Skip to main content

What we heard at Sibos 2019 in London

Sibos is the annual conference, exhibition and networking event organised by SWIFT for the financial industry.

This year’s conference focused on “Thriving in a hyper connected world”. Our Fintech team has pulled together an overview of what we heard at the conference across a number of themes.

Themes emerging from Sibos 2019 in London

The future of payments

sibos blue

  • Even faster payments: Facilitating instant frictionless cross-border payments (on the wholesale and retail side) is a top priority for the financial industry. Libra has been seen as a “wake-up call”. Improvements to SWIFT’s infrastructure – e.g. its Global Payment Initiative and ISO 20022 messaging standards – are expected to reduce some frictions. The ongoing work and collaboration of central banks is also key to progress.
  • Tokenised payments: Much of the industry’s focus is on improving existing payment systems. However, the use of distributed ledger technology (DLT) in facilitating value movements remains a hot topic. Wells Fargo reported it is adopting DLT to facilitate certain closed-loop payments. J.P.Morgan also discussed the value it expects JPM Coin to deliver to its clients. Whilst the Bank of England reiterated it has no current plans to issue a central bank digital currency, it emphasised that it supports innovation and is upgrading its real time gross settlement system to be interoperable with private payment systems that use DLT. Projects to create digital coins that are backed by central bank money, like Fnality’s Utility Settlement Coin project, were welcomed.
  • Next phase of Open Banking: In relation to the European open banking regulatory framework (PSD2), incumbent banks are beginning to shift their focus from compliance to revenue generation and, in many cases, building their own client facing platforms. In addition, the “payment initiation” and “account aggregation” models specifically provided for under PSD2 are seen by many as “stepping stones” and not the “end-game” in the open banking movement. The market is now focusing on identifying where the real consumer needs lie and how they can use the regulatory framework to address them.
  • Data-driven financial services: Many predict we are likely to see a growth of platforms that are relationship-driven rather than transaction-driven (on both the retail and wholesale side). These will enable financial service providers to offer new products and services to meet the specific needs of their clients. To achieve this, incumbents may need to develop new technological solutions in-house, or turn to the support of techs or fintechs, in gathering and/or analysing data.
  • Connectivity to digital wallets: Digital wallets are increasingly becoming an important means of storing value in many parts of the world. Some predict that in the future many businesses will want to effect value transfers directly from bank accounts to the digital wallets of their employees, contractors or clients. There may be opportunities for the financial industry in easing the connectivity between bank accounts and digital wallets.
  • Servicing the “platform economy”: The global economy is becoming increasingly dominated by platforms. These platforms are likely to demand their financial services be provided through APIs. The development of global API standards is seen as a necessary step to enabling banks to compete for this work and will require collaboration across the financial industry.
  • Investment in wholesale payments: Many fintechs in the wholesale payments space have witnessed significant growth over the last five years. Some predict that after a huge wave of private equity investment in retail payments, the next wave will be on the wholesale side.

