Strategy – Leading Point

Strengthening Information Security

The Combined Power of Identity & Access Management and Data Access Controls

The digital age presents a double-edged sword for businesses. While technology advancements offer exciting capabilities in cloud, data analytics, and customer experience, they also introduce new security challenges. Data breaches are a constant threat, costing businesses an average of $4.45 million per incident according to a 2023 IBM report (https://www.ibm.com/reports/data-breach) and eroding consumer trust. Traditional security measures often fall short, leaving vulnerabilities for attackers to exploit. These attackers, targeting poorly managed identities and weak data protection, aim to disrupt operations, steal sensitive information, or even hold companies hostage. The impact extends beyond the business itself, damaging customers, stakeholders, and the broader financial market

Source: Breachsense blog – Cost of a Data Breach

In response to these evolving threats, the European Commission (EU) has implemented the Digital Operational Resilience Act (DORA) (Regulation (EU) 2022/2554). This regulation focuses on strengthening information and communications technology (ICT) resilience standards in the financial services sector. While designed for the EU, DORA’s requirements offer valuable insights for businesses globally, especially those with operations in the EU or the UK. DORA mandates that financial institutions define, approve, oversee, and be accountable for implementing a robust risk-management framework. This is where identity & access management (IAM) and data access controls (DAC).

Source: Sprinto blog – Industries Under Siege: Data Breach Statistics by Industry

The Threat Landscape and Importance of Data Security

Data breaches are just one piece of the security puzzle. Malicious entities also employ malware, phishing attacks, and even exploit human error to gain unauthorised access to sensitive data. Regulatory compliance further emphasises the importance of data security. Frameworks like GDPR and HIPAA mandate robust data protection measures. Failure to comply can result in hefty fines and reputational damage.

Organisations, in a rapidly-evolving hybrid working environment, urgently need to implement or review their information security strategy. This includes solutions that not only reduce the attack surface but also improve control over who accesses what data within the organisation. IAM and DAC, along with fine-grained access provisioning for various data formats, are critical components of a strong cybersecurity strategy.

Keep reading to learn the key differences between IAM and DAC, and how they work in tandem to create a strong security posture.

Identity & Access Management (IAM)

Think of IAM as the gatekeeper to your digital environment. It ensures only authorised users can access specific systems and resources. Here is a breakdown of its core components:

Identity Management (authentication): This involves creating, managing, and authenticating user identities. IAM systems manage user provisioning (granting access), authentication (verifying user identity through methods like passwords or multi-factor authentication [MFA]), and authorisation (determining user permissions). Common identity management practices include:
- Single Sign-On (SSO): Users can access multiple applications with a single login, improving convenience and security.
- Multi-Factor Authentication (MFA):An extra layer of security requiring an additional verification factor beyond a password (e.g., fingerprint, security code).
- Passwordless: A recent usability improvement removes the use of passwords and replaces them with authentication apps and biometrics.
- Adaptive or Risk-based Authentication: Uses AI and machine learning to analyse user behaviour and adjust authentication requirements in real-time based on risk level.
Access Management (authorisation): Once a user has had their identity authenticated, then access management checks to see what resources the user has access to. IAM systems apply tailored access policies based on user identities and other attributes. Once verified, IAM controls access to applications, data, and other resources.

Advanced IAM concepts like Privileged Access Management (PAM) focus on securing access for privileged users with high-level permissions, while Identity Governance ensures user access is reviewed and updated regularly.

Data Access Control (DAC)

While IAM focuses on user identities and overall system access, DAC takes a more granular approach, regulating access to specific data stored within those systems. Here are some common DAC models:

Discretionary Access Control (also DAC): Allows data owners to manage access permissions for other users. While offering flexibility, it can lead to inconsistencies and security risks if not managed properly. One example of this is UNIX files, where an owner of a file can grant or deny other users access.
Mandatory Access Control (MAC): Here, the system enforces access based on pre-defined security labels assigned to data and users. This offers stricter control but requires careful configuration.
Role-Based Access Control (RBAC): This approach complements IAM RBAC by defining access permissions for specific data sets based on user roles.
Attribute-Based Access Control (ABAC): Permissions are granted based on a combination of user attributes, data attributes, and environmental attributes, offering a more dynamic and contextual approach.
Encryption: Data is rendered unreadable without the appropriate decryption key, adding another layer of protection.

IAM vs. DAC: Key Differences and Working Together

While IAM and DAC serve distinct purposes, they work in harmony to create a comprehensive security posture. Here is a table summarising the key differences:

FEATURE

IAM

DAC

Description

Controls access to applications

Controls access to data within applications

Granularity

Broader – manages access to entire systems

More fine-grained – controls access to specific data check user attributes

Enforcement

User-based (IAM) or system-based (MAC)

System-based enforcement (MAC) or user-based (DAC)

Imagine an employee accessing customer data in a CRM system. IAM verifies their identity and grants access to the CRM application. However, DAC determines what specific customer data they can view or modify based on their role (e.g., a sales representative might have access to contact information but not financial details).

Dispelling Common Myths

Several misconceptions surround IAM and DAC. Here is why they are not entirely accurate:

Myth 1: IAM is all I need. The most common mistake that organisations make is to conflate IAM and DAC, or worse, assume that if they have IAM, that includes DAC. Here is a hint. It does not.
Myth 2: IAM is only needed by large enterprises. Businesses of all sizes must use IAM to secure access to their applications and ensure compliance. Scalable IAM solutions are readily available.
Myth 3: More IAM tools equal better security. A layered approach is crucial. Implementing too many overlapping IAM tools can create complexity and management overhead. Focus on choosing the right tools that complement each other and address specific security needs.
Myth 4: Data access control is enough for complete security. While DAC plays a vital role, it is only one piece of the puzzle. Strong IAM practices ensure authorised users are accessing systems, while DAC manages their access to specific data within those systems. A comprehensive security strategy requires both.

Tools for Effective IAM and DAC

There are various IAM and DAC solutions available, and the best choice depends on your specific needs. While Active Directory remains a popular IAM solution for Windows-based environments, it may not be ideal for complex IT infrastructures or organisations managing vast numbers of users and data access needs.

Imagine a scenario where your application has 1,000 users and holds sensitive & personal customer information for 1,000,000 customers split across ten countries and five products. Not every user should see every customer record. It might be limited to the country the user works in and the specific product they support. This is the “Principle of Least Privilege.” Applying this principle is critical to demonstrating you have appropriate data access controls.

To control access to this data, you would need to create tens of thousands of AD groups for every combination of country or countries and product or products. This is unsustainable and makes choosing AD groups to manage data access control an extremely poor choice.

The complexity of managing nested AD groups and potential integration challenges with non-Windows systems highlight the importance of carefully evaluating your specific needs when choosing IAM tools. Consider exploring cloud-based IAM platforms or Identity Governance and Administration (IGA) solutions for centralised management and streamlined access control.

Building a Strong Security Strategy

The EU’s Digital Operational Resilience Act (DORA) emphasises strong IAM practices for financial institutions and will coming into act from 17 January 2025. DORA requires financial organisations to define, approve, oversee, and be accountable for implementing robust IAM and data access controls as part of their risk management framework.

Here are some key areas where IAM and DAC can help organisations comply with DORA and protect themselves:

DORA Pillar

How IAM helps

How DAC helps

ICT risk management

Identifies risks associated with unauthorised access/misuse
Detects users with excessive permissions or dormant accounts

Minimises damage from breaches by restricting access to specific data

ICT related incident reporting

Provides audit logs for investigating breaches (user activity, login attempts, accessed resources)
Helps identify source of attack and compromised accounts

Helps determine scope of breach and potentially affected information

ICT third-party risk management

Manages access for third-party vendors/partners
Grants temporary access with limited permissions, reducing attack surface

Restricts access for third-party vendors by limiting ability to view/modify sensitive data

Information sharing

Permissions designated users authorised to share sensitive information

Controls access to shared information via roles and rules

Digital operational resilience testing

Enables testing of IAM controls to identify vulnerabilities
Penetration testing simulates attacks to assess effectiveness of IAM controls

Ensures data access restrictions are properly enforced and minimizes breach impact

Understanding IAM and DAC empowers you to build a robust data security strategy

Use these strategies to leverage the benefits of IAM and DAC combined:

Recognise the difference between IAM and DAC, and how they are implemented in your organisation
Conduct regular IAM and DAC audits to identify and address vulnerabilities
Implement best practices like the Principle of Least Privilege (granting users only the minimum access required for their job function)
Regularly review and update user access permissions
Educate employees on security best practices (e.g., password hygiene, phishing awareness)

Explore different IAM and DAC solutions based on your specific organisational needs and security posture. Remember, a layered approach that combines IAM, DAC, and other security measures like encryption creates the most effective defence against data breaches and unauthorised access.

Conclusion

By leveraging the combined power of IAM and DAC, you can ensure only the right people have access to the right data at the right time. This fosters trust with stakeholders, protects your reputation, and safeguards your valuable information assets.

by Nivetha Balasubramaniam and Jaidip Banerjee

Top 5 Trends for MLROs in 2024

Our Financial Crime Practice Lead, Kavita Harwani, recently attended the FRC Leadership Convention at the Celtic Manor, Newport, Wales. This gave us the opportunity to engage with senior leaders in the financial risk and compliance space on the latest best practices, upcoming technology advances, and practical insights.

Criminals are becoming increasingly sophisticated, driving MLROs to innovate their financial crime controls. There is never a quiet time for FRC professionals, but 2024 is proving to be exceptionally busy.
Our view on the top five trends that MLROs need to focus on is presented here.

Top 5 Trends

Minimise costs by using technology to scan the regulatory horizon and identify impacts on your business
Accelerating transaction monitoring & decisioning by applying AI & data analytics
Optimising due diligence with a 360 view of the customers
Improving operational efficiency by using machine learning to automate alert handling
Reducing financial crime risk through training and communications programmes.

1. Regulatory Compliance and Adaptation

MLROs need to stay abreast of evolving regulatory frameworks and compliance requirements. With regulatory changes occurring frequently, MLROs must ensure their organisations are compliant with the latest anti-money laundering (AML) and counter-terrorist financing (CTF) regulations.

This involves scanning the regulatory horizon, updating policies, procedures, and systems to reflect regulatory updates and adapting swiftly to new compliance challenges.

2. Technology & Data Analytics

MLROs will increasingly leverage advanced technology and data analytics tools to enhance their AML capabilities.

Machine learning algorithms and predictive analytics can help identify suspicious activities more effectively, allowing MLROs to detect and prevent money laundering and financial crime quicker, at lower cost, and with higher accuracy rates.

MLROs must focus on implementing robust AML technologies and optimising data analytics strategies to improve risk detection and decision-making processes.

3. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

MLROs should prioritise strengthening CDD processes to better understand their customers’ risk of committing financial crimes.

Enhanced due diligence is critical for high-risk customers, such as politically exposed persons (PEPs) and high net worth individuals (HNWIs).

MLROs should focus on enhancing risk-based approaches to CDD and EDD, leveraging technology and data analytics to streamline customer onboarding processes while maintaining compliance with regulatory requirements.

4. Transaction Monitoring and Suspicious Activity Reporting

MLROs will continue to refine transaction monitoring systems to effectively identify suspicious activities and generate accurate alerts for investigation.

MLROs should focus on optimising transaction monitoring rules and scenarios to reduce false positives and prioritise high-risk transactions for further review.

Enhanced collaboration with law enforcement agencies and financial intelligence units will be crucial for timely and accurate suspicious activity reporting. Cross-industry collaboration is an expanding route to quicker insights on bad actors and behaviours.

5. Training and Awareness Programmes

MLROs must invest in comprehensive training and awareness programs to educate employees on AML risks, obligations, and best practices.

Building a strong culture of compliance within the organisation is essential for effective AML risk management.

Additionally, MLROs must promote a proactive approach to AML compliance, encouraging employees to raise concerns and seek guidance when faced with potential AML risks.

Conclusion

The expanded use of technology and data is becoming more evident from our discussions. The latest, ever-accelerating, improvements in automation and AI has brought a new set of opportunities to transform legacy manual, people-heavy processes into streamlined, efficient, and effective anti-financial crime departments.

