Data Governance, FinTech, #Blockchain and Audits (Upcoming Bangalore Talk)

This is skeletal and I am febrile, and absolutely nowhere near being punctilious. The idea is to note if this economic/financial revolution, (could it even be called that?) could politically be an overtone window? So, let this be otiose and information disseminating, for a paper is on its way forcing down greater attention to detail and vastly different from here. 

Data Governance and Audit Trail

Data Governance specifies the framework for decision rights and accountabilities encouraging desirable behavior in data usage

Main aim of Data Governance is to ensure that data asset are overseen in a cohesive and consistent enterprise-wide manner

Why is there a need for Data governance? 

Evolving regulatory mechanisms and requirements

Could integrity of data be trusted?

Centralized versus decentralized documentation as regards use, hermeneutics and meaning of data

Multiplicity of data silos with exponentially rising data

Architecture

Information Owner: approving power towards internal + external data transfers + business plans prioritizing data integrity and data governance

Data steward: create/maintain/define data access, data mapping and data aggregation rules

Application steward: maintain application inventory, validating testing of outbound data and assist master data management

Analytics steward: maintain a solutions inventory, reduce redundant solutions, define rules for use of standard definitions and report documentation guidelines, and define data release processes and guidelines

What could an audit be?

It starts as a comprehensive and effective program encompassing people, processes, policies, controls, and technology. Additionally, it involves educating key stakeholders about the benefits and risks associated with poor data quality, integrity and security.

What should be audit invested with?

Apart from IT knowledge and operational aspects of the organization, PR skills, dealing with data-related risks and managing a push-back or a cultural drift handling skills are sine qua non. As we continue to operate in one of the toughest and most uneven economic climates in modern times, the relevance of the role of auditors in the financial markets is more important than ever before. While the profession has long recognized the impact of data analysis on enhancing the quality and relevance of the audit, mainstream use of this technique has been hampered due to a lack of efficient technology solutions, problems with data capture and concerns about privacy. However, recent technology advancements in big data and analytics are providing an opportunity to rethink the way in which an audit is executed. The transformed audit will expand beyond sample-based testing to include analysis of entire populations of audit-relevant data (transaction activity and master data from key business processes), using intelligent analytics to deliver a higher quality of audit evidence and more relevant business insights. Big data and analytics are enabling auditors to better identify financial reporting, fraud and operational business risks and tailor their approach to deliver a more relevant audit. While we are making significant progress and are beginning to see the benefits of big data and analytics in the audit, this is only part of a journey. What we really want is to have intelligent audit appliances that reside within companies’ data centers and stream the results of our proprietary analytics to audit teams. But the technology to accomplish this vision is still in its infancy and, in the interim, what is transpiring is delivering audit analytics by processing large client data sets within a set and systemic environment, integrating analytics into audit approach and getting companies comfortable with the future of audit. The transition to this future won’t happen overnight. It’s a massive leap to go from traditional audit approaches to one that fully integrates big data and analytics in a seamless manner.

Three key areas the audit committee and finance leadership should be thinking about now when it comes to big data and analytics:

External audit: develop a better understanding of how analytics is being used in the audit today. Since data capture is a key barrier, determine the scope of data currently being captured, and the steps being taken by the company’s IT function and its auditor to streamline data capture.

Compliance and risk management: understand how internal audit and compliance functions are using big data and analytics today, and management’s future plans. These techniques can have a significant impact on identifying key risks and automating the monitoring processes.

Competency development: the success of any investments in big data and analytics will be determined by the human element. Focus should not be limited to developing technical competencies, but should extend to creating the analytical mindset within the finance, risk and compliance functions to consume the analytics produced effectively.

What is the India Stack?

A paperless and cashless delivery system; a paradigm that is intended to handle massive data inflows enabling entrepreneurs, citizens and government to interact with each other transparently; an open system to verify businesses, people and services.

