Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


older | 1 | (Page 2) | 3 | 4 | .... | 32 | newer

    0 0

    The Office of the Comptroller of the Currency (OCC) today issued a notice of suspension to Mark Johnson, Global Head of Foreign Exchange and Commodities, Americas, HSBC Bank USA, N.A.read more...

    0 0

    The Federal Reserve Board on Thursday took action to bar two former foreign exchange (FX) traders of HSBC from employment in the banking industry. Mark Johnson and Stuart Scott, former senior HSBC managers, were recently indicted for criminal wire fraud in connection with their trading activities at HSBC Bank plc, a subsidiary of HSBC which is a U.S. bank holding company. Johnson was a managing director and the global head of FX cash trading. In that role, Johnson supervised FX trading desks for HSBC. Scott reported to Johnson and was head of FX trading for Europe, the Middle East, and Africa and was also employed by HSBC Bank plc.read more...

    0 0

    Futures commission merchants (FCMs) and retail foreign exchange dealers (RFEDs) must file monthly financial reports with the CFTC's Division of Swap Dealer and Intermediary Oversight (DSIO) within 17 business days after the end of the month. Selected financial information from these reports is published below. The most recent month-end information generally is added within 12 business days after FCMs and RFEDs file their reports, but occasionally may be added later. For example:  The 17th business day filing “due date" for February 28, 2015 financial reports was March 25, 2015.  The 12 business day target for posting these data was April 10, 2015.read more...

    0 0

    The OFR released its latest Financial Markets Monitor today. The monitor says investors’ risk appetites quickly recovered in the third quarter from the initial shock of the United Kingdom's vote to exit the European Union. The ultimate financial and political effects of the U.K.’s exit will take months or years to negotiate, and could introduce further confidence shocks to global markets.read more...

