Financial services must ensure sufficient cyber security to cope with the growing speed of change

• Financial services must ensure sufficient cyber security to cope with the growing speed of change, according to KPMG cyber security practice leaders

• Explosion in open banking models, cloud and managed service providers is placing strain on traditional control and compliance functions

HONG KONG, Nov. 29, 2019 : At a time when trust has become central to the customer experience, KPMG cyber security practice leaders have told a round table that they believe financial services firms are demonstrating a commitment to trust through their cyber agendas. They said that amidst accelerating technological disruption, actively managing customer trust is presenting new revenue opportunities and challenges for financial institutions.


Henry Shek, partner, Head of Cyber Security and IT Advisory Risk Consulting, KPMG China, said, In the rush to provide a superior customer experience, financial services organisations are embracing robotics, AI blockchain and real-time data analytics. However, they must keep a close eye on fraud and be aware of ever-changing fraud scenarios. Cyber criminals are already using new and advanced methods to manipulate security weaknesses, which means that traditional security and protection mechanisms may not be sufficient to deal with AI and advanced technology-enabled attacks.


The ‘virtual bank effect’

Financial services organizations are competing not only with their traditional peers, but also with an increasing number of agile, digital disruptors such as virtual banks. The pace at which these new players are developing is forcing traditional banks to adopt more agile approaches to managing their own IT infrastructure.

According to the practice leaders, a major transformational change of a bank’s platform used to take anything between two and five years, but now they are up against players with no legacy systems to upgrade and they are forcing the pace. People are now talking about upgrading banking systems every four to six months. That places huge pressure on a bank’s IT people who have to manage the security implications of accelerating change while simultaneously dealing with the legacy of elderly systems and sunk investment.

The challenge is not just from virtual banks. In China, which is well on its way to being cashless, digital payment providers are already commonplace and customers are the driving force for these digital adoptions. Retail and commercial businesses in particular are adapting quickly to ensure they remain relevant to the needs of their customers and are enabling their digital agenda.

Ensuring AI and bots are secure for revolutionising interactions and transactions

Chat bots are fairly common and are being implemented across many Chinese financial services organisations. Most of them are designed to facilitate the customer journey, with ‘question-and-answer’ type algorithms. When the bots start making banking decisions, accountability becomes an issue. The process for letting bots run, and the ‘fail-safe’ that leads to human intervention (e.g. from call centers) must be seamless, to avoid a frustrating customer experience. In general, many financial services organisations have some way to go before they are able to achieve a sound balance between the robot and the physical.

AI and bots may be revolutionising interactions and transactions, but these need to be kept on a leash to ensure they are secure and trustworthy, and contribute rather than disrupt customer experience. It will be crucial that they embed security and privacy from day one – not just in the design, but in the way they train and operate AIs. Financial services organisations will need to demonstrate AI integrity and robustness, but also meet regulatory and customer expectations.

Shek concluded, Managing these whole, third-party ecosystems involving cyber, outsourcing, cloud, mobile and customer data are all top of the technology risk agenda. We expect to see more financial services organisations embed cyber security into their digital and business strategy, investing in cyber security as part of the innovation budget, and creating a process to become more resilient to evolving cyber threats.