“FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page i — #1

CPA PROGRAM
DIGITAL FINANCE
FIRST EDITION
 “FMPrelims_PrintPDF” — 2021/10/18 — 11:36 — page ii — #2

Published 2021 by John Wiley & Sons Australia, Ltd,

42 McDougall Street, Milton Qld 4064,
on behalf of CPA Australia Ltd,
ABN 64 008 392 452
First edition published June 2021
First edition revisions published November 2021
© 2021 CPA Australia Ltd (ABN 64 008 392 452). All rights reserved. This material is owned or licensed by CPA Australia
and is protected under Australian and international law. Except for personal and educational use in the CPA Program, this
material may not be reproduced or used in any other manner whatsoever without the express written permission of CPA
Australia. All reproduction requests should be made in writing and addressed to: Legal, CPA Australia, Level 20, 28
Freshwater Place, Southbank, VIC 3006, or [email protected].
Edited and designed by John Wiley & Sons Australia, Ltd.
Printed carbon neutral by Finsbury Green
ISBN 978 0 64 875134 2
Authors
Airwallex
Mark Brimble
Griffith University
Nigel Morkel-Kingsbury
James Murray
RMITO
Lee Smales
Swinburne
Advisory panel
Kyelie Baxter IQ Accountants
Alain Boey PETRONAS
Mario Bojilov Meta Business Systems
Mark Brimble Griffith University
Michael Davern University of Melbourne
Gopal Kiran Jampana Deloitte
Gary Pan Singapore Management University
Greg Unsworth PwC

CPA Program team

David Baird Alana Penny
Shubala Barclay Shari Serjeant
Jeannette Dyet Seng Thiam Teh
Yani Gow Alisa Stephens
Kristy Grady Tiffany Tan
Mandy Herbet Helen Willoughby
Alex Huang Joyce Wong
Elise Literski Emily Wu
Julie McArthur Luke Xu
Christel O’Connor Belinda Zohrab-McConnell
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page iii — #3

ACKNOWLEDGEMENTS
MODULE 1
Figure 1.1: © Gomber, P., Koch, J-A. & Siering, M., 2017. Digital Finance and FinTech: current
research and future research directions. Journal of Business Economics, 87. 10.1007/s11573-017-0852-x;
Figure 1.4: © Courbe, J, 2016, ‘Financial services technology 2020 and beyond: embracing disruption’,
PWC, p. 33, https://www.pwc.com/gx/en/financial-services/assets/pdf/technology2020-and-beyond.pdf
© 2020 PwC. All rights reserved; Figure 1.8: © ITU; Extracts: © Gomber, P., Koch, J-A & Siering, M,
Digital Finance and FinTech: current research and future research directions. Journal of Business
Economics, 87. 10.1007/s11573-017-0852-x; Examples 1.3, 1.5 and 1.8: © Airwallex 2020.

MODULE 2
Figure 2.13 and case study 2.1: © Little Phil; Table 2.30: © Deloitte 2018, ‘SME digital payments:
New opportunities to optimise’, The Paytech Revolution Series, Deloitte, https://b2bpay.com.au/
wp-content/uploads/2018/03/Deloitte_Payments-Landscape-Report-2018.pdf.
CPA Australia wishes to acknowledge the team from Swinburne University of Technology for authorship
and project management of ‘Future of Money’.

MODULE 3
Figures 3.3 and 3.5: © Kinetic Consulting; Example 3.8: © RapidMotion; Example 3.17: © The YGS
Group.
CPA Australia wishes to acknowledge the team from Swinburne University of Technology for additional
content authorship of ‘Technology and its use in Finance’.
CPA Australia wishes to acknowledge the team from RMIT Online for authorship and project manage-
ment of ‘Technology and its use in Finance’. Acknowledgement and special thanks are extended to:
• Amy Wilson from RMIT Online for project management
• Trinity Ryan, Ross Palmer and Tricia Di Giambattista from The Learning Hook for learning design
and authorship
• David Thurkle at IBM for authorship and subject matter expertise.

MODULE 4
Figure 4.10: © Commonwealth of Australia; Figure 4.37: © Bernard Marr; Figure 4.42: © Common-
wealth Bank of Australia 2020, Annual report, pp. 106, 108. https://www.commbank.com.au/content/
dam/commbank/about-us/shareholders/pdfs/results/fy20/cba-2020-annual-report-print.pdf; Figure 4.43:
© David Elliott, It’s a fact… scientists are the most trusted people in the world, 18 September 2019,
https://www.ipsos.com/sites/default/files/ct/news/documents/2019-09/global_trustworthiness_2019-aust-
ralia.pdf; Example 4.10: © iTnews.com.au; Example 4.12: © Commonwealth of Australia.
CPA Australia wishes to acknowledge the team from Swinburne University of Technology for additional
content authorship of ‘Data Analytics, Interpretation and Visualisation’.

MODULE 5
Figure 5.21: © RegTech; Extract: The Treasury © Commonwealth of Australia 2020.
CPA Australia wishes to acknowledge the team from Swinburne University of Technology for additional
content authorship of ‘Risk Management, Governance and Regulation’.
CPA Australia wishes to acknowledge the teams from RMIT Online for authorship and project
management of Risk Management, Governance and Regulation. Acknowledgement and special thanks
are extended to:
• Amy Wilson from RMIT Online for project management
• Trinity Ryan, Ross Palmer and Tricia Di Giambattista from The Learning Hook for learning design
and authorship
• Adam Stevenson from Airwallex for authorship and subject matter expertise
• Yvonne Sears from ISDefence for course mapping.

