New paper, delivered by an industry working group, identifies options that could bolster industry capabilities around data recovery, reconciliation and replay.

An independent Industry Working Group (IWG) sponsored by the CPMI-IOSCO Working Group on Cyber Resilience (WGCR), including representatives from The Depository Trust & Clearing Corporation (DTCC), Euroclear, the Federal Reserve Bank of New York, LCH, TMX Group and the Reserve Bank of Australia, today issued a whitepaper that explores data protection and validation as the cyber threat landscape continues to evolve. Delivered to evaluate how Financial Market Infrastructures (FMIs) are protecting and leveraging data, the paper explores options that firms should consider as they bolster their capabilities, including data recovery, reconciliation and replay.

The IWG focused on five key themes:

• While the two-hour recovery time objective (RTO) remains a target objective, data integrity issues require trade-offs between speed of recovery and accuracy of recovery.
• Recovery capabilities of existing systems were typically designed with physical and non-cyber outages in mind and may not be as effective in maintaining data integrity during a cyber-attack.
• Interconnections between firms increase the potential impact of a data integrity compromise across the industry.
• Recovery from a data integrity breach requires a high degree of trust in the available backup data copies as well as coordination within the ecosystem.
• When considering the recovery objective, the definition of critical services can vary across FMIs and scenarios.

As a result of IWG analysis and to continue to improve capabilities in this area, the paper suggests firms should focus on the following areas:

• Identify tools that are most harmonized with the FMI’s objectives: Each FMI should identify tools that are attainable from a design perspective and focus on the implementation of those tools that provide the most coverage.
• Define logical restore points: FMIs should work with their participants and the larger community to identify restore points that make sense for their business.
• Understand legacy technology: FMIs should regularly conduct a comprehensive evaluation of their applications to understand any critical interdependencies and identify opportunities for enhanced resiliency as technology evolves.

Today, there is no standard approach to identifying the types of data that need to be protected, nor the manner in which that data should be protected. When facing a cyber-attack, traditional data replication strategies designed for physical or non-cyber disruptions have the potential to spread corrupted data to backup databases, including those within data bunkers and backup data centres. To tackle this challenge, the IWG sought to identify tools to address data recovery and validation issues, draw out key lessons and principles for using those tools, and identify areas that would most benefit from further industry collaboration.

The paper highlights the need for greater industry collaboration around: the creation of design principles for housing critical data sets in data bunkers and third-party sites; the need for further guidelines for minimizing contagion; the adoption of common standards for assessing third-party risks to the ecosystem; the delivery of industry-wide cyber exercises by an independent party; and a common, yet flexible, definition of service criticality and its prioritization around resumption.

Rachel Tyler, Executive Director, Business Resilience at DTCC and Chair of the Industry Working Group, stated: “The operation of FMIs is based on the use and trust of data, and to perform effectively, FMIs must keep their transaction and position data, configuration data - which is needed to run systems, and application data protected and intact. Firms must consider how they can continue to improve data protection and validation capabilities to best defend and recover from cyber threats. We are pleased to have engaged with our peers on this paper, and look forward to seeing these efforts progress.”

Laure Molinier, Director, Business Recovery Crisis Management & Testing at Euroclear, said: “As part of our business resilience programme, Euroclear’s goal is to continuously improve protection, detection, response and recovery procedures in relation to extreme scenarios such as major data integrity issues. As a trusted financial market infrastructure, we are expected to play a leading role in defining recovery protocols working together with the market in scenario analyses and joint-testing. Euroclear encourages industry-wide collaboration including the sharing of experiences and best practices which benefits the wider market.”

Rob Cairns, CTO at LCH, said: “Convening this working group is a significant step in ensuring and bolstering resilience among financial market infrastructure providers. The findings of the whitepaper demonstrate the need for greater collaboration and standardisation in approaching the protection of data. We look forward to continuing to contribute to discussion and action on this important issue.”

Sarah Harris, Deputy Head, Payments Settlements Department at the Reserve Bank of Australia, says: “Cyber resilience is a key priority for the Reserve Bank of Australia and we welcome the opportunity to collaborate with our international colleagues on the important issues discussed in this paper.”

Bobby Singh, Chief Technology Officer and Chief Information Security Officer at TMX Group, said: “We are very pleased to be part of this initiative with our global industry partners to share best practices and explore solutions to address data protection, recovery and validation issues. As cyber threats continue to evolve in Canada and around the world, we look forward to continued collaboration to ensure our collective FMI cybersecurity objectives are advanced.”

