Absa in tech risk balancing act
Technology’s proverbial double-edged sword has hit big-four bank Absa, as it moves to leverage digital tech while trying to fend off the risks that come with it.
Absa has now elevated technology risk to a principal risk as the bank expands its digital offerings.
This emerged yesterday in the Absa Group’s interim financial results for the reporting period ended 30 June.
In its results, Absa reported a 5% rise in first-half profit, while its core retail business managed to grow despite a faltering domestic economy.
The bank attributes some of its successes to digital technologies as it tries to reinvent itself after separating from its parent Barclays in 2017.
In 2018, Barclays Africa Group was officially renamed Absa Group and started trading under its new name and new share code (ABG) on the Johannesburg Stock Exchange.
However, as the bank tries to harness the power of technology in a bid to win market share in SA’s tightly-contested banking sector, Absa is witnessing a number of risks that come with its new innovations.
This as the global financial services sector is increasingly using IT to make workflows more efficient.
However, according to the Cyber Security in Financial Services report published this month, in the race to embrace the latest digital technologies, financial services companies have not been paying enough attention to IT infrastructure security, including confidential customer data.
It adds that the increasing number of channels, as well as integration with third-parties, is also leading to an increase in the number of attack surfaces, as well as the complexity of attacks.
Cyber security solutions vendor Kaspersky Lab says the lure of actual money and ongoing transactions makes financial services a primary target for some of the most dangerous cyber criminals.
“It’s becoming clear that, with advances in fraud technologies, cyber criminals are switching their focus away from the ‘easy pickings’ of customers, to the more challenging but rewarding targets provided by financial services providers themselves,” the company says.
Among the key challenges Absa experienced in the year include an increase in fraud, particularly incidents related to social engineering (phishing and vishing) and card fraud.
Thus, it says: “Technology risk has been elevated to a principal risk under the enterprise risk management framework and includes the following risk types: technology, information security, cyber and change.”
The bank is prioritising to progress the remediation of the identified material control issues to improve technology system stability and cyber crime capabilities.
It will also roll out the information security and cyber prevention capabilities and embed operational processes, including access management, vulnerability management, monitoring and automated blocking of identified rogue devices.
According to Absa, the technology risk will be monitored as a material inherent risk in the organisation. It adds the group continued to develop new preventative technology tools aimed at better protecting customers to achieve its conduct outcomes.
It notes that focus during the year was on improving information security and cyber prevention capabilities to enable early identification and improve response time to information security threats.
According to the bank, data leakage prevention capabilities were implemented and are being embedded across the organisation.
It adds there has been a 21% reduction in the number of major incidents year-on-year and disaster recovery capability improved by 22% year-on-year.
Absa also established automated disaster recovery testing capabilities across the technology estate.
“The ever-increasing sophistication of cyber crime, fraud risk and financial crime requires continuous improvement of monitoring and prevention to protect customers and the group,” Absa says.
Absa will now prioritise threat detection and prevention of security breaches, disruptions and data mismanagement to protect customers.
The bank says it will continue investment in technology platforms, processes and controls, including monitoring, enhancements and prioritisation of key issues.
It will also develop artificial intelligence using global data to strengthen security measures and crime prevention, as well as educate employees and customers on the prevention of cyber-related risks.
On the digital front, Absa says the rate of adoption improved by 5% to 30.8%, with a 20% increase in the number of app users.
In its results, it points out operating expenses increased by 16% to R5 billion (30 June 2018: R4.3 billion), characterised by incremental run costs post the separation from Barclays, partly offset by continued transformation of the business through the optimisation of its branch network and investment in technology.
“As we continue our journey of separating from Barclays, we continue to drive process optimisation, automation and cost-efficiencies to make headroom for future investment growth initiatives,” the bank says.
Absa notes its asset production momentum continued into 2019, supported by improved acquisition strategies, internal processes and leveraging digital and voice channels, while risk appetite remained unchanged and translated into 7% growth in gross loans and advances to R514 billion (30 June 2018: R482 billion).
The business implemented a focused multiyear cost transformation plan which leverages digital capabilities to improve customer experience while driving operational efficiencies.
It says the focus on digitising the bank has already yielded an engaged and digitally active base, as seen in the app user base increasing 20% and the frequency of app use increasing from once every five days in 2016 to once every three days.
The number of app logins increased from 3.4 million to 14.8 million since 2016, and the average product holding of customers who use the app was 1.5 more than that of non-app users.