Leading Point has a specialist financial crime team and can help strengthen your operations and meet these challenges in 2024. Reach out to our practice lead Kavita Harwani on kavita@leadingpoint.io to discuss your needs further.

by Kavita Harwani and Mansi Adatiya

Helping a US broker-dealer manage its application estate using open source tools

Our client was a Fortune 500 US independent broker-dealer with over 17,500 financial advisors and over 1tn USD in advisory and brokerage assets. They had a large application estate with nearly 1,000 applications they had either developed, bought or acquired through mergers and takeovers. The applications were captured in ServiceNow CMDB but there was little knowledge around flows, owners, data, and batch jobs.

Additionally, the client also wanted to roll out a new data strategy. Part of this engagement with their business community was to educate and inform about the data strategy and its impact on their work.

We were asked to implement an open source enterprise architecture tool called Waltz. Waltz had been originally developed at Deutsche Bank and had recently been released as open source software under FINOS (Fintech Open Source Foundation). Waltz is not widely-known in financial services yet and we saw this as a great opportunity to demonstrate the benefits of using open source tools.

To support the data strategy rollout, the client asked if we could build a simple and clear internal website to show the new data strategy and data model. The data model would be navigable to drill-down into more detail and provide links to existing documentation.

Our approach:

With our extensive implementation experience, we put together a small, experienced, cross-border team to deploy and configure Waltz. We knew that understanding the client's data was key; what data was required, where was it, how good was its quality. Waltz uses data around:

Organisational units - different structures depending on the viewpoint (business, technical)
People - managerial hierarchies, roles, responsibilities
Applications - owners, technologies, costs, licences, flows, batch jobs
Data - hierarchies, entities, attributes, definitions, quality, owners, lineage
Capabilities - owners, services, processes
Change - initiatives, costs, impact

We split our work into a number of workstreams:

Data readiness - understand what data they had, the sources, and the quality
Data configuration - understand the relationships between the data and prepare it for Waltz
Waltz implementation - understand the base open source version of Waltz with its limitations, gather the client requirements (like single-sign on and configurable data loaders), develop the features into Waltz, and deploy Waltz at the client
Data strategy website - understand the audience, design website prototype options for client review, build an interactive React website for the rollout roadshows

The project was challenging because, as ever, the state of the data. There were multiple inconsistencies which hinders the use of tooling to bring order. We needed to identify those inconsistencies, see who should own them, and ensure they were resolved.

With the flexibility of an enterprise architecture tool, it was important to be clear around the specific problems we wanted to solve for the client. We identified 10+ potential use cases that we worked with the client to narrow down. Future extensions of the project enabled us to extend into these other use cases.

One such problem was around batch job documentation. The client had thousands of Word docs specifying batch jobs transferring data between internal and external applications. These documents were held in SharePoint, Confluence, and local drives. This made it difficult to find information about specific batch jobs if something went wrong, for example.

We used the applications captured in Waltz and linked them together. We developed a new data loader that could import Word docs and extract the batch job information automatically from them. This was used to populate Waltz and make this information searchable, reducing the time spent by Support teams to find out about failed jobs.

One common negative that is raised about similar applications is the effort involved to get data into the application. Waltz accelerates this by sending surveys out to crowd-source knowledge from across the organisation. We found this a great way of engaging with users and capturing their experience into Waltz.

Our results:

We were able to deploy an open source enterprise architecture tool on a client's AWS cloud within three months. This included adding new features, such as single sign-on, improving existing Waltz capabilities, like the data loaders, and defining the data standards to enable smooth data integrations with source systems.

Using Waltz showed the client the value of bringing together disparate knowledge from around the organisation into one place. It does expose data gaps, but we always see this as a benefit for the client, as any improvement in data quality yields improved business results.

by Thushan Kumaraswamy

Helping Clarivate Analytics define a financial services (FS) go-to-market strategy for intellectual property data

We were asked by Clarivate to analyse their IP data and identify where it might be useful in financial services, based on our industry experience. We created and reviewed 39 use cases, interviewed 59 financial services specialists, and reviewed 150 potential partner companies.

We developed four value propositions and recommended 16 projects to execute the strategy.

by Thushan Kumaraswamy and Rajen Madan

Helping a global investment bank design & execute a client data governance target operating model

Our client had a challenge to evidence control of their 2000+ client data elements. We were asked to implement a new target operating model for client data governance in six months. Our approach was to identify the core, essential data elements used by the most critical business processes and start governance for these, including data ownership and data quality.

We delivered business capability models, data governance processes, data quality rules & reporting, global support coverage for 100+ critical data elements supporting regulatory reporting and risk.

by Thushan Kumaraswamy and Rajen Madan

Helping a global investment bank reduce its residual risk with a target operating model

Our client asked us to provide operating model design & governance expertise for its anti-financial crime (AFC) controls. We reviewed and approved the bank’s AFC target operating model using our structured approach, ensuring designs were compliant with regulations, aligned to strategy, and delivered measurable outcomes.

We delivered clear designs with capability impact maps, process models, and system & data architecture diagrams, enabling change teams to execute the AFC strategy.

by Thushan Kumaraswamy and Rajen Madan

Helping ARX, a cyber-security FinTech with interim COO services to scale-up their delivery

We were engaged by ARX to provide an interim COO as they gaining traction in the market and needed to scale their operations to support their new clients. We used our financial services delivery experience to take on UX/UI design, redesign their operational processes for scale, and be a delivery partner for their supply chain resilience solution.

Due to our efforts, ARX were able to meet their client demand with an improved product and more efficient sales & go-to-market approach.

by Thushan Kumaraswamy and Rajen Madan

Helping a global consultancy define & execute its UK FinTech Strategy

Our client had developed 39 FinTech value propositions and we were asked to assess the propositions and prioritise when, and how, to go to market. We used our financial services experience and FinTech network to plan the best approach, through outreach, warm introductions, and events.

Our approach led to successful introductions with new prospect FinTechs in payments, neo-banks, and crypto firms within four months.

by Thushan Kumaraswamy

Developing a GTM strategy at a large alternative data provider to break into new financial services markets

"Leading Point’s delivery has been head and shoulders above any other consultancy I have ever worked with."

SVP Large Alternative Data Provider

by Thushan Kumaraswamy

Catch the Multi-Cloud Wave

Charting Your Course

The digital realm is a constant current, pulling businesses towards new horizons. Today, one of the most significant tides shaping the landscape is the surge of multi-cloud adoption. But what exactly is driving this trend, and is your organisation prepared to ride the wave?

At its core, multi-cloud empowers businesses to break free from the constraints of a single cloud provider. Imagine cherry-picking the best services from different cloud vendors, like selecting the perfect teammates for a sailing crew. In 2022, 92% of firms either had or were considering a multi-cloud strategy (1). Having a strategy is one thing. Implementing it is a very different story. It takes meticulous planning and preparation. The potential of migrating from a single cloud provider to a multi-cloud environment can be huge if you are dealing with vast volumes of data. This flexibility unlocks a treasure trove of benefits.
1 Faction - The Continued Growth of Multi-Cloud and Hybrid Infrastructure

Top 4 Benefits

1 Unmatched Agility

Respond to ever-changing demands with ease by scaling resources up or down. Multi-cloud lets you ditch the "one-size-fits-all" approach and tailor your cloud strategy to your specific needs, fostering innovation and efficiency

2 Resilience in the Face of the Storm

Don't let cloud downtime disrupt your operations. By distributing your workload across multiple providers, you create a safety net that ensures uninterrupted service even when one encounters an issue.

3 A World of Choice at Your Fingertips

No single cloud provider can be all things to all businesses. Multi-cloud empowers you to leverage the unique strengths of different vendors, giving you access to a diverse array of services and optimising your overall offering.

4 Future-Proofing Your Digital Journey

The tech landscape is a whirlwind of innovation. With multi-cloud, you're not tethered to a single provider's roadmap. Instead, you have the freedom to seamlessly adapt to emerging technologies and trends, ensuring you stay ahead of the curve.

Cost Meets the Cloud

Perhaps the most exciting development propelling multi-cloud adoption is the shrinking cost barrier. As cloud providers engage in fierce competition, prices are driving down, making multi-cloud solutions more accessible for businesses of all sizes. This cost optimisation, coupled with the strategic advantages mentioned earlier, makes multi-cloud an increasingly attractive proposition. However, a word of caution: While the overall trend is towards affordability, navigating the multi-cloud landscape still requires meticulous planning and cost management. Without proper controls and precise resource allocation, you risk increased expenses and potential setbacks. With increased distribution of data, comes the increased risk of data leakage. Not only must data be protected within each cloud environment, it needs to be protected across the multi-cloud. Data monitoring increases in complexity. As data needs to move between cloud solutions, there may be additional latency risks. These can be mitigated with good risk controls and monitoring.

Kicking Off Your Journey

Ditch single-provider limitations and enjoy flexibility, resilience, and a wider range of services to boost your digital transformation but remember…

Multi-cloud environments can heighten security risks.

Navigate cautiously with proper controls and expert guidance to avoid hidden expenses.

Fierce competition is lowering multi-cloud barriers.

Let Leading Point be your guide, helping you set sail on the multi-cloud journey with confidence and unlock its full potential.

The multi-cloud path isn't without its challenges, but the rewards are undeniable. At Leading Point, we're experts in helping businesses navigate the multi-cloud wave with confidence. Let us help you unlock the full potential of multi-cloud for a more resilient, flexible, and innovative future. So, is your organisation ready to catch the wave? Contact Leading Point today and start your multi-cloud journey!

by Nivetha Balasubramaniam and Jaidip Banerjee

The Consumer Duty Regulation

Improving outcomes with the Consumer Duty Regulation

How can buy-side retail financial firms improve consumer outcomes and the wider economy?

The FCA introduced new guidelines, rules and policies last year in 2022, comprised as the Consumer Duty Regulation, to ensure products and services are delivered at fair value to customers, as well as a better standard of care. With the recent rise of the cost-of-living crisis, consumers are struggling and are faced with difficult times ahead, including the UK economy. This Duty lays out responsibilities for Boards and senior management within firms, to implement this regulation, to not only benefit consumers, but the wider economy.

In a recent review published by the FCA in January 2023, the FCA identified key areas where firms are meeting obligations, and where areas of improvement are required. As stated in the Policy Statement PS22/9, the FCA would like to see firms make full use of the implementation period of this three-year strategy, to implement the Duty effectively, and that by October 2022, ‘firm’s boards (or equivalent management body) should have agreed their plans for implementing the Duty’ and to have evidenced this, to ‘challenge their plans to ensure they are deliverable and robust’ (Consumer Duty Implementation Plans, FCA, Jan 2023).

This review published by the FCA, helps firms understand the FCA’s expectations, and to work together with firms to ensure the Duty is implemented effectively. The review identified that firms are behind with the implementation of the Duty and need to improve their approach. Three key areas were suggested where firms can focus on for the second half of the implementation period, the first being ‘effective prioritisation of the Duty’ – in order to reduce risk of poor customer outcomes, and to prioritise the implementation plans. The second ‘embedding substantive requirements’, on how firms are over-confident on their plans, and instead should focus on the substantive requirements laid out in the Duty, and review ‘their products and services, communications and customer journeys, they identify and make the changes needed to meet the new standards’ (Consumer Duty Implementation Plans, FCA, Jan 2023). The third area of focus identified was on how firms should work together with other firms, to share information in the distribution chain, to ensure the Duty can be implemented effectively and consistently (Consumer Duty Implementation Plans, FCA, Jan 2023).

What can retail financial firms do to improve and what are the implications of not meeting the Duty requirements?

From the FCA’s recent review, it has been determined there are still many areas by which firms are falling short, which raises the risks of not meeting the Duty obligation deadlines. From the governance aspect, the FCA’s review has established that the board members and senior management teams within firms, have no clearly defined and developed plans in place, neither timings, and lack engagement. When it comes to the plans compiled by firms, the project requirements and timelines are unclear, there is a lack of detail, explanation, and evidence on the implementation of the Duty, including how a firm’s purpose, culture and values are in alignment with the Duty.