    0 0

    Thank you for having me here today at the inauguration of the Cambridge Cyber Summit.  Congratulations to the Aspen Institute, MIT, and CNBC for launching this event and bringing together such a strong group of leaders from across government, academia, and industry to discuss the cyber threats to America’s security and prosperity, and how we can combat and reduce these threats through technological innovation.    In this esteemed university of technology and innovation, let’s begin with a  decidedly non-technologist: that would be Shakespeare.   The dominant theme of many Shakespeare plays is how miscommunication, accidental or deliberate, thwarts our best-laid plans. Friar Lawrence's ingenious scheme to reunite the star-crossed lovers in Romeo and Juliet turns tragic when his letters to poor Romeo go astray and Romeo kills himself in despair believing that Juliet is dead when she is just drugged and fast asleep. In Twelfth Night, Malvolio receives a fake but cleverly compelling letter planted by Sir Toby Belch and his other foes leading him to believe wrongly that Lady Olivia actually fancies him. The results are disastrous for him. In almost all the plays, the proximate cause of the downfall of leading characters is faulty or altered data. Now, we might think that the advent of the Internet would prevent the kind of heartache these characters endure with data distortion and information breakdown. Today Romeo and Juliet would email or text when apart, and no one would be sending handwritten notes to a lover by horseback over long distances.  The foppish would-be snob Malvolio could avoid humiliation by running a mysteriously found letter through plagiarism software and handwriting analysis to determine the true author. However, just as certain old communication problems were solved in cyberspace, new ones were created, like identity theft, a problem Shakespeare would have loved given the numerous cases of mistaken identification, cross-dressing and impostor disguise in his plays. The new era creates vast new opportunities for espionage, snooping, eavesdropping, and theft of intellectual property, all Shakespearean ideas put on steroids in the Internet age. That's where you come in and why I'm so happy to be with you today.  But now to the technology challenge relevant to our Shakespeare opening: how technology is relevant to the cyber security and resiliency of the financial services sector.   For the past several years, I have been leading efforts at the Treasury Department to enhance the cybersecurity and resiliency of the financial sector. It is indisputable that the cyber threats we face are persistent, increasingly pernicious, and consistently morphing. These threats pose risk to our financial lives and indeed our nation’s prosperity.   When I started leading our efforts, the attacks we saw were primarily nuisances in the nature of DDOS attacks that shut down bank websites for a period of time. They were akin to losing power due to a downed power line in your neighborhood.   However, what were nuisance attacks on the periphery of a bank’s customer-facing website have now evolved into attacks that threaten actual customer information, the foundation of a customer’s relationship with their financial institutions, and their underlying trust. The nature of the attacks we see today target customer information—such attacks have the explicit goal of misappropriating customer information and personal data. We are now seeing spear phishing attacks, ransomware attacks, the stealing of log-in credentials—all methods targeted with the purpose of penetrating the peripheral moats of institutions and getting right to the crown jewel information—to the treasure chests so to speak. The stakes for individuals, institutions, and governments—certainly high in 2014 when only DDOS attacks were the norm and I began this work—today are even higher.   Overcoming these significant cybersecurity challenges is within the realm of the possible.  We are organized around a comprehensive national strategy that involves coordinated efforts among law enforcement, the intelligence community, homeland security, and the vast financial sector itself. The work of enhancing our financial security and resiliency is underway. Indeed, the President’s Cybersecurity National Action Plan recognizes the role of technological innovation itself as a means of defending our nation’s critical infrastructures—like our energy systems and our telecommunication systems—but also defending our nation’s critical financial infrastructure.   This is what I want to discuss today: how we together make our critical financial infrastructure and our virtual financial lives more secure by harnessing the full potential of technological innovation.    To do this I want to talk about some of the recent developments we have seen around financial innovation, multifactor identification and authentication, and blockchain technology, and connect these developments to the vulnerabilities stemming from the practical realities of human behavior and user error.   For a long time, most so-called innovations in finance were euphemistically associated with exotic, but ultimately toxic, derivatives and other financial instruments like “CDO squared.”  So when I use the word “innovation” in the context of finance, I want to use it at its most constructive. Financial innovation embodies the act of introducing new approaches to strengthen our financial system so that it can better serve people. Using this definition of financial innovation, the financial infrastructure of our country—like so much of our critical infrastructure in the United States—remains ripe for exponential innovation that not only enriches the lives of consumers but makes our entire economy more secure.   Interdependence and interconnectivity   Financial transactions are intangible. Because of this intangibility, the Internet becomes a logical platform from which to engage in activities like depositing paychecks, applying for mortgages, splitting bills at a restaurant, investing in the stock market, and checking your credit score.   But the Internet is an accidental enabler of new financial products and services.  It was built with several goals in mind.  It was built to be adaptable, and to allow communication despite outages.  It was also built to be decentralized and cost effective.[1]  Built-in security was not a design goal for the Internet.  When it was conceived, it was not contemplated that the Internet would serve as a backbone for the financial system.  As a result, in our virtual financial lives, we have more options to be connected, to conduct our financial transactions more cheaply, more quickly, and more conveniently; but we can also be less secure.     Trust in the financial system   So let’s look at what’s at stake in terms of security: the design of financial products implicates nothing less than the public’s trust in the financial system.  