Financial institutions (FIs) have had a rough 2023 so far, from the collapse of regional banks in the US to the lengthy outage of a major Singapore bank’s digital services. These incidents remind us that the finance sector faces a wide variety of risks in both the business and operational side of things. These risks increase in a complex cloud or hybrid operating environment, which is common among FIs as traditional banks shift to the cloud to compete with agile cloud-native digital banks.
In our regular conversations with customers in the finance sector across Asia, we’ve found that some of their current top risks and pain points keep falling into these three areas — security, innovation and transparency. We take a look at some case studies below and how financial services including banks and e-wallet providers can tackle these challenges.
No surprises here, the high value of the monies and data held by FIs means there is no shortage of malicious actors attempting to break into their digital vaults. Fraud, money laundering and stolen data are some common risks that financial services confront on a daily basis.
FIs also deploy various tools and applications to enable convenience for customers. These programs improve customer experience, but also increase security risk by increasing the complexity of an organization’s IT operations. Additionally, IT teams that oversee these operations are usually based in different countries. This tends to lead to a lack of cohesiveness and makes collective tech responses challenging.
Lastly, we observed that many financial services in Asia are transitioning from purchasing third-party solutions to in-house development for greater control and agility. However, this results in data and security gaps.
Constantly understaffed, cybersecurity teams need to be clear-eyed and maximize their resources in order to efficiently combat threats coming from various sources. Having a centralized system with full network and applications visibility would help save valuable time and effort in identifying malicious activity and potential threats.
For example, Hong Kong-based Bank of East Asia (BEA) saw digital resilience as an integral part of its fintech strategy, but found it difficult to achieve due to the bank’s distributed environment. The bank, which operates more than 150 branches around the world, found tasks such as manual troubleshooting time-consuming as each global team had to run its own security information and event management system.
To overcome this, the bank’s IT team leverages on Splunk Cloud’s ability to pull security data from anywhere in real time to gain visibility across its various IT environments globally. With a unified system, BEA’s head office shares a dashboard with every subsidiary, giving each team full visibility into its security posture, and allowing them to keep up with the dynamic threat landscape.
Visibility, when combined with other capabilities such as automation tools, helps to foster digital resilience and lowers the risk of security breaches.
Having a holistic approach to visibility and prevention, while using tools appropriately (e.g. setting the right perimeters for detection of suspicious activity), allows FIs to make smarter decisions, save staff time and effort, and ultimately lower security risk.
A very different but equally important risk faced by FIs is in innovation. The perennial tech talent shortage means there is a danger of IT teams being overrun by admin tasks and focusing only on every day upkeep. Through our conversations with CTOs and business leaders, we’ve found that ongoing tasks such as error monitoring and bug patching can lead to overall stagnation in financial services and hinder them from building out their own use cases.
One company that faced such a risk was Hyphen Group. There’s no hitting pause on innovation for a company that owns personal finance website Seedly and has more than 1,500 products in five markets. With more innovation and continued business growth comes an increase in the complexity of the company’s IT environment and cross-functional processes.
Its teams have to produce more code and deploy additional infrastructure to cope with new product launches, but the lack of DevOps visibility made it difficult to run a more complex IT environment.
To avoid innovation risk, the company partnered with Splunk and relied on Splunk Observability Cloud to help drastically reduce IT admin time, automating tasks such as identifying and classifying different types of errors, which helps to streamline the problem-solving process.
Having better observability and automation within its IT environment has helped Hyphen Group accelerate infrastructure deployment eightfold. For example, the company launched its new insurance platform in only 45 days, whereas previously it would have taken an entire year.
We’ve covered some current risks faced by FIs, but there’s another risk that we’ve noticed through our conversations with them, and we believe it will be pertinent in the future - transparency. As AI becomes more embedded in financial services, there is a growing need for transparency and visibility to ensure compliance with legal frameworks. These frameworks usually require the organization to act in their customers' best interests and handle their data and money in a transparent manner.
One of the main challenges is the lack of explainability in AI-powered decisions. With traditional decision-making processes, it is relatively easy to trace how a decision was made. But with AI, it can be difficult when it involves complex algorithms and data sets. A trending example is the use of ChatGPT. This lack of transparency can lead to mistrust and skepticism among customers, regulators and stakeholders.
To address this challenge, FIs must be able to provide transparency and demonstrate compliance on how AI is being used to make decisions that impact customers. This can be achieved through better data visibility and observability, which allow IT teams to quickly pull out information on outcomes, identify anomalies and errors, and make adjustments as needed.
One way to achieve this is through the use of monitoring and analytics tools that are compliant with industry standards and government policies. With real-time insights into machine data, FIs can gain a comprehensive understanding of their system performance. Tools that are developed in compliance with various authorities’ standards also help to ensure that activities such as handling customer information are done within the standards of the law.
Cut Down Your Risk
Cloud technology is already embedded in many FIs, while AI will eventually follow suit. There is a sense of urgency for financial services in Asia to get ahead of advanced technologies and greatly reduce risks mentioned above by having full visibility into their IT systems. From one of Indonesia’s largest e-wallet providers DANA to global payments platform leader Stripe, Splunk has helped financial companies to not only absorb shocks and lower systemic risks, but accelerate transformation in a highly competitive industry.
Check out our “40 Ways to Use Splunk in Financial Services” ebook to learn some of the amazing things Splunk customers are doing to be more resilient.