KUALA LUMPUR (April 7): As the race for digital banks in Malaysia heats up, among the concerns for industry observers are cyber threats and security risks.
In an email interview with theedgemarkets.com, McKinsey Malaysia associate partner Raj Binani said some threats include unencrypted data, malware, third-party services that aren’t secure (e.g. public cloud), and spoofing.
Citing McKinsey’s proprietary Personal Financial Services Survey, Binani said whether the goal is to launch a stand-alone digital bank or build a tech infrastructure with organisational capabilities required for end-to-end integration, the investment is significant, and an organisation must go beyond convenience, speed, ease of use, and security.
“For example, companies often find that when it comes to public cloud services, security is the most intractable part of the problem of standing applications.
“At one financial institution, development teams were frustrated with the long period needed by the security team to validate and approve incremental items in their cloud service provider’s catalogue for production usage (link),” he said.
Binani said building a cloud-native security model that ensures developers can access cloud services instantly and seamlessly within certain guardrails is essential in this instance.
“However, as companies digitise their businesses and automate operations, cyber risk proliferates and it is not a threat that is exclusive to digital banks," he noted.
In response to this, he said, some of the more sophisticated cybersecurity functions are starting to transform their capabilities along these three dimensions:
- Using quantitative risk analytics for decision-making
- Building cybersecurity into the business value chain
- Enabling new technology operating platforms that combine many innovations
Binani said digital banks would have to show that they are diligent risk managers and are as effective at managing risk as any conventional banks, and that they possess (or will develop) cutting-edge risk management capabilities (including cyber risk, which is considered the number one threat to the financial industry), for example, the ability to manage risk (an e-commerce platform or telco may have access to large volumes of data that can inform superior credit underwriting of “thin-file” customers) or a track record of scaling and operating tech-centric businesses while mitigating IT and cyber risk.
He said a consortium approach to form a digital bank would also enable new digital banks to more easily assemble the ingredients required for a successful proposition, including: customer loyalty and trust; data and touchpoints; advanced technology capabilities, which support rapid proposition development and evolution; and analytics to leverage the data.
“Core banking capabilities such as risk management (credit, financial risk and compliance), and a deep understanding of banking products and regulation are table stakes,” he said.
According to Binani, with digitisation, analytics and cloud, etc, every aspect of today's enterprise has important cybersecurity implications, and it is clear that enterprise IT is evolving rapidly and in exciting and value-creating ways.
He explained that organisations need to apply quantitative risk analytics for decision-making, create secure business value chains, and enable operating platforms that encompass the latest innovations.
He said these actions will require significant adaptation by cybersecurity organisations.
“Many of these organisations are still in the early stages of this journey.
“As they continue, they will become more and more capable of protecting the companies while supporting the innovative goals of the business and IT teams,” he said.