ACKNOWLEDGMENTS iii
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page iv — #4

These materials have been designed and prepared for the purpose of individual study and should not be
used as a substitute for professional advice. The materials are not, and are not intended to be, professional
advice. The materials may be updated and amended from time to time. Care has been taken in compiling
these materials, but they may not reflect the most recent developments and have been compiled to give
a general overview only. CPA Australia Ltd and John Wiley and Sons Australia Ltd and the author(s) of
the material expressly exclude themselves from any contractual, tortious or any other form of liability on
whatever basis to any person, whether a participant in this subject or not, for any loss or damage sustained
or for any consequence that may be thought to arise either directly or indirectly from reliance on statements
made in these materials.
Any opinions expressed in the study materials for this subject are those of the author(s) and
not necessarily those of their affiliated organisations, CPA Australia Ltd or its members.
As the supplier of third-party study guide materials to the publisher, CPA Australia is responsible for
the use of any materials for which the intellectual property is owned or controlled by a third party.

iv ACKNOWLEDGMENTS
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page v — #5

BRIEF CONTENTS
Subject Outline xii

Module 1: The Digital Finance Ecosystem 1

Module 2: Future of Money 73
Module 3: Technology and its use in Finance 157
Module 4: Data Analytics, Interpretation and Visualisation 243
Module 5: Risk Management, Governance and Regulation 371

Glossary 471
Suggested Answers 483
Index 503
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page vi — #6

CONTENTS
Subject Outline xii 1.8 Current use of FinTech by accounting
and finance professionals 40
MODULE 1 FinTech innovations in retail 40
Innovation incentives in the financial
The Digital Finance services sector 42
Ecosystem 1 1.9 Innovation thinking in FinTech 43
Preview 1 Wealth management 43
Part A: Digital Finance Landscape 2 Payments 44
Introduction 2 Financial markets 45
1.1 Technological evolution 2 Emerging FinTech 48
The network age 2 Innovation roadblocks 49
The transformation of accounting Innovation opportunities 49
and finance 3 Summary 50
Creating a future-ready finance function 4 Part D: Digital Transformation 51
1.2 Impact of technology on the digital 1.10 Organisational strategy 51
finance landscape 5 Strategic management processes 52
Analysing the digital finance landscape Strategic management environments
using the digital finance cube 5 and goals 52
Analysing drivers of innovation using the ten 1.11 Digital transformation strategies 52
types framework 11 What is a digital transformation
1.3 Impact of technology on banking/ strategy? 53
financial markets 14 Digital transformation methodology 53
How funds flow through the traditional Digital transformation in action 55
financial system 15 Value drivers 57
A changing landscape 15 1.12 How digital transformation strategy
A new model of innovation — working can help achieve an organisation’s
together 16 goals 58
Open banking and open marketplaces 16 Benefits of digital transformation 58
Summary 18 Why most companies struggle
Part B: Digital Finance Ecosystem 20 to innovate 59
Introduction 20 The role of accounting and finance
1.4 Digital ecosystem 20 professionals in digital transformation 60
Digital ecosystem components 20 Keeping pace in a fast-moving world 63
The characteristics of a digital Methods and practices 64
ecosystem 22 Technologies and architectures 64
How digital ecosystems create and Financial innovation in organisations —
deliver value 23 locking in the benefits 65
Evaluating a digital ecosystem 25 Summary 69
1.5 Digital financial services Review 70
ecosystem 26 References 70
Goals of digital financial services 27
Requirements for a digital financial services MODULE 2
ecosystem 27
Issues and challenges in the DFS Future of Money 73
ecosystem 30 Preview 73
1.6 The payments ecosystem 32 Part A: Digital Currency 75
Summary 34 Introduction 75
Part C: FinTech (Innovations) 36 2.1 Money and currency 75
Introduction 36 Functions of money 75
1.7 FinTech in business 36 Properties of money 75
The scope of FinTech 36 Differences between money
FinTech vs traditional financial and currency 76
services 37 Types of currency 76
Strategic issues in the FinTech sector 39 Traditional currencies 76

vi CONTENTS
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page vii — #7

2.2 Digital currencies 78 2.12 Decentralised finance 119

E-money (electronic The four phases of DeFi development 119
money) 78 Advantages and disadvantages of
Virtual currency 80 DeFi 120
2.3 Cryptocurrency 83 DeFi DApps vs incumbents 120
Summary 84 Future outlook 120
Part B: Digital Payments 86 2.13 Impact of cryptocurrencies on finance
Introduction 86 and future outlook 121
2.4 Digital payments 86 Finance professionals and
Payment systems and methods 86 cryptocurrency 121
Digital payment systems 88 Benefits of cryptocurrencies 121
2.5 Types of digital payments 90 Risks of cryptocurrencies 122
Card-based payments 90 Key considerations and future outlook 123
Electronic fund transfer (EFT) 91 Summary 123
Digital wallets 91 Part E: Alternative Finance Providers 125
Hybrid forms of digital payments 93 Introduction 125
Considerations for business 96 2.14 What is alternative finance? 125
2.6 The future of digital payments 97 How does alternative finance work? 126
Cashless society 97 Why is alternative finance important? 126
Personalisation 97 Regulating alternative finance 127
Frictionless payments 98 2.15 Alternative lending 127
Cybersecurity/fraud protection 98 Peer-to-peer lending (marketplace
Financial literacy 98 lending) 127
The changing context of digital Balance sheet lending 128
payments 98 Comparing peer-to-peer and balance
Summary 99 sheet lending 128
Part C: Distributed Ledger Technology 100 Invoice finance 129
Introduction 100 2.16 Alternative funding 130
2.7 Distributed ledger technology 100 Investment-based crowdfunding 131
Databases 100 Non-investment-based crowdfunding 133
Distributed ledgers 101 2.17 Crypto-based funding 134
2.8 Blockchain technology 103 Initial coin offerings 135
Consensus mechanisms 103 Initial exchange offerings 136
A solution to the double-spending Initial DEX offerings 137
problem 104 Security token offerings 137
Permissions and ownership 105 2.18 Impact on the organisation 138
2.9 Smart contract technology 107 Borrower and investor perspectives 139
Ethereum 107 Choosing between or blending mainstream
Distributed applications 107 and alternative financing 139
Oracles 108 Impact on the current finance system 140
Comparing conventional and smart Summary 141
contracts 108 Part F: Future of Banking 142
Advantages and limitations of smart Introduction 142
contracts 110 2.19 Future of banking 142
2.10 Blockchain in financial services Customer preferences 142
and beyond 110 Enablers of change 143
KYC verification and compliance 110 What does the future of banking
Remittances 111 look like? 144
Accounting/auditing 111 Summary 147
Trade finance 111 Case study: Little Phil 148
Summary 112 Review 151
Part D: Cryptocurrencies 113 References 151
Introduction 113
2.11 Cryptocurrencies 113 MODULE 3
Coins 113 Technology and its use in
Tokens 115
Stablecoins 116 Finance 157
Cryptocurrency applications 117 Preview 157