Two fintech Unicorns join forces to shape the future of financial services and democratize access to banking in Europe

Feedzai, the world’s leading cloud-based financial risk management platform, and Solarisbank AG, Europe's leading Banking-as-a-Service platform, announced today at Money20/20 Europe a multi-year partnership. The pioneering companies have joined forces to reshape banking, combining the trailblazing transformation that comes with Banking-as-a-Service with the risk management and security that is expected from financial institutions - all while preserving the customer experience. Importantly, the flexibility of Feedzai’s risk management solution means they can scale as Solarisbank grows, helping the company to keep up with a regulatory and geo-political landscape that is in a constant state of flux as well as more comprehensively protect customers from threats.

Solarisbank enables any company to offer financial services via APIs while easing the technical and regulatory complexities of banking. With this new partnership, Solarisbank is leveraging Feedzai’s proprietary technology which enables them to apply an effective risk management which is in line with respective law requirements.

“We were drawn to Feedzai’s depth and breadth of experience in helping various banks fight financial crime,” said Roland Folz, CEO of Solarisbank. “Using Feedzai’s financial risk management platform we can bridge an important gap within the industry to deliver the best experience, both in terms of customer ease of use and protection from financial risk.”

Solarisbank joins an elite list of customers that use the fully packaged Feedzai Solutions that can assess risk for single and cross-channel transactions in an agile and easy-to-deploy way.

“We are excited to be part of Solarisbank’s growth journey by providing a best-in-class risk management tool that will be further protecting its tech-savvy customer base,” said Nuno Sebastiao, CEO of Feedzai. “A growing number of financial institutions are looking for cutting edge financial risk management technologies wrapped around a digital-first evolution approach. Solarisbank is leading this new wave of financial institutions that are unlocking the full power of the cloud.”

Solarisbank evaluated several solutions available in the market. Among the key differentiators that contributed to the decision of implementing Feedzai’s technology are:

• Flexibility in handling the financial risk of a growing heterogeneous customer base while being able to make changes in a self-service fashion
   
• Configurable Risk Levels: the ability to apply an effective risk-based approach during transactions monitoring
   
• Flexible SSR (self-service rules): the provision to work on rules independently

In addition to Feedzai’s flexible technology, scalability played an important role in order to match Solaris growth projections for the years to come.

The Data Encryption solution will help companies from the fintech, banking, and gaming industries meet their data security and protection needs in minutes, without ANY CODING.

AppSealing, a leading mobile application security solution provider and a service of INKA ENTWORKS, announced the launch of its data encryption solution for Android applications. With this solution, companies can protect a slew of sensitive data like authentication tokens, unique identifiers, and passwords from unauthorized access and modification. The premium addition of this solution to its mobile application protection suite further reiterates AppSealing’s commitment to enabling companies to fend off cyber attackers and prevent illegal application access, theft, deletion, or modification. Companies can now take better control of their data in a much more proactive manner.

The solution offers top-notch encryption architectures and supports AES 256 encryption, the strongest encryption standard in the world. It provides industry security standards like PCI DSS (Payment Card Industry Data Security Standard), GDPR (General Data Protection Regulation), and HIPAA (Health Insurance Portability and Accountability Act). Companies can be compliance-ready instantly without any coding or SDK integration.

James Ahn, CEO with INKA ENTWORKS, explains the relevance of data encryption for fintech companies: “Fintech industry is booming. The global fintech market, which was worth $128Bn in 2018, is expected to touch a figure of $310Bn in 2022. We have been collaborating with our clients to secure their mobile applications. Our latest offering of end-to-end data encryption further strengthens our mobile application security portfolio and leadership position in the market. We are pleased to make fintech, payments, banking, and gaming apps a lot more secure. We are excited to partner with our customers and help them be compliant, protect sensitive data, take relevant actions against hackers, and build their business and reputation confidently.”

“Digital banking enables companies to provide fintech and banking services at the touch of a button. It is a great way for companies to serve their customers, but it also means opening Pandora’s box since attackers are lurking around. Data localization restrictions also put an additional responsibility. With data encryption, we aim to help Fintech companies focus on customer experience, compliance with localization policies, and revenue generation within the safe walls of security,” says Govindraj Basatwar, Global Business Head with INKA ENTWORKS. 

The key features include:

●          Whitebox AES 256 & FIPS 140-2 encryption for Android mobile devices, software, and operating systems

●          Runtime protection covering encryption keys, API keys, authentication tokens, etc.