Additionally, the review identified that firms also fail to define risks, and internal/external dependencies such as resource planning, budgeting, and technology resources, including working together with third parties, which as a result may impact the implementation plans. Further, firms fail to distinguish mitigation strategies and approaches or methodologies for conducting reviews and gap analysis of products, services, communications, and customer journeys, as part of implementation of the Four Outcomes within the Duty. Firms have also failed to provide in-depth details into the types of data they will require, and how this will be tested, and used, to better understand the customer outcomes, which is another key part of the Duty requirements.

How can Leading Point help to simplify this process?

At Leading Point, our team of expert practitioners can assist the board members and senior managers within retail financial firms, to conduct more in-depth project scope and planning, gap analysis, as well as workflow strategies, and assist to define clear methodologies and approaches to implement the Duty policies and rules. We are fully-equipped to help any organisation that is looking to improve their implementation plans for meeting the Consumer Regulations, to ensure deadlines are met, whilst reducing costs, and risks, with defined mitigation strategies, and enhanced quality of consumer data. This will not only better equip firms with meeting the Duty obligations, but will help to accelerate new business growth, to ensure high-quality products and services are delivered to consumers.

Appendix and Additional Information on the Duty Regulation

What is the Consumer Duty Regulation?

The FCA introduced the Consumer Duty Regulation, and published the Finalised Guidelines FG22/5, along with the Policy Statement PS22/9 in July 2022, which is a ‘standard of care firms should give to customers in retail financial markets’ (FG22/9, p.3).

The FCA states that the purpose of the Consumer Duty (‘the Duty’) is to provide ‘a fairer basis for competition’, to help ‘boost growth and innovation’ (What firms and customers can expect from the consumer duty and other regulatory reforms, FCA (Sept, 2022)).

The Duty is comprised of three key areas: A Consumer Principle; the Cross-Cutting Rules; and the Four Outcomes (FG22/9, p.3). Each of these three key areas focus on how firms should deliver suitable products and services, as well as good outcomes to consumers.

Which firms and who will it impact?

The FG22/5 Guidelines state that the Duty applies ‘across retail financial services’, and that ‘firms should review all examples in this guidance and consider how they may be relevant to their business models and practices’ (FG22/5).

As stated in the FG22/5 Guidance, it is the firms responsibility to identify which rules and principles are applicable to their firm, and ‘what they are required to do’ (FG22/5).

What is the timeline of this Regulation?

It has been proposed for the Duty to be enforced in two-phase implementation periods, the first being by the end of July 2023, whereby the Duty will apply to new and existing products and services that remain for sale or open for renewal, and the second date is by July 2024, whereby the Duty will come fully into force, and will apply to all closed products and services (PS22/9).

The following timeline has been extracted from the Policy Statement – Implementation Timetable (PS22/9):

Implementation Period	Timeline
Firms’ boards (or equivalent management body) should have agreed their implementation plans and be able to evidence they have scrutinised and challenged the plans to ensure they are deliverable and robust to meet the new standards. Firms should expect to be asked to share implementation plans, board papers and minutes with supervisors and be challenged on their contents.	End of October 2022
Manufacturers should aim to complete all the reviews necessary to meet the four outcome rules for their existing open products and services by the end of April 2023, so that they can: • Share with distributors by the end of April 2023 the information necessary for them to meet their obligations under the Duty (e.g., in relation to the price and value, and products and service outcomes)	End of April 2023
Manufacturers should: • Identify where changes need to be made to their existing open products and services to meet the Duty and implement these remedies by the end of July 2023	End of July 2023
The Duty will apply to all new products and services, and all existing products and services that remain on sale or open for renewal. This gives firms 12 months to implement the new requirements on the bulk of retail financial products and services, benefiting the majority of consumers	End of July 2023
The Duty will come fully into force and apply to all closed products and services. This extra 12 months will help those firms with large numbers of closed products and will also help mitigate some of the wider concerns firms raised about the difficulty of applying the Duty to these products (see Chapter 3).	End of July 2024

How should firms implement the Consumer Duty Regulation?

According to the Guidance (FG22/5), it is a firm’s responsibility to identify which policies and rules apply and what they will be required to do (FG22/5). In addition to this, the Guidance has dedicated Chapter 10, on the Culture, Governance and Accountability that the Duty sets out for firms to give their customers. This is so that firms shift their focus on customer outcomes, and to ‘review the outcomes of their customers to ensure they are consistent with the Duty’ (PS22/9).

The Guidance (FG22/5) states the following:

The rules require firms to ensure their strategies, governance, leadership, and people policies (including incentives at all levels) lead to good outcomes for customers. The rules also make clear that we expect customer outcomes to be a key lens for important areas, such as Risk and Internal Audit.
A firm’s board, or equivalent governing body, should review and approve an assessment of whether the firm is delivering good outcomes for its customers which are consistent with the Duty, at least annually.
Individual accountability and high standards of personal conduct in firms will ensure that firms are meeting their obligations under the Duty.

The Guidance (FG22/5) outlines four important drivers of culture that firms will need to ensure they deliver on from: Purpose; Leadership; People; and Governance. The Duty will also hold senior managers accountable via the Senior Managers & Certification Regime (SMCR) (FG22/5). A firm’s board will be responsible for the submission of a Board Report, which will be comprised of an assessment of whether the ‘firm is delivering good outcomes for its customers which are consistent with the Duty’ (FG22/5). Firms will also be required to monitor their outcomes, with a key focus of the Duty requiring firms to ‘assess, test, and understand’ and be able ‘to evidence the outcomes their customers are receiving’ (FG22/5), thus firms will be required to identify relevant sources of their data, to ensure they are consistent with meeting the obligations of the Duty, to their customers.

by Mareen Rauf

Unlocking the opportunity of vLEIs

Streamlining financial services workflows with Verifiable Legal Entity Identifiers (vLEIs)

Source: GLIEF

Trust is hard to come by

How do you trust people you have never met in businesses you have never dealt with before? It was difficult 20 years ago and even more so today. Many checks are needed to verify if the person you are talking to is the person you think it is. Do they even work for the business they claim to represent? Failures of these checks manifest themselves every day with spear phishing incidents hitting the headlines, where an unsuspecting clerk is badgered into making a payment to a criminal’s account by a person claiming to be a senior manager.

With businesses increasing their cross-border business and more remote working, it is getting harder and harder to trust what you see in front of you. How do financial services firms reduce the risk of cybercrime attacks? At a corporate level, there are Legal Entity Identifiers (LEIs) which have been a requirement for regulated financial services businesses to operate in capital markets, OTC derivatives, fund administration or debt issuance.

LEIs are issued by Local Operating Units (LOUs). These are bodies that are accredited by GLEIF (Global Legal Entity Identifier Foundation) to issue LEIs. Examples of LOUs are the London Stock Exchange Group (LSEG) and Bloomberg. However, LEIs only work at a legal entity level for an organisation. LEIs are not used for individuals within organisations.

Establishing trust at this individual level is critical to reducing risk and establishing digital trust is key to streamlining workflows in financial services, like onboarding, trade finance, and anti-financial crime.

This is where Verifiable Legal Entity Identifiers (vLEIs) come into the picture.

What is the new vLEI initiative and how will it be used?

Put simply, vLEIs combine the organisation’s identity (the existing LEI), a person, and the role they play in the organisation into a cryptographically-signed package.

GLEIF has been working to create a fully digitised LEI service enabling instant and automated identity verification between counterparties across the globe. This drive for instant automation has been made possible by developments in blockchain technology, self-sovereign identity (SSI) and other decentralised key management platforms (Introducing the verifiable LEI (vLEI), GLEIF website).

vLEIs are secure digitally-signed credentials and a counterpart of the LEI, which is a unique 20-digit alphanumeric ISO-standardised code used to represent a single legal organisation. The vLEI cryptographically encompasses three key elements; the LEI code, the person identification string, and the role string, to form a digital credential of a vLEI. The GLEIF database and repository provides a breakdown of key information on each registered legal entity, from the registered location, the legal entity name, as well as any other key information pertaining to the registered entity or its subsidiaries, as GLEIF states this is of “principally ‘who is who’ and ‘who owns whom’”(GLEIF eBook: The vLEI: Introducing Digital I.D. for Legal Entities Everywhere, GLEIF Website).

In December 2022, GLEIF launched their first vLEI services through proof-of-concept (POC) trials, offering instant digitally verifiable credentials containing the LEI. This is to meet GLEIF’s goal to create a standardised, digitised service capable of enabling instant, automated trust between legal entities and their authorised representatives, and the counterparty legal entities and representatives with which they interact” (GLEIF eBook: The vLEI: Introducing Digital I.D. for Legal Entities Everywhere, page 2).

“The vLEI has the potential to become one of the most valuable digital credentials in the world because it is the hallmark of authenticity for a legal entity of any kind. The digital credentials created by GLEIF and documented in the vLEI Ecosystem Governance Framework can serve as a chain of trust for anyone needing to verify the legal identity of an organisation or a person officially acting on that organisation’s behalf. Using the vLEI, organisations can rely upon a digital trust infrastructure that can benefit every country, company, and consumers worldwide”,

Karla McKenna, Managing Director GLEIF Americas

This new approach for the automated verification of registered entities will benefit many organisations and businesses. It will enhance and speed up regulatory reports and filings, due diligence, e-signatures, client onboarding/KYC, business registration, as well as other wider business scenarios.

Imagine the spear phishing example in the introduction. A spoofed email will not have a valid vLEI cryptographic signature, so can be rejected (even automatically), saving potentially thousands of £.

How do I get a vLEI?

Registered financial entities can obtain a vLEI from a Qualified vLEI Issuer (QVI) organisation to benefit from instant verification, when dealing with other industries or businesses (Get a vLEI: List of Qualified vLEI Issuing Organisations, GLEIF Website).

A QVI organisation is authorised under GLEIF to register, renew or revoke vLEI credentials belonging to any financial entity. GLEIF offers a Qualification Program where organisations can apply to operate as a QVI. GLEIF maintain a list of QVIs on their website.

Source: GLIEF

What is the new ISO 5009:2022 and why is it relevant?

The International Organisation of Standards (ISO) published the ISO 5009 standard in 2022, which was initially proposed by GLEIF, for the financial services sector. This is a new scheme to address “the official organisation roles in a structured way in order to specify the roles of persons acting officially on behalf of an organisation or legal entity” (ISO 5009:2022, ISO.org).

Both ISO and GLEIF have created and developed this new scheme of combining organisation roles with the LEI, to enable digital identity management of credentials. This is because the ISO 5009 scheme offers a standard way to specify organisational roles in two types of LEI-based digital assets, being the public key certificates with embedded LEIs, as per X.509 (ISO/IEC 9594-8), also outlined in ISO 17442-2, or for digital verifiable credentials such as vLEIs to be specified, to help confirm the authenticity of a person’s role, who acts on behalf of an organisation (ISO 5009:2022, ISO Website). This will help speed up the validation of person(s) acting on behalf of an organisation, for regulatory requirements and reporting, as well as for ID verification, across various business use cases.

Leading Point have been supporting GLEIF in the analysis and implementation of the new ISO 5009 standard, for which GLEIF acts as the operating entity to maintain the ISO 5009 standard on behalf of ISO. Identifying and defining OORs was dependent on accurate assessments of hundreds of legal documents by Leading Point.

“We have seen first-hand the challenges of establishing identity in financial services and were proud to be asked to contribute to establishing a new standard aimed at solving this common problem. As data specialists, we continuously advocate the benefits of adopting standards. Fragmentation and trying to solve the same problem multiple times in different ways in the same organisation hurts the bottom line. Fundamentally, implementing vLEIs using ISO 5009 roles improves the customer experience, with quicker onboarding, reduced fraud risk, faster approvals, and most importantly, a higher level of trust in the business.”

Rajen Madan (Founder and CEO, Leading Point)

Thushan Kumaraswamy (Founding Partner & CTO, Leading Point)

How can Leading Point assist?

Our team of expert practitioners can assist financial entities to implement the ISO 5009 standard in their workflows for trade finance, anti-financial crime, KYC and regulatory reporting. We are fully-equipped to help any organisation that is looking to get vLEIs for their senior team and to incorporate vLEIs into their business processes, reducing costs, accelerating new business growth, and preventing anti-financial crime.

Glossary of Terms and Additional Information on GLEIF

Who is GLEIF?

