Welcome to Finextra's live blog from the Swift Business Forum, London 2014, which was held Monday at the Brewery venue in the City of London, UK. This fourth instalment of the financial services Forum in the UK capital is entitled 'Doing good business in an era of re-regulation'.
Editor's note - all times reflect UK local time
Raes finishes today's conference by wishing everyone a safe journey home battling through the Tube strike. I think a fair few here are going to delay that pleasure and visit the bar first after a long and productive day. Conference ends.
Alain Raes, Chief Executive EMEA and Asia Pacific, SWIFT, thanks everyone for coming and stresses the need for collaboration in his closing remarks, citing Swift's planned new KYC Registry as a good example.
16:45 - 17:00 Closing remarks
- Alain Raes, Chief Executive EMEA and Asia Pacific, SWIFT
16:50 Final question is:
Q. What will change in 1-2 years and what threats will arise?
A. CLS' Rajan: "The timelines will shrink and FIs need to look at how they can react more quickly … the insider threat is also something that shouldn't be forgotten."
A. State Street's Perretta: "Threats will also come from the supply chain … look at the New York Times attack [and how it cascaded]"
A: Swift's Fish: "I've given up trying to predict future cyber threats. I'm alert and respond as appropriate." Very wise, and that perhaps best sums up how to battle cyber threats: be prepared.
16:35 A lively Q&A session starts with a direct question from the floor:
Q. Is the greatest cyber threat from nation states?
A. CLS' Rajan: "It depends on who you work for … nation states cyber-attacks are a threat but if I were on the retail side of FS then I'd be worrying more about cyber-criminals and fraud."
A. Swift's Fish rightly identifies Stuxnet, which disabled Iran's nuclear programme a few years ago causing centrifuges to overheat and destroy themselves - allegedly following a US and Israeli bug - as a prime example of what nation states can do. "It's unlikely in this instance but I do worry that extremely impressive coding like that might be picked up and repurposed."
Fish also mentions the recent publicity over the Heartbleed vulnerability which exposed the Open SSL internet encryption protocol to attack, pointing out that this had been known about for two years.
16:23 Chris Perretta, Executive Vice President and CIO at State Street: "We have to build secure apps and that often means controlling the development process from the ground up." Management procedures and a tight focus on enterprise risks too are key requirements for FIs.
16:11 Swift's CIO Michael Fish is facing a raft of attacks against Swift as it's a large FI, but as he says often the problem is identifying who the adversary is? "Swift gets government help for instance as a systemically important institution … then the Snowden allegations hit and we had to investigate. I want to stress we found no evidence that the NSA, nor anyone else, got past Swift's IT security systems," says Fish, "but it did make me question who our friends are, and who our enemies are." In cyber it seems it's a case of user beware.
16:03 Final session of the day gets underway with a video illustrating the cyber threat with US President Obama shown saying: "We know people are targeting our FIs." Let's see if the panel can educate us about the fightback.
As the only person with security in his job title, Vas Rajan, Chief Information Security Officer (CISO) at CLS, beings the panel, saying: "2014 has seen a lot of attacks so far. The cyber-security landscape changes depending if you're looking at a retail bank or an MI, so you have to remember that, but attacks are on the rise and the landscape is getting more complex."
16:00 - 16:45 Closing panel
Cyber: The battle continues The cyber-men return ...
- Vas Rajan, Chief Information Security Officer, CLS
- Michael Fish, Chief Information Officer, Head of Information Technology and Operations, SWIFT
- Chris Perretta, Executive Vice President and Chief Information Officer, State Street
- Bryan Glick, Editor in Chief, Computer Weekly (moderator)
15:30 - 16:00 Coffee break, networking and exhibition open
15:28 On to the Q&A in the shadow banking compliance session and one of the questions is about if crypto-currencies like Bitcoin (BTC) are shadow banking?
A.Panel doesn't seem keen to answer the BTC Q & can you blame them as Bitcoin has had so much attention this year! As the moderator Natasha De Teran, Head of Corporate Affairs, at SWIFT, says: "As far as I know the regulators are ignoring crypto-currencies". Would that we all could but they're a growing issue in FS and indeed may come out of the fringe into the shadow banking world and then into the real world. Watch this space.
15:19 Corrigan speculates that FX might take the spotlight off the shadow banking world. Topical considering the US DoJ is over in London this week investigating the potential Libor-like mis-selling scandal. With malfeasance like that no wonder re-regulation is on the agenda here today.
