Securing the Innovations within Financial Services Blog Series: Part 2 - The Investment Management Industry

In part 1 of this blog series, we discussed the security challenges facing payment innovations such as digital wallets, blockchain technology, and card-less transactions. We identified key security risks that need to be considered within the supply chain in order to prevent compromise of critical assets and service disruption.

In this second blog we will be discussing the innovations within investment banking and the direct security threats that need to be addressed.

We are seeing a high level of market disruption within the investment banking industry, with automated investment platform providers threatening the market shares held by investment management companies. These new market entrants use automation and big data analysis to provide affluent groups of customers with tailored investment plans without the need for an intermediary. This also creates opportunities for investment managers to embrace this technology and streamline internal processes and lower the cost of service delivery, allowing them to serve the mass market.

Investment managers are under the security spotlight

Naturally, organisations are considering the outsourcing of their processes and operations to these investment technology providers, however questions need to be raised about the security of integration, supply chain assurance and liability. Attacks on investment and fund managers are increasing, and investors and regulators are paying close attention. The Financial Conduct Authority (FCA) has been particularly vigilant recently over the precautions the industry needs to take to protect themselves and their clients from attacks and outlines the requirements expected by businesses within the FCA Handbook. For example, under Article 11 businesses are required to report ‘material cyber incidents’ which covers specific characteristics of an incident such as significant loss of data, unauthorised access or malicious software present on your information and communication systems.

Managing the essential security risks

The reduction of controlled access to funds and data by these providers is empowering consumers to take more control and can subsequently increase the likelihood of a cyber attack. Therefore, the following will need to be considered when evaluating the security risks to integrating this technology:

• Data integrity - when assessing the business’ security compatibility of integrating advanced analytics and algorithms into their traditional operations, questions will need to be asked about the potential loss of data integrity. Accidental or malicious change could cause financial damage and subsequent loss of trust. Regulators are scrutinising businesses to have appropriate access controls in place and investors expect their data and funds to be protected, as part of their trusting relationship, and monitor failures to data integrity.
• Third-party attacks - with the core processes of financial institutions being transitioned to online platforms, third-party suppliers providing this technology will become an attractive target to cyber attackers. The dependency on this technology creates an opportunity for these attackers to disrupt their operations and open new avenues to data breaches.

The tendency to adopt new business models driven by innovative technologies without including the proper security controls up front can result in a costly post-mortem exercise and an organisation that is not able to adapt effectively to mitigate future threats. Therefore, it is important for security, risk, and business leaders to evaluate how they are protecting their data and ensure the right controls are in place to fully monitor and respond to cyber attacks.

Download our free whitepaper to learn more about the threats facing the investment management industry and the ways organisations like yours can address them.

Have any questions? Contact our experts.