A Summary of Finance News and Topics on Compliance and Privacy
We gather together topics for the Finance sector
To avoid long load times news is archived periodically. If you can't find what you are looking for on this page please refer to our archives. Please use the search engine for ease of retrieval.
Main Finance News page |
Archives: (oldest)
1 |
2
(most recent)
See also Finance Mentor for general finance news and views
MiFID Recruitment Timebomb Ready to Explode
There are just nine months to go before the Markets in Financial Instruments Directive (MiFID) is enforced by the FSA and London compliance recruitment agency, Joslin Rowe, is warning that this has big implications for compliance recruitment in London and across the UK.
“Over the last two months we have seen a 20% increase in the number of temporary compliance jobs focusing on MiFID orientated projects and this number is rising every week,” says Michelle Myers of Joslin Rowe. “It's becoming a hotbed of compliance recruitment across the temporary market as financial institutions scramble to get the right people on board immediately. As a consequence multiple compliance job offers are becoming commonplace and contract rates are rocketing. Companies cannot afford to hang around if they want to have the right people on board to hit the November 1st deadline smoothly.”
According to the Joslin Rowe recruitment research an extra 1,200 temporary workers skilled in compliance will be required in the City of London over the next 10 months – thanks to MiFID alone.
Read the article
One-year anniversary of chip and PIN change over - UK leads the way in chip and PIN rollout
Wednesday 14 February 2007 marks the one-year anniversary of PIN Day – the official change over to chip and PIN in the UK. To recognise this milestone, APACS, the UK payments association, has issued an update on the successful progress of chip and PIN. As at January 2007 APACS figures show that:
- More than 99.9 per cent of all chip and PIN card transactions are now PIN-verified – confirming that very few card accepting businesses have not upgraded to chip and PIN.
- More than 185 chip and PIN transactions take place every second. This compares with 125 every second a year ago.
- The UK 's banks and card companies have now issued 138 million chip and PIN cards - representing 97 per cent of the UK 's 142 million payment cards. This is eight million more than were in circulation six months ago and over 30 million more than eighteen months ago. In 2007, remaining cards will continue to be upgraded.
- Approximately 900,000 shop tills have been upgraded to chip and PIN. This represents 98 per cent of all shop tills in the UK – an increase of over 75,000 tills since PIN day.
- Total card fraud losses fell in 2005 and we expect the figures to reveal that this trend continued in 2006
- As customers have got used to using their PIN retailers have reported that transaction times have become quicker with queues in shops shorter.
Read the article
Banking industry reports progress on new faster internet and phone payment service
- New central system on track to be in place from November 2007
- Thirteen financial institutions* confirmed to be founding members
To coincide with today's (Monday 12 February 2007) publication of the OFT's final Payment Systems Task Force Report, the UK banking industry today confirms that they are on track to introduce the new faster payments system, agreed with the Task Force, by November 2007. They also announced that there are thirteen founding members* of the new system.
Read the article
Are 'Sealed' Websites Any Safer?
As consumers become more concerned about protecting their information online, more "secure" labels have emerged, each promising to serve as a "Good Housekeeping seal of approval" for Website security. Hacker Safe and ControlScan, for example, prove that a site has been vulnerability-scanned. The new Extended Validation SSL (EV SSL) moniker, championed by digital certificate vendors such as VeriSign and Cybertrust, help verify that a site is not a phish or a phony. (See Cybertrust Enters EV SSL Fray .)
And now ScanAlert is rolling its "Hacker Safe" seal into a service for enterprises, company executives say. Hacker Safe Enterprise is a fully managed service that includes vulnerability assessment, hands-on analysis, and support from ScanAlert's security experts.
VeriSign, whose VeriSign Secured Seal logo is displayed on over 65,000 Websites, and Cybertrust, are in the process of rolling out EV SSL. If a site is EV SSL-certified, its address shows up in green on newer browsers such as Internet Explorer 7.
But are sites with a Website seal really more secure?
Website operators say displaying these logos demonstrates that they have made a good faith effort to run a clean site, and that they are being proactive in securing their sites. "I know that by implementing [Hacker Safe], I'm still ten times more secure than without it," says Lynnette Montgomery, general manager of e-commerce for Levenger, a $75 million reading and writing tools retailer that offers its products online as well as through stores and paper catalogs. "It's more that you are covering your bases, trying to be the best you can be, honest and putting your best foot forward."
