–  More than two decades ago, security, financial, and production systems were supposed to be in a crisis because of the Y2K bug. Now, from the point of view of risks and security, quantum systems are in a "Year 2000," only on a larger scale," Artur Derwiszyński of Intel says in an interview with the Data Science blog, and Łukasz Libuda of SAS adds: - We have two sides of the coin. One is purely technological, concerning security, and the other is the computing power quantum computers will bring, meaning it will be possible to perform more operations and probably cheaper and faster to make business decisions.  

Artur Derwiszyński works at Intel as FSI Lead for EMEA. Previously, he worked in  the banking and insurance sectors. He graduated from the Warsaw School of Economics and the University of Minnesota.

Łukasz Libuda is an expert in risk management, working at SAS as Head of Risk Practice for Central Europe. He specializes in financial and operational risk issues. He is also involved in the optimization of internal processes in organizations.

A few years ago, great hopes were pinned on blockchain's impact on the financial market, especially cryptocurrencies. Today, the real scale of this impact can be debated. Meanwhile, another important trend has emerged - activities called Cybercrime as a Service. How do you assess the significance of this phenomenon?

Artur Derwiszyński, Intel: This is an extremely dangerous, and at the same time interesting from a business perspective, the development of cybercrime. From the technological side, it is worth referring to the Software as a Service model, which has reduced the price of access to services, increased their availability, and thus accelerated development in many areas. Similarly, Cybercrime as a Service also "democratizes" the criminal market and lowers the cost of cybercrime, and therefore, related services such as Ransomware as a Service, DDoS as a Service, or Phishing as a Service. As a result, cybercriminals' operations will become better, faster, and more pervasive. Phishing as a Service combined with AI will mean hyper-personalized messages. Hacking services will enter an even higher level and become accessible to millions of people around the world.

Are these future challenges, or are these methods already in use today? Is it just now that we are learning about the technical details but with some delay?

Of course, they have been in operation for a few years now. Some of the 2022 and 2023 attacks on hospitals and other healthcare entities in the UK were likely carried out not only by the "big shots" of the criminal world, like BlackCat but also through the platform services of cybercriminals.

On the other hand, it seems that the "golden age" in this branch of cybercrime is yet to come. And I'm speaking in the future tense, because I'm focusing on the use of artificial intelligence which will be the next level of sophistication in the activities of criminals. But undoubtedly, this type of practice is already underway, only at a relatively small scale right now.

Łukasz Libuda, SAS: I might add that what Artur is talking about is a really scary prospect. Technology is usually either an opportunity or a threat. In this case, it's a huge threat because if it's possible to personalize the message, that is, we no longer have a message written by a crook in broken Polish, but a correct, believable-sounding statement - and we can today easily change the caller's voice or the image, this is a very serious threat, which is accelerating, and we have to realize that we cannot stop it. Therefore, it is very important to provide basic education to consumers and users about the latest forms of attacks and to include a limited trust mechanism.

On the other hand, looking from an organization's perspective, we have two options - active and passive security. Active means installing the latest technology, hardware, and software, which will act like a wall and allow secure data, systems, and information processing. The second option is passive security or insurance. Increasingly, companies are insuring against cyber attack. If an organization is unwilling or unable, for some reason, to buy the hardware that will allow it to implement a higher level of security, it opts for insurance to provide adequate compensation for potential losses to the company and its customers.

We talked about blockchain at the beginning. From the perspective of the financial market, it has so far failed to live up to expectations, or is it necessary to evaluate this technology more calmly through the prism of the Gartner Hype Cycle Curve?

A. D.: I don't think it hasn't lived up to expectations. It's just that notions about the speed of adoption of this technology in business were exaggerated. Blockchain, or Distributed Ledgers more broadly, in my opinion, are doing quite well, and its productive applications are slowly growing, especially when it comes to smart contracts and fast cross-border payments. In addition to this, many central banks are working on introducing digital currencies.  In some economies, this could significantly increase the pace of deployment of blockchain-based services. On the Gartner Hype Cycle Curve, we have an area called the "slope of enlightenment." And I think that's what's happening with blockchain right now. We may even already be at the beginning of the uphill road, past the rock bottom, so I am very optimistic about the technology. Regarding interbank applications, blockchain use cases will increase even if they do not necessarily touch the customer.