CONTENTS vii
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page viii — #8

Part A: Automation 158 Part D: Machine Learning 206

Introduction 158 Introduction 206
3.1 The basics of automation 158 3.12 The basics of ML 206
Key automation technologies 158 How does ML work? 206
Combining technologies 162 Types of ML 212
3.2 The value of automation 163 3.13 Benefits of ML 213
Using intelligent automation for visual, ML in finance and business 213
linguistic and prediction tasks 163 3.14 Risks and challenges for using ML 216
Using a balanced scorecard to evaluate 3.15 Building an effective ML strategy 217
automation and communicate Incorporating ML into the AI strategy 217
its benefits 166 A strategy for scalability 218
3.3 Planning for success 167 Summary 219
Building an effective automation Part E: Value of Technologies 221
strategy 168 Introduction 221
Summary 169 3.16 Choosing the best technology 221
Part B: Robotic Process Automation 171 3.17 Reshaping for an automated future 223
Introduction 171 Elements of a digital transformation
3.4 The basics of RPA 171 strategy 223
How does RPA work? 171 Value creation using automation 226
Unattended, attended and hybrid RPA 172 Governance, risk and compliance
Business process management 172 challenges of automation 227
Where does RPA fit? 173 Ethical considerations 231
3.5 Benefits of RPA 176 Preparing for an automated future 233
Creating a business case for RPA 177 3.18 Case study 234
RPA in the finance function 179 Summary 237
RPA in business 182 Review 239
3.6 Risks and challenges for using RPA 186 References 239
Data security 186
Technical issues 186 MODULE 4
System change 187
Process selection 187
Data Analytics, Interpretation
Employee morale 187 and Visualisation 243
3.7 Building an effective RPA strategy 188 Preview 243
RPA success factors 188 Part A: Data Literacy 244
Developing an RPA solution 189 Introduction 244
Experimenting with RPA 189 4.1 Introduction to data and data literacy 244
Implementation and building to Data-informed decision making 244
RPA maturity 190 Analytics 244
Summary 192 4.2 The need for data literacy 247
Part C: Artificial Intelligence 193 Defining data literacy 247
Introduction 193 Why is data literacy important? 247
3.8 The basics of AI 193 Implementing data literacy at leading
How does AI work? 193 companies 248
A brief history of AI 194 4.3 Data literacy culture and the role of the
AI enablers 195 finance professional 249
Types of AI 195 What is data literacy culture? 249
3.9 Benefits of AI 196 The role of the professional in data literacy
AI in finance and business 196 culture 249
3.10 Risks and challenges for using AI 198 4.4 Basic data science concepts 252
AI risks 198 Data categories 252
Data challenges 199 Probability 253
Managing risks and challenges when Summary 261
implementing AI 200 Part B: Extraction, Consolidation and Design
3.11 Building an effective AI strategy 202 of Data Strategy 263
Aligning AI strategy and business Introduction 263
strategy 202
Summary 205

viii CONTENTS
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page ix — #9

4.5 Data strategy: why a business needs a Risk associated with environmental
data strategy 263 changes 299
Developing a data strategy for 4.11 Applying AI to analytics: benefits, risks
analytics 264 and examples 299
4.6 A framework for designing an effective Benefits 300
data strategy 266 Risks 301
Data strategy frameworks 266 Machine learning 302
The smart strategy board 267 4.12 Case study: Detecting money
Identifying data needs 268 laundering 309
Prioritising data needs and obtaining Summary 313
data 273 Part D: Data Interpretation 315
Analysing data 276 Introduction 315
Communicating to support 4.13 Data interpretation: introduction and
decision making 276 considerations 315
4.7 Data strategy implementation 276 Extracting knowledge from data 315
Data ‘ownership’, organisational politics and Domain knowledge 316
culture 277 Quantitative and qualitative analysis 317
Data management systems 279 Data visualisation 317
Data migration 281 Overcoming cognitive bias 317
Change management 282 Correlation 319
Agility, responsiveness and crisis Causation 321
management 284 Common mistakes in data
Implementing data strategies in small interpretation 324
businesses 285 4.14 Data-informed decision making 325
Summary 285 Data-informed decision-making
Part C: Data Analytics 287 frameworks 325
Introduction 287 Iterative approaches 326
4.8 What is big data and analytics? 287 4.15 Example of a decision-making
Big data 287 framework 326
How is business using big data? 288 Assessing the adequacy of the
Big data implementation 289 insights 327
Skills required by finance Making a decision based on the
professionals 290 information 327
4.9 The data analysis process 292 Summary 329
Step 1: Define the purpose 292 Part E: Data Visualisation 330
Step 2: Obtain the data 292 Introduction 330
Step 3: Explore and clean the data 294 4.16 The role of visualisation 330
Step 4: Reduce the data dimension Exploratory and explanatory
(if necessary) 294 visualisations 330
Step 5: Determine the analysis task 295 4.17 Telling a story with data 333
Step 6: Partition the data (for supervised Step 1: Storytelling 333
tasks) 295 Step 2: Understanding the context 334
Step 7: Choose the analysis Step 3: Choosing the most effective visual
techniques 295 display 335
Step 8: Use algorithms to perform the Step 4: Using cognitive principles to give a
task 295 clear picture of the data 347
Step 9: Interpret the results 295 Visualisation tools 350
Step 10: Deploy the model 297 Dashboards 351
4.10 Risk, warnings and challenges in data Summary 367
analytics 297 Review 368
Data quality 297 References 368
Outliers 297
Missing values 298 MODULE 5
Normalising (standardising) and rescaling Risk Management,
data 298
Oversampling rare events in classification Governance and
tasks 298 Regulation 371
Preview 371