This is an open API policy that was conceived in 2012 to build upon Aadhaar. The word open in the policy signifies that other application could access data. It is here that the affair starts getting a bit murky, as India Stack gives the data to the concerned individual and lets him/her decide who the data can be shared with.

financialsecurity_007

So, is this a Fintech? Fintech is usually applies to the segment of technology startup scene that is disrupting sectors such as mobile payments, money transfers, loans, fundraising and even asset management. And what is the guarantee that Fintech would help prevent fraud that traditional banking couldn’t? No technology can completely eradicate fraud and human deceit, but I believe technology can make operations more transparent and systems more accountable. To illustrate this point, let’s look back at the mortgage crisis of 2008.

Traditional banks make loans the old fashioned way: they take money from people at certain rates (savings deposits) and lend it out the community at a higher rate. The margin constitutes the bank’s profit. As the bank’s assets grow, so do their loans, enabling them to grow organically.

Large investment banks bundle assets into securities that they can sell on open markets all over the world. Investors trust these securities because they are rated by third party agencies such as Moody’s and Standard & Poor’s. Buyers include pension funds, hedge funds, and many other retail investment instruments.

The ratings agencies are paid by investment banks to rate them. Unfortunately, they determine these ratings not so much by the merits of the securities themselves, but according to the stipulations of the banks. If a rating fails to meet the investment banks’ expectations, they can take their business to another rating agency. If a security does not perform as per the rating, the agency has no liability! How insane is that?

Most surprisingly, investment banks can hedge against the performance of these securities (perhaps because they know that the rating is total BS?) through a complex process that I will not get into here.

Investment banks and giant insurance firms such as AIG were the major dominoes that nearly caused the whole financial system to topple in 2008. Today we face an entirely different lending industry, thanks to FinTech. What is FinTech? FinTech refers to a financial services company (not a technology company) that uses superior technology to bring newer and better financial products to consumers. Many of today’s FinTech companies call themselves technology companies or big data companies, but I respectfully disagree. To an outsider, a company is defined by its balance sheet and a FinTech company’s balance sheet will tell you that it makes money from the fees, interest, and service charges on their assets—not by selling or licensing technology. FinTech is good news not only for the investors, borrowers and banks collectively, but also for the financial services industry as a whole because it ensures greater transparency and accountability while removing risk from the entire system. In the past four to five years a number of FinTech companies have gained notoriety for their impact on the industry. I firmly believe that this trend has just begun. FinTech companies are ushering in new digital business models such as auto-decisioning. These models are sweeping through thousands of usual and not-so-usual data sources for KYC and Credit Scoring.

But already a new market of innovative financial products has entered into mainstream finance. As their market share grows these FinTech companies will gradually “de-risk” the system by mitigating the impact of large, traditional, single points of failure. And how will the future look? A small business might take its next business loan from Lending Club, OnDeck, Kabbage, or DealStruck, instead of a traditional bank. Rather than raising funds from a venture capital firm or other traditional investor, small businesses can now look to Kickstarter or CircleUp. Sales transactions can be processed with fewer headaches by Square or Stripe. You can invest your money at Betterment or Wealthfront and not have to pay advisors who have questionable track records outperforming the market. You can even replace money with bitcoin using Coinbase, Circle, or another digital-currency option. These are the by-products of the FinTech revolution. We are surrounded by a growing ecosystem of highly efficient FinTech companies that deliver next-generation financial products in a simple, hassle-free manner. Admittedly, today’s emerging FinTech companies have not had to work through a credit cycle or contend with rising interest rates. But those FinTech companies that have technology in their DNA will learn to ‘pivot’ when the time comes and figure it all out. We have just seen the tip of this iceberg. Technically speaking, the FinTech companies aren’t bringing anything revolutionary to the table. Mostly it feels like ‘an efficiency gain’ play and a case of capitalizing on the regulatory arbitrage that non-banks enjoy. Some call themselves big data companies—but any major bank can look into its data center and make the same claim. Some say that they use 1,000 data points. Banks are doing that too, albeit manually and behind closed walls, just as they have done for centuries. FinTechs simplify financial processes, reduce administrative drag, and deliver better customer service. They bring new technology to an old and complacent industry. Is there anything on the horizon that can truly revolutionize how this industry works? Answering this question brings us back to 2008 as we try to understand what really happened. What if there was a system that did not rely on Moody’s and S&P to rate the bonds, corporations, and securities. What if technology could provide this information in an accurate and transparent manner. What if Bitcoin principles were adopted widely in this industry? What if the underlying database protocol, Blockchain, could be used to track all financial transactions all over the globe to tell you the ‘real’ rating of a security.

