Organisational Resilience: Compliance Risk Strategy for 2023

5/5 (1)

5/5 (1)

There are a number of updates to regulations that will impact organisations in 2023. They will create new requirements for businesses to follow, new areas of risk, and more money and time spent adjusting to these changes.

Compliance strategies help cement trust in professional partnerships and vendor relationships. Whether organisations are trying to qualify for cyber insurance, or simply looking to obey the law and avoid fines, they are up against increasingly tough compliance measures. It is no longer sufficient to be compliant only once in a year, scramble in the two weeks before the audit, and then forget about it for the rest of the year.

What compliance tech trends should IT management adopt as they build and refine their technology roadmaps?  

Let’s look at some regulatory and technology trends.

Regulations to Watch

European Union Digital Operational Resilience Act (DORA). The EU is applying regulatory pressure on the financial services industry with its Digital Operational Resilience Act (DORA)DORA is a “game changer” that will push firms to fully understand how their IT, operational resilience, cyber and third-party risk management practices affect the resilience of their most critical functions as well as develop entirely new operational resilience capabilities.

One key element that DORA introduces is the Critical Third Party (CTP) oversight framework, expanding the scope of the financial services regulatory perimeter and granting the European Supervisory Authorities (ESAs) substantial new powers to supervise CTPs and address resilience risks they might pose to the sector.

Germany’s Supply Chain Due Diligence Act (SCDDA). On January 1, 2023, the Supply Chain Due Diligence Act took effect. It requires all companies with head offices, principal places of business, or administrative headquarters in Germany – with more than 3,000 employees in the country – to comply with core human rights and certain environmental provisions in their supply chains. SCDDA is far-reaching and impacts multiple facets of the supply chain, from human rights to sustainability, and legal accountability throughout the third-party ecosystem. It will address foundational supply chain issues like anti-bribery and corruption diligence.

From 2024, the number of employees will be lowered from 3,000 to 1,000. And Switzerland, The Netherlands, and the European Union also have similar drafts of regulation in the books.

PCI DSS 4.0. Payment Card Industry Data Security Standard (PCI DSS) is the core component of any credit card company’s security protocol.  In an increasingly cashless world, card fraud is a growing concern. Any company that accepts, transmits, or stores a cardholder’s private information must be compliant. PCI compliance standards help avoid fraudulent activity and mitigate data breaches by keeping the cardholder’s sensitive financial information secure.

PCI compliance standards require merchants to consistently adhere to the PCI Standards Council’s guidelines which include 78 base requirements, more than 400 test procedures, and 12 key requirements.

Looking at how PCI has evolved over the years up to PCI 4.0, there is a departure from specific technical requirements toward the general concept of overall security.  PCI 4.0 requirements were released in March 2022 and will become mandatory in March 2024 for all organisations that process or store cardholder data.

The costs of maintaining compliance controls and security measures are only part of what businesses should consider for PCI certification. Businesses should also account for audit costs, yearly fees, remediation expenses, and employee training costs in their budgets as well as technical upgrades to meet compliance standards.

Tech Trend Changes

Zero Trust presents a shift from a location-centric model to a more data-centric approach for fine-grained security controls between users, systems, data, and assets. Zero Trust as a model assumes all requests are from an open network and verifies each request this way. PCI 4.0 does not mention Zero Trust architecture specifically, but it is evident that the Security Standards Council is going that way as a future consideration.

Passwordless authentication has gained a lot of attention and traction recently. large tech providers such as Google, Apple, and Microsoft, are introducing passwordless authentication based on passkeys. This is a clear sign that the game is about to change. As the PCI DSS focuses on avoiding fraudulent activity, so does newer authentication protocol approaches to verify and confirm identity.

Third-party risk management is quickly evolving into third-party trust management (TPTM), with the SCDDA creating a clear line in the sand for global organisations. TPTM is a critical consideration when standing up an enterprise trust strategy. Enterprise trust is a driver of business development that depends on cross-domain collaboration. It goes beyond cybersecurity and focuses on building trusted and lasting third-party relationships across the core critical risk domains: security, privacy, ethics & compliance, and ESG.

Final thought – Cyber Insurance in 2023

If some of these compliance drivers lead to a desire for financial protection,  cyber insurance is one mitigation element for strategy to address C-level concerns. But wait – this is not as easy as it used to be.