15:04 According to Daniel Corrigan, CEO, CME European Trade Repository, CME Group: "The word repo doesn't help as it makes it sounds like pawn broking!" Perhaps that is why it's been getting so much regulatory attention recently."
14:51 Barrie Wilkinson, Partner and Co-Head of Finance & Risk practice, EMEA, Oliver Wyman, says that of course repo is a banking activity but it isn't shadow banking [yet] , it isn't dodgy and it shouldn't be stymied. "It appears on your bank balance sheets after all." More and more of it is, however, becoming shadowy.
14:42 This compliance session on shadow banking is arrowing in on the repo market and with two practitioners on the panel it should be interesting.
Godfried DeVidts, Director of European Affairs, ICAP, warns that "the repo market is shrinking" as regulators increasingly turn their focus on it, which is ironic as it was one of the few markets to hold up relatively strongly during the last crisis.
14:30 - 15:30 Dedicated business streams
In the spotlight: shadow banking
- Daniel Corrigan, CEO, CME European Trade Repository, CME Group
- Godfried DeVidts, Director of European Affairs, ICAP
- Barrie Wilkinson, Partner and Co-Head of Finance & Risk practice, EMEA, Oliver Wyman
- Natasha De Teran, Head of Corporate Affairs, SWIFT (moderator)
14:29 ... Meanwhile over at the Swift London Business Forum's Compliance Stream, Finextra's Liz Lumley has been covering the session on big data. Her report follows with the discussion mentioning how its related to big computing (i.e. cheap power) and how regulators now want more and more data.
At the 'On the alert: Mining Big Data' for compliance session, the discussion spent far too much time *defining* big data - instead of looking at practical uses for compliance. However, they may have got there in the end, Finextra had to duck out early on this one. Selected comments follow ...
14:12 A: James Cadwallader, Standard Chartered - How can your organisation identify risk. Such as where can you identify concentrated financial crime and then feed that into driving business strategy. That is where we have used big data in compliance
14:03 Q: Craig, E&Y - Can you give some examples on how to detect fraud? A: Porter, SAS - Look for patterns, from combining data from a wide range of sources. Q: So, how do you apply it to the financial crime space? A: Porter, SAS - One of the barriers in the financial services industry is that we were early adopters in tech. We think there are barriers where there are not. It is not difficult to gather and analysis large, disparate groups of data. Other industries don't see those barriers.
13:57 Q from audience: What is the definition of a big data client? A: Porter, SAS - Big data has a lot of definitions, it is better to think about what it isn't. Some companies see data as an asset others now. 'Can we use this data, we have to store, for another purpose? Such as compliance?', would be a question. So the data is rarely used in an application for what it was designed for.
13:44 Q: What do we mean by Big Data? A: Craig, E&Y - It is an overused term. But Big Data is structured and unstructured data downloaded from various areas, in real time, that is far too large to process using traditional tech. A: Porter, SAS - The cost of doing this is so radically different than what it would have been five years ago. The current cost of storing 40 gigabytes of data is £3,500 Five years ago that number would have been hundreds of thousands of pounds. There are a lot of things called 'big data' that isn't.
13:30 Brigitte De Wilde, Swift. Q: Why are we talking about using Big Data for compliance? A: Patrick Craig, E&Y - We've started seeing regulators now ask for quantifiers for risk, they are no longer just accepting audit reports. A: David Porter, SAS - Demands for compliance are now faster than ever, we need technology to respond to those demands.
>13:30 - 14:30 Dedicated business streams
On the alert: mining Big Data for compliance
James Cadwallader, Global Head of Intelligence & Analysis, Financial Crime Risk, Standard Chartered
Patrick Craig, Partner, EMEA Financial Services Advisory, Ernst & Young
David Porter, Head of Fraud Strategy, SAS
Brigitte De Wilde, Compliance Analytics & Services, SWIFT (moderator)
14:24 Concluding quote to Adrian Kamellard, CEO, UK Payments Council: "If we get it right [i.e. updating payment MIs] then payments could be embedded into many more systems in the future." The rich data information could also be helpful to corporate treasuries and many other functions.
