enhanced capability not only improves individual performance but also contributes to overall organisational efficiency and effectiveness. As a result, employees can focus more on strategic and value-added tasks, leading to a more productive and engaged workforce.

Control and competition

As generative AI continues to evolve at a rapid pace, it’s important that financial services firms looking to take advantage of the opportunity do so within secure, private cloud environments. This strategic approach will help ensure sensitive company and customer data remains within their control, safeguarding against potential breaches and unauthorised access. By maintaining robust security measures within these private cloud infrastructures, firms can protect their critical information while still reaping the numerous benefits of digital transformation. Furthermore, leveraging secure, private cloud environments allows financial institutions to comply with stringent regulatory requirements and industry standards, ensuring that their adoption of generative AI is not only innovative but also responsible and compliant with all relevant legal frameworks.

Generative AI holds immense potential to revolutionise regulatory compliance. By harnessing the power of AI-powered contextual understanding and proactive adaptability, financial institutions can streamline their compliance efforts, mitigate risks, and empower their employees to make informed decisions. By embracing new technology, firms are better placed to not only navigate the complexities of the present but also position themselves for success in the future. Those who invest in generative AI now will be well-equipped to handle the regulatory challenges of tomorrow, ensuring a competitive edge in an increasingly complex and dynamic industry.

Fixing the Public Sector IT Debacle

Public sector IT services are no longer fit for purpose. Constant security breaches. Unacceptable downtime. Endemic over-spending. Delays in vital service innovation that would reduce costs and improve citizen experience.

While the UK’s public sector is on the front line of a global escalation in cyberattacks, the number of breaches leading to service disruption, data loss an additional costs to rebuild and restore systems are unacceptable and unnecessary. A lack of expertise, insufficient procurement rigour and a herd mentality have led to over-reliance on a handful of vendors, ubiquitous infrastructure models and identical security vulnerabilities that are quickly and easily exploited.

Mark Grindey2 scaled - Global Banking | FinanceBudgets are adequate. Better, more affordable and secure technologies are mature and proven. As Mark Grindey, CEO, Zeus Cloud, argues, it is the broken tender process that is fundamentally undermining innovation and exposing the public sector to devastating security risk.

Broken Systems

There is no doubt that the UK’s public sector organisations are facing an ever-growing security threat. Alongside public bodies in every developed country, state-sponsored attacks are designed to undermine the delivery of essential services. And the cost to recover from these cyberattacks is devastating, with councils spending millions to recover from ransomware attacks in recent years.

The ever-rising threat level is, however, just one part of the story. While public sector bodies are prime targets due to the level of sensitive data held, the impact of attacking critical infrastructure and the appeal of targeting a high-profile organisation, not every public body is enduring repeated downtime as a result of breaches.

Nor does a single hack automatically affect every part of the organisation, leading to a disruption of vital services for days, even weeks. So, what differentiates those organisations, such as Bexley Council and Bedford Council that have a good cyber security track record, from the rest? And, critically, what is the best way to propagate best practice throughout the public sector to mitigate risk?

Broken Tender Process

The issue is not budget. The public sector may constantly claim a lack of funding but money is not the root cause of inadequate security or inconsistent service delivery. The problem is how that money is spent. Despite attempts to improve the rigour of public sector IT investment, the current tendering process is fuelling misdirected and excessive spend.

In theory, an open tender model should ensure that money is well spent. It should guarantee the service is delivered by the best provider. In reality, the vast majority of contracts are allocated to the same handful of large organisations. Which would be fine, if the services delivered were top quality, highly secure and fairly priced. They are not. The public sector is routinely charged three times as much as the private sector for equivalent IT deployments. Three times as much.

In addition to this endemic overspending, the reliance on a small number of vendors radically increases the security threat due to the ubiquity of infrastructure models. When the majority of public sector organisations have relocated to the same public cloud hyperscaler and adopted identical security postures, it is inevitable that a breach at one organisation will be rapidly exploited and repeated in others.

Inadequate Rigour

The current tender process completely lacks rigour. Given the continued security breaches, why are these vendors not being held to account? Why are they still being awarded new contracts? Indeed, why are they winning the business to rebuild and recover the systems damaged by a security breach that occurred on their watch? When other Managed Services Providers and cloud platforms can offer not only better pricing but a far better security track record. Something is clearly going very wrong in public sector procurement.

The public sector is complicit in this overspending: any vendor attempting to come in and charge a lower (fair) amount is automatically discounted from the tender process. Why? There are multiple reasons, not least that the public sector has been ‘trained’ by the IT industry to expect these inflated costs, but there is also a reliance on dedicated Procurement Officers who lack essential sector expertise. Why for example, is every single system used by Leicester City Council located on the same public cloud platform? It should be impossible for a system breach to extend and expand across every single part of the organisation yet by failing to understand basic security principles, the council set itself up for expensive failure.

