Strengthening Information Security

The Combined Power of Identity & Access Management and Data Access Controls

The digital age presents a double-edged sword for businesses. While technology advancements offer exciting capabilities in cloud, data analytics, and customer experience, they also introduce new security challenges. Data breaches are a constant threat, costing businesses an average of $4.45 million per incident according to a 2023 IBM report (https://www.ibm.com/reports/data-breach) and eroding consumer trust. Traditional security measures often fall short, leaving vulnerabilities for attackers to exploit. These attackers, targeting poorly managed identities and weak data protection, aim to disrupt operations, steal sensitive information, or even hold companies hostage. The impact extends beyond the business itself, damaging customers, stakeholders, and the broader financial market

Source: Breachsense blog – Cost of a Data Breach

In response to these evolving threats, the European Commission (EU) has implemented the Digital Operational Resilience Act (DORA) (Regulation (EU) 2022/2554). This regulation focuses on strengthening information and communications technology (ICT) resilience standards in the financial services sector. While designed for the EU, DORA’s requirements offer valuable insights for businesses globally, especially those with operations in the EU or the UK. DORA mandates that financial institutions define, approve, oversee, and be accountable for implementing a robust risk-management framework. This is where identity & access management (IAM) and data access controls (DAC).

Source: Sprinto blog – Industries Under Siege: Data Breach Statistics by Industry

The Threat Landscape and Importance of Data Security

Data breaches are just one piece of the security puzzle. Malicious entities also employ malware, phishing attacks, and even exploit human error to gain unauthorised access to sensitive data. Regulatory compliance further emphasises the importance of data security. Frameworks like GDPR and HIPAA mandate robust data protection measures. Failure to comply can result in hefty fines and reputational damage.

Organisations, in a rapidly-evolving hybrid working environment, urgently need to implement or review their information security strategy. This includes solutions that not only reduce the attack surface but also improve control over who accesses what data within the organisation. IAM and DAC, along with fine-grained access provisioning for various data formats, are critical components of a strong cybersecurity strategy.

Keep reading to learn the key differences between IAM and DAC, and how they work in tandem to create a strong security posture.

Identity & Access Management (IAM)

Think of IAM as the gatekeeper to your digital environment. It ensures only authorised users can access specific systems and resources. Here is a breakdown of its core components:

  1. Identity Management (authentication): This involves creating, managing, and authenticating user identities. IAM systems manage user provisioning (granting access), authentication (verifying user identity through methods like passwords or multi-factor authentication [MFA]), and authorisation (determining user permissions). Common identity management practices include:
    • Single Sign-On (SSO): Users can access multiple applications with a single login, improving convenience and security.
    • Multi-Factor Authentication (MFA):An extra layer of security requiring an additional verification factor beyond a password (e.g., fingerprint, security code).
    • Passwordless: A recent usability improvement removes the use of passwords and replaces them with authentication apps and biometrics.
    • Adaptive or Risk-based Authentication: Uses AI and machine learning to analyse user behaviour and adjust authentication requirements in real-time based on risk level.
  2. Access Management (authorisation): Once a user has had their identity authenticated, then access management checks to see what resources the user has access to. IAM systems apply tailored access policies based on user identities and other attributes. Once verified, IAM controls access to applications, data, and other resources.

Advanced IAM concepts like Privileged Access Management (PAM) focus on securing access for privileged users with high-level permissions, while Identity Governance ensures user access is reviewed and updated regularly.

Data Access Control (DAC)

While IAM focuses on user identities and overall system access, DAC takes a more granular approach, regulating access to specific data stored within those systems. Here are some common DAC models:

  • Discretionary Access Control (also DAC): Allows data owners to manage access permissions for other users. While offering flexibility, it can lead to inconsistencies and security risks if not managed properly. One example of this is UNIX files, where an owner of a file can grant or deny other users access.
  • Mandatory Access Control (MAC): Here, the system enforces access based on pre-defined security labels assigned to data and users. This offers stricter control but requires careful configuration.
  • Role-Based Access Control (RBAC): This approach complements IAM RBAC by defining access permissions for specific data sets based on user roles.
  • Attribute-Based Access Control (ABAC): Permissions are granted based on a combination of user attributes, data attributes, and environmental attributes, offering a more dynamic and contextual approach.
  • Encryption: Data is rendered unreadable without the appropriate decryption key, adding another layer of protection.

IAM vs. DAC: Key Differences and Working Together

While IAM and DAC serve distinct purposes, they work in harmony to create a comprehensive security posture. Here is a table summarising the key differences:

FEATURE

IAM

DAC

Description

Controls access to applications

Controls access to data within applications

Granularity

Broader – manages access to entire systems

More fine-grained – controls access to specific data check user attributes

Enforcement

User-based (IAM) or system-based (MAC)

System-based enforcement (MAC) or user-based (DAC)

Imagine an employee accessing customer data in a CRM system. IAM verifies their identity and grants access to the CRM application. However, DAC determines what specific customer data they can view or modify based on their role (e.g., a sales representative might have access to contact information but not financial details).

Dispelling Common Myths

Several misconceptions surround IAM and DAC. Here is why they are not entirely accurate:

  • Myth 1: IAM is all I need. The most common mistake that organisations make is to conflate IAM and DAC, or worse, assume that if they have IAM, that includes DAC. Here is a hint. It does not.
  • Myth 2: IAM is only needed by large enterprises. Businesses of all sizes must use IAM to secure access to their applications and ensure compliance. Scalable IAM solutions are readily available.
  • Myth 3: More IAM tools equal better security. A layered approach is crucial. Implementing too many overlapping IAM tools can create complexity and management overhead. Focus on choosing the right tools that complement each other and address specific security needs.
  • Myth 4: Data access control is enough for complete security. While DAC plays a vital role, it is only one piece of the puzzle. Strong IAM practices ensure authorised users are accessing systems, while DAC manages their access to specific data within those systems. A comprehensive security strategy requires both.

Tools for Effective IAM and DAC

There are various IAM and DAC solutions available, and the best choice depends on your specific needs. While Active Directory remains a popular IAM solution for Windows-based environments, it may not be ideal for complex IT infrastructures or organisations managing vast numbers of users and data access needs.

Imagine a scenario where your application has 1,000 users and holds sensitive & personal customer information for 1,000,000 customers split across ten countries and five products. Not every user should see every customer record. It might be limited to the country the user works in and the specific product they support. This is the “Principle of Least Privilege.” Applying this principle is critical to demonstrating you have appropriate data access controls.

To control access to this data, you would need to create tens of thousands of AD groups for every combination of country or countries and product or products. This is unsustainable and makes choosing AD groups to manage data access control an extremely poor choice.

The complexity of managing nested AD groups and potential integration challenges with non-Windows systems highlight the importance of carefully evaluating your specific needs when choosing IAM tools. Consider exploring cloud-based IAM platforms or Identity Governance and Administration (IGA) solutions for centralised management and streamlined access control.

Building a Strong Security Strategy

The EU’s Digital Operational Resilience Act (DORA) emphasises strong IAM practices for financial institutions and will coming into act from 17 January 2025. DORA requires financial organisations to define, approve, oversee, and be accountable for implementing robust IAM and data access controls as part of their risk management framework.

Here are some key areas where IAM and DAC can help organisations comply with DORA and protect themselves:

DORA Pillar

How IAM helps

How DAC helps

ICT risk management

  • Identifies risks associated with unauthorised access/misuse
  • Detects users with excessive permissions or dormant accounts

  • Minimises damage from breaches by restricting access to specific data

ICT related incident reporting

  • Provides audit logs for investigating breaches (user activity, login attempts, accessed resources)
  • Helps identify source of attack and compromised accounts

  • Helps determine scope of breach and potentially affected information

ICT third-party risk management

  • Manages access for third-party vendors/partners
  • Grants temporary access with limited permissions, reducing attack surface

  • Restricts access for third-party vendors by limiting ability to view/modify sensitive data

Information sharing

  • Permissions designated users authorised to share sensitive information

  • Controls access to shared information via roles and rules

Digital operational resilience testing

  • Enables testing of IAM controls to identify vulnerabilities
  • Penetration testing simulates attacks to assess effectiveness of IAM controls

  • Ensures data access restrictions are properly enforced and minimizes breach impact

Understanding IAM and DAC empowers you to build a robust data security strategy

Use these strategies to leverage the benefits of IAM and DAC combined:

  • Recognise the difference between IAM and DAC, and how they are implemented in your organisation
  • Conduct regular IAM and DAC audits to identify and address vulnerabilities
  • Implement best practices like the Principle of Least Privilege (granting users only the minimum access required for their job function)
  • Regularly review and update user access permissions
  • Educate employees on security best practices (e.g., password hygiene, phishing awareness)

Explore different IAM and DAC solutions based on your specific organisational needs and security posture. Remember, a layered approach that combines IAM, DAC, and other security measures like encryption creates the most effective defence against data breaches and unauthorised access.

Conclusion

By leveraging the combined power of IAM and DAC, you can ensure only the right people have access to the right data at the right time. This fosters trust with stakeholders, protects your reputation, and safeguards your valuable information assets.

by Nivetha Balasubramaniam and Jaidip Banerjee

Top 5 Trends for MLROs in 2024

Our Financial Crime Practice Lead, Kavita Harwani, recently attended the FRC Leadership Convention at the Celtic Manor, Newport, Wales. This gave us the opportunity to engage with senior leaders in the financial risk and compliance space on the latest best practices, upcoming technology advances, and practical insights.

Criminals are becoming increasingly sophisticated, driving MLROs to innovate their financial crime controls. There is never a quiet time for FRC professionals, but 2024 is proving to be exceptionally busy.
Our view on the top five trends that MLROs need to focus on is presented here.

Top 5 Trends

  1. Minimise costs by using technology to scan the regulatory horizon and identify impacts on your business
  2. Accelerating transaction monitoring & decisioning by applying AI & data analytics
  3. Optimising due diligence with a 360 view of the customers
  4. Improving operational efficiency by using machine learning to automate alert handling
  5. Reducing financial crime risk through training and communications programmes.

1. Regulatory Compliance and Adaptation

MLROs need to stay abreast of evolving regulatory frameworks and compliance requirements. With regulatory changes occurring frequently, MLROs must ensure their organisations are compliant with the latest anti-money laundering (AML) and counter-terrorist financing (CTF) regulations.

This involves scanning the regulatory horizon, updating policies, procedures, and systems to reflect regulatory updates and adapting swiftly to new compliance challenges.

2. Technology & Data Analytics

MLROs will increasingly leverage advanced technology and data analytics tools to enhance their AML capabilities.

Machine learning algorithms and predictive analytics can help identify suspicious activities more effectively, allowing MLROs to detect and prevent money laundering and financial crime quicker, at lower cost, and with higher accuracy rates.

MLROs must focus on implementing robust AML technologies and optimising data analytics strategies to improve risk detection and decision-making processes.

3. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

MLROs should prioritise strengthening CDD processes to better understand their customers’ risk of committing financial crimes.

Enhanced due diligence is critical for high-risk customers, such as politically exposed persons (PEPs) and high net worth individuals (HNWIs).

MLROs should focus on enhancing risk-based approaches to CDD and EDD, leveraging technology and data analytics to streamline customer onboarding processes while maintaining compliance with regulatory requirements.

4. Transaction Monitoring and Suspicious Activity Reporting

MLROs will continue to refine transaction monitoring systems to effectively identify suspicious activities and generate accurate alerts for investigation.

MLROs should focus on optimising transaction monitoring rules and scenarios to reduce false positives and prioritise high-risk transactions for further review.

Enhanced collaboration with law enforcement agencies and financial intelligence units will be crucial for timely and accurate suspicious activity reporting. Cross-industry collaboration is an expanding route to quicker insights on bad actors and behaviours.

5. Training and Awareness Programmes

MLROs must invest in comprehensive training and awareness programs to educate employees on AML risks, obligations, and best practices.

Building a strong culture of compliance within the organisation is essential for effective AML risk management.

Additionally, MLROs must promote a proactive approach to AML compliance, encouraging employees to raise concerns and seek guidance when faced with potential AML risks.

Conclusion

The expanded use of technology and data is becoming more evident from our discussions. The latest, ever-accelerating, improvements in automation and AI has brought a new set of opportunities to transform legacy manual, people-heavy processes into streamlined, efficient, and effective anti-financial crime departments.

Leading Point has a specialist financial crime team and can help strengthen your operations and meet these challenges in 2024. Reach out to our practice lead Kavita Harwani on kavita@leadingpoint.io to discuss your needs further.

by Kavita Harwani and Mansi Adatiya

Improving data access controls at a global insurer

"We approached Leading Point to support the enhancement of strategic data lake fine grained access controls capabilities. Their partnership approach working transversally across business and IT functions quickly surfaced root causes to be addressed as part of the improvement plan. Leading Point's approach to consulting services was particularly refreshing from a quality and cost stand point compared to some of the traditional players that we had consulted with before."

Head of Data Controls at Global Corporate Insurer

by Thushan Kumaraswamy

Helping a US broker-dealer manage its application estate using open source tools

Our client was a Fortune 500 US independent broker-dealer with over 17,500 financial advisors and over 1tn USD in  advisory and brokerage assets. They had a large application estate with nearly 1,000 applications they had either developed, bought or acquired through mergers and takeovers. The applications were captured in ServiceNow CMDB but there was little knowledge around flows, owners, data, and batch jobs.

Additionally, the client also wanted to roll out a new data strategy. Part of this engagement with their business community was to educate and inform about the data strategy and its impact on their work.

We were asked to implement an open source enterprise architecture tool called Waltz. Waltz had been originally developed at Deutsche Bank and had recently been released as open source software under FINOS (Fintech Open Source Foundation). Waltz is not widely-known in financial services yet and we saw this as a great opportunity to demonstrate the benefits of using open source tools.

To support the data strategy rollout, the client asked if we could build a simple and clear internal website to show the new data strategy and data model. The data model would be navigable to drill-down into more detail and provide links to existing documentation.

Our approach:

With our extensive implementation experience, we put together a small, experienced, cross-border team to deploy and configure Waltz. We knew that understanding the client's data was key; what data was required, where was it, how good was its quality. Waltz uses data around:

  • Organisational units - different structures depending on the viewpoint (business, technical)
  • People - managerial hierarchies, roles, responsibilities
  • Applications - owners, technologies, costs, licences, flows, batch jobs
  • Data - hierarchies, entities, attributes, definitions, quality, owners, lineage
  • Capabilities - owners, services, processes
  • Change - initiatives, costs, impact

We split our work into a number of workstreams:

  1. Data readiness - understand what data they had, the sources, and the quality
  2. Data configuration - understand the relationships between the data and prepare it for Waltz
  3. Waltz implementation - understand the base open source version of Waltz with its limitations, gather the client requirements (like single-sign on and configurable data loaders), develop the features into Waltz, and deploy Waltz at the client
  4. Data strategy website - understand the audience, design website prototype options for client review, build an interactive React website for the rollout roadshows

The project was challenging because, as ever, the state of the data. There were multiple inconsistencies which hinders the use of tooling to bring order. We needed to identify those inconsistencies, see who should own them, and ensure they were resolved.

With the flexibility of an enterprise architecture tool, it was important to be clear around the specific problems we wanted to solve for the client. We identified 10+ potential use cases that we worked with the client to narrow down. Future extensions of the project enabled us to extend into these other use cases.

One such problem was around batch job documentation. The client had thousands of Word docs specifying batch jobs transferring data between internal and external applications. These documents were held in SharePoint, Confluence, and local drives. This made it difficult to find information about specific batch jobs if something went wrong, for example.

We used the applications captured in Waltz and linked them together. We developed a new data loader that could import Word docs and extract the batch job information automatically from them. This was used to populate Waltz and make this information searchable, reducing the time spent by Support teams to find out about failed jobs.

One common negative that is raised about similar applications is the effort involved to get data into the application. Waltz accelerates this by sending surveys out to crowd-source knowledge from across the organisation. We found this a great way of engaging with users and capturing their experience into Waltz.

Our results:

We were able to deploy an open source enterprise architecture tool on a client's AWS cloud within three months. This included adding new features, such as single sign-on, improving existing Waltz capabilities, like the data loaders, and defining the data standards to enable smooth data integrations with source systems.

Using Waltz showed the client the value of bringing together disparate knowledge from around the organisation into one place. It does expose data gaps, but we always see this as a benefit for the client, as any improvement in data quality yields improved business results.

by Thushan Kumaraswamy

Helping a UK retail bank to benchmark their ESG progress against their peers

Our client wanted to improve their ESG position against their competitors, based on real data. They were unsure about where to start with ESG measurement and integrating ESG philosophy into their culture and business processes.

We were asked to come up with an ESG scoring model that could use existing public data from the client's peers against their own internal reporting data. This scoring model would be used to place the client against their peers in environmental, social, and governance groups, as well as an overall rating. Our ESG expertise was recognised in identifying which ESG frameworks could support this scoring model. We were also tasked with ensuring that their ESG philosophy was aligned to their purpose.

Our approach:

We used an example of best-in-class ESG stewardship in a Tier 1 financial services firm as a demonstration of what is possible. This case study covered how ESG impacted the firm across:

  1. Partnerships
  2. Products & services
  3. Diversity & inclusion
  4. Climate change
  5. Governance & ESG frameworks

We created an ESG scoring model that used existing ESG frameworks, such as SASB and UN SDGs. This scoring model included 32 questions across E, S and G categories. We researched public company reports to find data and references to key ESG themes. Thresholds were used to classify metrics and create a weighted score per category.

We emphasised the importance of authenticity in embedding ESG into a firm's culture. This was demonstrated through analysis of peer behaviour and assessing ESG integration into the peers' purpose. A set of recommendations were made to increase the maturity of ESG within the client, including specific frameworks and metrics to start tracking.

Our results:

The board members at the client were able to see where they stood versus their competitors, in more detail than ever before. This detail enabled a set of specific next steps to be laid out around establishing the ESG philosophy and policy of the client, which ESG areas to prioritise, changes to the risk appetite statement to incorporate ESG risks, and making a commitment to becoming net-zero.

by Thushan Kumaraswamy

Helping Adjoint gain ISO 27001 information security certification to support its expansion strategy

Adjoint required ISO certification to comply with legislation, across multiple jurisdictions, and increase confidence in their brand. Due to the nature of their clients (fortune 500 and international companies), a widely recognised accreditation was required. The firm's incorporation of next generation processing, such as distributed ledger technology (DLT), increased the complexity to achieve certification. Their global teams in the UK, Switzerland and USA, were undergoing a heavy scaling-up.

We were asked to customise and implement an ISO 27001 framework for global accreditation in IT security management.

Our approach:

  1. Capture delivery requirements
  2. Create relevant policies, procedures and a controls framework, for applicable IT functions
  3. Perform gap analysis and risk assessment
  4. Establish clear roles and responsibilities and deliver a formal training program
  5. Conduct internal assurance audit to identify incidents and data breaches
  6. Lead external certification process with BSI, through Stage 1 and 2 completion
  7. Provide agile delivery through to completion

Our results:

  • Effective coverage of all ISMS mandatory requirements surrounding ISO 27001
  • A new performance management system to track controls in company processes, structure and focal points
  • Global delivery, with clear road-mapping structure
  • Scaled offerings in open APIs and raised brand in the market
  • Improved sales process due to meeting client ISO requirements

by Rajen Madan

Helping a global investment bank reduce its residual risk with a target operating model

Our client asked us to provide operating model design & governance expertise for its anti-financial crime (AFC) controls. We reviewed and approved the bank’s AFC target operating model using our structured approach, ensuring designs were compliant with regulations, aligned to strategy, and delivered measurable outcomes.

We delivered clear designs with capability impact maps, process models, and system & data architecture diagrams, enabling change teams to execute the AFC strategy.

by Thushan Kumaraswamy and Rajen Madan

Improving a DLT FinTech's operations enabling rapid scaling in target markets

"Leading Point brings a top-flight management team, a reputation for quality and professionalism, and will heighten the value of [our] applications through its extensive knowledge of operations in the financial services sector."

Chief Risk Officer at DLT FinTech

by Rajen Madan

The Consumer Duty Regulation

Improving outcomes with the Consumer Duty Regulation

How can buy-side retail financial firms improve consumer outcomes and the wider economy?

The FCA introduced new guidelines, rules and policies last year in 2022, comprised as the Consumer Duty Regulation, to ensure products and services are delivered at fair value to customers, as well as a better standard of care. With the recent rise of the cost-of-living crisis, consumers are struggling and are faced with difficult times ahead, including the UK economy. This Duty lays out responsibilities for Boards and senior management within firms, to implement this regulation, to not only benefit consumers, but the wider economy.

 

In a recent review published by the FCA in January 2023, the FCA identified key areas where firms are meeting obligations, and where areas of improvement are required. As stated in the Policy Statement PS22/9, the FCA would like to see firms make full use of the implementation period of this three-year strategy, to implement the Duty effectively, and that by October 2022, ‘firm’s boards (or equivalent management body) should have agreed their plans for implementing the Duty’ and to have evidenced this, to ‘challenge their plans to ensure they are deliverable and robust’ (Consumer Duty Implementation Plans, FCA, Jan 2023).

 

This review published by the FCA, helps firms understand the FCA’s expectations, and to work together with firms to ensure the Duty is implemented effectively. The review identified that firms are behind with the implementation of the Duty and need to improve their approach. Three key areas were suggested where firms can focus on for the second half of the implementation period, the first being ‘effective prioritisation of the Duty’ – in order to reduce risk of poor customer outcomes, and to prioritise the implementation plans. The second ‘embedding substantive requirements’, on how firms are over-confident on their plans, and instead should focus on the substantive requirements laid out in the Duty, and review ‘their products and services, communications and customer journeys, they identify and make the changes needed to meet the new standards’ (Consumer Duty Implementation Plans, FCA, Jan 2023). The third area of focus identified was on how firms should work together with other firms, to share information in the distribution chain, to ensure the Duty can be implemented effectively and consistently (Consumer Duty Implementation Plans, FCA, Jan 2023).

What can retail financial firms do to improve and what are the implications of not meeting the Duty requirements?

From the FCA’s recent review, it has been determined there are still many areas by which firms are falling short, which raises the risks of not meeting the Duty obligation deadlines. From the governance aspect, the FCA’s review has established that the board members and senior management teams within firms, have no clearly defined and developed plans in place, neither timings, and lack engagement. When it comes to the plans compiled by firms, the project requirements and timelines are unclear, there is a lack of detail, explanation, and evidence on the implementation of the Duty, including how a firm’s purpose, culture and values are in alignment with the Duty.

 

Additionally, the review identified that firms also fail to define risks, and internal/external dependencies such as resource planning, budgeting, and technology resources, including working together with third parties, which as a result may impact the implementation plans. Further, firms fail to distinguish mitigation strategies and approaches or methodologies for conducting reviews and gap analysis of products, services, communications, and customer journeys, as part of implementation of the Four Outcomes within the Duty. Firms have also failed to provide in-depth details into the types of data they will require, and how this will be tested, and used, to better understand the customer outcomes, which is another key part of the Duty requirements.

How can Leading Point help to simplify this process?

At Leading Point, our team of expert practitioners can assist the board members and senior managers within retail financial firms, to conduct more in-depth project scope and planning, gap analysis, as well as workflow strategies, and assist to define clear methodologies and approaches to implement the Duty policies and rules. We are fully-equipped to help any organisation that is looking to improve their implementation plans for meeting the Consumer Regulations, to ensure deadlines are met, whilst reducing costs, and risks, with defined mitigation strategies, and enhanced quality of consumer data. This will not only better equip firms with meeting the Duty obligations, but will help to accelerate new business growth, to ensure high-quality products and services are delivered to consumers.

Appendix and Additional Information on the Duty Regulation

 

What is the Consumer Duty Regulation?

The FCA introduced the Consumer Duty Regulation, and published the Finalised Guidelines FG22/5, along with the Policy Statement PS22/9 in July 2022, which is a ‘standard of care firms should give to customers in retail financial markets’ (FG22/9, p.3).

 

The FCA states that the purpose of the Consumer Duty (‘the Duty’) is to provide ‘a fairer basis for competition’, to help ‘boost growth and innovation’ (What firms and customers can expect from the consumer duty and other regulatory reforms, FCA (Sept, 2022)).