20151031_FBC911

Blockchain can be defined as a peer-to-peer operated public digital ledger that records all transactions executed for a particular asset (…) “The Blockchain maintains this record across a network of computers, and anyone on the network can access the ledger. Blockchain is ‘decentralised’ meaning people on the network maintain the ledger, requiring no central or third party intermediary involvement.” “Users known as ‘miners’ use specialised software to look for these time stamped ‘blocks’, verify their accuracy using a special algorithm, and add the block to the chain. The chain maintains chronological order for all blocks added because of these time-stamps.” The digitalisation of financial service opens room for new opportunity such as to propose new kind of consumer’s experience as well as the use of new technologies and improve business data analysis. The ACPR, the French banking and insurance regulatory authority, has  classified the opportunities and risks linked to the Fintech such as the new services for uses, better resilience versus the difficulty to establish effective supervision, the risks of regulation dumping and regarding clients interest protection such as data misuse and security. The French Central Bank is currently studying blockchain in cooperation with two start-ups, the “Labo Blockchain” and “Blockchain France”. In that context, blockchain is a true financial service disruption, according to Piper Alderman “Blockchain can perform the intermediating function in a cheaper and more secure way, and disrupt the role of Banks.”

Hence, leading bank wants to seize that financial service opportunity. They are currently working on blockchain project with financial innovation firm, R3 CEV. The objective is that the project delivers a “more efficient and cost-effective international settlement network and possibly eliminate the need to rely on central bank”. R3 CEV has announced that 40 peer banks, including HSBC, Citigroup, and BNP Paribas, started an initiative to test new kind of transaction through blockchain. This consortium is the most important ever organized to test this new technology.

And what of security? According to the experts “the design of the blockchain means there is the possibility of malware being injected and permanently hosted with no methods currently available to wipe this data. This could affect ‘cyber hygiene’ as well as the sharing of child sexual abuse images where the blockchain could become a safe haven for hosting such data.” Further, according to the research, “it could also enable crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.” The issue of cyber-security for financial institutions is very strategic. Firstly, as these institutions rely on customer confidence they are particularly vulnerable to data loss and fraud. Secondly, banks represent a key sector for national security. Thirdly they are exposed to credit crisis given their role to finance economy. Lastly, data protection is a key challenge given financial security legal requirements.

As regard cyber security risks, on of the core legal challenge will be the accountability issue. As Blockchain is grounded on anonymity the question is who would be accountable for the actions pursued? Should it be the users, the Blockchain owner, or software engineer? Regulation will address the issue of blockchain governance. According to Hubert de Vauplane, “the more the Blockchain is open and public, less the Blockchain is governed”, “while in a private Blockchain, the governance is managed by the institution” as regard “access conditions, working, security and legal approval of transactions”. Where as in the public Blockchain, there is no other rules that Blockchain, or in other words “Code is Law” to quote US legal expert Lawrence Lessing. First issue: who is the block chain user? Two situations must be addressed depending if the Blockchain is private or public. Unlike public blockchain, the private blockchain – even though grounded in a public source code – is protected by intellectual property rights in favour of the organism that manages it, but still exposed to cyber security risks. Moreover, a new contractual documentation provided by financial institutions and disclosure duty could be necessary when consumers may simply not understand the information on how their data may be used through this new technology.

‘Disruption’ has turned into a Silicon Valley cliché, something not only welcomed, but often listed as a primary goal. But disruption in the private sector can have remarkably different effects than in the political system. While capital forces may allow for relatively rapid adaptation in the market, complex political institutions can be slower to react. Moreover, while disruption in an economic market can involve the loss of some jobs and the creation of others, disruption in politics can result in political instability, armed conflict, increased refugee flows and humanitarian crises. It nevertheless is the path undertaken….

Advertisements

2 thoughts on “Data Governance, FinTech, #Blockchain and Audits (Upcoming Bangalore Talk)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s