The SWIFT Business Forum Ireland 2019 explored how Irish financial institutions can deliver a truly digital customer experience through a spirit of collaboration, while staying secure against evolving cyber threats.
Opening the inaugural Business Forum Ireland, Cate Kemp, Head of UK, Ireland & Nordics at SWIFT noted that the financial industry is in unchartered territory. Customer demands and regulatory innovation are driving competition in the marketplace, while financial crime threats evolve at a tremendous pace.
Digitisation and innovation
In the opening panel discussion, the question was posed as to where Ireland is in its digitisation journey. Recie Breen, Head of Customer Innovation at Bank of Ireland noted that Ireland is a little bit behind some other markets - citing Australia and the UK as being further along this path. She noted that, while a challenging economic environment had caused this, there are green shoots of recovery visible today. Regulatory drivers such as open banking, PSD2 and SEPA Instant Payments are catalysts for Irish banks, forcing innovation, competition and customer-centric solutions.
Gulru Atak, Global Head of Treasury & Trade Solutions Innovation for Citi commented that countries must learn from each other on their digitisation journey and be driven by a focus on customer expectations, where corporate demands are increasingly reflecting consumer demands.
On the subject of faster payments, Ireland still faces a challenge to catch up to the leading countries at its implementation. Niall Buckley, Head of Digital Ecosystems from AIB Group observed that a number of constraints, such as the overall regulatory burden, had become the priority of institutions investment budgets since the financial crisis. This was also one reason for innovation developments (such as faster payments) moving somewhat slowly. Atak added that banks need to work on building up their 'innovation muscle' back to pre-financial crisis levels.
Later in the morning, Andrew Smith, Chief Technology Officer at ClearBank commented that the level of challenger banks and the fintech market in Ireland is not where it is in the UK, for example, but there is banking-as-a-service infrastructure that incumbent institutions can use to build their own offering. He added that diverting some portion of the research and development budget to utilising this cloud infrastructure offered one way forward for Irish banks.
Customer-centricity was identified as a vital concept for innovation in financial services, not simply creating products for products sake. Buckley said that AIB has industrialised its customer feedback. He noted that it is a challenge for all banks to safely get innovative products out quickly to customers for feedback. Atak agreed, commenting that Citi is focussed on getting concepts out to their corporate clients as soon as possible, with a focus on questioning if they are building the right solutions at the right time for the right clients. She added that co-creation between the bank and the client is critical in this regard.
The theme of putting the customer at the heart of innovation was brought up again in a conversation between Stephen Darnley, Corporate Treasurer for International Air Transport Association (IATA), and Marco Hughes, Managing Director, Global Head Core Payments at HSBC.
In order to develop corporate solutions that are fit for purpose, banks should begin by speaking to clients in order to understand their pain points, Hughes said. There are different ways to roll out a product, and he used SWIFT gpi as an example. The bank considered whether to roll this out across all markets at once, or just in specific markets. Some of the bank's clients were happy to see the 'tracker' view on the bank's website, while others prefer to access it through SWIFT. For example, HSBC decided to start in one country, launching in the UAE in April 2018. At that time they were offering 30 currencies out of Dubai. Hughes noted that consumption of gpi data is an exciting part of the project.
By looking at what the community can do incrementally to make life simpler and better for corporates, they can then enhance their processes while banks can innovate their product offerings.
Collaboration with fintechs... and each other
Collaboration is fast moving up the agenda in the financial services industry, with many institutions realising the advantages of working with both fintechs and other banks. As Kemp said in the opening panel, the increased willingness of institutions to collaborate is something that has been observed throughout the SWIFT community.
What is driving the greater willingness to collaborate? Citi's Atak highlighted how regulatory initiatives such as PSD2 and open banking are reshaping the entire financial services industry. With prices in payments coming down, for example, they are becoming a commodity - leading to banks not only partnering with fintechs but also with each other, in some areas.
AIB's Buckley said that Irish banks are now in a place where they look to collaborate with each other on a foundational infrastructure in the country, and also with banks from different countries.
Collaboration was also touted as a possible solution to the challenges that remain in the payments landscape. Ad van der Poel, Head of Product Management Global Transaction Services, EMEA at Bank of America Merrill Lynch said that incumbents, innovators and regulators should collaborate in order to overcome hurdles around integration, scalability and regulation in order that new solutions become widely accepted.
