Establishing appropriate controls for Order Management on Instant Messaging channels

By CTO Vincent Caldeira 

 

Recently the Securities and Future Commission (SFC) in Hong Kong issued a circular to Financial Intermediaries (FIs) regarding the key controls and procedures expected to be in place when using Instant Messaging (IM) applications to receive client orders. This is not a new business practice, but I believe the wide discrepancy on how these risks are being assessed and addressed has called for some level of standardization across the financial markets.

While using IM applications introduce several challenges in terms of specific technology, information security, and operational and regulatory risks, such tools are still being widely used by clients and FIs to communicate. This is because they provide a direct channel to distribute relevant and actionable information on a timely basis, while allowing to introduce process efficiency in the interaction between customers and the bankers. As such, we at Bondlinc have enabled IM channels as an inherent part of our solution. Our platform integrates natively with the FIs' clients’ chosen channels (such as Facebook Messenger or WeChat) while providing all the appropriate controls that would be expected of a secure and compliant banking solution.

   Secure login to request for a quotation

Secure login to request for a quotation

This article describes some of the key measures and controls implemented in the solution to meet the requirements described in the SFC Circular.


Centralized Record Keeping

·        The solution provides one central point of interaction for the bank’s employees (Relationship Manager, Dealer) to interact with customers using multiple IM applications. Our solution achieves this with Identity Brokering and User Federation components implemented using some of the most popular security standards for Web single sign-on (SSO) such as SAML 2.0, OpenID Connect and OAuth 2.0. This enables integration with 3rd-party Identity Providers from the FIs as well as leading IM solutions as identity sources.  

·        All order records and contextual information for the order (chat between the institution and its clients) are transmitted and stored for future reference using industry-accepted cryptography standards, in a form that cannot be altered or tampered with.

·        Data retention for all order management data can be specified and managed according to the FI’s internal policies and regulatory requirements.


Security and Reliability

·        The solution manages step-up authentication with an ability to use zero, one or two-factor authentication where appropriate. For example, public information such as details about a new bond issue can be viewed by a customer, without requiring an additional mobile application download or client login. However, access to indicative quotes would require a simple, one-factor authentication. Furthermore, any transaction confirmation will require step up to a second factor of authentication to complete the final transaction. This allows validating the identity of the client at the appropriate time along the transaction process and getting an authenticated digital acknowledgement for audit trail purposes.

   Appropriate zero, one, and two factor authentication requirements

Appropriate zero, one, and two factor authentication requirements

·        Transport security (SSL) is used to protect the communication channel between the IM application and Bondlinc services. This ensures that the end-to-end transmission of order messages is safe.

·        Message-level security is used to ensure confidentiality by digitally encrypting the message itself, authenticating the originating entity using X509 certificates, and enforcing integrity by using digital signatures.

   Secure communication relay between the customers' and the banks' IM applications

Secure communication relay between the customers' and the banks' IM applications

Compliance Monitoring

·        All messages and order information are securely routed to our central event management pipeline. This allows Compliance to perform real-time monitoring against a set of pre-configured rules (including unusual trading patterns, specific restricted keywords used in conversations with the Relationship Manager or Dealer, etc…), and securely store the information in a data warehouse for reporting, reviewing and auditing purposes.

·        A specific module for Compliance officers allows reviewing of all historical order conversations and messages. To support any required investigations, dynamic search criteria can be used to search through a specific period of time or particular clients’ accounts.

 

Conclusion

Bondlinc’s solution natively provides critical controls for our customers to efficiently manage the specific technology, information security, operational and regulatory risks that trading bonds over IM channels entail. For more information or for a demonstration, do not hesitate to contact me at vc@bondlinc.com.


As the CTO Bondlinc, Vincent oversees the technology design and development of the company’s Software-As-A-Service bond trading platform. The comprehensive solution aims to standardise, improve and automate the traditional bond trading workflow.

CTO Vincent Caldeira takes a trip to HongKong to deliver his keynote speech!

ij-general_2000-01-01-01.jpg

The Innovation Jams help Temenos to identify the very best fintech companies, those that add real business value to its customers. Following the success of previous years' events, Temenos is holding a series of regional Innovation Jams to showcase the most impressive demos of financial services software to financial institutions.

c4a3ff1a-0297-496f-a9b2-c46e290204e2-large.jpeg

On 22nd March 2018, our CTO Vincent Caldeira traveled to the Temenos Jam HongKong to deliver his keynote speech "Innovation or Exnovation?" In his speech he covers five principles on how banks can survive in the future. He also shares his insights on the different ways to manage innovation (or exnovation) whether it be through Fintech investment, Partnerships, Innovation labs, or Banking-as-a-service. 

Download here: Keynote Slides: Innovation or exnovation? 