Disruptions and depletions of such trust in the financial products, services, and institutions that comprise our financial system—as we saw most vividly in the crisis eight years ago—can have profound implications for our sense of trust, which effects our daily lives and our well-being.   When trust in particular financial products, services, and institutions begins to weaken, we experience an insecurity in our financial lives that can be damaging. When such trust is eroded on a much larger scale and includes more than individual and isolated institutions, or products, or services, the economic disruptions are more irreversible.   Consider this recent attack:   Operating in countries where we have limited legal and diplomatic reach, beginning by at least 2013, a criminal syndicate retained technology experts who developed malicious software (or malware). Using the malware, this criminal syndicate, together with these technology experts, infiltrated and initially gained dormant control of not just one computer, but an army of personal computers and web servers—ultimately over a million worldwide, some of which were located here in the United States.    After seizing control, the criminal syndicate activated command of the zombie computer network – known as a botnet – and used it to capture bank account numbers, passwords, and other details necessary to log into online banking accounts from around the world. Once logged in, the criminal syndicate stole customer funds by initiating unauthorized wire transfers from customer accounts to the criminal syndicates’ accounts.  Before being stopped, that botnet—along with ransomware developed by the criminals and their cohorts—had caused more than $100 million in losses.     The challenge   In other words: in order to enhance trust, we need a secure information technology architecture underpinning our financial products, services, and institutions.  Let’s consider the recent incidents involving the SWIFT messaging network as another example.  The SWIFT messaging network connects 11,000 financial institutions across the globe. Those institutions use the SWIFT system to send and receive essential details for the transfer of money: details like the transfer amount, the identity of the sender, and the identity of the receiver.  Attacks perpetrated through the SWIFT messaging network strike at the core of international economic activity.  Earlier this year, cyber actors masquerading as authorized users accessed the SWIFT messaging network and attempted to steal $1 billion from Bangladesh Bank, reportedly walking away with $81 million.    According to SWIFT, the cyber attackers used a three-pronged approach.[2]  First, they infiltrated the victim bank to obtain the bank’s credentials to access the SWIFT network.  Then, they infected that bank’s systems with malicious software (or malware), enabling them to monitor the bank’s account activity and strike at opportune times—like when account balances were high or when bank employees were on vacation.  Finally, they inserted additional malware to circumvent the bank’s system controls that were in place to monitor its transactions.  This malware intercepted and altered confirmations of transactions sent by SWIFT to the bank, impairing the bank’s ability to detect the theft.   Common-sense ways exist to reduce the probability and severity of incidents like this fraudulent misuse of the SWIFT network.  Though offensive responses have their role, for attacks like the ones against SWIFT, defensive responses can be singularly effective.  They include smart practices, like enhanced access controls and identity verification, and the segregation of critical systems.  They also include imposing baseline protections at endpoints.  Enhanced monitoring and anomalous pattern detection during the payment process can also help, as does transaction reporting sent through means separate from the primary system.  Banks and other firms that conduct large volumes of payments have algorithms and methods to monitor and detect illicit transfers that violate economic sanctions or anti-money laundering restrictions.  These algorithms and methods should also be used to detect anomalous transfers that do not match up with a bank’s transaction history—creating automated ways to alert employees of potential cyber intrusions.   These common sense approaches should be widely adopted. But optimally, from the perspective of system design, we would create our financial products and services at the outset so as to strengthen their security and resilience. If we embed optimal design features at the outset of our creations, building in lessons learned from previous cyber breaches, we could move away from the creation of a patchwork of stop-gap measures and new technology solutions layered on top of legacy systems.  Such a bolt-on, ad-hoc approach risks gumming up our financial superhighways by adding complexity.   Reducing complexity and increasing cybersecurity   Let’s pause on complexity: this complexity in the systems and networks that underlie our financial products, services, and institutions shows up in legacy systems with out-of-date hardware and software. Consider that since the 1980s the number of banks in the United States has decreased significantly.[3]  But instead of using this consolidation as an opportunity to streamline their systems architecture, many banks have continued to operate separate legacy systems, jerry-rigging those systems together only when absolutely necessary and then moving on to the next merger or acquisition.        What are the implications of this kind of complexity for cybersecurity?  Newer systems layered in improvised ways on top of legacy systems magnify the potential attack surface, creating potential blind spots and vulnerabilities in system seams, nooks, and crannies, which adversaries can exploit.[4]  Again: potential exploitation has the effect of undermining trust in financial products, services, and institutions.   Our ultimate objective should be to reinforce the public’s trust in the resiliency of the financial product, service, or institution and its ability to perform financial functions—from deposit-taking to trading, and payments to custody.   Tackling human risk: the user experience   How do we meet this collective objective? We start by addressing the risks that human users present in the financial services sector. You see, the challenge may not be as purely technological as we think. Potential intrusions and security compromises start with human errors and actions. Shakespeare teaches us this. We also learn this by binge-watching episodes of the Netflix series “Limitless.” This is the story of an ordinary but irresistible guy named Brian takes a pill that allows him to solve all these mysteries for the FBI. When he takes the pill, his mind unblocks everything he already experienced and he is able to know almost everything. He figures out solutions to new problems, but based on what he already experienced at some earlier point in his life. That's the key, and that's what makes this Netflix series so enlightening. We already have in our existing experiences the behavioral data we need to solve our problem. It’s just that we have forgotten the role of the human in technology.     