Neira Jones is a NED, independent advisor and international speaker with more than twenty years’ experience in financial services and technology. Amongst other places, you’ll find her in Thomson Reuters UK’s top 30 social influencers in risk, compliance and RegTech and Richtopia’s Top 100 Most Influential People in FinTech. She has worked extensively in global banking, from Banco Santander to Barclaycard, where she served as Director of Payments, Security and Fraud. She was a partner at the payment consulting service Accourt, FSTech/ Retail Systems “Payments Team of the Year,” and until recently was chairman of payments software developer Comcarde. Currently she is a partner at Global Cyber Alliance, Chairman for The Centre for Strategic Cyberspace + Security Science, as well as serving on the board for GiveADay, Emerging Payments Association, Ensygnia and Cognosec.
Many fantastic technologies will never be successful because there’s no practical need for them. The start-ups which have seen the most success are not necessarily those with cutting-edge technology. A brilliant example is Monzo, a personal banking app which makes your bank statement more aesthetically digestable by including the logo of the company where you spent your money. This is much more user-friendly then banking apps which replicate your paper statement. This is not rocket-science, but simply solves a real problem: Monzo’s tagline is ‘banking like you’ve never seen it before…actually easy to use.’
Traditionally Financial Services have been product-led rather than customer-led, but in a post-Fintech landscape, user experience is key. Those who have put the customer at the centre of their strategy will not only know how to offer better services but will also know how to protect their customers.
The first line of the GDPR is ‘the protection of natural persons with regard to the processing of personal data and on the free movement of such data.’ Businesses which are customer-centric are therefore well-placed to comply with GDPR.
Do they employ ‘data protection by design and by default’?
Traditionally, governance is part of M&A, but cyber-governance is becoming increasingly crucial for technology. Commentators have linked Uber’s security breach with Softbank’s subsequent purchase of their shares at a 30% less than valuation, as with the $350 million discount Verizon obtained in the purchase of Yahoo after the disclosure of their two massive data breaches earlier this year.
A company without a strong security posture should certainly be cause for reflection, and perhaps assurances. If the business is a start-up, look at whether they are integrating data-protection and cyber-security by design, or creating a minimum viable product which leaves security as an afterthought. Another of the key tenets of the GDPR is ‘data protection by design and by default’ – security will only become more crucial to company structure.
It’s also imperative that M&A due diligence involves analysis of supply-chain. The payments space relies on an extensive supply chain of cloud providers, SaaS models and other digital entities that provide an element of the stack necessary to provide a product or service.
Cyber-security capabilities can certainly be enhanced post-acquisition, but don’t leave it until then to be find out they’re non-existent. If you don’t have the expertise in-house, engage experts during the due-diligence phase to assess the company’s security posture: this will help you to make a value-judgement about whether the investment is too risky. Ideally, retain the expertise in-house so that cybersecurity can be a habitual value-add to your portfolio.
The answer is always yes. See our previous fintech forum to learn why.
Blockchain has specific applications in the trading and identity space – the UK government has recently been urged to put passports on the blockchainto create a single national identity, whilst companies such as R3 and Ripple demonstrate its efficacy in global financial networks, or Investpop for the creation of smart contracts. Last year we saw the explosion of the ICO, further garnering investment highs.
However, many people are getting swept up in the buzz without understanding what they’re investing in. Blockchain has its limitations: it is not at the stage where it can process low latency transactions such as retail payments. I would advise discernment: a UK company recently increased its shares by 394% just by adding the word ‘blockchain’ to its name. Talking to an advisor to make sure your money is being put in the right spot is never a bad idea, especially when the regulations for cryptocurrency haven’t caught up with the technology yet.
Furthermore, if you are looking at the payments space there are plenty of points of interest beyond blockchain, which have less of an expensive price-tag. Payments and identity go hand in hand, and regulatory pressure such as PDS2 are further driving these developments with demands for greater authentication through biometrics and behavioural analytics.
Technologies which enable you to examine and protect the consumer, such as AI and machine-learning, are also worth close attention, as is anything around cybersecurity – the emergent ecosystem of ‘Regtech’ is thriving, with some commentators calling it the ‘new fintech‘.