 

The Duty is comprised of three key areas: A Consumer Principle; the Cross-Cutting Rules; and the Four Outcomes (FG22/9, p.3). Each of these three key areas focus on how firms should deliver suitable products and services, as well as good outcomes to consumers.

 

Which firms and who will it impact?

The FG22/5 Guidelines state that the Duty applies ‘across retail financial services’, and that ‘firms should review all examples in this guidance and consider how they may be relevant to their business models and practices’ (FG22/5).

 

As stated in the FG22/5 Guidance, it is the firms responsibility to identify which rules and principles are applicable to their firm, and ‘what they are required to do’ (FG22/5).

 

What is the timeline of this Regulation?

It has been proposed for the Duty to be enforced in two-phase implementation periods, the first being by the end of July 2023, whereby the Duty will apply to new and existing products and services that remain for sale or open for renewal, and the second date is by July 2024, whereby the Duty will come fully into force, and will apply to all closed products and services (PS22/9).

 

The following timeline has been extracted from the Policy Statement – Implementation Timetable (PS22/9):

Implementation Period
Timeline
Firms’ boards (or equivalent management body) should have agreed their implementation plans and be able to evidence they have scrutinised and challenged the plans to ensure they are deliverable and robust to meet the new standards. Firms should expect to be asked to share implementation plans, board papers and minutes with supervisors and be challenged on their contents.
End of October 2022
Manufacturers should aim to complete all the reviews necessary to meet the four outcome rules for their existing open products and services by the end of April 2023, so that they can:
• Share with distributors by the end of April 2023 the information necessary for them to meet their obligations under the Duty (e.g., in relation to the price and value, and products and service outcomes)
End of April 2023
Manufacturers should:
• Identify where changes need to be made to their existing open products and services to meet the Duty and implement these remedies by the end of July 2023
End of July 2023
The Duty will apply to all new products and services, and all existing products and services that remain on sale or open for renewal. This gives firms 12 months to implement the new requirements on the bulk of retail financial products and services, benefiting the majority of consumers
End of July 2023
The Duty will come fully into force and apply to all closed products and services. This extra 12 months will help those firms with large numbers of closed products and will also help mitigate some of the wider concerns firms raised about the difficulty of applying the Duty to these products (see Chapter 3).
End of July 2024

How should firms implement the Consumer Duty Regulation?

According to the Guidance (FG22/5), it is a firm’s responsibility to identify which policies and rules apply and what they will be required to do (FG22/5). In addition to this, the Guidance has dedicated Chapter 10, on the Culture, Governance and Accountability that the Duty sets out for firms to give their customers. This is so that firms shift their focus on customer outcomes, and to ‘review the outcomes of their customers to ensure they are consistent with the Duty’ (PS22/9).

The Guidance (FG22/5) states the following:

  • The rules require firms to ensure their strategies, governance, leadership, and people policies (including incentives at all levels) lead to good outcomes for customers. The rules also make clear that we expect customer outcomes to be a key lens for important areas, such as Risk and Internal Audit.
  • A firm’s board, or equivalent governing body, should review and approve an assessment of whether the firm is delivering good outcomes for its customers which are consistent with the Duty, at least annually.
  • Individual accountability and high standards of personal conduct in firms will ensure that firms are meeting their obligations under the Duty.

The Guidance (FG22/5) outlines four important drivers of culture that firms will need to ensure they deliver on from: Purpose; Leadership; People; and Governance. The Duty will also hold senior managers accountable via the Senior Managers & Certification Regime (SMCR) (FG22/5). A firm’s board will be responsible for the submission of a Board Report, which will be comprised of an assessment of whether the ‘firm is delivering good outcomes for its customers which are consistent with the Duty’ (FG22/5). Firms will also be required to monitor their outcomes, with a key focus of the Duty requiring firms to ‘assess, test, and understand’ and be able ‘to evidence the outcomes their customers are receiving’ (FG22/5), thus firms will be required to identify relevant sources of their data, to ensure they are consistent with meeting the obligations of the Duty, to their customers.

by Mareen Rauf

Unlocking the opportunity of vLEIs

Streamlining financial services workflows with Verifiable Legal Entity Identifiers (vLEIs)

Source: GLIEF

Trust is hard to come by

How do you trust people you have never met in businesses you have never dealt with before? It was difficult 20 years ago and even more so today. Many checks are needed to verify if the person you are talking to is the person you think it is. Do they even work for the business they claim to represent? Failures of these checks manifest themselves every day with spear phishing incidents hitting the headlines, where an unsuspecting clerk is badgered into making a payment to a criminal’s account by a person claiming to be a senior manager.

With businesses increasing their cross-border business and more remote working, it is getting harder and harder to trust what you see in front of you. How do financial services firms reduce the risk of cybercrime attacks? At a corporate level, there are Legal Entity Identifiers (LEIs) which have been a requirement for regulated financial services businesses to operate in capital markets, OTC derivatives, fund administration or debt issuance.

LEIs are issued by Local Operating Units (LOUs). These are bodies that are accredited by GLEIF (Global Legal Entity Identifier Foundation) to issue LEIs. Examples of LOUs are the London Stock Exchange Group (LSEG) and Bloomberg. However, LEIs only work at a legal entity level for an organisation. LEIs are not used for individuals within organisations.

Establishing trust at this individual level is critical to reducing risk and establishing digital trust is key to streamlining workflows in financial services, like onboarding, trade finance, and anti-financial crime.

This is where Verifiable Legal Entity Identifiers (vLEIs) come into the picture.

 

What is the new vLEI initiative and how will it be used?

Put simply, vLEIs combine the organisation’s identity (the existing LEI), a person, and the role they play in the organisation into a cryptographically-signed package.

GLEIF has been working to create a fully digitised LEI service enabling instant and automated identity verification between counterparties across the globe. This drive for instant automation has been made possible by developments in blockchain technology, self-sovereign identity (SSI) and other decentralised key management platforms (Introducing the verifiable LEI (vLEI), GLEIF website).

vLEIs are secure digitally-signed credentials and a counterpart of the LEI, which is a unique 20-digit alphanumeric ISO-standardised code used to represent a single legal organisation. The vLEI cryptographically encompasses three key elements; the LEI code, the person identification string, and the role string, to form a digital credential of a vLEI. The GLEIF database and repository provides a breakdown of key information on each registered legal entity, from the registered location, the legal entity name, as well as any other key information pertaining to the registered entity or its subsidiaries, as GLEIF states this is of “principally ‘who is who’ and ‘who owns whom’”(GLEIF eBook: The vLEI: Introducing Digital I.D. for Legal Entities Everywhere, GLEIF Website).

In December 2022, GLEIF launched their first vLEI services through proof-of-concept (POC) trials, offering instant digitally verifiable credentials containing the LEI. This is to meet GLEIF’s goal to create a standardised, digitised service capable of enabling instant, automated trust between legal entities and their authorised representatives, and the counterparty legal entities and representatives with which they interact” (GLEIF eBook: The vLEI: Introducing Digital I.D. for Legal Entities Everywhere, page 2).

 

“The vLEI has the potential to become one of the most valuable digital credentials in the world because it is the hallmark of authenticity for a legal entity of any kind. The digital credentials created by GLEIF and documented in the vLEI Ecosystem Governance Framework can serve as a chain of trust for anyone needing to verify the legal identity of an organisation or a person officially acting on that organisation’s behalf. Using the vLEI, organisations can rely upon a digital trust infrastructure that can benefit every country, company, and consumers worldwide”,

Karla McKenna, Managing Director GLEIF Americas

 

This new approach for the automated verification of registered entities will benefit many organisations and businesses. It will enhance and speed up regulatory reports and filings, due diligence, e-signatures, client onboarding/KYC, business registration, as well as other wider business scenarios.

Imagine the spear phishing example in the introduction. A spoofed email will not have a valid vLEI cryptographic signature, so can be rejected (even automatically), saving potentially thousands of £.

 

How do I get a vLEI?

Registered financial entities can obtain a vLEI from a Qualified vLEI Issuer (QVI) organisation to benefit from instant verification, when dealing with other industries or businesses (Get a vLEI: List of Qualified vLEI Issuing Organisations, GLEIF Website).

A QVI organisation is authorised under GLEIF to register, renew or revoke vLEI credentials belonging to any financial entity. GLEIF offers a Qualification Program where organisations can apply to operate as a QVI. GLEIF maintain a list of QVIs on their website.

Source: GLIEF

What is the new ISO 5009:2022 and why is it relevant?

The International Organisation of Standards (ISO) published the ISO 5009 standard in 2022, which was initially proposed by GLEIF, for the financial services sector. This is a new scheme to address “the official organisation roles in a structured way in order to specify the roles of persons acting officially on behalf of an organisation or legal entity” (ISO 5009:2022, ISO.org).

Both ISO and GLEIF have created and developed this new scheme of combining organisation roles with the LEI, to enable digital identity management of credentials. This is because the ISO 5009 scheme offers a standard way to specify organisational roles in two types of LEI-based digital assets, being the public key certificates with embedded LEIs, as per X.509 (ISO/IEC 9594-8), also outlined in ISO 17442-2, or for digital verifiable credentials such as vLEIs to be specified, to help confirm the authenticity of a person’s role, who acts on behalf of an organisation (ISO 5009:2022, ISO Website). This will help speed up the validation of person(s) acting on behalf of an organisation, for regulatory requirements and reporting, as well as for ID verification, across various business use cases.

Leading Point have been supporting GLEIF in the analysis and implementation of the new ISO 5009 standard, for which GLEIF acts as the operating entity to maintain the ISO 5009 standard on behalf of ISO.  Identifying and defining OORs was dependent on accurate assessments of hundreds of legal documents by Leading Point.

“We have seen first-hand the challenges of establishing identity in financial services and were proud to be asked to contribute to establishing a new standard aimed at solving this common problem. As data specialists, we continuously advocate the benefits of adopting standards. Fragmentation and trying to solve the same problem multiple times in different ways in the same organisation hurts the bottom line. Fundamentally, implementing vLEIs using ISO 5009 roles improves the customer experience, with quicker onboarding, reduced fraud risk, faster approvals, and most importantly, a higher level of trust in the business.”

Rajen Madan (Founder and CEO, Leading Point)

Thushan Kumaraswamy (Founding Partner & CTO, Leading Point)

How can Leading Point assist?

Our team of expert practitioners can assist financial entities to implement the ISO 5009 standard in their workflows for trade finance, anti-financial crime, KYC and regulatory reporting. We are fully-equipped to help any organisation that is looking to get vLEIs for their senior team and to incorporate vLEIs into their business processes, reducing costs, accelerating new business growth, and preventing anti-financial crime.

 

Glossary of Terms and Additional Information on GLEIF

 

Who is GLEIF?

The Global Legal Entity Identifier Foundation (GLEIF) was established by the Financial Stability Board (FSB) in June 2014 and as part of the G20 agenda to endorse a global LEI. The GLEIF organisation helps to implement the use of the Legal Entity Identifier (LEI) and is headquartered in Basel, Switzerland.

 

What is an LEI?

A Legal Entity Identifier (LEI) is a unique 20 alphanumeric character code based on the ISO-17442 standard. This is a unique identification code for legal financial entities that are involved in financial transactions. The role of the structure of how an LEI is concatenated, principally answers ‘who is who’ and ‘who owns whom’, as per ISO and GLEIF standards, for entity verification purposes and to improve data quality in financial regulatory reports.

 

How does GLEIF help?

GLEIF not only helps to implement the use of LEI, but it also offers a global reference data and central repository on LEI information via the Global LEI Index on gleif.org, which is an online, public, open, standardised, and a high-quality searchable tool for LEIs, which includes both historical and current LEI records.

 

What is GLEIF’S Vision?

GLEIF believe that each business involved in financial transactions should be identifiable with a unique single digital global identifier. GLEIF look to increase the rate of LEI adoption globally so that the Global LEI Index can include all global financial entities that engage in financial trading activities. GLEIF believes this will encourage market participants to reduce operational costs and burdens and will offer better insight into the global financial markets (Our Vision: One Global Identity Behind Every Business, GLEIF Website).

by Rajen Madan, Mareen Rauf and Thushan Kumaraswamy

John Macpherson's Interview with Leading Point

John Macpherson’s Interview with Leading Point 2022

 

 

John Macpherson was the former CEO of BMLL Technologies; and is a veteran of the city, holding several MD roles at CITI, Nomura and Goldman Sachs. In recent years John has used his extensive expertise to advise start-ups and FinTech in challenges ranging from compliance to business growth strategy. John is Deputy Chair of the Investment Association Engine which is the trade body and industry voice for over 200+ UK investment managers and insurance companies. 

by Leading Point

Leading Point and P9 Form Collaboration to Accelerate Trade and Transaction Reporting

Leading Point and P9 Form Collaboration to Accelerate Trade and Transaction Reporting

 

 

Leading Point and Point Nine (P9) will collaborate to streamline and accelerate the delivery of trade and transaction reporting. Together, they will streamline the delivery of trade and transaction reporting using P9’s scalable regulatory solution, and Leading Point's data management expertise. This new collaboration will help both firms better serve their clients and provide faster, more efficient reporting. 

London, UK, July 22nd, 2022 

 

P9’s in-house proprietary technology is a scalable regulatory solution. It provides best-in-class reporting solutions to both buy- and sell-side financial firms, service providers, and corporations, such as ED&F Man, FxPro and Schnigge. P9 helps them ensure high-quality and accurate trade/transaction reporting, and to remain compliant under the following regimes: EMIR, MiFIR, SFTR, FinfraG, ASIC, CFTC and Canadian. 

 

Leading Point, a highly regarded digital transformation company headquartered in London, are specialists in intelligent data solutions. They serve a global client base of capital market institutions, market data providers and technology vendors.  

 

Leading Point are data specialists, who have helped some of the Financial Services industry’s biggest players organise and link their data, as well as design and deliver data-led transformations in global front-to-back trading. Leading Point are experts in getting into the detail of what data is critical to businesses. They deliver automation and re-engineered processes at scale, leveraging their significant financial services domain expertise. 

 

The collaboration will combine the power of P9's knowledge of regulatory reporting, and Leading Point’s expertise in data management and data optimisation. The integration of Leading Point’s services and P9's regulatory technology will enable clients to seamlessly integrate improved regulatory reporting and efficient business processes. 

 

Leading Point will organise and optimise P9’s client’s data sets, making it feasible for P9's regulatory software to integrate with client regulatory workflows and reporting. In a statement made by Christina Barbash, Business Development Manager at Point Nine, she claims that, “creating a network of best-in-breed partners will enable Point Nine to better serve its existing and potential clients in the trade and transaction reporting market.” 

 

Andreas Roussos, Partner at Point Nine adds:

“Partnering with Leading Point is a pivotal strategic move for our organization. Engaging with consulting firms will not only give us a unique position in the market, but also allow us to provide more comprehensive service to our clients, making it a game-changer for our organization, our clients, and the industry as a whole.”

 

Dishang Patel, COO and Founding Partner at Leading Point, speaks on the collaboration: 

“We are thrilled to announce that we are collaborating with Point Nine. Their technology and knowledge of regulatory reporting can assist the wider European market. The new collaboration will unlock doors to entirely new transformation possibilities for organisations within the Financial Sector across EMEA.”   

 

The collaboration reflects the growing complexity of financial trading and businesses’ need for more automation for compliance with regulations, whilst ensuring data management is front and centre of the approach for optimum client success. Considering this, the two firms have declared to support organisations to improve the quality and accuracy of their regulatory reporting for all regimes. 

 

About Leading Point 

Leading Point is a digital transformation company with offices in London and Dubai. They are revolutionising the way change is done through their blend of expert services and their proprietary technology, modellr™. 

Find out more at: www.leadingpoint.io   

Contact Dishang Patel, Founding Partner & COO at Leading Point - dishang@leadingpoint.io  

 

About Point Nine 

Point Nine (Limassol, Cyprus), is a dedicated regulatory reporting firm, focusing on the provision of trade and transaction reporting services to legal entities across the globe. Point Nine uses its in-house cutting-edge proprietary technology to provide a best-in-class solution to all customers and regulatory reporting requirements. 

Find out more at: www.p9dt.com    

Contact Head office, Point Nine Data Trust Limited - info@p9dt.com

by Leading Point

ESG Operating models hold the key to ESG compliance

John Macpherson on ESG Risk

In my last article, I wrote about the need for an effective operating model in the handling and optimisation of data for Financial Services firms. But data is only one of several key trends amongst these firms that would benefit from a digital operating model. ESG has risen the ranks in importance, and the reporting of this has become imperative.  

 

The Investment Association Engine Program, which I Chair, is designed to identify the most relevant pain points and key themes amongst Asset and Investment Management clients. We do this by searching out FinTech businesses that are already working on solutions to these issues. By partnering with these businesses, we can help our clients overcome their challenges and improve their operations. 

 

While data has been an ever-present issue, ESG has risen to an equal standing of importance over the last couple of years. Different regulatory jurisdictions and expectations worldwide has left SME firms struggling to comply and implement in a new paradigm of environmental, sustainable and governance protocols. 

 

ESG risk is different to anything we have experienced before and does not fit into neat categories such as areas like operational risk. The depth and breadth of data and models required for firms to make informed strategic decisions varies widely based on the specific issue at hand (e.g., supply chain, reputation, climate change goals, etc.). Firms need to carefully consider their own position and objectives when determining how much analysis is needed. 

According to S&P Global, sustainable debt issuance reached a record level in 2021, and is only expected to increase further in the coming years. With this growth comes increased scrutiny and a heightened concern of so-called ‘greenwashing’, where companies falsely claim to be environmentally friendly. To combat this, participants need to manage that growth in a way that combats rising concerns about ‘greenwashing’. 

 

Investors, regulators and the public, in general, are keen to challenge large companies’ ESG goals and results. These challenges vary wildly, but the biggest seen on a regular basis range from human rights to social unrest and climate change. As organisations begin to decarbonise their operations, they face the initially overlooked challenge of creating a credible near-term plan that will enable them to reach their long-term sustainability goals.  

 

Investor pressure on climate change has historically focussed on the Energy sector. Now central banks are trying to incorporate climate risk as a stress testing feature for all Financial Services firms. 

Source: S&P Global 

Operating models hold the key to ESG transition and compliance. Having an operating model for how each of the firm’s functions intersect with ESG, requires new processes, new data, and new reporting techniques. This needs to be pulled across the enterprise, so firms have a process that is substantiated. 

 

Before firms worry about ESG scores from their market data providers, they would do well to look closely at their own operating model and framework. In this way, they can then pull in the data required from the marketplace and use it in anger. 

 

Leading Point is a FinTech business I am proud to be supporting. Their operating model system, modellr describes how financial services businesses work, from the products and services offered, to the key processes, people, data, and technology used to deliver value to their customers. This digital representation of how the business works is crucial to show what areas ESG will impact and how the firm can adapt in the most effective way.  

 

Rajen Madan, CEO at Leading Point: 

“In many ways, the transition to ESG is exposing the acute gap in firms of not being able to have meaningful dialogue with the plethora of data they already have, and need, to further add to for ESG”.  

 

modellrharvests a company’s existing data to create a living dashboard, whilst also digitising the change process and enabling quicker and smarter decision-making. Access to all the information, from internal and external sources, in real time is proving transformative for SME size businesses. 

 

Thushan Kumaraswamy, Chief Solutions Officer at Leading Point:  

“ESG is already one of the biggest drivers of transformation in financial services and is only going to get bigger. Firms need to identify the impact on their business, choose the right change option, execute the strategy, and measure the improvements. The mass of ESG frameworks adds to the confusion of what to report and how. Tools such as modellr bring clarity and purpose to the ESG imperative.” 

 

While most firms will look to sustainability officers for guidance on matters around ESG, Leading Point are providing these officers, and less qualified team members, with the tools to make informed decisions now, and in the future. We have established exactly what these firms need to succeed – a digital operating model. 

 

Words by John Macpherson — Board advisor at Leading Point and Chair of the Investment Association Engine 

 

by John Macpherson

The Challenges of Data Management

John Macpherson on The Challenges of Data Management

 

 

I often get asked, what are the biggest trends impacting the Financial Services industry? Through my position as Chair of the Investment Association Engine, I have unprecedented access to the key decision-makers in the industry, as well as constant connectivity with the ever-expanding Fintech ecosystem, which has helped me stay at the cutting edge of the latest trends.

So, when I get asked, ‘what is the biggest trend that financial services will face’, for the past few years my answer has remained the same, data.

During my time as CEO of BMLL, big data rose to prominence and developed into a multi-billion-dollar problem across financial services. I remember well an early morning interview I gave to CNBC around 5 years ago, where the facts were starkly presented. Back then, data was doubling every three years globally, but at an even faster pace in financial markets.

Firms are struggling under the weight of this data

The use of data is fundamental to a company's operations, but they are finding it difficult to get a handle on this problem. The pace of this increase has left many smaller and mid-sized IM/ AM firms in a quandary. Their ability to access, manage and use multiple data sources alongside their own data, market data, and any alternative data sources, is sub-optimal at best. Most core data systems are not architected to address the volume and pace of change required, with manual reviews and inputs creating unnecessary bottlenecks. These issues, among a host of others, mean risk management systems cannot cope as a result. Modernised data core systems are imperative to solve where real-time insights are currently lost, with fragmented and slow-moving information.

Around half of all financial service data goes unmentioned and ungoverned, this “dark data” poses a security and regulatory risk, as well as a huge opportunity.

While data analytics, big data, AI, and data science are historically the key sub-trends, these have been joined by data fabric (as an industry standard), analytical ops, data democratisation, and a shift from big data to smaller and wider data.

Operating models hold the key to data management

modellr™ dashboard

Governance is paramount to using this data in an effective, timely, accurate and meaningful way. Operating models are the true gauge as to whether you are succeeding.

Much can be achieved with the relatively modest budget and resources firms have, provided they invest in the best operating models around their data.

Leading Point is a firm I have been getting to know over several years now. Their data intelligence platform modellr™, is the first truly digital operating model. modellr™ harvests a company’s existing data to create a living operating model, digitising the change process, and enabling quicker, smarter, decision making. By digitising the process, they’re removing the historically slow and laborious consultative approach. Access to all the information in real-time is proving transformative for smaller and medium-sized businesses.

True transparency around your data, understanding it and its consumption, and then enabling data products to support internal and external use cases, is very much available.

Different firms are at very different places on their maturity curve. Longer-term investment in data architecture, be it data fabric or data mesh, will provide the technical backbone to harvest ML/ AI and analytics.

Taking control of your data

Recently I was talking to a large investment bank for whom Leading Point had been brought in to help. The bank was looking to transform its client data management and associated regulatory processes such as KYC, and Anti-financial crime.

They were investing heavily in sourcing, validating, normalising, remediating, and distributing over 2,000 data attributes. This was costing the bank a huge amount of time, money, and resources. But, despite the changes, their environment and change processes had become too complicated to have any chance of success. The process results were haphazard, with poor controls and no understanding of the results missing.

Leading Point was brought in to help and decided on a data minimisation approach. They profiled and analysed the data, despite working across regions and divisions. Quickly, 2,000 data attributes were narrowed to less than 200 critical ones for the consuming functions. This allowed the financial institutions, regulatory, and reporting processes to come to life, with clear data quality measurement and ownership processes. It allowed the financial institutions to significantly reduce the complexity of their data and its usability, meaning that multiple business owners were able to produce rapid and tangible results

I was speaking to Rajen Madan, the CEO of Leading Point, and we agreed that in a world of ever-growing data, data minimisation is often key to maximising success with data!

Elsewhere, Leading Point has seen benefits unlocked from unifying data models, and working on ontologies, standards, and taxonomies. Their platform, modellr™is enabling many firms to link their data, define common aggregations, and support knowledge graph initiatives allowing firms to deliver more timely, accurate and complete reporting, as well as insights on their business processes.

The need for agile, scalable, secure, and resilient tech infrastructure is more imperative than ever. Firms’ own legacy ways of handling this data are singularly the biggest barrier to their growth and technological innovation.

If you see a digital operating model as anything other than a must-have, then you are missing out. It’s time for a serious re-think.

Words by John Macpherson — Board advisor at Leading Point, Chair of the Investment Association Engine

 

John was recently interviewed about his role at Leading Point, and the key trends he sees affecting the financial services industry. Watch his interview here

by John Macpherson

Leading Point Shortlisted For Data Management Insight Awards

Leading Point has been shortlisted for the A-Teams Data Management Insight Awards.

