Coming just one week after Sibos’ conclusion in Beijing, The Network Forum (TNF) made its way to Doha for its annual Middle East Meeting, before ending 2024 in Singapore for the Asia gathering.
Fraser Wikner, CEO at MYRIAD Group Technologies (MGTL), looks at some of the main talking points to emerge from the two TNF conferences.
Beware of AI-washing
During TNF in Doha, Helen Johnson, Head of Business Development, told the audience about a recent experience she had attending a game of Test Cricket.
During the match, she said predictions for the final result were splashed on the big screen, alongside a bold statement underneath highlighting that the forecasts had been generated entirely by using Artificial Intelligence (AI).
As Helen pointed out during her Panel, leveraging technology to make match-day predictions is not a revolutionary concept by any stretch, and has been happening at sporting fixtures for years now. In fact, in my opinion, this is a classic example of rebranding existing software algorithms as AI, purely for presentational and marketing purposes.
While the authorities at the ground or the software sponsors can probably get away with making outlandish claims about AI, the same cannot be said for our Industry.
Just as a number of Banks and Asset Managers found themselves under scrutiny from Regulators and Clients alike for greenwashing, i.e. mis-representing their ESG credentials, I believe Firms also run the risk of getting into trouble if they are found to be AI-washing, whereby they make exaggerated or misleading claims about the AI capabilities of products purporting to be AI.
Overselling AI
As was the case at Sibos, once you get past the hype, digital transformation was an important and recurring theme during both TNFs.
At Conferences throughout the year, we have repeatedly emphasised the point that existing technology can do a lot of what AI promises, and much more cost-effectively.
At TNF Americas, one or two people were talking up the possibility of Network Managers using AI to review or benchmark Due Diligence Questionnaires (DDQs), but Simon Shepherd, our Managing Director, made a strong counterargument, highlighting that a lot of this work can be done already using off-the-shelf delta management solutions.
In a recent straw poll we conducted, 90% of Network Managers told us they would not trust Generative AI to risk-assess a Provider.
One of the practical reasons for this caution is because Network Managers are concerned about the integrity of source data, the validity of assumptions period-on-period and the constant re-training required, as well as the accuracy and consistency of conclusions. In addition, the extent to which Regulators will allow the use of AI means that, for now, the regulatory implications weigh against the use of AI.
Although I believe people are overplaying AI’s benefits in certain areas, the technology does have some useful applications, e.g. summarising documents or refining client reporting.
Helen noted that as a business, we too are cautious but ready to embrace and we are looking to use Generative AI tools to create RFP responses using content from our data library, but she added we will not release anything to the wider Market until it has been thoroughly tested internally and meets our own high security standards.
We believe our ISO27001-2022 certification could be compromised by a headlong rush into AI, which would be ill-advised. Generative AI is still a new technology and the risks are unknown, so the Industry needs to be cautious about how it goes about using it.
A new Operational Resilience Questionnaire takes centre stage – ISSA ORQ
The importance of Operational Resilience is nothing new.
What is new, however, is that the International Securities Services Association (ISSA) has developed an industry questionnaire – ISSA ORQ – to help firms assess their own Operational Resilience, along with that of their counterparties and suppliers.
Simon was co-Chair of the Working Group and together with other members of our Team, provided significant input to the drafting and finalisation of the ISSA ORQ.
ISSA ORQ, which is based on the Basel Committee on Banking Supervision’s (BCBS) Operational Resilience principles, will help bring about a degree of standardisation for Securities Services firms when assessing Operational Resiliency.
During the TNF’s, a number of the people we spoke to were broadly supportive of the ISSA ORQ, noting it would create a more consistent framework for measuring Operational Resilience and preparedness, both internally and externally.
Taken together with the EU’s Digital Operational Resilience Act (DORA), due to take effect from January, resources such as the ISSA ORQ will prove invaluable in the coming years.
Cross border data sharing and fragmentation
At TNF in Singapore, Adam Vine, our Head of Operations, sat down with a senior representative from the Asian Securities Industry & Financial Markets Association (ASIFMA) for a lively fireside chat about data management, tackling data security and regulation.
During the conversation, Adam stressed that data security is guaranteed not by where data is stored and processed, but by how it is stored and processed. In other words, if data is not managed securely, then it risks being compromised, irrespective of where it is held.
On managing data security on public Cloud infrastructure, Adam told the TNF audience that both Cloud providers and users take shared responsibility. “Cloud providers are responsible for the security and resiliency of the Cloud. Cloud users are responsible for the security and resilience in the Cloud,” he said.
Data regulation continues to be a challenge, TNF heard. Although I agree it is important for countries to adopt localised data rules, this can lead to fragmentation, creating logistical complexities and added costs for businesses operating across multiple jurisdictions. He introduced the notions of storage only, storage with conditions, and storage with prohibitions and that the constraints attached to multiple compliance obligations could lead to undermining the very purpose that each regulation intends to serve.
During his session, Adam said there needs to be a fine balance between innovation and compliance. “We need to focus on minimising the collection and storage of data to reduce the scope of data localisation requirements and therefore cost of storage. Anonymise data to remove personally identifiable information, and allow for analysis and use, without violating privacy regulations,” he added.
To balance legitimate policy concerns with the imperative of facilitating cross-border data flows, Financial Regulators should double down on adopting a principles-based approach to data protection, focus on the quality of technology infrastructure – not its location. Ensure access to data for regulatory supervision and law enforcement and increase coordination at the local and international level.