The lack of expertise is a serious concern. Continued reliance on large IT vendors has resulted in many public sector organisations becoming dangerously under-skilled. Given the lack of internal knowledge, organisations often turn to incumbent vendors for information to support the tender process, leading inevitably to further price inflation. Furthermore, when a crisis occurs, reliance on a third party, rather than inhouse expertise, leads to inevitable delays that exacerbates problems and results in additional cost to repair and restore systems.

Overdue Oversight

The situation is enormously frustrating for IT vendors with the expertise to deliver lower cost, secure systems. The mis-directed spend has left public sector bodies woefully out of date. Not only are security postures frighteningly old fashioned; but there are unacceptable delays in vital service delivery innovations that would transform the citizen experience and provide operational cost savings.

Given the escalating pressures facing all public sector organisations, change is essential. In-house expertise must be rebuilt to ensure sector experts are involved in the procurement process and pricing expectations must be immediately overhauled: avaricious IT vendors will continue to over charge unless challenged. One option is to appoint an outsourced CTO with broad public and private sector expertise, an individual with the knowledge and experience to call out the endemic over charging and sanity check the procurement process.

It is also important to move away from the herd mentality. Would, for example, an on-premise private cloud solution be a better option than a public cloud hyperscaler? What is the cost comparison of adding in-house security expertise rather than relying on a third party – factoring in, of course, the value of fast response if a problem occurs. It is telling that the handful of local authorities with a good security track record have not adopted the same big vendor, public cloud approach but applied rigour to the procurement process to achieve a more secure and cost-effective approach. Others could and should learn from these organisations.

Conclusion

Good, effective IT systems underpin every aspect of public sector service delivery and, right now, the vast majority are not fit for purpose. It is, therefore, vital to highlight and celebrate the good performers – and challenge those vendors that continue to overcharge and underperform.

Sharing information between organisations, both to support strategic direction and day to day risk mitigation, is vital to propagate best practice. Critically, by pooling knowledge and expertise, the public sector can begin to regain control over what is, today, a broken model. While the public sector continues to flounder with inadequate security and a lack of knowledge, the IT vendors will continue to win. They need to be held to account and that can only happen if public sector organisations come together to demand more and hold the industry to account.

Female Leadership is Shaping the Italian FinTech Sector

Catalysts for Progress: Paving the Way for Women’s Participation in FinTech

In the ever-evolving FinTech landscape, diversity emerges as a crucial catalyst for innovation and success. There is still considerable progress to be made, but the trend is clear: the number of FinTech companies led by women is increasing. Deloitte’s insights[1] further underscore this trend, pointing out three key areas of improvement: boosting female representation in the workforce, fostering more female founders, and rectifying gender imbalances in user demographics. This triad paints a picture of an industry historically skewed towards men. Yet, by proactively addressing these issues, the FinTech sector stands to become more dynamic, and reflective of diverse perspectives and talents.

Italy is at the forefront of levelling the playing field for females looking to enter the FinTech industry in Europe. According to EY Boardroom Monitor[2], Italy leads Europe with 47% female board representation in listed financial sector companies, surpassing France at 44% and Germany at 25%. The country’s progress in FinTech is also evidenced by the numbers from the Fintech District. Established in 2017, Fintech District is the international community’s point of reference for Italy’s FinTech and TechFin ecosystems. It acts as an ecosystem aggregator, fostering conditions for stakeholders (FinTech, financial institutions, corporate companies, professionals, institutions, and investors) to operate synergistically and find local and international growth opportunities. This hub exemplifies the country’s sector diversification, encompassing 290 entities, 23 of which are led by women, including 15 as CEOs. Although women leading FinTech companies in the community still do not reach 10% of the total, just a few years ago, they could be counted on one hand.

According to the annual survey of the Observatory for Female Entrepreneurship Unioncamere and Infocamere[3], while traditional sector businesses led by women declined by 6,000 units in 2022, there was a significant uptick in female representation across innovative sectors. Between 2022 and the first half of 2023, 2,000 new female-led businesses emerged, marking a 40% increase compared to the previous two years. This shift highlights the positive momentum towards achieving greater gender diversity in leadership roles in Italy.

