Financial Services Firms: Embrace Automation to Reduce Cyber Risk

The modern financial services industry is in the midst of a wave of technological innovation–from retail banks providing 24/7 service through smartphone apps, to fintech startups revolutionizing payments, to securities firms executing transactions with ever greater speed and precision. At the same time, as more of the industrys functions shift to rely on new technology, the threat of data breaches and other cybercrimes increases. For all businesses, but financial firms in particular, the risks often appear through methods of communication. However, if new technology raises cyber threats, it also provides increased measures of defense, and its here where automation can make the biggest difference.

The evolving landscape of cyber risk

Financial firms are under continuous pressure to innovate in order to stay ahead of fierce competition. Cloud computing, distributed ledger technology (DLT), artificial intelligence (AI) and robotics are just a few examples of technological advances that are transforming financial services, improving efficiency and driving growth.

Evidence of these heightened risks can be found in the latest DTCC Systemic Risk Barometer Survey, where 37% of respondents cited cyber risk as the single biggest threat to the global financial system. Companies in the financial sector are expected to spend $43 billion annually on cybersecurity by 2023 (source: Global Cybersecurity in Financial Services Market).

Communications vulnerability = fertile ground for cybercriminals

The financial industry is a frequent target for cybercrime thanks to the nature of information it collects and communicates. Financial services firms fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries. And according to a recent report from cybersecurity provider Proofpoint, email fraud attacks against financial services companies rose by 60% between the fourth quarter of 2017 and the fourth quarter of 2018.

Most communications-based hacks or breaches such as those caused by email never make headlines, but regulators are paying attention: In 2018, the Securities and Exchange Commission (SEC) issued an investigative report on the increasing threat around business email compromises. The SEC investigated nine organizations that were affected, which suffered a total collective loss of approximately $100 million–the majority of which was never recovered. In a 2018 white paper on this subject, PwC predicted that regulators will continue to focus on, and at some point may take enforcement action against companies that fail to maintain an effective system of internal accounting controls.

Alleviating threats by adopting automation: an example

Due to the inherent vulnerabilities and risks associated with email, the best practice for financial services firms is to use a more secure platform to transmit information and data, and yet the industry continually resorts to email to troubleshoot any breakdown in processes — thus exposing their firms to cybersecurity risks.

For example, when it comes to trade processing, it is estimated that roughly half of institutional participants are communicating critical SSI (standing settlement instructions) information manually through email, rather than on a secure platform.

Additionally, missing or incomplete SSIs cause a significant number of trade exceptions and failures. Not only is human error a factor in causing an SSI-related fail, manual processes exacerbate the cost of remedying the situation. These manual processes create increased risk exposure, even when trades dont fail, with most communication still occurring via email instead of through secure networks. The number of possible manual touch points relating to SSIs during the settlement process is staggering. Trade data is handled by numerous disparate systems from matching engines to counterparties and settlement organizations, while flowing across an array of market infrastructure facilitators.

By some estimates, SSIs may require eight to 10 touch points to properly resolve an issue, and companies that conduct this process over email create a significant security vulnerability. In addition, with more trades being cleared and settled through a central clearinghouse, failure to properly handle settlement instructions between the buy and sell side could potentially lead to inefficiencies in how capital is allocated.

Achievement of full SSI automation throughout the industry is very much a community effort, as everyone ultimately benefits. Consolidating and automating SSIs onto a single database from which all parties to a trade have secure access to settlement instructions will not only alleviate these risks, but also improve operational effectiveness. When the middle and back offices are fully automated, the prevalence of clean, reliable settlement data reduces risk, enhances operations, frees personnel to perform more valuable tasks and creates significant cost savings.

Matt Stauffer is Head of Institutional Trade Processing, DTCC