Five years ago, a firm could fill out a one-page cyber insurance application and answer a handful of questions. Fast forward to today’s world of ransomware attacks and other cyber threats – now getting insurance with favourable terms, conditions, pricing, coverage and low retention is tough.

Insurance companies prefer enterprises that are instituting robust security controls and incident response plans — especially those prepared to deep dive into their cybersecurity architectures and with planned roadmaps. In terms of compliance strategy development, there needs to be a risk-based approach to cybersecurity to allow an insurer to offer a favourable insurance option.

0
The Future of Finance: FinTech Innovations & Collaborations

5/5 (2)

5/5 (2)

Innovation and collaboration are the cornerstones of FinTech success stories. Successful FinTechs have identified market gaps and designed innovative solutions to address these gaps. They have also built an ecosystem of partners – such as other FinTechs, large corporates and financial services organisations – to deliver better customer experiences, create process efficiencies and make compliance easier.  

As FinTechs have become mainstream over the years the innovations and the collaborations continue to make technology and business headlines.

Here are some recent trends:

  • The Growth of Cross-border Finance. Globalisation and the rise of eCommerce have created a truly global marketplace – and financial agencies such as the MAS and those in the EU are responding to the need.
  • Transparency through Smart Contracts. As businesses and platforms scale applications and capabilities through global partnerships, there is a need for trusted, transparent transactions. Symbiont‘s partnership with Swift and BNB Chain‘s tie-up with Google Cloud are some recent examples.
  • Evolution of Digital Payments. Digital payments have come a long way from the early days of online banking services and is now set to move beyond digital wallets such as the Open Finance Association and EU initiatives to interlink domestic CBDCs.
  • Banks Continue to Innovate. They are responding to market demands and focus on providing their customers with easy, secure, and enhanced experiences. NAB is working on digital identity to reduce fraud, while Standard Chartered Bank is collaborating with Bukalapak to introduce new digital services.
  • The Emergence of Embedded Finance. In the future, we will see more instances of embedded financial services within consumer products and services that allows seamless financial transactions throughout customer journeys. LG Electronics‘ new NFT offering is a clear instance.

Read below to find out more.

FinTech-InnovationsCollaborations-1
FinTech-InnovationsCollaborations-2
FinTech-InnovationsCollaborations-3
FinTech-InnovationsCollaborations-4
FinTech-InnovationsCollaborations-5
FinTech-InnovationsCollaborations-6
FinTech-InnovationsCollaborations-7
FinTech-InnovationsCollaborations-8
previous arrowprevious arrow
next arrownext arrow
FinTech-InnovationsCollaborations-1
FinTech-InnovationsCollaborations-2
FinTech-InnovationsCollaborations-3
FinTech-InnovationsCollaborations-4
FinTech-InnovationsCollaborations-5
FinTech-InnovationsCollaborations-6
FinTech-InnovationsCollaborations-7
FinTech-InnovationsCollaborations-8
previous arrow
next arrow
Shadow

Download The Future of Finance: FinTech Innovations & Collaborations as a PDF

Access More Insights Here
0
Achieving Sustainability: The Tide is Turning

5/5 (2)

5/5 (2)

In this blog, our guest author HE Jo Tyndall, delivers a message of hope for the future and talks about initiatives across all levels to combat climate change and biodiversity loss. “The pieces of the puzzle that will create a sustainable future are all there – it is time to start fitting them together.”

If, like me, you have watched Sir David Attenborough’s “witness statement” (A Life On Our Planet), it is easy to despair of the wanton, wilful destruction humanity has wreaked on the Earth, and to be horrified that so much of this has happened in one man’s (admittedly long) lifetime. The images he conjures – of distressed orangutans, starving polar bears, floods, fires and droughts, and of rampant deforestation – underscore how ubiquitous, urgent and overwhelming the climate change and biodiversity crises are.

But Sir David ends with a message of hope, and it is this I want to emphasise. Everywhere we look, there are green shoots of hope, many growing into sturdy saplings. They are coming thick and fast, and they are becoming mainstream – no longer relegated to the tick-box margins of policy or practice. The pieces of the puzzle that will create a sustainable future are all there – it is time to start fitting them together.