The Global Legal Entity Identifier Foundation (GLEIF) was established by the Financial Stability Board (FSB) in June 2014 and as part of the G20 agenda to endorse a global LEI. The GLEIF organisation helps to implement the use of the Legal Entity Identifier (LEI) and is headquartered in Basel, Switzerland.

What is an LEI?

A Legal Entity Identifier (LEI) is a unique 20 alphanumeric character code based on the ISO-17442 standard. This is a unique identification code for legal financial entities that are involved in financial transactions. The role of the structure of how an LEI is concatenated, principally answers ‘who is who’ and ‘who owns whom’, as per ISO and GLEIF standards, for entity verification purposes and to improve data quality in financial regulatory reports.

How does GLEIF help?

GLEIF not only helps to implement the use of LEI, but it also offers a global reference data and central repository on LEI information via the Global LEI Index on gleif.org, which is an online, public, open, standardised, and a high-quality searchable tool for LEIs, which includes both historical and current LEI records.

What is GLEIF’S Vision?

GLEIF believe that each business involved in financial transactions should be identifiable with a unique single digital global identifier. GLEIF look to increase the rate of LEI adoption globally so that the Global LEI Index can include all global financial entities that engage in financial trading activities. GLEIF believes this will encourage market participants to reduce operational costs and burdens and will offer better insight into the global financial markets (Our Vision: One Global Identity Behind Every Business, GLEIF Website).

by Rajen Madan, Mareen Rauf and Thushan Kumaraswamy

Séverine Raymond Soulier's Interview with Leading Point

Séverine Raymond Soulier’s Interview with Leading Point

Séverine Raymond Soulier is the recently appointed Head of EMEA at Symphony.com – the secure, cloud-based, communication and content sharing platform. Séverine has over a decade of experience within the Investment Banking sector and following 9 years with Thomson Reuters (now Refinitiv) where she was heading the Investment and Advisory division for EMEA leading a team of senior market development managers in charge of the Investing and Advisory revenue across the region. Séverine brings a wealth of experience and expertise to Leading Point, helping expand its product portfolio and its reach across international markets.

by Leading Point

John Macpherson's Interview with Leading Point

John Macpherson’s Interview with Leading Point 2022

John Macpherson was the former CEO of BMLL Technologies; and is a veteran of the city, holding several MD roles at CITI, Nomura and Goldman Sachs. In recent years John has used his extensive expertise to advise start-ups and FinTech in challenges ranging from compliance to business growth strategy. John is Deputy Chair of the Investment Association Engine which is the trade body and industry voice for over 200+ UK investment managers and insurance companies.

by Leading Point

ESG Operating models hold the key to ESG compliance

John Macpherson on ESG Risk

In my last article, I wrote about the need for an effective operating model in the handling and optimisation of data for Financial Services firms. But data is only one of several key trends amongst these firms that would benefit from a digital operating model. ESG has risen the ranks in importance, and the reporting of this has become imperative.

The Investment Association Engine Program, which I Chair, is designed to identify the most relevant pain points and key themes amongst Asset and Investment Management clients. We do this by searching out FinTech businesses that are already working on solutions to these issues. By partnering with these businesses, we can help our clients overcome their challenges and improve their operations.

While data has been an ever-present issue, ESG has risen to an equal standing of importance over the last couple of years. Different regulatory jurisdictions and expectations worldwide has left SME firms struggling to comply and implement in a new paradigm of environmental, sustainable and governance protocols.

ESG risk is different to anything we have experienced before and does not fit into neat categories such as areas like operational risk. The depth and breadth of data and models required for firms to make informed strategic decisions varies widely based on the specific issue at hand (e.g., supply chain, reputation, climate change goals, etc.). Firms need to carefully consider their own position and objectives when determining how much analysis is needed.

According to S&P Global, sustainable debt issuance reached a record level in 2021, and is only expected to increase further in the coming years. With this growth comes increased scrutiny and a heightened concern of so-called ‘greenwashing’, where companies falsely claim to be environmentally friendly. To combat this, participants need to manage that growth in a way that combats rising concerns about ‘greenwashing’.

Investors, regulators and the public, in general, are keen to challenge large companies’ ESG goals and results. These challenges vary wildly, but the biggest seen on a regular basis range from human rights to social unrest and climate change. As organisations begin to decarbonise their operations, they face the initially overlooked challenge of creating a credible near-term plan that will enable them to reach their long-term sustainability goals.

Investor pressure on climate change has historically focussed on the Energy sector. Now central banks are trying to incorporate climate risk as a stress testing feature for all Financial Services firms.

Source: S&P Global

Operating models hold the key to ESG transition and compliance. Having an operating model for how each of the firm’s functions intersect with ESG, requires new processes, new data, and new reporting techniques. This needs to be pulled across the enterprise, so firms have a process that is substantiated.

Before firms worry about ESG scores from their market data providers, they would do well to look closely at their own operating model and framework. In this way, they can then pull in the data required from the marketplace and use it in anger.

Leading Point is a FinTech business I am proud to be supporting. Their operating model system, modellr™ describes how financial services businesses work, from the products and services offered, to the key processes, people, data, and technology used to deliver value to their customers. This digital representation of how the business works is crucial to show what areas ESG will impact and how the firm can adapt in the most effective way.

Rajen Madan, CEO at Leading Point:

“In many ways, the transition to ESG is exposing the acute gap in firms of not being able to have meaningful dialogue with the plethora of data they already have, and need, to further add to for ESG”.

modellr™ harvests a company’s existing data to create a living dashboard, whilst also digitising the change process and enabling quicker and smarter decision-making. Access to all the information, from internal and external sources, in real time is proving transformative for SME size businesses.

Thushan Kumaraswamy, Chief Solutions Officer at Leading Point:

“ESG is already one of the biggest drivers of transformation in financial services and is only going to get bigger. Firms need to identify the impact on their business, choose the right change option, execute the strategy, and measure the improvements. The mass of ESG frameworks adds to the confusion of what to report and how. Tools such as modellr™ bring clarity and purpose to the ESG imperative.”

While most firms will look to sustainability officers for guidance on matters around ESG, Leading Point are providing these officers, and less qualified team members, with the tools to make informed decisions now, and in the future. We have established exactly what these firms need to succeed – a digital operating model.

Words by John Macpherson — Board advisor at Leading Point and Chair of the Investment Association Engine

by John Macpherson

Leading Point have joined the SME Climate Commitment

What is The SME Climate Hub?

The SME Climate Hub is a global collection of SMEs (small-medium enterprises) that have commited to halve emissions by 2030 and become net-zero by 2050. Included in this commitment is to report on progress yearly.

The SME Climate Hub is a network that supports SMEs on this vital net-zero journey.

Why we joined:

Leading Point is pleased to announce that we have joined the UN-backed SME Climate Commitment and formally committed to being net-zero in carbon emissions by 2030 (in advance of the minimum target of 2050).

We have joined the community of UK businesses tackling climate change through the SME Climate Hub. With their support, we will understand, track, and make strategic, impactful emission reductions to achieve our target of being a net-zero business by 2030.

Leading Point is committed to having a responsible, sustainable, and transparent operating model. We are excited to collaborate with other businesses on this scheme, and implement a business climate strategy using the tools created by Normative, CDP, Business for Social Responsibility (BSR™), and the University of Cambridge Institute for Sustainability Leadership (CISL).

We are proud to be taking the lead on climate action with the SME Climate Hub community and will be fully transparent with our progress.

Words from our Founding Partner and Chief Sustainability Officer, Thushan Kumaraswamy:

“Committing to a net-zero target is the right thing to do for the planet. It is also a bold statement for a growing startup. I want Leading Point to be at the forefront for fintechs who are making a climate change difference. As we grow, our impact on the environment naturally increases. I am excited to find the best ways to mitigate those impacts and share those findings with our peers.”

Words from our ESG Associate, Maria King:

“Climate change presents both potential risks and potential opportunities for businesses. Small to medium-sized enterprises (SMEs) account for 90% of business worldwide. However, only a small portion of these report on their emissions due to costs and complexity.”

Who we are:

Leading Point is a fintech specialising in digital operating models. We are revolutionising the way operating models are created and managed through our proprietary technology, modeller™, and expert services delivered by our team of specialists.

by Leading Point

What COP26 means for Financial Services

Many have proclaimed COP26 as a failure, with funding falling short, loose wording and non-binding commitments. However, despite the doom and gloom, there was a bright spot; the UK’s finance industry.

Trillions need to be invested to achieve the 1.5 degrees target, but governments alone do not have the funds to achieve this. Alternative sources of finance must be found, and private investment needs to be encouraged on all fronts to, ‘go green’. Looking at supply-side energy alone, the IPPC estimates that up to $3.8 trillion needs to be mobilised annually to achieve the transition to net-zero by 2050.

The UK led from the front in green finance, introducing plans to become the world’s first net-zero aligned financial centre. New Treasury rules for financial institutions, listed on the London Stock Exchange, mean that companies will have to create and publish net-zero transition plans by 2023, although the full details are yet to be announced. These plans will be evaluated by a new institution, but crucially, are not mandatory. The adjudicator of the investment plans will be investors. Although some argue the regulation could be stronger, just like national climate targets, once there are institutions publishing their alignment with net-zero, there is a level of accountability that can be scrutinised and a platform for comparison which encourages competition. Anything stronger could have pushed investment firms into less-regulated exchanges.

Encouragingly, the private sector showed strong engagement, with nearly 500 global financial services firms agreeing to align $130 trillion — around 40% of the world’s financial assets — with the goals set out in the Paris Agreement, including limiting global warming to 1.5 degrees Celsius.

From large multinational companies, to small local businesses, the summit provided greater clarity on how climate policies and regulations will shape the future business environment. The progress made, on phasing out fossil fuel subsidies and coal investments, was a clear signal to the global market about the future viability of fossil fuels. It will now be more difficult to gain funding to expand existing or build new coal mines. Over time, this adjustment will have wider impacts on the funding of other polluting industries.

This new framework will give the private sector the confidence and certainty it needs to invest in green technology and green energy. Renewable energy is already the cheapest form of energy in 2/3 of the world. This reassurance will be crucial in driving the economies of scale we need, within the renewable energy industry.

A truly sustainable future is still a long way off. The private sector will still invest in fossil fuels, new regulations will cause challenges, and ESG remains optional; but initial signals from COP26 show that the future of the world is looking green.

By Maria King — ESG Associate at Leading Point

Who we are:

Leading Point is a fintech specialising in digital operating models. We are revolutionising the way operating models are created and managed through our proprietary technology, modellr™, and expert services delivered by our team of specialists.[/vc_column_text][/vc_column][/vc_row]

by Maria King

How To Sustainably Return To The Office & Incorporate ESG

Freedom has engulfed the UK since the 19th of July, with restrictions and masks now being a choice, this means the penultimate move back to the office is looming, or already loomed for many of us. After a yearlong hiatus from the bustle of office life, it is time to up our ESG game. If you’re unfamiliar with ESG (Environmental, Social and Governance), there’s no better time than now to learn. More and more businesses are adopting ESG solutions in the hopes of bettering themselves, or simply, to keep up with the times. According to The Cone Communications Millennial Employee Study, 64% of millennial workers won’t take a job if the business does not have a strong corporate social responsibility (CSR) or ESG policy (1). Studies such as these reflect the traction ESG is generating, and why companies like us are so passionate about driving it.

Ways of working have fundamentally changed, and as companies navigate this, they have the chance to ensure that the environmental aspect of ESG is not only theoretical, but implemented into their everyday ways of working. SMEs are now using significantly more electricity than they need to, i.e., a small business uses an average of 15,000-25,000 kWh per year in the UK (2). To put those numbers into perspective, the average UK household consumes 3,731 kWh per year (3), and although an office accommodates more than a typical family home would, these figures are undeniably excessive.

Returning to the office after numerous COVID-19 lockdowns gives the feeling of a fresh start. We now have a chance to create a more carbon-neutral workplace that uses less energy, produces less waste, and benefits the overall welfare of staff. Cutting your office’s electricity consumption has endless benefits, from relieving the environment of greenhouse gasses and fossil fuels to reducing the costs associated with running your firm.

2021 will see a surge in policymakers taking action to manage and measure the climate crisis, but the key question is, how will you respond?

Improve your green credentials with these 3 simple steps:

1. Reduce your carbon footprint through your transport choices – take public transport, walk, or cycle. Even carpool if possible!