CONTENTS ix
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page x — #10

Part A: Risk Management 373 5.11 What is data/information security and

Introduction 373 cybersecurity? 410
5.1 Introduction to risk and risk The evolving threat of cybersecurity 411
management 373 5.12 Industry standards 412
Risk governance 373 APRA CPS 234 security standard 412
Risk and organisational strategy 374 PCI DSS 413
Risk management objectives 374 NIST 413
The risk management framework and The ISO/IEC 27001 standard 414
process 375 5.13 Implementing best practice
The risk management value chain 375 information security 416
Risk management responsibilities 376 ISMS project implementation method 416
Best practice risk management 377 5.14 Selecting security controls 418
5.2 Risk management standards 377 Physical assets 418
ISO 31000 377 Information assets 419
ISO 27001 377 Types of controls 419
ISO 27005 377 Categories of security controls 419
5.3 Risk management process 378 Mapping controls to risk and building a
Risk profiles 378 statement of applicability 419
Risk identification 382 5.15 Implications of an immature approach
Risk analysis 383 to cybersecurity 422
Risk evaluation and risk treatment 384 A ‘light touch’ approach 422
Risk monitoring and action 389 Engaging cybersecurity professionals 422
5.4 Future innovation in risk management 391 5.16 Cyber breach 424
Summary 392 Preparedness for a breach 424
Part B: Governance 393 5.17 Data protection, ethics and privacy 425
Introduction 393 Importance of ethical conduct in the digital
5.5 What is risk governance? 393 economy 425
Good governance 393 Principles of data ethics 426
The elements of governance 393 Data privacy 426
Creating good governance 394 Summary 429
Principles of good governance 395 Part D: Compliance 431
Governance roles and responsibilities 396 Introduction 431
Increased accountability — BEAR and 5.18 What is compliance? 431
FAR 398 A compliance industry standard 431
5.6 Poor/inappropriate risk governance 398 Key components of an effective compliance
Communication of risk 398 framework 433
When governance is lacking 399 5.19 Developing a compliance framework 433
5.7 Developing risk governance through KPMG’s compliance framework 435
culture 400 Challenges and common mistakes when
Positive governance culture 400 developing an effective framework 436
Fit-for-purpose 400 5.20 Compliance in action 436
Governing organisational culture 401 Key learnings from compliance
5.8 What is the right mix for a governance failure 438
Board? 402 5.21 Moving forward with compliance 438
5.9 Future threats to governance 403 Staying current with compliance 438
Impact of technology on corporate Resources for reimagining compliance 439
governance 403 Summary 439
Ethics and governance with automation Part E: FinTech Regulation 440
and AI 404 Introduction 440
5.10 Data governance 405 5.22 Why does regulation occur? 440
Data governance goals 406 Regulating the old and the new 440
Data governance tools 407 Risks to consumers and investors 440
Data governance maturity model 407 Risks to regulated financial services
Data governance and AI 408 firms 441
Summary 408 5.23 FinTech regulation authorities —
Part C: Security and Privacy 410 Australian and global regulations 443
Introduction 410 Key regulators in Australia 443
Key regulation and law in Australia 444

x CONTENTS
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page xi — #11

Regulation and law — activities 444 The benefits of RegTech 455

FinTech industry regulation in Australia 445 Matching RegTech to the need 456
Global regulation 446 Top-down RegTech implementation 457
5.24 What has changed and have the Industry barriers to implementation 458
regulations kept up? 448 5.27 Keeping up with regulations 458
The regulatory response 448 Keeping up with regulations in a bank 458
5.25 What does it mean for a FinTech 5.28 Preparing for RegTech 459
company operating in a global Strategies for RegTech
environment? 450 implementation 459
The customer journey 450 RaaS 460
Some things to look out for 451 5.29 What’s next for RegTech? 460
The future of FinTech firms and their Trust and regulation 460
regulators 452 The future 461
Summary 452 Summary 465
Part F: Regulatory Technology 454 Review 466
Introduction 454 References 466
5.26 The basics of RegTech 454
What is RegTech? 454 Glossary 471
Suggested Answers 483
Technologies and their capabilities that
Index 503
support RegTech 454

CONTENTS xi
 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page xii — #12

SUBJECT OUTLINE
INTRODUCTION
The purpose of this subject outline is to:
• provide important information to assist you in your studies
• define the aims, content and structure of the subject
• outline the learning materials and resources provided to support learning
• provide information about the exam and its structure.
The CPA Program is designed around five overarching learning objectives to produce future CPAs
who will be:
• technically skilled and solution driven
• strategic leaders and business partners in a global environment
• aware of the social impacts of accounting and business
• adaptable to change
• able to communicate and collaborate effectively.

BEFORE YOU BEGIN

Important Information
Please refer to the CPA Australia website for dates, fees, rules and regulations, and additional learning
support at www.cpaaustralia.com.au/cpaprogram.

SUBJECT DESCRIPTION
Digital Finance
Digital finance usually describes an ecosystem that embodies a range of new finance software, businesses
and products, together with novel forms of customer communication and interaction. Today it plays an
increasingly important role in almost every aspect of our society. The Digital Finance subject explores the
knowledge and skills necessary to deal with accounting and finance in a digital world, equipping candidates
with the tools to apply emerging technologies in a real-world context.
The aims of the Digital Finance subject are as follows.
• Assist candidates in building their career through the attainment of emerging accounting and digital
finance skills that are transferrable across a diverse range of roles.
• Provide candidates with a practical introduction to the key technologies used in digital finance and their
business implications.
• Equip candidates with the knowledge and skills to transform their organisation by converting uncertain-
ties regarding the use of digital finance technologies into impactful opportunities that create efficiencies,
generate insights and value, and support strategic objectives.

