4 Trends Shaping the European Banking Sector, Part 2

In this article, we’ll discuss the challenges facing the European banking sector, the risks and barriers organisations face on the path to digital transformation, and how the sector will benefit from increased agility.

In this second article of a two-part series, we’ll take a look at twin challenges facing the European banking sector, the risks facing organisations on the path to transformation, and why there’s real cause for optimism if the sector can become more agile and digitise its back office in the same way it has revolutionised customer-facing operations.

Fighting Cyberthreats and Managing Risk of Fraud

According to a cybersecurity article, global cybercrime damages are predicted to reach $10.5 trillion by 2025. On one hand, sophisticated social engineering attacks and threats from hostile nation-states present a high level of risk to banks from outside the perimeter. Yet, it’s the threat from within that has intensified in the last two years.

Nearly 20 years ago, Bruce Schneier, security expert and CTO at IBM Resilient, said, “Only amateurs attack machines; professionals target people.” Today, that quote appears prescient. As cyberthreats continue to rise on a global scale, humans, rather than technology infrastructure, are the primary target.

“Banks and financial institutions' approach to tech must be scalable, and should clearly articulate how it aligns with the business roadmap.”

Viren Patel Industry Advisor - Financial Services Workday

In the fallout from the COVID-19 pandemic, a surge in employees working from home means that banks are increasingly susceptible to phishing and other cyberscams. For example, exposure to malware on shared home devices could put banks at risk if processes and controls are not effectively managed.

According to the Centre for the Study of Financial Innovation’s “Banking Banana Skins 2021” report, “COVID is forcing operational changes on the banks, such as work dispersal and technological adaptation, which are opening up new opportunities for security breaches and cybercrime. A serious incident could cause havoc—in the worst (though very unlikely) case, bringing the global payments system to a halt.”

Many banks already had the infrastructure in place to support some level of remote working, but few could’ve expected the enormous surge in demand. These institutions must have the ability to determine that users are who they say they are, and that they’re behaving in the manner consistent with their profile. Are they using their own devices? What’s the policy around phones, tablets, and other devices?

As always, the solution lies at the intersection of people, process, and technology. Viren Patel, strategic industry advisor for financial services at Workday, explains how banks are dealing with this insider threat with a three-pronged approach: prevention, detection, and response and analysis.

“Prevention is always the first place to start. That means ‘at-the-door authentication,’ and includes the usage of password managers to generate secure passwords and to have good failure policies in place. It also incorporates multifactor authentication (MFA),” says Patel.  

“Organisations should understand who their users are, what their roles are, and how authentication requirements change across roles. It’s important for businesses to understand that policy reviews and updates are critical over time.”

“Adaptiveness and adaptive talent management are now crucial: to deal with permanent change, banks must expand their talent pool by tapping into skill adjacencies and proactively help employees develop new skills at speed.”

Aurelie L’Hostis Senior Analyst Forrester

If prevention fails, then a bank’s next line of defence is detection. Being able to identify login patterns is crucial. This provides organisations with the ability to report on login details: IP address, username, and whether—and why—the login attempt was or wasn’t successful.

“I’d say that understanding user activity is also key. Bank IT administrators and auditors both need to understand how users engage across their systems. It’s important to understand context, and have the ability to drill down into the sign-on-specific information behind login attempts,” says Patel.

It’s important for organisations to have triggers for suspicious activity based on preconfigured rules. Alerts should be used to take action on user privileges to minimise the time it takes to stop suspicious activity.

Finally, response and analysis are key to any bank’s IT risk strategy. A part of this is creating a culture of security whereby employees are continually given education and training around cybersecurity. This should involve phishing exercises with test emails sent to employees to gain an understanding of how many are clicking dubious URLs.

Putting Environmental, Social, and Governance (ESG) Front and Centre of the Banking Sector

In the emerging reality of the post-COVID world, environmental, social, and governance (ESG) is becoming a central focus for European banks. Banks face pressure from a number of areas, with investors and customers as the two key stakeholders demanding real action. Investors examine the material impact of climate change and how it affects risk. Customers are increasingly looking at the ethical credentials of banks when deciding which brands they want to work with.

This all demands action from bank CEOs. In a global survey by KPMG, almost three‑quarters of banking CEOs said they believed their future growth will be largely determined by their ability to anticipate and navigate the shift to a low-carbon, clean-technology economy. However, most are struggling to come to grips with what that really means for their bank going forward.

Banks and their leaders are fully aware of the need to transform and fully embrace digital. The industry throws billions of Euros at the challenge each year, yet problems persist around how aligned such digital transformation efforts are with business objectives.

Data capture and delivering actionable insights are at the heart of ESG in the banking sector. Institutions know they will inevitably pivot toward more sustainable investments, but the need for short-term profitability means they can’t simply walk away from “unsustainable finance” assets. Having the experience, insight, and data to map all those potential consequences is proving to be a challenge.

The good news is that another set of technologies—artificial intelligence and machine learning (AI/ML)—is aiding both the analysis of business data and the processes needed to execute on ESG. And even better, AI/ML is inherently deployed as part of many cloud-based solutions.

Importantly, the combination of three technologies, cloud, data analytics, and AI/ML, will be key to the transformation of the banking industry and its renewed focus on ESG.

More Reading