Asia’s Banks Must Say Yes to Third-Party Risk Monitoring
May 3, 2019 • Levi Gundert
With banks opening themselves up more to be digitally relevant, the stakes of third-party risk management are higher than before.
Open banking is catching on across Asia. Research from Accenture found that 80% of large banks in Asia Pacific have already invested in open-banking initiatives or plan to do so in the next 12 months. Among the leaders, a Finastra study identified Singapore banks as top in the region for open-banking readiness, scoring 8.1 out of 10, beating both Australia (7.1) and Hong Kong (6.6).
The uptake is notable, despite the lack of a legislative backing to give a platform to the change, unlike the PSD2 (Second Payment Services Directive) behind the European Union’s rollout.
Banks and financial institutions were not always this open. Not so long ago, they held the monopoly over what you could do with your account data. Any exchange of financial information involved just two parties — the client and the bank.
Open banking flips this around by allowing customers to share their own bank data with third parties, by way of open APIs (application programming interfaces) to enable the software from the bank and the third parties to communicate with each other. This is what makes it possible to do in-app payments on your smartphone to book private-hire car rides, for instance.
For banks, embracing open banking has substantial payoff — better customer experience, sustained loyalty, and new revenue from diversified streams. This collaboration with third-party industry players is the way to go in bringing creative offerings and new value from an entire ecosystem of new bank partners.
More Third-Party Risks, More Challenges
By now, data sharing is wired into the fabric of everyday life and business. As more data and processes get connected between multiple organizations, the massive interconnectedness means banks must know how to calibrate and balance the benefits with the risks.
A bank may hold the toughest cybersecurity defenses in its organization, but there is no absolute guarantee that the third parties their customers connect with will do the same.
While third-party risk management (TPRM) is nothing new to banks, the scope and stakes are much higher now with open APIs connecting the bank to more vendors, suppliers, and partners than ever. Operating in the kind of market ecosystem that is both immense and integrated renders traditional methods of doing TPRM far less effective. That’s why open banking essentially defines a brand-new security platform that’s centered on keeping open APIs secure at an unprecedented scale.
Threat Intelligence Is the Key
An efficient method for TPRM is to boost security with a multi-layered threat intelligence platform — and it must be capable of three things:
- Consider multiple sources of threats
- Programmatically gather and correlate data
- Provide context to illustrate the effects on risk
Managing third-party risk with threat intelligence from the Recorded Future® Platform helps to qualify the risk with greater transparency. Practically, this means that Recorded Future’s threat intelligence doesn’t just provide a wider pool of data, but it also tracks how third-party risks shift over time. Otherwise, cybersecurity teams will be inundated — or worse, distracted — by incremental security alert noise, when instead they could be focusing on only the most pressing risks affecting the bank.
Digital transformation in the banking and finance industry comes with rewards and risks. It is not plausible to eliminate risk completely, but it is possible to reduce risk to acceptable levels, without adopting a mentality of “the sky is falling.”
With threat intelligence comes more balance when walking the tightrope between openness and exposure. To learn more about why real-time threat intelligence like that offered by the Recorded Future platform is so critical for monitoring third-party risk, download this report from ESG.