Cyber Security on Islamic Banking
As today’s banking becomes more and more digital, clients are rapidly moving from traditional to digital channels. Islamic Banks are responding to this behavioral change by adding more channels and increasing security to keep risks and client experience consistent and positive.
Online banking and innovation may drive customer convenience, but may also give rise to more and new vulnerabilities. By adding new access points for criminals, we are also increasing the risk of cross channel attacks. Cybersecurity vulnerabilities are the main cause for any form of financial crime. Whether we call it smuggling, smurfing, fraud or terrorism it is a global problem that banks need to address and solve.
Managing risk in financial institutions is an ongoing challenge, the impact of which affects many regions across the world, including the Middle East. The United Arab Emirates is considered one of the most highly targeted countries in the world for cyber-attacks, with Saudi Arabia, the country with the highest email spam rate. In 2017, more than 3.6 trillion people within the UAE (approximately half of the population) were affected by cyber-attacks. In 2018 McAfee and CSIS examined and quantified the global economic cost of cybercrime. They rated UAE as the second most targeted country in the world for cybercrime, costing the Emirates an estimated $1.4 billion every year (“The Economic Impact of Cybercrime — No Slowing Down”). Moreover, according to PWC’s “21st CEO Survey”, leaders in the Middle East rank fears around cyber threats higher compared to other regions, while the fear of cybercrime as a risk has risen significantly from 24% in 2017 to 40% in 2018.
The Middle East is particularly inclined to cyber-attacks, as there are many companies with large amounts of liquid capital, and there is also a high number of global foreign nationals living and working with access to foreign or global networks and data. There has also been a tendency for some countries to lag behind in upgrading cybersecurity and related technology to global standards. At the same time, the speed of expansion of smart technologies, along with the proliferation of IoT devices are raising further vulnerabilities to such attacks.
Cyber-attacks are not just a technology issue but also a major legal risk. Regulators are responding to this threat with new cyber and data laws. New audit powers and mandatory reporting requirements are putting businesses in the spotlight, and a serious attack could mean significant reputational and financial impact and loss of customers. In United Arab Emirates (UAE) for example, cyber-crime law has been in force since 27 August 2012 and comprises 51 articles, most of which set out specific cybercrimes and prescribe the applicable penalty for each crime.
Still, Islamic banks should not rely on regulators to tell them what they need to do to safeguard their systems, as this is not enough to protect their business. Regulators cannot always follow the pace of technological evolution in time. Cyber-crime can result in significant losses in both revenue and reputation for an Islamic bank, along with the interruption of their daily operations. From a broader perspective, it can even impact the overall digital landscape by shaking clients’ trust and confidence in conducting transactions online. In such a challenging environment, Islamic Banks need to secure their operations using the proper technology and screening tools, which will provide the necessary transparency, consistency of information and will reduce compliance costs.
The market is offering solutions to protect the Islamic banking sector from financial crime and prevent cyber-attacks. A comprehensive solution should cover fraud prevention, watch-list screening, anti-money laundering, and KYC, delivering industry-leading levels of detection with lowest false positives rates. The ideal solution builds a customer’s financial behavior DNA to detect and stop suspicious transactions that deviate from normal and expected behavior.
Furthermore, the product becomes even stronger with the addition of an AI-powered financial profiling tool. This kind of tool can assist banks in improving the seamless and frictionless nature of their customer journeys and experience they offer by focusing their financial crime detection efforts on areas of higher risk. AI tools can enhance detection sophistication and, by better understanding what can be considered normal for a given customer concerning their own and their peer groups’ financial behavior, reduces the need for banks to seek this additional level of verification when it is not needed. This means that financial crime mitigation efforts, including anti-money laundering, can be focused on higher risk groups. The use of AI is an essential component in creating an intelligent Islamic bank of the future. This capability needs to be accessible to all Islamic banks, regardless of their type and size.
Improving customer journeys by creating frictionless Omni-channel experiences is becoming a key priority for Islamic banks. Investment in financial mitigation capabilities that will automate their cybersecurity is becoming a must. Islamic banks will have to enhance the protection they offer to their customers from cybersecurity and financial crime, and avoid risks of reputational damage and potentially heavy fines and large losses.
This article was first published in Islamic Finance news Volume 16 Issue 44 dated the 6th November 2019.