Data Management Insight Awards, now in their seventh year, are designed to recognise leading providers of data management solutions, services and consultancy within capital markets.

Leading Point has been nominated for four categories:

  1. Most Innovative Data Management Provider
  2. Best Data Analytics Solution Provider
  3. Best Proposition for AI, Machine Learning, Data Science
  4. Best Consultancy in Data Management

 

Areas of Outstanding Service & Innovation

Leading Form Index: Data readiness assessment, created by Leading Point FM, which measures firms data capabilities and their capacity to transform across 24 unique areas. This allows participating firms to understand the maturity of their information assets, the potential to apply new tech (AI, DLT) and benchmark with peers.

Chief Risk Officer Dashboard: Management Information Dashboard that specifies, quantifies, and visualises risks arising from firms’ non-financial, operational, fraud, financial crime, and cyber risks.

Leading Point FM ‘Think Fast’ Application: The application provides the ability to input use cases and solution journeys and helps visualise process, systems and data flows, as well as target state definition & KPI’s. This allows business change and technology teams to quickly define and initiate change management.

Anti-Financial Crime Solution: Data centric approach combined with Artificial Intelligence technology reimagines and optimises AML processes to reduce volumes of client due diligence, reduce overall risk exposure, and provide the roadmap to AI-assisted automation.

Treasury Optimisation Solution: Data content expertise leveraging cutting edge DLT & Smart Contract technology to bridge intracompany data silos and enable global corporates to access liquidity and efficiently manage finance operations.

Digital Repapering Solution: Data centric approach to sourcing, management and distribution of unstructured data combined with NLP technology to provide roadmap towards AI assisted repapering and automated contract storage and distribution.

Leading Form Practical Business Design Canvas: A practical business design method to describe your business goals & objectives, change projects, capabilities, operating model, and KPI’s to enable a true business-on-a-page view that is captured within hours.

ISO 27001 Certification – Delivery of Information Security Management System (ISMS) & Cyber risk mitigation with a Risk Analysis Tool

by Leading Point

Leading Point have joined the SME Climate Commitment

Leading Point have joined the SME Climate Commitment

 

What is The SME Climate Hub?

The SME Climate Hub is a global collection of SMEs (small-medium enterprises) that have commited to halve emissions by 2030 and become net-zero by 2050. Included in this commitment is to report on progress yearly. 

The SME Climate Hub is a network that supports SMEs on this vital net-zero journey.

 

Why we joined:

Leading Point is pleased to announce that we have joined the UN-backed SME Climate Commitment and formally committed to being net-zero in carbon emissions by 2030 (in advance of the minimum target of 2050).

We have joined the community of UK businesses tackling climate change through the SME Climate Hub. With their support, we will understand, track, and make strategic, impactful emission reductions to achieve our target of being a net-zero business by 2030.

Leading Point is committed to having a responsible, sustainable, and transparent operating model. We are excited to collaborate with other businesses on this scheme, and implement a business climate strategy using the tools created by Normative, CDP, Business for Social Responsibility (BSR™), and the University of Cambridge Institute for Sustainability Leadership (CISL).

We are proud to be taking the lead on climate action with the SME Climate Hub community and will be fully transparent with our progress.

 

Words from our Founding Partner and Chief Sustainability Officer, Thushan Kumaraswamy:

“Committing to a net-zero target is the right thing to do for the planet. It is also a bold statement for a growing startup. I want Leading Point to be at the forefront for fintechs who are making a climate change difference. As we grow, our impact on the environment naturally increases. I am excited to find the best ways to mitigate those impacts and share those findings with our peers.”

 

Words from our ESG Associate, Maria King:

Climate change presents both potential risks and potential opportunities for businesses. Small to medium-sized enterprises (SMEs) account for 90% of business worldwide. However, only a small portion of these report on their emissions due to costs and complexity.”

 

Who we are:

Leading Point is a fintech specialising in digital operating models. We are revolutionising the way operating models are created and managed through our proprietary technology, modeller™, and expert services delivered by our team of specialists.

 

by Leading Point

What COP26 means for Financial Services

What COP26 means for Financial Services

 

 

Many have proclaimed COP26 as a failure, with funding falling short, loose wording and non-binding commitments. However, despite the doom and gloom, there was a bright spot; the UK’s finance industry.

Trillions need to be invested to achieve the 1.5 degrees target, but governments alone do not have the funds to achieve this. Alternative sources of finance must be found, and private investment needs to be encouraged on all fronts to, ‘go green’. Looking at supply-side energy alone, the IPPC estimates that up to $3.8 trillion needs to be mobilised annually to achieve the transition to net-zero by 2050.

The UK led from the front in green finance, introducing plans to become the world’s first net-zero aligned financial centre. New Treasury rules for financial institutions, listed on the London Stock Exchange, mean that companies will have to create and publish net-zero transition plans by 2023, although the full details are yet to be announced. These plans will be evaluated by a new institution, but crucially, are not mandatory. The adjudicator of the investment plans will be investors. Although some argue the regulation could be stronger, just like national climate targets, once there are institutions publishing their alignment with net-zero, there is a level of accountability that can be scrutinised and a platform for comparison which encourages competition. Anything stronger could have pushed investment firms into less-regulated exchanges.

Encouragingly, the private sector showed strong engagement, with nearly 500 global financial services firms agreeing to align $130 trillion — around 40% of the world’s financial assets — with the goals set out in the Paris Agreement, including limiting global warming to 1.5 degrees Celsius.

From large multinational companies, to small local businesses, the summit provided greater clarity on how climate policies and regulations will shape the future business environment. The progress made, on phasing out fossil fuel subsidies and coal investments, was a clear signal to the global market about the future viability of fossil fuels. It will now be more difficult to gain funding to expand existing or build new coal mines. Over time, this adjustment will have wider impacts on the funding of other polluting industries.

This new framework will give the private sector the confidence and certainty it needs to invest in green technology and green energy. Renewable energy is already the cheapest form of energy in 2/3 of the world. This reassurance will be crucial in driving the economies of scale we need, within the renewable energy industry.

A truly sustainable future is still a long way off. The private sector will still invest in fossil fuels, new regulations will cause challenges, and ESG remains optional; but initial signals from COP26 show that the future of the world is looking green.

 

By Maria King — ESG Associate at Leading Point

 

Who we are:

Leading Point is a fintech specialising in digital operating models. We are revolutionising the way operating models are created and managed through our proprietary technology, modellr™, and expert services delivered by our team of specialists.[/vc_column_text][/vc_column][/vc_row]

by Maria King

Arx Alliance Cyber Security Newsletter #1

Arx Alliance Cyber Security Newsletter

Originally published October 4, 2021 at ARX 

 

Welcome to our inaugural newsletter! Thank you for taking the time to spend a few minutes with us as we discuss the world of cybersecurity and try to share interesting stories, perspectives, and news. Those who know us already will know we are a massive advocate for the ‘little guy’ and feel more needs to be done to help create visibility, transparency, and increased education for SMEs who would otherwise not be in a position to combat or even manage an ever-worsening world of cyber. Therefore, we genuinely hope this monthly sharing of information will help organisations, both small and large, better understand and therefore manage their respective landscapes when it comes to cybersecurity and supply chain risk management.

Modern day cyber attacks

Let me first begin with a question: how many companies out there (regardless of size) believe they are immune to a cyber-attack? In my humble opinion, the simple answer is a big fat zero! Size clearly does not play a role in an organisations ability to avoid attacks which has been proven time and again as some of the largest tech companies in the world have fallen victim on multiple occasions. It therefore won’t surprise many that more than 90% of industrial companies are open to cyber-attacks. Perhaps this is due to their perceived lack of industrial organisations being tech-savvy. One such (worrying) stat was that “…penetration testers gained access to the industrial control systems (ICS) networks at 75% of these companies“. Let’s also not forget, these are often large organisations who demand and work with a large network of suppliers therefore potentially resulting in a knock-on effect that no one would want to experience. Some eye-opening & eye-catching stats within which are worth a read!

There are of course plenty of preventative measures available (but as mentioned above, unfortunately not accessible for all) however, as the old adage goes look close to home first and foremost to begin addressing issues. But what does this actually mean in a practical sense?! It’s not as complicated as it might sound at first with six basic things one can do to prevent being hacked. Changing personal behaviours will not only help individuals in their usage of personal devices but also when using company infrastructure. For instance, using free to use authenticator tools by turning on two-/multi-factor authentication and using a password manager would be two great steps to get us all started.

The importance of multi-factor authentication and strong passwords seems obvious but is regularly overlooked by the masses. This helps protect data, devices, and systems from unauthorised access. There have been many examples of poor password strength being used repeatedly including the use of the same ‘weak’ passwords for most (if not all) access. Let’s not forget, hackers are continually upping their game to ensure they can access what we don’t want them to; therefore, meaning we have to continually up our game too to stay one- step ahead. A simple change in approach of regular password changes and the use of password managers to help generate random passwords would make a material difference in this line of defence.

What are sniffing attacks?

It is important the industry terminology and acronyms don’t put people off from exploring approaches and solutions to addressing cyber issues. This not only helps cut through the jargon but also results in the basic measures being put into place for what’s (at some point inevitably) to come. Sniffing attacks is one such term that is gaining prominence among cybercriminals today to steal customer data and compromise network security.

To put into perspective exactly how much cyber criminals are raising their game, it might surprise you to know that these attacks are not at all random and opportunistic as one might think. There is a whole ecosystem where hackers can actually purchase access to victims’ networks from other cybercriminal groups and initial access brokers (IABs). Attackers are so savvy they have lists based on Geography, Revenue, Sectors, and Access Type which they are explicitly looking for in terms of vulnerabilities to target. This has gone so far that its even has a mainstream and very much identifiable name: Ransomware- as-a-Service (RaaS) with pricing far outweighed by the potential of payouts.

It is therefore no surprise that the cyber security industry is combatting people burnout! The ‘defenders’ of the peace are not only inundated but often the unsung heroes as their visibility is reduced the better the job they perform. This is of course due to increased cybercriminal sophistication which in turn means things need to change with some practice changes including investing in solutions that empower these teams to detect and stop attacks. The added ability to provide non-IT jargon-based management reports would be a massive plus to these individuals in helping to facilitate decision making at the very top. This approach will in turn promote a proactive and preventative strategy rather than fire-fighting once the problem has landed on their doorstep. Some food for thought!

Prevention and education!

Words by Dishang, COO Arx Alliance, COO Leading Point 

 

by Dishang Patel

How To Sustainably Return To The Office & Incorporate ESG

How To Sustainably Return To The Office & Incorporate ESG

 

Freedom has engulfed the UK since the 19th of July, with restrictions and masks now being a choice, this means the penultimate move back to the office is looming, or already loomed for many of us. After a yearlong hiatus from the bustle of office life, it is time to up our ESG game. If you’re unfamiliar with ESG (Environmental, Social and Governance), there’s no better time than now to learn. More and more businesses are adopting ESG solutions in the hopes of bettering themselves, or simply, to keep up with the times. According to The Cone Communications Millennial Employee Study, 64% of millennial workers won’t take a job if the business does not have a strong corporate social responsibility (CSR) or ESG policy (1). Studies such as these reflect the traction ESG is generating, and why companies like us are so passionate about driving it.

Ways of working have fundamentally changed, and as companies navigate this, they have the chance to ensure that the environmental aspect of ESG is not only theoretical, but implemented into their everyday ways of working. SMEs are now using significantly more electricity than they need to, i.e., a small business uses an average of 15,000-25,000 kWh per year in the UK (2). To put those numbers into perspective, the average UK household consumes 3,731 kWh per year (3), and although an office accommodates more than a typical family home would, these figures are undeniably excessive.

Returning to the office after numerous COVID-19 lockdowns gives the feeling of a fresh start. We now have a chance to create a more carbon-neutral workplace that uses less energy, produces less waste, and benefits the overall welfare of staff. Cutting your office’s electricity consumption has endless benefits, from relieving the environment of greenhouse gasses and fossil fuels to reducing the costs associated with running your firm.

2021 will see a surge in policymakers taking action to manage and measure the climate crisis, but the key question is, how will you respond?

Improve your green credentials with these 3 simple steps:

1. Reduce your carbon footprint through your transport choices take public transport, walk, or cycle. Even carpool if possible!

2. Support your local businesses – eat lunch near the office, go to local pubs after work. This reduces the energy exuded from delivery services and travel.

3. Lower your office's electricity consumption:

i) Open windows instead of using air conditioning.

ii) Minimise artificial lighting – during daylight, open blinds instead of using bulbs.

iii) Use energy-saving bulbs – switching to LEDs could save you 85% on your lighting costs according to EON (4).

iv) Install motion sensors to control lighting in certain rooms – ensures that lights are not left on needlessly.

v) Switch off computer workstations at the end of the day – reduces electricity consumption from appliances.

vi) Reduce paper wastage – print only when necessary.

vii) Consider micro-generation (small-scale production of heat and/or electricity from a low carbon source, i.e., solar panels).

viii) Book a commercial energy audit – quantify your firm's environmental impacts.

Keeping in line with the ever-changing rules, our team have slowly and recently migrated back to the office. ESG is a huge part of our service lines and overall ethos, therefore implanting green habits upon the return to the office was hugely important. ESG expert, Ziko Townsend, who has written several pieces on the importance of ESG, lets us in on how he has successfully, sustainably, returned to the office.

“I try to do the simple things. Walk as much as possible where I can, bring my own mugs for coffee and water, and try to recycle as much as I can at home and in the office.”

As you can see, there are tonnes of small ways, to make a big impact. We are in a unique situation in the work force right now that is giving us the opportunity to reset, change old habits and form new ways of everyday working. So, leave your pre-pandemic office habits in 2020, and use your new freedom to adopt some of the above suggestions upon your return to the office.

If you would like to learn more about Leading Point and how we help businesses manage change, you can reach us here.

By Nadyah Ibrahim - Marketing and Communications Executive

 

by Nadyah Ibrahim

The Great Crypto-ESG Debate

The Great Crypto-ESG Debate

In my 13 years of finance, I’ve never quite encountered anything like this current trading environment. That’s taking into account a global financial crisis, a European debt crisis, a “flash crash”, and various other bits of absolute market turmoil and panic. Specialising in ESG investing has allowed me to strengthen my investment management craft in a way I have not been able to previously. It has been riveting to see the extent to which sustainability issues have affected the market’s views on different securities. As exciting as ESG considerations are, they seem relatively boring in comparison to cryptocurrency issues. As fate would have it, the two have recently become juxtaposed, and this provides an opportunity for some interesting views on where ESG and Cryptocurrency issues go from here.

So, what is cryptocurrency?

Cryptocurrency (as I understand it) is a decentralised vehicle for conducting various financial transactions, similar to the way money works, but in a much less conventional sense. What is untraditional about cryptocurrencies is that they operate through blockchain technology (BCT) rather than more orthodox mediums such as banks. This BCT is supposed to enable greater transparency and safety for the transacting parties. The creators of cryptocurrencies, also known as miners, use computational powers to solve complex algorithms and produce tokens. These tokens can then be bought, sold, and traded as needed.

ESG takes into account environmental, social and good governance factors in business decision making. At Leading Point, we have recently published our ESG Rationale and Action plan; read about them here.

The issue

One of the tenets of ESG is environmental sustainability. In recent years, there has been a monumental move in thinking towards climate change and the overall impact on human life. As a result, there has been a concurrent shift in businesses becoming more sustainable. This dynamic shift in thinking is unlikely to reverse.

One of the criticisms of the cryptocurrency mining process is that it tends to use a staggering amount of energy. For example, Cambridge University suggests that generating Bitcoin requires more power annually than powering Argentina. Higher electricity usage translates to higher CO2 production, which naturally is a big no-no in the ESG space. Of course, in a cruel twist of irony, there have been reports that the production of conventional forms of fiat currency (e.g. gold and copper) surpasses Bitcoin. Still, this has not slowed down the most recent criticism of cryptocurrencies. Many have argued that we cannot achieve greater efficiency in sustainability and increased cryptocurrency dominance at the same time.

The role that technology is playing in transforming the ESG market is well-documented. Meanwhile, BCT has seen higher usability across several sectors. So, the question is; where do we go from here in the great ESG vs Crypto debate?

There will be a sharper focus on the sustainability of cryptocurrency mining.

From its peak (at the time of writing), Bitcoin has fallen by more than 40% after Elon Musk (long time Bitcoin advocate and environmentalist) announced that Tesla would no longer be accepting Bitcoin as payment due to environmental concerns about its heavy energy use. Cardano, regarded as a much more sustainably mined cryptocurrency, has increased roughly 70% between May 2nd and May 16th as its executives have made moves to have Tesla replace Bitcoin with its offering. At Leading Point, we expect investors to continue to weigh sustainability and efficiency vs the popularity of various types of cryptocurrencies. As an asset class, cryptocurrencies will invariably come under greater regulatory scrutiny.

There will be increased volatility in the cryptocurrency market.

Investor discernment over sustainability will lead to higher volatility in cryptocurrency markets. This scrutiny adds to a trading dynamic that is already highly volatile.

ESG will continue to present moral and ethical dilemmas

If you’ve ever spoken to a very opinionated climate change activist, they may have been the type of person who wants to shut down fossil fuel production worldwide. While this would have immediate environmental benefits, there would be substantial human costs. No more fossil fuels would immediately put thousands out of work. At the same time, we’d also need massive infrastructural investment across the globe to ready ourselves thoroughly for new energy inputs. As one can imagine, there are numerous considerations.

As the world moves towards a more sustainable and responsible future, we view businesses as active participants rather than judging them as being “good or bad” in an ESG sense. At Leading Point, we have committed to using our expertise across many industries to help organisations address their stewardship needs. My most recent article talks on this in detail, exploring stewardship and ESG solutions, and why it will always matter, especially in 2021, read more here.

Summary

ESG vs Cryptocurrency is a debate that is growing in importance. We expect that this will reflect increased volatility and greater regulatory scrutiny.

by Thushan Kumaraswamy

How Startups Can Increase Employee Freedoms Without Losing Control

 

How Startups Can Increase Employee Freedoms Without Losing Control

 

Introduction from Leading Point:

We love collaboration here at Leading Point and we are lucky enough to have some great clients and partners that feel the same. We work with some similar like-minded start-ups that share some of the same challenges and adventures as us. Below is a brilliantly informative article by our friends at Spendesk, explaining how startups can successfully create a positive working environment for their employees through trust and freedom. At Leading Point, this is something we firmly embody. Forging strong, meaningful relations is how we deliver our services, and without a satisfied, confident team, this simply can't be done. If you're a startup, and increasing employee freedoms without losing control is something your company is in need of, don’t fret, this piece will provide great tips on how to apply some quick and easy changes to make team building better and brighter for everyone. Overall, we are delighted to be office neighbours with Spendesk, and are looking forward to some more collaborations in the future. Watch this space!

Words by Ellen Masterson:

Every employer wants their team to be happy, efficient, and effective. Most recognise that the vast majority make good decisions and don’t need to be micromanaged. 

And yet, because of concerns about risk and compliance, many companies create hurdles that slow down their teams and take power away from actors. 

As HBR explains, “executives have trouble resolving the tension between employee empowerment and operational discipline. This challenge is so difficult that it ties companies up in knots. Indeed, it has led to decades’ worth of management experiments, from matrix structures to self-managed teams.”

Today, we have bad solutions to legitimate concerns. The answer to a need for process security isn’t to restrict access - it’s to create more secure processes. And as we’ll see, that doesn’t have to be complex. 

In this article, we’ll explore the reasons why companies struggle allowing freedom, and how a few simple shifts can make all the difference. 

What prevents employee freedoms today?

Before getting to the positive actions all businesses can take, let’s start by identifying why employees may not have the freedom they need to excel.

Here, we’re talking about two kinds of freedom: 

  • Freedom to make decisions and shape their own work scope and projects;
  • Freedom from excessive administrative and managerial pressure.

Together, these lead to more productive employees, a happier work environment, and faster growth.

In particular, we can look at two crucial causes.

A systemic lack of trust

This is fundamental. Many businesses simply aren’t structured to let team members think for themselves. Every decision must be scrutinized, and every action needs sign-off. 

Of course, some micromanaging is always to be expected. And some actions really do need sign-off. But many don’t, and it’s vital to consider the cost of always putting the breaks on as team members push forward.

A few simple questions to ask: 

  • Are our employees free to do their best work?
  • Are the rules we have in place helping, or hurting?
  • Can we trust our teams to make the right decisions, without always second guessing?

As we’ll see, there are plenty of positive ways to remove hurdles without losing control over what really matters. 

Closed-off systems and gatekeepers

Aside from the broad principle that employees should be free to make choices, there are common corporate practices that limit freedom - and not always for good reasons. Whether there’s limited institutional knowledge or a lack of trust, we make certain people responsible for processes, and lock everyone else out. 

A few examples: 

  • Key business data is only accessible by executive leadership. New revenue, customer churn, and average deal size can all help employees make smarter decisions. But many simply don’t have access. 
  • Corporate credit cards belong to a few select managers. This makes it very hard for anyone else to spend company money, creates hurdles, and slows down business. 

Today, we have ways to give employees more hands-on access to these processes without creating new risks or losing control. Let’s take a look at these now. 

How to increase freedom while retaining control

We have what seem to be two conflicting objectives. But employee freedom and organisational freedom can certainly co-exist. Just follow these four principles. 

1. Recognise trust as a core company value

If you want employees to feel free to do their best work, you obviously need to trust them to do so. What’s more, they need to know that they’re trusted to make decisions. This is empowering. 

Which means that trust needs to be enshrined as a company value. Many startups are now taking the time to carefully craft their culture code - this is seen as vital to startup success. It’s also hugely important in the hiring process, and helps you keep employees around for longer. 

So one way or another, trust needs to be in there. At Spendesk, for example, one of our core values is ownership. Each employee owns their scope and is empowered to make decisions. Which is another way of saying that the company trusts us. 

2. Build systems that everyone can use

We mentioned above the trouble with having closed-off systems. This manifests itself in two main ways: 

  1. Systems are so complex that only those with specific skills can use them;
  2. Most employees literally cannot access them - they lack the permissions or the tools to do so.

And of course, there is occasionally good reason for this. Average employees shouldn’t have access to the company bank account, for example. Which leads many finance teams to believe they need control over all spending. Or that only managers should have the right to spend company money. Neither of which are true. 

Instead, you need systems that guide employees, set out limits and rules, and prevent them from making costly mistakes. Team members are free to make choices, just within certain parameters.

One example is replacing company credit cards and expense claims with more tailored spend management solutions. These let you set the rules per employee or team, create spending limits, and require managerial approval above certain thresholds. 

So there you have full control. But employees have their own access - they don’t need to come begging for the corporate card - and finance teams don’t have to hold people’s hands throughout. The software guides them through each payment.

That was one just one example. But similar systems exist for HR and payroll, invoice processing, accounting, and a wide array of other corporate procedures. 

3. Speak in plain language

Another simple error that many companies make is in communication. If you make policies harder to understand than they need to be, you actually reduce the likelihood that teams follow them. Which then leads to two outcomes: 

  1. Reduced control, since people aren’t following the rules you create;
  2. Slower outcomes, because a manager or finance team member has to explain every transaction to employees one-to-one.

So the simple and impactful choice here is to ensure that internal policies and processes can be followed with no intervention. In practice, this means: 

  • No lengthy policy documents. The more you trust your team, the shorter you can make your travel and expense policy, for example. 
  • Keep jargon to a minimum. Documents should be easy to understand.
  • Build policies into processes. Even better than cross-referencing policy documents is to have them actually built-into systems. Assume that people haven’t read the document, so have systems that guide them through the process and keep them within boundaries.
  • Communicate clearly and repeat yourself. At a higher level, company values and expectations should be expressed openly and reiterated often. 

Overall, don’t confuse freedom with a lack of rules. Employees need the freedom to make choices within clearly set boundaries. Knowing what’s expected and allowed is freeing.

4. Remove obvious administrative hurdles

One clear impediment to freedom is creating hurdles and hoops to jump through. If employees can’t work smoothly and independently - and are always catching up on paperwork - it’s hard to say that they’re operating freely

But we can’t remove all admin for good. Instead, here are principles to make processes as painless as possible, while still maintaining compliance and control.