SUBJECT OVERVIEW
In today’s rapidly evolving digital landscape, with its onslaught of new and innovative solutions,
accounting and finance professionals must stay ahead of the opportunities and challenges presented by
these technologies and other digital disruptors. It is imperative to learn to recognise and reap the full
benefit of these technologies and the digital finance environment. This subject explores the knowledge
and skills necessary to understand and navigate the complex world of digital finance, and provides the
tools to apply emerging technologies in a real-world context. More specifically, the subject discusses the
topics of:
• the digital finance ecosystem
• the future of money
• technology and its use in finance
• data analytics, interpretation and visualisation
• risk management, governance and regulation.

xii SUBJECT OUTLINE

 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page xiii — #13

General Objectives
On completion of this subject, you should be able to:
• examine where we are today, and where we will be in the near future, with technologies used in the
digital finance environment such as artificial intelligence (AI), machine learning (ML), robotic process
automation (RPA), big data, digital payments and digital currencies
• apply your knowledge to translate complex digital finance concepts and terminology to support informed
strategic decision making around the use of key digital finance technologies in business
• use your insights of digital finance technologies to navigate the changing technological environment in
which accounting and finance professionals work
• examine the regulatory and organisational implications of digital finance technologies and how they can
be applied in a range of settings including compliance in organisational contexts.

STUDY GUIDE
Module Descriptions
The subject is divided into five modules. A brief outline of each module is provided below.
Module 1: The Digital Finance Ecosystem
The business environment is characterised by networked systems and increasingly open exchanges of data
between them, enabling new ways for businesses to create value. The finance industry is increasingly turn-
ing towards simplified, fast and reliable solutions using AI, automation and data-driven personalisation.
This module is designed to provide candidates with the knowledge required to understand the current
finance landscape and the forces shaping the future — especially the various types of technology and
innovative uses of technology in finance. It aims to provide the skills candidates will need to evaluate the
opportunities and challenges an organisation will face as it develops and implements a strategic approach
to digital transformation in order to prepare for and succeed in the digital finance ecosystem.
Module 2: Future of Money
This module examines innovations in how value is exchanged. While some forms of digital payment are
well established, new and emerging digital currencies and types of digital payment are leading to more
efficient, immediate and personalised exchanges. In particular, cryptocurrencies, based on blockchain
platforms, are seen as a potentially transformative force in the monetary system. Cryptocurrencies,
perhaps alongside distributed ledger technologies generally, have the potential to decentralise and largely
disintermediate transactions.
This module also describes alternative sources and types of finance, which enable organisations to access
capital in new ways. It concludes with a discussion of the future of banking.
As digital payments, digital currencies, including cryptocurrencies, and alternative finance are expected
to reshape the monetary system and the role of institutions within it, this module aims to provide the
knowledge and skills to evaluate the role of these innovations in solving problems facing the organisation
and meeting its objectives.
Module 3: Technology and its use in Finance
This module examines the potential uses of robotic process automation (RPA) and various types of
artificial intelligence (AI) technology to achieve efficiencies and create value for organisations. These
technologies enable automation of various tasks, increasingly personalised interactions with customers
and other external stakeholders and intelligent interaction and collaboration with internal stakeholders.
The aim of this module is to provide the knowledge to evaluate, choose and promote appropriate digital
technologies to help the business achieve efficiencies and solve problems in creating value for a wide
variety of stakeholders.
Module 4: Data Analytics, Interpretation and Visualisation
This module discusses concepts related to the use of data to support data-informed decision making in
organisations, beginning with the need for data literacy and progressing through data strategy, the analysis
process, interpretation of outputs and visualisation for decision makers.
Data analytics and interpretation provide organisations with the ability to transform their data into
insights that enable efficient, informed and actionable decisions. Finance departments are being relied
upon to demystify complex sets of data and derive insights that shape an organisation’s strategy. Effective
teams use visualisation when communicating with stakeholders to translate the data into easily understood
concepts and demonstrate significant findings. Through this module, candidates will learn the relevant

SUBJECT OUTLINE xiii

 “FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page xiv — #14

technologies in the organisation and their role in shaping analytics strategy to maximise the organisation’s
return on its investment in analytics technologies.
Module 5: Risk Management, Governance and Regulation
Digital finance is creating new and changing risks, compliance needs and regulatory challenges. This
module aims to provide candidates with foundational knowledge in the areas of governance, risk
management and compliance as it pertains to the digital finance environment. It also examines regulation
of digital finance and the use of technology to help meet complex and changing regulatory requirements.
With digital transformation sweeping the industry, data security and data privacy are increasingly
vulnerable to threats of data breaches and cyber-attacks. Businesses must proactively consider the risks
involved when using digitised data and processes and employ the necessary safeguards to support the
increasing use of data throughout business processes, transactions and stakeholder interactions.

Module Weightings and Study Time Requirements

Total hours of study for this subject will vary depending on your prior knowledge and experience of the
course content, your individual learning pace and style, and the degree to which your work commitments
will allow you to work intensively or intermittently on the materials. You will need to work systematically
through the study guide, attempt all the questions and revise the learning materials for the exam. The
workload for this subject is the equivalent of that for a one-semester postgraduate unit.
An estimated 15 hours of study per week through the semester will be required for an average candidate.
Additional time may be required for revision. The ‘Weighting’ column in the following table provides an
indication of the emphasis placed on each module in the exam, while the ‘Recommended proportion of
study time’ column is a guide for you to allocate your study time for each module.
Do not underestimate the amount of time it will take to complete the subject.

