Illegal data usage going undetected in financial services

Detecting illegal data usage is a serious concern for financial services, according to a panel of market participants at FinTech Connect in London.

“What terrifies me is we can’t really detect very easily the illegal use of data. That’s the one thing that’s definitely the problem,” said Marek Wawro, CTO of Future Finance, of the way data is dealt with in financial services.

“There’s nothing stopping me from setting up a server in some of the offshore companies outside of jurisdictions … That’s something we need to be aware of. I don’t think we can catch up with illegality of the data ever, it’s just that awareness helps.”

In Poland, hackers have been able to break into house registries then sell on the data, according to Wawro.

Chris James, general counsel and head of digital and innovation at HSBC, stressed the importance of robust data regulation.

“That’s why we have these laws. That’s why we need the regulatory regime, because it is a responsibility. Data is powerful. And if it is misused it does cause harm,” he said.

An Insights Cyber Intelligence report dated April 2019 revealed that more malware attacks targeted global banks and financial services than any other industry tracked in 2018. Credential leaks were among the top types of these attacks.

The role of data as a source of power was debated on the panel, with questions of tech monopolies of data at the forefront.

“What we should be thinking is ‘what can we do to stop the pan-handling [of data] and get to the industrialisation?’ We’ll deal with the competition and let the lawyers deal with the regulatory elements. We should be thinking about how we get to that mature position in our marketplaces,” said James.

Wawro argued that data provides a great source of power to those possess it, a view which was contested by BNY Mellon’s CFA and co-head of digital business development, Stephen Marshall.

“I think there are some firms that probably view data as some form of power – we don’t. I think of data as a responsibility first and foremost, and I think our clients expect that,” said Marshall.

“I can’t speak for Mark Zuckerberg … I suspect he’s closer to feeling like it’s power than I do. But I think the industry will get to where it needs to go better and faster if we all adopt much more of a sense of responsibility around the data, keeping in mind that there’s also opportunity in there and opportunity doesn’t fly in the face of responsibility.”

On the same panel, it was said that the EU’s general data protection regulation (GDPR) hit tech companies much harder than it did banks.

“It’s quite illuminating that GDPR didn’t have such a big impact on banking, but it does have a big impact on the large technology companies,” said Salla Franzén, group chief digital scientist at SEB.

“Because when they built their technology, they didn’t really consider bank secrecy or information privacy laws, and now they’re trying to revamp themselves so they don’t get hit by too many fines, whereas banks are already there; we’re used to being the trusted partner, so we’re used to handling that kind of issue much faster.”

Related reading