  • Go paperless. The very act of filing a form by hand, only to digitize it later adds time and effort. Replace all paper-based systems with digital-first alternatives, and things will move faster and freer.
  • Make processes and data easy to find. Employees should be able to answer their own questions and find solutions quickly. Otherwise, you’re forcing them to rely on others - usually HR and finance teams - which can quickly lead to interpersonal issues.
  • Make approvals fast and efficient. Purchases will usually need a manager’s approval. As will other areas of compliance. Make this smoother with automated approval workflows, and with systems that track approvals asynchronously. In other words, it shouldn’t require an email chain to find out who approved a particular transaction. Build this into your systems. 

We often think of admin as a necessary evil if we want to keep control and compliance. But you can have free-flowing, fast processes without creating unnecessary roadblocks along the way. 

Conclusion

As mentioned above, it’s natural to micromanage and to seek control over company decisions. But it’s not good. You’ve hired team members for their skills and ingenuity, so why would you restrict their use of them?

Brian Carney and Isaac Getz offer this example of a liberated company’s manager: “When her team shares a problem or an opportunity with her, she will not offer a solution. Instead, she asks them to find their own—after ensuring that there isn’t something she’s doing that would get in the way.”

For some businesses, achieving liberated company status would be a tectonic shift. It’s a worthwhile project, but one that will take years and plenty of soul searching.

But we’ve seen examples above of precise, easy-to-implement changes that have profound effects. Start with a few of these, and gradually work towards becoming a company that puts employee trust on a par with corporate control. 

After all, the two can naturally co-exist with no issue.

 

Author:

Ellen Masterson: Ellen Masterson is a UK and Ireland market expert at Spendesk, where she helps startups and scaleups establish simple yet robust spend management processes.

by Thushan Kumaraswamy

Stewardship Always Matters: 3 reasons why ESG is here to stay

It’s difficult to imagine a world without ESG. It certainly feels like it’s all anyone talks about now. It seems like everyone is covering it. Here’s Matthew, who has just become an ESG Consultant. There’s Annie, who completed her CFA Level 4 ESG-Investing certificate. And Jason, who has a daily blog post covering the top 10 largest US companies’ efforts concerning ESG.

It’s understandable that some of us are experiencing a level of “ESG-fatigue” as we continue to be washed in news, updates, regulations and content. But none of this is without good reason. All this is to preserve our quality of life as a species, and it will take herculean efforts spanning all across the globe in EVERY industry.

ESG is a relatively new term (reportedly coined in the early to mid-2000s after the now famous ‘Who Cares Wins’ conference). However, “stewardship” is not. The word ‘steward’ is derived from an old English saying describing an estate’s guardian; charged with ensuring the safety of the estate’s asset.

ESG factors can be traced as far back as the 17th and 18th century; when Methodists and Quakers set out guidelines for their followers about which companies they should invest in (this is the first recording “exclusionary screen”). Via advancements such as the Sullivan Principles in the 1970s (two guidelines that sought to bring economic pressure on ending apartheid in South Africa) and the growth of impact/social investing through the 1980s and 2000s, we find ourselves at a tipping point of what can overall be categorised as a stewardship revolution. But what makes this more than just another passing cloud?

1. Greater political and regulatory commitment

In April of this year, the US President, Joe Biden, hosted a virtual two-day summit where both the US and the EU pledged to cut carbon emissions by 50% by 2030. In the UK, the Task Force for Climate-Related Financial Disclosures (TCFD), has engaged in consultation to bring all large UK firms into regulation. This is regarding their governance, strategy, risk management and metrics and targets, as they relate to carbon emission reductions. It comes into effect by 2022. Japan has been steadily trying to incorporate higher diversity, inclusion and ESG into corporate governance codes. Similar efforts are being made in China and Korea.

It’s clear that there is already a buy-in from “the top”. We predict stricter ESG regulatory frameworks going forward, affecting both smaller and larger companies alike. We believe businesses should prepare for this eventuality sooner rather than later.

2. Greater efforts to standardise disclosures

One of the pain points in the ESG market is that data is often incomparable. The levels of disclosure differ by company, industry and geography. Additionally, among ESG research companies, there are differing views of levels of materiality (a crucial aspect of ESG incorporation) which has led to differing opinions on firms’ ESG readiness. It is widely accepted that industry ESG scores correlate somewhere between 0.3 and 0.5. Recently, The International Integrated Reporting Council (IIRC) and the Sustainability Accounting Standards Board (SASB) announced a 2021 merge into a unified organisation, The Value Reporting Foundation. This is intended to simplify sustainability reporting disclosures for companies and investors alike.

We think this represents a turning point in how companies and investors will be able to assess risk and opportunities; opening the doors for greater global collaboration on solving complex yet common ESG issues.

3. Technology opening new doors

Blockchain technology has a range of applications in the ESG market, e.g. enabling companies to more quickly identify instances of money laundering and bribery (higher governance); to playing a major part in data security and privacy. There has been a higher use of AI and other forms of technology to aid the ESG-data integration process. While there is some discrepancy as to the view of how intense technology exacerbates the climate change issue, there is a range of applications that technology can play in improving our current, and future quality of life.

We expect to see soaring use of tech in the ESG landscape going forward, as companies explore ways of becoming more efficient in executing their stewardship frameworks and action plans.

Summary

There always was and continues to be room for stewardship in every business model. In that vein,

by Thushan Kumaraswamy

GDFM & Leading Point Partnering for Smarter Regulatory Health Management

GDFM and Leading Point collaborate to deliver innovative and efficient regulatory risk management to our clients and through the SMART_Dash product; enabling consistent, centralised, accessible regulatory health data to assist responsible and accountable individuals with ensuring adequate transparency, for risk mitigation decision making and action taking.  This is complemented by a SMART_Board suite for Board level leadership and a more detailed SMART_Support suite for regulatory reporting teams.

We are delighted that SMART_Dash has been shortlisted in 3 categories in this year's prestigious RegTech Insight Awards in Europe, which recognises both established solution providers and innovative newcomers, seeking to herald and highlight innovative RegTech solutions across the global financial services industry.

GD Financial Markets Head of Regulatory Compliance Practice and SMART_Dash Co-creator Sarah Peaston "Centralised, consolidated, consistent regulatory health transparency and tracking is key to identifying and managing regulatory and operating risk.  I am delighted that SMART_Dash has been recognised as a new breed of solution that practically assists Managers, Senior Managers and Leadership with managing their regulatory health through the provision of the right information, at the right level to the right seniority”.

Leading Point CEO Rajen Madan "Our vision with SMART_Dash is to accelerate better regulatory risk management approaches and vastly more efficient RegOps. As financial services practitioners we are acutely aware of the time managers spend trying to make sense of their regulatory and operating risk areas from a multitude of inconsistent reports. SMART_Dash enables the shift to an enhanced way of risk management, which creates standardisation and makes reg data work for your business. We are very grateful to the COO, CRO and CFOs whom have contributed to its development and help the industry move forward”.

GDFM and Leading Point are rolling out the SMART_Dash suite to the first set of industry consortium partners progressively in H1 2021, and thereafter open to a wider set of institutions.

by Rajen Madan

The Composable Enterprise: Improving the Front-Office User Experience

[et_pb_section fb_built="1" _builder_version="4.4.8" min_height="1084px" custom_margin="16px||-12px|||" custom_padding="0px||0px|||"][et_pb_row column_structure="2_3,1_3" _builder_version="3.25" custom_margin="-2px|auto||auto||" custom_padding="1px||3px|||"][et_pb_column type="2_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_social_media_follow url_new_window="off" follow_button="on" _builder_version="4.4.8" text_orientation="left" module_alignment="left" min_height="14px" custom_margin="1px||5px|0px|false|false" custom_padding="0px|0px|0px|0px|false|false" border_radii="on|1px|1px|1px|1px"][et_pb_social_media_follow_network social_network="linkedin" url="https://uk.linkedin.com/company/leadingpoint" _builder_version="4.4.8" background_color="#007bb6" follow_button="on" url_new_window="off"]linkedin[/et_pb_social_media_follow_network][/et_pb_social_media_follow][et_pb_image src="https://leadingpointfm.com/wp-content/uploads/2020/10/cloud-based-services.png" title_text="cloud-based-services" align_tablet="center" align_phone="" align_last_edited="on|desktop" admin_label="Image" _builder_version="4.4.8" locked="off"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.4.8"][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_font="||||||||" text_font_size="14px" text_line_height="1.6em" header_font="||||||||" header_font_size="25px" width="100%" custom_margin="10px|-34px|-5px|||" custom_padding="16px|0px|5px|8px||" content__hover_enabled="off|desktop"]

By Dishang Patel, Fintech & Growth Delivery Partner, Leading Point Financial Markets.

The past six months have by no means been a time of status quo. During this period of uncertainty, standards have been questioned and new ‘norms’ have been formed.

A standout development has been the intensified focus on cloud-based services. Levels of adoption have varied, from those moving to cloud for the first time, to others making cloud their only form of storage and access, and with numerous ‘others’ in between.

One area affected adversely (for those who weren’t ready) but positively (for those who were) is software. ‘Old-school’ software vendors – whose multi-million-pound solutions were traditionally implemented on premise at financial institutions, whether as part of a pure ‘buy’ or broader ‘build’ approach – have worked hard to offer cloud-based services.

The broad shift to working from home (WFH) as a result of the Covid-19 pandemic has tested the end-user experience all the way from front to back offices in financial institutions. Security, ease of access and speed are all high on the agenda in the new world in which we find ourselves.

The digitisation journey

With workforces operating globally, it is difficult to guarantee uniform user experiences and be able to cater for a multitude of needs. To achieve success in this area and to ensure a seamless WFH experience, financial institutions have moved things up a level and worked as hard as software providers to offer cloud-based solutions.

All manner of financial institutions (trading firms, brokerages, asset managers, challenger banks) have been on a digitisation journey to make the online user experience more consistent and reliable.

Composable Enterprise is an approach that those who have worked in a front office environment within financial services may have come across and for many could be the way forward.

 

Composable Enterprise: the way forward

Digitisation can come in many forms: from robotic process automation (RPA), operational excellence, implementation of application-based solution, interoperability and electronification. Interoperability and electronification are two key components of this Composable Enterprise approach.

Interoperability – whether in terms of web services, applications, or both –  is an approach that can create efficiencies on the desktop and deliver improved user experience. It has the potential to deliver business performance benefits, in terms of faster and better decision making with the ultimate potential to uncover previously untapped alpha. It also has two important environmental benefits:

1) Reducing energy spend;

2) Less need for old hardware to be disposed of, delivering the reduced environmental footprint that organisations desire.

Electronification, for most industry players, may represent the final step on the full digitisation journey. According to the Oxford English Dictionary, electronification is the “conversion to or adoption of an electronic mode of operation,” which translates to the front office having all the tools they need to do their jobs to the best of their ability.

The beauty of both interoperability and electronification is that they work just as well in a remote set up as they do in an office environment. This is because a good implementation of both results in maximising an organisation’s ability to use all the tools (trading platforms, market data feeds, CRMs, and so on) at their disposal without needing masses of physical infrastructure.

Because of the lower barriers (such as time and cost) of interoperability, financial institutions should start their digitisation journeys from this component and then embark on a larger and more complicated move to electronification.

Composable Enterprise is about firms being able to choose the best component needed for their business, allowing them to be more flexible and more open in order to adapt to new potential revenue opportunities. In these challenging times, it is no surprise that more and more financial institutions are adding Composable Enterprise as a key item on their spending agenda.

 

 

 

 

[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px||0px|||"]

"The broad shift to working from home as a result of the Covid-19 pandemic has tested the end-user experience all the way from front to back offices in financial institutions."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px|||||"]

"It has the potential to deliver business performance benefits, in terms of faster and better decision making with the ultimate potential to uncover previously untapped alpha."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="427px|||||" custom_padding="1px|||||"]

"The beauty of both interoperability and electronification is that they work just as well in a remote set up as they do in an office environment."

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="3.22.3" animation_style="fade" locked="off"][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_team_member name="Dishang Patel" position="Fintech & Growth Delivery Partner" image_url="https://leadingpointfm.com/wp-content/uploads/2020/03/dishang.2e16d0ba.fill-400x400-1.jpg" _builder_version="4.4.8" link_option_url="mailto:dishang@leadingpoint.io" hover_enabled="0" admin_label="Person" title_text="dishang.2e16d0ba.fill-400x400"]

Responsible for delivering digital FS businesses.

Transforming delivery models for the scale up market.

[/et_pb_team_member][et_pb_text admin_label="Contact Us" module_class="txtblue" _builder_version="3.27.4" text_font="||||||||" link_font="||||||||" ul_font="||||||||" text_orientation="center"]

Contact Us

[/et_pb_text][et_pb_text admin_label="Form" _builder_version="3.27.4"][formidable id=2][/et_pb_text][et_pb_code admin_label="Social media icons" module_class="form" _builder_version="3.19.4" custom_margin="0px||0px" custom_padding="0px||0px"]

[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section]

by Thushan Kumaraswamy

Information Security in a New Digital Era

[et_pb_section fb_built="1" _builder_version="4.4.8" min_height="1084px" custom_margin="16px||-12px|||" custom_padding="0px||0px|||"][et_pb_row column_structure="2_3,1_3" _builder_version="3.25" custom_margin="-2px|auto||auto||" custom_padding="1px||3px|||"][et_pb_column type="2_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_social_media_follow url_new_window="off" follow_button="on" admin_label="Social Media Follow" _builder_version="4.4.8" text_orientation="left" module_alignment="left" min_height="14px" custom_margin="1px||5px|0px|false|false" custom_padding="0px|0px|0px|0px|false|false" border_radii="on|1px|1px|1px|1px"][et_pb_social_media_follow_network social_network="linkedin" url="https://uk.linkedin.com/company/leadingpoint" _builder_version="4.4.8" background_color="#007bb6" follow_button="on" url_new_window="off"]linkedin[/et_pb_social_media_follow_network][/et_pb_social_media_follow][et_pb_image src="https://leadingpointfm.com/wp-content/uploads/2020/09/infosec.jpg" title_text="infosec" align_tablet="center" align_phone="" align_last_edited="on|desktop" admin_label="Image" _builder_version="4.4.8" locked="off"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.4.8"][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text admin_label="Text" _builder_version="4.4.8" text_font="||||||||" text_font_size="14px" text_line_height="1.6em" header_font="||||||||" header_font_size="25px" width="100%" custom_margin="10px|-34px|-5px|||" custom_padding="16px|0px|5px|8px||" content__hover_enabled="off|desktop"]

Shifting priorities

 

The 2020’s pandemic, subsequent economic turmoil and related social phenomena has paved the way for much-needed global digital transformation and the prioritisation of digital strategies. The rise in digitisation across all businesses, however, has accelerated cyber risk exponentially. With cloud-based attacks rising by 630% between January and April 2020(1), organisations are now turning their focus on how to benefit from digitisation whilst maintaining sufficiently secure digital environments for their services and clients.

 

A global challenge

 

A new digital setup could easily jeopardise organisations’ cyber safety. With data becoming companies’ most valuable asset, hackers are getting creative with increasingly-sophisticated threats and phishing attacks. According to the 2019 Data Breach Investigation Report(2) by Verizon, 32% of all verified data breaches appeared to be phishing.
As data leaks are increasing (3,800 alone in 2019), so is the cyber skill shortage. According to the MIT Technology Review report(3), there will be 3.5 million unfulfilled cybersecurity jobs in 2021; a rise of 350%. As a result of Covid-19 and digitised home working, cybersecurity professionals are high in demand to fill the gaps organisations’
currently face.

 

The way forward

Although tackling InfoSec breaches in the rapidly-evolving digital innovation landscape is not easy, it is essential to keep it as an absolute priority. In our work with regulated sector firms in financial services, pharma and energy as well as with fintechs, we see consistent steps that underpin successful information security risk management. We have created a leaderboard of 10 discussion points for COOs, CIOs and CISOs to keep up with their information security needs:

  • Information Security Standards
    Understand information security standards like NIST, ISO 27001/2 and BIP 0116/7 and put in place processes and controls accordingly. These are good practices to keep a secure digital environment and are vital to include in your risk mitigation strategy. Preventing cyber attacks and data breaches is less costly and less resource-exhaustive than dealing with the damage caused by these attacks. There are serious repercussions of security breaches in terms of cost and reputational damage, yet organisations still only look at the issue after the event. Data shows that firms prefer to take a passive approach to tackle these issues instead of taking steps to prevent them in the first place.
  • Managing security in cloud delivery models
    2020 has seen a rise in the use of SaaS applications to support employee engagement, workflow management and communication. While cloud is still an area in its preliminary stages, cloud adoption is rapidly accelerating. But many firms have initiated cloud migration projects without a firm understanding and design for the future business, customer or end user flows. This is critical to ensuring a good security infrastructure in a multi-cloud operating environment. How does your firm keep up with the latest developments in Cloud Management?
  • Operational resilience
    70% of Operational Risk professionals say that their priorities and focus have changed as a result of Covid-19(4). With less than half of businesses testing their continuity and business-preparedness initiatives(5), Coronavirus served as an eye-opener in terms of revisiting these questions. Did your business continuity plan prove successful? If so, what was the key to its success? How do you define and measure operational resilience in your business? Cross-functional data sets are increasingly vital for informed risk management.
  • Culture
    Cyber risk is not just a technology problem; it is a people
    problem. You cannot mitigate cyber risks with just technology;
    embedding the right culture within your team is vital. How do you make sure a cyber-secure company culture is kept up in remote working environments? Does your company already have an information security training plan in place?

 

  • Knowing what data is important
    Data is expanding exponentially – you have to know what you need to protect. Only by defining important data, reducing the signal-to-data noise and aggregating multiple data points can organisations look to protect them. As a firm, what percentage of your data elements are defined with an owner and user access workflow?
  • Speed of innovation means risk
    The speed of innovation is often faster than the speed of safety. As technology and data adoption is rapidly changing, data protection has to keep up as well – there is little point in investing in technology until you really understand your risks and your exposure to those risks. This is increasingly true of new business-tech frameworks, including DLT, AI and Open Banking. When looking at DLT and AI based processes - how do you define the security and thresholds?
  • Master the basics
    80% of UK companies and startups are not Cyber Essentials ready, which shows that the fundamentals of data security are not being dealt with. Larger companies are rigid and not sufficiently agile – more demands are being placed on teams but without sufficient resources and skills development. Large companies cannot innovate if they are not given the freedom to actually adapt. What is the blocker in your firm?
  • Collaborate with startups
    Thousands of innovative startups tackling cyber security currently exist and many more will begin their growth journey over the next few years. Larger businesses need to be more open to collaborating with them to help speed up advancements in the cyber risk space.
  • The right technology can play a key role in efficiency and speed
    We see the emerging operating models for firms are open API based, and organisations need to stitch together many point solutions. Technology can help here if deployed correctly. For
    instance, to join up multiple data, to provide transparency of
    messages crossing in and out of systems, to execute and detect
    information security processes and controls with 100x efficiency and speed. This will make a material difference in the new world of
    financial services.
  • Transparency of your supply chain
    Supply chains are becoming more data-driven than ever with increased number of core operations and IT services being outsourced. Attackers are using weak supplier controls to compromise client networks and dispersed dependencies create increased reliance and risk exposure from entities outside of your direct control. How do you manage the current pressure points of your supplier relationships?

 Next steps

 

Cyber risk (especially regarding data protection) is simultaneously a compliance problem (regulatory risk, legal risk etc.), an architecture problem (infrastructure, business continuity, etc.), and a business problem (reputational risk, loss of trust, ‘data poisoning’, competitor intelligence etc.). There are existing risk assessment frameworks for managing operational risk (example: ORMF) – why not plug in?
Getting the basics right, using industry standards, multi-cloud environments and transparency of supply chain are good places to start. These are all to do with holistic data risk management (HRM).
While all these individual issues pose problems on their own, they can be viewed through inter-relationships applying a holistic approach where a coordinated solution can be found to efficiently manage these issues as a whole. The solution lies in taking a more deliberate approach to cyber security and following this 4-step process:

 IDENTIFY
 ORGANISE
 ASSIGN
 RESOLVE

 

 

Find out more on Operational Resilience from Leading Point:
https://leadingpointfm.com/operational-resilience-data-infrastructure-and-aconsolidated-risk-view-is-pivotal-to-the-new-rules-on-operational-risk/#_edn2

Find out more on Data Kitchen, a Leading Point initiative:
https://leadingpointfm.com/the-data-kitchen-does-data-need-science/

 

 

(1) https://www.fintechnews.org/the-2020-cybersecurity-stats-you-need-to-know/

(2) https://www.techfunnel.com/information-technology/cyber-security-trends/

(3) https://www.technologyreview.com/2018/10/18/139708/a-cyber-skills-shortage-means-students-are-being-recruited-to-fight-off-hackers/

(4) https://leadingpointfm.com/operational-resilience-data-infrastructure-and-a-consolidated-risk-view-is-pivotal-to-the-new-rules-on-operational-risk/#_edn2

(5) https://securityintelligence.com/articles/these-cybersecurity-trends-could-get-a-boost-in-2020/

 

 

 

[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px|||||"]

"With data becoming companies’ most valuable asset, hackers are getting creative with increasingly-sophisticated threats and phishing attacks."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px||0px|||"]

"Preventing cyber attacks and data breaches is less costly and less resource-exhaustive than dealing with the damage caused by these attacks."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="427px|||||" custom_padding="1px|||||"]

"70% of Operational Risk professionals say that their priorities and focus have changed as a result of Covid-19."

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.4.8"][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.4.8" min_height="643px"][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_gallery gallery_ids="4011" show_title_and_caption="off" _builder_version="4.4.8" width="100%"][/et_pb_gallery][et_pb_text _builder_version="4.4.8" custom_margin="-82px|||||" custom_padding="0px|||||"]

Rajen Madan

Founder & CEO

rajen@leadingpoint.io

Delivering Digital FS businesses. Change leader with over 20 years’ experience in helping firms with efficiency, revenue and risk management challenges

[/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_image src="https://leadingpointfm.com/wp-content/uploads/2020/09/Aliz-photo-colour-320x500-1.jpg" title_text="Aliz photo colour 320x500 (1)" _builder_version="4.4.8"][/et_pb_image][et_pb_text _builder_version="4.4.8"]

Aliz Gyenes

Leading Point

aliz@leadingpoint.io

Data Innovation, InfoSec, Investment behaviour research Helping businesses understand and improve their data strategy via the Leading Point Data Innovation Index

[/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" module_class="txtwhite" _builder_version="3.22.3" background_color="#23408f" custom_padding="||62px|||" locked="off"][et_pb_row _builder_version="4.4.8"][et_pb_column type="4_4" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_text_color="#ffffff" text_font_size="15px" header_text_color="#ffffff"]

How Leading Point can help

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.4.8"][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.4.8" animation_style="fade" locked="off"][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text admin_label="Contact Us" module_class="txtblue" _builder_version="3.27.4" text_font="||||||||" link_font="||||||||" ul_font="||||||||" text_orientation="center"]

Contact Us

[/et_pb_text][et_pb_text admin_label="Form" _builder_version="3.27.4"][formidable id=2][/et_pb_text][et_pb_code admin_label="Social media icons" module_class="form" _builder_version="3.19.4" custom_margin="0px||0px" custom_padding="0px||0px"]

[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section]

by Thushan Kumaraswamy

3 Reasons Why All Startups Should Embrace ESG

[et_pb_section fb_built="1" _builder_version="4.4.8" min_height="1084px" custom_margin="16px||-12px|||" custom_padding="0px||0px|||"][et_pb_row column_structure="2_3,1_3" _builder_version="3.25" custom_margin="-2px|auto||auto||" custom_padding="1px||3px|||"][et_pb_column type="2_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_social_media_follow url_new_window="off" follow_button="on" _builder_version="4.4.8" text_orientation="left" module_alignment="left" min_height="14px" custom_margin="1px||5px|0px|false|false" custom_padding="0px|0px|0px|0px|false|false" border_radii="on|1px|1px|1px|1px"][et_pb_social_media_follow_network social_network="linkedin" url="https://uk.linkedin.com/company/leadingpoint" _builder_version="4.4.8" background_color="#007bb6" follow_button="on" url_new_window="off"]linkedin[/et_pb_social_media_follow_network][/et_pb_social_media_follow][et_pb_image src="https://leadingpointfm.com/wp-content/uploads/2020/09/start-ups.png" title_text="start ups" align_tablet="center" align_phone="" align_last_edited="on|desktop" admin_label="Image" _builder_version="4.4.8" locked="off"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.4.8"][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_font="||||||||" text_font_size="14px" text_line_height="1.6em" header_font="||||||||" header_font_size="25px" width="100%" custom_margin="10px|-34px|-5px|||" custom_padding="16px|0px|5px|8px||" content__hover_enabled="off|desktop"]

Environmental, Social & Governance (ESG) issues are firmly on the board agendas of large, publicly-listed companies. 2021 marks the year in which VC-backed startups need to follow suit. What is the best way to achieve this change? 