Case Study on Female Leadership in Italy’s Fintech District: Shared Values and Economic Impact

Fintech District serves as a case study, where the 15 female CEOs are leading companies at the cutting edge of the financial technology revolution, setting a precedent for corporate culture and ethical leadership across the industry. Their firms are prominent within several sub-sectors such as AI, investments, digital payments, and InsurTech, with additional involvement in crowdfunding, digital banking, and financial education.

Fintech District conducted interviews with female entrepreneurs in their network to examine their leadership styles, discovering a variety of approaches that converge on common themes. The female founders emphasised the importance of collaborative and inclusive leadership, the value of empathetic team relationships and the need for every team member’s voice to be heard. Key leadership traits included effective communication, strong decisionmaking skills, and integrity. The interviews also revealed that these leaders also focus on meeting customer needs and advocate for a corporate culture that merges technology and empathy to cater to modern clients, thus building resilient teams adept at navigating the rapidly evolving FinTech industry.

To support Fintech District’s findings in Italy, on the international side, a BCG[4] report emphasised how teams under female leadership foster a positive work culture characterised by enhanced communication, collaboration, and receptiveness to learning. The report also notes how female entrepreneurs demonstrate better risk management by being less inclined to overestimate their track record. Additionally, organisations with a greater representation of women in leadership positions outperform male-dominated counterparts in terms of efficiently converting investment into revenue.

Ultimately, as highlighted by a recent McKinsey report[5], increasing female participation by 45% in high-tech fields across Europe could lead to a potential increase in GDP of up to €600 billion by 2027. This underscores the substantial, untapped potential of women in the development of robust business outcomes for the techdriven economy. In Italy, companies such as Doorway, Wallife, and LITA.co, led by women within Fintech District Community, have successfully raised significant capital from domestic and international investors. Through these successes, FinTech firms can reap the financial rewards of their female-led ventures, while also sending a clear message to the wider industry on the economic fruits of female leadership.

Looking Forward

As the FinTech industry evolves, integrating female leadership becomes essential for driving innovation, fostering cross-sector collaboration, fuelling economic growth, and fortifying the financial ecosystem. Italy’s early success in building a gender-diverse FinTech ecosystem serves as a call to action for the broader FinTech community. More women in leadership roles create a virtuous cycle: they serve as role models and mentors, perpetuating empowerment and innovation. This not only benefits women but also enriches the industry by offering diverse perspectives, leading to improved decision-making and more inclusive financial products, thereby reaching a broader user base.

Additionally, highly qualified training and the development of tailored pathways for women become paramount. Initiatives such as the call for female speakers at the 2023 Milan Fintech Summit – Italy’s main annual event dedicated to the future of innovation in banking and financial services – along with the She Fintech free master’s program by Polimi Graduate School, are instrumental in driving progress.

Increasing female participation in Italy’s FinTech is not merely about boosting numbers; it is about recognising the profound impact these leaders have on innovation, corporate culture, and economic performance. Through persistent effort and strategic initiatives, Italy, alongside the support of Fintech District, aims to establish itself as a frontrunner in finance and technology, cultivating an ecosystem primed to address 21st-century challenges.

Don’t Let Entity Structure Hold Back Your Global Expansion Plans

Expanding a business globally is a significant step for any organization. It offers vast opportunities alongside significant challenges – one critical challenge being selecting the appropriate entity structure for international operations. This choice is pivotal as it impacts legal liabilities, tax obligations and the ease of business operations in the target country. What’s more, international laws and regulations are inherently complex, creating difficulties and leading to common mistakes.

The Organization for Economic Co-operation and Development (OECD) indicates that failure rates for businesses attempting global expansion range from 20% to 40%. Companies often erroneously assume that concepts and norms in overseas markets mimic those in the United States. However, legal protections and tax laws differ widely, and choosing an inappropriate entity structure can result in unexpected costs and legal problems. A 2020 report by the World Bank shows how complicated taxes can be worldwide, with international businesses having to understand more than 1,200 tax agreements and multiple local laws.

Understanding Entity Options

These consequences underscore the importance of choosing the appropriate entity structure, leading to the question – what are my options?

1. Representative Office: A Representative Office is simplest and ideal for market research, but it is limited in business operations.

2. Branch Office: Branch Offices act as extensions of the parent company, offers a broader activity scope but comes with increased liability and tax obligations and often needs a local manager for oversight.

3. Subsidiary: Subsidiaries provide maximum liability protection, enabling full-scale foreign operations and revenue generation independently from the parent company. While subsidiaries offer an established market presence and international credibility, they demand significant investment and understanding of local regulations.

4. Non-resident employer (NRE): It operates in a foreign market without having a permanent establishment in said country, which means that there is no legal entity.