Montgomery says another attraction of the Hacker Safe seal is its potential to bring in new customers. "Most companies I spoke to [about Hacker Safe] increased their conversion rate," she says. And that provides an ROI for the security service: "If I receive a two percent increase in conversion of customers, that's almost $500,000 in additional sales," she explains.
Read the article in Dark Reading
McAfee and RSA team for online banking security
McAfee, Inc. (NYSE: MFE) and RSA, The Security Division of EMC (NYSE: EMC), today announced that they have signed a definitive agreement to work together on an enhanced security solution that is expected to boost consumer confidence in online banking. The two companies plan to leverage McAfee ® consumer desktop security products and the RSA ® Adaptive Authentication solution to help enable financial institutions to provide more comprehensive protection for banking and online transactions.
McAfee's real-time (always on, always updating) security-as-a-service consumer products and RSA's authentication technology will be engineered to communicate with each other securely to enhance authentication of the legitimate user to their financial institution and provide powerful protection for the identities of online banking consumers.
Read the article
Free MiFID briefings on offer
A series of free MiFID briefings looking at practical responses to the new regulatory environment will be hosted around the country by Investmaster.
Speakers set to take part include Guy Sears, deputy chief executive of APCIMS, the organisation lobbying both Canary Wharf and Brussels over issues affecting private client investment managers and stockbrokers.
Sears will focus on coming COB rule changes, but particularly the practical changes firms must implement to survive the new environment.
Discussion will also look to how automation can assist, although the idea is to offer those who are less advanced in implementing a response to MiFID the chance to gain answers to questions about just what will be expected of their operating procedures and processes after November, when the new regime comes into force.
Read more at IFA Online
Man-in-the-Middle Phishing Attack Successful Against Citibank’s 2-Factor Token Authentication
On July 10th, 2006, the first reports of a Man-in-the-Middle Phishing 2.0 attack against CitiBank's CitiBusinessSM service were reported by the Washington Post. The phishing scam, originating in Russia, shows that cyber criminals are integrating multiple attack methods to defeat the latest security measures such as One Time Password (OTP) Tokens implemented by banks.
“In my testimony to Congress in 2004, I warned that, as more people become aware of current “phishing” scams, the cyber criminals often get even more clever, and create new, more sophisticated techniques,” said Howard Schmidt former White House cybersecurity advisor and former Chief Security Officer of eBay and Microsoft.
In 2004, the first wave of “Phishing 1.0” attacks tricked unsuspecting consumers into clicking on links to fake bank websites and giving up their usernames, passwords, and other personal information leading to financial fraud and identity theft. Phishing 2.0 has evolved to combine traditional Phishing ‘hooks' with a Man-in-the-Middle attack (in the Citibank case involving a botnet), and URL spoofing. A Phishing 2.0 attack tricks the user into clicking on a link to login to their bank through the Man-in-the-Middle phishing proxy site. It is actually easier to launch than traditional Phishing 1.0 scams because the attacker does not need to create and maintain a copy of a fake site. The phisher merely passes through the actual pages from the real web site, then steals data or makes changes to transactions automatically using easy-to-write scripts.
Read the article in BankInfo Security
PayPal acts to stamp out phishing attacks
PayPal's decision to introduce an optional two-factor authentication system highlights the increasing concern of banks and online payment organisations over phishing.
The amount of money lost to online banking fraud in the UK increased 55 per cent to £22.5m in the first half of 2006, according to figures from banking industry body Apacs – and all the signs indicate this amount will continue to rise.
Most phishing emails now target PayPal and eBay customers, largely because they are such a huge demographic – 123 million customers at the end of 2006 – but also because PayPal is designed to make it easy to move money around, predisposing it to being phished.
Surprisingly, however, phishing is not a large financial problem for PayPal or its customers.
Michael Barrett, chief information security officer at PayPal, says the problem with phishing has more to do with perception than reality.
‘Financially, phishing is not even in the top five of categories that we suffer from fraud–wise. But when you say you work for PayPal, people say: ‘Oh I get all these emails from you. What are you doing about that?' People perceive that there is an issue, so there is an issue,' he said.
Customers receiving phishing emails lose confidence, so PayPal's two-factor efforts should help with some of these worries.
Read the IT Week article
Swift data privacy not under our jurisdiction - ECB
The European Central Bank (ECB) would like to note that central banks are responsible for fostering financial stability and promoting the smooth operation of payment and settlement systems.
As SWIFT is a messaging provider and not a payment system, central bank oversight of SWIFT (performed by the G101 central banks and the ECB) focuses on its technical security, operational reliability, resilience, appropriate governance arrangements, and its having in place risk management procedures and controls. The monitoring of SWIFT activities that do not affect financial stability is not a matter for central bank oversight and therefore the US Treasury sub-poenas of SWIFT were outside the purview of central bank oversight. The Oversight Group has no authority to oversee SWIFT with regard to compliance with data protection laws. The request by the European Data Protection Supervisor to bring data protection compliance within the remit of central bank oversight would not be in line with the allocation of legal responsibilities.
Read the article in FinExtra
Online Security: User-Driven Tokens On The Upswing
Banks have spent the last two years steering their users to behind-the-scenes, no-fuss security tools for enhanced online authentication. This year, millions of customers may be asking banks to let them drive for awhile.
Two digital security firms, GuardID Systems and Gemalto, are among vendors who plan to roll out big with new consumer-driven authentication tokens that will marry smart-card technology with real-time risk monitoring on user-owned USB tokens. GuardID, which has been out since late fall with the retail version of its ID Vault token-the size of a flash jump drive-and software package, is now ramping up with a new banking partnership program that includes add-on services like credit monitoring from Equifax from participating banks. At press time, Gemalto was planning to introduce its Network Identity Management (NIM) card solution at the RSA Conference this month, to work with the VeriSign Identity Protection (VIP) network system introduced last year as a self-service authentication portal already supported by Yahoo!, PayPal and eBay. "Consumers believe they are at the point they need something better than what they're getting today," with username log-ins, says Francois Lasnier, vp of banking of Gemalto. "But they realize today there's no universal solution."
Read the article in Bank Technology News
Consumers Want Better Online Banking Security
Consumers are ready to start using stronger authentication technologies and want their banks and brokerage houses to monitor online transactions for suspicious activity.
As trust among consumers for online banking continues to erode, users in the United States, Europe, Australia, and India are demanding stronger security for their online accounts, a poll published Thursday reported.
According to survey results, majorities of nearly 1,700 consumers in eight countries said they were ready to start using stronger authentication technologies that went beyond the traditional user name/password, wanted their banks and brokerage houses to monitor online banking transactions for suspicious activity, and were familiar with the term "phishing."
The fourth-annual online poll conducted by RSA, the security division of storage maker EMC, traced the ongoing slide in consumer trust: 82% of account holders said that they are less likely to respond to e-mail from their bank because of phishing scams. The results in 2005 and 2004 were 79% and 70%, respectively.
Read the article in Information Week
Customers want stronger authentication for Web banking, says RSA
An overwhelming majority of consumers would willingly ditch password protection in favour of stronger authentication technology for online banking, according to a global poll published by RSA security.
The survey of nearly 1700 customers in eight countries also found that the majority of account-holders - 82% - want banks and brokerages to monitor online and telephone banking transactions for suspicious activity - similar to the way that credit card transactions are monitored.
Furthermore, a massive 91% are willing use a new authentication method, beyond the standard username-and-password procedure, if their banks decided to offer stronger security.
Read the article in Finextra
Majority of Brits using online banking
More than two thirds of Britons used internet banking to conduct the majority of their banking in 2006, according to a recent survey.
The study, conducted by Lloyds TSB, found that the figure compared with fewer than one in five during 2005.
More than half of those questioned said they used online banking more often this year than they did last year, while 70 per cent of the over 50s cited the money management method as being their preference.
The most popular reason given for banking online was the constant availability of the service, with the second most cited answer being the convenience of financial management regardless of the place.
Read the article in Finance News Online
MiFID: IT contractors ride high on the waves of change
Don't you just love change? What with the moving target of customer requirements, and that constant bleat of officialdom. Not for you? Well it should be, it drives up your rates, and no one has yet invented an IT system that didn't need fiddling with to keep it performing. Change is constant and good.
If you could imagine a world without IT change, you'd imagine far fewer opportunities for freelance contractors. As a breed, they probably wouldn't exist.
And so, just as the Sarbanes Oxley and Basel II parties are winding down, another invitation to hike up the rates and make a mint presents itself: MiFID.
MiFID – rhymes with Triffid for those with a herbaceous bent – is the Markets in Financial Instruments Directive developed as part of the European Commission's Financial Services Action Plan. After eighteen months delay it is now expected to come into force by 1st November 2007.
According to business law firm Norton Rose, "MiFID has been compared to an iceberg of Titanic-sinking proportions... There is an increasing realisation that MiFID will have a fundamental impact on many investment firms."
And analyst Gartner adds that the technology impact of MiFID will be far reaching, "affecting enterprise architecture approaches, design and use of shared services, performance measurement and management, and governance."
Read the article in Contractor UK
Draft MiFID guidelines published
MiFID Connect, a joint project designed to simplify implementation of the Markets in Financial Instruments Directive, has published a set of draft MiFID guidelines for firms.
The guidelines, covering investment research, suitability and appropriateness, best execution and conflicts of interest, are based on draft Financial Services Authority text and relate to the FSA's expected rules on implementing MiFID.
They have been developed by trade associations such as the Association of British Insurers (ABI) and the British Bankers' Association (BBA).
read the article in IFAOnline
PayPal users to get pass-code device
eBay is getting ready to offer its PayPal users a password-generating key fob that promises to increase the security of the online payment service.
The device displays a new one-time password in the form of a six-digit code about every 30 seconds. PayPal clients who opt to use the device will enter this password along with their regular credentials when signing into the service. The key fob is meant as another weapon in the battle against data-thieving phishing scams.
A PayPal spokeswoman said: "If a fraudulent party somehow got hold of a person's username and password, they still wouldn't be able to get into the account because they don't have the six-digit code. This by no means is a silver bullet that is going to stop fraud. This is just another layer of protection."
The "PayPal Security Key" will cost $5 for personal PayPal accounts but will be free for business accounts, the spokeswoman said. PayPal has been testing the device with employees for a couple of months and plans to start trials with customers in the next month or so, she added. As of 30 September, there were nearly 123 million PayPal accounts, according to eBay.
Read the article on Silicon.com and on Enterprise Security Today
Faster payments should not result in weaker authentication
The 11 faster payments member banks are progressing rapidly with their implementation projects ahead of the November 2007 deadline. However, as the systems being developed will enable a payment to be processed in less than 15 seconds, there is no time to stop a payment, and adequate authentication of the transactions becomes critical.
Paul Meadowcroft, head of transaction security at Thales e-Security, commented: "While the 11 member banks have accepted the rationale and, indeed, benefits faster payment services (FPS) will bring, especially from a customer satisfaction point of view, they are equally aware that FPS has a significant impact upon their fraud risk modelling. Put simply, current systems are not up to the challenge of receiving a payment instruction from a variety of different channels and strongly authenticating that person to prove they are who they say they are within the 15 second transaction processing time limit."
"The effect of this will be felt on many levels. From a basic cost point of view, it exposes the bank to higher risk from fraud and money laundering. However, potentially more damaging could be the effect upon customer satisfaction should the customer fall victim to fraud. Furthermore, it could have a negative impact upon the brand equity of the bank if such failings are perceived to exist."
read the article in Security Park
Online banking overtakes telephone
More people are now using online banking than telephone banking, new APACS figures reveal.
In 2006 some 48 per cent of internet users had an online bank account, according to data released today by UK payment association Apacs.
Overall, some 16.9 million adults now have online bank accounts, with two in three of these going online at least once a week.
This compares with 15.4 million people using telephone banking, making 2006 the first year online banking has overtaken telephone banking in the UK.
In the last year the number of people using telephone banking has fallen 600,000 while in the last four years the number of Britons with online bank accounts has risen from 7.5 million to 16.9 million.
"Our research shows that increasingly, if you are under 35, you are more than likely to be turning to the internet rather than the phone to manage your finances," said Sandra Quinn, director of communications at Apacs.
Read the article on MyFinances.co.uk
Extend compliance and security efforts to the database level
When conducting business, either online or face-to-face, individuals trust that every reasonable step will be taken to ensure the privacy of their data. Corporations have a responsibility to protect that trust by extending robust protections and security best practices throughout their IT infrastructure. But with nearly 100 million personal records - including credit/debit card numbers and social security numbers - compromised through theft or mishandling in the past two years, it would seem perhaps that trust is misplaced.
Or is it? It's a complicated question. Over time, organizations have responded to threats against consumer privacy with substantial increases in IT perimeter security. Without a doubt, security systems have become more sophisticated. But hackers have too. And the nature of the threat has changed.
Read the article in SC Magazine
Detica to build new market abuse intelligence system for the Financial Services Authority
Detica Group plc, the business and technology consulting firm, today(15 December 2006) announces that it has signed a letter of intent with the Financial Services Authority to deliver a new intelligence solution designed to assist the FSA in the exercise of its supervisory and regulatory powers under the new Markets in Financial Instruments Directive (MiFID). The new system will analyse trading in a diverse range of financial instruments and provide the FSA with intelligence on unusual and potentially unlawful activity such as market abuse and insider trading.
Read the article
HSBC to Implement Fraud Detection Service from VeriSign to Enhance Customer Protection
HSBC USA Inc., the U.S. banking unit of one of the world's largest financial services companies, and VeriSign today (18 December 2006) announced an agreement for HSBC USA to deploy the VeriSign® Identity Protection (VIP) Fraud Detection Service (FDS) to enhance the protection it provides to customers to prevent identity theft and fraud.
“The VeriSign Fraud Detection Service provides additional online authentication and fraud monitoring, which will enhance the measures the bank already employs to safeguard customer information and assets when banking over the Internet” said Martin Hayes, senior vice president and head of e-business, HSBC USA. “Protecting customers' accounts and identities is of paramount importance.”
VIP FDS includes a state-of-the art risk engine that offers layered, risk-based authentication and fraud prevention capabilities. VIP FDS runs behind the scenes, utilizing advanced anomaly detection technology which flags potentially fraudulent activity while continuing to ensure a favorable user experience and timely delivery of services.
Read the article
SEC and PCAOB Still Working on Sarbanes-Oxley Changes
Christopher Cox, the Securities and Exchange Commission (SEC) Chairman, said recently that regulators were still working on revisions to its rule requiring companies to adopt internal controls and procedures for financial reporting but said he was “confident” that the result would “improve the reliability of public company financial statements and better protect investors,” the Washington Post reports. The SEC will issue its proposed revision on December 13. Mark Olson, Chairman of the Public Company Accounting Oversight Board (PCAOB), said last week that his agency would issue its own changes to the implementation standard some time before Christmas.
Trade groups and members of Congress have been pushing for changes in the standard because implementation has proved so costly for many companies. The U.S. Chamber of Commerce, community bankers and organizations representing small-cap and mini-cap businesses that have not yet implemented the standard – “think biotech” says BusinessWeek.com -- have been leading the effort.
These groups want the regulators to make the external audits more risk-based, and scale back the requirement for small companies. More precise definitions of what is “material” to the company's financials and which controls are “significant” would help to focus the audits and reduce the costs.
Read the full article on Accountingweb
Apacs and Visa grilled over online crime
The House of Lords Science and Technology Committee has questioned representatives of Apacs and Visa over online computer crime in the financial services industry.
The witnesses were pressed on what mechanisms the financial industry had put in place to protect people using online banking and other online financial services
Sandra Quinn, a spokeswoman for Apacs, was asked – with online banking fraud increasing by 90% to £23.2m in 2005 – how much banks are now losing to internet fraud and whether they expected the growth in fraud to continue.
Quinn replied, “We have half year figures for 2006 and the figure stood at £22.5m, an increase of 55% on 2005. The rise won't be as high in percentage terms as the rise in 2005. But it is certainly not going to be a non-dramatic rise. It is still of concern.”
Apacs' evidence suggested that the number of phishing incidents rose by 8,000% between January 2005 and September 2006.
Read the full article in Computer Weekly
UK Financial Services Companies Vulnerable to Data Theft Reveals Survey
LogLogic survey finds 76 per cent of UK's biggest financial services companies unable to track and trace potential theft
While 86 per cent of large UK financial services companies report that their enterprise data is mission critical, 76 per cent reveal that that they do not currently have systems in place to track and trace potential data theft according to a survey commissioned by LogLogic, the log management and intelligence company. Of those companies who report having systems in place to monitor IT data, 57 per cent say it takes them several days to identify security breaches involving data theft and just 19 per cent report they are able to perform the appropriate forensics within one working day.
"Despite the potential liabilities and risk to their companies, it is startling that IT directors in the UK are largely unable to perform simple forensics to determine data theft," said Ross Brewer, Managing Director of European Operations for LogLogic. "Equally disturbing is that relatively few companies even have the ability to properly monitor employee movements and the data linked to those employees, while acknowledging the awareness of the risks of reputational damage, theft of intellectual property and potential fraud."
The survey, which was carried out by Vanson Bourne, polled senior IT directors in 25 of the largest (over 1,000 employees) UK financial services companies.
Read the article
Major Industry Presentations now available for download - Q4 2006
Our sponsors VeriSign (whose sponsorship ended on 28 February 2007) have been busy participating in many events this quarter here is a summary of some of the highlights with links to a number of presentations delivered .
- RSA Conference 2006, Nice, Acropolis , France 23-25 October 2006
- Tackling Organised Crime in Partnership, Victoria Park Plaza , London , UK - 22nd - 23rd November 2006
- Combating Online Banking fraud- 27th November 2006, IOD, London, UK
Download these and more
Macedonia, Blacklists, and the Security Solution
With just over 2m inhabitants and independent only since 1991, the Former Yugoslav Republic of Macedonia is one of Europe 's younger and smaller states.
But the country has ambition enough. The European Union granted it EU candidate status in December 2005. Business leaders in the country want to boost economic, and especially, export performance. Macedonia 's main industries include wine, cheese, textile production and tourism.
The Macedonian challenge is that it is a nation where education is strong, engineering and technology are valued and contribute to the economy strongly, and IT is essential. Being hamstrung by a bad reputation meant that Macedonian users were unable to indulge in eCommerce, could make no credit card payments online. They couldn't use eBay, PayPal, or any of the services we all take for granted.
Read the article, and Get the Financial Times article sent to you
VeriSign Issues First Ever Extended Validation SSL Certificate in Support of IE7 and Microsoft Vista Launch
New Groundbreaking EV Upgrader™ technology will enable all IE7 browsers on Microsoft Windows™ XP client systems to also display the green address bar
VeriSign today (11 December 2006) announced the general availability of its Extended Validation (EV) SSL Certificates, which help protect users against online fraudulent activity by providing third party verification of a Web site's authenticity. These new certificates support Microsoft's IE7 and Vista operating system and also incorporate VeriSign's unique EV Upgrader technology enabling all Windows XP clients using IE7 to display the same green address bar and other interface enhancements as Windows Vista clients. VeriSign issued the first of these certificates to Overstock.com, one of the largest online retailers in North America.
Read the article
The Phone Phisher Cometh
Prompted by an article in The Hindu Businessline, Peter Andrews, editor of Compliance and Privacy recalls his own brush with attempted phone phishing and ID Fraud.
The call in that article is not so different from the one Andrews received a month or two before the UK Chip and PIN cutover date. He banks at First Direct, a bank set up to handle the phone first and foremost, and he was unaware that he was about to receive a new credit card, so he was not surprised that it did not arrive. And the First Direct phone system is pretty secure, with variable questions asked.
Read the Article
Security fears scare off US customers from online banking, shopping
Nearly $2 billion in US e-commerce sales will be lost in 2006 due to consumer concerns over the security of the Internet, according to a survey by Gartner, which also found that fear of fraud and identity theft have prevented around 33 million US adults from banking online.
The survey of 5000 online US adults in August 2006 found that recent security breaches - both online and offline - are having a significant impact on buying patterns and use of Web banking facilities.
Nearly half of those surveyed (46%) said concerns about theft of information, data breaches or Internet-based attacks have affected their purchasing payment, online transaction or e-mail behaviour. Of all the behaviors affected, online commerce - which includes Internet banking, online payments and Web shopping - is suffering the most.
Almost nine million US adults have stopped using online banking, while another estimated 23.7 million won't even start because of fears over security.
Gartner estimates that approximately $913 million in e-commerce sales was lost in 2006 because of security concerns among online shoppers. The analyst group says another $1 billion was lost from consumers who refuse to shop online because of security worries.
Read the article on Finextra.com
IMA Responds to NewCoB Proposals from FSA
IMA today (29 November, 2006) issued its comments on the wholesale reform of the Conduct of Business (CoB) rules proposed by the FSA in response to the MiFID Directive. In a substantial and detailed response to the FSA's consultation paper CP06/19, the IMA covers a wide range of issues, but two are of particular importance.
Read the Article
MiFID threat to Hedge Fund investment
The FSA will invite consultation from January to decide whether to allow retail investors to access hedge funds. The review has been brought about because the new pan-European MiFID (Markets in Financial Instruments Directive) rules will mean many investors will be reclassified and will become unable to access the funds.
Retail investors will not be able to access unregulated investment schemes, which include hedge funds, so the regulator will need to implement the changes ahead of the restrictions being put in place.
Under MiFID, investors will be classified as retail if they either make less than 40 trades a year or have less than 400,000 euros in investment assets.
Read the article in the FT
Phishing attacks hotting up
Phishing attacks are increasing in frequency and sophistication while shifting from larger to smaller financial institutions, according to security vendor RSA.
The vendor has tracked shifts in phishing demographics, and claims they are being driven by a renewed focus on smaller financial institutions. US banks have been building stronger anti-phishing protection, forcing fraudsters to target banks in other countries, according to RSA.
"We're seeing an interesting shift in the global phishing landscape, partly fuelled by guidelines instructing US banking institutions to implement stronger forms of authentication," said Andrew Moloney, head of international marketing for RSA consumer solutions business. "There's been a shift in the global black market to the less protected banks. In the UK, online banking is not particularly well protected," Moloney claimed.
Bank e-fraud teams are increasingly using behavioural monitoring of both physical and digital systems to judge whether a fraud is being attempted, said Moloney.
Read the article on zDNet.co.uk
Security fears scare off US customers from online banking, shopping
Nearly $2 billion in US e-commerce sales will be lost in 2006 due to consumer concerns over the security of the Internet, according to a survey by Gartner, which also found that fear of fraud and identity theft have prevented around 33 million US adults from banking online.
The survey of 5000 online US adults in August 2006 found that recent security breaches - both online and offline - are having a significant impact on buying patterns and use of Web banking facilities.
Nearly half of those surveyed (46%) said concerns about theft of information, data breaches or Internet-based attacks have affected their purchasing payment, online transaction or e-mail behaviour. Of all the behaviors affected, online commerce - which includes Internet banking, online payments and Web shopping - is suffering the most.
Almost nine million US adults have stopped using online banking, while another estimated 23.7 million won't even start because of fears over security.
Read the article in Finextra
FSA sets out costs and benefits of MIFID - One Billion Pounds
The Financial Services Authority today (24 November 2006) published a paper setting out its assessment of the overall costs and benefits for the financial services industry of implementing the Markets in Financial Instruments Directive (MiFID) in the UK.
The overall impact of MiFID attempts to quantify, where possible, the benefits of MiFID in the UK, and sets these alongside the costs of implementation. The paper indicates that, under certain assumptions, MiFID could generate some £200 million per year in quantifiable ongoing benefits, which will be attributable mainly to reductions in compliance and transaction costs.
The quantified one-off cost of implementing MiFID could be between £870 million and £1 billion with ongoing costs of around an extra £100 million a year. These are aggregate figures: it is likely that the distribution of costs and benefits will vary among firms depending on exactly how MiFID affects their business.
Read the Article
MiFID will squeeze exchanges over high cost of trading
Smart order routing will help traders overcome fragmented liquidity
The markets in financial instruments directive, the European Union trading rules scheduled to become law in just over 11 months, will change the face of equities trading in Europe for good.
Investment banks, brokers and stock exchanges are reluctant to predict the exact shape of the European trading landscape after Mifid is implemented but they agree the large quasi-monopolistic exchanges will be subject to greater competition from other trading venues and liquidity will likely fragment.
Europe's big three exchanges may have hit the headlines this month with their merger and acquisition activity – Deutsche Börse abandoned its bid for Euronext , leaving the Paris-based exchange free to tie up with the New York Stock Exchange , while US rival Nasdaq moved on the London Stock Exchange – but competition from Mifid is arguably their biggest challenge over the medium term.
The new trading rule book will outlaw concentration regulations that force investment banks and brokers to trade and report through exchanges, thereby enabling any company to become a multi-lateral trading facility, a trading platform similar to US electronic crossing networks.
Read the article in Financial News
Only 36% of financial firms think MiFID will be good for economy
The second MiFID readiness survey by technology firm SunGard and researchers TradeTech has found that 31% of financial services firms think that the Markets in Financial Instruments Directive will not be in the European economy's interests over the next five to ten years, 33% are unsure about its effect, and only 36% think that it will be good for the economy.