TABLE 1 Module weightings and study time

Recommended proportion
Module of study time (%) Weighting (%)

1. The Digital Finance Ecosystem 20 20

2. Future of Money 15 15

3. Technology and its use in Finance 20 20

4. Data Analytics, Interpretation and Visualisation 25 25

5. Risk Management, Governance and Regulation 20 20

LEARNING MATERIALS
Module Structure
The study guide is your primary examinable resource and contains all the knowledge you need to learn
and apply to pass the exam. The Digital Finance study guide is divided into five modules, suggested
answers and a glossary, and includes a number of features to help support your learning. These include the
following.
Learning Objectives
A set of learning objectives is included for each module in the study guide. These objectives provide
a framework for the learning materials and identify the main focus of the module. The objectives also
describe what candidates should be able to do after completing the module.
Examples
Examples are included throughout the study materials to demonstrate how concepts are applied to real-
world scenarios.
Revision Questions (and Suggested Answers)
These numbered revision questions provide you with an opportunity to assess your understanding of the
key learning points. These questions are an integral part of your study and should be fully utilised to support
your learning of the module content.

xiv SUBJECT OUTLINE

 “FMPrelims_PrintPDF” — 2021/8/27 — 13:47 — page xv — #15

Reflective Questions
These require you to reflect on an issue or an example in the study materials.
They are not numbered, rather they are identified by the CONSIDER THIS heading above the question.
Suggested answers are not provided in the study guide for these reflective questions.
Key Points
The key points feature relates the content covered in the section to the module’s learning objectives.
Review
The review section places the module in context with other modules studied and summarises the main
points of the module.
References
The reference list details all sources cited in the study guide. You are not expected to follow up this
source material.

My Online Learning and Your eBook

My Online Learning is CPA Australia’s online learning platform, which provides you with access to a
variety of resources to help you with your study.
You can access My Online Learning from the CPA Australia website: cpaaustralia.com.au/myonline
learning.
eBook
An interactive eBook version of the study guide will be available through My Online Learning. The eBook
contains the full study guide and features instructional media and interactive questions embedded at the
point of learning. The media content includes animations of key diagrams from the study guide and video
interviews with leading business practitioners.

GENERAL EXAM INFORMATION

All information regarding the Digital Finance exam can be found on My Online Learning.
The study guide is your central examinable resource. Where advised, relevant sections of the CPA
Australia Members’ Handbook and legislation are also examinable.

SUBJECT OUTLINE xv
“FMPrelims_PrintPDF” — 2021/6/1 — 8:18 — page xvi — #16
MODULE 1

THE DIGITAL FINANCE

ECOSYSTEM
LEARNING OBJECTIVES

After completing this module, you should be able to:

1.1 evaluate the complexity of digital transformation and its impact on the work of accounting and finance
professionals to meet specific business needs
1.2 analyse the complexity associated with the practical implementation of emerging technologies and their
impact on the finance ecosystem
1.3 support the adoption of digital technologies to achieve an organisation’s strategic goals.

PREVIEW
The innovative application of technology has transformed the business world. As increasingly ubiquitous
internet-enabled devices generate, store, process and exchange massive amounts of data at low cost and in
near-real time, a new wave of transformation is underway. This transformation is rapidly changing the way
businesses work, communicate and collaborate with each other, and with their customers, to create value.
In this context, accounting and finance professionals need not only a working understanding of the
current finance landscape, but also the knowledge and skills to evaluate and respond to the opportunities
and challenges associated with the digital finance innovations that are transforming the finance ecosystem.
Part A of this module describes the emergence of the data-enabled ‘Network Age’ and how technologies
and innovations are impacting on finance functions and institutions. This establishes the context in which
accounting and finance professionals will work to evaluate and support the adoption and implementation
of innovations that can help achieve the business’s strategic goals.
Part B of the module explains and illustrates the components, characteristics and function of a digital
ecosystem. This provides an understanding of how a digital ecosystem creates value and thus how to
evaluate innovations to determine their role in helping an organisation achieve its strategic goals. To help
navigate the complexity of the technologies and applications involved, we will describe the goals and
benefits of the digital financial services ecosystem, the enabling environment and infrastructure, and the
issues and challenges encountered during the digital transformation of finance. This part concludes with a
discussion of payments in the digital finance ecosystem.
Part C of the module discusses financial technology (FinTech) applications relevant to the work
of accounting and finance professionals, and to the broader digital financial services ecosystem. We
begin by exploring the role of FinTech businesses in the development of innovative digital finance
solutions. FinTechs leverage technology to create cost-effective niche services to fill needs that are not
optimally served by the traditional financial services institutions. As the sector has developed, FinTechs
and traditional providers increasingly cooperate and collaborate. After discussing the digital finance
applications of FinTech, we discuss emerging areas in FinTech and the opportunities and roadblocks that
must be considered when developing, evaluating, adopting or implementing digital finance innovations.
Part D draws together the tools and knowledge presented in parts A, B and C to enable accounting and
finance professionals to play a valuable role in the evaluation, planning and practical implementation of
digital finance innovations that will digitally transform the business to help achieve its strategic objectives.
By developing the ability to understand and evaluate the impact of technology on accounting and
finance, the components and functioning of the digital finance ecosystem, innovative FinTech, and digital
transformation issues and strategies, this module provides the foundations for evaluating and taking
Pdf_Folio:1

advantage of the specific digital finance technologies and developments discussed in the later modules.
PART A: DIGITAL FINANCE LANDSCAPE
INTRODUCTION
The innovative use of technology has shaped the entire history of human society. Just as the development
of steam power, machinery and factory production lines transformed business and life during the Industrial
Revolution of the seventeenth century, today mobile communications, connected smart devices and
massive data processing power are creating a Network Age in which businesses and consumers create
and consume value in new ways.
The technologies of the Network Age affect the full spectrum of finance-related tasks, including sales,
procurement and payroll. Digital finance embodies a range of new financial software, businesses and
products, together with novel forms of customer communication and interaction. FinTech companies are
responsible for many of the technological innovations, but existing providers have also responded to this
competition by transforming their operations (Gomber, Koch & Siering 2017).
This part of the module describes the current digital finance landscape, provides two frameworks to help
analyse digital finance, and establishes the skillset that accounting and finance professionals need in order
to understand, evaluate and adopt the innovations that are digitally transforming the finance function.