Choosing the right entity structure is a critical decision with far-reaching implications – not just for the option you choose, but any other existing or future entities. The outlined options offer varying degrees of market access, operational scope and liability protection. And while your current structure may suffice for present needs, organizations should prioritize alignment with future objectives when planning their entity strategy.

Factors to Consider

Whether a company chooses to enter new markets to “test the waters” before making a substantial investment or opts to establish an entity structure independently, several factors should guide the decision to expand globally.

• Purpose. The purpose of your expansion should play a large role in determining entity structure. Whether a new operation plans to conduct research, sales, manufacturing, or provide services, each objective aligns with a specific structure. The nature of the business’s activity also counts because regulatory environments vary across industries and countries, impacting operations and compliance.

• Location. Company needs and expansion goals determine the location of an overseas operation. Access to target customers and skilled employees guides choices and aligns with business objectives and growth strategy. Given labor laws and talent availability, the intended operational scale also influences location.

• Cost. Companies planning to expand internationally must balance initial setup costs and ongoing maintenance fees, which range from $15,000 to $20,000 annually depending on the country, against potential ROI. These could pose challenges for some organizations. Additionally, if the company closes down the entity in the future, it may face significant costs and complexities related to dissolution.

• Time. The time required to set up an entity and begin operating depends on various factors. Some countries have relatively easy requirements, and company operations can be established within weeks. Other countries have more rigid processes that could take six to 12+ months to navigate.

• Compliance. A country’s employment laws also impact several areas. These include how and who the company hires, employment contracts, the frequency and method of employee payments, tax structures, and the types of reporting required.

• Banking. Efforts to fight crimes such as fraud and money laundering are intensifying globally, requiring strict adherence to updated regulations. For example, in Belgium, $67K in minimum capital is needed to deposit prior to incorporation. All organizations are even required to comply with “know your client” regulations, where in some countries, finalizing an account is done in-person. This task can impact the ability to set up the entity and hire employees.

• Accounting and Tax Laws. Countries usually have local accounting laws, which may include jurisdictional requirements to maintain records in both the local language and English. Setting up systems correctly is crucial to avoid compliance issues later. The choice of entity structure directly affects a company’s global tax liabilities. An incorrect choice can lead to inefficient tax arrangements and increased burdens, undermining financial health and growth.

• Culture. Consider the country’s work culture and language requirements when expanding a business, as local employees may have different work ethics, and legal documents may need to be in the local language or bilingual. Additionally, some countries mandate communication with authorities and legal documentation to be in the local language.

• HR. Companies must follow the local labor laws, benefits and HR requirements to hire employees in a foreign country. Something as simple as average paid time-off (PTO) in the U.S., cost more than double in the 20 most-developed countries. And in most cases, employment contracts favor employees and may include termination protection. Headcount is another consideration. For instance, establishing a subsidiary might be necessary for sizeable operations requiring a local workforce, while a representative office could suffice for smaller teams.

• Country Laws. Before expanding into new markets, businesses must research restrictions or prohibitions on foreign companies operating in specific sectors, as regulations vary and are subject to change. Choosing the wrong entity structure can severely impact company operations, straining finances and derailing long-term growth plans.

This list alone is a lot to consider for any organization, however this is the mere tip of the iceberg. The good thing is there are multiple resources available to alleviate the load. When a lack of speed or local expertise are among an organization’s top concerns, an Employer-of-Record (EOR) may be the best option for achieving global growth objectives, as they’ve already done the costly and arduous work of setting up entities around the world. This includes all the banking, insurance, tax, HR, facilities and contract requirements. They abide by local employment laws to create an infrastructure to employ and pay local workers.

The Value of Strategic Guidance for Successful Global Expansion

The value of strategic guidance for successful global expansion cannot be overstated. Tailored advice and insights are essential for navigating the complexities of international markets and avoiding common pitfalls.

When considering global expansion, the process can initially appear overwhelming, particularly if the destination is unclear. By addressing these questions and the factors above, businesses can clarify their expansion objectives and make informed decisions about where and why to expand internationally.

What the UK Procurement Act 2023 means for B2B payments

Interview with Pat Bermingham, CEO at B2B payment processor Adflex, exploring how businesses in the UK need to adapt to the upcoming Procurement Act

What is the UK Procurement Act 2023?

The Act “provides for simpler procurement processes to support small businesses and innovation, and to protect against national security risks in public contracts”, according to the UK Government. It received Royal Assent on 26 October 2023 and is expected to come in force in Autumn 2024.

