UK Finance’s latest must–read blogs

?

1. Stay secure in 2024 ?

Throughout 2023, NCC Group’s cyber threat intelligence team has found that the financial services (FS) sector continues to be a prime target for a host of different cyber threat actors, and the ever-evolving threat landscape means that organisations continue to have their work cut out for them when managing cyber risk. This is further backed up in?IBM’s Cost of a Data Breach Report 2023 , which found the FS sector was the second most impacted by the cost of cyber incidents in 2023.?

Despite being an industry that is deemed to be more resilient to cyber threats, in most part due to maturing cyber security capabilities driven by increasing cyber regulations entering the sector (e.g. DORA), NCC Group continues to observe and help their FS clients recover from increasingly sophisticated cyber-attacks.?

In previous years, criminals would directly target financial organisations to gain direct access to funds in order to steal them. However, throughout 2023 it has become increasingly apparent that ‘data’ is the key commodity for cyber criminals. Leveraging data for extortion purposes, or the sale of this data are now predominant ways in which criminal groups can monetise their activities, and this is no different when it comes to the targeting of Financial Services.?

The data held by FS organisations, whether retail banks, wealth management, or insurers is usually highly sensitive in nature. Confidentiality, integrity and availability of this data is therefore paramount for organisations to maintain operations. As such, any breach can have significant financial implications and long-term impact on an organisation’s reputation.?

The use of ransomware, and particularly double-extortion activity, has had a significant impact on financial services in 2023. In 2023, NCC Group tracked a record number of incidents where an organisation’s data had been leaked as a result of a ransomware incident. Examples included the use of Lockbit in targeting?Indonesia’s BSI Bank , and more recently another attack using Lockbit impacted?The Industrial and Commercial Bank of China (ICBC) .?

Of course, the impact of a ransomware incident is not only limited to the encryption and leaking of data. This leaked data provides other criminals with an opportunity to conduct further targeted attacks or fraud.?

How to keep secure in 2024?

The ever-developing list of bad actors with malicious use for sensitive financial information puts financial services organisations at the centre of a growing web of cyber threats. Today, this comes from an array of cyber criminals, Foreign Intelligence Services and hacktivist Groups which will only continue to grow in tomorrow’s landscape.?

However, the focus for organisations must be on the vulnerable infrastructure, people, and supply chain issues which open the door to cyber incidents and infiltration from these actors. ?This requires particular attention to be paid to their external attack surface, and the technical vulnerabilities and sensitive data exposure which leave financial organisations vulnerable. For a sector dealing in huge financial risk and data sensitivity, the stakes are too high not to dig beyond the surface.?

Read the full blog post by Matt Hull , Global Head of Threat Intelligence, NCC Group. ?

?

2. AI in credit risk: learning from Steve Finlay and Joe Breeden ?

In a recent webinar, I was joined by credit risk experts, Dr. Steve Finlay and Dr. Joe Breeden, to discuss all things AI and machine learning in credit risk.?

Here are my key takeaways:?

1. Your models are only as good as your data.?

The speakers stressed the need to tailor models to the specific characteristics of the data and agreed that the effectiveness of machine learning depends on the complexity and nuance of the dataset.?

For simpler, more traditional portfolios, machine learning modelling might not be necessary. As Joe states, "If you're not bringing in any new data, and if there's nothing new you need to learn, then why do we need it?"?

For more complex data sets, commonly known as "big data", automation is "almost essential" says Steve, as you need the support of machine learning or AI technology to be able to drive, extract and analyse useful pieces of information.?

Data provenance was a hot topic of the webinar, with improper ownership of data potentially leading to severe consequences for organisations. Relying on data without proper ownership can pose legal risks and thorough examinations of contractual agreements are an absolute must.?

1. Your models aren't necessarily biased, but your data might be.?

As Joe stated, "The data we get reflects the world we live in, and I don't know any societies on Earth that don't have bias."?

In the past, linear models and bureau data were often given a "free pass" with the assumption that biases were acknowledged and accepted. According to Steve, "We have accepted bias in credit scoring systems and other similar systems built on regression methods and there is this well-established view that that almost doesn't matter”.?

