Financial services must ensure sufficient cyber security to cope with the growing speed of change, according to KPMG cyber security practice leaders

Financial services must ensure sufficient cyber secu...

Explosion in open banking models, cloud and managed service providers is placing strain on traditional control and compliance functions


Related content

29 November 2019, Hong Kong – At a time when trust has become central to the customer experience, KPMG cyber security practice leaders have told a roundtable that they believe financial services firms are demonstrating a commitment to trust through their cyber agendas. They said that amidst accelerating technological disruption, actively managing customer trust is presenting new revenue opportunities and challenges for financial institutions.

Henry Shek, partner, Head of Cyber Security and IT Advisory Risk Consulting, KPMG China, said: “In the rush to provide a superior customer experience, financial services organisations are embracing robotics, AI blockchain and real-time data analytics. However, they must keep a close eye on fraud and be aware of ever-changing fraud scenarios. Cyber criminals are already using new and advanced methods to manipulate security weaknesses, which means that traditional security and protection mechanisms may not be sufficient to deal with AI and advanced technology-enabled attacks.”

The ‘virtual bank effect’

Financial services organizations are competing not only with their traditional peers, but also with an increasing number of agile, digital disruptors such as virtual banks. The pace at which these new players are developing is forcing traditional banks to adopt more agile approaches to managing their own IT infrastructure.

According to the practice leaders, a major transformational change of a bank’s platform used to take anything between two and five years, but now they are up against players with no legacy systems to upgrade and they are forcing the pace. People are now talking about upgrading banking systems every four to six months. That places huge pressure on a bank’s IT people who have to manage the security implications of accelerating change while simultaneously dealing with the legacy of elderly systems and sunk investment.

The challenge is not just from virtual banks. In China, which is well on its way to being cashless, digital payment providers are already commonplace and customers are the driving force for these digital adoptions. Retail and commercial businesses in particular are adapting quickly to ensure they remain relevant to the needs of their customers and are enabling their digital agenda.

Ensuring AI and bots are secure for revolutionising interactions and transactions

Chat bots are fairly common and are being implemented across many Chinese financial services organisations. Most of them are designed to facilitate the customer journey, with ‘question-and-answer’ type algorithms. When the bots start making banking decisions, accountability becomes an issue. The process for letting bots run, and the ‘fail-safe’ that leads to human intervention (e.g. from call centers) must be seamless, to avoid a frustrating customer experience. In general, many financial services organisations have some way to go

before they are able to achieve a sound balance between the robot and the physical.

AI and bots may be revolutionising interactions and transactions, but these need to be kept on a leash to ensure they are secure and trustworthy, and contribute rather than disrupt customer experience. It will be crucial that they embed security and privacy from day one – not just in the design, but in the way they train and operate AIs. Financial services organisations will need to demonstrate AI integrity and robustness, but also meet regulatory and customer expectations.

Shek concluded: “Managing these whole, third-party ecosystems involving cyber, outsourcing, cloud, mobile and customer data are all top of the technology risk agenda. We expect to see more financial services organisations embed cyber security into their digital and business strategy, investing in cyber security as part of the innovation budget, and creating a process to become more resilient to evolving cyber threats.”

- Ends-

About KPMG China

KPMG China is based in 23 offices across 21 cities with around 12,000 partners and staff in Beijing, Changsha, Chengdu, Chongqing, Foshan, Fuzhou, Guangzhou, Haikou, Hangzhou, Nanjing, Qingdao, Shanghai, Shenyang, Shenzhen, Tianjin, Wuhan, Xiamen, Xi’an, Zhengzhou, Hong Kong SAR and Macau SAR. Working collaboratively across all these offices, KPMG China can deploy experienced professionals efficiently, wherever our client is located.

KPMG is a global network of professional services firms providing Audit, Tax and Advisory services. We operate in 153 countries and territories and have 207,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.

In 1992, KPMG became the first international accounting network to be granted a joint venture licence in mainland China. KPMG was also the first among the Big Four in mainland China to convert from a joint venture to a special general partnership, as of 1 August 2012. Additionally, the Hong Kong firm can trace its origins to 1945. This early commitment to this market, together with an unwavering focus on quality, has been the foundation for accumulated industry experience, and is reflected in KPMG’s appointment for multidisciplinary services (including audit, tax and advisory) by some of China’s most prestigious companies.

Media enquiries

Nina Mehra
KPMG China
Direct: +852 2140 2824

Isaac Yau / Isabel Kwok
Citigate Dewe Rogerson
Direct: +852 3103 0112/+852 3103 0123

© 2022 KPMG Huazhen LLP, a People's Republic of China partnership, KPMG Advisory (China) Limited, a limited liability company in Mainland China, KPMG, a Macau (SAR) partnership, and KPMG, a Hong Kong (SAR) partnership, are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.

For more detail about the structure of the KPMG global organisation please visit


Connect with us