With 50,000 businesses closing each year in the UK due to suppliers not being paid on time, the Procurement Act 2023 should be a welcome piece of legislation. A 2022 survey found that 55% of the British public would support more controls to prevent late payments. In the same year, PwC determined that the length of time taken for invoices to be paid to SMEs reached a five-year high. The FSB concurred, finding that 25% of UK small businesses had reported an increase in late payments in the three months prior.

As digital payments become the norm, there is simply no excuse today for failing to pay promptly. With this Act, those who pay on time will reap the benefits of closer relationships throughout the supply chain. Those who do not, may find themselves removed from preferred buyer lists.

Why has it been implemented?

The government had hoped that its Procurement Policy

Note 08/12, now replaced by 10/23, would help reduce late payments by incentivising prompt payment. It aimed to make it more difficult for companies to bid for government contracts without a proven track record of paying promptly. The Procurement Act 2023 will enshrine this in law, aiming to make payment within 30 days common practice in the UK.

The new rules aim to avoid unfairly penalising businesses that lack the resources of larger suppliers, making it easier for suppliers of all sizes to do business with the public sector. This will also prevent unfair practices where larger businesses effectively treat smaller businesses as a free line of credit, by paying late on a regular basis.

So, what are the new rules?

In simple terms, the Act aims to ensure that public sector contract payments of £30,000 or more are always made promptly. It details that contracting authorities must publish specified information about any payment made for more than this amount under a public contract. This information must be published before the end of a 30 day period, beginning with the last day of the quarter in which the payment was made.

Section 68 of the Act requires all authorities to pay undisputed invoices within 30 days of the date the invoice is received, or for which the payment is due. Section 73 of the Act ensures that this obligation passes down through all suppliers in the supply chain (i.e. those who have subcontracted some or all the contract requirements), and who will therefore have to abide by the same terms for prompt payment.

More widely, the Procurement Act 2023 also removes five existing procurement procedures and replaces them with three simpler options: direct awards of contracts; singlestage competitive tendering processes, with no restrictions on who can submit for them; and other competitive tender processes that contracting authorities deem appropriate.

Will the Procurement Act 2023 cause a payment processing nightmare for UK businesses?

No, businesses should not be at all worried by this new Act. Technologies and payment options today mean there are multiple ways to ensure easy compliance and therefore remain open to government contracts.

Buyers can use commercial cards to extend working capital though lines of credit, in many cases for 30-90 days, offered by their card issuer. This means a buyer can pay their supplier faster, while enjoying extended terms with their bank.

Straight-Through Processing and virtual cards are also helping businesses automate payments from buyers to suppliers, reducing cost and friction in transaction while strengthening buyer-supplier relationship through choice in payment methods. STP is buyerinitiated rather than supplier-initiated, flipping the entire established B2B payment process on its head to enable buyers to make payments quickly, eliminating card terminals and online pay pages. Accounts Receivable processes can also be enhanced with payment notifications to automate reconciliation and payment allocation.

The Procurement Act 2023 is an opportunity for all businesses to achieve a level playing field, paying a fair amount in a fair timeframe.

Is there anything else interesting in the Act?

A couple of other details that businesses may find interesting include changing “Most Economically Advantageous Tender” to “Most Advantageous Tender”. The Government is broadening the scope of what is considered value for money, intended to encourage consideration of value-adds such as technical, social or cultural benefits and looking beyond a short-term vision led primarily by price.

And while we don’t want to scare any business that is or wants to be involved in public sector contracts, it’s worth noting that as part of the Act’s focus on transparency, ministers will be able to place businesses on a “debarment list”, which removes a supplier from contracting authority markets. This is intended as a last resort measure only for cases where suppliers perform poorly on contracts and show little attempt to rectify any issues.

With the Procurement Act 2023, it pays to pay on time.

About Pat:

Patrick Bermingham is CEO at Adflex. He has over 20 years’ experience in the payments industry, overseeing the growth and development of Adflex as a premier B2B payments service provider. Prior to Adflex, Patrick was specialised in ERP system design and development primary targeting mail order and national distribution sectors.

About Adflex:

Adflex creates unique value in the global B2B supply chain by delivering fast and costeffective digital payments integration.

Through its specialist consultancy and stakeholder agnostic digital payments platform, Adflex enables strategic advantage for the world’s buyers and suppliers by dramatically simplifying their payment issuance and acceptance. Through Adflex, buyers can quickly onboard a wider range of qualified suppliers than ever before. Similarly, suppliers can establish partner-of-choice status with more buyers than otherwise possible.

Adflex processes over 7,000,000 supply chain transactions a year for more than 4,000 businesses, including some of the world’s largest enterprises.

Adflex’s digital payment services support a wide range of sectors globally, including financial services, government and public services, transportation, logistics, healthcare and pharmaceuticals, and aerospace and defence.