14:11 Oh no! the single euro payments area (SEPA) has been mentioned …run away … in reality you cannot have a payments MI focused debate without mentioning SEPA but not sure about Sanchez's reference to it being "like delivering a big-headed child" - gets a laugh though and he could be in the running for analogy of the day. Not sure the earlier all woman panel would've mentioned it mind!
14:03 The panel responds to Sanchez's hand grenades by pointing out how resilient existing payments MIs are and how in the end everything relates back to payments so it is vital that they're safe, secure and property regulated.
Lloyd's Curran does add though that getting the balance right between regs and innovation is important, warning: "There is only so much investment you can make every year and as more goes on compliance then there is less for innovation." Shot across the bows to the regulators there. Looks like the obligatory regulatory shoeing might be underway.
13:52 Things get interesting as Carlos Sanchez, Chief Executive of ipagoo, a newcomer due to launch in September 2014, goes on the attack saying of course Mark at Lloyds defends the "old rails" as it's in his bank's interest. Other hand grenades? "FPS, while good, will eventually disappear and be replaced by P2P networks as they're cross-border."
13:47 Adrian Kamellard, Chief Executive of the out-going UK Payments Council discussed immediate payments, the UK Faster Payments Service (FPS) and real-time infrastructures next, particularly the new pay-m mobile payments platform coming to the UK. "Regulators may struggle to keep up," he warns, as the issue of innovation versus safety and resiliency is discussed.
13:39 Standing room only at this packed session. Each of the MI payments panellists is introducing themselves and their view on how payments MIs are developing, with Francesco Burelli of Value Partners discussing mobile payments, wallets and other innovations, but as Mark Curran, Payment Technical Services Director at Lloyds Banking Group points out, "they all still run on the same payment MI 'rails".
Bitcoin is interesting in that it is truly an innovation, adds Curran, but its evolution may well mean it ends up looking look an existing payment MI. The recent theft of depositors' money from Mt Gox will only accelerate this process.
Afternoon session: Market Infrastructures
Payments focused MI session looking at 'Managing Speed with Safety'
- Francesco Burelli, Partner, Value Partners
- Mark Curran, Payment Technical Services Director Global Payments, Lloyds Banking Group
- Adrian Kamellard, Chief Executive Officer, UK Payments Council
- Carlos Sanchez, Chief Executive Officer, ipagoo
- Chris Skinner, Chair, the Financial Services Club (moderator)
13:30 Afternoon sessions about to begin
12:01 ... Meanwhile over at the Swift London Business Forum's Compliance Stream, Finextra's Liz Lumley has been covering the session on financial crime: solutions for compliance. Her report follows with the discussion mostly focused on - Where is the utility? Who will create the utility? Is a utility the best solution? Interesting tone from a conference hosted by a…wait for it…a utility. ...
11:58 Compliance Stream Report Q: How do you define success? A: Lawlor - Collaboration and partnerships. It is an emerging model, not just within institutions, but throughout the industry. A: Allen - Success is when we are safe. When everyone trusts the infrastructure. A: Horobin - Success is an environment to invite new entrants and create new innovations and solutions.
11:50 Q from audience: If you are taking a long term view. How do you deal with sudden regulatory changes, such as what is happening with payments? A: Lawlor - There needs to be a level playing field. For example in the payments space, the telco operators need to abide by the same rules as the banks. A: Allen - Competition is good. Smaller banks can have 'late mover' advantage. Big banks have layers upon layer of inefficiencies. New, smaller banks are newer, more slick, more nimble, more able to embrace innovative tech - even though they are abiding by the same reg rules.
11:43 Allen: This is panel is does represent who would best create a utility - it is not just how we (banks) behave. All parts of the ecosystem needs to play a part - corporates, SMEs, customers, regulators, governments etc…
11:34 Pérez-Tasso Q: Is a utility, shared services, collaborative approach a good one? A: Allen: I am yet to be convinced that there could be a viable utility offering for sanctions screening. KYC, however, I think there is a lot of opportunity there for a utility solution. As for fraud, I think we could do more.
11:28 Pérez-Tasso: Q: Is there a 'Silver Bullet' to solve this problem? A: Horobin - There is no silver bullet. Instead it is 'How are we going to manage intelligence throughout the organisation. How do we get a single view?
