How GCC financial institutions can navigate complex global compliance, security

Published: Updated:

Imagine waking up tomorrow and all your savings have disappeared. Then you find out that commercial transactions have halted everywhere. You might think this is an impossible scenario, but no, it isn’t in today’s closely networked world.

Perhaps not with such extremity, the cyber disaster that engulfed the world on Friday, May 12, 2017, locked databases and prevented access to valuable data in 150 countries. Cyber criminals demanded ransoms in bitcoin to grant victims access to their data.

This viral tsunami compromised 60 health organizations in the UK; it stopped FedEX deliveries in the US, shut down banks and hijacked hundreds of thousands of computers worldwide.

Networks – Lifeblood of modern life

Networks are the lifeblood of modern life. Financial networks are interconnected, so the whole is always as strong as the weakest link.

“Financial institutions in the GCC and elsewhere must see this cyber attack as an ultimate wakeup call,” says Hazem Mulhim, CEO of EastNets. “The stakes are high and inaction could cost institutions their network connection credentials – and ultimately their reputation.”

EastNets, a leading global provider of payment, compliance and cloud solution services, is based in Brussels, Dubai and Amman.

Hazem Mulhim, CEO of EastNets. (Supplied)
Hazem Mulhim, CEO of EastNets. (Supplied)

“Our modern lives are encoded in data, which forms the bedrock of wealth in our nations. The institutions storing and managing the data are responsible for its protection and upkeep.

This requires systematic upgrading of systems and resilient data security solutions. These requirements are not only important, but they have become conventional business wisdom,” says Mulhim.

Attaining optimal states of financial data and network security also converges with the need to integrate financial compliance solutions. Institutions simply cannot acquire one and ignore the other. Both systems are codependent components in a financial institution’s digital strategy, one that ensures business continuity and regulatory compliance.

Well-organized cyber underworld

“The cyber underworld has become well organized and well funded, attracting talented and innovative hackers. The recent cyberattack might have exposed the vulnerabilities of a few global institutions, but cybercrime is increasing in sophistication, scope and magnitude,” says Mulhim.

Regulators see more danger lurking in the future, and the onus is on the financial industry. “Compliance requirements, including anti-money laundering (AML), counter-terrorist financing (CTF) and tax evasion detection are expected to increase in quantity and complexity”, he says.

ALSO READ: Cyber security attacks must be top priority for firms in Gulf

Unfortunately, in recent years, the GCC has suffered greater losses than others due to cyber crime. This has prompted SWIFT, the largest global financial messaging network, to mandate strict measures for security and compliance in the region and globally. Despite this, many institutions in the region are still at risk as awareness levels and response rates have remained low.
The financial institutions of the GCC face several issues in meeting global compliance requirements.

In Mulhim’s view, such issues include legacy enterprise and security systems, as well as a lack of in-house compliance and governance expertise. “We hear many say they find it hard to keep pace with a constantly evolving global regulatory environment”, he says.

Estimates put the amount of money laundered globally between $1 trillion to $2 trillion annually, or nearly 2 percent of global GDP. The fear cybercrime instills in financial institutions has driven the growth in the regulation technology vertical (RegTech).

Financial institutions are now dedicating on average 10 to 15 percent of their staff to compliance functions. Some global tier-1 banks, investments in compliance and security reached $1 billion annually.

The shift in the global regulatory environment has pushed innovation in RegTech companies. Artificial intelligence is replacing old static rule-based systems in compliance solutions, automating customer onboarding, filtering and fraud detection.

Mulhim says there are four steps that form the core of a great compliance strategy in the GCC:

1. Get expert help: Compliance complexity and financial risks are better mitigated through partnerships with industry experts, established in AML and CTF.

2. Train a compliance team: Compliance is about business intelligence, so keep your team abreast of developments in governance, risk management and compliance (GRC).

3. Elevate compliance to the boardroom: Implement a top-down ownership and accountability for compliance and security. Embrace the concept that compliance is more than a box-ticking exercise.

4. Turn it into a business opportunity: The data filtered, compiled and organized about your customer groups can be analyzed with an eye for profound business intelligence. It could identify business growth opportunities or suggest better operational efficiencies.

The global financial ecosystem will surely continue its shift, delivering new challenges and opportunities. Technology will continue to fuse with money, forcing financial institutions into closer partnership with RegTech companies.

“The GCC, with its ambition to establish itself as a financial hub, will have to continually work on advancing its financial compliance infrastructure,” opines Mulhim.