You will get hit by ransomware.

Here’s

how to ensure business continuity

Banking and finance industry must brace for strict regulations –DORA is coming, and the impact is global.

In today’s digital landscape, it’s not a question of if your business will get hit by ransomware, but when. The rate, scope, and complexity of ransomware attacks have all increased significantly over the last two years, posing a significant and growing threat to organizations of all sizes across industries. The key to mitigating this threat lies in how well-prepared you are to bounce back when the inevitable happens.

According to a 2023 Total Economic Impact study conducted by Forrester Consulting and commissioned by Keepit, three-quarters of security decision-makers reported experiencing a breach in the last 12 months. This highlights how pervasive ransomware attacks are now, and it underscores the urgent need for robust mitigation strategies. The study emphasizes that while backups are the best insurance policy against an attack, their effectiveness hinges on being part of a well-planned and tested backup and recovery process.

What can you do to mitigate impact?

So, what steps can organizations take today to prepare for and mitigate the impact of future ransomware attacks?

First and foremost, ensure that your disaster recovery measures are in place and that business continuity is secured. This involves mapping out your critical systems and data and identifying tier-one users who need quick restoration of access in the event of an attack. Prioritize which data are crucial for resuming your normal business operations, and ensure that your backup and recovery processes are regularly tested to validate their effectiveness.

In the realm of banking and finance, additional considerations come into play. With the implementation of the Digital Operational Resilience Act (DORA) in the European Union, financial institutions around the world are facing heightened scrutiny and regulatory requirements regarding cybersecurity practices. DORA mandates improvements in incident response capabilities, placing a greater emphasis on the need for resilient backup and recovery solutions.

DORA: From the EU with love…

DORA’s impact isn’t limited to European organizations. Its require banking and finance companies doing business in the EU and companies that do business with them to meet the requirements. That means, for example, that a US organization supplying technology and communication services to improve cybersecurity at a European financial institution may have to meet the DORA regulations. Incident response, disaster recovery, and even seemingly boring backoffice technology services like voice networking or print and copy management, may fall under DORA’s umbrella.

Failure to comply with DORA can result in severe penalties, including fines of up to 2% of an entity’s total annual worldwide revenues. Therefore, it’s imperative for financial firms operating in the EU, as well as their technology suppliers, to align their backup and recovery policies with the requirements outlined in DORA.

Must-haves: Segregated backup and granular recovery

Choosing backup and recovery technology that is in compliance with DORA’s requirements for backup and recovery policies, procedures, and methods is critical. The technology should align closely with the core requirements of DORA. For example, article 12.3 says that “when restoring backup data using own systems, financial entities shall use ICT systems that are physically and logically segregated from the source ICT system. The ICT systems shall be securely protected from any unauthorised access or ICT corruption and allow for the timely restoration of services making use of data and system backups as necessary.”

By using segregated backup systems that are securely protected from unauthorized access; by storing backup data in two separate, mirrored locations; and by maintaining full control over the technology stack, organizations can ensure the integrity and availability of critical data in the event of an attack.

Additionally, the granular data recovery capabilities provided by compliant backup and recovery solutions enable organizations to retrieve lost or compromised data quickly and easily, minimizing downtime and disruption to business operations. With the assurance of tamper-proof data integrity delivered through blockchain algorithms, compliant solutions offer a comprehensive approach to safeguarding against the impact of ransomware attacks.

And plenty of acronyms in the UK and US too: FCA, PRA, CISA and SEC

While the EU are often regarded as the frontrunner when it comes to regulations aimed at bolster cyber resilience, the UK and US are of course establishing their own regulations and setting down guidelines for specific industries.

In the UK “the FCA and PRA describe operational resilience as the ability of firms and the financial sector as a whole to prevent, adapt, respond to, recover and learn from operational disruptions and, accordingly, look beyond the technological aspect.” (White & Case Attorneys).

US banking regulators are in the game, too. The US Federal Reserve has spearheaded the issuance of ”Sound practices to strengthen operational resilience” as guidance, and the US Cybersecurity and Infrastructure Security Agency (CISA) have their own recommendations. Publicly traded companies fall under the guidelines issued by the Securities and Exchange Commission (SEC). Even individual states, such as New York and California, are expected to issue their own regulatory requirements. Most of these regulatory regimes have a lot of overlap with the core requirements of DORA: “have a backup, using a technology that provides isolated and tamper-proof backups, and be prepared to use it when necessary.”

While the threat of ransomware looms large, it’s not insurmountable. By proactively taking measures such as choosing robust backup and recovery solutions that adhere to regulatory frameworks like DORA, organizations can significantly lower downtime and mitigate the impact of attacks, ensuring business continuity in an increasingly volatile digital landscape.

