By Jan van Vliet, VP EMEA at Digital Guardian
Businesses face a growing need to leverage customer data, but striking the correct balance of strict data privacy rules, such as PCI-DSS and GDPR, presents a real challenge, most especially for organisations in the financial services industy. With more regulations looming on the horizon finance companies are under pressure to keep up with the latest legislation, guidelines and best practices to maintain compliance.
Adding to these pressing demands, finding better ways to mitigate supply chain risk is a further top priority. Everything from applying rigorous cyber security technologies, processes, and supply chain management strategies, to implementing a framework to assess and monitor supplier integrity.
Supply chains are becoming more complex and the consequential risk exposure for financial services businesses is growing. While the rise of third-party outsourcing has enabled the financial services industry to innovate and boost efficiencies, regulatory scrutiny is tightening and financial penalties in the face of compliance violations are growing.This means taking steps to minimise risk, protect the smooth-running of operations, and assure customer confidence, is a vital yet tricky path to navigate.
Financial services companies must take a holistic approach for a successful security strategy and there are a number of steps that can, and should, be taken to mitigate supply chain risk.
#1 Know who you’re doing business with
Better due diligence on third-party relationships will improve transparency within the supply chain. But for many corporations, conducting this due diligence efficiently and effectively is a challenge when dealing with thousands of third parties and vendors.
Deploying efficient and automated screening, using machine learning algorithms to speed up this process, can reduce the cost and time frame of conducting due diligence on suppliers. Similarly, ongoing monitoring programmes can automatically flag if a supplier is connected to criminal activity or Politically Exposed Persons (PEPs) who pose a greater risk of corruption and bribery.
#2 Address IT and cyber risks
A belt and braces approach should incorporate a vulnerability assessment and ongoing monitoring of the network and all connected devices, alongside the organisation’s websites, apps and firewall configurations.
Having remediated any gaps in IT security, the next step is to focus on updating processes to prevent these from reappearing, ensuring that the IT practices implemented are in line with industry standards to reduce the chance of unintentionally opening the enterprise to new risks.
Security awareness training for the workforce is the final vital step, ensuring that staff are able to identify and avoid cyber threats like phishing, malware and scams. Utilising security tools to scan emails, manage communications and quarantine any malicious threats that make it through the enterprise’s security perimeter should also be in place.
Many organisations in the financial services sector are eliminating the risks posed by the vulnerabilities of the traditional browser by disconnecting it from local IT and moving it to the cloud to create an additional layer of security.
Finally, when it comes to the transfer of personal or sensitive data between a supplier and vendor, compliance tools can help find data leaks before hackers do.
#3 Understand supply chain dependencies
Modelling and analysing the supply chain — including identifying the operational impact of a critical supplier’s facility being out of commission — will help uncover any hidden or overlooked areas of high risk. Revealing the dependencies and bottlenecks that will need to be addressed to minimise any potential disruption.
Automated risk assessment and advanced risk modelling can deliver the insights financial services companies need to ensure they can quickly halt the use of unsafe suppliers or define operational risk management strategies.
This may lead to a further diversification of suppliers, or the signing-up of alternate suppliers who are poised to step in and replace parts of the supply chain in the event of a disruption.
#4 Take an integrated approach to supply chain risk
Many financial services organisations lack an integrated approach to managing the end-to-end delivery of products or services to customers that involves back office, middle office, risk management, business developers, finance and IT. As a result, they lack a clear picture of risk across the entire supply chain.
With each department working in silos and using their own methods and technologies to assess risk relating to their individual areas of work, it’s easy to miss the bigger risk picture until something goes wrong. At which point the available mitigation options are limited and can be very costly to implement.
Instead, organisations should take a more integrated approach and consider the impact of a potential failure at any point along the supply chain – such as a data centre outage – as well as evaluating how different business units collaborate to deliver on broader organisational goals.
#5 Consider blockchain
In a financial supply context, blockchain presents an immutable truth – enabling cryptographically hashed transactions that allow for total transparency between financial institutions and regulators.
Indeed, blockchain has the potential to shatter data silos by enabling all relevant supply chain participants parties to access the same documents, and apply or view any updates or changes, from any location or application— instantaneously.
Block chain can also help mitigate supply chain risks with smart contracts that make it easier to manage contractual relationships with alternative suppliers and automatically deal with supply chain issues such as interruptions in delivery and inventory maintenance, as well as monitoring the movement of services along the supply chain to ensure smooth operations.
Financial services organisations can deploy an effective security strategy by utilising the technologies available to them in this digital era. It has never been easier to automate workflows, compress the time needed for data mining and aggregation, and monitor large third-party data ecosystems. Employing AI and integrated risk analytics makes it easier for organisations to identify and assess supplier related threats — including cybersecurity breaches, money laundering, insolvency, data mishandling and regulatory noncompliance, meaning quick action can be taken to manage or remove the risk source.