Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

"Risk Management in Open Finance Era" 26-12-2020

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité

Consultez-les par la suite

1 sur 33 Publicité

"Risk Management in Open Finance Era" 26-12-2020

Télécharger pour lire hors ligne

"Risk Management in Open Finance Era"

This presentation on "Risk Management in Open Finance Era" is an attempt to visualize a New Operational Risk & Information Security strategies through industry development lenses, and simultaneously to "Zoom" into the details of operations, threats, and technical enablers for sound risk management to FIT the new paradigm of 'Open Finance'.

For example: to ensure a #ZeroTrust’ strategy and #ComposableArchitectures or even help the business to accelerate by ‘Capitalizing’ on Risk Data Value Chain and on #DifferentialPrivacy.

#RiskTech 4 #FinTech

"Risk Management in Open Finance Era"

This presentation on "Risk Management in Open Finance Era" is an attempt to visualize a New Operational Risk & Information Security strategies through industry development lenses, and simultaneously to "Zoom" into the details of operations, threats, and technical enablers for sound risk management to FIT the new paradigm of 'Open Finance'.

For example: to ensure a #ZeroTrust’ strategy and #ComposableArchitectures or even help the business to accelerate by ‘Capitalizing’ on Risk Data Value Chain and on #DifferentialPrivacy.

#RiskTech 4 #FinTech

Publicité
Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à "Risk Management in Open Finance Era" 26-12-2020 (20)

Publicité

Plus récents (20)