Top concerns among CFOs for 2024, and how they can mitigate against external risks

Supply chain disruptions, geopolitical turmoil, soaring inflation, and the Covid-19 pandemic have presented global businesses with a multitude of challenges in recent years. As a result of this, CFOs and financial decision makers have had to adopt resilience and agility in order to future proof and protect their operations. And those who are in the strongest position for future uncertainty have effectively implemented digital solutions to optimise and streamline their operations.

The top concerns for CFOs

We are seeing some divergence when it comes to the top concerns for CFOs. As the past four years have been marked by instability, the areas of business which CFOs are most and least worried about are naturally evolving. Taulia’s latest Charting CFO Paths insight report found that economic challenges were finance leaders’ top concern for 2023, with more than two in five (42%) citing inflation as their greatest worry when looking ahead.

This is unsurprising considering that CPI peaked at 11% in the UK in 2022. High costs made it difficult for businesses to stay afloat and continue operating – growth was not on the agenda for the majority of leaders. However, as we get into the swing of 2024, inflation is slowly subsiding. With US inflation cooling to 3.1% and the UK sitting at 5.1%, cost pressures are less pertinent and we are now likely looking at a priority shift towards operational challenges fueled by geopolitical events.

The impact of geopolitical events

Geopolitical uncertainty undermines the stability that businesses need to uphold a dependable supply chain. We have already experienced significant instability this year, motivated by the war in the Middle East and recent Houthi retaliation in the Red Sea has added considerable time to the journeys of shipping vessels. Despite hopes for de-escalation, the reality is that disruption and uncertainty remains – and is unlikely to disappear any time soon.

With Houthi attacks starting late in 2023, the targeting of shipping vessels meant businesses had to change routes if they wanted to move goods through the Suez canal. As a result of this, major container shipping companies opted to avoid the Red Sea and Suez Canal altogether, choosing the longer route around Africa’s Cape of Good Hope. However, this detour extends the journey from Asia to Europe by three to four weeks, substantially elevating costs and straining the supply of goods to businesses.

General elections are another source of disruption for supply chain stability, and with approximately 64 set to go ahead across the world in 2024, businesses are likely to act with caution. Increased uncertainty, political polarisation and potential new trade agreements all play a part in disturbing the balance of business deals and the smooth flow of supply chains.

Building resilient supply chains

Global supply chains involve numerous intermediaries, from producers to processors, wholesalers, packers, buyers, distributors, and retailers. This intricate process resembles a string of dominoes, where a single misstep or delayed payment can disrupt the entire chain – and ongoing tensions in the Red Sea and preemptive caution ahead of general elections have already triggered domino effects for various businesses this year. This is already causing huge disruption to supply chains as businesses are left to endure delays resulting from redirected shipping routes, or absorb higher prices for supplies sourced closer to home.

Onshoring, nearshoring, and friendshoring are various sourcing strategies that businesses are using to mitigate the operational risks stemming from geopolitical events. Opting to source supplies from neighbouring countries or domestically can enhance supply chain stability, albeit at a higher cost. Despite the increased expenses, many companies find the investment worthwhile – according to McKinsey research, over the past 12 months, two-thirds of supply chain leaders have increased their reliance on suppliers located closer to their production sites. That is a significant jump from the number of firms adopting nearshoring strategies in 2022.

In addition to geographical proximity, businesses may explore friendshoring, relocating production to countries with more favourable relations. However, this approach does not protect against disruptions encountered during transportation, such as those currently underway in the Red Sea. Alternatively, some businesses are also looking to manage risk through diversification, spreading source materials over several suppliers.

The role of digitisation

If businesses are looking to de-risk, one of the most effective changes they can make is to invest in technology. Innovating and introducing new technology allows organisations to streamline and automate processes, optimising production and supply chain management during testing circumstances. And it can protect them against potential future disruptions too. Swift decisionmaking is paramount, especially during periods of geopolitical disruption and the ability to strategise and pivot before becoming bogged down in a crisis is crucial. By digitising systems and operations, businesses gain visibility and insights that enhance this agility.

This is evident in Taulia’s Charting CFO Paths report, which showed that nearly half (48%) of CFOs intend to increase investment in IT infrastructure.

Looking ahead

The past four years have well and truly taught us that building a resilient, agile supply chain isn’t just a ‘nice to have’. It’s critical to resilience and future success. Implementing nearshoring strategies and digitising systems are the foundations for building sustainable business practices through geopolitical pain points and unexpected global events.

