FinTechs discuss security, regulation and innovation at New York City roundtable
Sarah Dickinson
on 24 October 2019
Earlier this month, Canonical, IBM and FinTech specialists Medici held a joint roundtable in New York for executives within the financial services sector to hear and discuss their pain points, the most prominent emerging technologies and what the future holds. Entitled ‘Graduating from FinTech to FinServ’, the roundtable was hosted by Ross Mauri, GM of the IBM Z and LinuxONE business, Canonical’s CEO, Mark Shuttleworth, and Aditya Khurjekar, Founder and CEO of Medici, to discuss the implications and considerations of moving new technologies into products consumed by millions of users. The event followed a week after the launch of IBM’s newest LinuxONE server including support for Ubuntu. Together, IBM and Canonical’s solutions are already jointly used by several companies in the financial services sector.
Ross and Mark opened the roundtable with their perspectives on the industry which kicked off an engaging discussion among the attendees from established financial institutions and banks to disruptors and start ups. Mark discussed how developers are innovating faster on open source. This pace opens the door for new entrants to enter and gain an advantage, challenging more established banks and institutions. Ross emphasised the importance of advanced security and building infrastructure accordingly.
As the world increasingly adopts digital assets, secure application environments are essential to safeguard data and encryption keys. Equally with banking systems needing to be ‘always on’, deploying a centralised system is much simpler in the event of a failure. Guest speaker Neil Fillary from Shuttle Holdings spoke about digital asset custody solutions and the need for the underlying infrastructure to be as secure as possible, and Ricardo Correia from R3 discussed his experiences of blockchain deployments in the financial sector and the importance of security.
Much of the conversation centred around regulation in the financial services industry – particularly surrounding the blurred lines of when regulators step in and who they regulate. An increasing number of technology companies are entering the financial services space able to sidestep regulation – partly because regulators don’t understand technology well enough. As one attendee highlighted, does it make sense to impose regulation on these companies proactively or wait until an issue occurs for which they can be fined? A data privacy expert explained how regulators will always focus on the risk profile rather than how cool a new technology is, which becomes important as such services move into the mainstream. Using the analogy of regulation acting as a moat, Mark Shuttleworth described how this can reduce the amount of disruptors entering a new industry. However, he added, are those disruptors finding a way to improve the customer experience without being subject to regulation?
With emerging technologies including AI, blockchain and crypto-currency increasingly being investigated and adopted by banks, there is a mindset and cultural change which needs to be considered. Many of those solutions are being introduced by start ups – but are large institutions happy to place risk on these start ups? As many attendees agreed, organisations are ultimately people and 95% of decisions are based on emotion. One example highlighted a company who decided to invest $1bn a year for 3 years in maintaining legacy systems rather than invest $3bn to update that core with newer technologies. For a CEO or CTO with the responsibility of making that decision, 3 years is a long time to wait for an ROI and so the risk is lower to keep with the status quo.
However, if established players aren’t willing to take the risk on start ups, then how do they innovate? An attendee from a large bank highlighted that acquiring start ups may be an easier route but summed up the dilemma that banks can remain undecided longer than start-ups can remain solvent. Some of the start ups in the room, speaking from experience, advised not to work with large banks in the first instance unless they have a partner to do so with. Equally, one attendee who used to work for a large bank and has since started his own company, learnt that a lot of conversations with large banks ultimately led nowhere for the cultural and risk reasons already mentioned.
The introduction of GDPR in Europe in 2018 and more recently, the CCPA in California has added further considerations for anyone within the financial services sector on data management and privacy. Social media and cloud companies have been scrutinised extensively on their handling of customer data but recent breaches show many more companies are victims of the same in the last year. Associating accountability is the challenge when many vendors may be involved in managing an institution’s customer data. The definitions are not as clear cut as in the physical world given software is so malleable and never final.
After four hours of lively discussion, the roundtable endorsed how both start ups and the established banks face both challenges and opportunities as technology becomes increasingly more fundamental to the development of services in the financial services market.
Learn how Canonical and IBM serve fintech needs for cloud workloads
or get in touch.
Ubuntu cloud
Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.
Newsletter signup
Related posts
Why is Ubuntu Linux the leading choice to replace CentOS for financial services?
Financial services are powered by technology. The customer experience is increasingly driven by data, with tailoring of products and services to reflect...
Canonical announces Ubuntu Security Research Alliance Program
Today, Canonical, the publisher of Ubuntu, announced its new Ubuntu Security Research Alliance Program, a free partnership between Canonical and open source...
Needrestart local privilege escalation vulnerability fixes available
Qualys discovered vulnerabilities which allow a local attacker to gain root privileges in the needrestart package (CVE-2024-48990, CVE-2024-48991,...