In this blog post we will present 5 burning issues within the financial services industry and how Attribute-Based Access Control can help tackle some of the access control challenges faced in the financial services industry.
How much is fraud reduction worth to your business?
Each year, trillions of dollars are lost to fraud and error throughout businesses around the globe – and the cost is escalating. Between the periods 2010-11 and 2012-13, average losses increased from 5% to 5.9%. Think about it this way: 5.9% of the 2013 US GDP equates to almost 0.9 trillion. If it were a state in the US, “Fraud Loss” would be the fourth biggest grossing state, behind California, Texas and New York respectively. If we dive into the financial sector, the statistics make for grim reading: this sector suffers from 11% more economic crime than other industries, which means financial institutions pay the biggest percentages to fraud loss. Imagine the change to your organization and its risk posture if all transactions were carried out in accordance with business policies/risk appetite, and if only the right people had access to the right data.
Who is committing fraud at your organization?
External fraudsters perpetrate the majority of fraud at financial services organizations. In 2014, this accounted for 57% of fraud, down by 3% from 2011 – but that still leaves a staggering amount of lost dollars at the hands of internal fraudsters. Junior staff commits a large amount of this fraud: 39% of it to be exact. Do they have too much or inappropriate access to sensitive information? Can this figure be reduced without hindering business? What if you could control who could access sensitive data, as well as see exactly who can access what information and for what reason?
Stricter access control could help reduce the amount of fraud committed by junior staff and middle management.
How are you keeping up with ever-evolving regulations and compliance?
While the size of your assets may dictate how many regulations you need to comply with, even organizations under the 10 billion dollar mark, are experiencing a rise in regulations. The Dodd-Frank, Volcker, Basel, Gramm–Leach–Bliley and Sarbanes–Oxley Acts are all part of compliance complexity for the financial sector. In 2013, there was an average of 110 regulatory alerts globally per day. How can any financial institution, particularly those that operate globally, be expected to keep up with such complex regulations? What would it mean for your organization if you could easily implement regulation changes granularly, such as on a state-by-state or country-by-country basis?
Regulations are on the increase, which adds to the complexity of being compliant.
Is siloing compliance costing you time and money?
Not only are various standards foremost on the compliance agenda, financial insitutions are also subject to a plethora of state and federal regulations from federal regulators and organizations. While there is a tendency today to use a silo approach for compliance, this is a costly and time-consuming method that will only consume more resources as regulations grow. In 2015, KPMG argued that the “…multitude of risks [faced by the financial services industry] can only be addressed by implementing a centralized and holistic approach to managing existing and future regulatory demands to ensure that compliance programs are fully integrated into the strategic objectives of the firm as a whole.” What would it mean to your organization if you could roll out regulation changes across the enterprise or within one particular business unit, from one centrally-managed policy-based authorization system?
Financial federal regulations are enforced by many different regulators and organizations.
How smooth was the IT integration in your latest M&A?
In the summer of 2008, Commerzbank announced it was taking over Dresdner Bank. Bringing together the second and fourth largest German banks came with its fair share of challenges. Staff reductions – totaling 15,500 affected parties – took a year; rebranding 1600 locations across 50 countries took three months; IT integration of investment banking and international locations took two years. For any bank undergoing this type of M&A activity, the IT integration brings the most challenges. For access control to applications this is especially complicated when considering the number of homegrown applications and the many different ways authorization has been handled with each. Centralized, dynamic authorization can help ensure the success of your M&A process, through the introduction of a single point of management for application and database access control
M&A numbers change year-to-year depending on economic climate, but this activity has become an expected part of business growth globally.