In short, we can improve the design of our cybersecurity protections by analyzing what we know. The fact of the matter is that customers prefer 24/7 availability, tailored products, and fast response times.  Customers also historically demand easy, frictionless access to online sites and accounts. But the instinct to prioritize ease and speed in our technologies can have the result of driving security solutions to be secondary, an afterthought. When security solutions are an afterthought instead of a core design principle, security does not receive the appropriate level of investment, leading to vulnerabilities that undermine confidence in the platform or firm. For example, to streamline the user experience, financial institutions have relied on security questions to verify user identity, instead of potentially more cumbersome multifactor authentication processes that involve, for example, texting confirmation codes to mobile devices.   Widespread social media use provides answers to common security questions; a person’s Facebook page can tell you their birthday, the name of their first pet, or their high school.  Publicly available information—like our children’s names and birthdays, mother’s maiden name, and college mascots—provide rich sources from which to guess passwords and security answers.  And the series of large-scale data thefts that have occurred over the past several years make deducing passwords or security answers even easier because they are available in different places.   Firms need to develop better solutions, taking into account user behavior. For example, consider how system design is evolving to deal with the authentication challenge presented by stolen or easily compromised passwords: the next generation of online identity verification looks to combine what customers know and have, with what they do, or behavioral biometrics. Left or right handedness, how quickly and confidently a user types, the way she moves her mouse—along with hundreds of other subtle things a user does—combine to form that user’s profile of unique and measurable patterns of human activities. These oh-so-human attributes are less hackable than pieces of our identities like social security numbers, birthdays and first pet’s names.  Linking users’ unique profiles to their login credential allows for continuous and dynamic verification of identity while they are inside a network.  If an abrupt change in a user’s profile occurs, the system would automatically force that user through additional security steps and alert the security team.  When combined with multifactor authentication, this dynamic approach to authentication addresses the later stages of a cyber incident, after the attacker has entered and is attempting to move laterally around a network.  It can also streamline architecture by allowing for the removal of less effective methods.                  Tackling human risk: the back-end system   Another way to reduce the risks that human users present is to improve back-end systems. To this end, there has been an emerging focus on blockchain technology. Also known as distributed ledger technology, blockchain provides a shared digital record of ownership and asset transfer that firms can use for executing, clearing, and settling transactions. For consumers, these systems could be accessible and cheaper, reconciling ledgers and settling transactions faster, and more accurately than our current systems.   These systems can also offer significant security and resiliency benefits if cybersecurity is built in from the ground-up.  Distributed ledgers can be decentralized, meaning all users can have a copy of who holds what asset, and they can use consensus algorithms to validate transactions. As a result, they can make it much harder for attackers to tamper with financial records. For example, it would no longer be effective for an attacker to change the records at a single master database, since every user would also have a master copy. To the extent intrusions do occur at individual users, these systems could also incorporate artificial intelligence to detect anomalies in behavior patterns and data transmissions. This could protect customers from the types of cyber fraud perpetrated using the SWIFT system. Notably, the technology could build security into the hardware and encrypt transactions from the start.   Conclusion As we develop new financial products and services, and replace legacy systems and explore potential uses for blockchain technology, for predictive analytics, and for other innovations, cybersecurity must be a core design principle, embedded in all financial functions, products, and services—end to end.  We cannot sacrifice security, because without it we suffer.   The people leading these efforts—technologists, engineers, heads of business and government,—should inform their approach with their human sensibilities around what security, trust, and confidence mean. We lead human lives that inform what it is to feel secure, to trust in the technologies we create.  Our financial system has a vast number of component parts: the banks, the payment systems, the government watchdogs, the financial educators, the retirement and other financial products—and all the chips and bits that make these component parts work. But, at the end of the day we must make sure that when this financial infrastructure is reconfigured and reimagined, that it contains the intangible glue upon which our financial system’s functions are most dependent: and that is trust. Trust cannot be forgotten when we build and enhance this financial infrastructure, which is so critical for our virtual well-being and our economic well-being and our national security. When all is said and done, we design it to work for us. [1]               David Clark, “The Design Philosophy of the DARPA Internet Protocols,” (August 1988), accessible at http://ccr.sigcomm.org/archive/1995/jan95/ccr-9501-clark.pdf. [2]               See SWIFT CEO Gottfried Leibbrandt, remarks at 14th annual European Financial Services Conference, Brussels (May 24, 2016), accessible at https://www.swift.com/insights/press-releases/gottfried-leibbrandt-on-cyber-security-and-innovation; BAE Systems Threat Research Blog, “Two Bytes to $951M” (April 25, 2016), accessible at http://baesystemsai.blogspot.co.uk/2016/04/two-bytes-to-951m.html. [3]               Nicola Cetorelli, James McAndrews, and James Traina, “Evolution in Bank Complexity,” FRBNY Economic Policy Review (December 2014), accessible at https://www.newyorkfed.org/medialibrary/media/research/epr/2014/1412cet2.pdf. [4]               For discussion on complexity and attack surface, see, e.g., testimony by Dr. Ron Ross to the Commission on Enhancing National Cybersecurity (August 23, 2016) accessible at https://www.nist.gov/sites/default/files/documents/2016/08/25/august23_panelist_statements.pdf. 

