Twitter: @JannineMahoneFS
One. Two. Three. Financial services firms are reeling from being pounded by three successive waves of challenges that have created the perfect storm for compliance, security, and network professionals. In this blog, we look at how fast-changing regulatory burdens, savvier cybercriminals, and increasingly large and complex networks—that today can extend to multiple clouds—make compliance a top concern of financial services companies.
1. Regulatory burdens increasing
Financial services firms today must operate in a world in which change is the new normal as regulatory mandates continue to pile up. MiFID II. SWIFT CSP. FFIEC. NYDFS. AIFMD. The global reach of the sheer number of regulations is dizzying.
But compounding this is the fact that confusion abounds about many of these regulations. Companies are still sorting out how to satisfy GDPR, which went into effect in mid-2018. The implications of Brexit complicate matters further.
CEOs surveyed by PwC said that, as in 2017, over-regulation was their No.1 threat to their organizations in 2018.1 In a Thomson Reuters study, 62% of company executives expected even more regulatory edicts this year, with 22% expecting “significantly more.”2
Small wonder that only 17% of CEOs were very satisfied with the effectiveness of their compliance programs.3
And with these regulations come the fines. In the United Kingdom, Deutsche Bank agreed to pay more than £163 million for breaches relating to financial wrongdoing as well as culture and corporate governance.4 Merrill Lynch International was hit with a £34.5 million penalty for failing to report more than 68 million derivative transactions.4 In the United States, the U.S. Securities and Exchange Commission said in its annual report that it expected its own “vigorous” approach to continue in the coming year, having taken 754 enforcement actions in 2017.5
Clearly, financial services firms are on the hot seat when it comes to regulatory responsibilities.
2. Cybercriminals getting savvier
Then there’s the fact that we’re not exactly winning the war against cybercriminals. They are constantly changing, shifting tactics and technologies, so that even the best security experts are two steps behind them. A case in point: The average number of breaches per company in the financial services industry has more than tripled over the past five years, from 40 in 2012 to 125 in 2017.6
The average cost of cybercrime for financial services companies globally increased by more than 40% since 2014—from $12.97 million per financial services firm in 2014 to $18.28 million in 2017. This number is notably larger than the $11.7 million that is the average per company across all industries.6
And financial services firms aren’t exactly optimists about what lies ahead. Half of companies anticipate a rise in cyberattacks this year, with a full 80% anticipating it likely that they, specifically, will be attacked.7
These risks, plus the hefty fines that financial services face if they are breached, are another reason that compliance challenges lie heavily upon network professionals.
3. Network infrastructure out of control
But wait, there’s more. Add the growing size and complexity of today’s enterprise network infrastructures to the previous two challenges, and financial services firms indeed get a perfect storm of compliance headaches.
The exciting news about technology is that financial services firms now have big data, advanced analytics, artificial intelligence and machine learning, the Internet of Things (IoT) and the cloud to leverage to create new digital business models that add to top-line revenues.
The bad news is that this growing—and increasingly complex—IT environment, especially when you consider the distributed IT landscapes made possible by the cloud and the IoT—only enlarges the potential attack surface for cybercriminals. Mitigating this risk is proving extraordinarily difficult, especially since most financial services firms lack clarity on exactly what is attached to their networks. And what you can’t identify and control, you certainly can’t protect.
In summary
With this perfect storm of events, financial services firms are seeking answers. They know that, for starters, they need absolute knowledge and visibility into all their compute, network, storage, and mobile assets. But that isn’t enough. In the second blog in this two-part series, we’ll explain the need for a flexible framework to overlay the right technology.
1 https://www.pwc.com/gx/en/ceo-agenda/ceosurvey/2018/gx/business-threats.html
2 https://risk.thomsonreuters.com/en/resources/special-report/cost-compliance-2017.html
3 https://www.pwc.com/mx/es/publicaciones/c2g/2018-05-21-state-of-compliance.pdf
4 http://blog.behavox.com/2018-in-financial-compliance-what-to-expect
5 https://www.sec.gov/reports-and-publications/annual-reports/sec-2017-agency-financial-report
6 https://financeandriskblog.accenture.com/cyber-risk/cyber-crime-in-financial-services-the-big-picture
7 https://cybersecurity.isaca.org/state-of-cybersecurity