There is significant regulatory growth in financial services. And financial services are among the most highly regulated industries. It is also a primary target for cyberattacks. So how can firms keep up with the evolving compliance and risk landscape, while also ensuring their systems are secure?
“We understand that financial services are a highly regulated industry, and that regulatory compliance is foundational to building a cloud that meets industry needs,” says Dave Dadoun, managing director of global regulatory compliance and worldwide financial services at Microsoft. “This is why we have over 100 certifications and offerings that span different regions and verticals. We collaborate with financial services regulators and customers to consistently comprehend industry needs. Through a productive feedback loop, we incorporate such insights into our services to develop necessary capabilities.
“As regulatory requirements continue to evolve, as seen with the regulations in Europe under the Digital Operational Resilience Act, we will persistently collaborate with the industry, regulators, and other relevant stakeholders to meet regulatory expectations.”
According to Dadoun, recent regulatory developments have had profound implications for how financial firms procure, implement, and manage their services and technologies. Ultimately, these implications boil down to risk management, monitoring cloud services, and formulating prevention, detection and response strategies against potential threats.
Microsoft Cloud has been designed to help firms address the dual challenge of compliance and cybersecurity.
Microsoft Compliance Manager is a built-in tool that simplifies monitoring regulatory compliance and helps reduce risk. It accomplishes this by providing users with a score for their current data protection, based on standards from the International Organization for Standardization, the National Institute of Standards and Technology, and regulatory requirements such as the General Data Protection Regulation. It then identifies key areas for improvement and prioritises recommended actions based on their impact on risk.
Microsoft also provides an extensive array of supporting resources for customers, including the Compliance Program for Microsoft Cloud. This programme connects users with Microsoft experts on cloud-based risk, regulatory compliance, security, and privacy.
Tools such as Microsoft Entra Verified ID and Microsoft Purview are aiding banks in safeguarding customer privacy. “With Entra Verified ID, financial services organisations can empower consumers to control their own identity credentials,” says Lisa Lee, chief security advisor and a global lead in Security Business Development. “The solution adopts a decentralised approach where customers have access to their credentials for various purposes, such as proving employment, education and training, all while tracking when and with whom their identity details were shared. Additionally, banks can employ these credentials to enhance authentication, reducing the risk of fraud.”
Microsoft Purview is helping financial institutions to automate data protection and data security, to implement their data classification policies and to monitor data that may be at risk. Meanwhile, the Information Protection features in Purview facilitate data classification and ensure controls are commensurate with the risk and policy requirements.
“Data can be safeguarded throughout its lifecycle, and this protection can extend to wherever the data resides,” explains Lee. “If a document containing customers’ social security numbers is accidentally sent to the wrong person, it remains unreadable. Sensitive customer data, including social security numbers, passport data, account numbers, income and asset data, can be labelled to provide greater privacy protection for customers. With Purview, banks possess the tools to enforce their data classification policies and ensure that sensitive customer data is categorised and protected.”
There has been a marked rise in cybercrime. The UK Office for National Statistics revealed a 43 per cent increase in fraud and computer misuse crimes between 2019 and 2021. Additionally, the Global Economic Crime Survey reported that 46 per cent of businesses worldwide encountered fraud, corruption, or other economic crime in 2022. In response, many financial institutions turned to the power of artificial intelligence to detect and prevent criminal activities.
In terms of security alone, Microsoft is investing over $20 billion to enhance overall security and counter cyber threats. Microsoft is bringing AI into our own security tooling with Microsoft Security Copilot. With this tool, security personnel can sift through incident reports and research to get intelligence on threats faster. They can also reverse engineer malware exploits and code faster to understand how the code replicates and targets data.
“AI can identify suspicious patterns or anomalies in vast volumes of transaction data,” says Daragh Morrissey, director of AI for worldwide financial services at Microsoft. “Key scenarios include anti-money laundering, where AI can be deployed to detect suspicious behavioural patterns and reduce false positive incidents; identity protection featuring multifactor authentication and behavioural biometrics; and sanctions screening by cross-referencing data with global sanctions lists.”
Banks also can utilise AI capabilities to manage risk. “Natural language processing assists in delivering regulatory documents, legal texts and compliance reports,” says Morrissey. “At Microsoft, we’re democratising AI, making these tools approachable and available to individuals throughout the financial services industry. This is evident in the extensive innovations recently announced at Microsoft Build 2023 where we’ve integrated AI into Microsoft Azure, Microsoft 365, our development tools, and much more.”
Arab National Bank (ANB) is among the growing legion of financial institutions that is using AI to manage risk. Microsoft partners Crayon and Paramount helped the Saudi Arabian bank to implement Microsoft Security across its network. It now has access to real-time threat visibility through Microsoft’s cloud-based AI features.
Partners are developing ever-more sophisticated AI solutions, too. BioCatch, for example, a behavioural biometrics solution provider, utilises Azure to streamline fraud detection capabilities. It employs a predictive intelligence module, powered by AI, to generate outputs like threat indicators, risk factors and risk scores. “BioCatch’s fraud prevention solution equips financial businesses with protection measures and digital safety requirements,” says Anu Chawla, director of ISV partner development for global partner solutions at Microsoft. “The solution empowers Azure-using financial institutions to modernise their fraud detection capabilities with global cloud scalability.
“The potential of Microsoft Cloud is boundless. In terms of fostering innovation, Microsoft is instrumental in safeguarding customer data, all while ensuring adherence to regulatory compliance standards.”
We asked selected partners how they are using Microsoft technology to help financial services firms combat the challenges associated with governance, compliance and risk.
“Whether looking through the lens of implementing a zero-trust strategy, or future proofing against the quantum threat, we help financial services firms enhance their existing Microsoft solutions to combat the challenges associated with governance, compliance and risk,” said Samantha Mabey, director of digital solutions marketing at Entrust.
“Formpipe has been taking advantage of cloud innovation with Azure for many years, hosting our software, Lasernet and Autoform DM, to serve the financial services sector in securely generating and archiving customer documentation at scale and speed,” said Charlie Cotton, delivery manager of cloud services at Formpipe.
Read more from Entrust and Formpipe in the Autumn 2023 issue of Technology Record.