At the 2017 Asian Private Banker Technology Awards Luncheon

CEO Ong Eng Keong and CTO Vincent Caldeira receiving the Most Promising Fintech Startup award at the Asian Private Banker Technology Awards Luncheon! 

We are honoured to be among some well-known and established technology companies receiving one of APB Technology Awards 2017. This is a good way to start 2018, a year in which we are targeting to work closely with Private Banking customers to implement our solution.

Bondlinc's mantle is quickly filling up with all these awards! Many thanks to Asian Private Banker for recognizing our hard work! And also a big thanks to our wonderful in-house development team who have been working tirelessly to improve and develop an even better Bondlinc solution! 

 
WhatsApp Image 2018-03-08 at 2.32.49 PM.jpeg
 

Bondlinc - Awarded Most Promising Startup by Asian Private Banker

 
asian private banker.jpg
 

We are on a roll with these awards! 

"Launched in 2015, the Asian Private Banker Technology Awards celebrate the innovations and achievements of Asia’s rapidly growing financial technology sector.

The Awards are open to all tech vendors that provide solutions for private banks, institutions with private banking facilities and wealth managers in Asia."

Sincerest thanks to Asian Private Banker for this award and also a big congratulations to the other winners of the 2017 Asian Private Banker Technology Awards! 

 
winners.JPG
 

Bondlinc – Winner of the ZAMMA AWARD at NTT Data's Open Innovation Contest 7.0

 Kotaro Zamma, Head of Section and Kaz Okada, Senior Expert for the Open Innovation and Business Incubation for NTT DATA Corp. 

Kotaro Zamma, Head of Section and Kaz Okada, Senior Expert for the Open Innovation and Business Incubation for NTT DATA Corp. 

INTRODUCTION TO NTT

“Let’s change the world together.”

"The global community is facing a variety of challenges, including poverty, hunger, health, hygiene, education, gender and national inequality, energy, climate change, destruction of nature, and peacekeeping. In order to solve these challenges, open innovation will play greater roles than ever so that people throughout the world can work together across national borders in advanced technology and new business models to create solutions.

NTT DATA originally started as a public corporation to play a role in the Japanese communication infrastructure. Since the transformation to a private corporation, we have played an essential role in the Information and communication technology (ICT) social infrastructure as the leading system integrator in Japan. Currently, we promote ICT business in over 50 countries across the world."

 Details on the Singapore Contest 

Details on the Singapore Contest 

BONDLINC'S PARTICIPATION AND RESULTS

After being invited to participate in NTT's Open Innovation Contest 7.0, Bondlinc submitted a comprehensive business proposal which was subsequently chosen as one of the ten Finalists. The Pitching Day in Singapore was held on 11th Jan 2018 at the artistic co-working space at The Working Capitol on Robinson. Ten startups pitched their innovative solutions to the five judges for that one ticket to the Grand Finale held in Tokyo.  

The results? Bondlinc won the ZAMMA AWARD, named after Mr Kotaro Zamma himself! 

We would like to thank everyone who made this event and experience possible! 

Bondlinc at the Singapore FinTech Festival 2017!

Bondlinc kicked off the largest FinTech festival of the year, by participating in the Xperts talks during the Lab Crawl at UOB’s FinLab. Organized by the Monetary Authority of Singapore (MAS) and in partnership with Association of Banks in Singapore (ABS), this week-long event included many exciting opportunities to share our company’s vision and mission.

Lab Crawl @BASH: CTO Vincent Caldeira storytelling Bondlinc’s odyssey of a FinTech startup in the Asian Financial Industry...

Held at Singapore Expo, the next three days of SFF2017 gave us many opportunities to meet potential clients, investors, and partners as well as other FinTech startups. UOB’s FinLab hosted us at their cosy Hospitality Lounge to share our products to a great audience. Also, our specially featured FinTech Ecosystem booth at Amazon Web Services allowed us to demo the upcoming Bond Butler and spend a full day capitalizing on the good flow of traffic passing by AWS.

At UOB's Hospitality Lounge... 
What happened at AWS Fintech Ecosystem Booth...

We'll definitely be back for more FinTech festivals! Many thanks to all who were involved in making SFF2017 a great experience!

Bondlinc goes to KL!

Shortly after our Echelon experience, BondLinc is back for more FinTech fairs! BondLinc will be going to Kuala Lumpur from the 5th to the 6th of July. We will be participating in the event Building Global FinTech Connections: Singapore with Kuala Lumpur organised by the Monetary Authority of Singapore (MAS).

 

This is a great opportunity for us to meet other FinTech startups and parties interested in FinTech developments. We are always on the lookout for potential partners that would work with us and help us extend our reach in the region. 

 

We will be manning our booth in the event as one of the finalists of The Finlab (Cycle 2). Do look out for our booth located in the UOB cluster and drop by if available! 

 

Details about the event can be found here.