Looking ahead to the rest of 2024, we are starting to see where the priorities of financial leaders lie and how these are going to compare to 2023. While inflation has taken centre stage for the best part of the last 12 months, there is little doubt that geopolitical turmoil will be the top concern of business leaders this year.

Cross-border payments: The key to global business success

In an international market, smooth cross-border payments processes are critical for businesses wanting to sell to consumers abroad, but expansion also comes with challenges that must be overcome to safeguard success.

The value of cross-border payments is estimated to increase from almost $150 trillion in 2017 to over $250 trillion by 2027 equating to a rise of over $100 trillion in just 10 years. With the growth of cross-border payments, businesses are looking for fast and efficient methods for accepting payments across different regions.

In this article, we explore the challenges businesses face when it comes to cross-border payments, and what they can do to mitigate them.

The challenges presented by borders

Expanding into new markets presents unique challenges stemming from diverse local legislation and standards. Disparities often act as points of friction for business operations and strategic decision-making. Staying on top of the changing regulatory landscape within a single market is already demanding, and this complexity increases when entering multiple markets, with non-compliance often resulting in fines and penalties.

What’s more, outdated payment platforms may contribute to, and exacerbate inefficiencies. Some regions still rely on payments infrastructure that was designed during the early days of electronic banking, resulting in slow processes. When multiple legacy systems interact in cross-border transactions the challenges are then amplified.

The diverse payment preferences observed across different markets are accompanied by their own fee structures and setup requirements. For example, while one market may favour credit card payments, another might lean towards e-wallets, mobile payment platforms or cash-based methods, each with different fee structures and settlement terms. Understanding the different payment preferences across regions and integrating multiple payment methods can be complex and resource-intensive for merchants, requiring customised solutions for each market and method. Ensuring compatibility and seamless functionality across various payment systems is vital.

Each market presents unique risk profiles largely influenced by inadequate AML regulations and enforcement, political instability and corruption, limited international cooperation, economic vulnerabilities and geopolitical considerations. These factors also impact cross-border payments in these markets.

Moreover, linguistic and cultural disparities can impede the payment process. Merchants must localise their checkout experiences to deliver seamless transactions for customers across different regions. Ensuring the payment page has customisation features to accommodate this is extremely important.

Fraud and security can’t be overlooked as cross-border transactions attract the attention of opportunistic fraudsters. In response, merchants must prioritise the implementation of rigorous fraud detection and prevention measures. By strengthening their anti-fraud mechanisms, merchants can protect not only their own interests but also uphold the security and trust of their customers.

The importance of using the right payments partner

Commerce is no longer restricted by geographic borders, opening opportunities for retailers to tap into the cross-border market. This unlocks potential new customers but success hinges on the creation of a seamless payment experience.

Merchants therefore need to ensure that they use the right payment partner who has the right local market knowledge and expertise to penetrate their desired region successfully. By doing so, they will ensure they are not only optimised for the market into which they are expanding but also that the payment strategy for that market integrates with their global systems and processes.

PSPs can be invaluable to merchants looking to expand oversees, but there are particular features that merchants should look for to select the right partner:

• Global reach: global coverage indicates a payments provider is equipped to handle multiple currencies and payment methods, catering to a diverse customer base spanning across countries.

• Expertise in compliance: a payment provider known for its proficiency in navigating intricate international regulations and compliance standards, will help mitigate legal risks related to payments and ensure seamless operations across borders.

• Robust fraud prevention: robust fraud detection and prevention tools is essential for safeguarding against fraudulent activities that often proliferate in cross-border transactions; this enables merchants to safeguard their revenue.

• Responsive customer support: responsiveness and effectiveness of the payment provider’s customer support services must be assessed, particularly concerning issues related to crossborder transactions. Swift reaction to issues ensures uninterrupted business operations and can enhance customer satisfaction.

• Scalability and growth support: a chosen provider should have the capacity to accommodate escalating transaction volumes and facilitate expansion into new markets.

• Seamless integration: a seamless integration process will minimise disruption to business operations and will enable the payment solution to be used in-market in a timely manner. This ensures a smooth transition, comprehensive analytics, detailed reporting and uninterrupted operations.

Cross-border payments are evolving, with the projected increase in value indicating an expansion in global commerce. The potential for growth is high, especially for retailers willing to tap into new markets.

Selecting the right payment partner equipped with local market knowledge, global reach capabilities, compliance expertise, robust fraud prevention solutions, customer support, potential for scalability and seamless integration processes is crucial for success in entering new regions. By adapting to local preferences, merchants can optimise conversion rates and capitalise on the opportunities presented by cross-border commerce.