Ł. L.: I agree that we have had spending on potential opportunities so far. We went up, we went down recently. It's a technological innovation that you could make money on because blockchain is what many people associate with making money. Perhaps we, as a society, are not yet so digitized, and perhaps, in terms of corporate applications, it was too early to use blockchain more widely.

But I see a parallel here with the topic of ESG, that is, the consideration of Environmental, Social, and Economic Governance factors in doing business. Five years ago, no one was talking about ESG. Later, companies declared that they were well advanced in this area, but in the real world, there was no proven methodology, no transition plan, or mapping between ESG risk factors and the profitability of doing business. Everything was fuzzy, so we similarly succombed. But for some time now, there have been new data sources and more detailed concepts on using ESG factors to model customer or market risks.

And with ESG, isn't it the case that taking non-financial reporting seriously has been forced on companies by the European administration? In addition, we have the European Green Deal and, in the context of the financial market, primarily the EU Taxonomy.

A. D.: In my opinion, the topic is developing mainly because of economic factors, but of course, regulatory pressure is also important.

The taxonomy of the European Union is probably already a super strong push, right?

Ł. L.: That's right. It should be noted that doing business with environmental, social, and economic factors in mind has been done for a long time. Companies ran CSR campaigns, helped schools, and wanted to show that they were actually doing something beyond just generating business and money. That is, they had this social face. That's first, and secondly, certainly, ESG could be a fad there is a lot of talk about it.

We've been doing quite a bit around ESG for a long time, only it was called a little differently before, and there was less emphasis on the letter E (Environment), i.e., the consideration of environmental factors in business conduct. Thirdly, I think companies are also afraid of being excluded because of the possible stigma of not dealing with ESG - nowadays, it's a differentiator and an offering judged by others.

Today, artificial intelligence is associated with all the cases, multiplying possible applications and lurking dangers. But, while we can already imagine AI, moreover, we use it in many activities. A much more enigmatic prospect is quantum technology. How will the entry into the use of quantum computers affect the financial market, among other things, in terms of security?

A. D.: Some of us remember a moment in history when there was a theme of the Year 2000 problem, when a huge information bubble had built up that there would be a worldwide paralysis of computers with dates in double digits. Security, financial, and production systems were going to go down. And I think that now, from the point of view of risks and security, quantum systems are such a "Year 2000", only that on a larger scale. And above all, we don't know when this "Year 2000" will happen, it's a big increase in uncertainty - and in this respect, from my perspective, it's a much more difficult topic than the Year 2000 problem.

I am very pleased to say that Intel is one of the leaders in the work on quantum computers, and we are happy to share our knowledge in this area with both financial institutions and regulators. It is necessary for these institutions to be prepared for the day when it may turn out that most of the cryptographic safeguards developed in recent years may become obsolete overnight.

How does this quantum challenge look from a risk management perspective?

Ł. L.: We have two sides of the coin. One is purely technological, concerning security, which is what Artur was talking about - we don't know when the work is going on, but it will definitely happen. Quantum computers will bring more computing power, making it possible to perform more operations, and cheaper and faster decisions. It will no longer be necessary to generalize so much to aggregate data - we can make decisions very precisely. From the perspective of financial management, the balance sheet rist of making decisions regarding how much to work with customers, this technology will allow even more precise use of technological innovations and translate them into substantive, process, and analytical benefits. I see many applications: recalculating the entire balance sheet under different risk factor development scenarios, valuation of financial instruments or consideration of different risk factors in insurance. I believe that quantum technology will help risk managers make better decisions.

But before quantum computers come to market, a model called Confidential Computing is already in operation based on current solutions.

A. D.: Intel's technologies have been helping to encrypt network and disk data for years. In contrast, we have recently carved out and become a leader in data encryption during processing time, the area of Confidential Computing. This approach is important for data security but also extremely important in terms of regulation. The whole concept of Intel Trust Authority is to isolate data and applications from the rest of the system at processing time. Even if an attacker takes over other parts of the system, the processed data will still be protected. This is one of Intel’s main strengths.