●          End-to-end support system encompassing legacy native file input/output interface

Companies can thus leverage AppSealing’s data encryption solution to protect sensitive data pertaining to their Android applications. The robust encryption standards ensure 100% coverage of emerging attack vectors, to provide a complete safety net to mobile applications.

NeoXam’s DataHub platform has been selected by Tikehau Capital, the global alternative asset management group to support a broader IT and operational transformation program across their global multi-fund business.

NeoXam’s DataHub will serve as a central repository for Tikehau Capital, creating a single point of the truth for securities, business entities, indices & benchmarks and portfolios. With a comprehensive range of diversified offerings across multiple asset classes, efficient data distribution is essential for the asset manager. The selection of NeoXam DataHub allows Tikehau Capital to consolidate a number of in-house developed data management systems into one ‘best of breed’ solution that will be used across its different investment hubs.

Bertrand Honoré, Group Chief Technology Officer at Tikehau Capital, said: “After an extensive market analysis and with a number of very good options, we have decided to select the DataHub from NeoXam to support to this new important phase of our IT systems. It is the best fit for our requirements”

Florent Fabre, Chief Operation Officer at NeoXam, added: “Financial institutions are always looking for a simple way to access all of their data in one place, rather than having to pull data from multiple parts of the business. By selecting NeoXam DataHub, Tikehau Capital will avoid any manual data management headaches, while also having a scalable solution which can grow in line with investor demands.”

The newly established financing company in Saudi Arabia, Positive Facilities Co. Ltd. (“Ejabiah”), has signed an agreement on the 26^th of August with Path Solutions for the implementation of its interest-free core banking platform.

Ejabiah will be offering a unique and much needed zero-percent interest financing product, which is similar to Qard Hassan or benevolent loan. Ejabiah comes with the strategy to expand the penetration of digital financial services at low cost in the country and enable small and medium business to have access to cost effective financing solutions. The company’s five-year plan is to serve up to 50,000 SME customers in Saudi Arabia with affordable financing loans at 0% interest with an estimated total number of financing transactions exceeding 30 million transactions per year.

The Ejabiah interest-free product is a viable option to reduce financial exclusion by extending financing to those who are unable to access any commercial microfinance lending either due to lack of affordability owing to high cost of funding, lack of credit history, or being part of a market segment that is not served by the current financial institutions.

“Ejabiah will be championing a more sustainable, diverse, and transparent banking in the Kingdom through the implementation of positive banking concept to create a more prosperous future for all”, commented Riyadh Al Rabiah, Managing Director of Ejabiah. “We believe it is now the perfect timing for our incorporation with a business strategy to meet the demands of more knowledgeable banking customers. Our IT unit understands the vital role of digital technology in today’s banking and financial services industry to assist customers in identifying the right financial solutions to achieve their objectives, both for current and future needs. As a newly established company in Al Khobar, Saudi Arabia, Ejabiah will have the advantage of launching innovative interest-free products and services to its customers while capitalizing on the latest digital alternatives”. 

Ejabiah will be serving SMEs and entrepreneurs such as the food and beverages sector, retailors, contractors, small industries and workshops.

Path Solutions’ Sharia-compliant core banking platform is customized to ensure product-market fit in line with positive banking, and complete regulatory adherence through open banking technology, which would enhance Ejabiah’s profitability, perceived value, functional quality and service quality.

“We are excited to have our first iMAL subscription cloud-based win in Saudi Arabia hosted on Oracle cloud. This SaaS model will continue to gather steam in the region as it provides superior economics, empowers digital transformation, enhances efficiency and reduces cost. It provides our clients with highly secure, compliant, available and scalable system while reducing physical infrastructure footprint and frees them to focus on growing their business. The financial sector is experiencing technology-led disruptions, and hence adaptability and rapid response are imperative to remain relevant in a changing business environment, and this model just works”, Mohammed Kateeb, the Group Chairman & CEO of Path Solutions said in a statement. “We are looking forward to collaborate with Ejabiah to enable them to capture robust growth opportunities by delivering sustainable and impactful digital solutions since more customers are becoming literate of the digital services at present”, he said.

Positive Facilities or Ejabiah, the newly established financing company, is getting ready to be deployed in the sandbox of the Saudi Central Bank (SAMA) and is scheduled to officially commence its lending operations in the fourth quarter of 2021. This project will be implemented in three phases with a total estimated duration for completion around 11 months. The first phase is expected to be completed within 7-8 months to enable Ejabiah to expand its operations.

