Advances in technology have fundamentally changed the nature of the banking sector, extending its operational reach and enhancing efficiency for banks and their customers. But with such rapid change comes a range of threats that have considerably extended the scope of risks affecting the sector.
According to Mahendran Naicker FCCA, head of operational and resilience risk for regional operations at South African banking group Absa, ‘The most heightened risks you face in banking operations in Africa are your country risk, sovereign risk and forex risk, and overlaying that is regulatory risk. But,’ he adds, ‘with the forward march of technology, cyber threats have become a prominent additional risk.’
Naicker is well placed to comment on the risk landscape for banks. With his responsibilities covering all Absa’s African markets – which include Ghana, Kenya, Uganda, Mauritius, Seychelles, Zambia, Tanzania, Mozambique and Botswana – he has a bird’s eye view of risk across the continent.
Cyber defences
While accepting that cyber threats are undoubtedly a risk, he says the bank has become robust in dealing with these by developing and using specialist teams to proactively manage external threats.
‘Absa has a large number of subject matter experts and invests heavily in learning and development, both formal and informal,’ he explains, ‘so we are never short of the requisite skills to manage risk, especially technology risk.’
The most common cyber threats in these markets are phishing or email scams where customers or staff are tricked into revealing personal details by clicking on links on a fraudulent email.
Not every market is the same, however, with the extent and nature of cyber threats varying between countries. In many African markets, Naicker notes that manual banking processes are still prevalent, which means that cyber scams are not currently as sophisticated as those experienced in more developed markets. Nevertheless, African markets are digitising, rapidly transitioning from a system largely based on bank branches to mobile lending that will offer greater efficiency for both banks and customers.
Big transition
The change from manual to digital banking services is a big transition for many of Absa’s customers, Naicker says, but with education and awareness campaigns for customers and colleagues ‘we put forward a strong defence against cyber threats’.
Unsurprisingly, artificial intelligence (AI) looms large among the digital tools now widely used in the sector. Naicker says that while AI is valuable for mining data to deliver efficient services to customers, its effectiveness is limited as it can only go so far without human oversight and is susceptible to inherent bias.
Securing AI models and data is a multi-faceted challenge that requires a thorough understanding of potential vulnerabilities and a proactive approach to privacy and compliance. Implementing defences against attacks, employing data privacy techniques, and adhering to legal regulations are all critical elements in establishing trustworthy and resilient AI systems.
Compliance with frameworks such as the Protection of Personal Information Act (POPIA) and GDPR is essential
Several defensive strategies are required to fortify AI models against known vulnerabilities. For example, by exposing the model to deceptive inputs it can be taught to make correct predictions even when presented with slightly altered data.
To ensure data privacy in AI models, a technique known as differential privacy is used, which adds ‘noise’ to the data or model’s output so that individual data points cannot be reverse-engineered from the output. This provides a formal mathematical guarantee that the privacy of the individual data points is preserved, Naicker says.
In addition, compliance with legal and regulatory frameworks such as the Protection of Personal Information Act (POPIA), GDPR, Health Insurance Portability and Accountability Act (HIPAA), and others, is essential.
As the landscape evolves, the strategies to secure the models and data will continue to advance, underscoring the importance of staying abreast of developments in this dynamic field, Naicker says.
He is optimistic that Absa has what it takes to counter any threats on the horizon. ‘The bank’s leadership has been willing to invest so we have the talent,’ he says. ‘We have employees inside the organisation with the skills to deal with anything that may come our way, whether tactical or strategic.’
‘It’s all about protecting the central bank and the cash reserves’
Volatility
Aside from the technology risk, the volatility in currency markets is a particular challenge for risk managers in the banking sector. In many of the African countries in which Absa operates, the main trading currency is US dollars. Central banks have regulations to protect the local currency – for example, to ward off hyperinflation or to prevent the local currency depreciating to a point where it cannot be used to transact. But with government liquidity challenges, foreign exchange controls and a shortage of US dollars in some markets, banks (and other businesses) need to ensure that they have adequate hard currency to pay suppliers and extend finance to customers, and to repatriate profits.
Naicker accepts that regulation is necessary to protect clients and the economy. At the same time, he acknowledges that the burden it places on banks is considerable, given the many regulatory requirements that must be complied with – for example, when onboarding a supplier, such as a software provider. This is warranted, he says, as suppliers will be paid in US dollars, which can be in short supply.
‘Suppliers that provide core banking services to the banking sector are generally from outside the country because equivalent suppliers within a country tend not to have the required skill set to service the requirements of the banking ecosystem. [As a result,] the central banks in many of the markets in which Absa operates play a heightened role in protecting the currency and foreign exchange reserves.’
‘I always say it’s the culture you need to understand in Africa’
Naicker accepts that the heightened level of risk is why the cost of doing business in Africa is very high, but he points out that as a result the rewards are correspondingly high.
‘It can be frustrating for a company coming in from a first-world environment and trying to do business in African markets, if they don’t have the appreciation for the culture,’ he says. ‘I always say it’s the culture you need to understand in Africa. If you don’t appreciate and understand that then you’re going to really struggle all the way.’
