A new ‘C’ has been added to the suite in banking: the Chief Security Information Officer. BlueNotes has a video interview this week with ANZ’s new CISO, Lynwen Connick, who comes from an eminent career in the Australian public service.
Commonwealth Bank of Australia has announced a Chief Information Security and Trust Officer, Yuval Illuz, an Israeli cyber specialist. Other major banks are also looking at new hires/roles in this space.
At ANZ, Connick will be part of the bank’s leadership group and have a strong strategic focus.
This landscape goes beyond financial services – the categories including vendor risk management, cybersecurity and environmental protection.
Yet the imperatives across all domains are similar: make sense of and manage a proliferation of regulation; streamline the institutional response; cut the costs of administration and compliance; and – ideally – derive some strategic advantage.
“A host of tech start-ups in the regulatory space has emerged that offer a range of software, services, and tools aimed at bringing more data and efficiency to regulatory compliance,” CB Insights noted.
“We … define it as companies developing technologies aimed at simplifying and streamlining compliance, risk management, reporting, data management, and more. In the last five years, regtech companies have raised $US2.3 billion in funding across 317 deals.
”Though the bulk of start-ups in this space are focused on compliance in the financial services sector, there are several start-ups that are working on regtech related to healthcare, environmental protection, food and drug, cybersecurity, blockchain, and even cannabis.”
I’m not sure Donald Trump will step in to protect a rust belt of regulators made redundant by technology but even if he doesn’t, the world of regulation is actually pivoting to the degree humans are becoming more important, rather than less.
Safe & seamless
Connick makes this point in her BlueNotes interview, arguing the stakeholders for cyber-security are not just management and regulators but customers who expect a safe, seamless and engaging technology experience.
Elsewhere in BlueNotes there is a fascinating insight into the new fronts in the campaign against fraud.
Ellen Joyner Roberson from SAS Security Intelligence outlines the technology being arrayed and systems needed while ANZ’s head of fraud risk strategy Tamsyn Harris makes the crucial point that much fraud targets individuals rather than transactions and so there needs to be a strong focus on the human element.
Across this universe from regulation – which encompasses both institutional integrity via capital and liquidity provisions, for example, and consumer protections – to cyber security to strategy, it is increasingly evident even as regtech grows in scope and sophistication human guidance will be increasingly important.
Sign up for our free weekly newsletterSubscribe
Part of this is the mechanics of how institutions run: regulators increasingly demand more-involved boards and boards want to hear from executives in charge who can answer questions, explain data sets, make recommendations and assure directors they can sleep easily at night. They need senior individuals who can translate what the technology is doing.
Announcing the appointment of Connick, ANZ said she joins “from the Australian Government where she delivered the new National Cyber Security Strategy in the Department of the Prime Minister and Cabinet”.
In its review of regtech start-ups, CB Insights identified eight sub-categories: anti-money laundering (AML) and Know-your-customer (KYC) solutions; blockchain and/or Bitcoin; Enterprise Risk Management; Operations Risk Management including governance, risk mitigation, incident identification, issue tracking, monitoring for compliance obligations, data storage, and reporting; Portfolio Risk Management; Quantitative Analytics; reporting – including centrally maintaining information for future reporting requests; tax management; and trade monitoring – including monitoring compliance with trade restrictions.
Deloitte’s latest Asia Pacific Financial Services Regulatory Outlook notes four major regulatory themes dominating the outlook for Asia Pacific financial services firms during 2017:
• Maintaining the resilience of financial institutions and the financial system, including “Basel IV”, ICS, stress-testing and recovery and resolution planning;
• Ensuring firms have robust governance frameworks and are cultivating the right culture;
• Increasingly intense and data driven supervision; and
• Managing the impact of innovations in technology, including disruption from FinTech, the growing interest in RegTech and building cyber resilience.
These are all potentially very valuable sectors for lowering compliance costs, improving the quality of reporting and growing productivity. But lowering costs is one thing. Gaining a competitive advantage by providing something of value to customers will be more significant.
And this is where the new generation of senior cyber officers will be expected to contribute.
No company has ever achieved sustainable success through cost cutting. Success comes from customer acquisition and revenue growth – operating efficiency can be essential where revenue growth is anaemic and helps margins even when it is strong.
But in compliance and hence regtech, the cost focus is necessary but not sufficient. Where this new generation of executives, in compliance, in cyber security, will add real value is in using the technology to better satisfy stakeholders – including regulators – by building competitive edges.
Andrew Cornell is managing editor at BlueNotes
Additional reporting by Victoria Kanevsky
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.