Posts Tagged :

Risk Management

Moody’s study highlights Entity Verification as critical for risk management

Organisations face greater challenges to understand who they do business with amid rising risks and evolving regulations, according to a new Moody’s survey and interviews with senior risk and compliance professionals.

Moody’s study found that Entity Verification – a data-driven process that helps verify and authenticate the credentials of each entity a firm onboards or already conducts business with – is deemed essential to avoid regulatory fines and reputational damage. 

Businesses are exposed to an increasingly complex risk landscape, as underscored by new insights from Moody’s Grid risk database: 

·         Nearly 14% growth in the number of organisations and people added to sanctions watchlists in the last 14 months to June 2024 

·         Cyber-attacks are more prevalent: cyber-related risk events nearly doubled from 2022 to 2023 

·         Human trafficking is on the rise: Moody’s registered a 22% increase in human trafficking events from 2022 to 2023 

Firms are typically required by regulations across multiple jurisdictions to screen and report on such risks. Those that fail to comply can be liable to financial penalties and risk harming their reputation, which is why 64% of risk and compliance professionals cited regulatory compliance complexity as a key challenge. 

The German Supply Chain Due Diligence Act, for example, holds enterprises across the globe accountable for human rights in their supply chains, while the UK’s Economic Crime and Corporate Transparency Act makes organizations liable for failing to prevent fraud. From 2025, the scope of entities who are required to comply with the European Union’s anti-money laundering regulations will expand to include professional football clubs, crypto asset service providers, crowd funding platforms, as well as buyers and sellers of luxury goods like jewellery, jets and yachts. 

Against this backdrop, Moody’s global study found that 9 in 10 respondents rate Entity Verification as ‘essential’ or ‘important’. The value of Entity Verification is also on an upward trajectory, with 73% of businesses anticipating its importance to increase over the next two years. 

Entity Verification is predominantly used today for customer onboarding (78%), ongoing customer risk monitoring (73%) and investigations & enhanced due diligence (71%). Sales & marketing, supply chain management, crypto-currencies and gambling represent less common use cases that are quickly increasing in importance. 

However, the focus on Entity Verification is not uniform across financial and non-financial services sectors: 

Financial services:  

·         As banks seek to introduce more automation, there is a recognition of the criticality of Entity Verification as a precondition for other risk screening activities 

·         Banks cite a desire to improve customer experience and streamline onboarding 

·         The pressure to meet ever-more stringent regulations 

Non-financial services: 

·         Corporates are quick to flag supply chain complexity, and the risks from bad actors who are ever more sophisticated 

·         A heightened awareness of Entity Verification as part of a wider risk framework among unregulated, non-financial sector companies 

·         Professional Services cite the additional factor of wanting to demonstrate their Entity Verification robustness as part of their appeal to customers  

While the importance of Entity Verification is apparent to those surveyed, firms cite a myriad of data challenges, including data siloes (51%), high costs (46%), updating data in a timely manner (44%) and data inaccuracy (43%). Fewer than 1 in 10 firms described the maturity of their data governance strategy as ‘advanced’, with most (49%) at the ‘developing’ phase. Leaders in data governance are more likely to be larger firms, with a Chief Data Officer in place and priority given to this topic at board level. Of those surveyed who had a data governance strategy in place, 82% cited improved data quality and accuracy, 72% cited strengthened risk management and 70% had enhanced operational efficiency and reduced costs. 

The study also probed on the extent to which companies had achieved a ‘golden record’ – a single, accurate, and complete version of data for a specific entity – that helps decision-making and operational efficiency. However, only 1 in 10 firms claimed to have a golden record and only a small minority of respondents (14%) have fully achieved a ‘single customer view’ – a comprehensive aggregation of all the data relating to a specific customer. Firms who have fully or mostly achieved a single customer view are overwhelmingly closer to having a golden record (22%) compared to those who have partially or not achieved a golden record (1%). 

Keith Berry, General Manager, Compliance and Third-party Risk Management Solutions, at Moody’s, said: “‘Who are you doing business with?’ is a deceptively simple question that can be very complicated to answer. In today’s ever-evolving business landscape, economic and geopolitical uncertainties, stringent compliance rules, and the challenges of data management have heightened the need for robust Entity Verification practices. Our study demonstrates the growing significance of Entity Verification not only to manage financial crime and prevent fraud, but also to drive operational efficiencies and improve customer experiences.” 

Data and app security to drive risk management spending growth

Global end-user spending on security and risk management is projected to total $215 billion in 2024, an increase of 14.3% from 2023 when spending will reach $188.1 billion – with application security, data security and identity access management among the key drivers.

That’s according to Gartner, which says the continuous adoption of cloud, continuous hybrid workforce, rapid emergence and use of generative AI (GenAI), and the evolving regulatory environment are forcing security and risk management (SRM) leaders to enhance their security and risk management spending.

Shailendra Upadhyay, Senior Research Principal at Gartner, said: “At the same time, they are focusing their efforts by adopting technical security capabilities that provide far greater visibility and responsiveness across the organisation’s entire digital ecosystem and restructuring the way the security function operates to enable agility without compromising security.”

Spending on data privacy and cloud security are projected to record the highest growth rates in 2024, with each segment increasing more than 24% year-over-year (see Table 1). Privacy remains a top organizational priority as regulations that impact the processing of personal data continue to emerge, including those related to the use of AI. Gartner predicts that by 2025, 75% of the world’s population will have its personal data covered by modern privacy regulations.

Table 1. Security and Risk Management End-User Spending for All Segments, Worldwide, 2022-2024 (Millions of U.S. Dollars)

Segment2022 Spending2022Growth (%)2023 Spending2023Growth (%)2024 Spending2024 Growth (%)
Application Security5,047.610.95,765.214.26,670.315.7
Cloud Security4,487.424.05,616.725.27,002.624.7
Data Privacy1,129.29.91,338.718.51,667.324.6
Data Security3,072.921.43,692.120.14,333.317.4
Identity Access Management13,944.113.616,169.116.018,556.514.8
Infrastructure Protection24,089.019.928,359.617.733,319.617.5
Integrated Risk Management5,157.39.65,687.110.36,277.710.4
Network Security Equipment18,932.511.921,383.612.924,360.113.9
Security Services73,394.73.980,835.710.189,996.711.3
Consumer Security Software7,443.42.97,901.76.28,406.76.4
Others8,029.850.111,365.441.514,362.826.4
Total 164,728.010.6188,114.814.2214,953.714.3

Source: Gartner (September 2023)

The continued growth in public cloud services will bolster spending on cloud security tools. In the cloud security segment, the combined spending on cloud access security brokers software (CASB) and cloud workload protection platforms (CWPP) is projected to total $7 billion in 2024, up 24.7% from 2023. Demand for cloud-based detection and response solutions — such as endpoint detection and response (EDR) and managed detection and response (MDR) — is also expected to increase in 2024.

Spending on security services – consulting, IT outsourcing, implementation and hardware support –is forecast to total $90 billion in 2024, an increase of 11% from 2023. Security services is expected to represent 42% of total security and risk management end-user spending in 2024, and to remain the largest area of security and risk management spending in 2024.

“In light of cyber risks increasing, cyberthreats proliferating and a changing operating environment, it is more critical than ever for organizations to build and optimize a cybersecurity program,” said Upadhyay. “It is the cornerstone of cybersecurity initiatives which help SRM leaders secure new environments, protect against the expanded attack surface, consume security capabilities in new ways and create better efficiencies through automation.”

Image by Emilian Robert Vicol from Pixabay