In some ways, it’s easy to think of Financial Services as that sector that is relatively dry, dominated by numbers, probabilities and cut-and-dried transactions. Few imagine it as some 1980s-esque dystopian future feature film with robotics, anthropomorphic, intelligent machines, and digital attacks incoming like staccato laser shots. Yet the future of FinTech is delivering an impressive array of technological advancements that improve the accuracy, efficiency, management, and even anonymity of transactions.
A few decades ago, the financial services industry created dedicated e-business units to ride the e-commerce wave; eventually the “e” went away and the sector fully embraced end-to-end digitization. Because of the volume and scale of data available not only about financial trending but also about customer preferences, investing trends, and risk ratings, coupled with the need to improve efficiency and scale, Financial Services has embraced technology for the many advantages it delivers. Yet today, tech advancements are not only moving toward an impressive, futuristic vision, they may just be moving faster than their cybersecurity and regulatory counterparts.
While Financial Technology (FinTech) has dived head first into many areas, let’s explore six technology enablers that are effectively reconfiguring the landscape of FinServ, as well as the potential cybersecurity concerns that come with them: Big Data, Artificial Intelligence, Machine Learning, Robotic Process Automation, Distributed Ledger (blockchain), and Cloud Computing.
Big Data: Few recent tech trends have had as big an impact on FinServ as Big Data. Many Financial Services companies employ the power of Big Data for predictive analytics about clients’ risk profiles for tailored financing and lending, as well as allowing for more accurate internal audits. While Big Data is a great cybersecurity enabler via its ability to use its data analytics muscle to assess cyber risk and predict threats, it also creates a very attractive cyber target by consolidating vast pools of enticing sensitive data all in one place.
Artificial Intelligence (AI): AI is being employed in limited use cases today by select companies to monitor for fraud and large transaction volumes, analyze and understand how account holders are spending and investing (to provide more customized advice), analyze market data to improve investment strategies, and assist IT service agents in finding answers to customer queries. In the future, it’s applications and influence will likely continue to expand. AIs run on applications; applications can be hacked. The more control AIs have over FinServ transactions, decisions, and data, the more important cybersecurity controls and oversight will become.
Machine Learning: Machine learning is a type of AI that enables software to learn autonomously. FinServ companies use it for predictive analysis for credit scores and loan risk, credit risk models, analyzing current portfolios, and (used in combination with Big Data) fraud detection. Assuring the integrity and accuracy of the data generated by Machine Learning is important; again, these applications should be secured against hacks, particularly if they have influence over customer-impacting transactions.
Robotic Processing Automation (RPA): RPA is the use of software with AI and Machine Learning to handle high-volume, repeatable tasks. It will help firms automate a vast array of previously manual processes, such as application processing, background checking, credit checking, assessment of the property, and approval, management of accounts payable, travel and expense processes. Like AI and Machine Learning, RPA can be hacked, providing access to sensitive Personally Identifiable Information.
Distributed Ledger (Blockchain): Distributed Ledger is appealing to FinServ because of the efficiency and ability to create a true, verifiable, and unchangeable record of transactions. To date, most current uses regard clearing securities and facilitating/improving the efficiency of international payments. The most likely future uses are identity and access management and institutional custody for crypto-assets. While cryptocurrencies have been hacked, those have been mostly attributable to hacked bitcoin wallets or hacked exchanges. This, however, does not mean that blockchain itself does not carry risks; these may emerge, such as the as-of-now theoretical 51% attack, when solutions are deployed at scale, when they could pose significant financial destabilization.
Ravi Raghavan is senior director of Coalfire’s Cyber Risk Advisory practice, focusing on advising the board, C-suite, information risk executives and related advisory committees on risk management, cybersecurity strategy, governance, overall technology management, and compliance.
Cloud Computing: The Enabler
Financial Services already employ cloud services, and they will likely become the dominant infrastructure model as these enterprises become even more digitized and tech enabled. Many banks are moving to SaaS-based applications for business processes that are considered non-core, as well as other business functions on the fringe of core operations like security analytics and KYC verification. Cloud providers have much in stake to make sure the data is protected and meet regulatory and privacy requirements, but users of cloud solutions have a lot of control over security configurations and security management, a key component of assuring secure cloud usage.
Can Regulations Keep Up?
Regulatory pressure is already considerable and will increase as frameworks evolve to meet the demands of new technological advancements. Generally, regulatory frameworks don’t address new technologies until they begin to hit mainstream adoption, and enterprises must work to assure their own security for those new technological use cases. In all cases, compliance alone is rarely sufficient to protect an organization—security in the digital world depends on robust cybersecurity programs managed to meet risks coming from multiple directions. From private enterprises to governmental agencies, there is a focus on consortiums or trade group to crystalize regulatory needs. The focus will shift from rearview compliance to proactive continuous adaptive risk assessment to remove audit fatigue and look forward to potential risks. RegTech is the new confluence of regulations and technology, to address regulatory challenges using technology in the FinTech world.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply