FINANCE, RISK, TECHNOLOGY AND REGULATION - CEFPRO
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Issue 16, July-September, 2020
FINANCE, RISK, TECHNOLOGY AND REGULATION
FRAUD &
FEATURED FINANCIAL
ARTICLES: CRIME
* THE RAPID RISE OF
FINGERPRINT BIOMETRICS IN
THE BANKING INDUSTRY
* NEW AND NOVEL
DATASETS FOR
CREDIT RISK
DEFAULTS & BUSINESS
CREDIT RISK RESILIENCE
OPERATIONAL &
THIRD-PARTY RISK
MANAGEMENT
TECHNOLOGY
Real-world perspective - Written by the industry, for the industry 1
RECOMMENDED CONFERENCES
VIRTUAL EVENTS & WEBINARS
VIRTUAL EVENTS
ALL CEFPRO VIRTUAL EVENTS ARE FREE TO ATTEND FOR REGULATED
FINANCIAL INSTITUTIONS AND GOVERNMENT BODIES.
JUL 20-24 JUL 27-29 SEPT 15-17
GLOBAL
ALM MODEL RISK FRAUD &
& IBOR MANAGEMENT FINANCIAL
CRIME
www.cefpro.com/almweek www.cefpro.com/mrmweek www.cefpro.com/fraud
SEPT 22-25 OCT 6-8 20-23 OCT
GLOBAL
RISK VENDOR & RISK EMEA
AMERICAS THIRD PARTY 2020
RISK
www.risk-americas.com www.cefpro.com/vendor-risk www.risk-emea.com
WEBINARS
How technology can create Limit exposure to operational risk:
and drive efficiencies within your vendor and Optimizing with third-party risk
third-party risk workflow management technology
On Demand On Demand
FinTech Leaders 2020: Assessing the practicalities and drivers
Interactive webinar on the key drivers, of advanced analytics for fighting
opportunities, investments and future direction financial crime
On Demand On Demand
Payments in the time of COVID Understanding cyber risk in financial terms
On Demand On Demand
Gaining competitive business advantage Developing efficient TPRM
through advanced data and real-time processes to streamline onboarding,
analytics within financial institutions ongoing monitoring and managing risk
30 July 27 August
View our full collection of webinars at www.cefpro.com/webinars
2
INTRODUCING...
ISSUE 16
Advancing the financial, risk, regulation and technology world through
renowned thought leadership and peer-to-peer knowledge sharing.
Welcome to Issue 16 of the CeFPro Magazine,
OUR INSIGHTS TEAM
As the global pandemic continues to send shock waves across economies, with
knowledge and content sharing never been more important. COVID-19 has impacted EDITORIAL QUERIES
all of us in varying ways and institutions continue to demonstrate their resilience and
We welcome contributions: If you
agility in order to stay ahead, or afloat. As a result, Issue 16 of the CeFPro Magazine or your organization are interested
predominantly covers non-financial risks and the increase in focus of recent events has in featuring in our next issue,
brought to the disciplines. please contact:
A continued theme seen across financial services, both from a regulatory and best editor@cefpro.com
practice perspective, is that of resilience. Many risk silos are developing their own
resilience programs to better future proof their operations. The current global ADVERTISING &
pandemic has increased the spotlight on resilience and is reviewed by the Chief BUSINESS DEVELOPMENT
Technology Risk Officer at State Street who demonstrates the role technology plays If you are interested in
and the increased importance of resilience. sponsorship and advertising
opportunities, please contact:
Another financial risk consideration, from a very early stage of the pandemic, was Chris Simou
that of supply chains, both within financial services and in other industries. The
primary spotlight has been on the medical equipment and PPE required globally and chris.simou@cefpro.com
concentration risks with reliance on specific providers and locations globally. With George Panayiotou
increasing demands to onshore activities and take direct control over supply chains, george@cefpro.com
CeFPro spoke with a member of the supply chain team at Honda, who addressed their
challenges, and provide some hope of economic recovery as they continue to adapt to HEAD OF RESEARCH
meet renewed demand. & EVENT PRODUCTION
To participate in our research
As an industry, financial services have demonstrated agility, resilience and and forthcoming conferences,
responsiveness to an unprecedented combination of scenarios globally. Workforces please contact:
were redeployed to areas requiring most response, a huge proportion of the workforce
moved to remote or home working, and all were forced to adapt to the ‘new normal’. Alice Kelly
Now, as the industry continues to show resilience, CeFPro will examine recovery alice.kelly@cefpro.com
and what a post-COVID-19 industry looks like; with future issues of the CeFPro
Magazine examining the aftermath including credit risk and defaults, impact to global MARKETING INQUIRIES
economies, geo-political risks, change management and regulatory risks. To discuss media and marketing
collaborations or to join us at our
We at CeFPro, like so many others, have had to adapt and innovate to continue to conferences, please email:
deliver thought leadership, knowledge sharing and networking. Throughout Issue 16, Amy Greene
readers will see information for a range of virtual events, hosted for a global audience.
amy.greene@cefpro.com
All of the virtual events will be complimentary to all regulated financial institutions and
we hope can offer some valuable insight and allow for interaction with industry peers.
CeFPro is also continuing to build on previous years research for the international HEAD OF DESIGN
FinTech Leaders survey and report, alongside the NFR Leaders survey and report. Find
Natasha Marino
out more on pages 50 and 51.
We trust you enjoy Issue 16 of the CeFPro Magazine and continue to benefit from PUBLISHER
our insights as we continue to build on our digital platforms including; virtual events,
Andreas Simou
webinars, FinTech Leaders & NFR Leaders reports, monthly newsletter updates and
global research studies. andreas.simou@cefpro.com
Join us on social media to keep
If you would like to suggest content for future issues or would like to put yourself up to date with our latest offers
forward as a potential author, please contact us. and insights.
CeFPro Insights Team
Center for Financial Professionals
Can you help us spread the word? #CeFProMagazine www.cefpro.com
If you enjoyed this free magazine, please share it with your colleagues on LinkedIn…
3
CONTENTS
ISSUE SIXTEEN
FEATURED ARTICLES
6 THE (BANKING) WORLD AT YOUR FINGERTIPS: THE
RAPID RISE OF FINGERPRINT BIOMETRICS IN THE
BANKING INDUSTRY
David J. Oberly, Data Privacy/Cybersecurity Attorney, Blank Rome
10 NEW AND NOVEL DATASETS FOR CREDIT RISK
Louis Brown, Head of Credit Risk Modeling, Investec
13 LOAN PORTFOLIO PERFORMANCE
Joe Posavec, Managing Director, Special Opportunities Group, Cushman & Wakefield
& FinTech Advisory Board Member, CeFPro
TECHNOLOGY
Financial innovation and the rise of The validation of natural language
14 social analytics
Alessia Falsarone, Managing Director, 20 processing models
Roderick A. Powell, FRM, Head of Model Risk
PineBridge Investments, FinTech Advisory Management, Ameris Bank
Board Member, CeFPro
Open banking and financing: Digitalization in financial services:
16 A COVID-19 lesson learned
Ido Lustig, Chief Risk Officer, BlueVine, 22 Taking stock and looking forward
Aleksi Grym, Head of Digitalization,
FinTech Advisory Board Member, Bank of Finland
CeFPro FinTech Leaders
When machine learning doesn’t work as FinTech Leaders 2020:
18 expected, what went wrong and how
can you recover? 24 Key drivers, opportunities, investments
and future direction
Maurizo Garro, Senior Lead – IBOR
CeFPro
Transition Programme, Lloyds Banking Group
4
OPERATIONAL & THIRD-PARTY RISK MANAGEMENT
Integration of data-driven accountability Defining resilience to drive a
28 with an enterprise operational risk profile
Jeremy Resler, SVP, Governance Director,
Third-Party Risk Management, U.S. Bank
32
firm’s mission
Mahi Dontamsetti, Chief Technology Risk
Officer, State Street
TPRM from the auto industry in the midst Understanding, assessing and managing
30 of a global pandemic
George Grahovac, Global Operations Executive, 34 risk tolerance
Michael A. Cohen, Principal, Cohen Strategic
Supply Chain Management & Logistics, Honda Consulting
FRAUD & FINANCIAL CRIME
The COVID-19 pandemic spawns an
38 epidemic of fraud
Lester Joseph, Manager, Global Financial
42
Cyber security, privacy and resilience in
an ever changing landscape
CeFPro
Crimes Intelligence Group, Wells Fargo
The private investigators’ view on fraud
Remote work as an effective tool to and financial crime
41 manage an organization
Tomasz Grabowski, Product Manager, Comarch
44 Mike LaCorte, CEO, Roger Bescoby, Director of
Compliance & Development, Stephen Komorek,
Operations Director, United States,
Conflict International
BUSINESS RESILIENCE
Enhanced scenario stress testing Optimized working capital: Good
48 technique in a COVID-19 world
Craig Spielmann, CEO, RiskTao 52 housekeeping for treasury professionals
Tibor Bartels, Managing Director/Head of
Stephen Woitsky, Group Risk Manager, Transaction Services Americas, Fulco Werner,
Former Bank of the West Director, Transaction Services Americas, ING
When business resilience falters: The
49 criticality of incident management
Teresa C. Lindsey, Deputy Head Marketing
& Sales, The Santa Fe Group & Shared
Assessments Program
5
FEATURED ARTICLE
THE (BANKING) WORLD
AT YOUR FINGERTIPS:
THE RAPID RISE
OF FINGERPRINT
BIOMETRICS IN THE
BANKING INDUSTRY
David J. Oberly, Data Privacy/Cybersecurity Attorney, Blank Rome
Just a few years ago, the thought of being able to use your fingerprint to gain access to your bank account through your mobile
phone seemed like pure science fiction. Fast forward to 2020, and fingerprint-based biometrics are now widely used by companies
of all types, including those in the banking industry. At the same time, fingerprint biometrics carries with it sizeable security risks
and challenges, which have prompted attempts by legislators across the U.S. to impose stringent requirements and limitations on
its use.
Adding to the risks and challenges of this popular form of biometrics is the fact that fingerprint readers have become far and away
the number one target for class action litigation brought under new stringent biometric privacy laws. Financial institutions utilizing
fingerprint biometrics must be cognizant of the challenges, risks and potential legal liability posed by this technology and take
proactive measures that both minimize risk and comply with the law.
Biometric Fingerprint Technology: How it Works stored digital template. In total, the entire verification/
authentication process takes approximately one second.
Biometric fingerprint technology involves the process of
using ‘biometrics’ (i.e., individual physical characteristics) to The Impact of Fingerprint Biometrics in Banking
scan a finger and identify its geometry by measuring length,
width, thickness and surface area. These measurements are Fingerprint biometric technology has become increasingly
then converted into a mathematical algorithm known as a popular. It is now heavily relied upon in a range of different
digital template and stored in a database. During this process, commercial contexts due to its ability to enhance the efficiency,
however, no actual fingerprint image is ever created. To identify effectiveness and security of business operations. Fingerprint
or verify a fingerprint, an algorithm compares the new template biometrics has seen a rapid rise particularly in the banking
created from the extracted data points of the fingerprint that industry for a number of reasons. One of the most significant
has been placed on a biometric scanner with a previously- reasons stems from the technology’s ability to enhance >>
6
FEATURED ARTICLE
The use of fingerprint biometrics, by contrast, completely eliminates the need for passwords
to access accounts or devices. These enhancements in ease-of-use and efficiency have made
fingerprint biometrics an extremely popular method of authentication for a wide variety of
banking activities.
the customer experience. Today, we use hundreds of passwords Security Challenges & Risks
across our heavily connected lives, and remembering each one
can be a challenging ask – one that causes businesses to lose However, Fingerprint biometric technology also carries fairly
out on millions of dollars of revenue per year. According to a sizeable security challenges and risks.
recent MasterCard study, one in every three online transactions
is abandoned due to consumers’ inability to remember their The first pertains to security of stored fingerprint template
passwords. data. Passwords can be easily changed if stolen; conversely,
once fingerprint template data is compromised it has lost its
The use of fingerprint biometrics, by contrast, completely ability to be used as a secure identifying feature. Compromised
eliminates the need for passwords to access accounts or fingerprint template data also has significant security
devices. These enhancements in ease-of-use and efficiency implications for users across multiple accounts and devices.
have made fingerprint biometrics an extremely popular method
of authentication for a wide variety of banking activities. In this Second, fingerprint recognition technology on mobile devices
respect, according to a recent Visa study, customers are as likely offers a significantly lower level of security than dedicated
to favor using fingerprint recognition technologies for in-store fingerprint biometric systems. Indeed, mobile device fingerprint
transactions as they are for mobile or online transactions. Of recognition utilizes only a partial fingerprint recognition
all the biometric authentication techniques currently available, algorithm.
fingerprint biometrics ranked the highest in terms of desired
payment authentication. Third, fingerprint biometric technology also presents a
risk in relation to impersonation and spoofing, where fake
In addition, fingerprint biometrics also provide a significantly fingerprints are used to foil biometric fingerprint readers. In one
enhanced level of security for banks compared to traditional experiment, a 3D printer was used to create fake fingerprint
passwords. Unlike passwords, fingerprint biometric technology molds that were cast onto materials such as silicon and fabric
authenticates customers according to who they are, as opposed glue. This produced an 80% success rate in defeating fingerprint
to what they know. Thus, fingerprint recognition operates as a authentication systems. Similarly, Samsung recently experienced
method of two-factor authentication in and of itself – first, with an incident whereby anyone could bypass the company’s Galaxy
possession of the individual’s device, and second, with his or S10 fingerprint sensor if a third-party silicon case was used to
her unique fingerprint characteristics. Consequently, fingerprint enclose the device.
biometrics have become a main player in the banking industry’s
ongoing battle against fraud across multiple payment channels.
The Legal Landscape
Enhancing Banking Operations and Boosting Revenue Due to concerns about companies using biometric fingerprints
in a safe and responsible manner, lawmakers across the country
Fingerprint biometrics are being used in a rapidly-increasing have sought ways to stringently regulate this technology.
number of contexts within banking to enhance the efficiency,
effectiveness and security of banking operations. First, legislators have sought to add fingerprint template
data to the types of protected personal information which,
Its most common use is within mobile banking. According to if compromised, triggers breach notification obligations by
a recent Juniper Research study, biometric authentication will impacted entities.
be used to protect $2.5 trillion in mobile transactions by 2024,
a tenfold increase compared to 2019. And according to a Second, new state consumer laws – most notably the California
recent Goode Intelligence study, there will be over 2.6 billion Consumer Privacy Act (CCPA) – also include fingerprint
biometric payment users by just 2023. Beyond mobile template data (and other forms of biometric data) within
banking, fingerprint biometrics are also being commonly their definitions of personal information and place a range of
deployed in bricks-and-mortar branches and incorporated requirements and restrictions on the utilization of that data.
into ATM machines. While the CCPA provides an partial exemption for GLBA-
regulated entities, financial institutions must comply with the
Fingerprint biometrics are also being leveraged by the banking CCPA when using fingerprint biometric data for purposes other
industry to offer customers technologically-advanced biometric than providing a financial service or product. Along the same
payment cards, which provide both significantly enhanced lines, other states are taking a page out of California’s playbook
security and reduced transaction times compared to to and have ramped up their efforts in 2020 to put in place their
traditional PIN numbers and signatures. own copycat CCPA laws. >>
7
FEATURED ARTICLE
Third, to combat the risk that fingerprint template data and other biometric data poses, several states have enacted new laws that
focus directly on regulating the collection and use of fingerprint template data by business entities.
Overall, Illinois’s Biometric Information Privacy Act (BIPA) is generally considered the most stringent. BIPA contains a private right
of action provision that permits the recovery of statutory damages ranging between $1,000 and $5,000 by any aggrieved person
under the law. This has generated a tremendous amount of class litigation from consumers alleging mere technical violations of
the law, including a $550 million settlement by Facebook to resolve recent BIPA litigation. With that said, BIPA provides a complete
exemption for financial institutions and their affiliates that are subject to the GLBA.
Beyond Illinois, Texas and Washington have enacted biometric privacy laws that are similar, albeit less stringent, than BIPA. While
Washington’s law provides a complete exemption for GLBA-regulated entities, financial institutions are subject to the Texas law
in connection with their use of fingerprint biometrics. Moreover, in addition to the laws currently on the books, states across
the nation are also seeking to enact biometric privacy laws of their own, many of which – such as Idaho’s HB 492 – provide no
exemption for GLBA-regulated entities.
Finally, in addition to statutory law regulating the use of biometric fingerprint technology, companies also must be mindful of
potential common law tort liability. In particular, tort claims for negligence and negligence per se may be pursued against banks
and financial institutions that experience a breach event involving fingerprint data.
Beyond Illinois, Texas and Washington have enacted biometric privacy laws that are
similar, albeit less stringent, than BIPA. While Washington’s law provides a complete exemption
for GLBA-regulated entities, financial institutions are subject to the Texas law in connection with
their use of fingerprint biometrics.
Best Practices to Minimize Liability Risk • to further support transparency, provide conspicuous,
advance notice of the use of biometric fingerprint
Ultimately, there are many risks and concerns around the use technology before any fingerprint template data is
of fingerprint biometrics that must be addressed. With data captured, used or stored;
breaches increasing in frequency and severity, and the public’s • where feasible, obtain signed, written consent authorizing
heightened concern regarding the threat of identity theft, banks the collection, use and storage of fingerprint template data
and other institutions utilizing fingerprint template data must prior to the time any such data is captured or used for any
proceed with caution, even if they do not conduct business in purpose;
locations where targeted biometric privacy laws are currently • implement effective data security safeguards to protect
currently in place. Fortunately, there are several best practices all data captured, used and stored through fingerprint
that financial institutions can implement to minimize the risk biometric technology from improper disclosure, access or
of becoming embroiled in high-stakes class action litigation acquisition; and
stemming from the use of fingerprint biometrics or other • effectively manage risk and minimize liability in connection
biometric data: with vendors and other service providers by completing
the necessary due diligence and vetting of all potential
• as a starting point, ensure transparency by implementing a vendors, and ensuring that all vendor contracts directly
detailed fingerprint biometrics-specific privacy policy; address key biometric privacy issues.
Conclusion
Fingerprint biometrics are having an increasingly significant impact on every facet of the operations of banks and financial
institutions. But this technology is not without its limitations and drawbacks. At the same time, states have also greatly increased
their efforts in enacting new biometrics laws, many of which are modeled heavily after Illinois’s stringent biometric statute. As
such, entities operating in the banking industry that use fingerprint biometric technology should consider taking proactive steps
to strategically enhance their biometric privacy compliance programs, while building in the necessary degree of flexibility to allow
them to adapt to the foreseeable challenges associated with biometric privacy.
David J. Oberly is an attorney in the Cincinnati office of Blank Rome LLP and is a member of the firm’s Cybersecurity & Data Privacy
and Privacy Class Action Defense groups. David’s practice encompasses both counseling and advising sophisticated clients on a
wide range of cybersecurity, data privacy, and biometric privacy matters, as well as representing clients in the defense of privacy
and biometric privacy class action litigation. He can be reached at doberly@blankrome.com.
8
RISK AMERICAS
9TH ANNUAL | SEPTEMBER 22-25, 2020 | VIRTUAL EVENT
60+
SPEAKERS
4 KEYNOTE
SESSIONS
4 INDIVIDUAL
WORK STREAMS
500
ATTENDEES
4 HOURS
OF VIRTUAL
16+
INTERACTIVE
NETWORKING ROUNDTABLES
KEYNOTE & PLENARY SESSIONS
IBOR | COVID 19 | GEOPOLITICAL RISK | FORWARD VIEW OF RISK MANAGEMENT
PLUS FOUR INDIVIDUAL WORK STREAMS
INNOVATION IN RISK NON-FINANCIAL MARKET TRENDS MODEL RISK
MANAGEMENT RISK & RESILIENCE &FINANCIAL RISK MANAGEMENT
Privacy, Data, BCM, Climate Change, AI & ML,
Customer Experience, Fraud & Financial Crime, Global Recession, Risk Quantification,
AI, FinTech, Automation, Cyber Security, Third Party Credit Risk, IBOR, Model Validation, Data,
RegTech Risk, Resilience Repo Markets Future of MRM
HEAR FROM 60+ CROs AND HEADS OF RISK
Vivek Tyagi Geoff Craddock Nicholas Silitch Joshua Kotok Markus Lammer
CRO,Transaction CRO Chief Risk Officer Chief Risk & COO, Ultra High Net
Banking MassMutual Prudential Compliance Officer Worth Business
Goldman Sachs First Savings Credit Suisse
Phil Masquelette Tom Wells Thomas Braun Ty Lambert John Schiavetta
Senior Vice SVP, CRO, Digital Head of CUSO CRO Deputy Chief
President and Chief US Bank Liquidity and Bancorp South Risk Officer
Risk Officer Funding Risk Alliance
Ulster Savings Bank UBS Bernstein
IBOR FORUM | September 22, 2020
TOPICS INCLUDE:
Current developments | ARRC progress | Updating documentation & legacy contracts | Global rates | Variations in markets
HEAR FROM SENIOR IBOR & TREASURY PROFESSIONALS FROM:
Morgan Stanley | ARRC | TD Securities | Wells Fargo | Loan Syndications & Trading Association | SIFMA and more...
9
www.risk-americas.com | amy.greene@cefpro.com | +1 888 677 7007 | +44 (0)207 164 6582
FEATURED ARTICLE
NEW AND
NOVEL DATASETS FOR
CREDIT RISK
Louis Brown, Head of Credit Risk Modeling, Investec
With the rise of big data and the ability to convert this into information using machine learning, credit professionals are now asking
themselves whether it is possible to use new datasets to inform our processes to make better decisions. We have seen from the
world of regulatory technology (regtech) and also from China that there are possibilities we are yet to explore. We are now in the
exploration phase with datasets based on open banking, as well as banking partnerships with regtech companies. In this article, I
will discuss the efficacy of datasets which I believe are exciting for credit risk.
Data Aggregation and Data Consortiums Open Banking
Ever since the creation of Basel II, banks have clubbed together In my opinion, one of the newest and most viable data sources
to try and create richer datasets via data consortiums to has been due to the rollout of the Second Payment Service
improve the depth of their models. The datasets for Basel Directive (PSD2), which has the goal of creating a Digital
purposes comprise historical loss information, but one-off Single Market in Europe. In the UK, PSD2 has led to banks
exercises have also been run on live portfolio information to creating application programming interfaces (APIs), which
provide an organization with insights when markets have been allow customer information to be shared with authorized third
turbulent. We have now seen regtech companies such as Credit parties. This democratized customer data has the ability to
Benchmark come into this market of aggregating and sharing enable credit professionals in analytics/quantitative disciplines
live rating data to organizations, providing greater insight into to create a better and more rounded view of new information
banks’ internal rating practices compared to their market peers. across their financial footprint. These data sources have started
Although the underlying data itself is not new, the power of to become prevalent in SME and retail lending, with traditional
sharing and aggregation offers a unique and novel take on this credit scoring companies and newer firms developing scorecard
data. Credit analytics teams can use this information to provide models to include this data. >>
powerful insights into markets. It also serves as a measure of a
bank or financial institution’s credit rating practice, testing its
beliefs on credit risk appetite.
In my opinion, one of the newest and most viable data sources has been due to the rollout
of the Second Payment Service Directive (PSD2), which has the goal of creating a Digital Single
Market in Europe.
10FEATURED ARTICLE
Spatial Data Social Network Data
Whenever my team examines a property model, we create a Social network data has become a fascinating talking point
map and plot the properties. We always remark how great it when discussing alternative credit scoring. This data has mostly
would be if we could add some spatial data into these models been applied for credit scoring by fintechs. Companies
and uncover the relationships. Spatial data/geospatial data is such as Lenddo, Accion, Brigit, Kabbage, Lendup, Oporun and
information about a physical object that can be represented Petal are some of the key players in these alternative scorecards
by numerical values in a geographic coordinate system. Spatial based on social network data. These datasets are used to help
modeling is becoming an exciting subject for sustainable individuals who would possibly get more unsatisfactory ratings
finance and has been discussed as being useful in the on traditional models due to their lack of credit information
implementation of environmental, social and governance (ESG), or poor credit history. The idea is that social network data
which will be an essential consideration when reviewing future creates a richer data presence for these companies/ individuals
financing and it’s environmental impact. The Spatial Finance that are not captured in traditional datasets. At a conference
Initiative is bringing together research in spatial data and in Singapore, I had an interesting conversation with credit
finance to try and solve real-world, finance-related problems. modeling professionals from Asia who are using these datasets
to help inform the credit decisions in their micro-lending book.
Switching to this data had reduced losses and and provided
better access to funding, thus better serving their community as
a whole.
Spatial data/geospatial data is information about a physical object that can be
represented by numerical values in a geographic coordinate system. Spatial modeling is
becoming an exciting subject for sustainable finance and has been discussed as being useful in
the implementation of environmental, social and governance (ESG),, which will be an essential
consideration when reviewing future financing and its environmental impact.
Smartphone Data
One of the richest sources of personalized data with possible applications for retail lending are our smartphones. Our phones
are rich troves of user information that can be used like social network data to open up lending to communities that have been
historically underserved by traditional credit data. Banks in Tanzania and Kenya have used these datasets to provide loans to
individuals who typically lack credit profiles due to being unbanked. Smartphone and social network data have interesting
applications due to their continual datapoints, which could allow for better behavioural and point-in-time scoring of portfolios.
Pattern Recognition Data
Pattern recognition is the automated
recognition of patterns and regularities
in data. The most relevant applications of
this are in statistical data analysis, signal
processing and image analysis.
We have all seen the benefits of KYC to
speed up the onboarding process when
using image analysis, by comparing
identity documents to pictures taken on
smartphones; an excellent use of pattern
recognition data. But pattern recognition
can have other purposes from a signal
processing standpoint; for instance, there are
applications in IFRS 9 where business cycles
can be found using data filtering algorithms
on traditional macro-economic/default data
to find de-trended cyclical patterns which
can be used in forecasting models. >>
11FEATURED ARTICLE
China’s Social Credit Scores
Currently, one of the broadest uses of big data for credit has been China’s social credit scores. One of the biggest companies in
this area is Sesame Credit, which produces a score of between 350 and 950 based on a thousand variables across five datasets,
accounting for financial and social data based on information collected from smartphone apps such as Alipay (Alibaba’s mobile
payment app).
Conclusion
In this article, I have discussed several data sources that can be • with greater information, we must also monitor possibilities
used to improve credit decisions. As a risk professional, I feel it of data biases and ensure that they do not cause
is also necessary to provide a few health warnings: discrimination to creep into the credit process; and
• as with all datasets, we need to ensure that spurious • we need to ensure that we comply with data regulations in
correlations do not lead to the wrong credit decisions our jurisdictions when using these datasets.
being made;
Health warning over. These are exciting times as we are seeing the introduction of more interesting data feeding into credit risk
analytics. Used properly, these datasets can better improve access to funding and help with ESG, while ensuring that credit risk is
priced more accurately.
One of the biggest companies in this area is Sesame Credit, which produces a score of
between 350 and 950 based on a thousand variables across five datasets, accounting for
financial and social data based on information collected from smartphone apps such as Alipay
(Alibaba’s mobile payment app).
Risk Management
SPOT. ACT. ACCELERATE.
Companies need to see potential threats before they emerge and be able to make changes
fast to avoid business disruption while maintaining regulatory compliance.
With Nexis Solutions you can:
• Proactively identify issues that require your immediate attention
• Gain a comprehensive view of critical third parties to avoid costly disruptions
• Quickly conduct due diligence on a person or company
• Streamline workflows with intelligent automation
For a free trial or demo visit our website
bis.lexisnexis.com/LexisNexis-CeFPRO-Ad
12FEATURED ARTICLE
LOAN
PORTFOLIO Joe Posavec,
PERFORMANCE
Managing Director, Special
Opportunities Group,
Cushman & Wakefield
& FinTech Advisory
Board Member, CeFPro
The current situation has disrupted nearly every segment of our lives as well as the global economy. As a result, the financial sector
is now dealing with increased credit risk, servicing issues and deteriorating loan performance.
The US government has implemented massive Small Business Administration (SBA) and other loan programs to provide aid to
individuals and businesses that were financially impacted. The government has also temporarily altered banking regulations to
allow borrowers to request forbearance or loan modifications from banks without negative impact to bank reserves or classification
of such actions as troubled debt restructurings (TDR). All of this has helped provide some stability to the economy and will,
hopefully, help avoid a massive recession. But this may also have masked some of the underlying weaknesses that will surface once
the smoke clears and we take stock of the overall impact.
The critical consideration is that with most of the forbearances and modifications lasting 90 to 120 days, which will soon begin
to expire, and a large number of these loans will likely not return to their contractual terms. This will result in payment defaults
and substantial increases in bank credit reserves, loan workout activity and foreclosures. The effect will be felt across residential,
commercial and business loans alike.
On the residential side, unemployment These are only a few examples of factors this is a time for restraint in lending and
will likely have a major effect on that could impact the banking sector. increasing quality control checks on every
delinquency rates. As of June, the US It will undoubtedly place more focus deal prior to funding.
unemployment is just over 11%, while on bank loan workout departments.
Europe is currently (June 2020) at a Every bank should already be planning
less-disastrous 7.4%, though one should for increased activity within these
not underestimate the potential spike groups. They must work quickly to
once furlough schemes expire; in the UK, identify potential weaknesses in their
nearly 9 million workers, more than 27% loan portfolios and should be closely
of the workforce, had been furloughed monitored for signs of impending default.
and questions remain as to what A good strategy would begin with a close
proportion will retain their employment review of any loans secured by highflyer
status once the scheme ends. Questions risk segments like hospitality, tourism or Questions also
also remain as to how many employees retail. Another recommendation is an
can permanently work from home, independent third-party review. Third remain as to how
taking the short-term trend into the party resources are unbiassed, can scale many employees can
future. Additionally, as businesses lay off and offer a broader base of expertise. permanently work
employees and consolidate operations,
the need for physical space may well Banks should also reassess their from home, taking the
plummet. Increased vacancy equates to credit risk and lending models. A short-term trend into
decreased collateral value. timely adjustment of their origination the future. Additionally,
parameters can make a positive impact
Another potential concern is covenant in minimizing risk. Focus should be on as businesses lay
defaults within the commercial real estate caution, disciplined lending and making off employees and
(CRE) loan sector. Several large retailers certain that each loan is thoroughly consolidate operations,
have already filed for bankruptcy, with documented. This is a lesson that all of
more anticipated. Credit tenant defaults us can take away from the last financial the need for physical
can trigger a convent default within disaster. There was a tremendous amount space may well plummet.
the landlord’s financing facility, again of aggressive lending activity in the Increased vacancy
resulting in increased bank reserves, commercial sector for several months
increased workout activity and increased after the residential markets had already equates to decreased
foreclosures. crashed. I cannot emphasize enough that collateral value.
13TECHNOLOGY
FINANCIAL
INNOVATION
Alessia Falsarone AND THE RISE OF
Managing Director, PineBridge
Investments, FinTech Advisory
Board Member, CeFPro
SOCIAL ANALYTICS
How has financial innovation been holding up during our COVID days? What role will it play in the post-COVID recovery? Had we
asked these questions just a handful of weeks ago, our discussion would have focused primarily on business continuity planning
with an eye on both organizational agility and prevention of cyber threats. The unexpected rise of basic social dimensions such
as health and safety hazards, employee wellbeing, and accountability towards key human rights, to name just a few, poses direct
operational risks to the longevity of any enterprise. Financial technology solutions trained by adaptive AI to detect bias in the
workplace are likely to rise to the top of the wish list of both CROs and CTOs over the next handful of years. How to best prepare?
The Path to Identifying Social Biases three in four small businesses would have Financial Innovation Can Propel
Starts from Within remote working arrangements in place Inclusiveness in Human Interactions
by 2028. A future that COVID has turned
As COVID-19 continues to infiltrate upside down. Financial innovation can help to close
every aspect of our daily lives, it has the inclusion gap by making group
unveiled the fundamental weaknesses Developing Social Analytics to communication collaborative and
of our social fabric. In a matter of weeks, Advance Workplace Effectiveness unbiased. An example of real data
the #BlackLivesMatter movement has supporting change in real dynamics
pressured thousands of organizations Long time critics of the ‘measure what is that of the AI-enabled team
internationally to revisit their operating you manage’ approach to human capital communication platform
practices with respect to preventing often fault the lack of comparable RiffAnalytics.ai. Backed by an all-star
and mitigating systemic inequalities, to datasets and privacy barriers for the crew of MIT funders and advisors, the
better contain social unrest and build minimal disclosure standards adopted platform seeks to provide feedback
support for anti-racism advocacy. Equal by corporations over the years, which on meeting dynamics and promotes
representation by race and gender, in turn make any social metrics not actionable insights through metrics of
strength of community relations and robust enough to drive corporate interruption/flow, dominance, bias and
corporate behaviors towards basic decision making. This is a sensible influence in a discussion while preserving
human rights abuses are just a few of the explanation, which nevertheless may privacy of human interactions. In its
social dimensions in question. What has expose organizations to longer-term blog, Beth Porter, CEO of RiffAnalytics.ai
become abundantly clear is the need to issues and reputational struggles. The argues that the value of “an augmented
move the dialogue from ‘Standards of impact of physical and mental health team working with tools that regulate
Conduct’ to defining an enterprise-wide on operational performance has quickly and objectively measure how they
toolkit to best educate and guide internal reached top priority status in business work together and relate to each
and external stakeholders. While defining continuity planning during the full-time other can break down these barriers
prevention and monitoring strategies home confinement and teleworking days by providing data to back up human
sounds like the most sensible near-term of COVID-19. observations. When delivered directly
approach to managing safely through the to individuals and teams, rather than
social turmoil, it may quickly turn into the A recent study by McKinsey has through managers, they empower people
least effective solution. found that in addition to basic needs to self-manage, in flat or hierarchical
(safety and security), what is having organizations alike”.
The hidden price of a socially- a disproportionate effect on the
disconnected talent pool within effectiveness of our newly digital There is tremendous room to grow for
corporate headcounts is that of faltering workforce is the interplay between fintech solutions that enhance the well-
employee productivity, followed by social cohesion, individual purpose researched productivity gains stemming
the inevitable hindering of innovation and trusting relationships. The value from a connected workplace invested in
resulting from social biases in team of collaboration tools in strengthening employee engagement and inclusivity
dynamics – something that businesses individual and group interaction has (on average a 17% increase in profitability
were not immune to prior to the been long recognized by business as reported by Gallup in 2019). While it
pandemic. The May 2019 report ‘Deskless leaders but there continues to be a is impossible to predict the many ways in
not Voiceless: Communication Works’ huge gap in technology adoption which COVID will affect the outlook for
by Facebook highlights how 54% of to validate that. In fact, while almost machine-to-machine communications,
remote workers surveyed from over 4,000 95% of leaders have identified the the pickup in mass connectivity will have
companies with over 100 employees in need for collaboration tools, only 56% to go beyond digital readiness and
the US and the UK felt disconnected; currently use them. In addition, most address the interplay of social biases and
‘voiceless’. Only 20% recognized their of the adoption effort pre-COVID was human capital development by placing
ideas made up a substantial portion addressing workplace connectivity as employee engagement at the heart of
of conversation with their managers. opposed to employee experience. technology adoption.
Interestingly, the report predicted that Disclaimer: Any views expressed are personal,
rather than reflecting a particular company,
14 board of directors, or media source.TECHNOLOGY
Focus
on the risks
that actually
matter.
The HighBond platform helps you focus on the right controls to
reduce risk exposure and make you and your team more strategic.
Use data automation and pre-populated workflows to quickly start rationalising
compliance risk and control environments. Then quantify risk with real-time dashboards
and ultimately ensure regulatory compliance.
Ready to focus with HighBond?
wegalvanize.com/highbond
15TECHNOLOGY
OPEN BANKING AND
FINANCING – A COVID-19
LESSON LEARNED
Ido Lustig, Chief Risk Officer, BlueVine, Advisory Board Member, CeFPro FinTech Leaders
CRO of BlueVine shares personal insights from
the front lines of the Paycheck Protection Program
COVID-19 has taken the economy through some severe setbacks, impacting most of the globe. Businesses around the world saw
a massive decline in revenues, causing many to use all of their savings. Small and medium-sized businesses were impacted most
significantly due to their limited backup resources and vulnerable nature in general.
In an attempt to save as many businesses and jobs while helping the economy recover, governments initiated stimulus programs,
injecting money into the markets. In the United States, a key program was the Paycheck Protection Program, designed to provide
a direct incentive for small businesses to keep their workers on the payroll. As part of this program, loans could be fully forgiven,
given that businesses use the received funds to pay their employees (the SBA is drafting final forgiveness guidelines as this article is
being written).
BlueVine was fortunate to have the means, technology and partnerships to take part in this program, helping tens of thousands
of businesses and hundreds of thousands of employees to keep their jobs. With a median loan size of $20K, BlueVine was serving
real, main street, small businesses, no matter their size or location. Our process, including retrieving loan numbers, was automated
and online. By working directly with BlueVine, small business owners could expect to see a faster, more streamlined process able to
service all types of customers.
How were we able to process so many loan requests and handle the incoming volume of applications, calls and emails, which was
over ten times our regular volume? A few elements contributed to our success, and they all share one thing in common – our ability
to process and digitize scanned documents and PDFs at scale. >>
BlueVine was fortunate to have the means, technology and partnerships to take part in this
program, helping tens of thousands of businesses and hundreds of thousands of employees to
keep their jobs. With a median loan size at $20K, BlueVine was serving real, main street, small
businesses, no matter their size of location. Our process, including retrieving loan numbers, was
automated and online. By working directly with BlueVine, small business owners could expect to
see a faster, more streamlined process able to service all types of customers.
16TECHNOLOGY
As part of PPP, business owners were asked to submit proof that their business existed in February 2020, providing tax
documentation, payroll documents and bank statements. Lenders reviewed these documents to make sure that the data was
correct and closed the loop between the business, their provided documents and the account for the transferred funds. At this
point, our robust Optical Character Recognition (OCR) capabilities came into play – by working with companies like Ocrolus, and
by leveraging OCR technology like ABBYY’s Flexicapture and Amazon’s Textract, we quickly came up with the ability to OCR and
digitize bank statements, numerous tax and payroll forms, and voided checks. That, together with our automated data-processing
and scorecard layer, allowed us to handle thousands of applications a day, providing a response in as quickly as a few minutes, to
the great satisfaction of our customers.
Business Name
Payroll Bank Account
Information Information
Tax ID
As always, considerable capital attracts fraud and the Paycheck instant understanding of the standing and beneficiary name of
Protection Program (PPP) with its favorable terms was no a bank account, together with additional data points if needed
exception. It is not clear yet how much fraud was introduced (balances, negative events and even transaction-level data). This
through the PPP, but it is evident that some fraud existed. Given would enable greater standardizations across multiple players
that the US government wanted to deploy funds quickly and and also offer consumers more comprehensive control of their
efficiently, lenders were guided to view the documents provided data to clearly understand how it is being used.
by clients with good faith. Thus, fraudsters who wanted to have
funds injected into their account could steal an identity and Why stop there? Why not get real-time confirmation from a
then alter a bank statement and a tax form (with a simple PDF governmental agency on the legitimacy of an individual or a
editor) to show the business name and tax ID of that stolen business using their personalidentifier (SSN in the US) or
identity. Many lenders, BlueVine included, quickly developed tax ID? Once again, our UK-based readers are nodding their
counter-fraud measures, such as PDF manipulation detectors heads, as this concept exists, to most extent, as part of the
and IP/cookie velocity monitoring. With these measures in Companies House.
place, we were able to support large numbers of businesses as
the program faded out towards the end of June. Companies like Yodlee and Plaid aim to shorten the OCR/
digitization cycle by providing more scalable access to bank
We take great pride in our agility and quick reactions. With data, but they too rely heavily on website scraping, which can
that said, one may argue that had the US had excellent be thought of as another form of OCR.
open-banking and open-government systems, PPP loan
processing and fraud mitigation would have been much easier Recent research shows how much the COVID crisis has helped
to conduct. One may think that open banking means unlimited to push consumers towards online banking and even our own
access to banking data, which will lead to fraudsters taking poll showed that 93% of small business owners are more likely
advantage of the available data, but the contrary is true. Open to bank online now versus a year ago. It is becoming more
banking means easier access to legitimate players and larger apparent that users expect to conduct most, if not all, of their
hurdles to bad ones. banking activities online. Without a scalable and regulated
solution that will allow financial institutions to verify the identity
For example, if banks were required to share financial and legitimacy of individuals and businesses, this online
information electronically, securely and only under conditions revolution can only go so far. As seen in PPP, open banking
that customers approve – via an API rather than a PDF would not only create greater efficiency and access to financial
document – many fraudsters would have found it more difficult services but also greater safety for consumers.
to infiltrate. In such a world – which is becoming the norm in
the UK – authorized vendors would have the ability to provide
lenders, payment processors and other financial players with an
17TECHNOLOGY
WHEN MACHINE
LEARNING DOESN’T
WORK AS EXPECTED,
WHAT WENT WRONG Maurizo Garro
Senior Lead – IBOR
AND HOW CAN YOU Transition Programme
Lloyds Banking Group
RECOVER?
In recent years, financial institutions have points above can help to understand determine the basis of their model risk
been investing in the development of the ‘black box’ nature of the learning management framework. This requires
machine learning (ML) to deliver added mechanism of ML, which requires extra the involvement of senior executives,
value added to their customers and care when relying on algorithms to make as they need to receive appropriate
products. The exponential growth of the decisions. information to make an informed
development of ML has been possible decision about the role ML can play in
by the evolution of technology, which Perfection always starts with mistakes, so their firms.
has allowed use of a larger amount how can we make ML a better place? Of
of data (including unstructured data) course, the starting point is the data. First Secondly, the validators must be sure
and increased computing powers. of all, it is important that data is accurate, they are equipped with the right tools
ML can be used to support business complete and sufficient to extract and skills to deal with the big data and
decisions in many areas, including asset statistically significant insights. Data computational complexity behind the
management, customer relationship inputs must be interpretable, coherent ML exploit. While the appropriateness
management (CRM), fraud detection, with a firm’s internal policy and supported of the skills and knowledge of the model
credit risk management and regulatory by a business rationale. In addition, validation team is a not a new topic, the
compliance. a robust approach to pre-processing exponential growth of ML has highlighted
the data must be taken, to avoid any the importance of the tools the model
Given the intrinsic, complex and dynamic corrupted learning process. validators need to perform their tasks.
nature of ML, the possibility of failure is In addition, given the higher complexity
unsurprising. There are many reasons Another important point is the of ML from a data and methodology
why failures can occur, one of which is calibration; as we know, this is a crucial perspective, it is crucial that the model
bias in the training data and method, part of traditional models and it is even validators define a clear validation plan
e.g., sampling, data preparation as the more important for ML given the number for each model where they describe the
scientist can select many options to train of parameters, data and the frequency specific tests to perform, therationale for
ML models with different associated with which they are updated. In this using those tests, and an explanation of
outcomes. Another reason is that the case, we can establish specific controls the possible outcomes with implications
ultimate scope of ML is not well defined to assess if the calibration is appropriate for the model under review.
or transparent and does not match any and develop a monitoring framework,
specific business requirements. Further including thresholds and triggers, to As a final remark, it is important to
issues are linked to the machine learning determine whether the model is working be aware that ML can provide a lot of
techniques, which are not able to inform as expected. benefits in terms of accuracy, predictive
us when the information is unclear, or power and actionable insights.
when they cannot effectively learn from Of course, the above requires some However, these come at the cost of
the data. changes in the way we review model risk higher complexity from a model risk
for ML. A current challenge for financial management perspective, which requires
Furthermore, ML uses a high number of institutions is how to review and amend a full understanding of the peculiarities
hyperparameters e.g., how many trees model governance policy to reflect the and challenges of ML.
I consider in a decision process like features of ML discussed above. Each
random forest. These hyperparameters firm must define if the change should be
are defined by the developer and not the at policy, standards or procedure level.
data, so they introduce a human bias. In addition, they must decide whether
Finally, algorithmics cannot understand they want to track the newly-developed Perfection always
the context of the language used used; ML in the existing model inventory or
starts with mistakes, so
they may learn letters, words, sentences create a new one specifically for them.
or even the syntax, but where they fall The key driver of the direction is the how can we make ML a
back is the context of the language. The firm’s appetite for model risk, as this will better place? Of course, the
starting point is the data.
18TECHNOLOGY
IBM RegTech Virtual
Summit on-demand
replays
RegTech experts and industry professionals
met in a virtual event to learn about leading
practices and latest innovations in financial
crimes, GRC and payments. See what you
missed with replays of this summit on-demand.
The keynote session, “Navigating risk in times
of uncertainty,” addresses how financial
institutions are coping with new challenges.
There are three tracks and twelve sessions,
plus the keynote:
– Governance, risk and compliance track
– Financial crimes track
– Payments track
Learn about the sessions and watch the replays.
Go to: ibm.co/2ZJq09A
© Copyright IBM Corporation 2020. IBM, the IBM logo, and ibm.com are
trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks
of IBM or other companies. A current list of IBM trademarks is available on the
Web at https://www.ibm.com/legal/us/en/copytrade.shtml, and select third party
trademarks that might be referenced in this document is available at https://ww-
w.ibm.com/legal/us/en/copytrade.shtml#se ction_4.
19TECHNOLOGY
THE VALIDATION OF
NATURAL LANGUAGE
Roderick A. Powell,
FRM, Head of Model
Risk Management
PROCESSING MODELS
Ameris Bank
Financial services companies are increasingly using natural language processing (NLP) models. These models leverage
various algorithms to analyze and classify textual or unstructured data. For example, supervised machine learning
algorithms, such as Naïve Bayes, can also be used to separate legitimate emails from spam emails. Unsupervised machine
learning algorithms, such as Latent Dirichlet Allocation (LDA) can be used to sort written customer complaints into various
categories. This enables a firm to focus on improving customer service in the areas with the most complaints.
NLP can also be used in sentiment analysis. For example, a firm can scrape comments from social media sites that mention
them and determine if these comments are positive or negative. In addition, NLP is used in Robotic Processing Automation
(RPA), i.e., bots and virtual assistants, such as chatbots.
There is no consensus in the financial services industry on whether to classify NLP applications as models. The current
regulatory guidance (SR 11-7) does not specifically address NLP. However, it appears that NLP models used for classification
or clustering of documents may fall under the purview of a model risk management program. This article will describe two
popular algorithms used in NLP Models: Naïve Bayes for classification and Latent Dirichlet Allocation (LDA) for clustering. It
will also discuss the main areas that model validators should focus on when assessing these models.
Naïve Bayes
Tuning and Validation of Hyperparameters
Naïve Bayes is a supervised machine learning algorithm.
It is often used as an alternative to Logistic Regression While there are a few hyperparameters that can be tuned
for the classification of documents. In technical terms, for Naïve Bayes, in practice the algorithm is often used with
Naïve Bayes is a probabilistic classifier that assumes default hyperparameter settings in Python libraries.
independence between the features of the data. It is called
‘Naïve’ because of the unrealistic assumption that there is Output Evaluation
no correlation among features. This assumption does not
cause significant performanceissues, provided there are The confusion matrix is the typical tool used to assess the
not very strong correlations among features. accuracy of the Naïve Bayes model output. The goal is to
have the lowest number of false positives and negatives.
The Bayes formula underlies the Naïve Bayes algorithm. In There are other classification algorithms, such as Logistic
general terms, it first assumes Bayes’ formula first assumes Regression, that can classify documents. Model developers
a probability of an event occurring prior to some other should have confusion matrices on other algorithms
event and then alters that probability based on that new or challenger models, such as Logistic Regression, for
event occurring. For example, under normal circumstances, comparison. In addition, the Area Under Curve metric can
if you see a child running, you may assume that the child be used to determine how Naïve Bayes stacks up against
is playing. In this case the odds may be only 20% that the alternative document classification approaches. The model
child is running from a threat. However, if a large dog is validator should review the reasonableness of developer
barking ten feet away from the child, those odds that the conclusions regarding model performance. >>
child is running from a threat would be adjusted much
higher.
The Bayes formula underlies the Naïve Bayes algorithm. In general terms, it first assumes
Bayes’ formula first assumes a probability of an event occurring prior to some other event and
then alters that probability based on that new event occurring.
20You can also read