DLT and smart contracts in financial markets

sibos orange

  • Support of English law: The Chancellor of the High Court, Sir Geoffrey Vos, delivered the message that English law “can be adapted to literally any commercial situation” – including the development of smart contracts. He explained the work of the UK Jurisdiction Taskforce in resolving areas of legal uncertainty and indicated that we could expect an authoritative legal statement as to the status of DLT and smart contracts under English law in November this year.
  • Fundamental vs incremental changes in market infrastructure: Swiss stock exchange SIX announced the launch of a pilot version of its exchange and central securities depository for natively digital assets. It aims to use the technology to achieve instant atomic settlement and do away with the function of clearing altogether. In contrast, the Australian and Hong Kong exchanges spoke to how they are integrating DLT into their infrastructure but with less fundamental change in mind (at least in the short term). ASX has taken a decision not to pursue instant settlement for the time being and is primarily focused on data synchronisation. HKEX hopes to increase processing speeds in Stock Connect so as to accommodate greater volumes of trades. 
  • Cost reduction vs revenue generation: Drivers for adopting DLT solutions naturally vary between institutions and applications. However, a consistent theme of the conference was that a desire to deliver greater value to clients is at the heart of many projects, rather than cost savings. In the words of J.P.Morgan’s head of blockchain, Umar Farooq: “If you do it for cost savings, you are likely to be disappointed”. 
  • Portable smart contracts: Some institutions have been reluctant to start building out smart contract functionality due to questions around whether to adopt a decentralised ledger and, if so, which one. Digital Asset promoted the use of its smart contract language DAML, which, it says, can be deployed on any ledger (decentralised or not) and be transferred seamlessly from one to the next. Many other panellists spoke to the suitability of the DAML language for financial market applications, such as collateral management or repos. 
  • Applications in KYC: Société Générale reported that it, together with a consortium of 11 other financial institutions, is close to launching a DLT-based KYC tool. The product enables KYC documentation for a particular transaction to be stored on a shared ledger securely and with appropriate access restrictions. It seeks to solve primarily for GDPR compliance and process efficiencies. Its project lead, Valerie Villafranca, explained that whilst the product is a “baby-step”, it addresses real pain points.
  • Tokenised payments: There was debate as to whether financial markets require central bank issued digital currencies for the payment leg of digital securities transactions. The Bank of England reiterated that it has no current plans to issue a central bank digital currency but is continuing its research on the topic. It also emphasised that it is upgrading its real time gross settlement system to be interoperable with private payment systems that use DLT. Projects to create digital coins that are backed by central bank money, like Fnality’s Utility Settlement Coin project, were welcomed.

AI in financial services

  • Focus on responsible and ethical AI: Responsibility for AI is a societal issue – from governments and regulators to operators and vendors, who have a critical role and can support with the right tools. Regulators have more work to do in applying the ethics of accountability. There are wide social ramifications for not getting it right.
  • Explainability: Firms need to balance performance against explainability. Traceability and explainability are essential for defending the use of AI to customers, regulators and the institution itself. New model interpretability methods can help. Key to explainability is getting rid of the “noise” and identifying out of the many variables which were the key variables impacting the decision.
  • What banks should be doing: The bias factor in AI generates significant risks when it comes to combating financial crime. Humans are naturally biased – firms need to learn what causes the bias and then engineer it out of the system. However, this involves engineering and opportunity costs. Firms also need the right algorithmic solution for the relevant task (e.g. different algorithms are required to identify fraud, in investment management and for chat bots).
  • Data challenge: The big challenge is data – banks have data “swamps" not lakes and spend a large portion of their time cleaning data in order to be able to analyse it. Utilising the cloud is no longer optional for banks. It is a cost-effective tool which can actually mitigate risk. Privacy requirements under GDPR can be dealt with in the engineering of AI tools – through “privacy by design". At the point of onboarding, customers can give the right to use their data responsibly, proportionally and in accordance with appropriate processes.
  • Role of the regulators: Regulators have the harder job of having to look at all the legal issues and tech issues whilst promoting innovation across a wide spectrum of financial institutions. A framework is required which cannot be too prescriptive. The industry needs an AI governance structure as it has for data.
  • AI is key to security: Increasingly complex threats and techniques for circumventing regulation require a degree of sophistication that traditional approaches are unable to meet. Only AI combined with human expertise can enable financial institutions to regain the upper hand.
  • AI for improving financial health: Financial services are being democratised - e.g. wealth management advice is now available to all through AI. We are moving from a fragmented view to a connected view of a customer’s financial situation meshing bank and non-bank data and are therefore moving from the cookie cutter to the personalised approach. AI needs quality data and governance - this is not a simple solution.