2. Support your local businesses – eat lunch near the office, go to local pubs after work. This reduces the energy exuded from delivery services and travel.

3. Lower your office's electricity consumption:

i) Open windows instead of using air conditioning.

ii) Minimise artificial lighting – during daylight, open blinds instead of using bulbs.

iii) Use energy-saving bulbs – switching to LEDs could save you 85% on your lighting costs according to EON (4).

iv) Install motion sensors to control lighting in certain rooms – ensures that lights are not left on needlessly.

v) Switch off computer workstations at the end of the day – reduces electricity consumption from appliances.

vi) Reduce paper wastage – print only when necessary.

vii) Consider micro-generation (small-scale production of heat and/or electricity from a low carbon source, i.e., solar panels).

viii) Book a commercial energy audit – quantify your firm's environmental impacts.

Keeping in line with the ever-changing rules, our team have slowly and recently migrated back to the office. ESG is a huge part of our service lines and overall ethos, therefore implanting green habits upon the return to the office was hugely important. ESG expert, Ziko Townsend, who has written several pieces on the importance of ESG, lets us in on how he has successfully, sustainably, returned to the office.

“I try to do the simple things. Walk as much as possible where I can, bring my own mugs for coffee and water, and try to recycle as much as I can at home and in the office.”

As you can see, there are tonnes of small ways, to make a big impact. We are in a unique situation in the work force right now that is giving us the opportunity to reset, change old habits and form new ways of everyday working. So, leave your pre-pandemic office habits in 2020, and use your new freedom to adopt some of the above suggestions upon your return to the office.

If you would like to learn more about Leading Point and how we help businesses manage change, you can reach us here.

By Nadyah Ibrahim - Marketing and Communications Executive

by Nadyah Ibrahim

Severine Raymond Soulier joins the Leading Point advisory board

Leading Point™ are thrilled to welcome Severine Raymond Soulier as the newest member of their advisory board. Severine joins Leading Point™ to expand the product portfolio and its reach across international markets.

Severine is the recently appointed Head of EMEA at Symphony.com – the secure, cloud-based, communication and content sharing platform. Severine has over a decade of experience within the Investment Banking sector and following 9 years with Thomson Reuters (now Refinitiv) where she was heading the Investment and Advisory division for EMEA leading a team of senior market development managers in charge of the Investing and Advisory revenue across the region. Severine Raymond brings a wealth of experience and expertise to Leading Point.

Severine Raymond Soulier says: “I am delighted to join the Leading Point team, I have been truly impressed by the talents within the team and by the transformation projects they have run with key financial players so far and look forward to bringing the company to the next level. I also fully embrace the diverse and inclusive culture of Rajen’s team and I will surely be enriched by the team and hope they can benefit from my leadership in return."

Rajen Madan, Founder & CEO of Leading Point says, "We are excited to have Severine join Leading Point. She brings expertise in strategy, go-to-market and team building for global established FS firms. She has driven high growth in her current role at Symphony. Severine’s rich experience will help us expand our product portfolio and reach across international markets. Severine is passionate about helping create future female leaders and will be a great role model and mentor to our wider team.”

Who we are:

Contact: rajen@leadingpoint.io

by Nadyah Ibrahim

Leading Point's Guide to Change Terms

We at Leading Point know all too well that the business world is full of jargon. So here's our handy guide to the eight most common terms used in change management.

Op model (AKA Operating model)
A representation of how a business works. It is not an org chart or a process map. This is traditionally done in PowerPoint and Excel.

Digital op model
This often means, how your business works in a digital world.
However, at Leading Point we believe that operating models can be done differently. To us, a digital op model is a digital representation of your operating model. This means that the op model remains live, and can be updated in real time; rather than living in a rarely opened PowerPoint.

Digital transformation
Making the business work better using digital tools and processes.

Business transformation
Any kind of significant change to how the business works.

Digitisation
Turning paper documents into structured data.

Business capability
What the business does.
Capabilities are stable and rarely change.

Business process
How the business operates.
Unlike ‘business capability’, this is variable and changes frequently.

Function
Either used as another word for capability, or another word for organisation. (This is confusing, which is why we at Leading Point don't use it.)

We hope this has helped to translate some of the jargon!
If you would like to learn more about Leading Point and how we help businesses manage change, you can reach us here.

by Thushan Kumaraswamy

The Great Crypto-ESG Debate

In my 13 years of finance, I’ve never quite encountered anything like this current trading environment. That’s taking into account a global financial crisis, a European debt crisis, a “flash crash”, and various other bits of absolute market turmoil and panic. Specialising in ESG investing has allowed me to strengthen my investment management craft in a way I have not been able to previously. It has been riveting to see the extent to which sustainability issues have affected the market’s views on different securities. As exciting as ESG considerations are, they seem relatively boring in comparison to cryptocurrency issues. As fate would have it, the two have recently become juxtaposed, and this provides an opportunity for some interesting views on where ESG and Cryptocurrency issues go from here.

So, what is cryptocurrency?

Cryptocurrency (as I understand it) is a decentralised vehicle for conducting various financial transactions, similar to the way money works, but in a much less conventional sense. What is untraditional about cryptocurrencies is that they operate through blockchain technology (BCT) rather than more orthodox mediums such as banks. This BCT is supposed to enable greater transparency and safety for the transacting parties. The creators of cryptocurrencies, also known as miners, use computational powers to solve complex algorithms and produce tokens. These tokens can then be bought, sold, and traded as needed.

ESG takes into account environmental, social and good governance factors in business decision making. At Leading Point, we have recently published our ESG Rationale and Action plan; read about them here.

The issue

One of the tenets of ESG is environmental sustainability. In recent years, there has been a monumental move in thinking towards climate change and the overall impact on human life. As a result, there has been a concurrent shift in businesses becoming more sustainable. This dynamic shift in thinking is unlikely to reverse.

One of the criticisms of the cryptocurrency mining process is that it tends to use a staggering amount of energy. For example, Cambridge University suggests that generating Bitcoin requires more power annually than powering Argentina. Higher electricity usage translates to higher CO2 production, which naturally is a big no-no in the ESG space. Of course, in a cruel twist of irony, there have been reports that the production of conventional forms of fiat currency (e.g. gold and copper) surpasses Bitcoin. Still, this has not slowed down the most recent criticism of cryptocurrencies. Many have argued that we cannot achieve greater efficiency in sustainability and increased cryptocurrency dominance at the same time.

The role that technology is playing in transforming the ESG market is well-documented. Meanwhile, BCT has seen higher usability across several sectors. So, the question is; where do we go from here in the great ESG vs Crypto debate?

There will be a sharper focus on the sustainability of cryptocurrency mining.

From its peak (at the time of writing), Bitcoin has fallen by more than 40% after Elon Musk (long time Bitcoin advocate and environmentalist) announced that Tesla would no longer be accepting Bitcoin as payment due to environmental concerns about its heavy energy use. Cardano, regarded as a much more sustainably mined cryptocurrency, has increased roughly 70% between May 2nd and May 16th as its executives have made moves to have Tesla replace Bitcoin with its offering. At Leading Point, we expect investors to continue to weigh sustainability and efficiency vs the popularity of various types of cryptocurrencies. As an asset class, cryptocurrencies will invariably come under greater regulatory scrutiny.

There will be increased volatility in the cryptocurrency market.

Investor discernment over sustainability will lead to higher volatility in cryptocurrency markets. This scrutiny adds to a trading dynamic that is already highly volatile.

ESG will continue to present moral and ethical dilemmas

If you’ve ever spoken to a very opinionated climate change activist, they may have been the type of person who wants to shut down fossil fuel production worldwide. While this would have immediate environmental benefits, there would be substantial human costs. No more fossil fuels would immediately put thousands out of work. At the same time, we’d also need massive infrastructural investment across the globe to ready ourselves thoroughly for new energy inputs. As one can imagine, there are numerous considerations.

As the world moves towards a more sustainable and responsible future, we view businesses as active participants rather than judging them as being “good or bad” in an ESG sense. At Leading Point, we have committed to using our expertise across many industries to help organisations address their stewardship needs. My most recent article talks on this in detail, exploring stewardship and ESG solutions, and why it will always matter, especially in 2021, read more here.

Summary

ESG vs Cryptocurrency is a debate that is growing in importance. We expect that this will reflect increased volatility and greater regulatory scrutiny.

by Thushan Kumaraswamy

Stewardship Always Matters: 3 reasons why ESG is here to stay

It’s difficult to imagine a world without ESG. It certainly feels like it’s all anyone talks about now. It seems like everyone is covering it. Here’s Matthew, who has just become an ESG Consultant. There’s Annie, who completed her CFA Level 4 ESG-Investing certificate. And Jason, who has a daily blog post covering the top 10 largest US companies’ efforts concerning ESG.

It’s understandable that some of us are experiencing a level of “ESG-fatigue” as we continue to be washed in news, updates, regulations and content. But none of this is without good reason. All this is to preserve our quality of life as a species, and it will take herculean efforts spanning all across the globe in EVERY industry.

ESG is a relatively new term (reportedly coined in the early to mid-2000s after the now famous ‘Who Cares Wins’ conference). However, “stewardship” is not. The word ‘steward’ is derived from an old English saying describing an estate’s guardian; charged with ensuring the safety of the estate’s asset.

In this vein, as stewards of business and investment, we are charged with being guardians of our customers, shareholders, ourselves and our operating environment. It’s as simple (and complicated) as that.

ESG factors can be traced as far back as the 17th and 18th century; when Methodists and Quakers set out guidelines for their followers about which companies they should invest in (this is the first recording “exclusionary screen”). Via advancements such as the Sullivan Principles in the 1970s (two guidelines that sought to bring economic pressure on ending apartheid in South Africa) and the growth of impact/social investing through the 1980s and 2000s, we find ourselves at a tipping point of what can overall be categorised as a stewardship revolution. But what makes this more than just another passing cloud?

1. Greater political and regulatory commitment

In April of this year, the US President, Joe Biden, hosted a virtual two-day summit where both the US and the EU pledged to cut carbon emissions by 50% by 2030. In the UK, the Task Force for Climate-Related Financial Disclosures (TCFD), has engaged in consultation to bring all large UK firms into regulation. This is regarding their governance, strategy, risk management and metrics and targets, as they relate to carbon emission reductions. It comes into effect by 2022. Japan has been steadily trying to incorporate higher diversity, inclusion and ESG into corporate governance codes. Similar efforts are being made in China and Korea.

It’s clear that there is already a buy-in from “the top”. We predict stricter ESG regulatory frameworks going forward, affecting both smaller and larger companies alike. We believe businesses should prepare for this eventuality sooner rather than later.

2. Greater efforts to standardise disclosures

One of the pain points in the ESG market is that data is often incomparable. The levels of disclosure differ by company, industry and geography. Additionally, among ESG research companies, there are differing views of levels of materiality (a crucial aspect of ESG incorporation) which has led to differing opinions on firms’ ESG readiness. It is widely accepted that industry ESG scores correlate somewhere between 0.3 and 0.5. Recently, The International Integrated Reporting Council (IIRC) and the Sustainability Accounting Standards Board (SASB) announced a 2021 merge into a unified organisation, The Value Reporting Foundation. This is intended to simplify sustainability reporting disclosures for companies and investors alike.

We think this represents a turning point in how companies and investors will be able to assess risk and opportunities; opening the doors for greater global collaboration on solving complex yet common ESG issues.

3. Technology opening new doors

Blockchain technology has a range of applications in the ESG market, e.g. enabling companies to more quickly identify instances of money laundering and bribery (higher governance); to playing a major part in data security and privacy. There has been a higher use of AI and other forms of technology to aid the ESG-data integration process. While there is some discrepancy as to the view of how intense technology exacerbates the climate change issue, there is a range of applications that technology can play in improving our current, and future quality of life.

We expect to see soaring use of tech in the ESG landscape going forward, as companies explore ways of becoming more efficient in executing their stewardship frameworks and action plans.