Political Signals Create a Ripple Effect

First, and foremost, in 2015 we got the Paris Agreement (and subsequently its rulebook). This was no mean feat. It set climate goals, gave us global rules for being transparent and accountable, and put governments on a path of continuous improvement to reach those collective goals. It is easy to dismiss global treaties as just words on paper, but this is to ignore the profound ripple effect those words have already had. (The Agreement held firm despite the US withdrawal – but the fillip when it re-joins will be welcome.)  

The political signals set the first ripples off as governments needed climate policies to meet their Paris undertakings. The European Green Deal aims for a sustainable EU economy, with no net greenhouse gas emissions by 2050, decoupling economic growth from resource use. The UK will host next year’s UN Climate Change Conference of the Parties (COP26) – and has doubled its climate finance for the period 2021-2025.

In September this year, China – the world’s largest emitter of greenhouse gases – announced it would achieve carbon neutrality by 2060. Japan and Korea, too, have upped their mid-century targets to bring net emissions to zero.  

The New Zealand Government has set a legislated goal for the country to be carbon neutral by 2050; has amended our Emissions Trading System (ETS) to ensure price signals encourage a move to low carbon; set up a green investment fund; invested heavily in research into reducing emissions from livestock production; and, most recently, made carbon-related financial disclosures mandatory for specified companies, banks, insurers and investment managers. We have also made it our mission to encourage governments to phase out fossil fuel subsidies (some US$400bn each year) that promote excessive consumption.  

The Ripples Reach Cities and Businesses…

The political signals have flowed through to regional and local government. The C40 group (cities around the world working towards sustainability goals) now has 96 participating members – with many cities finding opportunities to collaborate with others in the network on joint projects.

It is becoming obvious that fossil fuel industries are at a disadvantage against increasingly cost-competitive renewable energy. Governments are working out how to manage a ‘just transition’ for the energy sector, while forward-leaning energy companies are re-shaping their business models in anticipation of a low carbon future.

Political signals encourage businesses to factor climate change into their planning and investment decisions. Businesses everywhere have read the political tea leaves and we see weekly announcements of pledges for carbon neutrality, ethical investing, green financing and so on. Whether it is Blackrock or NZ Super Fund making environmental, social, and governance (ESG) considerations integral to their investments, or Ikea’s IWAY (its ESG code of conduct for itself and its suppliers), business is showing a deeper commitment to sustainability than ever before. 

Some industries will have to be more invested than others in emissions reduction, but this opens a world of opportunity and innovation. Energy & Utilities companies are implementing waste-to-energy solutions – Singapore’s Integrated Waste Management Facility (IWMF) is set to be the world’s largest energy recovery facility – and adoption of carbon capture, utilisation and storage (CCUS) facilities is at last gathering momentum across energy systems. Industries like aviation and maritime, too, have to play a key role in a circular economy.

… And Individuals (the Last – and First – Pieces of the Puzzle)

The ripples have spread to individuals – people like you and me. I know there are still plenty of climate deniers around. But mindsets are changing – and when that happens, the ripples become a tidal wave of real change. If we each start thinking we can do it and we will do it, the change will happen. If we make it clear, in our preferences as consumers, and in our expectations of the businesses we buy from or invest in, the change will happen.

The numbers who recognise we must live within our planetary boundaries are growing, values are changing (especially in light of the pandemic), and our low-carbon future is a high-tech one – not hemp shirts and home-made candles (unless of course these are your thing). Digital is a critical part of the story. Blockchain and distributed ledger technology (DLT) is being used to cater to a new generation of consumers, conscious of buying what is good for the world in the face of climate change and biodiversity loss. Food products are being branded using track-and-trace capabilities of Blockchain for ‘farm to fork’ visibility. 

Who doesn’t want to breathe clean air, have lower energy bills, and eat safe and healthy food? Maybe we will see more initiatives like America’s Pledge, bringing together an entire ecosystem committed to fighting climate change, growing the economy, and protecting public health – an ecosystem of states, cities, businesses, universities, and citizens.

We now have the rules, the policy tools, the technologies, and – increasingly – we have the will to act. As we re-build our economies, our businesses, and our lives, let us re-build better. So, I would echo Sir David Attenborough’s optimism – it is just that we do not have his (95 years) lifetime left to put things right.


Singapore FinTech Festival 2020: Impact Summit

For more insights, attend the Singapore FinTech Festival 2020: Impact Summit which will cover topics tied to climate change and sustainability to build a better future

Get Access
3