1.1 TECHNOLOGICAL EVOLUTION

Technology, business and finance have evolved together over centuries. The rapid computerisation of
the workplace in the second half of the twentieth century was often considered to be the first truly
transformative force in industry since the Industrial Revolution. Over the past decade, a new transformative
force has emerged, marking the beginning of the Network Age.

THE NETWORK AGE

The Network Age is characterised by interconnectivity, enabled by the internet, smart devices, mobile
communications and the rapidly diminishing cost of technology. Connectivity generates a network effect.
Network effects are positive returns to scale; as participant numbers grow, the value of participating also
grows. One-to-one trade, transactions and communication between individuals and organisations enable
exponential possibilities for the creation and consumption of value. The use of Network Age technologies
in industry — especially the combination of analytics, artificial intelligence and automation — is often
referred to as Industry 4.0.
Data is the medium of exchange that enables the Network Age. Low-cost, mobile, connected technology
provides for almost unlimited creation, storage, processing and real-time sharing of data. As we shall see in
parts B and C of this module, this ready availability and free flow of data is the key to FinTech innovations
and the functioning of the digital finance ecosystem itself.

Big Data
The datasets that arise from the pervasive creation and capture of data in the Network Age are commonly
referred to as big data. Big data is characterised in terms of:
• volume — the large size of the datasets created by collecting and storing the data generated by devices,
transactions and interactions
• variety — the breadth and depth of datasets that arise from diverse sources
• velocity — the speed at which new data is generated and accumulated within datasets
• veracity — the variable quality of datasets given the diverse source of data collected.
These are known as the four V’s of big data. Sometimes value is described as the fifth V, to recognise
that the effective use of data is often the key to value creation.
It is the data created and exchanged between devices, individuals and organisations that underpins
most aspects of digital finance, including FinTech, the development of digital ecosystems, automation,
personalisation and analytics. Much of this study guide deals with how to use data to create value for
an organisation by achieving efficiencies and higher productivity, improving customer experience by
understanding and responding better to their needs, and gaining better insight into complex business
problems. With this comes a series of challenges and obligations that require strong data governance.
Pdf_Folio:2

2 Digital Finance
THE TRANSFORMATION OF ACCOUNTING AND FINANCE
The key digital technologies re-shaping the finance function are (Agrawal, Dinneen & Seth 2016):
• automation — the use of technology to replace or complement human labour
• analytics — the application of data analysis technologies to big data to generate and visualise
actionable insights
• artificial intelligence (AI) — the use of technology to intelligently analyse data and respond to the
outcomes.
Later modules will explore these technologies in detail. For now, it is important to understand that these
technologies are often used in combination to create complex and powerful digital capabilities with an
enormous scope of application. For example, they are used to predict what a particular customer is likely
to buy, identify credit fraud in real time, detect insurance claims fraud and automate personalised targeting
of digital marketing. Additionally, there is an increasing use of algorithms to detect patterns in vast volumes
of data and interpret what they mean for the business.
These applications depend on:
• scalable and adaptable platforms that enable access to real-time data
• integrated digital ecosystems in which every component seamlessly interacts to share and process data
• advanced analytics capabilities to generate powerful insights.
Effective implementation of digital technology will mean that accounting and finance teams can move
away from transactional activities and focus on valuable tasks that technology cannot handle alone.
Research (Bock, Iansiti & Lakhani 2017) shows that businesses that have successfully embraced digital
transformation experience better financial performance than those that stuck to traditional practices.
A significant challenge is to maintain organisational performance while transitioning to future-facing
technologies.
While a majority of business leaders believe that their industry will be disrupted by digital models,
they feel ill-equipped to adapt (Bersin 2016). The risk of being left behind means that development of
digital capabilities is critical for businesses and finance professionals. Harvard Business School professor
Karim R. Lakhani, who leads a virtual financial leadership program created specifically for CPA Australia
members (Bock, Iansiti & Lakhani 2017), emphasises that all business types need to understand the digital
world, and stresses the importance of a ‘digital mindset’.

Digital Mindset
A digital mindset involves rethinking entire business and operating models in addition to the adoption of
new technology. This does not mean that finance professionals need to become computer programmers or
data scientists, but they do need a firm foundation in digital literacy.
Digital literacy requires knowing enough about the applications, benefits, costs and limitations of
technologies to be able to assess their value to the organisation and support their effective implementation.
A digital mindset, data literacy and effective evaluation and use of technology should be embedded in the
business and drive decision making.
In a dynamic environment, adaptability and investment in continuous learning is a necessity.

Enabling Skills
The recruitment, development and retention of appropriately skilled staff is one of the greatest challenges
facing business in the technology-disrupted future. As traditional tasks are allocated to machines, staff
will be required to develop the technical skills to administer digitally enabled processes, and the analytical
skills necessary to realise useful insights from the abundance of data they will encounter.
Since business leaders disagree on the type of technology that will drive the greatest change in their
industry (PwC 2019), it is not surprising that it is difficult to precisely predict the required skills in the
future finance landscape. Instead, a premium will be placed on broad and adaptable enabling skills rather
than on narrow task-specific skills. These skills are in high demand, but short supply. Examples include:
• behavioural skills — communication, relationship management and strategic thinking
• data analysis skills — data modelling and visualisation, design thinking and programming
• finance skills — business modelling, process design and financial analysis.
Businesses that are early adopters of new technology will likely have a higher percentage of staff affected
by automation. Those staff who are engaged in transaction-oriented processes are likely to be the first to be
impacted. To retain a greater proportion of their workforce, it is important that businesses offer retraining
opportunities to those with high potential.
Pdf_Folio:3