Combatting cyber threats and financial crime

cyber risk sibos

In this area there were two core themes being discussed:

What is the nature of the risk
  • Cyber- attacks increasing in number and impact: The cost consequences of cyber-attacks in financial services has increased 10-fold in the last 2 years. Fighting cyber-attacks and financial crime is also a moving target with technology both facilitating crimes and its detection constantly evolving. New banking models are also creating the perfect cyber security storm with regulation like Open Banking encouraging data sharing and opening up new areas of risk.
  • Understanding the perpetrators and the link between cyber-crime and the laundering of the proceeds of crime: There are two different categories of risk: The vast majority of attacks come from phishing attacks where hackers are using malware to grab assets to sell on the dark web. This group can be addressed to a large extent with the right controls and training around avoiding phishing enquiries. Only a small minority of attacks are the result of sophisticated target crime including state sponsored actors. Increased data sharing is enabling much better intelligence on the link between cyber-attacks and the passage of the proceeds of crime through the financial system.
  • The risk is systemic: Banking is a top target for the sophisticated attacker because of the interconnected nature of the industry. Cyber is a top 5 systemic risk for the industry. Boards are being advised on the implications of “catastrophic loss” for individual banks and its impact on the overall industry. The systemic risk becomes more acute as the financial system become more interconnected – it is the digital equivalent to the Ebola virus.
How to manage the risk going forward
  • Understanding the threat and have appropriate controls in place: The digitalisation of banking has changed and made banks more vulnerable to cyber-attacks which means that new types of controls are required. The increase in mobile technology and social media usage presents more risk in terms of the interception of sensitive data, including by “data scraping”. Customers are however prioritising convenience over data security.
  • Collaboration is essential: Criminal adversaries are collaborating, sharing information and learning quickly. Financial institutions and cyber security organisations need to follow suit. Quickly learning about new threats and understanding how they might impact their organisation helps firms both mitigate those threats and combat incidents when they do occur. Existing groups which have evolved organically to meet specific needs cannot collaborate at the speed and scale required to combat the increasing threats in the form of cyber-crime, malicious attacks resulting in data loss/ and or destruction, and business disruption.
  • Addressing the systemic risk: UK Finance is working with 20 large banks, insurers and securities exchanges and supported by specialist agencies such as the National Crime Agency and the National Cyber Security Centre in setting up the new Financial Services Cyber Crime Collaboration Centre (FSCCC). The FSCCC’s mission will be to proactively identify, analyse, assess and coordinate activities to mitigate systemic risk and strengthen the resilience of the UK financial sector by creating an environment where financial services organisations are able to trust each other enough to share information on sensitive cyber-attacks and known vulnerabilities. The aim is to build a circle of trust based on meaningful information share by protecting parties from the risk associated with sharing sensitive data. This requires lots of thinking around language and protocols e.g. around redaction. They are following templates of sensitive data sharing from the intelligence services where it is all about exposing enough information without exposing too much.
  • Designing compliance for the future: Banks are taking more of a risk-based approach and moving away from focussing on fault to solutions. Developments in data analytics and AI provide more quality data and better understanding to track trends. Banks are hiring from the military and data scientists to skill up their teams.
  • The importance of wider Operational Resilience: Business disruption is more serious than data breach. UK regulators understand that you can't always simplify a system, but you can protect what matters and financial firms are therefore encouraged to focus on defending the most important operational risks. Supply chain procurement management posts a much bigger problem as need to understand risk factors and indicators from third parties and even forth and firth parties. All transformation and technology changes pose a specific risk which require focused third-party management at the point in time of change and require designed security at the outset.
  • How technology can facilitate data sharing whilst respecting privacy: Privacy enhancing technologies including secure multiparty computation and homomorphic encryption allows the encryption of data for analysis. These technologies are a vast improvement on the attempts to overcome legal barriers to data sharing from banking secrecy and data privacy law in the form of anonymisation. Major developments in this technology in the last 2 years mean that privacy enhancing tech is changing the game and privacy is no longer being pitted against data sharing.

More about AI in Financial Services

02:18

Jennifer Calver shares a summary of how Artificial Intelligence can deliver competitive advantage.

03:18

Ed Chan covers how regulators are responding to the use of Artificial Intelligence at a national, regional and global level.

02:03

Peter Church gives an overview of the challenges and ethics facing the deployment of Artificial Intelligence in Financial Services.