Blockchain technology for enhanced transparency

While there have been plenty of innovative developments in banking and finance, there are also challenges, from know-your-customer automation to cybersecurity. This section reflects on this rapid evolution, beginning with a discussion with HSBC’s Luxembourg country CISO, Krystina Gray.

Digitalisation of the economy and big data are constantly reshaping the organisational design of the financial sector. As 4.6bn people regularly interact via social media, businesses are now creating data via media services while digitalised government-to-citizen services multiply, and data is steadily growing.

Furthermore, the Internet of Things (IoT) regularly produces swathes of data which, if effectively harnessed, can allow businesses to provide added value, generate adaptive responses, give insights into finance trends and possibilities, deliver deep analytics and customise the user experience in real time.

Soon machine-­learning tools will interrogate big data platforms and assess patterns and trends, track developments, identify market opportunities or risks, or predict consumer preferences. In the financial sector, digitalisation uses advanced analytic systems, machine learning (ML), optimal character recognition, artificial intelligence (AI), robotic process automation and distributed ledger technology.

Blockchain technology

Blockchain technology (BT) is considered one of the pillars of industry 4.0, and one which allows for novel business models. In finance, BT is referred to as distributed ledger technology, allowing users to add to the ledger without liaising with a centralised authority. Blockchain can be applied to numerous recordkeeping tasks, and as more agents manage their documents via blockchain applications, it will provide for enhanced transparency, as select users can trace the information to the source, altogether reducing time and paper inefficiencies.

HSBC is one such company investing in and developing BT in a bid to improve efficiency, transparency and security across established networks. As its Luxembourg country chief information security officer (CISO) and head of resilience risk Krystina Gray explains, since May 2018, the bank “has completed trade transactions involving millions of dollars” through a platform of which it was a founder.

BT has also been the modus operandi for letters of credit, as this is a fast and secure alternative, “reduc[ing]… processing time from between five and 10 days to a matter of hours.” HSBC is also a part of eTradeConnect, the first blockchain trade finance platform in Hong Kong, and is one of the 12 banks participating in, a European-based joint venture providing a blockchain platform for open account trade transactions.

Automation and artificial intelligence

Robotic process automation (RPA) implies the use of software robots programmed to enter into applications, retrieve data, undertake calculations and instructions and, once the task is complete, they log out. RPA is intelligent automation, where machines perform tasks and make decisions on their own, can be coupled with ML software for client management.

Moreover, new generation RPA systems incorporate learning capabilities, entering the realm of AI. ML is operated by algorithms that increase organisational performance by processing structured data, recognising patterns and generating auto-corrective behaviour. Deep learning focuses on unstructured data and abstract data coming from exchanges between communications platforms and devices, such as the IoT. AI covers everything from business operations, customer service, marketing and risk management.

Gray stated that in Hong Kong, AI and ML technologies are used to ensure ATM replenishments, reducing the number of delivery journeys and CO2 emissions. 96.7% of payments made in the first six months of this year were processed without any manual intervention, allowing its personnel to focus on excellent customer service.

Big data analytics

AI systems can process big data in real time, and organisations engaged in big data can perceive huge benefits. Learning algorithms allow advanced analytics with mathematical models embedded in software and sensitised to data patterns to forecast future trends.

HSBC’s Luxembourg country CISO, Krystina Gray Photo: HSBC

HSBC’s Luxembourg country CISO, Krystina Gray Photo: HSBC

HSBC has a particular advantage, as it owns the information on its more than 40m customers worldwide. “Using tools such as artificial intelligence, we can analyse customers’ behaviour, compare it with that of similar customers and identify anomalies for review.” Gray argues that systemic biases in the data or any other concerns are dealt with immediately, as “HSBC reviews findings and passes on the right information to the right people in a timely way–both at the bank and in law enforcement agencies.”

Cybersecurity, essential at HSBC

Businesses are increasingly connected to the internet and digital systems, implying exposure to cyberattacks. Aimed at accessing, changing, or destroying sensitive information, extorting money from users, or interrupting the business processes, cyberattacks are the 5th top-rated risk and have become the new norm across public and private sectors. According to US-based insurance broker Embroker, by 2025, cybercrime will cost companies worldwide an estimated €9.04trn annually.

Cyberattacks’ consequences can impact business for weeks, months, and even years, leading to financial losses, loss of productivity, reputation damage, and legal liabilities. Banks and financial institutions are prone to cyberattacks, as they gather credit card information, bank account information and personal customer or client data.

Gray, whose role requires working closely with cyber and IT teams, admits that the financial services industry faces increasingly sophisticated cybersecurity threats. HSBC has a robust cybersecurity structure and resourcing models built around key cyber capabilities with clearly defined roles and responsibilities. Its security operations centre provides proactive 24/7 monitoring, technical analysis support and threat responses.

She explains that the bank strongly invests in technical controls designed to prevent, detect and respond to cybersecurity risks, including participating in working groups and industry bodies sharing information on new tactics and approaches.

Moreover, “we operate a regular internal threat-led testing, continuous vulnerability scanning and assurance regime to continuously test our cyber control environment in line with the latest threats. During 2019 and 2020, we completed several cyber-related simulation exercises… Additionally, our cyber control maturity is assessed annually by an appointed external auditing body.” HSBC periodically informs its customers, runs cyber awareness campaigns and even has a dedicated training programme.

“Over the span of my career, I have been involved in preventing unauthorised access, exercising the ‘need-to-know’ and ‘least privilege’ security principles, creating secure communication channels, encrypting data, preventing attackers from intercepting, through ‘man-in-the-middle’ attacks and making data inaccessible if obtained. Nowadays, I am responsible for ensuring risks identification and applying the proper controls, which in itself is an important solution to preventing potential cyber threats.”

A force for empowerment

Gray also serves as vice president of Women4Cyber, which promotes women professionals and facilitates their access to professions in the field, raises awareness on the subject through conferences and training, creates networking opportunities with domestic and foreign entities and supports the EU’s gender strategies.

In Luxembourg and across the EU, Gray constantly advocates for the cybersecurity profession, especially for women. “I strive to provide women and my children with examples of women in leadership roles and removing gender biases. I’m very fortunate that I can do this through Women Cyber Force and Women4Cyber Luxembourg,” Gray says. “We want to create long-lasting career choices for women, either via mentoring and empowering or via keeping a network for future work opportunities within the field and by helping each other.”