Some smaller companies have already made the move. A recent survey (1) of pre-seed and series A startups found that almost two thirds already have some ESG policies in place. Of those who didn’t, over half were now seriously considering them.  

Startups can benefit from an ESG focus for three key reasons: a higher chance of investment, attracting better talent and risk mitigation.

 

Increased investment

Over the last five years there has been an explosion in VC funds focusing on startups in the ESG space. One such fund is DBL Partners. They are currently looking to raise $450m for their fourth fundt. Their mission involves investing in companies which provide capital returns while also enabling environmental and social benefits. 

More recently, an increasing number of non-ESG focused VC firms are embedding ESG values into the companies they invest in. For example, Christine Tsai, CEO of 500 Startups, one of the most active global early stage venture capital firms whose “unicorn investments” include Credit Karma, Canva, Grab and Talkdesk, said that startups should implement ESG early on (2)

If startups want to stand out, they should embed ESG policies into their business model, principles and culture at the beginning rather than trying to “retro-fit” policies later under the pressure of investors or others. 

 

Top talent attraction and retention

Startups with ESG values embedded in the business are more attractive to the best talent. This gives them a tangible competitive advantage.

Millennials currently make up 50% of the global workforce (3). A recent study (4) found that more than 40% said they had joined a firm because they performed better on sustainability. The same study showed that they are 70% more likely to stay longer if they feel the company has a strong sustainability plan. 

However, relying on ESG policies and reporting (internally and externally) alone is not enough to benefit. Startups need to embrace a culture of openness at the core of their business. They must be honest to their stakeholders about their ESG weaknesses as well as their strengths. Only then will their ESG communications be authentic and have real impact on talent attraction and more importantly retention. 

 

Risk mitigation 

ESG policies can de-risk young companies as policy adoption becomes more difficult as they grow. A recent white paper (5) argued that startups are even more vulnerable to negative reputational impacts compared to more established firms, given their relatively small size and high growth characteristics.

For example, German fintech success story Wirecard shook the financial world earlier this year as it became clear that over $2bn was missing from their balance sheet (6). Also, in late 2019, it was reported that the CEO and founder of luggage startup AWAY, which had raised over $31 million, openly bullied and belittled her employees (7). This led to a media backlash against the company which greatly impacted their growth and market position.

With stronger governance policies and procedures, these scandals may have been avoidable. Startups which embed strong governance policies early on are much less likely to run into such issues.

How to integrate ESG into a VC-backed startup

It can be difficult for founders to decide which ESG policies to apply, which areas to focus on and how to communicate their outcomes authentically to stakeholders. Yet this is something which investors and top talent are increasingly looking for.  

ESG action plans should follow a staged approach, with a roadmap assessed and realigned at each funding round:  

  • Map your current ESG strengths
     Work out what you are already doing right, supported by resources such as the Sustainable Accounting Standards Board Materiality Map to work out which ESG policies and metrics are relevant for your industry. Also, map out the ecosystem of the different stakeholders your company interacts with, including customers, suppliers, regulators and employees. 
  • Develop your goals and measure your progress
     Collect the relevant data to work out your current baseline and decide goals for the short, medium and long term, building a dashboard incorporating relevant Key Performance Indicators (KPIs) to track progress. ESG standards are complex and can need a multitude of different data points depending on the type of industry.  
  • Communicate your position
    Regularly collect and communicate your ESG data to relevant stakeholders including investors, employees, regulators, consumers and the media. Publish your ESG successes and milestones on your social media channels and your recruitment page. You might also want to consider inviting in third party auditors to validate your ESG data and methods of collecting it, and look into external certification e.g B-corp status. 

This brief overview may not answer all your questions. 

If you would like to hear more about how we can help VCs and startups manage, improve and communicate their ESG impact please get in touch. 

1. 500 Startups (2020) Survey results: The Impact of Covid-19 on the Early-Stage Investment Climate,  https://survey.500.co/investor-survey-report-download/
2.Venture Capital Journal (Jun 2020) 500 Startups makes ESG top of mind going forward,https://www.venturecapitaljournal.com/500-startups-makes-esg-top-of-mind-going-forward/
3.KMPG (2017) Meet the millennials https://home.kpmg/content/dam/kpmg/uk/pdf/2017/04/Meet-the-Millennials-Secured.pdf
4. Fast Company (Feb 2019) Most millennials would take a pay cut to work at a environmentally responsible company,https://www.fastcompany.com/90306556/most-millennials-would-take-a-pay-cut-to-work-at-a-sustainable-company
5. CDC investment works & FMO Entrepreneurial Investment Bank (Jan 2020) Responsible venture capital Integrating environmental and social approaches in early-stage investing,  https://assets.cdcgroup.com/wp-content/uploads/2020/01/16092500/Responsible-Venture-Capital.pdf
6. Markets Insider (Jun 2020) How $2 billion vanished from the balance sheet of Wirecard, according to a forensic financial expert, https://markets.businessinsider.com/news/stocks/wirecard-scandal-numbers-financial-forensic-expert-breakdown-2020-6-1029332810
7.The Verge (Dec 2019) Away’s founders sold a vision of travel and inclusion, but former employees say it masked a toxic work environment, https://www.theverge.com/2019/12/5/20995453/away-luggage-ceo-steph-korey-toxic-work-environment-travel-inclusion

 

 

 

 

[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px||0px|||"]

"Startups can benefit from an ESG focus for three key reasons: a higher chance of investment, attracting better talent and risk mitigation."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px|||||"]

"If startups want to stand out, they should embed ESG policies into their business model, principles and culture at the beginning rather than trying to “retro-fit” policies later under the pressure of investors or others."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="427px|||||" custom_padding="1px|||||"]

"ESG policies can de-risk young companies as policy adoption becomes more difficult as they grow."

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,1_4,1_2" _builder_version="3.25"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_team_member name="Ben Bilefield " position="Leading Point" image_url="https://leadingpointfm.com/wp-content/uploads/2020/09/ben.png" linkedin_url="https://www.linkedin.com/in/alejandra-curtis-gutierrez-a851366a/" _builder_version="4.4.8" inline_fonts="Sarabun"]

Environmental Social & Governance (ESG) and Sustainable Investment

Client propositions and products in data-driven transformation in ESG and Sustainable Investing.

[/et_pb_team_member][/et_pb_column][et_pb_column type="1_4" _builder_version="4.4.8"][et_pb_team_member name="Dishang Patel" position="Start Ups and Scale Ups Advisor" image_url="https://leadingpointfm.com/wp-content/uploads/2020/03/Dishang-320x500-1.png" _builder_version="4.4.8" link_option_url="mailto:dishang@leadingpoint.io"]

Responsible for delivering digital FS businesses.

Transforming delivery models for the scale up market.

[/et_pb_team_member][/et_pb_column][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_font_size="15px" width="100%" link_option_url="https://leadingpointfm.com/esg-the-future-pillars-of-investing/"]

Upcoming blogs:

 

This is the fourth in a series of blogs that will explore the ESG world: its growth, its potential opportunities and the constraints that are holding it back. We will explore the increasing importance of ESG and how it affects business leaders, investors, asset managers, regulatory actors and more.

 

Artificial Intelligence: the Solution to the ESG Data Gap? In the second part of our Environmental, Social and Governance (ESG) blog series, Anya explores the potential opportunities surrounding Artificial Intelligence and responsible investing.

 

Riding the ESG Regulatory Wave: In the third part of our Environmental, Social and Governance (ESG) blog series, Alejandra explores the implementation challenges of ESG regulations hitting EU Asset Managers and Financial Institutions.

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.4.8"][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_button button_url="https://leadingpointfm.com/wp-content/uploads/2020/09/Leading-Point-ESG-3-Reasons-why-all-startups-should-embrace-ESG-Sept-2020.pdf" button_text="Download our guide" button_alignment="center" _builder_version="4.4.8" custom_button="on" button_text_size="20px" button_text_color="#ffffff" button_bg_color="#0c71c3" button_font="|700||||on|||" button_icon="%%30%%" button_icon_color="#0c71c3" background_layout="dark" button_text_shadow_style="preset3"][/et_pb_button][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" module_class="txtwhite" _builder_version="3.22.3" background_color="#23408f" custom_padding="||62px|||" locked="off"][et_pb_row _builder_version="4.4.8"][et_pb_column type="4_4" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_text_color="#ffffff" text_font_size="15px" header_text_color="#ffffff"]

How Leading Point can help

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.4.8"][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_blurb_extended title="Bringing clarity to your company’s ESG data" use_icon="on" font_icon="%%384%%" icon_color="#ffffff" use_icon_font_size="on" icon_font_size="39px" icon_hover_color="#17a826" style_icon="on" icon_shape="use_circle" use_shape_border="on" shape_border_color="#ffffff" shape_border_hover_color="#17a826" title_hover_color="#17a826" _builder_version="4.4.8" header_text_align="left" header_text_color="#ffffff" header_font_size="17px" read_more_icon="%%20%%" text_orientation="center" custom_margin="5px|1px|5px|1px|false|false" custom_padding="0px|0px|0px|0px|false|false" animation_style="fade" locked="off"]


By using our cloud-based data visualisation platform to bring together relevant metrics, we help organisations gain a standardised view and improve your ESG reporting and portfolio performance.  Our live ESG dashboard can be used to scenario plan, map out ESG strategy and tell the ESG story to stakeholders.

[/et_pb_blurb_extended][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_blurb_extended title="Accelerating the collection of ESG metrics using AI" use_icon="on" font_icon="%%389%%" icon_color="#ffffff" use_icon_font_size="on" icon_font_size="39px" icon_hover_color="#17a826" style_icon="on" icon_shape="use_circle" use_shape_border="on" shape_border_color="#ffffff" shape_border_hover_color="#17a826" title_hover_color="#17a826" _builder_version="4.4.8" header_text_align="left" header_text_color="#ffffff" header_font_size="17px" read_more_icon="%%20%%" text_orientation="center" custom_margin="5px|1px|5px|1px|false|false" custom_padding="0px|0px|0px|0px|false|false" animation_style="fade" locked="off"]

AI helps with the process of ingesting, analysing and distributing data as well as offering predictive abilities and assessing trends in the ESG space.  Leading Point is helping our AI startup partnerships adapt their technology to pursue this new opportunity, implementing these solutions into investment firms and supporting them with the use of the technology and data management.

[/et_pb_blurb_extended][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_blurb_extended title="Assisting companies to implement upcoming EU ESG regulations" use_icon="on" font_icon="%%392%%" icon_color="#ffffff" use_icon_font_size="on" icon_font_size="39px" icon_hover_color="#17a826" style_icon="on" icon_shape="use_circle" use_shape_border="on" shape_border_color="#ffffff" shape_border_hover_color="#17a826" title_hover_color="#17a826" _builder_version="4.4.8" header_text_align="left" header_text_color="#ffffff" header_font_size="17px" read_more_icon="%%20%%" text_orientation="center" custom_margin="5px|1px|5px|1px|false|false" custom_padding="0px|0px|0px|0px|false|false" animation_style="fade" locked="off"]

Implementing ESG regulations and providing operational support to improve ESG metrics for banks and other financial institutions. Ensuring compliance by benchmarking and disclosing ESG information, in-depth data collection to satisfy corporate reporting requirements, conducting appropriate investment and risk management decisions, and to make disclosures to clients and fund investors.

[/et_pb_blurb_extended][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="3.22.3" animation_style="fade" locked="off"][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text admin_label="Contact Us" module_class="txtblue" _builder_version="3.27.4" text_font="||||||||" link_font="||||||||" ul_font="||||||||" text_orientation="center"]

Contact Us

[/et_pb_text][et_pb_text admin_label="Form" _builder_version="3.27.4"][formidable id=2][/et_pb_text][et_pb_code admin_label="Social media icons" module_class="form" _builder_version="3.19.4" custom_margin="0px||0px" custom_padding="0px||0px"]

[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section]

by Thushan Kumaraswamy

Riding the ESG Regulatory Wave

[et_pb_section fb_built="1" _builder_version="4.4.8" min_height="1084px" custom_margin="16px||-12px|||" custom_padding="0px||0px|||"][et_pb_row column_structure="2_3,1_3" _builder_version="3.25" custom_margin="-2px|auto||auto||" custom_padding="1px||3px|||"][et_pb_column type="2_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_social_media_follow url_new_window="off" follow_button="on" _builder_version="4.4.8" text_orientation="left" module_alignment="left" min_height="14px" custom_margin="1px||5px|0px|false|false" custom_padding="0px|0px|0px|0px|false|false" border_radii="on|1px|1px|1px|1px"][et_pb_social_media_follow_network social_network="linkedin" url="https://uk.linkedin.com/company/leadingpoint" _builder_version="4.4.8" background_color="#007bb6" follow_button="on" url_new_window="off"]linkedin[/et_pb_social_media_follow_network][/et_pb_social_media_follow][et_pb_image src="https://leadingpointfm.com/wp-content/uploads/2020/09/wave-again.jpg" title_text="wave again" align_tablet="center" align_phone="" align_last_edited="on|desktop" admin_label="Image" _builder_version="4.4.8" locked="off"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.4.8"][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_font="||||||||" text_font_size="14px" text_line_height="1.6em" header_font="||||||||" header_font_size="25px" width="100%" custom_margin="10px|-34px|-5px|||" custom_padding="16px|0px|5px|8px||" content__hover_enabled="off|desktop"]

Riding the ESG Regulatory Wave 

In the third part of our Environmental, Social and Governance (ESG) blog series, Alejandra explores the implementation challenges of ESG regulations hitting EU Asset Managers and Financial Institutions.

A new brand of Regulation

Whilst the world is still recovering from the effects of COVID-19, and adapting to the issues uncovered as a result of the Black Lives Matter movement, adopting sustainable practices and timely adherence to ESG regulations is pivotal in safeguarding a company’s long-term success.

Widely recognised as being more than a fad or a feel-good exercise, it is clear that creating stronger ESG alignment correlates with higher equity returns.* Compliance with ESG regulations will create monumental changes to the financial services industry and it will take well-rounded experience in regulatory transition to ensure seamless adherence and minimal disruption to operations.

Similar to the Know Your Client (KYC) and Anti Financial Crime (AFC) regulation landscape of five years ago, ESG regulation implementation will require heavy lifting from the advisory and consulting sectors. Compounded with this, firms need a commitment to transition and adjust investment principles and processes in order to achieve these ambitious goals.

This influx of new rules reflects the regulators attempts to catch up with longstanding investor demand.** As a result of these optional and mandatory principles, businesses are understanding the importance of having well-governed and socially-responsible practices in place, making it the optimal time for financial institutions to start planning for ESG rules implementation.

 

Upcoming EU ESG Regulation Examples

  1. MiFID II Amendments (in force Q1 2020) Advisers will need to be more proactive with customers in relation to ESG considerations by asking them about their preferences
  2. The Taxonomy Regulation (in force July 2020) Sets out a common classification system to determine which  economic activities and investments can be treated as “environmentally sustainable”
  3. Benchmarks Regulation Has been amended to include two new benchmarks to help increase transparency and avoid greenwashing 
    4. Stress Testing Rules for Banks Tools and mechanisms to integrate ESG factors into the EU prudential framework, banks’ business strategies, investment policies and risk management processes 

    In the last three years, ESG regulations grew by 158% in the UK, and by 145% in the US and Canada.***

The most regulated topics are business ethics and climate change in financial services, energy use and consumer rights in the US utilities, and product and service safety in healthcare and pharmaceuticals.


These regulations will affect many areas significant to asset managers, from corporate governance to process and product considerations. Implementing these changes effectively in order to gain a competitive advantage over their peers and avoiding the burden of non-compliance will mean drawing up consistent definitions, identifying the data points needed to set comparable targets, monitoring investments and reporting to regulators. Additionally, they will have to consider their role in the design, delivery and sale of financial services and products. 


Data, Benchmarking and Disclosure

When it comes to benchmarking and disclosing data it is important to highlight the difference between ‘sustainability’ and ‘ESG’. Specifically with ESG information, the devil is in the detail. Asset managers must perform this in-depth data collection to satisfy their own corporate reporting requirements, to conduct appropriate investment and risk management decisions, and to make disclosures to clients and fund investors.

Because asset managers produce, distribute and ingest financial and non-financial ESG data, these regulations can bring competitive advantage and clarity to those who implement them effectively.

A typical asset manager will have to ingest endless subsets of relevant ESG considerations from various asset classes, industries and geographies all of which depend on differing underlying data in order to reach informed and accurate decisions. The major challenge is being able to determine the data points required to set comparable targets, monitor investments, and measure and compare performance across sectors, industries, and national or regional borders.

Implementation Insights

A proactive approach is essential as it enables firms to gain an early understanding of the changes needed to their operations and position them as credible, trusted partners with regulators.

Once an organisation has established its guiding vision and strategy for implementing investment principles, the real work begins. Updates to compliance, risk management, product development, data management, sales and reporting processes all need to take place and have to be coordinated across business units and functions to ensure consistency and traceability. 

Analysis and assembly of regulations, standards and good practices, clear and up-to -date management views and evaluation of peer approaches all have to be part of a holistic regulatory implementation approach.

Whilst trying to predict the future and see the outcomes of implementing these future-facing requirements, it is important to remember the importance of flexibility and adaptability. The transition has to be well-managed and sustainable to be maintained. It is also important to incorporate lessons learnt from previous regulatory implementations. The organisations who will come out the strongest will be those who take the time to invest and begin with a good understanding of the changes in the operational environment and internal capabilities required.

https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/five-ways-that-esg-creates-value

** https://www.unpri.org/signatories/signatory-resources/signatory-directory

*** https://www.datamaran.com/global-insights-report

 

 

[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px|||||"]

"Compliance with ESG regulations will create monumental changes to the financial services industry and it will take well-rounded experience in regulatory transition to ensure seamless adherence and minimal disruption to operations."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px|||||"]

"Because asset managers produce, distribute and ingest financial and non-financial ESG data, these regulations can bring competitive advantage and clarity to those who implement them effectively."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="427px|||||" custom_padding="1px|||||"]

"Similar to the Know Your Client and Anti Financial Crime regulation landscape of five years ago, ESG regulation implementation will require heavy lifting from the advisory and consulting sectors."

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,1_4,1_2" _builder_version="3.25"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_team_member name="Alejandra Curtis " position="Leading Point" image_url="https://leadingpointfm.com/wp-content/uploads/2020/09/alejandra-1.png" linkedin_url="https://www.linkedin.com/in/alejandra-curtis-gutierrez-a851366a/" _builder_version="4.4.8" inline_fonts="Sarabun"]

Environmental Social & Governance (ESG) and Sustainable Investment

Client propositions and products in data-driven transformation in ESG and Sustainable Investing.

[/et_pb_team_member][/et_pb_column][et_pb_column type="1_4" _builder_version="4.4.8"][et_pb_team_member name="Rajen Madan" position="Founder and CEO" image_url="https://leadingpointfm.com/wp-content/uploads/2020/09/rajen.png" _builder_version="4.4.8" link_option_url="mailto:thush@leadingpoint.io"]

Responsible for delivering digital FS businesses.
Change leader with over 20 years’ experience in helping financial markets with their toughest business challenges.

[/et_pb_team_member][/et_pb_column][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_font_size="15px" width="100%" link_option_url="https://leadingpointfm.com/esg-the-future-pillars-of-investing/"]

Upcoming blogs:

This is the third in a series of blogs that will explore the ESG world: its growth, its potential opportunities and the constraints that are holding it back. We will explore the increasing importance of ESG and how it affects business leaders, investors, asset managers, regulatory actors and more.

Artificial Intelligence: the Solution to the ESG Data Gap? In the second part of our Environmental, Social and Governance (ESG) blog series, Anya explores the potential opportunities surrounding Artificial Intelligence and responsible investing.

Is it time for VCs to take ESG seriously? In the fourth part of our  Environmental, Social and Governance (ESG) blog series, Ben explores the current research on why startups should start implementing and communicating ESG policies into their business.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.4.8"][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_button button_url="https://leadingpointfm.com/wp-content/uploads/2020/09/Leading-Point-ESG-Riding-the-Regulatory-Wave-Aug-2020-1.pdf" button_text="Download our guide" button_alignment="center" _builder_version="4.4.8" custom_button="on" button_text_size="20px" button_text_color="#ffffff" button_bg_color="#0c71c3" button_font="|700||||on|||" button_icon="%%30%%" button_icon_color="#0c71c3" background_layout="dark" button_text_shadow_style="preset3"][/et_pb_button][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" module_class="txtwhite" _builder_version="3.22.3" background_color="#23408f" custom_padding="||62px|||" locked="off"][et_pb_row _builder_version="4.4.8"][et_pb_column type="4_4" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_text_color="#ffffff" text_font_size="15px" header_text_color="#ffffff"]

How Leading Point can help

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.4.8"][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_blurb_extended title="Bringing clarity to your company’s ESG data" use_icon="on" font_icon="%%384%%" icon_color="#ffffff" use_icon_font_size="on" icon_font_size="39px" icon_hover_color="#17a826" style_icon="on" icon_shape="use_circle" use_shape_border="on" shape_border_color="#ffffff" shape_border_hover_color="#17a826" title_hover_color="#17a826" _builder_version="4.4.8" header_text_align="left" header_text_color="#ffffff" header_font_size="17px" read_more_icon="%%20%%" text_orientation="center" custom_margin="5px|1px|5px|1px|false|false" custom_padding="0px|0px|0px|0px|false|false" animation_style="fade" locked="off"]


By using our cloud-based data visualisation platform to bring together relevant metrics, we help organisations gain a standardised view and improve your ESG reporting and portfolio performance.  Our live ESG dashboard can be used to scenario plan, map out ESG strategy and tell the ESG story to stakeholders.

[/et_pb_blurb_extended][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_blurb_extended title="Accelerating the collection of ESG metrics using AI" use_icon="on" font_icon="%%389%%" icon_color="#ffffff" use_icon_font_size="on" icon_font_size="39px" icon_hover_color="#17a826" style_icon="on" icon_shape="use_circle" use_shape_border="on" shape_border_color="#ffffff" shape_border_hover_color="#17a826" title_hover_color="#17a826" _builder_version="4.4.8" header_text_align="left" header_text_color="#ffffff" header_font_size="17px" read_more_icon="%%20%%" text_orientation="center" custom_margin="5px|1px|5px|1px|false|false" custom_padding="0px|0px|0px|0px|false|false" animation_style="fade" locked="off"]

AI helps with the process of ingesting, analysing and distributing data as well as offering predictive abilities and assessing trends in the ESG space.  Leading Point is helping our AI startup partnerships adapt their technology to pursue this new opportunity, implementing these solutions into investment firms and supporting them with the use of the technology and data management.

[/et_pb_blurb_extended][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_blurb_extended title="Assisting companies to implement upcoming EU ESG regulations" use_icon="on" font_icon="%%392%%" icon_color="#ffffff" use_icon_font_size="on" icon_font_size="39px" icon_hover_color="#17a826" style_icon="on" icon_shape="use_circle" use_shape_border="on" shape_border_color="#ffffff" shape_border_hover_color="#17a826" title_hover_color="#17a826" _builder_version="4.4.8" header_text_align="left" header_text_color="#ffffff" header_font_size="17px" read_more_icon="%%20%%" text_orientation="center" custom_margin="5px|1px|5px|1px|false|false" custom_padding="0px|0px|0px|0px|false|false" animation_style="fade" locked="off"]

Implementing ESG regulations and providing operational support to improve ESG metrics for banks and other financial institutions. Ensuring compliance by benchmarking and disclosing ESG information, in-depth data collection to satisfy corporate reporting requirements, conducting appropriate investment and risk management decisions, and to make disclosures to clients and fund investors.

