Technology & Finance
Monday, October 06, 2008
Charlie McCreevy Talks MiFID at London's Financial Services Club
Charlie McCreevy, European Commissioner for Internal Market and Services, met with the Financial Services Cluib last week with prepared remarks:
“We continue to closely monitor developments in securities markets post-MiFID and are in close contact with market participants and financial regulators to address any hiccoughs.
“A worry that is often heard, especially here in the UK, is that the transparency and quality of trading data has suffered as a result of MiFID. And, that because
“MiFID permits the reporting of trades from multiple venues, it may be harder to get an overall accurate picture of the market.
For the time being, we are still gathering data and evidence in order to assess the gravity of this issue. Arguably, these can also be seen as teething problems and the markets have appeared, to date, to be capable of correcting most of the gaps in the present situation.”
He then spoke off the record about the EU and financial services regulation.
The club meets at Lloyds at least once a month and attracts top quality speakers. Worth a look if you aren’t already a member.
Thursday, October 02, 2008
Verizon Security Update Breaks Out Financial Services Results
Verizon Business, which published its study in data breaches in June, has responded to popular demand by breaking out the numbers in four industries which had enough cases to be statistically meaningful – financial services, food and beverage, technology services and retail.
But who cares about the last three – this blog focuses on finance.
The full report, available on the Verizon Business web site, has a lot of details, but I want to break out a few of the surprises. 56 percent of breaches were by outsiders, 38 percent insiders and 41 percent partners. Hmm, must be some overlapping causation. Insiders had far greater impact with 175,000 records compared to only 4,000 breached by outsiders, but a substantial 151,250 by partners. In fact, concludes the study, the number of records breached by outsiders is so small that it suggests firms re-examine the focus of their security efforts.
Only in financial services are end users responsible for more breaches than IT administrators, probably because end users tend to have access to sensitive sources to do their work in finance.
With their strong protection against the outside world, the financial services industry is less prone to hacks, which rank lower than deceit and misuse to gain access. No breaches in finance involved wireless infrastructure.
They don’t mention it again in this addendum, but one issue I thought really important from the full study was that data breaches in finance often occurred in duplicate data stores that people had forgotten about and were not protected. It’s a good argument for cleaning up storage, de-duplicating databases and not so incidentally cutting out energy costs and software licensing. I have done one or two pieces about Tideway and how that company helps firms rationalize their server farms - most recently for Banking Technology.
Verizon Study on Security Breaches and their Causes
A new study that examines 500 cases of significant losses over four years from enterprise data breaches overturns some widely accepted assumptions about information security. Conducted by the Verizon Business Investigative Response Team, the forensic study examined 700 cases where the company was called in to investigate a data loss and fix the problem. Verizon narrowed the focus to the 500 cases where the lost data was actively abused, says Dr. Peter Tippet, vice president of research and intelligence for Verizon Business Security Solutions. This study is about real attacks that cost real money. About 100 of the cases were financial services firms, added Tippet who joined Verizon Business when it acquired Cybertrust, an 800-person privately held security firm where he was CTO, last May for an undisclosed sum. Financial services firms are popular targets, but they are also relatively well protected, concluded the Verizon Business study; still, they accounted for 14 percent of all breaches. Verizon says the report is unique because it is based entirely on firsthand information on actual security breaches rather than on network activity, attack signatures, vulnerabilities, public disclosures, or surveys. For example, InformationWeek published its annual Security Survey of 1,100 IT professionals on June 30, 2008. It doesn’t even mention two key issues uncovered by Verizon Business – duplicates of important data being stored on servers that aren’t protected because they have been forgotten, and inadequate monitoring of firewalls to detect intrusions. InformationWeek also stresses the importance of PCs, while Verizon Business says the big threat is attacks on servers. Some of the surprises in the Verizon study: No losses were through a USB stick. Almost all of the attacks took several steps and often took a day to complete. “Four or five years ago, the attack started and finished in the same minute or two,” says Tippet. Zero-day patching – installing a software patch the same day it is announced, made no difference. You can wait a month or two – none of the attacks was against software updates less than six months old.Monday, September 29, 2008
Regulation Redux?
One outcome of the financial bailout is going to be change in regulation. Not necessarily improvement, since the lobbying powers of the finance industry are not to be underestimated. Jeffrey Garten at Yale recently made the case in the FT for global monetary authority. The FSA and the SEC are already working together informally, but it looks as if the world could use a stronger approach, one that incorporates all of Europe, plus the Middle East and Asia.
At Swift’s recent banking conference in Vienna, a panel debating the need for an SEC in Europe concluded that the EU would have to settle for informal arrangements among member nations, for now at least.
Garten says that one role of a global authority would be to return the role of finance to capital formation and economic growth rather than trading for its own sake. He also notes that if America doesn’t make intelligent reforms to its systems, it could see voters moving their money to other countries.
Chris Skinner’s valuable compilation “The Future of Investing in Europe’s Markets after MiFID,” offers ample evidence of the difficulties of achieving harmonization across Europe. With contributions from many industry experts, it shows just how fragmented the market still is. It will take years of consolidation, and eventual elimination of some of the smaller national bourses, before consistent regulation comes to Europe.
Still, it’s good of Garten to advance the dialogue.
Risk and Wall Street – Is Tech Relevant?
I am beginning to ask around to learn whether major financial firms are implementing new risk management tools to avoid the mistakes of the last couple of years. But Aline van Duyn’s recent column in the FT suggests I may be wasting my time. She quotes James Grant, who operates The Business Rate Observer and knows finance: “The nation is running out of magazine covers on which to announce the coming collapse of house prices…the news has strangely failed to register in the mortgage-backed market.”
What good are systems if the decision makers ignore the warnings?