Summary

There always was and continues to be room for stewardship in every business model. In that vein,

ESG will simply not come and go like Blu-ray technology. It’s here to stay and we should all buy-in.

by Thushan Kumaraswamy

Riding the ESG Regulatory Wave

[et_pb_section fb_built="1" _builder_version="4.4.8" min_height="1084px" custom_margin="16px||-12px|||" custom_padding="0px||0px|||"][et_pb_row column_structure="2_3,1_3" _builder_version="3.25" custom_margin="-2px|auto||auto||" custom_padding="1px||3px|||"][et_pb_column type="2_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_social_media_follow url_new_window="off" follow_button="on" _builder_version="4.4.8" text_orientation="left" module_alignment="left" min_height="14px" custom_margin="1px||5px|0px|false|false" custom_padding="0px|0px|0px|0px|false|false" border_radii="on|1px|1px|1px|1px"][et_pb_social_media_follow_network social_network="linkedin" url="https://uk.linkedin.com/company/leadingpoint" _builder_version="4.4.8" background_color="#007bb6" follow_button="on" url_new_window="off"]linkedin[/et_pb_social_media_follow_network][/et_pb_social_media_follow][et_pb_image src="https://leadingpointfm.com/wp-content/uploads/2020/09/wave-again.jpg" title_text="wave again" align_tablet="center" align_phone="" align_last_edited="on|desktop" admin_label="Image" _builder_version="4.4.8" locked="off"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.4.8"][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_font="||||||||" text_font_size="14px" text_line_height="1.6em" header_font="||||||||" header_font_size="25px" width="100%" custom_margin="10px|-34px|-5px|||" custom_padding="16px|0px|5px|8px||" content__hover_enabled="off|desktop"]

Riding the ESG Regulatory Wave

In the third part of our Environmental, Social and Governance (ESG) blog series, Alejandra explores the implementation challenges of ESG regulations hitting EU Asset Managers and Financial Institutions.

A new brand of Regulation

Whilst the world is still recovering from the effects of COVID-19, and adapting to the issues uncovered as a result of the Black Lives Matter movement, adopting sustainable practices and timely adherence to ESG regulations is pivotal in safeguarding a company’s long-term success.

Widely recognised as being more than a fad or a feel-good exercise, it is clear that creating stronger ESG alignment correlates with higher equity returns.* Compliance with ESG regulations will create monumental changes to the financial services industry and it will take well-rounded experience in regulatory transition to ensure seamless adherence and minimal disruption to operations.

Similar to the Know Your Client (KYC) and Anti Financial Crime (AFC) regulation landscape of five years ago, ESG regulation implementation will require heavy lifting from the advisory and consulting sectors. Compounded with this, firms need a commitment to transition and adjust investment principles and processes in order to achieve these ambitious goals.

This influx of new rules reflects the regulators attempts to catch up with longstanding investor demand.** As a result of these optional and mandatory principles, businesses are understanding the importance of having well-governed and socially-responsible practices in place, making it the optimal time for financial institutions to start planning for ESG rules implementation.

Upcoming EU ESG Regulation Examples

MiFID II Amendments (in force Q1 2020) Advisers will need to be more proactive with customers in relation to ESG considerations by asking them about their preferences
The Taxonomy Regulation (in force July 2020) Sets out a common classification system to determine which economic activities and investments can be treated as “environmentally sustainable”
Benchmarks Regulation Has been amended to include two new benchmarks to help increase transparency and avoid greenwashing
4. Stress Testing Rules for Banks Tools and mechanisms to integrate ESG factors into the EU prudential framework, banks’ business strategies, investment policies and risk management processes

In the last three years, ESG regulations grew by 158% in the UK, and by 145% in the US and Canada.***

The most regulated topics are business ethics and climate change in financial services, energy use and consumer rights in the US utilities, and product and service safety in healthcare and pharmaceuticals.

These regulations will affect many areas significant to asset managers, from corporate governance to process and product considerations. Implementing these changes effectively in order to gain a competitive advantage over their peers and avoiding the burden of non-compliance will mean drawing up consistent definitions, identifying the data points needed to set comparable targets, monitoring investments and reporting to regulators. Additionally, they will have to consider their role in the design, delivery and sale of financial services and products.

Data, Benchmarking and Disclosure

When it comes to benchmarking and disclosing data it is important to highlight the difference between ‘sustainability’ and ‘ESG’. Specifically with ESG information, the devil is in the detail. Asset managers must perform this in-depth data collection to satisfy their own corporate reporting requirements, to conduct appropriate investment and risk management decisions, and to make disclosures to clients and fund investors.

Because asset managers produce, distribute and ingest financial and non-financial ESG data, these regulations can bring competitive advantage and clarity to those who implement them effectively.

A typical asset manager will have to ingest endless subsets of relevant ESG considerations from various asset classes, industries and geographies all of which depend on differing underlying data in order to reach informed and accurate decisions. The major challenge is being able to determine the data points required to set comparable targets, monitor investments, and measure and compare performance across sectors, industries, and national or regional borders.

Implementation Insights

A proactive approach is essential as it enables firms to gain an early understanding of the changes needed to their operations and position them as credible, trusted partners with regulators.

Once an organisation has established its guiding vision and strategy for implementing investment principles, the real work begins. Updates to compliance, risk management, product development, data management, sales and reporting processes all need to take place and have to be coordinated across business units and functions to ensure consistency and traceability.

Analysis and assembly of regulations, standards and good practices, clear and up-to -date management views and evaluation of peer approaches all have to be part of a holistic regulatory implementation approach.

Whilst trying to predict the future and see the outcomes of implementing these future-facing requirements, it is important to remember the importance of flexibility and adaptability. The transition has to be well-managed and sustainable to be maintained. It is also important to incorporate lessons learnt from previous regulatory implementations. The organisations who will come out the strongest will be those who take the time to invest and begin with a good understanding of the changes in the operational environment and internal capabilities required.

* https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/five-ways-that-esg-creates-value

** https://www.unpri.org/signatories/signatory-resources/signatory-directory

*** https://www.datamaran.com/global-insights-report

[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px|||||"]

"Compliance with ESG regulations will create monumental changes to the financial services industry and it will take well-rounded experience in regulatory transition to ensure seamless adherence and minimal disruption to operations."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="452px||133px|||" custom_padding="8px|||||"]

"Because asset managers produce, distribute and ingest financial and non-financial ESG data, these regulations can bring competitive advantage and clarity to those who implement them effectively."

[/et_pb_text][et_pb_text disabled_on="on|on|off" _builder_version="4.4.8" min_height="15px" custom_margin="427px|||||" custom_padding="1px|||||"]

"Similar to the Know Your Client and Anti Financial Crime regulation landscape of five years ago, ESG regulation implementation will require heavy lifting from the advisory and consulting sectors."

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,1_4,1_2" _builder_version="3.25"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_team_member name="Alejandra Curtis " position="Leading Point" image_url="https://leadingpointfm.com/wp-content/uploads/2020/09/alejandra-1.png" linkedin_url="https://www.linkedin.com/in/alejandra-curtis-gutierrez-a851366a/" _builder_version="4.4.8" inline_fonts="Sarabun"]

Environmental Social & Governance (ESG) and Sustainable Investment

Client propositions and products in data-driven transformation in ESG and Sustainable Investing.

[/et_pb_team_member][/et_pb_column][et_pb_column type="1_4" _builder_version="4.4.8"][et_pb_team_member name="Rajen Madan" position="Founder and CEO" image_url="https://leadingpointfm.com/wp-content/uploads/2020/09/rajen.png" _builder_version="4.4.8" link_option_url="mailto:thush@leadingpoint.io"]

Responsible for delivering digital FS businesses.
Change leader with over 20 years’ experience in helping financial markets with their toughest business challenges.

[/et_pb_team_member][/et_pb_column][et_pb_column type="1_2" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_font_size="15px" width="100%" link_option_url="https://leadingpointfm.com/esg-the-future-pillars-of-investing/"]

Upcoming blogs:

This is the third in a series of blogs that will explore the ESG world: its growth, its potential opportunities and the constraints that are holding it back. We will explore the increasing importance of ESG and how it affects business leaders, investors, asset managers, regulatory actors and more.

Artificial Intelligence: the Solution to the ESG Data Gap? In the second part of our Environmental, Social and Governance (ESG) blog series, Anya explores the potential opportunities surrounding Artificial Intelligence and responsible investing.

Is it time for VCs to take ESG seriously? In the fourth part of our Environmental, Social and Governance (ESG) blog series, Ben explores the current research on why startups should start implementing and communicating ESG policies into their business.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.4.8"][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_button button_url="https://leadingpointfm.com/wp-content/uploads/2020/09/Leading-Point-ESG-Riding-the-Regulatory-Wave-Aug-2020-1.pdf" button_text="Download our guide" button_alignment="center" _builder_version="4.4.8" custom_button="on" button_text_size="20px" button_text_color="#ffffff" button_bg_color="#0c71c3" button_font="|700||||on|||" button_icon="%%30%%" button_icon_color="#0c71c3" background_layout="dark" button_text_shadow_style="preset3"][/et_pb_button][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" module_class="txtwhite" _builder_version="3.22.3" background_color="#23408f" custom_padding="||62px|||" locked="off"][et_pb_row _builder_version="4.4.8"][et_pb_column type="4_4" _builder_version="4.4.8"][et_pb_text _builder_version="4.4.8" text_text_color="#ffffff" text_font_size="15px" header_text_color="#ffffff"]

How Leading Point can help

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.4.8"][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_blurb_extended title="Bringing clarity to your company’s ESG data" use_icon="on" font_icon="%%384%%" icon_color="#ffffff" use_icon_font_size="on" icon_font_size="39px" icon_hover_color="#17a826" style_icon="on" icon_shape="use_circle" use_shape_border="on" shape_border_color="#ffffff" shape_border_hover_color="#17a826" title_hover_color="#17a826" _builder_version="4.4.8" header_text_align="left" header_text_color="#ffffff" header_font_size="17px" read_more_icon="%%20%%" text_orientation="center" custom_margin="5px|1px|5px|1px|false|false" custom_padding="0px|0px|0px|0px|false|false" animation_style="fade" locked="off"]

By using our cloud-based data visualisation platform to bring together relevant metrics, we help organisations gain a standardised view and improve your ESG reporting and portfolio performance. Our live ESG dashboard can be used to scenario plan, map out ESG strategy and tell the ESG story to stakeholders.

[/et_pb_blurb_extended][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_blurb_extended title="Accelerating the collection of ESG metrics using AI" use_icon="on" font_icon="%%389%%" icon_color="#ffffff" use_icon_font_size="on" icon_font_size="39px" icon_hover_color="#17a826" style_icon="on" icon_shape="use_circle" use_shape_border="on" shape_border_color="#ffffff" shape_border_hover_color="#17a826" title_hover_color="#17a826" _builder_version="4.4.8" header_text_align="left" header_text_color="#ffffff" header_font_size="17px" read_more_icon="%%20%%" text_orientation="center" custom_margin="5px|1px|5px|1px|false|false" custom_padding="0px|0px|0px|0px|false|false" animation_style="fade" locked="off"]

AI helps with the process of ingesting, analysing and distributing data as well as offering predictive abilities and assessing trends in the ESG space. Leading Point is helping our AI startup partnerships adapt their technology to pursue this new opportunity, implementing these solutions into investment firms and supporting them with the use of the technology and data management.

[/et_pb_blurb_extended][/et_pb_column][et_pb_column type="1_3" _builder_version="4.4.8"][et_pb_blurb_extended title="Assisting companies to implement upcoming EU ESG regulations" use_icon="on" font_icon="%%392%%" icon_color="#ffffff" use_icon_font_size="on" icon_font_size="39px" icon_hover_color="#17a826" style_icon="on" icon_shape="use_circle" use_shape_border="on" shape_border_color="#ffffff" shape_border_hover_color="#17a826" title_hover_color="#17a826" _builder_version="4.4.8" header_text_align="left" header_text_color="#ffffff" header_font_size="17px" read_more_icon="%%20%%" text_orientation="center" custom_margin="5px|1px|5px|1px|false|false" custom_padding="0px|0px|0px|0px|false|false" animation_style="fade" locked="off"]

Implementing ESG regulations and providing operational support to improve ESG metrics for banks and other financial institutions. Ensuring compliance by benchmarking and disclosing ESG information, in-depth data collection to satisfy corporate reporting requirements, conducting appropriate investment and risk management decisions, and to make disclosures to clients and fund investors.