[/et_pb_blurb_extended][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="3.22.3" animation_style="fade" locked="off"][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text admin_label="Contact Us" module_class="txtblue" _builder_version="3.27.4" text_font="||||||||" link_font="||||||||" ul_font="||||||||" text_orientation="center"]

Contact Us

[/et_pb_text][et_pb_text admin_label="Form" _builder_version="3.27.4"][formidable id=2][/et_pb_text][et_pb_code admin_label="Social media icons" module_class="form" _builder_version="3.19.4" custom_margin="0px||0px" custom_padding="0px||0px"]

  • Connect

 

 

 

 

[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section]

by Thushan Kumaraswamy

Artificial Intelligence: The Solution to the ESG Data Gap?

The Power of ESG Data

It was Warren Buffett who said, “It takes twenty years to build a reputation and five minutes to ruin it” and that is the reality that all companies face on a daily basis. An effective set of ESG (Environment, Social & Governance) policies has never been more crucial. However, it is being hindered by difficulties surrounding the effective collection and communication of ESG data points, as well a lack of standardisation when it comes to reporting such data. As a result, the ESG space is being revolutionised by Artificial Intelligence, which can find, analyse and summarise this information.
 

There is increasing public and regulatory pressure on firms to ensure their policies are sustainable and on investors to take such policies into account when making investment decisions. The issue for investors is how to know which firms are good ESG performers and which are not. The majority of information dominating research and ESG indices comes from company-reported data. However, with little regulation surrounding this, responsible investors are plagued by unhelpful data gaps and “Greenwashing”. This is when a firm uses favourable data points and convoluted wording to appear more sustainable than they are in reality. They may even leave out data points that reflect badly on them. For example, firms such as Shell are accused of using the word ‘sustainable’ in their mission statement whilst providing little evidence to support their claims (1)

Could AI be the complete solution?

AI could be the key to help investors analyse the mountain of ESG data that is yet to be explored, both structured and unstructured. Historically, AI has been proven to successfully extract relevant information from data sources including news articles but it also offers new and exciting opportunities. Consider the transcripts of board meetings from a Korean firm: AI could be used to translate and examine such data using techniques such as Sentiment Analysis. Does the CEO seem passionate about ESG issues within the company? Are they worried about an investigation into Human Rights being undertaken against them? This is a task that would be labour-intensive, to say the least, for analysts to complete manually.  

 

In addition, AI offers an opportunity for investors to not only act responsibly, but also align their ESG goals to a profitable agenda. For example, algorithms are being developed that can connect specific ESG indicators to financial performance and can therefore be used by firms to identify the risk and reward of certain investments. 

 

Whilst AI offers numerous opportunities with regards to ESG investing, it is not without fault. Firstly, AI takes enormous amounts of computing power and, hence, energy. For example, in 2018, OpenAI found the level of computational power used to train the largest AI models has been doubling every 3.4 months since 2012 (2). With the majority of the world’s energy coming from non-renewable sources, it is not difficult to spot the contradiction in motives here. We must also consider whether AI is being used to its full potential; when simply used to scan company published data, AI could actually reinforce issues such as “Greenwashing”. Further, the issue of fake news and unreliable sources of information still plagues such methods and a lot of work has to go into ensuring these sources do not feature in algorithms used. 

 

When speaking with Dr Thomas Kuh, Head of Index at leading ESG data and AI firm Truvalue Labs™, he outlined the difficulties surrounding AI but noted that since it enables human beings to make more intelligent decisions, it is surely worth having in the investment process. In fact, he described the application of AI to ESG research as ‘inevitable’ as long as it is used effectively to overcome the shortcomings of current research methods. For instance, he emphasised that AI offers real time information that traditional sources simply cannot compete with. 

 A Future for AI?

According to a 2018 survey from Greenwich Associates (3), only 17% of investment professionals currently use AI as part of their process; however, 40% of respondents stated they would increase budgets for AI in the future. As an area where investors are seemingly unsatisfied with traditional data sources, ESG is likely to see more than its fair share of this increase. Firms such as BNP Paribas (4) and Ecofi Investissements (5) are already exploring AI opportunities and many firms are following suit. We at Leading Point see AI inevitably becoming integral to an effective responsible investment process and intend to be at the heart of this revolution. 

 

AI is by no means the judge, jury and executioner when it comes to ESG investing and depends on those behind it, constantly working to improve the algorithms, as well as the analysts using it to make more informed decisions. AI does, however, have the potential to revolutionise what a responsible investment means and help reallocate resources towards firms that will create a better future.

[1] The problem with corporate greenwashing

[2] AI and Compute

[3] Could AI Displace Investment Bank Research?

[4] How AI could shape the future of investment banking

[5] How AI Can Help Find ESG Opportunities

 

"It takes twenty years to build a reputation and five minutes to ruin it"

 

AI offers an opportunity for investors to not only act responsibly, but also align their ESG goals to a profitable agenda

Environmental Social Governance (ESG) & Sustainable Investment

Client propositions and products in data driven transformation in ESG and Sustainable Investing. Previous roles include J.P. Morgan, Morgan Stanley, and EY.

 

Upcoming blogs:

This is the second in a series of blogs that will explore the ESG world: its growth, its potential opportunities and the constraints that are holding it back. We will explore the increasing importance of ESG and how it affects business leaders, investors, asset managers, regulatory actors and more.

 

 

Riding the ESG Regulatory Wave: In the third part of our Environmental, Social and Governance (ESG) blog series, Alejandra explores the implementation challenges of ESG regulations hitting EU Asset Managers and Financial Institutions.

Is it time for VCs to take ESG seriously? In the fourth part of our Environmental, Social and Governance (ESG) blog series, Ben explores the current research on why startups should start implementing and communicating ESG policies at the core of their business.

Now more than ever, businesses are understanding the importance of having well-governed and socially-responsible practices in place. A clear understanding of your ESG metrics is pivotal in order to communicate your ESG strengths to investors, clients and potential employees.

By using our cloud-based data visualisation platform to bring together relevant metrics, we help organisations gain a standardised view and improve your ESG reporting and portfolio performance.  Our live ESG dashboard can be used to scenario plan, map out ESG strategy and tell the ESG story to stakeholders.

AI helps with the process of ingesting, analysing and distributing data as well as offering predictive abilities and assessing trends in the ESG space.  Leading Point is helping our AI startup partnerships adapt their technology to pursue this new opportunity, implementing these solutions into investment firms and supporting them with the use of the technology and data management.

We offer a specialised and personalised service based on firms’ ESG priorities.  We harness the power of technology and AI to bridge the ESG data gap, avoiding ‘greenwashing’ data trends and providing a complete solution for organisations.

Leading Point's AI-implemented solutions decrease the time and effort needed to monitor current/past scandals of potential investments. Clients can see the benefits of increased output, improved KPIs and production of enhanced data outputs.

Implementing ESG regulations and providing operational support to improve ESG metrics for banks and other financial institutions. Ensuring compliance by benchmarking and disclosing ESG information, in-depth data collection to satisfy corporate reporting requirements, conducting appropriate investment and risk management decisions, and to make disclosures to clients and fund investors.

 

by Thushan Kumaraswamy

ESG: The Future Pillars of Investing

The ESG Explosion

With the ESG (Environmental, Social and Governance) market being estimated to reach $50 trillion over the next two decades [i], it is safe to say ESG is here to stay. This explosion is being driven by an increasingly conscientious world, with voices such as Greta Thunberg ensuring we no longer stay passive in our impact. Investors are increasingly realising the gains to be had from aligning themselves with firms that perform well in ESG criteria, such as risk management and possible financial gains. 

This movement from investors as well as the general public has motivated firms to look in the mirror with regards to ESG performance and how they can improve. With new regulation on the horizon, forward thinking companies are wanting to report their ESG data more frequently and comprehensively. 

ESG is Good for Business

ESG investing is becoming increasingly driven by millennials, who are taking an active role in aligning their personal values and their investing strategies. This investment pattern facilitates the belief that change - now more than ever - is a goal we can reach. If consumer behaviour is more directed towards ‘creating an impact’, what is the logical next step for businesses to thrive? 

Organisations need to become more conscious of their mission and how they communicate it to the public, especially since good ESG metrics and reporting could seriously affect their staff and customer base[ii]

. Today’s start-up culture and the focus on the entrepreneurial mindset further demands this issue to be taken seriously. As well as helping to land conscientious clients and retain millennial job talent, a strong ESG proposition directly correlates to value creation within a business. More than a fad or a feel good exercise,[iii] a stronger esg proposition correlates with higher equity returns. 

Why ESG is Important for Investors

During Q2 2019, ETFs with a sustainability criteria attracted EUR5 billion in net flows; this is more than throughout the whole of 2018[iv]. As demand skyrockets for responsible funds, there is increasing client pressure on investors and asset managers to take ESG factors into consideration. However, there are many other reasons why ESG data provides a competitive edge to investors. 

Firstly, a good ESG performance is a strong indicator that a business is well-managed and, hence, considering ESG data acts as an effective way to manage risk. For example, a recent report from McKinsey states good ESG performance is associated with lower loan and credit default swap spreads and higher credit ratings.[v]

As well as a desire to profit from ESG data, there is ever-tightening regulation meaning investors need to care about it. For example, the EU taxonomy regulation is redefining what it means for an investment to be ‘environmentally sustainable’. Investors are keen to stay ahead of such regulation by having effective methods to monitor the key ESG data points of their portfolio companies. 

Constraints on ESG

Whilst the ESG market is growing incredibly fast, there are a number of constraints on this growth. Financial data has clear, widely-agreed metrics whose implications are straightforward; however, the same cannot be said for ESG data. This can result in an “ESG Data Gap” between businesses and their investors as ESG information is failed to be communicated effectively between the two parties. 

This “Data Gap” is especially obvious in the startup world where sustainable VCs are failing to communicate the ESG landscape of their portfolio companies effectively to their LPs. Finally, there is also ever-tightening regulation surrounding ESG disclosure for Asset Managers and FIs generally. It is difficult to integrate these effectively into procedures leading to inefficiencies. 

Our series of blogs will delve deeper into the ESG world and these problems which plague it. 

 

[i] Complete guide to sustainable investing

[ii] Five ways that ESG creates value

[iii] ESG framework

[iv] https://www.wealthadviser.co/2020/01/06/281642/how-artificial-intelligence-transforming-esg-data-and-indices

[iv] https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/five-ways-that-esg-creates-value

 

As demand skyrockets for responsible funds, there is increasing client pressure on investors and asset managers to take ESG factors into consideration.

 

a good ESG performance is a strong indicator that a business is well-managed and, hence, considering ESG data acts as an effective way to manage risk.

 

Data Innovation, Investment behaviour research

Helping businesses understand and improve their data strategy via the Leading Point Data Innovation Index.

Environmental Social Governance (ESG) & Sustainable Investment

Client propositions and products in data driven transformation in ESG and Sustainable Investing. Previous roles include J.P. Morgan, Morgan Stanley, and EY.

 

Upcoming blogs:

This is the first in a series of blogs that will explore the ESG world: its growth, its potential opportunities and the constraints that are holding it back. We will explore the increasing importance of ESG and how it affects business leaders, investors, asset managers, regulatory actors and more.

Artificial Intelligence: the Solution to the ESG Data Gap? In the second part of our Environmental, Social and Governance (ESG) blog series, Anya explores the potential opportunities surrounding Artificial Intelligence and responsible investing.

Riding the ESG Regulatory Wave: In the third part of our Environmental, Social and Governance (ESG) blog series, Alejandra explores the implementation challenges of ESG regulations hitting EU Asset Managers and Financial Institutions.

Is it time for VCs to take ESG seriously? In the fourth part of our  Environmental, Social and Governance (ESG) blog series, Ben explores the current research on why startups should start implementing and communicating ESG policies into their business.

 

Now more than ever, businesses are understanding the importance of having well-governed and socially-responsible practices in place. A clear understanding of your ESG metrics is pivotal in order to communicate your ESG strengths to investors, clients and potential employees.

By using our cloud-based data visualisation platform to bring together relevant metrics, we help organisations gain a standardised view and improve your ESG reporting and portfolio performance.  Our live ESG dashboard can be used to scenario plan, map out ESG strategy and tell the ESG story to stakeholders.

AI helps with the process of ingesting, analysing and distributing data as well as offering predictive abilities and assessing trends in the ESG space.  Leading Point is helping our AI startup partnerships adapt their technology to pursue this new opportunity, implementing these solutions into investment firms and supporting them with the use of the technology and data management.

We offer a specialised and personalised service based on firms’ ESG priorities.  We harness the power of technology and AI to bridge the ESG data gap, avoiding ‘greenwashing’ data trends and providing a complete solution for organisations.

Leading Point's AI-implemented solutions decrease the time and effort needed to monitor current/past scandals of potential investments. Clients can see the benefits of increased output, improved KPIs and production of enhanced data outputs.

Implementing ESG regulations and providing operational support to improve ESG metrics for banks and other financial institutions. Ensuring compliance by benchmarking and disclosing ESG information, in-depth data collection to satisfy corporate reporting requirements, conducting appropriate investment and risk management decisions, and to make disclosures to clients and fund investors.

by Thushan Kumaraswamy

Regulatory Risk: Getting away from Whack-a-Mole

Senior Management is under more pressure than ever to demonstrate compliance and risk-sensitive decision making - but the process by which they do it is straining under the sheer number and weight of obligations to manage.

36% of fines handed out by the FCA over the last 3 years - over a third - have been for failings related to management and control (PRIN 3)*. With an average penalty of £24 million firms cannot afford to be lax in this.  Transparency of their firm’s systems and controls continues to be vital for leaders at Board level and within Senior Management Functions to ensure that their business is compliant and within risk tolerances. 

Increasingly, during the ongoing pandemic, regulators expect comprehensive, responsible, and tangible governance and control to be operated by regulated firms. Creating transparency of firms’ regulatory activity across the business paramount. Not just for leaders at Board and Senior Management Functions levels (SMFs) but also in the supporting infrastructure within Compliance, Operations, Technology, Finance, Legal, and HR.

In their recent Joint Statement for Firms, the UK regulators outlined that firms must:

“Develop and implement mitigating actions and processes to ensure that they continue to operate an effective control environment: in particular, addressing any key reporting and other controls on which they have placed reliance historically, but which may not prove effective in the current environment. .. Consider how they will secure reliable and relevant information, on a continuing basis, in order to manage their future operations.”**

Joint statement by the Financial Conduct Authority (FCA), Financial Reporting Council (FRC) and Prudential Regulation Authority (PRA), 26th March 2020

‘Securing reliable and relevant information’ is harder than it sounds. The information required for this is frequently cobbled together in PowerPoint, Excel or other tools from a wide variety of disparate sources. This is inefficient and time intensive, and is subject to inconsistencies. Information may be out of date by the time it is produced, and often does not meet the level of detail required by the various audiences. 

More than that, Senior Managers lack a consolidated view of their regulatory risk across their business. This is difficult to achieve given the number of areas they need to monitor, ongoing regulatory change, and the pace of digital transformation. Managers are often spending more time piecing together a picture of their overall regulatory ‘health’ and fighting fires than they are developing the business.

Compliance issues become like Whack-A-Mole, as soon as one gets whacked, another one pops up, and then another. Senior Management are effectively blindfolded holding the ‘mole hammer’ and have to ask a business analyst or a compliance officer “are there any moles today?” and “what do I hit?”. 

These regulatory moles are not common or garden business problem moles. There may be hundreds of moles to whack at any given time. As a result, managers need the ability to triage the reports of mole sightings to decide which is most pressing. Which is most likely to ruin his or her lawn? Is it the Sanctions Breach mole, the Data Protection mole or Transaction Reporting mole? 

Not only are there many of them - you need to keep records of which ones you’ve whacked and why. At some point you’ll need to evidence why you didn’t whack the Sanctions Breach mole immediately and provide the context for that decision. If you fail to whack enough of them, or the right ones, your business could be fined, or worse, you personally could end up in court.

This is a much more pressing issue due to the level of personal accountability, and broadened personal liability,  introduced by the Senior Managers and Certification Regime (SM&CR). The SM&CR, which came into force on 9th December 2019, overhauled the Approved Persons Regime for individuals working in UK financial services firms. Placing more stringent requirements on senior managers to take responsibility for their firms’ activities through a ‘Duty of Responsibility’ to take ‘reasonable steps’ to prevent or stop regulatory breaches. 

As the FCA Handbook states in their “Specific guidance on individual conduct rules” (COCON 4.2) addressed to Senior Managers: “SC2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.”***

We believe that one of these ‘Reasonable Steps’ is having appropriate reporting to achieve a clear view of the ‘Regulatory Health’ of their business and their risk points. Firms and Senior Managers need the ability to:

  1. Capture key regulatory risk metrics
  2. Link them to the appropriate compliance monitoring data
  3. Put those risk metrics into context across the business
  4. Generate a consolidated view of the business’ regulatory health and risk points
  5. Make it accessible & easily understandable to the relevant managers
  6. Make it ‘persistent’ over time to and allow ‘point in time’ views of risk levels

A solution that could a) take existing and live compliance data b) isolate the risk metrics that really ‘matter’, and c) present them in context across regulations and business areas is really needed for Senior Managers to have a picture of their overall risk. 

Senior Management should know where the regulatory moles are - without having to ask. Rather than having to review reams of documentation, it could allow managers a more holistic and focused view of regulatory risk across their business, as well as save time and resource spent creating, managing, and reviewing PowerPoints. Knowing what to look for is half the battle after all.  

Don’t let the moles ruin your lawn.

 

References

1. Leading Point analysis of FCA fines related to PRIN 3 Management and control: A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.” FCA Principles for Business https://www.handbook.fca.org.uk/handbook/PRIN/2/?view=chapter

 

2. https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/publication/2020/joint-statement-on-covid-19.pdf?la=en&hash=28F9AC9E45681F3DC65B90B36B5C92075048955F

 

3. “Specific guidance on individual conduct rules” (COCON 4.2) addressed to Senior Managers: https://www.handbook.fca.org.uk/handbook/COCON/4/2.html

On July 14th, experts from banks, hedge funds and market infrastructure providers will discuss how financial institutions can create transparency and insights from their regulatory risk data, and Leading Point will introduce their new industry-leading regulatory risk data system SMART_Dash.

Panellists will discuss:

- The challenges of internal regulatory oversight that all financial services firms are facing

- How businesses can create a consolidated view of their regulatory risk

- The ways that regulatory monitoring data can be more accessible

- An introduction to SMART_Dash; a revolutionary tool providing regulatory risk reassurance

*Regulatory Risk, not moles

Join our webinar to learn more about how to create transparency and insights from regulatory risk data

 

 

 

Senior Management are effectively blindfolded holding the ‘mole hammer’ and have to ask a business analyst or a compliance officer “are there any moles today?” and “what do I hit?”.

 

36% of fines handed out by the FCA over the last 3 years - over a third - have been for failings related to management and control (PRIN 3).

 

"[Firms must] Consider how they will secure reliable and relevant information, on a continuing basis, in order to manage their future operations."

 

"firms need to ensure that their cloud-based operating models are not only safe and secure, but address the capabilities required for operational resilience testing. Investment in frameworks and data analytics that can support these capabilities are essential"

 

Thushan Kumaraswamy
Head of Solutions

Architecture lead with over 20 years’ experience helping the world’s biggest financial services providers in capital markets, banking and buy-side to deliver practical business transformations in client data, treasury, sales, operations, finance and risk functions, and major firm-wide efficiency initiatives. Mastery in business and technical architecture, with significant experience in end-to-end design, development and maintenance of mission critical systems in his early career. Specialities – business and technical architecture leadership, data warehousing, capital markets, wealth management, private banking.

 

 

Rajen Madan
Founder & CEO

Change leader with over 20 years’ experience in helping financial markets with their toughest business challenges in data, operating model transformation in sales, CRM, Ops, Data, Finance & MI functions, and delivery of complex compliance, front-to-back technology implementations. Significant line experience. Former partner in management consulting leading client solution development, delivery and P&L incl. Accenture. Specialities – Operating Models, Data Assets, Compliance, Technology Partnerships & Solutions in Capital Markets, Market Infrastructure, Buy-Side, Banking & Insurance.

 

 

by Thushan Kumaraswamy

Operational Resilience: data infrastructure and a consolidated risk view is pivotal to the new rules on operational risk

What have we learnt about Operational Resilience in the last three months?  

The last three months has taken the world – and Financial Services completely by surprise and further highlighted some major weaknesses in firms’ approaches to operational risk.

In January 2020, infectious diseases or Pandemic Risk, was not in the top 20 operational risks in Financial Services – at the time dominated by Cybercrime, data breaches and financial crime.[1] While many firms’ will have run pandemic scenarios at some point as part of their operational risk scenario analysis programme (probably based on SARs, or Ebola) – it’s becoming increasingly clear that many firms’ business continuity plans were being updated ‘on the fly’ as they moved to crisis management as the pandemic situation evolved. 70% of Operational Risk professionals say that their priorities and focus have changed as a result of Covid 19.[2]

This is understandable. No-one anticipated a situation of near total remote working that the pandemic has called for – even in extreme scenarios.

Many banks and insurance companies now have up to 90% of their staff working from home and are attempting to manage the plethora of associated impacts and increased risks resulting from this new environment.

Risks such as internal fraud or engaging in unauthorised activities are increasing as a direct consequence of the reduced monitoring capabilities caused by distance working as well as simple operational errors, mistakes, and omissions. While many other indirect risks are increasing, such as cyber criminals taking advantage of new vulnerabilities revealed by remote working.

 

Regulators are re-writing the rulebook on how to manage operational risk

The ability of Financial Services to cope in situations such as this has been an area of regulatory focus for some years now, in great part driven by the parliamentary response to high profile IT failures such as with TSB or RBS[3]. Named ‘Operational Resilience’, regulators are looking at the “ability of firms and the financial sector as a whole to prevent, adapt, respond to, recover, and learn from operational disruptions.”

The Bank of England & FCA released a discussion paper in 2018 on this topic, stating:

“The financial sector needs an approach to operational risk management that includes preventative measures and the capabilities – in terms of people, processes and organisational culture – to adapt and recover when things go wrong.”[4]

Covid 19 is a prime example of things ‘going wrong’.

As a result, regulators are closely monitoring this situation as Covid 19 replaces Brexit as the test case for UK financial services’ ‘Operational Resilience’ rules. How firms manage Covid 19 now, will shape the final form of the imminent legislation as firms’ successes and failures are factored into the final rules due in 2021.

A joint PRA/FCA consultation paper ‘CP29/19 Operational resilience: Impact tolerances for important business services’ released in December 2019[5] breaks down their proposed policy and regulatory requirements to reform operational risk management. Namely:

  1. Identification of Important Business services – A firm or Financial Market Infrastructure (FMI) must identify and document the necessary people, processes, technology, facilities, and information (referred to as resources) required to deliver each of its important business services.
  2. Set impact tolerances for those business services – firms should articulate specific maximum levels of disruption, including time limits within which they will be able to resume the delivery of important business services following severe but plausible disruptions
  3. Remain within those impact tolerances – Scenario testing: is the testing of a firm or FMI’s ability to remain within its impact tolerance for each of its important business services in the event of a severe (or in the case of FMIs, extreme) but plausible disruption of its operations.

The shift in focus means moving away from tracking individual risks to individual systems and resources towards considering the chain of activities which make up a business service and its delivery. This includes outsourcing and third party risk management, as made clear in a separate consultation paper. [6] As a result, operational risk management will become significantly more data intensive.

To understand business services’ impact tolerances in ongoing testing requires a significant level of infrastructure and data sophistication. Identifying and assessing the criticality of the ‘chain’ of activities involved is a project in itself, but defining, collecting, and reporting on the right metrics on an ongoing basis would require purpose built infrastructure.

As they stand, the rules under consultation require firms to produce a detailed end-to-end mapping of processes, applications, and people, new and updated policies, standards and procedures. Testing of operational resilience programs will require significant effort from firms depending on the scale and complexity of operations, testing frequency, or level of integration required.

Alongside these operational changes, the regulators expect Boards and senior management to consider operational resilience when making strategic decisions. As a result, robust information tools are needed that incorporate metrics such as KRIs, KCIs or KPIs into informed strategic decision making.[7]

 

How firms currently manage their operational risks is undergoing a paradigm shift

Firms’ existing operational risk management is primarily informed by the Basel II’s capital requirements legislation[8]. Firms are required to hold Operational Risk Capital (ORC) against aggregate operational risks calculated largely against quantifiable, historical ‘loss events’ (i.e. how much money was lost, and for what reason) and the RCSA[9] scores based on the adequacy of the controls designed to prevent those losses.