However, with the introduction of machine learning and alternative data, the burden falls on financial institutions to prove model impartiality. Steve compares this to self-driving cars: "When humans drive cars, we accept a certain level of accidents, but as soon as you get into the self-driving vehicle world, they have to be almost perfect. To demonstrate that they are as safe as humans isn't sufficient”.?

Steve continued "We're now using those machine learning algorithms to bring in data sources that we would never, or are very unlikely to have used, in regression methods. So, the bias looks like it's worse, but it's actually the new data."?

Steve shared his perspective on addressing bias: beginning with data assessment before model creation. He suggests a shift from post-model assessment to pre-model scrutiny, emphasising the importance of thoroughly evaluating data sources for potential biases and dangers. Implementing explainable AI or machine learning models is also highly beneficial here as they provide transparency to the modeller and allow them to investigate why the model has made certain assessments and decisions.?

Read the full blog post by Lydia Edwards , Analytical Consultant, Jaywing ?

?

3. Getting your approach to AI right: business advice for financial services organisations ?

I have never seen quite as much interest and engagement at boardroom level in a new technology, as we are seeing with AI and more recently, generative AI, which refers to a subset of artificial intelligence and deep-learning models that can generate high-quality text, images, and other content based on the data they were trained on.?

Yet for all the well-founded excitement and the transformative potential of this technology, it is important financial sector leaders stay focused on genuine business outputs: How can generative AI help their organisation improve productivity, enhance the customer experience, automate key processes, and accelerate innovation??

To answer these questions, it’s worth considering some key strategic principles, learnings from early adopters, and successful use cases from leading financial brands that are already using AI well.?

The right approach for financial organisations?

There is a huge breadth and variety of potential use cases for AI, so rather than considering everything the technology can do, leaders should focus first on what their business needs most. Gen AI, rolled out effectively, should help financial organisations do even more of what they’re great at - investment firms will want to spend more time advising their high value clients, banks may want to focus on providing more mortgages. The strategic value of AI lies in creating more capacity to concentrate on what matters most.?

It's also important not to confuse the concept of an AI-powered co-pilot with autopilot, because?people using AI, rather than AI itself, are where the biggest benefits are to be found. Also, the financial services industry is highly regulated and keeping ‘humans in the loop’ is a key element of taking a responsible approach. We are learning alongside our customers that to unlock sustainable long-term value from AI, financial organisations should focus on sound governance and security – which is the case for all significant new technologies, so in these respects AI is no different.?

The broad adoption of AI should not come at the expense of sustainability commitments.?

Lastly, financial services organisations should see collaboration with government and regulators about AI as a valuable opportunity to create a safer and more secure operating environment for everyone. Engaging positively and constructively will create the best outcomes for the finance sector.?

Lessons from early adopters?

The customers I speak to often report that treating AI as business-led, transformation project, as opposed to just an IT project, massively boosts its positive impact on their organisation, in terms of productivity, customer satisfaction and efficiency. Business leaders have the authority, remit, and resources to help AI projects move more quickly from planning to action.?

Technical debt, such as fragmented information or slow cloud adoption is now holding back some companies’ generative AI adoption efforts, because AI is only as good as the data it can access. Completing earlier generations of digital transformation projects to put the right IT and analytics infrastructure in place, will save AI initiatives capex, opex and time, later on.?

What AI success can look like?

The results we are seeing also show that major, well-established financial brands are among those moving fastest to use AI. Hargreaves Lansdown (HL) is using Copilot and Teams to boost productivity, by automatically creating meeting notes and summaries for financial advisers, which they review or edit before sending on. This has reduced what used to be a four-hour task to just one hour, and 96?per cent?of HL employees using Copilot already find the tool useful, with most expecting it to become even more so.?

HSBC is using Dynamics 365 to give staff a single – yet deeper and wider view of the customer, in a way that supports frontline teams by bringing customer data together more effectively, efficiently, and automatically. Sharing the right information with the right customer-facing staff at the right time frees up a huge amount of time and energy, so they can focus on providing a great client experience.?

Rabobank is using Power Virtual Agents – which are text and voice capable chatbots, to enhance the customer journey and handle up to 80,000 calls each month, efficiently routing incoming queries to the most suitable human customer support agent. These advanced chatbots are automatically answering easier queries and directly connecting customers to channels where they can self-serve, too.?

Read the full blog post by Theo Michalopoulos , General Manager, Financial Services Industry, Microsoft . ?

?

?