Brian Hayes, CEO of the Banking and Payments Federation Ireland observed a shift in how banks view fintechs over the past five years, from worrying about fintechs eating their lunch to the new focus on collaboration. He added that collaboration is crucial and has to be done in a way where all parties win and the consumer receives the biggest benefit.
Keeping the cyber threat out
A popular session in the afternoon of the SWIFT Business Forum Ireland included a live hack, which served to illustrate the length that cyber criminals will go to in order to compromise financial institutions, but also how the industry is safeguarding itself against this evolving threat.
Brett Lancaster, Head of the Customer Security Programme at SWIFT highlighted the severity of the problem facing banks when he cited findings from the World Economic Forum that place cyber attacks as the third biggest macro threat to the global economy. When they attack banks, cyber criminals are only interested in money, and their vehicle to get that is the MT103 payment message, on which they spend 98-99% of their time targeting, he said.
Each fraudulent message used to be worth in the region of $10-20m, Lancaster said, but now hackers have come downstream, targeting lower amounts but through more messages. They typically transact in US dollars, while the vast majority are based in Northeast Asia, according the SWIFT report "Three Years After Bangladesh".
Stefan Broeder, who works as an ethical hacker for SWIFT’s Red Team, carried out the live hack on stage. The role of the Red Team is to act in the manner of an attacker, to find weaknesses and probe the whole system. Broeder was looking for low hanging fruit, such as bad passwords, to get him in to his target institution. He was able to show how to find a bank's IP address, and which ports the bank has open, in seconds.
Step-by-step, Broeder methodically worked to identify information that could be used to support his hack, and used the bank's own website, external software programmes, and even LinkedIn to help him achieve his goal of gaining access to the bank's payment controls.
Following Broeder's demonstration, Roy Belchamber, Product Manager, Financial Crime Compliance at SWIFT took to the stage to run through some of the initiatives in the community to fight back against fraudsters.
SWIFT's Screening Utility hosts a payments control service that specifically targets cyber crime. Banks can use this to control the rules they want to write to target the threat. Belchamber said that the rules can cover single or multiple BICs and determine who gets notified if a rule is triggered.
Banks can use these tools to block or query any payment above a certain limit, for example. If a payment is blocked and has not been looked at in a certain time period, follow-up rules can be set to either automatically abort or process the payment.
Banks need to be prepared to protect themselves in the real-time environment and establish the level of protection that is suitable for their specific institution. Lancaster advised delegates not to click on any links that look at all suspicious, as this simple and established way to compromise a system is still one of the most successful tactics for fraudsters. He also advised implementing multi-factor authentication for all key systems.
Looking to Ireland's financial future
Michael D’Arcy TD, Minister of State at Ireland's Department of Finance closed out the day by speaking about the steps the government is taking to ensure the future prosperity of the Irish financial services sector that benefits the whole country.
D'Arcy stated that developments such as AI and blockchain could be as revolutionary to Ireland as the internet has been. The government has established a fintech foresight group to capture the opportunity that these technologies offer, with a variety of stakeholders. He added that the government is making 'disruptive technology' funds available to develop innovation in this area.
Alongside technology, talent was identified by D'Arcy as a key focus for Ireland's future as a global financial hub. He said that education is critical to making this a reality, in terms of both skills and diversity. As well as encouraging this at school and college age, he also noted that older members of the financial workforce in Ireland need to be inspired to remain in the industry by being reskilled for the new technologies that are entering the market. Retaining experience at the older end of the scale is very important.
Carmel Crimmins, Specialist Editor, Top News at Reuters noted that Dublin has done very well from financial services, but asked how this success gets spread around to the rest of the country. D'Arcy said that 45% of employees in international financial services in Ireland are actually outside of County Dublin.
Citing payments technology firm Stripe as an example of a business that left Ireland, Crimmins asked D'Arcy what the country is doing to retain financial start-up talent. For D'Arcy, what is important is the idea, not where it is based. While Stripe is headquartered in the US, it employs around 250 staff in Ireland, he noted.
The debut SWIFT Business Forum Ireland clearly showcased where the country's financial services industry stands today, the potential it has for growth in the future, and the steps that need to be taken in order to ensure the success. Industry collaboration and digitisation will play a key role in the journey.