[/et_pb_blurb_extended][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="3.22.3" animation_style="fade" locked="off"][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text admin_label="Contact Us" module_class="txtblue" _builder_version="3.27.4" text_font="||||||||" link_font="||||||||" ul_font="||||||||" text_orientation="center"]

Contact Us

[/et_pb_text][et_pb_text admin_label="Form" _builder_version="3.27.4"][formidable id=2][/et_pb_text][et_pb_code admin_label="Social media icons" module_class="form" _builder_version="3.19.4" custom_margin="0px||0px" custom_padding="0px||0px"]

Connect

[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section]

by Thushan Kumaraswamy

Time to Reset?

We see the varnish from the old oil painting of government, enterprise, business and leadership fade a bit every day. 2020 has already shown us how interconnected our world has become - a true Butterfly Effect. Interconnectivity is not a bad thing. It is the fragility, the brittleness of modern economies that is cause for concern. I believe this is a result of critical imbalances we have allowed to build up, without questioning. Now as the varnish from the old oil painting comes off, we have a once in a decade opportunity to reset and tackle these imbalances. To make bold brush strokes.

Where can we start?

Big Government or Small?

Do we need a Big Government or Small? The term ‘Big Government’ here is not intended to be derogatory. We see national priorities and decisions that don’t match that of the city, the village, or the council. Great plans and budgets that don’t translate into change on the ground. Equally, in the face of this crisis, we see barriers breaking down. A C-19 COVID Symptom tracker app, which each of us can use, allows a judicious allocation of scarce testing and treatment resources at a national and grassroot level. The opportunity is to examine the flow from the national to the level of council. Provide transparency and allow engagement. If it doesn't exist it should be created. Direct channels for us citizens to highlight problems, propose solutions, be data-driven and monitor implementation. It is not a question of a big government versus small. It is one that works transparently that matters.

Public or Private Sector Enterprise?

A key debate going into 2020 was about which sector provides a better service, is more efficient with resources - private or public sector enterprise? Think about the NHS, Transport, Energy, Manufacturing, Financial Services, Agriculture, Technology and Utilities. Healthy arguments and examples are cited to show the merits of both public and private sector. I believe the public-private argument completely misses the point. Whether an enterprise provides a good service or poor, spends judiciously or not is not down to public or private sector. It is down to some key principles - how it is governed, how accountable is its team and partners, does it know what good service looks like and is it equipped to provide these services. Enterprises can be funded by either public or private sector resources. The opportunity ahead is in data and tech enabled service delivery models, going digital. And public-private collaboration funding models can ignite innovation and value added services. The key to provide good service is not public or private sector, it is to provide a good service!

Role of Business

Businesses are standing out in two ways in these times. Those that care about their employees and partners and are doing their bit to help their communities and those that pretend to. People will remember businesses that care. Those that don't, will fall out of favour. That most of our essential "front line" staff in the face of a pandemic are paid low/ minimum wages is cowardly. It shows the scale of imbalances we have allowed to build up and seem to be comfortable with. Colleagues in maintenance, cleaning, nursing, restaurant, retail, agriculture, driving, security, manufacturing and teaching professions amongst others need to be compensated fairly. The opportunity here is to go after skewed compensation models, unviable business models and poor productivity with vigour. The tax structures reportedly exploited by big tech and conglomerates are ripe for reform and become principle driven. Likewise business owners having billions and calling for government bailouts or larger profitable companies using furlough schemes to offload their responsibilities to the public should face the consequence. This is a failure of law and the will of successive governments. Let us get it right this time. Bashing businesses and entrepreneurs is not the answer. They are born from the risk-reward equation and are the lifeblood of any economy.

Lessons in Leadership

As much as it is tempting to draw leadership lessons from the current pandemic, they are unique to the situation and not a one size fits all. But I find the war analogy somewhat flawed. The chancellor of the exchequer, Rishi Sunak said “we will be judged by our capacity for compassion and individual acts of kindness” – does that sound like a war? If anything, the lesson for future leaders is to be that much more focused on ensuring their team’s wellbeing, ensuring they are equipped with relevant resources. Good leaders will understand the importance of the informal and the invisible stuff – collaboration, unconventional thinking, meaningful conversations and problem solving over formal organisation structures. The world we have to navigate in is increasingly unpredictable and non-linear, command and control team structures and top-down change will not work.

Everyday we are seeing concrete examples of what is working in business, government and leadership and what is not. We can allow 2020 to be one mired in tragedy, lost lives, lost livelihoods and failed businesses or we can seize the once in a decade opportunity to reset and create the government, the enterprise, the business and leaders that we want and have lacked for some time. This is within reach.

What steps do you think will help create better business, government and leaders?

Please feel free to comment and share. Keep well!

Change leader with over 20 years’ experience in helping financial markets with their toughest business challenges in data, operating model transformation in sales, CRM, Ops, Data, Finance & MI functions, and delivery of complex compliance, front-to-back technology implementations. Significant line experience. Former partner in management consulting leading client solution development, delivery and P&L incl. Accenture. Specialities – Operating Models, Data Assets, Compliance, Technology Partnerships & Solutions in Capital Markets, Market Infrastructure, Buy-Side, Banking & Insurance.

"2020 has already shown us how interconnected our world has become - a true Butterfly Effect."

"It is not a question of a big government versus small. It is one that works transparently that matters."

"Businesses are standing out in two ways in these times. Those that care about their employees and partners and are doing their bit to help their communities and those that pretend to."

"We can allow 2020 to be one mired in tragedy, lost lives, lost livelihoods and failed businesses or we can seize the once in a decade opportunity to reset and create the government, the enterprise, the business and leaders that we want and have lacked for some time"

by Rajen Madan

Legal Technology in FS – The need for a new legal services operating model

Law, data, machines – these are not words that historically have had much to do with one another.

However, as the number of laws increases, communications traffic increases, and, as the fabric of the law can be read by machines, the interaction between these words will become ever more important.

90% of data in the world has been created in the last two years – and it’s not slowing down.^[1] As regulation increases, the ability of financial institutions to manage the legal risk flowing from that regulation becomes ever more challenged. The resources being devoted to this increase every year and lawyers are starting to turn to technology to assist.

Recent research^[2] found 82% of General Counsel have introduced various forms of technology into their department but 60% of lawyers don’t understand how that technology could help them. This, at a time where the pressure on resources (both human and financial) means that there is a real need for technological assistance.

The regulatory environment has imposed an unprecedented burden on firms. Legal risk has become increasingly complex and difficult to manage but is under-examined and often poorly understood. Due to the massive technological, political, regulatory and cultural shift over the past 30 years, the model by which we manage legal risk is outdated. This has led to increased fines, customer loss and higher operational costs at the least.

Poor management of data results in missed opportunities and increased costs as businesses rerun regulatory change and other projects. Effective management and exploitation of legal data could provide new business opportunities in addition to saving costs for business as usual (BAU). There needs to be a more formalised data flow between Business and Legal, leading to an effective and efficient end-to-end framework.

The in-house legal model needs to change. Technology can help.

But while the market is saturated with ‘RegTech’ and other legal solutions, these are disparate point solutions that do not address the underlying issues. Lawyers are reluctant to spend time training machines unless results are proven. This reluctance has resulted in suboptimal take up of the various solutions.

Machines are best at repetitious, low level tasks. Much of the law is to do with context, relationships between ideas and situations and nuance at which humans are better. While the race is on for machines to solve the problem of unstructured data, a tool pointed currently at the unstructured data lake that is ‘legal data’ results in unhelpful returns.

A new legal services operating model is needed to diminish the disjointed nature of legal and business issues. This new operating model needs to take into account not only new technology, but also the underlying data efficiencies to appropriately assemble and deploy solutions seamlessly across legal and business units.

Firms can gain most value by structuring data to best deploy legal technology. If firms do not make decisions about these issues now they will find themselves trapped in a never-ending loop of manually adjusting data to achieve the required results.

The hardest part of adoption of an “in the round” solution is implementing a framework within the firm which allows the various legal software tools to work optimally. A clear pathway needs to be created to reduce silos, create standards, appoint golden sources and create an enterprise architecture.

Law, data and machines can all work together successfully but it will take vision and hard work.

[This is part 1 of a 10 part series where we will consider the role of Legal Technology within Financial Services, how it can and should be applied, and what a ‘utopian’ target operating model for in-house legal departments looks like in FS]

[1] Presentation by Dr Joanna Batstone, VP IBM Watson & Cloud Platform, Legal and Technology Procurement 2018 – Thomson Reuters conference 8 November 2018

[2] Legal Technology: Looking past the hype, LexisNexis UK, Autumn 2018

There needs to be a more formalised data flow between Business and Legal, leading to an effective and efficient end-to-end framework.

A new legal services operating model is needed that takes into account not only new technology, but also the underlying data efficiencies to appropriately assemble and deploy solutions seamlessly across legal and business units.

the market is saturated with ‘RegTech’ and other legal solutions, these are disparate point solutions that do not address the underlying issues.

by Thushan Kumaraswamy

Intersecting the Old World with the New

It has always been a challenge for large corporations to adopt change. There is constant change being experienced at all institutions but, despite the appetite for change, the size of an organisation often hamstrings its ability to execute on innovative initiatives.

So, what differentiates those who can deliver successful change versus those who cannot? In one word: Execution!

Execution is the biggest differentiator between small, agile and nimble businesses and their much larger counterparts. Even if you put to one side the classic large corporate roadblocks (such as organisational complexity and bureaucracy), it’s clear that those who decide to take the leap of faith and try to change the world by starting their own businesses seem to be able to avoid and, often, ignore convention to deliver significant change.

Innovation in large organisations must pass through many layers of change management and control which frequently ties the hands of those who are the agents of change. Equally frequently, organisational politics have an adverse impact. This is not true of ‘Upstarts’.

‘Upstarts’ break the glass ceiling of ‘the norm’ to create change by significantly improving an existing system or reinventing a process, convention, etc. But one must question why it is easier for Upstarts to achieve significant change where larger organisations struggle and fail to achieve the same success.

Is it because Upstarts have more skills or able people to execute change? Probably not, although one must believe Upstart people form a more focused collective. It’s much simpler than that – it’s a matter of having the time and inclination to apply that collective focus to the achievement of a single objective. Having, as a sole objective, creating and delivering industry augmenting technology will result in an executable product roadmap and realistic delivery timelines.

Execution is the biggest differentiator between small, agile and nimble businesses and their much larger counterparts

However, there is one area in which large corporates have the upper hand: domain expertise. Upstarts, by virtue of their size, generally do not have the breadth of expertise of larger organisations. There are many Upstarts who are capable and indeed do produce top of the line tech solutions. However, often these same single solutions providers (focus!) struggle to appreciate and navigate the vast array of problems large FS organisations are looking to address. Due to these information gaps, solutions can often result in not being fully fit for purpose and therefore hinder an Upstarts ability to precisely satisfy the needs of large FS corporates.

In addition, large organisations have deep pockets. This allows them to research and develop solutions internally or to attract external innovation by setting up Innovation Labs, or both. The main objective of these Labs is to experiment with and identify the kind of innovation that will create competitive advantage. Upstarts may find themselves part of the Innovation Lab or even acquired in the process.

While Innovation Labs may ensure large players don’t get left behind, there is a big opportunity being missed. This is the integration of external innovation with internal processes and capabilities. Acquisitions should be aligned with internal use cases i.e. known (or guessed at) issues with existing business workflows such as efficiency gains. The main reason seems to be that each is located in its own silo.

Having, as a sole objective, creating and delivering industry augmenting technology will result in an executable product roadmap and realistic delivery timelines

So internal use cases (areas in need of improvement and change) are not connected to potential external innovative solutions. And this is not to speak of the bigger challenge which is to identify those use cases in the first place. This raises a number of questions:

Does the right type of resource exist?
Can available internal staff ask the right questions?
Is an independent party better placed to conduct such an exercise?
Will this be prevented by internal politics?
Who’s going to pay for the work?
Who’s going to take ownership?
… and the list goes on.

Successful organisations engage the right people at the right level internally as well as identify and breakdown the ability of Upstarts to address wide ranging and often long-standing issues. This takes a certain type of skill set including

The ability to face off across the corporate spectrum
Applying the correct level of domain expertise and insight, and
The ability and expertise to collaborate with Upstarts; to name but a few.