Basel II’s more sophisticated, model-based, advanced measurement approach (AMA) has been widely criticised as being difficult to implement and ineffective – leading many firms to default to the simpler Basic Indicator Approach (BIA) rather than invest in the infrastructure to support the AMA and eat the increased capital charges the BIA entails.

As a result, most operational risk scenarios have been largely event-driven e.g. what happens if the trade reconciliation system goes down. Firms largely don’t attempt to track what would happen if that system deteriorated by 20% for example.

This is the key difference in approach between the proposed operational resilience rules and existing frameworks. Where traditional operational risk management is much more siloed and vertical, operational resilience requires a much more holistic, and horizontal, approach internally.

Taking an end-to-end view of the ‘chain’ of activities that make up a service and its associated controls, means tracking the entirety of the inputs and outputs from front to back across business lines, middle and back offices, and 3rd party suppliers and outsourcing (e.g. from sales to execution to settlement).

As a result, analysing the impact of a deterioration in control effectiveness requires data infrastructure and risk management software designed for the purpose that can incorporate the relevant metrics (e.g. volume, uptime, etc.) and track the impact of changes across downstream processes.

Given many firms have challenges managing end-to-end business flows on a BAU basis without significant manual manipulation of data as they are so complex and fractured, there will likely be significant challenges around defining and delivering resilience thresholds which meet the regulatory requirements as the data sets underpinning such thresholds will also be complex and fractured.

Basel II’s system is now being overhauled with the new Standardized Measurement Approach (SMA) under Basel III regulations, now[10] due 2023. As a result, banks will need to ensure their internal loss data is as accurate and robust as possible to substantiate their calculated ORC.

How this system meshes with the operational resilience rules is an open question for the industry. Can they be aligned? or will firms be doomed to operate multiple and potentially conflicting risk frameworks?

 

Movement to the cloud needs purposeful development of operational resilience capabilities

The regulators are clear about how they see the future of Financial Institutions – they should be deeply interconnected with the regulators and be able to provide the data they need ‘on tap’. The move towards more granular, end-to-end views of operational resilience needs to be seen as a continuation of this objective.

According to ORX, the international operational risk management association:

“Risks are becoming more interconnected and traditional operational risk management is not suited to manage them … we have tools, we have tactics, we have value, but that we lack a strategy. We need a strategy to deal with the changing risk horizon, new business models, changing technology and, most of all, new expectations from senior management.”[11]

These are issues the UK regulators understand deeply, however, the Operational Resilience proposals need to be seen in the broader regulatory context. In the UK, the industry spends £4.5 billion in regulatory reporting, but the BoE wants to move towards a more integrated system.

“supervisors now receive more than 1 billion rows of data each month… the amount of data available in regulatory and management reports now exceeds our ability to analyse it using traditional methods.”[12]

As a result, the BoE has tabled proposals to pull data directly from firms’ systems or use APIs to ‘skip the middleman’ and go directly to source[13].

The drive towards innovation and digital transformation means the industry is aggressively moving towards wholescale cloud adoption. As firms such as a Blackrock, Lloyds, sign strategic partnership deals with Google, Microsoft or other cloud providers, in 2020, cloud technology is seen as a real, scalable and safe option for Financial Services.

While cloud security is a well-known concern, firms need to ensure that their cloud-based operating models are not only safe and secure, but address the capabilities required for operational resilience testing. Investment in frameworks and data analytics that can support these capabilities are essential – but should not be limited to purely operational resilience objectives.

Cloud adoption is a huge opportunity for firms to build ‘green field’ infrastructure that can not only support digitisation and business transformation objectives but also support ever increasing data requirements – regulatory or otherwise. The ability to handle and trace iterative regulatory requirements for new data sets need to be built into the fabric of firms’ operating models not just for compliance purposes but to track the impact of that compliance.

Conclusion

How many firms have today a consolidated view of their anti-financial crime, information security, or other non-financial or compliance risks, the resources devoted to their management, or the management information on tap to support decision making? It is clear firms need the right infrastructure and tools to support the granularity, and traceability of these data sets.

Real investment in operational risk data capabilities can yield significant business benefits – not just in the reduction of material risk and future spend on compliance, but as an invaluable source of internal intelligence for resource and business optimisation.

Top-of-the-line risk data positions Financial Institutions to further build out capabilities such as big data analytics, correlation and root cause analysis, and predictive risk intelligence.

However, in the face of the current pandemic, competing challenger institutions, market disruption, and the uncertainties of the future – the ability for firms to provide evidence they are robust and resilient organisations will give them a real competitive advantage as clients seek resiliency as core requirement in their banking/FMI partners.

Ultimately, the most important benefit a robust operational resilience framework can give firms is trust – from both customers and regulators.

 

[1] Risk.Net, March 2020, ‘Top 10 operational risks for 2020’ https://www.risk.net/risk-management/7450731/top-10-operational-risks-for-2020

[2] Elena Pykhova, 2020, ‘Operational Risk Management during Covid-19: Have priorities changed?’ https://www.linkedin.com/pulse/operational-risk-management-during-covid-19-have-changed-pykhova/

[3] House of Commons & Treasury Committee, October 2019, ‘IT failures in the Financial Services Sector’ https://publications.parliament.uk/pa/cm201919/cmselect/cmtreasy/224/224.pdf

[4] Bank of England & FCA, 2018, ‘Building the UK financial sector’s operational resilience’ https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/discussion-paper/2018/dp118.pdf?la=en&hash=4238F3B14D839EBE6BEFBD6B5E5634FB95197D8A

[5] Bank of England/PRA, December 2019, ‘CP29/19 Operational resilience: Impact tolerances for important business services’ https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/consultation-paper/2019/cp2919.pdf

[6] Bank of England/PRA, December 2019, ‘CP30/19 Outsourcing and third party risk management’ https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/consultation-paper/2019/cp3019.pdf?la=en&hash=4766BFA4EA8C278BFBE77CADB37C8F34308C97D5

[7] Key Risk Indicators, Key Control Indicators, and Key Performance Indicators respectively.

[8] There are a whole host of regulations that impact operational risk management in a variety of ways such as CPMI-IOSCO Principles for Financial Market Infrastructures, the G7 Fundamental Elements of Cybersecurity for the Financial Sector, the NIST Cybersecurity Framework, ISO 22301, the Business Continuity Institute (BCI) Good Practices Guidelines 2018.

[9] (Risk Control Self Assessment)

[10] Delayed by a year as a result of Covid 19

[11] ORX, September 2019, The ORX Annual Report, https://managingrisktogether.orx.org/sites/default/files/public/downloads/2019/09/theorxannualreportleadingtheway_0.pdf

[12] Bank of England, June 2019, ‘New Economy, New Finance, New Bank: The Bank of England’s response to the van Steenis review on the Future of Finance’ https://www.bankofengland.co.uk/-/media/boe/files/report/2019/response-to-the-future-of-finance-report.pdf?la=en&hash=C4FA7E3D277DC82934050840DBCFBFC7C67509A4#page=11

[13]  Ibid

 

“Risks are becoming more interconnected and traditional operational risk management is not suited to manage them” –

ORX, The operational risk management association

 

 

Taking an end-to-end view of the ‘chain’ of activities that make up a service and its associated controls, means tracking the entirety of the inputs and outputs from front to back across business lines, middle and back offices, and 3rd party suppliers and outsourcing (e.g. from sales to execution to settlement).

 

Given many firms have challenges managing end-to-end business flows on a BAU basis without significant manual manipulation of data as they are so complex and fractured, there will likely be significant challenges around defining and delivering resilience thresholds which meet the regulatory requirements as the data sets underpinning such thresholds will also be complex and fractured.

 

“firms need to ensure that their cloud-based operating models are not only safe and secure, but address the capabilities required for operational resilience testing. Investment in frameworks and data analytics that can support these capabilities are essential”

 

No-one anticipated a situation of near total remote working that the pandemic has called for – even in extreme scenarios.

 

Real investment in operational risk data capabilities can yield significant business benefits – not just in the reduction of material risk and future spend on compliance, but as an invaluable source of internal intelligence for resource and business optimisation.

 

Nick Fry
Reg Change, Data SME, RegTech Propositions

Experienced financial services professional and consultant with 25 years’ experience in the industry. Extensive and varied business knowledge both as a senior manager in BAU and change roles within investment banking operations and as a project delivery lead, client account manager, practice lead and business developer for consulting firms

 

 

Alaric Gibson
Reg Change, Data SME, RegTech Propositions

Analyst with expertise in regulatory analysis and implementation, customer reference data management, and data driven transformation & delivery. Has worked for a number of RegTech start-ups within Capital Markets.

 

 

by Thushan Kumaraswamy

Scaling a cyber-security FinTech with our interim COO leadership

"Leading Point have been instrumental in helping us cover our COO needs at a critical stage for the business from a product readiness and a go-to-market perspective. They have developed our client implementation capability with fit-for-purpose processes, systems and methodologies, significantly improving our engagement with our target customers and our time to market. We look forward to our continued alliance with Leading Point as our implementation partner to help us grow in the right way."

CEO @ Information & Cyber Risk Startup

by Rajen Madan

Time to Reset?

We see the varnish from the old oil painting of government, enterprise, business and leadership fade a bit every day. 2020 has already shown us how interconnected our world has become - a true Butterfly Effect. Interconnectivity is not a bad thing. It is the fragility, the brittleness of modern economies that is cause for concern. I believe this is a result of critical imbalances we have allowed to build up, without questioning. Now as the varnish from the old oil painting comes off, we have a once in a decade opportunity to reset and tackle these imbalances. To make bold brush strokes.

Where can we start?

Big Government or Small?

Do we need a Big Government or Small? The term ‘Big Government’ here is not intended to be derogatory. We see national priorities and decisions that don’t match that of the city, the village, or the council. Great plans and budgets that don’t translate into change on the ground. Equally, in the face of this crisis, we see barriers breaking down. A C-19 COVID Symptom tracker app, which each of us can use, allows a judicious allocation of scarce testing and treatment resources at a national and grassroot level. The opportunity is to examine the flow from the national to the level of council. Provide transparency and allow engagement. If it doesn't exist it should be created. Direct channels for us citizens to highlight problems, propose solutions, be data-driven and monitor implementation. It is not a question of a big government versus small. It is one that works transparently that matters.

Public or Private Sector Enterprise?

A key debate going into 2020 was about which sector provides a better service, is more efficient with resources - private or public sector enterprise? Think about the NHS, Transport, Energy, Manufacturing, Financial Services, Agriculture, Technology and Utilities. Healthy arguments and examples are cited to show the merits of both public and private sector. I believe the public-private argument completely misses the point. Whether an enterprise provides a good service or poor, spends judiciously or not is not down to public or private sector. It is down to some key principles - how it is governed, how accountable is its team and partners, does it know what good service looks like and is it equipped to provide these services. Enterprises can be funded by either public or private sector resources. The opportunity ahead is in data and tech enabled service delivery models, going digital. And public-private collaboration funding models can ignite innovation and value added services. The key to provide good service is not public or private sector, it is to provide a good service!

 

Role of Business

Businesses are standing out in two ways in these times. Those that care about their employees and partners and are doing their bit to help their communities and those that pretend to. People will remember businesses that care. Those that don't, will fall out of favour. That most of our essential "front line" staff in the face of a pandemic are paid low/ minimum wages is cowardly. It shows the scale of imbalances we have allowed to build up and seem to be comfortable with. Colleagues in maintenance, cleaning, nursing, restaurant, retail, agriculture, driving, security, manufacturing and teaching professions amongst others need to be compensated fairly. The opportunity here is to go after skewed compensation models, unviable business models and poor productivity with vigour. The tax structures reportedly exploited by big tech and conglomerates are ripe for reform and become principle driven. Likewise business owners having billions and calling for government bailouts or larger profitable companies using furlough schemes to offload their responsibilities to the public should face the consequence. This is a failure of law and the will of successive governments. Let us get it right this time. Bashing businesses and entrepreneurs is not the answer. They are born from the risk-reward equation and are the lifeblood of any economy.

Lessons in Leadership

As much as it is tempting to draw leadership lessons from the current pandemic, they are unique to the situation and not a one size fits all. But I find the war analogy somewhat flawed. The chancellor of the exchequer, Rishi Sunak said “we will be judged by our capacity for compassion and individual acts of kindness” – does that sound like a war? If anything, the lesson for future leaders is to be that much more focused on ensuring their team’s wellbeing, ensuring they are equipped with relevant resources. Good leaders will understand the importance of the informal and the invisible stuff – collaboration, unconventional thinking, meaningful conversations and problem solving over formal organisation structures. The world we have to navigate in is increasingly unpredictable and non-linear, command and control team structures and top-down change will not work.

Everyday we are seeing concrete examples of what is working in business, government and leadership and what is not. We can allow 2020 to be one mired in tragedy, lost lives, lost livelihoods and failed businesses or we can seize the once in a decade opportunity to reset and create the government, the enterprise, the business and leaders that we want and have lacked for some time. This is within reach.

What steps do you think will help create better business, government and leaders?

Please feel free to comment and share. Keep well!

Change leader with over 20 years’ experience in helping financial markets with their toughest business challenges in data, operating model transformation in sales, CRM, Ops, Data, Finance & MI functions, and delivery of complex compliance, front-to-back technology implementations. Significant line experience. Former partner in management consulting leading client solution development, delivery and P&L incl. Accenture. Specialities – Operating Models, Data Assets, Compliance, Technology Partnerships & Solutions in Capital Markets, Market Infrastructure, Buy-Side, Banking & Insurance.

"2020 has already shown us how interconnected our world has become - a true Butterfly Effect."

"It is not a question of a big government versus small. It is one that works transparently that matters."

"Businesses are standing out in two ways in these times. Those that care about their employees and partners and are doing their bit to help their communities and those that pretend to."

 

"We can allow 2020 to be one mired in tragedy, lost lives, lost livelihoods and failed businesses or we can seize the once in a decade opportunity to reset and create the government, the enterprise, the business and leaders that we want and have lacked for some time"

 

by Rajen Madan

Reimagining trading platform support: Who's supporting you through turbulent times?

Trading platform support is, and has been, going through some heavy changes. It’s a changing world we live in and even putting the current situation to one side (we know it’s difficult but let’s try) it’s worth noting how cost reduction, market consolidations, and changes in approach, etc. have changed the landscape for how trading platforms are supported.

Good front line support for trading platform functionality is now more difficult to access and slower to respond resulting in fewer issues actually being resolved.

Changes in focus from vendors has meant the trading industry has had to come up with, let’s face it, a compromise, to ensure their businesses can continue to operate ‘as normal’. There are many new normals across all industries and sectors at present, but the trading world is highly arcane in nature and therefore any change is difficult for traders and salespeople alike. This has translated into moves towards other models like ‘Live Chat’ style support, which some find impersonal, with fewer experienced people showing up regularly at client sites.

At the sharp end this can mean less voice support and a reduction in face to face support resulting in declining reassurance for users from regular contact with the ‘floorwalkers’. Some trading platform users have found that trading support has been neglected and their experience has suffered as a consequence.

For instance, a Waters Technology article, published last year, reported one Fidessa user citing difficulties with issue resolution:

“It seems like they’ve lost the ability to distinguish between a general issue and an urgent issue that needs to be resolved because it’s putting our clients at risk. We’ve had some issues that have been sitting with them for months.”

Obviously this is a sub-optimal ongoing predicament to be in. Whether due to cost savings, staff attrition rates or other reasons – the provision of first line support has deteriorated.

Even so, the cost of support to a trading firm remains constant in real terms. But in terms of what they get in return, it effectively becomes an added overhead translating to something with a diminishing return.

Added to these ongoing, and somewhat reluctantly accepted concerns, new uncertainties are pushing themselves to the forefront of users minds. The big one currently of course are the changes companies and staff are having to make now to their working arrangements in relation to the current climate and the need to maintain a distributed workforce.

Uncertainties around this mean that some in this space now acknowledge a real need for flexibility and better business continuity planning and scalability options (there have been significant spikes in volumes and volatility) in the approach to providing support for users. One just needs to look at the increasing number of LinkedIn or Facebook posts of people attempting to replicate their office desk at home to see the level of impact.

All of the above factors appear to be leading to a dawning realisation for many trading platform users for two necessary changes:

  • A higher degree of self-sufficiency for navigating a platform and making full use of its features.
  • Fast and reliable turnaround for resolving complex issues and being trained in new functionality without the necessity to call upon a fixed cost resource pool.

So what is the obstacle here?

Think about applications like Word or Excel. How many people who regularly use applications such as these are proficient in just enough to enable them to carry out their daily job? Many of these people are probably utilising less than ten percent of what the application offers and therefore unable to identify avoidable bottlenecks and efficiency gains no matter how simple to implement – 90% of the potential benefits remain unused, an ‘unknown unknown’.

With such a wealth of functionality offered, knowing what *really* matters requires an understanding of both the application and your specific needs.

The same can be said for trading functionality; untapped opportunities for improved workflows are lying undiscovered and unutilised before users’ eyes. Comprehensive support and training in existing and new functionality can pave the way for users to discover that potential including, dare we say, the opportunity of alpha generation due to the possibility of speed of use through innate familiarity.

Communication and tailored collaboration with knowledgeable and experienced support teams is essential. Targeted, independent and focused front line support available from experienced outsourced providers presents a viable support proposition for platform users, wherever you sit in the organisation.

At Leading Point we are not only able to react to issues quickly but also know the information you are looking for (often before you need it) that will make a real difference to your daily trading platform experiences. With an innate ability to speak your ‘language’ we can provide seamless communication. All of this underpinned by an always available service when you and your users need it most.

  • Imagine an innovative trading support experience comprising an equally innovative commercial model enhancing an entire trading platform experience.
  • Imagine the knowledge your users can benefit from through such a collaboration and the degree to which that benefit is passed on to clients
  • Imagine, through the unlocking of that untapped potential, your regular users becoming super users

The time for change is NOW. If you’d like to get in touch, we would be delighted to tell you more about the potential benefits to you and your firm.

 

Untapped opportunities for improved workflows are lying undiscovered and unutilised before users’ eyes.

 

Good front line support for trading platform functionality is now more difficult to access and slower to respond resulting in fewer issues actually being resolved.

 

“It seems like they’ve lost the ability to distinguish between a general issue and an urgent issue that needs to be resolved because it’s putting our clients at risk.”

by Thushan Kumaraswamy

Legal Risk: Too big to manage?

Arguably, the model by which we manage legal risk in Financial Institutions is no longer fit for purpose.

The current model assumes that regulatory change can be accommodated “off the side of the desk” of the legal department using outsourced project teams to do the bulk of the work.  This model may not only be inappropriate in the current deluge of regulation and business generated data, it may actually introduce further risk.

As firms grow and change, they amass an enormous quantity and variety of contracts.  These contracts, coupled with regulations, form an array of legal obligations, which the firm attempts to track. The numbers surrounding regulation and legal data are astronomic:

  • Spending on regulatory compliance is now around 200 to 300 billion US dollars[i]
  • Hundreds of acts are promulgated in the EU alone every year[ii]
  • There are an estimated 50 million words in the UK statute book, with 100,000 words added or changed every month[iii]
  • 250  number of regulatory alerts issued daily  by over 900 regulators globally

And, when firms get into litigation, the figures boggle the mind:

“We’re now working on a case more than twice that size, with 65m [documents], and there’s one on the way with over 100m. It’s impossible to investigate cases like ours without technology.”[iv]

It is not all about the numbers either.  Each piece of new legislation, i.e. new law, is linked somehow with a number of existing laws so it is not just a matter of treating each one in isolation.[v]

In addition, there are self-made “laws” in the shape of legal agreements (contracts) which set out the respective obligations agreed between the parties entering into the agreement.  Both types of law need to be mapped and tracked throughout the contract lifecycle.  Data on this flow management is difficult to come by as many firms do not (or are not able to) collect management information about legal activity.

 

MANAGING LEGAL RISK IS A HUGE UNDERTAKING

Lawyers are working ever harder both in-house and in law firms than ever before.[vi]

It is difficult to generalise about the way in-house legal departments[vii] within financial services firms are run but two general themes are discernible.  General Counsel (GCs) are expected to run their departments aligned to business strategies with budgets provided by the Business[viii]; and, they are expected to manage regulatory and legal risk.

Managing Legal Risk for a large Financial Institution is huge undertaking. Ensuring that a firm tracks emerging regulation, operationalises compliance with new law, educates the workforce (and its clients) on compliance, agrees with its clients in writing how their relationship needs to change in response to new law, ensures that daily business activities are structured to be compliant and are recorded accurately in writing – all this is the management of regulatory and legal risk[ix].

There is no standard definition of legal risk, but can be defined as ‘the risk of loss to an institution that is primarily caused by’:[x]

  1. a defective transaction;
  2. a claim (including a defence to a claim or counterclaim) being made or some other event occurring that results in a liability for the institution or other loss (for example as a result of the termination of the contract);
  3. failing to take appropriate measures to protect assets (for example intellectual property) owned by the institution;
  4. a change in law.

The repercussions for failure to manage legal risk are many and varied.  One of the tools used by the regulators is to “name and shame” non-compliant firms.  Not only does a firm receive a fine but it is also publicly named in the Final Report[xi] and in the press as having failed to comply with the relevant regulation.

This has a direct impact on a firm’s reputation (hence the term “reputational risk”) - current and prospective clients will ask awkward questions or even leave the firm; the firm may lose credibility in the marketplace; the balance sheet and profitability will be impacted.  It also has an adverse impact on a firm’s ability to attract and retain staff.  Employees may ask awkward questions (in some cases whistle blow), leave the firm, or occasionally be able to claim compensation.

All this is in addition to whatever fine is levied which will have balance sheet and prudential management implications.  The firm may need to hold additional capital against the risk of future failure.  And the regulators, globally, will now be acutely aware of a firm’s failings and will be more watchful.

All four of these pillars of legal risk could potentially be in play in each regulatory change project, i.e. when a new law is introduced or an existing law has changed, because with every regulatory change there is always a document change. This means that as regulation evolves, and contracts continue to be developed, there are a myriad of obligations to manage and analyse.

Each regulatory change project, which is conducted in addition to a lawyer’s usual (BAU) duties, produces a plethora of new documents. Lawyers need to analyse each one to figure out how the introduction of new obligations impacts the old ones.  In addition, every new piece of legislation means more reading, more rethinking of business strategy, resulting in more paperwork.

 

IN-HOUSE LEGAL IS UNDER PRESSURE

Despite the scale and complexity of this task, as well as the negative consequences of getting it wrong, the legal department is generally regarded as a cost centre and may be underfunded.

The current model has the legal department in a more or less successful partnership with the Business providing advice on existing and new activities and projects, advising on existing law and new regulations, documenting the intent between the business and their counterparties, i.e. creating/updating legal agreements, negotiating those contracts, advising on strategy and execution when things go wrong.

The legal department is “paid” for its time by way of a budget provided by the business which covers the salaries of lawyers and support staff.  For more difficult matters, the advice of external counsel is sought – again paid for by the Business.

With budget constraints and cost cutting in firms, legal departments don’t have the staff numbers they used to. Like all other functions in-house legal departments are under pressure to cut costs and improve efficiency, transparency, user experience and access to data. Sometimes, more junior lawyers have been retained while seniors have been let go on the basis that external counsel can fill the gap.

If the Business increases its activity level or if there are a number of non-BAU projects then, clearly, these fewer resources are less likely to cope.  This results in slower service to the Business and, sometimes, increased costs as work needs to be outsourced.

The decrease in budget and lawyer numbers are likely to result in increased legal risk because:

  • Delays impact new business as Business may go ahead without legal documentation because they cannot afford to wait. When the deal is finally documented, the documentation may not accurately reflect what was agreed between the parties
  • Tired lawyers make poorer decisions
  • Institutional memory loss as staff leave and legal knowledge pertaining to the Business is lost
  • Increased opportunity costs as prioritisation means that urgent issues may be addressed while the important are left unaddressed[xii]
  • Legal tools which might alleviate some of the above are unavailable or poorly understood or unable to be used.

The result is an environment where legal functions spend the highest proportion of time (and budget) reacting to compliance breaches, misconduct, litigation and arbitration, rather than anticipating risk and prevention – leaving the legal department is unable to adequately support the business’ needs.

