Viewing archives for Financial Services

Part I: Security and Compliance

This is the first instalment in our Financial Services content series. Have a look at the Introduction: Succeeding in 2021 (and beyond)

Let’s start on a positive note: when it comes to the UK mid-market financial services sector, we are bullish.

It is an indispensable industry, and Britain boasts institutional experience, high-quality companies offering innovative services, and a sophisticated, forward-thinking market. Whatever is in store for the UK economy as a whole, British financial services will remain a world player, and domestically it will remain critical to our institutions, businesses, and personal lives.

In our own recent experience, we are seeing real buzz in mid-market companies in a broad range of financial services areas, including:

Now for the difficult bit. We can’t have a clear-eyed discussion of financial services without acknowledging the twin upheavals of Brexit and COVID-19.

As for Brexit, we do feel confident that London will continue to be a global financial centre. But we may see an impact on financial services centres within Britain, such as Manchester, Leeds, and Edinburgh. Also, it is an absolute certainty that compliance and regulatory obligations will be more complicated.

As for COVID-19, whilst Britain is thankfully opening up again, the lockdown exposed the security weaknesses and process issues of so many companies. We weren’t surprised when Deloitte reported a spike in ‘phishing attacks, Malspams and ransomware attacks’ by criminals looking to take advantage of the confusion.

Another difficult bit: security and compliance issues are especially difficult in the mid-market space. It is subject to many of the same complicated regulations and cyberthreats as the giant multinationals, and yet mid-market firms don’t have the same resources to deal with these problems.

What follows is an overview on how mid-market financial services firms can handle security and compliance issues without punishing expense and at the same time increase efficiency, improve customer satisfaction, and fatten margins.

Data security is the cost of doing business

Data security is a growing problem, and it’s only going to get worse.

Verizon, the American telecom, analysed more than 150,000 incidents worldwide and confirmed nearly 4,000 data breaches in 2020. This is only what one company analysed, and the year isn’t over yet! To make matters worse, around twenty-five percent of these attacks were in the financial services sector.

Why the explosion of cyberattacks in financial services? As the famous American criminal Willie Sutton said when asked why he robbed banks, ‘because that’s where the money is’.

More specifically, the rush to homeworking has exposed the security weaknesses of many companies. Ten years of behavioural change were compressed into ten weeks; staff and IT teams weren’t prepared for it.

When we speak of security, however, we are not only speaking about what happens online. In our digital age, too many businesses aren’t careful enough about the connections between data security and what happens offline. Thieves no longer pilfer the post for the cheques, but to aid in identity theft. They steal mobiles not to sell the device for quick cash, but to use as source of inside data to help them find the soft way in for ransomware.

Remember: All the firewalls in the world won’t help if a thief gets access to the CFO’s email account! A lot of stolen cash is transferred willingly by authorized finance staff who cheerfully think they are following instructions from the real CFO—but in reality, it’s a clever scam.

Another frequent lapse is how often businesses remain unprepared for disruptions, whether due to natural disasters or human error. Due to the 2014 floods, the average small business lost £82,000 and fifty working days. And then it happened again in 2019.

It isn’t just flooding. Experts predict that extreme weather events will become almost commonplace in Britain. Thus it is in your best interest to prepare your business for them. Just as you should prepare for other mishaps. A few examples of what we’ve seen with our clients:

In each instance, we helped our clients keep their doors open and recover. But it would have been easier—and less expensive!—had they brought us in earlier. Because we already knew that disaster preparedness is just part of running the IT function.

In the meantime, see our Technology Roadmap for Growth Knowledge Centre

Find the risks before they find you

The first step for a CEO looking to mitigate security concerns is to create a risk-and-issue log. This is simply a list of the risks and issues your company faces so that you can have a plan for when something happens.

For the log to be effective, it needs to:

Nothing should be off the table, even scenarios that seem extremely unlikely. In 2019, most Western businesses thought a global pandemic was completely ridiculous! But companies with experience of SARS knew it was very possible.

