Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

Sarah Dickinson
on 24 October 2019

FinTechs discuss security, regulation and innovation at New York City roundtable

Earlier this month, Canonical, IBM and FinTech specialists Medici held a joint roundtable in New York for executives within the financial services sector to hear and discuss their pain points, the most prominent emerging technologies and what the future holds. Entitled ‘Graduating from FinTech to FinServ’, the roundtable was hosted by Ross Mauri, GM of the IBM Z and LinuxONE business, Canonical’s CEO, Mark Shuttleworth, and Aditya Khurjekar, Founder and CEO of Medici, to discuss the implications and considerations of moving new technologies into products consumed by millions of users. The event followed a week after the launch of IBM’s newest LinuxONE server including support for Ubuntu.  Together, IBM and Canonical’s solutions are already jointly used by several companies in the financial services sector. 

Ross and Mark opened the roundtable with their perspectives on the industry which kicked off an engaging discussion among the attendees from established financial institutions and banks to disruptors and start ups. Mark discussed how developers are innovating faster on open source. This pace opens the door for new entrants to enter and gain an advantage, challenging more established banks and institutions. Ross emphasised the importance of advanced security and building infrastructure accordingly. 

As the world increasingly adopts digital assets, secure application environments are essential to safeguard data and encryption keys. Equally with banking systems needing to be ‘always on’, deploying a centralised system is much simpler in the event of a failure. Guest speaker Neil Fillary from Shuttle Holdings spoke about digital asset custody solutions and the need for the underlying infrastructure to be as secure as possible, and Ricardo Correia from R3 discussed his experiences of blockchain deployments in the financial sector and the importance of security.

Much of the conversation centred around regulation in the financial services industry – particularly surrounding the blurred lines of when regulators step in and who they regulate. An increasing number of technology companies are entering the financial services space able to sidestep regulation – partly because regulators don’t understand technology well enough. As one attendee highlighted, does it make sense to impose regulation on these companies proactively or wait until an issue occurs for which they can be fined? A data privacy expert explained how regulators will always focus on the risk profile rather than how cool a new technology is, which becomes important as such services move into the mainstream. Using the analogy of regulation acting as a moat, Mark Shuttleworth described how this can reduce the amount of disruptors entering a new industry. However, he added, are those disruptors finding a way to improve the customer experience without being subject to regulation? 

With emerging technologies including AI, blockchain and crypto-currency increasingly being investigated and adopted by banks, there is a mindset and cultural change which needs to be considered. Many of those solutions are being introduced by start ups – but are large institutions happy to place risk on these start ups? As many attendees agreed, organisations are ultimately people and 95% of decisions are based on emotion. One example highlighted a company who decided to invest $1bn a year for 3 years in maintaining legacy systems rather than invest $3bn to update that core with newer technologies. For a CEO or CTO with the responsibility of making that decision, 3 years is a long time to wait for an ROI and so the risk is lower to keep with the status quo. 

However, if established players aren’t willing to take the risk on start ups, then how do they innovate? An attendee from a large bank highlighted that acquiring start ups may be an easier route but summed up the dilemma that banks can remain undecided longer than start-ups can remain solvent. Some of the start ups in the room, speaking from experience, advised not to work with large banks in the first instance unless they have a partner to do so with. Equally, one attendee who used to work for a large bank and has since started his own company, learnt that a lot of conversations with large banks ultimately led nowhere for the cultural and risk reasons already mentioned. 

The introduction of GDPR in Europe in 2018 and more recently, the CCPA in California has added further considerations for anyone within the financial services sector on data management and privacy. Social media and cloud companies have been scrutinised extensively on their handling of customer data but recent breaches show many more companies are victims of the same in the last year. Associating accountability is the challenge when many vendors may be involved in managing an institution’s customer data. The definitions are not as clear cut as in the physical world given software is so malleable and never final. 

After four hours of lively discussion, the roundtable endorsed how both start ups and the established banks face both challenges and opportunities as technology becomes increasingly more fundamental to the development of services in the financial services market. 

Learn how Canonical and IBM serve fintech needs for cloud workloads
or get in touch.

Related posts

Felipe Vanni
12 April 2023

Phoenix Systems sets a new standard for secure cloud services with Canonical and IBM

Cloud and server Article

Phoenix Systems, a Swiss company, partnered with IBM and Canonical to create a hyper-secure OpenStack cloud focused on data sovereignty and data protection. Switzerland is a country where data must be hosted within its borders, and for many workloads, public clouds are not an option. Phoenix Systems stepped in to fill this niche by buildi ...

Luci Stanescu
3 July 2024

What you need to know about regreSSHion: an OpenSSH server remote code execution vulnerability (CVE-2024-6387)

Security Security

Details about the high-impact CVE-2024-6387 vulnerability, nicknamed regreSSHion, and the Ubuntu fix released on the CRD. ...

Andreea Munteanu
10 May 2024

An overview of machine learning security risks

AI Article

Data is at the heart of all machine learning (ML) initiatives – and bad actors know it. As AI continues to occupy the limelight of modern tech discourse, ML systems are becoming increasingly attractive targets for attack. With the Identity Theft Resource Center reporting a 72% spike in data breaches in 2023, it’s critical to ...