"Risk Management in Open Finance Era" 26-12-2020

  1. 1. Risk Management in Varlam Ebanoidze RiskTech 4 FinTech Image: Agoda Era
  2. 2. Risk Management in Open Finance Era Image: ansonmiao Helicopter view on 'Open Finance' and on associated transition risks & opportunities. Capitalizing on 'Risk DataValue Chain' – three use cases. Tech Enablers (Smart Data Sharing – key enabler for next ecosystem)
  3. 3. What is different about Risk Management in FinTech? Image: ansonmiao Data A brand new Risk Framework. Traditional closed perimeter defense model vs. New, open, third party info sharing & outsourcing ecosystem model; Openness & Partnerships “Open Finance” (cross) - industry data sharing and open- source endless Opportunities.
  4. 4. How “Openness + Data” looks like together Image: ansonmiao
  5. 5. Image: ansonmiao Open Ecosystem challenges in the highly regulated industry - how to secure data - how to share data not only securely but smartly Analogy from the tech industry: -Think about a restaurant reservation application that has Google Maps embedded into it. - APIs allow external applications to read data from Google and portray the data on their own applications. What we need in case of Open Finance is: # 1. A ‘new perimeter (s)’. #2 Smart ways to ensure a secure data- sharing.
  6. 6. Image: ansonmiao Helicopter view on 'Open Banking' and on associated transition risks and opportunities
  7. 7. WHO • Banks, Fintechs & other companies involved in personal finance business. WHAT • DataAPI and PaymentAPI services via AISP & PISP. HOW • B2B business, intermediary between the Banks and ‘all kind of Fintech’ companies. • Providing anAPI service in highly specialized eco-system market, using by itself third party infrastructure in the Claud. • Efficiently, securely and in compliance of existing laws and regulations. Open Banking’s simplified (PSD2)WHO,WHAT and HOW.
  8. 8. A path from OpenBanking to DataEconomy via OpenFinance - different Strategies to achieve it in different jurisdictions (market-driven, regulatory-driven, or hybrid) - Industry development lenses (the ecosystem of partners) - technical Enablers (APIs connectivity) 1) 'Who is Who' in open banking - mapping of the companies’ business model differentiators in today's Open Banking. 2) 'Who will be Who' in the next Ecosystem of Open Finance - why Banks Must Become the DataCustodian in the DataEconomy - Implementation of the data strategy is a supernational task for the EU. The European Commission has published a Data Strategy proposal in 2019 https://lnkd.in/dWG9Uqu to allow the EU to take full advantage of data-driven innovation by managing the cross-sectoral use of data between sectors (in health, manufacturing, agriculture, mobility, energy, etc). - So it is for the UK too, where the concept of OpenBanking is a part of the wider SmartData Strategy declared by the UK's government..
  9. 9. A dilemma between the proper regulation and an efficient grow, at the level of designing - an evolution of the Internet is different of the path made by traditional media like Radio, Telephone or Television. - security is a Negative goal
  10. 10. Image: ansonmiao # 1. A ‘new perimeter (s)’ (ZTA) uses zero trust principles to plan infrastructure & workflows. ZT assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet). With the movement towards the Openness and the Cloud, to minimize the increased risks of the connectivity. > > > ZEROTRUSTARCHITECTURE 4 CONSUMERTRUST
  11. 11. Image: ansonmiao The key tech enablers for Open Banking are external APIs, But… https://www.openbanking.org.uk/providers/account-providers/api-performance/ - But, unlike more mature areas of cybersecurity, when people talk of API security, they mean lots of different things.. - Questions Every Executive Should AskAboutTheir APIs' by NIST: Asset Managt: How many APIs do we have? What do the APIs do? Who are the API owners?
  12. 12. Image: ansonmiao Is PSD2’s SCA a good fit for Open Finance ? 8 major challenges within the EU Open Banking regulation's technical aspects (SCA); ranging from “too strict” 2FA till the OS upgrade discipline by smartphone holders.
  13. 13. Image: ansonmiao SCA vs. Smart Data SharingTechnologies Designed for an Ecosystem What is Differential Privacy? https://www.youtube.com/watch?v=- JRURYTfBXQ No need for the most of the data to be shared at all !
  14. 14. Image: ansonmiao SCA vs. Smart Data SharingTechnologies Designed for an Ecosystem What is Differential Privacy? https://www.youtube.com/watch?v=- JRURYTfBXQ No need for the most of the data to be shared at all ! Differential privacy: where noise is added to an analytical system so that it is impossible to reverse-engineer the individual inputs Federated analysis: where parties share the insights from their analysis without sharing the data itself Homomorphic encryption: where data is encrypted before it is shared, such that it can still be analyzed but not decoded into the original information Zero-knowledge proofs: where users can prove their knowledge of value without revealing the value itself Secure multiparty computation: where data analysis is spread across multiple parties such that no individual party can see the complete set of inputs
  15. 15. Image: ansonmiao SCA vs. Smart Data SharingTechnologies PET, Differential Privacy, Double-Blind Consent-Driven Data Sharing on BlockChan For PSD2 For Ecosystem
  16. 16. Image: ansonmiao A multiplicative impact of FinTech -TechFin key enablers
  17. 17. Image: ansonmiao TechFin – FinTech: banks are welcomed to the new business of Trusted Data Assets Stewards Use-case: a new employer in a new country would request onboarding info, based on the given consent, directly from a customer's/new employee's local bank via the secure API and in compliance with the rules of GDPR.Also, an use case of CDI from HKMA: https://www.linkedin.com/posts/varlam-ebanoidze-41594043_cdi-hkftw-hkfintechweek-activity- 6729104774077153281--T6Y
  18. 18. Capitalizing on 'Risk DataValue Chain' Three use cases: - Digital onboarding - Transaction monitoring - From big data to security by design
  19. 19. Image: ansonmiao Investing in Onboarding automation & Transaction Monitoring via Open Finance by aggregating different financial and non-financial data.
  20. 20. Image: ansonmiao Capitalizing on 'Risk DataValue Chain' – Onboarding Open finance has the potential to remove many of the hurdles new customers face – like having to fill in long applications that require them to dig up hard-to- access financial infor mation or send notarised copies of documents with this information
  21. 21. Image: ansonmiao Digital Touch vs. Human Touch Apart from the strategic decisions to invest or underinvest in Digital vs Non-digital process, IMHO, the bottom line of the operational problem IS the visualization of the holistic process incl. the call center's part to address the bottlenecks in digital processes by suggesting both the data- driven algo. (the better prediction power) & process optimization tools.
  22. 22. Image: ansonmiao Capitalizing on 'Risk DataValue Chain' –Transaction Monitoring 1. single customer view and Single BehavioralView 2. static RulesVs Interactive Models 3. risk data's value-chaining
  23. 23. Image: ansonmiao Capitalizing on 'Risk DataValue Chain' – Layered approach to the risk model To achieve an accurate KYC procedure, a Layered approach to the risk model is offered. It enables on one hand avoiding the Parallelism and saving the computational power of the algorithm (if identity is easy to check, at 1st layer no need to follow other layers), on the other hand, provides the assurance that a customer is who they say they are - by checking Several layers from Account to Device & Activity.
  24. 24. Interested to know how the online fraud risk management at Alibaba Group and with the help of Alibaba by its merchants was evolved to allow this? Here is the answer: https://lnkd.in/dFjBb7X This paper is to introduce the Fraud Risk Management at Alibaba under big data. Alibaba has built a fraud risk monitoring and management system based on #real-time big data processing and intelligent #riskmodels. It captures fraud signals directly from huge amount data of #userbehaviors and network, analyzes them in real-time using machine learning, and accurately predicts the bad users and transactions. To extend the fraud risk prevention ability to external customers, Alibaba also built up a big data based fraud prevention product called #AntBuckler. Best practice: "At its peak, 256,000 transactions a second. No report of any breakdown over the 10 years."
  25. 25. Image: ansonmiao Capitalizing on 'Risk Data Value Chain' – Design thinking in C-I-A Triad - from Big Data to Security by Design
  26. 26. Image: ansonmiao Security through behavioral interventions - from the series of the customer-centric security. In the practical context, the idea is Open Banking enabled budgeting app's conceptual analogy for InfoSec. 'Which threats we take seriously and which we neglect is mostly driven by availability bias — we intuitively assess the likelihood of outcomes based on how easy they are to imagine. So we overestimate the danger of terrorism (which is vivid, concrete, and direct) and underestimate the dangers of climate change (which is vague, abstract, and indirect). Our ability to predict rare events is systematically undermined by our intuitions.' So, how to visualize the risk (make it more evident) to the customer and help in risk management decision making?
  27. 27. Impact of the Covid 19 As the pandemic accelerates Digital transition the boundaries between the monitoring of external threats (Cyber) & the assessment of risks inherent to new infrastructure (Digital) became more evident for Boards.
  28. 28. Up to 70% of all public clouds and the data on them are concentrated with just 3 cloud service providers. I doubt that the systemic risk of such concentration and the domino effect for those organizations which store data (or use IAAS ) with these 3 companies is assessed and backed-up adequately.
  29. 29. Image: ansonmiao Questions? RiskTech 4 FinTech https://www.linkedin.com/in/varlam-ebanoidze-41594043 / THANKYOU

×