Once you’ve created the log, it needs to be maintained and managed. (There are few things more useless than an out-of-date risk-and-issue log.) Thus you absolutely must appoint a high-level executive as responsible for (a) maintaining the log and (b) mitigating the risks it has revealed. Without clear ownership and responsibility, the log will fade into the background. And then during the next emergency – because there will be one – the recovery will be longer and harder. That is, if your company survives.

Are we being too dramatic? Perhaps. The good news is that, as Freeman Clarke Principal Bruce Pomerantz points out, ‘It shouldn’t be burdensome to produce this.’ It will of course take time and attention. But producing and maintaining the log is not an especially complicated process, and your business will be stronger for it.

Even the process of bringing the senior team together to identify and discuss the risks creates a common understanding, flushes out issues, and builds preparedness.

Compliance comes with the territory

Compliance, as you already know, means following the regulations of external authorities. An equally important part of compliance is proving compliance.

Before we get into more detail, let us remember that in financial services, legal requirements are nothing new or surprising. Just like data security, it is part of doing business in this sector. And when considered as part of a larger effort to streamline your systems and processes, it needn’t be prohibitively expensive or oppressive.

Compliance can even be part of your business strategy: for mid-market businesses looking for points of difference, there are opportunities for companies who can demonstrate their commitment to compliance, as well as for companies offering compliance consulting and services.

Regardless, also like data security issues, compliance is not going away, and it won’t get any easier. Whatever your thoughts on Brexit, there is slim chance it will make compliance less complicated. Meanwhile, British companies in the financial services space are already dealing with multiple regulatory authorities ranging from GDPR, to PCI DSS and FCA regulations. The ICO are becoming less forgiving, and the FCA levied fines of almost £400M in 2019!

Beginning questions

A mid-market financial services business looking to shore up compliance needs to first consider its weaknesses. Given the wide range of services that fall under the umbrella of financial services, the particulars will be individual to your own company. That said, here are areas in which we see and help mid-market companies streamline compliance:

Document management. Are you aware of the requirements for document management particular to the services you provide? For example, do you know how long you need to keep emails or any kind of correspondence? Do you have an automated system for backing up correspondence? Do your processes and systems automate retention and deletion compliance? How are you documenting employee participation in training programs?

Centralized vs separate teams. Is your data siloed or is it easily accessible between departments? Manual sharing can be labour-intensive, expensive and error-prone; clumsily managed data creates compliance problems and opens the door for fraud and malware attacks. And it is likely you will miss opportunities for cross-selling and upselling!

Overcompliance. Are you following rules that have been rendered moot by more recent regulation? Have you been sold overly complicated software tech that is too difficult to use and doesn’t deliver value?

We don’t provide these questions to add to your general stress level. We do suggest you ask yourself if you may be lax or behind in these areas, so that you have a place to focus your efforts. Compliance has to be done with an eye towards both appropriateness and the bottom line. The above questions may provide a good place to start.

Three steps to better compliance

Of course, compliance is more than simply complying; you’ve got to produce regular, repeatable evidence of compliance, or face even more scrutiny and potentially huge fines. Here is how to get started:

  1. Appoint someone at the executive level responsible for compliance. Mid-market businesses may not have the resources to appoint one person as a compliance officer. Nor does a CEO have time to take complete ownership of compliance. But someone at the very top level has to have the authority to get it done.
  2. Create a simple view of how the regulations apply to your business. Clear and streamlined businesses do compliance easily. And they provide better service and fatter margins. Keep simplicity and efficiency at the forefront of your approach to compliance.
  3. Take a sensible and commercial approach to compliance. The overall goal is evidencing that is efficient, repeatable, and automated. Compliance experts tend to create very, very long lists of actions; so whoever you appoint internally to oversee the project must have a balanced, sensible, and commercial viewpoint.

At the end of the day…

So much of financial services is about personal relationships. In the end, security and compliance lapses put your reputation on the line.

The vast majority of cybercrime can be thwarted with basic security techniques and training. It is extremely unlikely that the authorities will come knocking if your evidencing is on point. And most physical disasters can be overcome with the right planning.

