Blogpost

ISMS as a management tool for XAIT

With the help of certified information security management systems (ISMS), institutions can fulfil a large part of the xAIT requirements (BAIT, ZAIT, KAIT, VAIT). If institutions are certified in accordance with ISO 27001, for example, they must also take into account the sector-specific details of the circulars. Nevertheless, the establishment of an ISMS is recommended after the EU regulation Digital Operational Resilience Act (DORA) will soon require an ISMS in addition to the EBA guidelines at the European level.

DORA - Regulation of Technologies in the Financial Sector

The Digital Operational Resilience Act (DORA) creates an EU legal framework "on the operational resilience of digital systems of the financial sector". DORA combines existing regulations on security measures, reporting and verification of outsourcing, but expands and deepens them in selected places. Through DORA, third-party ICT providers become the object of supervision, just like banks and insurance companies. As a comprehensive set of rules for information security, DORA will have an impact in the three dimensions of organisation, regulation and IT in financial companies comparable to that of the GDPR in the protection of personal data.

Big Techs vs. Banks: Payments first then Banking?

In May, the EU Competition Commission found that access to Apple's NFC interface could have been unlawfully restricted. A compulsion to open the NFC interface could trigger far-reaching market movements in mobile finance. Unimpressed by this, Apple is launching its next finance product with an integrated BNPL solution and is entering the credit business - with its own licence and operational processing. Banks should not assume that the regulator alone will solve this challenge for them, but use the opportunity to reflect on their own positioning between cooperation and competition with xPays.

Technological domination within the publishing industry

Publishing houses, especially those with a clear focus on daily newspapers, have come under massive pressure in recent years: In relation to the print business, sales on the reader market are steadily declining, and for a few years now, sales in the advertising business have also been stagnating. At the same time, the technology basis is becoming a problem: legacy ERP systems for the administration and billing of subscription customers can only be operated with a high expenditure of resources, while they hardly allow for digital business models. At the same time, the old editorial systems designed for the print business are not capable of publishing journalistic content quickly and flexibly on digital channels. Covid-19 massively exacerbates the situation and quickly threatens their existence.

On the one hand, new technologies can significantly shrink the cost base quickly and permanently. At the same time, thanks to higher modularity, they offer the necessary flexibility for modern publishing on online and offline channels. Furthermore, new business models can be tested and new ways of monetising content can be explored. To exploit the potential, action must be taken quickly, consistently and with the necessary IT and transformation know-how.

ZAIT – Comparison to BAIT

At the same time as the Banking Authority IT Requirements (BAIT), the German Federal Financial Supervisory Authority has also updated the Payment Services Authority IT Requirements for Payment and E-Money Institutions (ZAIT). The following blog post deals with the changes to the various requirements and analyses the differences between BAIT and ZAIT. It can be said at the outset that, in comparison, six chapters have remained the same in terms of content, five chapters have changed in part and the changes in the area of "outsourcing" have changed significantly. Furthermore, ZAIT introduces more fine-grained specifications, a framework with target formulations and the freedom of implementation with appropriate measures increasingly becomes a catalogue of measures.

Swiss Instant Payments - burden or opportunity for banks?

Instant Payments (IP) are about to become a reality in Switzerland, and as such, will be quickly accepted and expected by customers as the new normal. Simultaneously, IP readiness will require comprehensive adaptations and adjustments in existing processes as well as IT landscapes of banks, thereby limiting the implementation effort from “a lot” to “a whole lot”. The need for Swiss banks to take action and decide on an implementation strategy for Instant Payments is imminent. Our payments experts Tatsiana Bychkouskaya, Tobias Krück, Fabian Meyer and Kenneth Chu Sam explain in their latest blogpost „Swiss Instant Payments – burden or opportunity for banks?“, how Swiss banks can leverage these complex adaptations as an opportunity to gain strategic edge.

IT review of one of the largest parcel shipping

The IT landscape of a player in the logistics sector consists of numerous, historically grown, different systems and platforms, some of which were developed in-house. The tech stack is very broad, whereas both the usual IT management processes and a clear definition of USP-relevant systems are not sufficiently in place. In addition, the dilapidated organisational structure hardly allows for productive cooperation between the business and IT sides.

Pension Association –​ Conception of an overarching Pension Dashboard​

Together with an association, a scientific institute wants to establish a platform that creates transparency and comparability within the available selection of pension products. In the course of this, a scientifically based calculation logic will be developed together with partners from the banking and insurance industry in order to subsequently develop a strategic and technical concept - on the basis of which the platform will be implemented.

SEPA Request-to-Pay – Innovation driver or a castle in the air?

The growth of e-commerce and non-cash POS payments has increased significantly, benefitting card organizations in particular.

RTP offers an opportunity to reorder the balance of power: embedded in an E2E payment instrument, it could offer advantages for end-customers, merchants and banks - especially in terms of costs and convenience.

In addition to the chicken-and-egg dilemma of adoption, there are further challenges that make players hesitant about product development.

These could be resolved in the short term, provided the measures proclaimed in the EU Retail Payment Strategy are implemented. Could this be the missing piece of the puzzle for SEPA-based retail payments?