 ComplyAdvantage, a global data technology company transforming financial crime detection is announcing that TransferMate Global Payments, a leading global B2B-payments technology solution provider, has selected the reg tech innovator’s award-winning customer onboarding, transaction screening and monitoring solutions.    

Headquartered out of Kilkenny, Ireland, TransferMate is a subsidiary of Clune Technology Group founded by Terry Clune and is a leading global B2B payments technology firm enabling companies to send and receive cross-border payments faster and easier.  

Now more than ever before, fast growing enterprises like TransferMate are implementing the best technologies and processes not only to reduce their risk profile as it relates to financial crimes but also to help accelerate service expansion with greater confidence.  

With the ability to onboard clients in +54 countries around the world, and with a diverse client base, TransferMate needed a solution to support their hyper growth and to enable deployment of laser focused system rules to address the real risk of international payments, and to maximize the best use of internal resource allocation. 

Simon McFeely, Chief Compliance Officer of TransferMate said "we selected ComplyAdvantage as they share the same vision as us to use ‘compliance as a competitive advantage’, and they support our mission to develop dynamic rules tuned to specific inherent vulnerability scenarios, ultimately providing a better customer service while keeping the bad guys out of our global payments infrastructure”. 

“It’s great to know that we have a risk management solution designed to keep pace with our rapidly growing business demands.”

ComplyAdvantage offers an intelligent hyperscale approach to AML and risk detection powered by the company’s proprietary data graph called ComplyData™.  Consisting of hundreds of millions of data points that provide dynamic, real-time insights of people and businesses that are monitored against sanctions, watchlists, politically exposed persons, and negative news.   This reduces dependence on manual review processes and legacy databases by up to 80% and vastly improves the efficacy in how companies screen and monitor clients and transactions.

"We are excited to be partnering with TransferMate, a powerhouse in the world of B2B cross border payments,” said Charles Delingpole, Founder and CEO of ComplyAdvantage.  “ Clearly, their team values the importance of rigorous risk management solutions which in our highly regulated environment is a strategic imperative.  Now by working together, we can help reduce the risk of financial crime so that TransferMate can transact with trust and grow with confidence.”

Already the preferred choice of some of the world’s largest banks, enterprises and high-growth fintechs, ComplyAdvantage is the leader in hyperscale financial risk insights purpose built to help growing regulated organizations manage their risk obligations and prevent financial crime. 

The maker of the iconic Galway Boot doubles down on online sales by re-platforming to remain resilient throughout the pandemic

Adyen, the payments platform of choice for many of the world’s leading companies, has partnered with premium performance footwear brand, Dubarry of Ireland, to support rapidly increasing online sales. Founded in 1937, Dubarry has evolved greatly over 80 years. Its partnership with Adyen is yet another marker of change for the Galway brand as it looked to smooth out operational complexities and expand its international reach.

With international expansion being central to its goal, Dubarry consolidated its global online payment infrastructure to Adyen’s single platform. Integrating Adyen acquiring has improved Dubarry’s authorisation rates by up to 15%, and its shoppers can now enjoy a seamless and localised checkout experience.

“Before Adyen, we were working with four different providers, which was both costly and convoluted. One of the key things we wanted to achieve was to standardise from one market to the next. Adyen allowed us to do that effortlessly through unified reporting for our accounts team and a single integration for the tech teams,” said Marc O'Donnell, Head of eCommerce at Dubarry.

“Local payment methods are so important, especially where the brand is not as well known. They help to build trust and remove a potential barrier to purchase. And with Adyen, it’s been so easy. All the payment methods we have wanted have been available to us without having to integrate each one separately.”

“The global acceleration of ecommerce adoption in the last 18 months has been a significant challenge to many businesses. Together with Dubarry, we have helped evolve its online operations and extended its reach across borders,” said Colin Neil, Managing Director of Adyen UK.

“The team at Dubarry understands the importance of global partners that can help them simplify their operations, while providing a unified view of their business around the world. We’re delighted to help them achieve this.”

As the partnership develops, Adyen will be working with Dubarry to combine its online and in-store payments into one system. “We want to make the customer experience better by having a consolidated view of everything in one place. And I don’t see any reason why we’d need to look past Adyen for this,” said O’Donnell.  

At the IHE-Europe 2021 Connectathon, SER Group showcased the interoperability of its ECM platform Doxis4, successfully passing test scenarios for the most important IHE profiles. Customers in the healthcare sector can be confident that their Doxis4  solution demonstrably meets IHE requirements for the exchange of information between IT systems in the healthcare sector.