Ł. L.: One has to think - what is it all for? At the customer level, it's about providing the best possible customer experience. If the technology Artur was talking about is already secure and proven, then the customer feels valued, and we are now talking about a customer-centric approach. And from the company's perspective? We are using this technology to unlock the potential for growth, that is, to treat the customer more individually and hyper-personalize this approach. We want to improve profits, and we want to be resilient to market fluctuations.

Above all, again, I come back to AI. We need all these analytical methods that provide a better assessment of the customer's risk, their creditworthiness, with models built faster, better operationalization, and even more models. That is, we can serve specific customer segments in a customized way. And what does the market expect? Quick action. The customer expects a quick decision, doesn't want to wait, and needs a personalized product. Now, technologies can meet all these expectations, improving customer experience and the de facto cooperation as well. That is, we have a win-win situation.

Returning to regulatory issues related to CX, we now live in the reality between the EU directives PSD 2 (Payment Services Directive) and PSD 3. What does this mean for Open Banking?

A. D.: Further development. A few years ago, working with the European Payments Council, I was involved in the work on PSD2. I can say that this directive has undoubtedly had a key impact on the dynamic change in customer service and digitization of banking services in Europe and the world. From 2016-2019, we had a rash of Fintechs and new services. Over time, it turned out that the market revised its business models, which caused some startups to go bankrupt, some to build their own strong brands, and others to change their profile from offerings focused on retail customer service to working with banks and optimizing their processes. It is also worth noting that the final shape of the directive itself deviates from the first one in some of its provisions and is an even more revolutionary proposal.

The next version of the Payment Services Directive (PSD3), currently under development, is also subject to similar efforts from stakeholders. CX assumes an even wider opening of access to customer data, not only for payment accounts but especially for savings or investment accounts. So, from the point of view of being able to assess a customer or estimate the risks associated with that customer - there will be much more data available on this subject than today.

Ł. L.: From a data perspective, I might add that PSD 2 and probably PSD 3 is Open Banking, where we have a new vector of information explaining customer behavior and what is most important to us regarding risk management. What I mean by that is the additional data that we are throwing to feed advanced analytics that are running on advanced hardware. All this helps us make good decisions. And good decisions mean a satisfied customer and a thriving company. Of course, we always keep in mind that we work on very detailed information regarding sensitive financial aspects of each customer, so security is a priority. And remember that the customer may or may not give us permission to use specific data. But fundamentally, customers want better service, so they tend to make a click - which represents potential from a risk management perspective. We look forward to the expansion of information that PSD 3 is expected to bring.

Finally, another question is not about customers or corporations but future employees. Industry 4.0 and 5.0 repeats the thesis that soft skills are now more important than hard ones. What competencies will be most in demand in the labor market in 2024?

A. D.: It depends, among other things, on what kind of position we are considering. Because whether we're thinking about the year 2000, 2024 or 2035, the expectations for a network security specialist will probably be slightly different than for a customer service specialist. An interesting shift is occurring in the expectations for in-house collaboration skills. Departmental silos, characteristic of business 20 years ago, are disappearing, and companies expect, for example, technical AND business staff to discuss service development or customer needs together. In such a landscape, soft skills seem particularly important, and more and more companies are paying attention to employees' emotional intelligence, adaptability, and communication skills. In addition, with the development of the technologies we discussed earlier, digital proficiency or knowledge of cybersecurity is widely expected - even in employees who, until now, did not need to know about it. Not at an expert level, of course, but one that will protect against phishing or hacking through an employee's account into company-wide resources.

Ł. L.: We have new technologies, new datasets, new ideas for their use, new use cases, and so on. That is, broadly speaking, openness to change in terms of technologies, processes, and collaboration will be crucial for innovative development. It is very important to be able to step out of one's silo and understand what each decision entails, what are the risks, what are the opportunities, and what are the possibilities? Such flexibility and versatility are needed today because technology is just a tool. It's just functionality that needs to be used skillfully to ultimately have a measurable effect in terms of, for example, increasing CI/CX or increasing the profitability of doing business. It's not that technology will automatically give us better productivity, innovation, and increased sales. On the other hand, it undoubtedly requires the development of new competencies to use its potential optimally for the development and competitiveness of the organization. That is, openness, flexibility, and the ability to adapt to new challenges on the one hand and digital proficiency on the other - these are the main competencies employers will expect from employees in 2024.