So, either the legal department needs more lawyers to keep up with demand or it needs to figure out how to use the lawyers it has more effectively so that they are not spending their time on low level, repetitive tasks which might more efficiently be done by a legal tool.

The model needs to change.

 

[i] KPMG RegTech – There’s a revolution coming puts the figure at $270bn - https://home.kpmg/content/dam/kpmg/uk/pdf/2018/09/regtech-revolution-coming.pdf

[ii] https://eur-lex.europa.eu/statistics/legislative-acts-statistics.html

[iii] https://gtr.ukri.org/projects?ref=AH%2FL010232%2F1

[iv] Ben Denison, Serious Fraud Office chief technology officer, https://www.ft.com/content/7a990f1a-d067-11e8-9a3c-5d5eac8f1ab4

[v] See, for example, John Sheridan’s visualisation of the interconnectedness of one piece of UK legislation (the Companies, Audit, Investigations and Community Enterprise Act 2004)

[vi] https://www.legalcheek.com/2018/11/revealed-law-firms-average-arrive-and-leave-the-office-times-2018-19/

[viii] Legal is perceived as a cost centre not a revenue generator.  The Business is a catch all term which refers to the revenue generating portions of a financial institution

[ix] Legal risk is a subset of operational risk under Basel II

[x] Cited in Legal risks and risks for lawyers, Herbert Smith Freehills and London School of Economics Regulatory Reform Forum, June 2013

[xi] The paper produced by the FCA setting out the details of the firm’s failings and the fine

[xii] President Eisenhower quoting a college president to the Second Assembly of the World Council of Churches: “This President said, "I have two kinds of problems, the urgent and the important. The urgent are not important, and the important are never urgent."”  https://www.presidency.ucsb.edu/documents/address-the-second-assembly-the-world-council-churches-evanston-illinois

 

legal functions spend the highest proportion of time (and budget) reacting... rather than anticipating risk and prevention

 

“We’re now working on a case ... with 65m [documents], and there’s one on the way with over 100m. It’s impossible to investigate cases like ours without technology.”

 

Despite the scale and complexity of this task, as well as the negative consequences of getting it wrong, the legal department is generally regarded as a cost centre and may be underfunded.

 

either the legal department needs more lawyers to keep up with demand or it needs to figure out how to use the lawyers it has more effectively  

 

in-house legal departments are under pressure to cut costs and improve efficiency, transparency, user experience and access to data.

 

by Thushan Kumaraswamy

LIBOR: Manual Approaches are no Longer Enough to Manage FS Legal Data

The transition away from LIBOR is the biggest contract remediation exercise in Financial Services history – and firms are under prepared.

As the Bank of England and FCA lays out in bold font, in their January 2020 letter to CEOs, “LIBOR will cease to exist after the end of 2021. No firm should plan otherwise.”[1] As a result, Financial Institutions have very little time to reduce their “stock of legacy LIBOR contracts to an absolute minimum before end-2021”.

The challenge is this:

1. Firms have to find every reference to IBORs embedded in every contract they hold.

2. Update each contract with fallback provisions or to reflect the terms of the alternative reference rate they are migrating to.

3. Communicate the results with clients

 

This is much easier said than done due to the sheer scale of the task.

LIBOR’s retirement has the potential to impact over US$ 350 trillion of contracts and will require all LIBOR transactions (estimated at over 100 million documents) to be examined and most likely repapered. LIBOR is embedded in far more than just derivative contracts. Every asset class is affected; from mortgages and retail loans, to commodities, bonds or securities. The resolution of Lehman Brothers after 2008 gives some idea of the scale of the repapering effort for each firm – Lehman was party to more than 900,000 derivatives contracts alone.

The scope of the problem is part of the problem. Hard numbers are difficult to come by as no-one really knows exactly what their exposure is, or how many contracts they need to change.

Current estimates say large banks’ may be exposed to more than 250,000 contracts directly referencing LIBOR maturing after 2021, and indirectly exposed to many thousands more embedded in servicing activities, supplier agreements or more.

Only 15% of Financial Institutions are ready to deal with this volume of contract remediation, deal restructuring, and repapering activities required for the scale of their legacy contract back-book.[2] Fourteen of the world’s top banks expect to spend more than $1.2 billion on the LIBOR transition[3].

 

To approach the LIBOR transition manually will likely require years of man-hours and cost millions of dollars, with significant potential for human error

 

There are a wide variety of risks to consider.

But it’s not as straightforward as a ‘Find and Replace’ on legal terminology referencing LIBOR. Firms face huge operational, conduct, legal and regulatory risk arising from both the difficulties in managing the vast volumes of complex client contractual documentation but also the downstream impacts of that documentation having been changed.

Conduct Risk: In the UK, the Treating Customers Fairly (TCF) regime is particularly concerned with how customers are affected by firms’ LIBOR transition plans. Before contracts can be updated, firms will need to ensure that LIBOR linked products and services have ‘fair’ replacement rates that operate effectively.[1] Firms will also need to ensure that any changes made are applied across the entire customer ‘class’ to comply with TCF rules and avoid preferential treatment issues.

Legal Risk: There is a huge amount of legal risk arising from disputes in what interest rates should be paid out in amended agreements referencing alternative reference rates.[2] The ISDA protocol expected to be published in Q2 2020 should help with, but not solve, these problems.[3]

This is not to mention the legacy contracts that cannot legally be converted or amended with fallbacks – named by Andrew Bailey at the FCA as the ‘tough legacy’.[4] The UK Working Group on Sterling Risk Free Reference Rates (RFRWG) is due to publish a paper on ‘tough’ legacy contracts in the second half of Q1 2020.[5]

The realism of firms’ assessments of the number of contracts requiring renegotiation should be considered a legal risk in itself – a realised 10% increase in this number would likely incur serious, additional legal fees.

Prudential Risk: When the underlying contracts change, firms may find themselves in a position where suddenly the instruments they rely on for capital adequacy purposes may no longer be eligible - “This could result in a sudden drop in a bank’s capital position.” [6] For similar reasons, there are a number of Counterparty Credit, Market, Liquidity, and Interest Rate Risks that will need to be reflected in firms’ approaches.

Regulatory Risk: Regulators are closely monitoring firms’ transition progress – and they are not happy with what they are seeing. Financial Policy Committee (FPC) stated in January, 2020, has made clear that they are ‘considering’ the supervisory tools that authorities could use to “encourage the reduction in the stock of legacy LIBOR contracts to an absolute minimum before end-2021.”[7] This is regulatory code for ‘we will either fine or increase the capital requirements for firms we judge to be dropping the ball’. The PRA and FCA laid out their expectations for the transition in June 2019 – this is required reading for any LIBOR transition project manager.[8]

 

It’s not as straightforward as a ‘Find and Replace’ on legal terminology referencing LIBOR

 

What this means for firms is that they need:

1. The capability to quantify their LIBOR exposure – Firms need a good understanding of their LIBOR contractual exposure that can quantify a) firms’ contractual population (i.e. which documents are affected) b) the legal, conduct and financial risk posed by the amendment of those documents

2. The ability to dynamically manage and track this exposure over time – As strategies evolve, the regulatory environment changes, and new scenarios develop, so will firms’ exposure to LIBOR change. Without good quality analytics that can track this effectively, in the context of this massive change project, firms will be strategically and tactically ‘flying blind’ in the face of the massive market shifts LIBOR will bring about.

3. The capability to manage documentation - Jurisdictional, product, or institutional differences will necessitate large client outreach efforts to renegotiate large populations of contracts, manage approvals & conflict resolution, while tracking interim fall-back provisions and front office novation of new products to new benchmarks.

Accomplishing the above will require enterprise-wide contract discovery, digitisation, term extraction, repapering, client outreach and communication capabilities – and the ability to tie them all together in a joined-up way.

To approach the LIBOR transition manually will likely require years of person-hours and cost millions of dollars, with significant potential for human error.

 

Accomplishing the above will require enterprise-wide contract discovery, digitisation, term extraction, repapering, client outreach and communication capabilities – and the ability to tie them all together in a joined-up way

 

LIBOR cannot be treated as ‘just one more’ repapering exercise.

Firms are continually hit with new requirements which require the update, negotiation and amendment of client contracts.

The reaction is always the same: Scramble to identify the documents impacted, outsource the thornier problems to external legal, and hire huge teams of consultants, remediation armies and legal operations to handle the contract updates and communications with counterparties.

Once complete - often months past the deadline - everyone stands down and goes home. Only to do the same thing again next year in response to the next crisis. While this gets the job done, there are number of problems with this project by project approach:

1. It’s inefficient: Vast amounts of time (and money) is spent just finding the documents distributed around the business, often in hard copy, or locked away in filing cabinets.

2. It’s expensive: External legal, consultants and remediation shops don’t come cheap – especially when the scope of the project inevitably expands past the initial parameters.

3. It’s ineffective: Little to no institutional knowledge is retained of the project, no new processes are put in place, and documents continue to get locked away in filing cabinets - meaning when the time comes to do it again firms have to start from scratch.

When you look at the number of major repapering initiatives over the past 10 years the amount of money spent on repapering projects is monumental. In the EU alone, regulations such as MiFID II, EMIR, GDPR, PPI, FATCA, Brexit and AIFMD have each required a huge repapering project. In 2020, LIBOR, Initial Margin Rules and SFTR will each require contract remediation programmes.

Doing ‘just another’ repapering exercise for LIBOR is a risky mistake. There is a better way.

Smarter data management and enabling tech solutions can help identify, classify and extract metadata from the huge volumes of LIBOR impacted documents at speed. The ability to extract and store contractual information as structured information at this scale allows firms’ the essential capabilities to understand and track their LIBOR exposure, assign priorities and maintain flexibility in a changing situation.

Firms that have fuller visibility of their legal contract information, retained as structured data, can avoid 80% of the typical repapering process, and focus their efforts on the remaining, critical, 20%.[1] The time spent manually identifying contractual needs, can be reallocated to the areas that matter, freeing up legal resource, budget, and project timelines – while simultaneously improving client relationships.

This should not be seen just as a repapering enabler, but a strategic capability. The opportunities afforded through data mining firms’ contractual estate for analytics are vast.

 

Doing ‘just another’ repapering exercise for LIBOR is a risky mistake. There is a better way

 

One possibility is the ability to connect contracts directly to trades. To accurately model the financial risk firms’ portfolios are exposed to via LIBOR when transitioning to a new rate, they will need a way to directly link, for example, multiple cash and derivative contracts to a single client. Firms are still a long way from this capability – but there are a growing number of sophisticated artificial intelligence solutions that can begin to address these types of use-cases.

Firms that build these capabilities now will materially reduce their risk exposures, improve liquidity and funding, build trust with their clients and be much better equipped to meet other pressing regulatory requirements such as Brexit, SFTR, CRD 5/6, Initial Margin (IM) rules, QFC and more.

 

[1] ‘Next steps on LIBOR transition’, January 2020, FCA & PRA https://www.fca.org.uk/publication/correspondence/dear-smf-letter-next-steps-libor-transition.pdf
[2] 2019 LIBOR Survey: Are you ready to transition?, September 2019, Accenture. https://www.accenture.com/_acnmedia/109/Accenture-2019-LIBOR-Survey-fixed.pdf#zoom=50
[3] ‘The end of Libor: the biggest banking challenge you've never heard of’, October 2019, Reuters.
[4] Firms will also need to consider whether any contract term they may rely on to amend a LIBOR-related product is fair under the Consumer Rights Act 2015 (the CRA) in respect of consumer contracts. FG18/7: Fairness of variation terms in financial services consumer contracts under the Consumer Rights Act 2015 contains factors that firms should consider when thinking about fairness issues under the CRA when they draft and review unilateral variation terms in their consumer contracts. https://www.fca.org.uk/markets/libor/conduct-risk-during-libor-transition
[5] Litigation risks associated with Libor transition: https://collyerbristow.com/longer-reads/litigation-risks-associated-with-libor-transition/
[6] UK Working Group on Sterling Risk-Free Reference Rates (RFR WG) 2020 Top Level Priorities. https://www.bankofengland.co.uk/-/media/boe/files/markets/benchmarks/rfr/rfrwgs-2020-priorities-and-milestones.pdf?la=en&hash=653C6892CC68DAC968228AC677114FC37B7535EE
[7] LIBOR: preparing for the end, https://www.fca.org.uk/news/speeches/libor-preparing-end
[8]  UK Working Group on Sterling Risk-Free Reference Rates (RFR WG) 2020 Top Level Priorities. https://www.bankofengland.co.uk/-/media/boe/files/markets/benchmarks/rfr/rfrwgs-2020-priorities-and-milestones.pdf?la=en&hash=653C6892CC68DAC968228AC677114FC37B7535EE
[9] Letter from Sam Woods: The prudential regulatory framework and Libor transition, Bank of England, https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/letter/2019/prudential-regulatory-framework-and-libor-transition.pdf?la=en&hash=55018BE92759217608D587E3C56C0E205A2D3AF4
[10] ‘Next steps on LIBOR transition’, January 2020, FCA & PRA https://www.fca.org.uk/publication/correspondence/dear-smf-letter-next-steps-libor-transition.pdf
[11] ‘Firms’ preparations for transition from London InterBank Offered Rate (LIBOR) to risk-free rates (RFRs): Key themes, good practice, and next steps.’, June 2019, FCA & PRA https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/publication/2019/firms-preparations-for-transition-from-libor-to-risk-free-rates.pdf?la=en&hash=EA87BD3B8435B7EDF25A56C932C362C65D516577
[12] MiFID II – the long tail of legal documentation repapering, https://www.fintechfutures.com/2018/04/mifid-ii-the-long-tail-of-legal-documentation-repapering/

 

by Thushan Kumaraswamy

Artificial Intelligence & Anti-Financial Crime

Leading Point Financial Markets recently hosted a roundtable event to discuss the feasibility of adopting Artificial Intelligence (AI) for Anti-Financial Crime (AFC) and Customer Lifecycle Management (CLM).

A panel of SMEs and an audience of senior execs and practitioners from 20+ Financial Institutions and FinTechs discussed the opportunities and practicalities of adopting data-driven AI approaches to improve AFC processes including KYC, AML, Payment Screening, Transaction Monitoring, Fraud & Client Risk Management.

“There is no question that AI shows great promise in the long term – it could transform our industry…” Rob Gruppetta, Head of the Financial Crime Department, FCA, Nov 2018

EXECUTIVE SUMMARY

AFC involves processing and analysing vast volume and variety of data; it’s a challenge to make accurate & timely decisions from it.

Industry fines, increasing regulatory requirements, a steep rise in criminal activities, cost pressures and legacy infrastructures is putting firms under intense pressure to up their game in AFC.

90% expressed the volume and quality of data as a top AFC/CLM challenge for 2019.

Applying standards to internal data and client documents were deemed as quick wins to improving process

80% agreed that client risk profiling and the analysis across multiple data sources can be most improved - AI can improve KPI’s on False Positives, Client Risk, Automation & False Negatives.

While the appetite for AI & Machine Learning is increasing but firms need to develop effective risk controls pre-implementation

Often the end to end process is not questioned; firms need to look beyond the point tech, and define the use case for value

Illuminating anecdotes shared on how to make the business case for AI/ Tech. Business, AFC Analysts and Ops have different needs

Firms face a real skills gap in order to move from a traditional AFC approach to an intelligent-data led one. Where are the teachers?

60% of respondents had gone live with AI in at least one business use-case or were looking to transition to an AI-led operating model

AI & Anti-Financial Crime 

Whether it is a judgement on the accuracy of a Client’s ID, an assessment of the level of money laundering risk they pose, or a decision on client documentation, AI has the potential to improve accuracy and speed in a variety of areas of the AFC and CLM process.

AI can help improve speed and accuracy of AFC client verification, risk profiling, screening and monitoring with a variety approaches. The two key ways AI can benefit AFC are:

  • Process automation – AI can help firms in taking the minimum number of steps and the data required to assemble a complete KYC file, complete due diligence, and to assign a risk rating for a client
  • Risk management – AI can help firms better understand and profile clients into micro-segments, enabling more accurate risk assessment, reducing the amount of false positives that firms have to process

Holistic examination of the underlying metadata assembled and challenging AI decisions will be necessary to prevent build up of risk and biases

Mass retraining will be necessary when AI becomes more integral to businesses

KYC / Customer Due Diligence (CDD)

Key challenge: How can anti-money laundering (AML) operations be improved through machine learning?

Firms’ KYC / CDD processes are hindered by high volumes of client documentation, the difficulty in validating clients’ identity and the significant level of compliance requirements

AI can link, enrich and enhance transactions, risk and customer data sets to create risk-intelligence allowing firms to better assess and predict clients’ risk rating dynamically and in real-time based on expected and ongoing behaviour - this improves both the risk assessment and also the speed of onboarding

AI can profile clients through the use of entity resolution which establishes confidence in the truth of the clients identity by matching them against their potential network generated by analysis of the initial data set provided by client

Better matches can be predicted by deriving additional data from existing and external data sources to further enhance scope & accuracy of client’s network

The result is a clear view of the client’s identity and relationships within the context of their environment underpinned by the transparent and traceable layers of probability generated by the underlying data set

 

To improve data quality, firms need to be able to set standards for their internal data and their client’s documentation

 

82% of respondents cited ‘Risk Analysis & Profiling’ as having the most opportunity for improvement through AI

 

If documentation is in a poor state, you've got to find something else to measure for risk – technology that provides additional context is valuable

 

Transaction Screening

Key pains faced by firms are the number of false positives (transactions flagged as risky that are subsequently found to be safe), the resulting workload in investigating them, as well as the volume of ‘false negatives’ (transactions that are flagged as risky, but released incorrectly)

AI can help improve the accuracy and efficiency of transaction and payment screening at a tactical and strategic level

Tactically, AI can reduce workload by carrying out the necessary checks and transactions analysis. AI can automate processes such as structuring of the transaction, verification of the transaction profile and discrepancy checks

Strategically, AI can reduce the volume of checks necessary in the first place by better assessing the client’s risk (i.e., reducing the number of high risk clients by 10% through better risk assessment reduces the volume of investigatory checks).

AI can assist in automating the corresponding investigative processes, which are currently often highly manual, email intensive with lots of to-and-fro.

 

A ‘White List’ of transactions allows much smoother processing of transactions compared to due diligence whenever a transaction is flagged

 

82% of respondents cited ‘Risk Analysis & Profiling’ as a key area that could be most improved by AI applications

 

Transaction Monitoring

Firms suffer from a high number of false positives and investigative overhead due to rules-based monitoring and coarse client segmentation

AI can help reduce the number of false positives and increase the efficiency of investigative work by allowing monitoring rules to target more granular types of clients (segments), updating the rules according to client’s behaviour, and intelligently informing investigators when alerts can be dispositioned.

AI can expand the list of features that you can segment clients on (e.g. does a retailer have an ATM on site?) and identify the hidden patterns that associate specific groups of clients (e.g., Client A, an exporter, is transacting with an entity type that other exporters do not). It can use a firm’s internal data sources and a variety of external data sources to create enriched data intelligence.

Reinforcement learning allows firms to adjust their own algorithms and rules for specific segments of clients and redefine those rules and thresholds to identify correlations and deviations, so different types of clients get treated differently according to their behaviour and investigative results

 

Survey Results

90% of respondents to Leading Point FM’s survey on AI and Anti-Financial Crime cited ‘Volume & Quality of Data’ as being one of the top 3 biggest challenges for CLM and AFC functions in 2019

82% of respondents to cited ‘Risk Analysis & Profiling’ as having the most opportunity for improvement through AI

60% of respondents had gone live with Artificial Intelligence in at least one business use case or were looking to transition to an AI-led operating model.

However, 40% were unclear on what solutions were available 60% of respondents cited ‘Immaturity of Technology’ or ‘Lack of Business Case’ as the biggest obstacle to adopting AI applications

Conclusion

To apply AI practically requires an understanding of the sweet spot between automation and assisting, leveraging human users’ knowledge and expertise

AI needs a well-defined use case to be successful as it can’t solve for all KYC problems at the same time. In order to deliver value, clarity on KPI’s that matter and reviewing AI considering the end-to-end business process is important.

Defining the core, minimal data set needed to support a business outcome, meet compliance requirements, and enable risk assessment will help firms make decisions on what existing data collection processes/ sources are needed, and where AI tech can support enrichment. It is possible to reduce data collection by 60-70% and significantly improve client digital journeys.

There are significant skills gaps in order to move from a traditional AFC op model to more intelligent-data AI led one. When AI becomes more integral to business, mass re-training will be necessary. So, where are the teachers?

The move from repetitive low value-added tasks to more intelligent-data based operating models. Industry collaborations & standards will help, but future competitive advantage will be a function of what are you doing with data that no one else is.

70% of respondents cited ‘Effort. Fatigue & False Positives’ as one of the top 3 biggest challenges for CLM and AFC functions in 2019?

 

More data isn’t always better. There is often a lot of redundant data that is gathered unnecessarily from the client.

 

Spotting suspicious activity via network analysis can be difficult if you only have visibility to one side of the transactions

 

If there's a problem worth solving, any large organisation will have at least six teams working on it – it comes down to the execution

 

by Thushan Kumaraswamy

Reducing anti-financial crime risk through op model transformation at a tier 1 investment bank

“Leading Point have proven to be valued partners providing subject matter expertise and transformation delivery with sustained and consistent performance whilst becoming central to the Financial Crime Risk Management Transformation. They have been effective in providing advisory and practical implementation skills with an integrated approach bringing expertise in financial services and GRC (Governance, Risk and Compliance) functional and Fintech/Regtech technology domains."

Head of Anti-Financial Crime Design Authority @ Tier 1 Investment Bank

by Thushan Kumaraswamy

How will the FCA business plan impact organisations over the next two years?

Leading Point of View
How will the FCA business plan impact organisations over the next two years?

Introduction

The FCA has recently issued its business plan (1) and focus for the upcoming four quarters. Kicking off with some stats – a mix of sobering and positive, the paper gives a clear outline of its proposed, cross-sector, regulatory oversight. One of the greatest challenges for the industry at present is the implementation of MiFID II provisions.
The FCA makes the point that this will facilitate the introduction of ‘major reforms to improve resilience and strengthen integrity and competition in wholesale markets’. Furthermore, work around market abuse will be enhanced. We highlight notable elements of the business plan and their implications for organisations, below.

Cybersecurity

Across all financial sectors lies the risk of cyber-attacks. With the impending implementation and governance of the General Data Protection Regulation, and potential fines of up to 4% of company revenue, organisations’ technological and operational resilience must be second to none. The FCA deems these qualities pivotal pieces of the cyber security jigsaw; it aims to police cyber capabilities and monitor financial crime and all major outages
during the upcoming year.

Senior Managers and Certification Regime

Whilst 2015/2016 saw banks and insurers bring about the operational changes borne out of SMCR, during 2017/2018, the FCA plans to oversee the resulting culture and governance of this significant shift in responsibility. Currently under consultation is the extension, to be implemented by 2018, of SMCR to all firms covered by FSMA. This would cement the prevailing accountability of senior managers’ individual areas of business within the industry.

Customer Engagement & Competition

The theme driving the most recent directives and regulations is placing the ball in the customers’ court. The dramatically changing financial landscape is being molded by the General Data Protection Regulation, the Payment Services Directive 2, to name but a few. The Open API world further allows the customer to have greater choice and engagement with their banking decisions. The FCA is likely to zero in on firms’ development in digitisation and automation and stewardship of customer data with a critical eye, to ensure there is no abuse.

Buy-side | Asset Management

MiFID II implications are beginning to take shape, however there is much to be done. The FCA recognises MiFID II as post-crisis regulation; it is driving reforms that will promote cross-sector market integrity and competition,
and consumer protection. Firms’ annual budgets will now, more than ever, be targeted towards improving IT systems and infrastructure, develop data capabilities, and ensure operational risk is kept at bay.

 

Leading Point Financial Markets brings compelling value at the intersection of Data, Governance & Compliance, and Digital and Operating Model Change initiatives. If you would like to further consider any of these impacts on your organisation, please contact saskia.blake@leadingptconsulting.com or rajen.madan@leadingptconsulting.com.

(1) https://www.fca.org.uk/publications/corporate-documents/our-business-plan-2017-18

 

by Rajen Madan