11:20 Pérez-Tasso: Q: How big an issue is legacy? A: Horobin - Standards could be a solution. At the end of the day it is not a competitive issue. Standards would improve interoperability. A: Lawlor - There is a strong case to build relationships with between your operations people and your clients to promote standards. There is also a place for data warehousing in solving this issue. A: Allen - In this space you can't take an annual view of your legacy systems, you need to take a longer view. Don't do a 'let's patch this up this month' policy. It will take a lot of effort for an institution to look at its overall infrastructure in a long term view. We have to do this, in the future we are not going to get 'less fraudsters.'
11:10 Pérez-Tasso: Q: What are you biggest challenges? A: Geraldine Lawlor, RBS - Layering on additional controls doesn't equal effectiveness. We have to look at AML in a holistic way. Risk levels for due diligence can differ from region to region. A: Steve Allen, Barclays - No matter what it is sanctions screening, AML the issue is 'accuracy' the margin for error is zero. Training is also an issue, the more training staff get the more collaboration you get. A: Ian Horobin, Omnicision - The ability to react to risk that aren't known, that aren't specifically stated. Ah, the unknown, unknowns…;-)
11:05 Javier Pérez-Tasso, Swift - We are going to take a positive stand on this subject the glass "half full" when looking at solutions to complying with financial crime regulations.
>11:00 - 12:00 Dedicated business streams
Fighting financial crime: solutions for compliance
Steve Allen, Managing Director, Global Payments, Barclays
Ian Horobin, CEO, Omnicision
Geraldine Lawlor, Head of Group Financial Crime, RBS
Javier Pérez-Tasso, Chief Marketing Officer, SWIFT (moderator)
11:58 Market Infrastructure (MI) Resiliency Report CHAPS' Mark Hale, provides a nice conclusion to the debate when he states that: "prices models for all of us will change", under the impact of regulatory-driven MI resiliency and recovery changes. Too true.
First mention of the UK regulators' recent 'Operation Waking Shark 2' cyber-resiliency scenarios which recently tested how the UK's MIs would cope if they came under attack from cyber-criminals. Euroclear's Trundle also shares a little but about how his firm tests his systems, jokingly admitting that he fool for one of their own spoof phishing emails which are sent out to test the staff training procedures Euroclear has in place. The audience laugh in recognition of something we've all done.
11:43 JPM's Barclay responds by saying his bank spent $250m last year fighting cyber risks and now has over 1,000 people tasked with this duty - but as suspected he won't give tactical details or say if they use ethical hackers to test their systems.
11:41 The MI resiliency panel is opened up to questions from the floor. The first question is on is if FIs are now using ethical hackers to test their systems … and if the panel won't share tactical details [they won't -Ed] what other methods they use to fight cybercrime?
11:33 Into the Q&A bit now after the introductions with Swift's moderator Newman, asking the panel what systems and procedures they have in place. Responding JPM's Barclay, says that the important things is "to understand the liabilities and where they rest so that we have certainty. We've seen what happens when we do [i.e. the credit crunch and 08 crisis -Ed.] which is why recovery and resolution is so important." This applies to CCPs, ACHs and all other MIs agrees the panel.
11:26 James Barclay, Executive Director Global Market Infrastructures, JP Morgan, gives the bank perspective and boldly lays down a challenge to the regulators: "We want stability and predictability," he says. He then lists the numerous MI changes underway from technology sources, such as Bitcoin, and regulatory-driven such as with T2S, and particularly the move to over-the-counter (OTP) trading via CCPs. That's certainly a key switchover currently underway for the FS sector.
11:23 Mark Hale, Director of Business and Operations, CHAPS is representing a payments MI in the UK and points out it survived the last crisis well, but you need to be prepared for change.
11:19 Euroclear's Trundle says his firm is regulated by the Band of England (BoE) and there are always three key discussions Euroclear has with them - operational risk; cyber; and recovery plans. These are the three key resiliency issues for him.
11:09 The Market Infrastructure (MI) resiliency panel begins with each member introducing themselves and the resiliency challenges they face. Coen Voormeulen, Division Director, Cash and Payment Systems at De Nederlandsche Bank starts off by noting that the present resiliency challenges emanate from cloud services, increasing complexity and real-time demands - not to mention strengthened regulatory oversight. A lot there for the panel top get their teeth into there.
The evolution of MIs: Meeting the resilience challenge
With cyber-crime on the rise and the regulators mandating greater use of market infrastructures, what are MIs doing in order to maintain availability and ensure operational and financial resilience?