    0 0

    Related documents:read more...

    0 0

    Today three Regional Financing Arrangements (RFAs) from Asia, Europe, and Latin America organised for the first time a high-level dialogue to discuss potential areas of cooperation to further strengthen the Global Financial Safety Net (GFSN).read more...

    0 0

    The University of Calgary’s Haskayne School of Business (Haskayne) and the Alberta Securities Commission (ASC) today announced the results of the second annual Alberta Women on Boards Index.read more...

    0 0

    The Investment Industry Regulatory Organization of Canada (IIROC) is promoting its free advisor check database, IIROC AdvisorReport, during Investor Education Month to help investors when they are selecting or working with an advisor.read more...

    0 0

    As part of the new regulatory framework of Solvency II, introduced by the European Union, insurance companies are required to monitor their solvency by computing a key risk metric called the Solvency Capital Requirement (SCR). The official description of the SCR is not rigorous and has lead researchers to develop their own mathematical frameworks for calculation of the SCR. These frameworks are complex and are difficult to implement. Recently, Bauer et al. suggested a nested Monte Carlo (MC) simulation framework to calculate the SCR. But the proposed MC framework is computationally expensive even for a simple insurance product. In this paper, we propose incorporating a neural network approach into the nested simulation framework to significantly reduce the computational complexity in the calculation. We study the performance of our neural network approach in estimating the SCR for a large portfolio of an important class of insurance products called Variable Annuities (VAs). Our experiments show that the proposed neural network approach is both efficient and accurate.

    0 0

    We consider trading against a hedge fund or large trader that must liquidate a large position in a risky asset if the market price of the asset crosses a certain threshold. Liquidation occurs in a disorderly manner and negatively impacts the market price of the asset. We consider the perspective of small investors whose trades do not induce market impact and who possess different levels of information about the liquidation trigger mechanism and the market impact. We classify these market participants into three types: fully informed, partially informed and uninformed investors. We consider the portfolio optimization problems and compare the optimal trading and wealth processes for the three classes of investors theoretically and by numerical illustrations.

    0 0

    Research funding agencies routinely use a proportion of their total revenues to support internal administration and marketing costs. The ratio of administration to total costs, referred to as the administration ratio, is highly variable and within any single fund depends on many factors including the number and average size of projects and the overall efficiency of the funding agency. In this study, the standard agency activities have been identified and used to develop a model of administration costs against expected outcomes. In particular, the model has been designed to estimate the optimum portfolio success rate and administration ratio as a function of a range of key input variables including the project size, the complexity of proposal evaluation and project management, the risk tolerance of the sponsor and the targeted research domain.