The survey also found that only 35% have identified budgets related to MiFID with under a year to go until its planned implementation in November 2007. Of those respondents who had indicated making MiFID budget provisions, 50% have allocated less than €1 million, whilst 18% have budgeted between €10 and €40 million.
Sheena Kelman, director, head of dealing at Martin Currie Investment Management, said: “The timing for an automated solution is getting very tight. Companies are unlikely to waste huge amounts of resource on final processes and systems, until the requirements are clear. The industry generally needs about an 18-month lead time to make really major changes to their processes. Unless the MiFID deadline changes, or the proposals are relatively straightforward, then the nearer we get to November 2007 the less likely it is that, however willing it is, the industry will be able to comply.”
EU panel: SWIFT broke data privacy laws
A report drafted by an EU panel of data protection officers concluded the bank data transfer agency SWIFT broke European privacy laws by handing over personal data to U.S. authorities for use in anti-terror investigations, EU officials said Thursday.
The Belgian-based company, the Society for Worldwide Interbank Financial Telecommunication, "committed violations of data protection laws" by secretly transferring data to the United States, without properly informing Belgian authorities, the independent panel's report said, according to the officials.
The panel's report calls on SWIFT, financial institutions and EU authorities to "take the necessary measures" to end the transfer, which it said contradicts Belgian and EU data protection rules.
Read what Business Week has to say, then comment on the story
Plastic Card Fraud
Cards are always safer than cash. The chances of you becoming a victim of card fraud are still low (fraudulent transactions make up 0.141% of all transactions). If you are unlucky enough to be a victim you will not suffer any financial loss as a consequence providing you have not acted fraudulently or without reasonable care.
Criminals are always looking for ways to get hold of your cards, but the banking industry is committed to fighting the fraudster on all fronts. Chip and PIN is a vital tool to help us further protect cards and we continue to work on a raft of other initiatives.
Read the Article
Online Fraud
The Internet offers the opportunity to bank and to shop in safety whenever and wherever you want to.
Nearly 15 million people in the UK now use the Internet to access their bank accounts, and millions more regularly shop online.
The Internet is an extremely safe way of shopping and banking. However, security relies on vigilance and you should not relax your guard when you are online.
The majority of UK Internet users who bank and shop online are playing their part in making sure that they avoid becoming a victim of online fraud. But research commissioned by APACS shows that millions of Britons are not even aware of some of the basic online pitfalls from which they can easily protect themselves:
Read the Article
Online Banking Becomes Main Settlement Tool
The amount of money transferred using electronic banking surpassed the amount through checks and company bills for the first time ever in the third quarter, the Bank of Korea (BOK) said Wednesday.
Daily banking transactions through the Internet, online phone banking and other means of online banking amounted to 13.3 trillion won for the three months ending with September. The number is up 23 percent from a year ago.
In contrast, the number of transactions completed using checks and company bills contracted. Daily transactions dropped 5.9 percent from a year earlier to 13.1 trillion won, the bank said.
It is the first time electronic banking transactions have surpassed transactions made using checks and bills since the bank began compiling data on electronic banking in 2001.
Read the article in the Korean Times
Crediting the Online Customer Experience
Banks must focus on listening to their customers and tweaking their services to help improve retention and cross-sell initiatives; Wachovia leads in online banking satisfaction, according to a Jupiter Research study.
A superb online experience can have a significant impact on a bank's ability to retain its customers and attract new ones: 52 percent of the 1,349 online users very satisfied with online banking surveyed for a Jupiter Research report would recommend the bank, 32 percent wouldn't change banks, and another 32 percent would consider the bank for additional products. "U.S. Online Banking Consumer Survey, 2006," which leverages the responses of random online consumers from Ipsos-Insight's U.S. online consumer panel, examines the correlation between online satisfaction levels and propensity to stay and buy additional offerings, while also highlighting online banking best practices.
About half--53 percent--of the 1,045 online users who are very satisfied with bill view/pay would recommend the bank, 33 percent wouldn't switch, and 34 percent would consider it for additional products. Of the 704 online users who are very satisfied with alerts, 61 percent would recommend the bank, 40 percent wouldn't switch banks, and 42 percent would consider the bank for additional products. However, of the 3,663 overall online users, 32 percent would recommend their bank, while 28 percent would not switch banks, and 19 percent would consider the bank for additional products.
Read the article in Destination CRM