But something will go wrong. And when a crisis hits, would you rather be known as a company prepared for troubled waters, or a company that foundered?

One final note: It may seem overwhelming to have to consider compliance at the same time as data security! However, when you consider both as part of a larger effort toward streamlining your systems—resulting in increased efficiency, improved customer satisfaction, and fatter margins—it may seem less daunting.

Either way, if you have any questions about security and compliance, or how IT can drive growth for your financial services company, feel free to get in touch.

Previous publication: Introduction: Succeeding in 2021 (and beyond)
Coming next: Back Office Streamlining

To find out more about how we could add value to your business, Contact Us and we’ll be in touch for an informal conversation.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition.

Financial Services: Succeeding in 2021 (and beyond)

The financial services sector is a core element of every modern economy. Every institution you can think of is dependent on financial services, from corporations to governments. It’s at the heart of how we plan our own futures, from the growth of our businesses to how we best enjoy the rewards of our hard work, right now and in retirement.

The crucial nature of financial services is one reason we are optimistic about growth in 2021 and beyond. The second reason is technology. While many CEOs see tech as a complicating factor, or perhaps a necessary evil, the wisest leaders are using it to drive growth and simplify their customers’ lives.

Of course we can’t downplay the enormity of the current challenges. In a few short weeks, the pandemic changed nearly everything about doing business, from where and how we work to supply chains and global markets. As individuals, we’ve gone from office-bound to home-bound quite literally overnight, with all the joys and stresses that implies. Globally, of course, markets are volatile, supply chains have been interrupted, and the very order is realigning.

These challenges are shared by mid-market firms and the biggest international banks. But in the mid-market, obviously, resources are scarcer. They don’t enjoy the same deep pockets or economies of scale. Nor can they afford to invest the same in expertise. Fidelity Investments reportedly spends $2.5B per year on technology and employs some 12,000 ‘technologists’.

Such numbers may seem daunting to mid-market CEOs. And while we understand their apprehension, we see a way forward. The fact is that many longstanding challenges in the financial services sector have an upside—and they are often easier to address in mid-market companies.

Integration. Financial service businesses are often hampered by unnecessary complexity, such as multiple systems that can’t talk to each other, requiring tedious and demoralizing labour from staff. The mid-market companies that streamline their systems and processes—improve integration with outsourcers, increase the accuracy and availability of information, and automate decisioning—will gain a clear advantage over competitors.

Compliance. There is nothing new about legal requirements. Although they have become more complicated, that just means even more opportunities for companies who do compliance well, and for companies offering compliance consulting and services.

Digital channels. COVID has only accelerated what was already happening, from contactless payments to securing a business loan online. Some used to scoff at the idea of selling pension plans or insurance policies via Zoom; now it seems perfectly sensible to vendors and clients. Ten years of behavioural change have been compressed into ten weeks.

Disruption. In this maelstrom, retail banks with long and proud histories may be swept aside by new entrants like Atom Bank or Monzo. If and when Amazon, Google and Apple get into financial services, the old corporate giants may topple. However, we still see room for nimbler mid-market companies that can compete on price or combine a range of services with a personal touch.

In the meantime, see our Cyber Security and Compliance Knowledge Centre

The ultimate question for mid-market financial services businesses is quite simple: Given all the uncertainty, how do we maximise the opportunities?


In the coming weeks, we’ll be addressing this question with a series especially written for the CEOs of mid-market financial services companies. The topics include:

The series will help you identify the threats and opportunities in the coming year, and how to get started on minimising the former and maximising the latter. Above all, we aim to demonstrate that while there are serious challenges in the mid-market space, with the right technological strategies, they are more than manageable, and that there is room for mid-market players to grow in 2021 and beyond.

Coming next: Security and compliance.


To find out more about how we could add value to your business, Contact Us and we’ll be in touch for an informal conversation.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition.

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.

Graeme Freeman
Co-Founder and Director

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.