    0 0

    Interest rate derivative trading will cease at 1:30 p.m. today, October 7, 2016. Furthermore, the Exchange's offices and markets will be closed on October 10, 2016 (Thanksgiving Day).

    0 0

    Singapore Exchange (SGX) is reporting first-quarter results for Financial Year 2017 (FY2017) after the market closes on 19 October 2016.read more...

    0 0

    The Taiwan Stock Exchange (TWSE) and the Korea Exchange (KRX) announce the cross listing of ETFs tracking the benchmark indices of both markets. The move further expands the growing links and cooperation between the two bourses. Both ETFs will be the first index-based products to track Korean and Taiwanese securities in each market. In Taiwan, the “Yuanta Korea KOSPI 200 ETF” listed today on TWSE. Managed by Taiwan’s Yuanta Securities Trust Co., it tracks the benchmark KOSPI 200 index, which consists of the 200 largest companies listed on the KRX’s KOSPI market and represents 95% of its total market capitalization. In Korea, the “TIGER TAIWAN TAIEX(H) ETF” listed today on KRX. Managed by Korea’s Mirae Asset Global Investment, it tracks the benchmark TAIEX index, which covers all listed common shares traded on TWSE and is the benchmark index for the Taiwan securities market. The listings follow the signing of a Memorandum of Understanding (MoU) between TWSE and KRX in December 2015, as well as a separate MoU between Mirae Asset Global Investment and Yuanta Securities Trust Co. on index product development. Dr. Jun-Ji Shih, Chairman of TWSE, said, “We are extremely pleased to be expanding our cooperation with KRX. I am especially pleased that we have been able to cross list ETFs less than a year since the signing of the MoU with KRX. Our deepening cooperation with KRX is the latest part of our ongoing strategy to work with overseas exchanges to help create listed products that further internationalize the Taiwan capital market.” Dr. Chan-woo Jeong, Chairman and CEO of the Korea Exchange, said the listing of ETFs on both markets is expected to serve as an exemplary practice that will pave the way for expansion of investment in capital markets in Taiwan and Korea through cooperative exchanges between the two markets. The Korea Exchange will continue to offer competitive investment opportunities for investors in the country and abroad by expanding the scope of joint projects and business network with major stock exchanges in the world including the Taiwan Stock Exchange. Looking forward, the KRX and TWSE will continue to work together on new projects, which could include jointly compiling new indices of Taiwanese and Korean-listed companies based on themes such as high dividends or prominence in the technology industry.read more...

    0 0

    The Board of Directors of SIX has elected Daniel Schmucki as new Chief Financial Officer (CFO) at SIX and therefore as member of the Group Executive Board. Daniel Schmucki has long-standing and broad experience as a CFO in a complex and challenging environment. He will take up his role on 1 April 2017 at the latest.read more...

    0 0

    Click here to download TAIFEX Monthly Newsletter for October 2016.

    0 0

    Singapore Exchange (SGX) has been awarded “Derivatives Exchange of the Year” by Asia Risk magazine, securing the prestigious title for a third straight year. This adds to the exchange retaining two accolades in September – “Asian Exchange of the Year” by Futures & Options World (FOW) and “Asia-Pacific Derivatives Exchange of the Year” by GlobalCapital.read more...

    0 0

    International investors based in Hong Kong can now use their existing setup with Clearstream’s global Vestima fund processing platform to directly invest in MRF-eligible, China-domiciled funds. The Mainland China - Hong Kong Mutual Recognition of Funds (MRF) programme allows Hong Kong and Chinese asset managers to distribute recognised funds in both jurisdictions.read more...

    0 0

    Click here to download Malawi Stock Exchange's weekly trading report for week ending 7 October, 2016

older | 1 | (Page 2) | 3 | 4 | .... | 32 | newer