- James Barclay, Executive Director Global Market Infrastructures, J.P. Morgan
- Mark Hale, Director of Business and Operations, CHAPS Co
- John Trundle, Chief Executive Officer, Euroclear UK and Ireland
- Coen Voormeulen, Division Director, Cash and Payment Systems, De Nederlandsche Bank
- Harry Newman, Head of Market Initiatives EMEA, SWIFT (moderator)
10:31 The all woman panel enters a Q&A section and in response to audience seeks to define 'what is cyber-crime?'. It's card skimming, DDoS attacks, phishing, etc. The recent Video mouse attacks on UK bank branches is also mentioned as the threat is discussed. An honourable mention goes to the Heartbleed bug too, which although not criminality motivated as a honest coding error, did expose online businesses to the threat of fraud. As the FCA's McDermott says: "It's all related to fraud." …which is why FS firms must also be on their guard.
10:16 Justine Walker, Director, Financial Crime (Sanctions and Bribery), British Bankers' Association joins the debate, pointing out regulations on financial crime and other areas apply to correspondent banking, trade finance, retail banking and lots and lots of FS segments - all of whom have to comply. ... first mention of the danger of 'unintended consequences too'!
10:09 Nationwide's Julia Dunn, Chief Compliance Officer, joins the cyber-crime focused debate, explaining to the panel and the audience that: "Customers can come into our branch at Nationwide but we also authenticate online, on mobiles and in the digital world [to fight cyber-crime - key theme alert here!]
10:01 HSBC have appointed thousands of regulatory and compliance staff recently after recent fines points out the moderator Paul Lewis, before questioning HSBC as to why. Barbara Patow responds: "We've appointed the staff to look after our business which is increasingly complex - facing KYC and a lot of other rules … we also need to ensure global consistency," she points out.
09:53 Tracey McDermott, FCA: Continues her opening address warning "that where we see that things are wrong we will intervene and have done so. As regulators though we need buy-in from you too though, the industry."
09:48 Tracey McDermott, Executive Board Member, Director of Enforcement and Financial Crime, FCA: explains how financial crime has always been with us - despite the headlines, it's always been there. It's certainly true cybercrime is a constant arms race between the attackers and the defenders
09:25 Paul Lewis: Congratulates everyone for making it despite the Bob Crow memorial strike held today in London in his honour
09:25 - 10:30 Opening panel - Fighting financial crime: strategies for compliance
- Julia Dunn, Chief Compliance Officer, Nationwide
- Tracey McDermott, Executive Board Member, Director of Enforcement and Financial Crime, FCA
- Barbara Patow, Global Head of GBM Financial Crime Compliance, HSBC
- Justine Walker, Director, Financial Crime (Sanctions and Bribery), British Bankers' Association
- Paul Lewis, Business Journalist (moderator)
09:15 - 09:25 Keynote - The future of London as a financial centre
- Fiona Woolf, Lord Mayor of the City of London
Opening the event, Fiona Woolf, Lord Mayor of the City of London, will share her views on the outlook for London as an international financial centre in light of the regulatory and governance challenges ahead - one of the themes of the day. The post-crash 'new normal' is cited.
09:15 Welcome remarks by Arun Aggarwal, Managing Director, UK & Ireland, Swift. He's outlining the theme for the day about how to get the most out of your business in an increasingly regulated environment where collaboration, shared service and economies-of-scale savings are forcing strategic, tactical and operational rethinks. The need for compliance and profitability is being stressed, as well as London's role as a global capital centre. We're underway.
08:47 Registrants are being handed more caffeine and croissants here to rev them up after battling through the Tube strike this morning and to prepare them for the hoped for interactive panel debates, networking and Q&As later on. Many are swapping stories about the innovative new ways they found into the central City of London business district today, but I haven't seen any stray novelty rickshaws getting attendees here from the West End yet!
08:11 Everyone is gathering for tea here at the Brewery, UK, ahead of the 'Swift Business Forum, London 2014, one-day event. Many have battled through the transport Tube Strike today in London and fought their way here on buses, bikes, in taxis and on foot after the shutdown of the London Underground for a 48-hour strike. Let's hope the debate today between the regulated and the rule-setters is more nuanced and conciliatory than that between Tube staff and management. The event can be followed here or via the direct Twitter hashtag. The full Swift agenda can be found here.