Are financial institutions evolving into IT companies that manage money?
The finance industry has been going through radical changes for decades, the latest of which is embodied in the disruption caused by cryptocurrencies, such as BitCoin and RScoin, and the technologies that enable them, such as blockchains. These technologies are being heralded as the solution to a wide range of challenges facing the financial sector.
Cryptocurrencies control the generation and transfer of funds without the need for a central authority, such as a bank. Blockchain technology underpins these digital currencies by acting as a decentralised distributed database, able to record a list of transactions which reportedly protects against tampering and revision.
Smart Contracts are computer programmes, powered by blockchain technology, that automatically enforce and execute the terms of a contract. These contracts could revolutionise many types of financial transactions, specifically those around illiquid assets, such as property and antiques.
A digital finance sector
Looking beyond these recently disruptive technologies, it is often surprising to some that the finance sector has been digital for at least the last 40 years, if not longer. Banks are comfortable using information to represent currency to transfer funds, and with the advent of online banking now so is the end consumer.
What is interesting is that information is such an essential part of the modern finance sector; not only digital representations of currency, but information about how those funds flow. Significant effort is spent in the modern financial enterprise analysing trading patterns, customer behaviour and sentiment, broader economic and governmental trends.
This analysis of data, currently referred to as data science or Big Data, provides a competitive market advantage for companies; both in customer protection to identify fraudulent transactions, and in money making activities such as trading. This reliance on information informs a position that the finance sector uses information as a raw material which it processes in order to make money. In fact, it has been observed that some large financial institutions are really IT companies that manage money.
This idea that a financial company’s business is the processing of raw information opens a wider view of the security of that company, specifically in terms of cyber security. Much of the cyber security discussion regarding the finance sector has been about protecting businesses’ systems and processes from malicious attack which would disrupt their operation or leak sensitive information.
However, this assumes that the business is a closed bubble, it does not take in any external information. It would be possible, for example, to establish a significant set of online accounts in social media platforms, operate those for a period of 24 months or more to establish credibility, and then use those to taint sentiment regarding a specific company in order to increase the profit from stock market trades. Examples of this can be seen from 2012 with the fake bomb blast in the White House announcement, or the accidental resurgence of an old news story on Google regarding an incident with an American Airlines plane. Both had significant impacts on the stock market. Fortunately, the UK is a leader in understanding the complexities of cyber security and the development in new countermeasures and a key part of that is the academic community in the UK providing cutting edge research. The Government Communication HQ (GCHQ) has adopted an approach of recognising this capability with 13 Academic Centres of Excellence in Cyber Security Research (ACE-CSR) Programme, and the three Cyber security research institutes.
These provide a wealth of ideas and technologies that can assist in protecting the raw information the financial sector relies on to operate.
Research at Lancaster University
Lancaster University’s research approach uses natural language processing to identify anomalous group and individual behaviour online, and indications of online precursor activity which indicates an offline action is about to take place. We have technologies based on psychological models that can identify likely insider threat. Our work in understanding resilience, fragility and mapping interconnections in cyberphysical critical national infrastructure can be used to map the complex interconnections between systemic financial institutions to understand where there may be weakness that could be exploited.
The research conducted at Lancaster and the other ACEs and RIs is directly applicable to help the sector to navigate the increasing complex world of legislation and regulation and to support the sector in understanding disruptive technologies such as blockchain and crypto currencies.
Ultimately, the financial sector is interconnected to form a complex industry processing, exchanging, storing and understanding information, acting as a powerhouse for the UK economy. Its novel and extensive use of information exposes new risks to the sector and in partnership and collaboration with universities we can minimise those risks to take full advantage of the opportunities of an increasingly information aware society.
Dr. Daniel Prince
Associate Director for Business Partnership and Enterprise Security, Lancaster University