Entrepreneurs, especially the good ones, know that if failure is to happen, it happens fast. This requires the ability to EXECUTE.

The common thread: entrepreneurship. Why?

Entrepreneurs, especially the good ones, know that if failure is to happen, it happens fast. This requires the ability to EXECUTE. Getting the job done is very high on the agenda for any entrepreneur. Lateral and cohesive thinking is also vital. Steve Jobs once said, “creativity is just merging things” and entrepreneurs do this better than anyone and tend to find ways through means others don’t or won’t pursue through such approaches as marginal gains.

Entrepreneurs don’t have all the answers. Not at all. But to bridge the gap between larger, more conventional-minded organisations and newer Upstarts, one must have the ability to “intersect the old world with the new”. An excellent example of this was the event we ran Data Innovation Uncovered and the work we continue to do in the FinTech space including in Enterprise Blockchain and Client Lifecycle Management.

We love to talk about this intersection and encourage free and open conversation so please feel free to get in touch to share your thoughts or indeed to hear more of ours.

To bridge the gap between larger, more conventional-minded organisations and newer Upstarts, one must have the ability to “intersect the old world with the new”

by Thushan Kumaraswamy

LIBOR Transition - Preparation in the Face of Adversity

LIBOR TRANSITION IN CONTEXT

What is it? FCA will no longer seek require banks to submit quotes to the London Interbank Offered Rate (LIBOR) – LIBOR will be unsupported by regulators come 2021, and therefore, unreliable

Requirement: Firms need to transition away from LIBOR to alternative overnight risk-free rates (RFRs)

Challenge: Updating the risk and valuation processes to reflect RFR benchmarks and then reviewing the millions of legacy contracts to remove references to IBOR

Implementation timeline: Expected in Q4 2021

HOW LIBOR MAY IMPACT YOUR BUSINESS

Front office: New issuance and trading products to support capital, funding, liquidity, pricing, hedging

Finance & Treasury: Balance sheet valuation and accounting, asset, liability and liquidity management

Risk Management: New margin, exposure, counterparty risk models, VaR, time series, stress and sensitivities

Client outreach: Identification of in-scope contracts, client outreach and repapering to renegotiate current exposure

Change management: F2B data and platform changes to support all of the above

WHAT YOU NEED TO DO

Plug in to the relevant RFR and trade association working groups, understand internal advocacy positions vs. discussion outcomes

Assess, quantify and report LIBOR exposure across jurisdictions, businesses and products

Remediate data quality and align product taxonomies to ensure integrity of LIBOR exposure reporting

Evaluate potential changes to risk and valuation models; differences in accounting treatment under an alternative RFR regime

Define list of in-scope contracts and their repapering approach; prepare for client outreach

“[Firms should be] moving to contracts which do not rely on LIBOR and will not switch references rates at an unpredictable time”

Andrew Bailey, CEO,
Financial Conduct Authority (FCA)

“Identification of areas of no-regret spending is critical in this initial phase of delivery so as to give a head start to implementation”

Rajen Madan, CEO,
Leading Point FM

BENCHMARK TRANSITION KEY FACTS

Market Exposure - Total IBOR market exposure >$370TN 80% represented by USD LIBOR & EURIBOR
Tenor - The 3-month tenor by volume is the most widely referenced rate in all currencies (followed by the 6-month tenor)
Derivatives - OTC and exchange traded derivatives represent > $300TN (80%) of products referencing IBORs
Syndicated Loans - 97% of syndicated loans in the US market, with outstanding volume of approximately $3.4TN, reference USD LIBOR. 90% of syndicated loans in the euro market, with outstanding volume of approximately $535BN, reference EURIBOR
Floating Rate Notes (FRNs) - 84% of FRNs inthe US market, with outstanding volume of approximately $1.5TN, reference USD LIBOR. 70% of FRNs in the euro market,with outstanding volume of approximately $2.6TN, reference EURIBOR
Business Loans - 30%-50% of business loans in the US market, with outstanding volume of approximately $2.9TN, reference USD LIBOR. 60% of business loans in the euro market, with outstanding volume of approximately $5.8TN, reference EURIBOR

*(“IBOR Global Benchmark Survey 2018 Transition Roadmap”, ISDA, AFME, ICMA, SIFMA, SIFMA AM, February 2018)

by Rajen Madan

Reducing anti-financial crime risk through op model transformation at a tier 1 investment bank

“Leading Point have proven to be valued partners providing subject matter expertise and transformation delivery with sustained and consistent performance whilst becoming central to the Financial Crime Risk Management Transformation. They have been effective in providing advisory and practical implementation skills with an integrated approach bringing expertise in financial services and GRC (Governance, Risk and Compliance) functional and Fintech/Regtech technology domains."

Head of Anti-Financial Crime Design Authority @ Tier 1 Investment Bank

by Thushan Kumaraswamy

Rules of Data

On 24 October, it was reported that the Financial Conduct Authority launched an investigation into the US credit checking company Equifax; almost 700,000 Britons had their personal data misappropriated between mid-May and July this year. The FCA gave evidence on this matter to the Treasury Select Committee on 31 October because of the significant public interest. The FCA has the power to fine Equifax, or strip it of its right to operate in the UK, if it is found to have been negligent with its customers’ data. With European Union governments formally stating that cyber-attacks can be an ‘act of war,’ data protection cannot be taken seriously enough. The Equifax data breach is by no means a solitary data breach – several large organisations such as Dun & Bradstreet, Verifone, Whole Foods, Deloitte, DocuSign, Yahoo! are already part of the mix.

The Government is aligning domestic data legislation with the European Union in an effort at continuity, despite our plans to leave the EU. The Data Protection Bill, is proof that the Government seeks to keep the UK au courant with the newest data law of EU provenance.

The number of internet users is now close to 4 billion. Businesses continue to move their products and services online in order to service their customers. Data continues to grow exponentially and will persist in its travel far and wide – enabled by technology proliferation. The EU’s General Data Protection Regulation (‘GDPR’) has been precipitated by acute necessity. Companies need to review and revise their approach to privacy, security and governance of their data. A holistic, data protection framework is needed that is centred on the customer and encompasses their interactions, experience, sentiment, along with those of advocacy groups, shareholders, and regulators. This is a non trivial exercise and requires interventions at the mindset, policy, information governance & security and process levels, along with enabling technology.

Businesses are heading in the right direction with GDPR, but there is still a long way to go. Implementing this change with the right spirit is fundamental to building trust with customers and partners. Leading Point’s experience helping organisations with these requirements suggests that while significant compliance hurdles exist, a risk-based approach that focuses on five core areas, will be instrumental to success.

1. Give your customers control over their data – a mindset change

Bearing in mind the territorial scope of the GDPR – across the current 28 EU member states, plus, anyone dealing with the EU, most teams within organisations will benefit from the ethos behind the Regulation. A mindset shift from owning your customers’ data to stewarding your customers’ data is required. Give your customers control over their data. Any legal or natural person processing data must believe in the spirit of this sea change – the need
to assume responsibility for stewarding your customers’ data and to provide them with confidence in your processes. GDPR expands on the list of ‘rights’ each data subject is afforded: the right to be informed, the right to
access data records, the right to data erasure, to name a few. Tone at the top matters immensely.

2. Achieve Data Protection by Design

Which department is leading your organisation’s GDPR compliance efforts? A cross-functional team will help in deploying a holistic data protection framework. To start with, the focus must be on classification of the data, its
supply chain and its governance. Therefore, leveraging existing data management initiatives to embed data privacy requirements can really help in ‘data protection by design’. In practical terms, companies need a clear picture on: ‘what types of data do they hold on their customers;’ ‘which types of data is sensitive and requires enhanced security levels;’ ‘who has access to customers’ sensitive data;’ ‘where is this data processed and distributed;’ ‘how does it flow;’ ‘what is its quality;’ and ‘are their checks and controls in place around its flow and access’? The rules are more stringent now, as companies establish the depth of customer data – their interactions, experiences, sentiments – what impressions are left in an organisation’s data stores. The definition of personal data and its inherent breadth has been redefined – ‘Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.’ And so the notion of data minimisation is born. We believe that while there are increasing numbers of quick-fix GDPR solutions in the market, achieving data protection goals is less about technology, and more about energising the organisation into becoming 100% data aware.
Building trust in your data will allow for effective process and controls for data protection, security and governance.

3. The Art of the Process

Focus must be on the ‘process’ exercise – visibility of customer journeys – which processes interact with customer data and the ensuing data lifecycle. Knowing which functions have client-facing processes and ensuring these are
adapted is called for. Threading through specific processes for data collection, data storage, data sharing, access requests and breaches is the focus. Having a command of what happens to personal data, who is involved in gathering it, and responding to Subject Access Requests is important, not least because you will have only a month to respond and cannot routinely charge the current £10. What steps to take in the event of a data breach, how to manage contracts which hold personal data: these are all explicit in the Regulation. For all data processors, we must double down on education and training – on policies, on data governance, on processes and new rules of data. This means highlighting a consistent approach to the different scenarios. Surely the best protection is a body of staff that is wholly informed?

4. Integrating data protection with a risk-based approach

By taking an inventory of obligations to customers via existing contracts and business agreements, organisations can start to manage their stated responsibilities linked to customer data and its management and use. This is a
quick-win.

Data classification and governance exercises will highlight the sensitivity, breadth and depth of data, the access and use of the data held. Data flow will highlight the data processors and third-parties and internal functions involved. Data quality will highlight where data management controls are required to be shored up. In turn, this will flag up priority remediation exercises on customer data.

The aforementioned ‘process’ exercise will highlight key customer-facing process changes, or a requirement to deploy specific data processes referenced by GDPR. Organisations can road-test these processes against the required process turn-around times. For example, data breaches must be reported within 72 hours, and as mentioned above, data subject access requests – one month. Involve your customer services team actively with data protection and security breach scenarios – this will build memory and promote mindset change.

The overarching governance in an organisation will be a key cog in the data protection ecosystem; the Regulation has duly led to the genesis of the Data Protection Officer. Enabling these responsibilities with existing data management governance responsibilities, and appointing data champions, can be an effective approach. Data protection is indisputably everyone’s responsibility, so the emphasis must be on organisational cooperation.

5. Cascading to Third Parties & a Cloud

Third party contracts and the framework that dictates how these are established, must wholeheartedly reflect any changes to the requisite data protection and security obligations. A compliance policy which standardises how third party contracts are established can also be a useful instrument. Data transference should be shored up with model contractual clauses, which allow all parties to clearly realise their responsibilities. We are alive to the persistent risk of cyber attacks, so it is crucial to remember that your data on the cloud is a business issue, as well as an IT issue. Are you fully apprised of where your business stores its data; on the premises, in the cloud, or both? The increasing trend to shift data and infrastructure to a public or private cloud no doubt presents an economic benefit and technology road map for some organisations. But make no mistake, organisations are accountable for their customer data content, its usage, and their security policy for cloud-based storage. Measures such as encryption, pseudonymisation and anonymisation will help, and should be employed as a matter of course, as well as remaining open to select technologies that help underpin cyber defence.

To conclude

When implementing change, evidence-based decision making shouldn’t be the only strategy; knowing which cogs in an organisation interlink cohesively in practice will greatly assist in a robust framework that threads through to
a mindset shift, policy, data, process and third parties. To reinforce an earlier perspective, data is only growing. So are data breaches and cyberattacks. The garnering of our data to feed algorithms and ‘machine learning’, borne
out of the Silicon Valley revolution, is leading to inevitable change in our lives, but we must strive for a democratic jurisdiction for our data. Organisations must give customers control of their data and the confidence in their data
management processes. Rather than penalty-based scaremongering, think of this as an opportunity to build your brand, to send a robust message to your customers and partners, demonstrating care and respect of their data.

To close, a soundbite from the Information Commissioner’s Office: ‘Data protection challenges arise not only from the volume of the data but from the ways in which it is generated, the propensity to find new uses for it, the complexity of the processing and the possibility of unexpected consequences for individuals.’

Leading Point Financial Markets brings compelling value in the intersection of Data, Compliance, Governance and Operating Model Change initiatives.

by Rajen Madan