IHE Europe, a regional chapter of the international initiative Integrating the Healthcare Enterprise (IHE), announced on September 13, 2021 the official results of this year's European Connectathon: SER Group successfully passed the test scenarios for the most important IHE profiles, demonstrating that its Doxis4 software can be integrated with information systems from other providers in line with IHE’s internationally recognized requirements.

“In the healthcare sector, many applications are in use, from HIS to ERP systems such as SAP to medical subsystems such as PACS, RIS and so on,” states Christian Behringer, Head of the Healthcare Competence Center at SER Group and SER Interact Digital AG. He adds: “With Doxis4, clinics and hospitals can combine the data from all these different applications, as well as the related documents, in a single source of truth. This enables healthcare admin to efficiently access patient information and share it securely with other service providers and patients.”

Prerequisite for connecting to electronic patient records

The laws regarding electronic patient records have been strengthened in various European countries recently. For example, in Germany, since January 1, 2021, all legally insured persons can receive an electronic patient record (ePA) from their health insurance company. Electronic patient records (EPD) have been available in Switzerland since April 2020; in Austria (ELGA) , since 2015. This ensures that medical findings and information from previous examinations and treatments can be saved and shared quickly and easily by practices and hospitals. “Legacy medical systems often do not meet the IHE requirements, particularly IHE XDS.b, for the exchange of information with electronic patient records or patient files. With IHE-compliant interfaces, Doxis4 builds a bridge between these systems,” explains Christian Behringer.

Certified IHE compliance for Doxis4

At the annual Connectathon, international IT vendors test the interoperability of their devices and applications live and under controlled conditions to match real clinical scenarios. The IHE defines selected use cases for this. These integration profiles describe the systems involved (actors) and their communication with one another. In the tests conducted online this year from June 14 to 18, IHE compliance was certified for Doxis4 in the following profiles:

Cross-Enterprise Document Sharing (XDS.b): To provide, search and retrieve documents in cross-company patient files

Patient Identifier Cross-Reference HL7 V3 (PIXV3): For cross-company identification of patients when exchanging data using XDS

Patient Demographics Query HL7 V3 (PDQV3): To search for patient IDs and demographic patient data, e.g. name, date of birth, gender, etc.

Cross-Enterprise User Assertion: For cross-company authentication of users and to manage permissions

Consistent Time (CT) and Audit Trail and Node Authentication (ATNA): To ensure data exchange is authenticated, encrypted and logged centrally

To learn more about Doxis4's IHE-compliant capabilities, read the complete IHE results list: http://connectathon-results.ihe.net/

Learn more about Doxis4 solutions for healthcare here.

New interface eases the transition from on-prem to cloud-based applications by serving as a single access point for the Total Lending product suite

Finastra has launched Total Lending Home, a new cloud-based portal to launch and manage the Total Lending suite of solutions. Current lending products available through the Total Lending Home portal include Fusion LaserPro, Fusion DepositPro, Fusion Compliance Reporter, and ProSign Online, with additional lending products to follow.

“Lending departments struggle to maintain their focus on lending while simultaneously dealing with challenges relating to infrastructure, applications, processes and data,” said Mitch Lucas, Vice President, Product Management, Development & Legal, Finastra. “Moving to the cloud can help alleviate these burdens, but brings its own challenges related to the transition. Finastra is committed to making the transition to the cloud as easy as possible, while also providing a state-of-the-art user interface to help facilitate the journey.”

Benefits of the portal include a single sign-on, powered by Microsoft’s secure Azure Active Directory, for all Finastra’s Total Lending products; the ability to view data from various products for deeper insights and better loan processor efficiency; and value-adding services, such as a repository for regulatory news. The portal provides a clean and consistent user interface to clients using multiple Finastra solutions. Most significantly, as Finastra migrates its various lending solutions to the cloud, Total Lending Home will serve as the bridge to ease clients’ cloud journeys, by serving as a single access point for the Total Lending product suite.

According to a recent report from IBM, 91% of financial institutions are actively using cloud services or plan to within the next six to nine months. Finastra already has its flagship U.S. core banking solution, Fusion Phoenix, and its mortgage solution, Fusion Mortgagebot, on the cloud. Now Finastra’s other lending solutions are beginning the journey to the cloud with Total Lending Home. The platform serves as the bridge to transform its on-premise applications to cloud technology, hosted on Finastra’s private Azure cloud.

Total Lending Home is available at no charge for users of Finastra’s Total Lending solutions.