Digital acceleration is impacting how we work, live, and consume services. In addition, for businesses, the digital evolution of banking, financial services, and insurance (BFSI) firms raises essential questions about the future of the industry. In recent years, traditional financial services companies have found it hard to compete with more agile fintech to deliver a better customer experience, but innovation is essential.
Trust, security, and resilience are identified as the top three strategic areas to prioritize, as outlined in the IDC Infobrief: “Accelerating Transformation Through Cybersecurity in Financial Services”.
Many BFSIs have begun adopting new digital business models to help them thrive in a digital-first economy. These include prioritizing investments in key areas such as data-driven security, legacy modernization, and personalized, contextual customer experiences. But for these business models to work, they will need to rely on data, analytics, and cloud platforms.
Cloud platforms also serve as a bridge to modernize financial organization workloads. However, regulators have flagged the concentration risk.
Southeast Asia's financial ecosystem is complicated with different regulations and guidelines amongst other countries. Southeast Asia is following in the footsteps of Hong Kong and Singapore in terms of its financial ecosystem. The region is home to some of the world's fastest-growing economies and is attracting a lot of attention from international investors.
For example, the Hong Kong Financial Services Development Council identified that Hong Kong BFSIs are possibly more at risk for cyberattacks than any other industry. With the rise of advanced threats and exponential potential for economic losses, the Hong Kong Monetary Authority (HKMA) identified the need for Hong Kong to have a reliable cyberspace safety roadmap at a policy level.
The HKMA's Cybersecurity Fortification Initiative 2.0 aims to strengthen the cyber resilience of Hong Kong's financial services industry. CFI 2.0 recommends maintaining effective control standards in line with the latest technology trends. In addition, the initiative recommends expanding the talent supply and encouraging cyber threat intelligence sharing across the industry.
On the other hand, in Singapore, with new procedures for licensing digital-only banks, open banking is expected to pick up the pace. Currently, there are 8 neo-banks and 4 digital banks in operation. Singapore, which is widely regarded internationally as a trailblazer in cyber preparedness, leads the ASEAN Cyber Capacity Programme (ACCP).
Due to rapid digital transformation in banking sectors, recently, the Cyber Security Agency of Singapore updated the Cybersecurity Code of Practice for critical information infrastructure (CII) which identifies Bank and Finance as one of the key CII sectors. The Monetary Authority of Singapore (MAS) also imposes stronger regulations in cyber hygiene and technology risk management for the banking sectors.
In order to get a step ahead of the regulations, BFSIs should adopt a zero-trust approach to gain visibility. Zero-trust requires authentication and authorization to be performed every time access is granted to a specific resource on every transaction. In Europe, 55% of financial organizations already use some form of zero-trust strategy for their authorization and authentication. Adopting zero trust in BFSI would shift the traditional paradigm from implicit trust for users and resources inside a static, network-based perimeter to an authentication model that focuses on users, assets, and resources.
Digital acceleration is essential for competing in today's financial marketplace. However, it does not come without risk. First, ensure employees are trained and reskilled in the organization's technologies.
Second, share data with industry peers to learn best practices and identify potential issues. Fraud and Money Laundering Intelligence Taskforce (FMLIT) established by joint force of the Hong Kong Police, the Hong Kong Monetary Authority, and the Hong Kong Association of Banks is an excellent example of transaction data sharing to mitigate Anti-Money Laundering (AML).
Similarly, the Suspicious Transaction Reporting Office (STRO) of the Singapore Police partner with MAS to keep track of suspicious transactions, cash movement,s and cash transactions to uncover money laundering activity.
By implementing cybersecurity measures that are compliant with relevant regulations, BFSIs can help ensure that their data and transactions are better protected. BFSIs should work with vendors and partners committed to cross-vendor openness and integration working as a team. When vendors work together across the threat landscape, the sum of their products is greater than the individual parts, deepening your level of cyber protection. The share of threat intelligence provides a more effective way to detect abnormality in money transactions with a security orchestration, automation, and response (SOAR) platform.
The reliance on transaction visibility with data, analytics, and cloud platforms to improve customer experience also means BFSIs must adopt a robust cybersecurity strategy as part of their digital-first transformational journey.