MODULE 1 The Digital Finance Ecosystem 3

CREATING A FUTURE-READY FINANCE FUNCTION
Accounting and finance professionals can create a future-ready finance function by taking on a strategic
leadership role in the organisation.
• Focus on value creation for the business entity. Value is created through strategic choices and involves
leveraging technology and data to integrate strategic, operational and risk information to ensure
performance is aligned to value creation in a changing external environment.
• Use agile funding models that balance ongoing core investments with riskier options. Agile funding
enables riskier investments to be tested and scaled up if successful or discontinued if unsuccessful.
Success should be measured by qualitative data (e.g. customer satisfaction) in addition to quantitative
data (e.g. ROI).
• Seek talent with broad enabling skills and a digital mindset. Focus on seeking talent and developing
staff with high-level enabling skills who are adaptable to the changing landscape and possess a firm
foundation in digital literacy.
• Early adopt advanced analytics and automation technologies. Lead the way in adopting automation and
advanced analytics to deliver meaningful insights enabling the most pressing business questions to be
answered.
• Establish a digital ecosystem service delivery model. Use digital technologies to streamline processes to
improve customer services, lower costs and increase productivity in order to achieve the entity’s vision.
Example 1.1 examines how a multinational company planned and implement a digital transformation
to address key pain points in its finance function and target USD30 million in efficiency gains over
five years.

EXAMPLE 1.1

Finance Innovation Lab

A multinational company identified that its finance function had not kept pace with the innovation that
characterised the company’s products and services. The key issues included inefficient and clumsy
manual processes, slow and inflexible reporting, and a lack of data, which made it difficult for Finance to
develop insights to help the company achieve its objectives.
The company created a ‘finance innovation lab’ to explore how technology could address these
problems. At first, the company’s senior finance executives were involved to frame an approach to the
digital transformation. This process resulted in a focus on four areas:
• reporting
• insights
• efficiency
• governance and human resources.
A consultant was engaged to demonstrate and explain specific technologies and subsequently to help
the company develop digital initiatives to address each problem area. The solutions included new data and
automation platforms to achieve efficiencies, and enable advanced analytics and data-informed decision-
making, and a new human resources strategy with a focus on digital literacy.
Once these overarching approaches were in place, finance teams were invited to participate in
workshops to learn about the capabilities of the technologies available and thus shape the way they
would be implemented.
The success of the initiative will be measured in terms of the targeted USD30 million in efficiencies by
2023, and the successful redeployment of resources to higher value-creating work (Deloitte 2019).

.......................................................................................................................................................................................
CONSIDER THIS
Reflect on your own level of digital literacy. Consider how much you know about automation, analytics and the role
of digital ecosystems in relation to your organisation and the finance function in particular. What are your strengths
and weaknesses and how could you build on these?

QUESTION 1.1

Outline four digital technologies that are re-shaping the finance function and explain how those
technologies are changing the tasks that finance teams focus on.

Pdf_Folio:4

4 Digital Finance
1.2 IMPACT OF TECHNOLOGY ON THE DIGITAL
FINANCE LANDSCAPE
The impact of technology on the digital finance landscape can be understood in terms the intersection
of digital finance business functions; digital finance technologies and technological concepts; and digital
finance institutions. Innovation in these three elements is driven by the relentless pursuit of competitive or
transient advantage. A competitive advantage exists when a business is able to achieve better performance
than its competitors and defend that advantage over the long term. A transient advantage is temporary,
recognising that some advantages cannot be sustained, as competitors quickly copy or improve on an
innovation.
Technology and innovation are complex and fast changing, with numerous potential applications,
benefits and risks that must be understood and evaluated in order to maximise their value to the business.
The Digital Finance Cube and the Ten Types of Innovation framework provide structured ways to explore
and assess digital finance technologies. We will discuss these now.

ANALYSING THE DIGITAL FINANCE LANDSCAPE USING THE

DIGITAL FINANCE CUBE
The Digital Finance Cube (Gomber, Koch & Siering 2017), shown in figure 1.1, helps explore and
analyse digital finance concepts through the interrelationships of three key dimensions:
1. digital finance business functions
2. digital finance technologies and technological concepts
3. digital finance institutions.

FIGURE 1.1 The Digital Finance Cube

Digital finance technologies

and technological concepts
s

lo er
ch o- n
d
rk

o
in

no pe
un el

aly ata
wo

ab er
i

Bi y
Pe icat
ha

m -fi

s
g

s
en rth
tic
an d

ler
m ar
et
kc

te r-t

Fu
ln

co Ne
oc

e
cia
Bl

Traditional service providers

So

Digital financing
FinTech companies

Digital investments
business functions
Digital finance

Digital money

Digital payments

Digital insurances ce
nan s
Digital financial advice l fi ion
ta t
i gi stitu
D in

Source: Gomber, Koch & Siering 2019, ‘Digital finance and FinTech: current research and future research directions’, Journal of
Business Economics, 87(5).

It is particularly useful in understanding and evaluating digital finance services and service providers.
The focus is on the most important dimension from a business administration point of view: the digital
finance business function. The second and third dimensions support the business function: technologies
enable the business functions, and digital finance institutions provide these functions as a service.
Each segment inside the Digital Finance Cube represents a specific combination of one business
function, a certain technology and a specific type of institution. Any one institution may operate in just
one segment or may operate across a range of segments.
Pdf_Folio:5

MODULE 1 The Digital Finance Ecosystem 5

Digital Finance Business Functions
The first dimension of the Digital Finance Cube (Gomber, Koch & Siering 2017) covers the following
business functions:
1. digital financing
2. digital investments
3. digital money
4. digital payments
5. digital insurances
6. digital financial advice.
We will discuss each of these in turn, including the interaction between financial intermediaries and
customers (business-to-consumer or B2C) and various business-to-business interactions (B2B).
Digital Financing
Traditionally, banks are the suppliers of financial resources for individuals or businesses, with angel
investors, venture capital and government financing providing alternative funding sources. Digital
financing enables individuals, start-ups and established businesses to become less dependent on these
traditional methods by using technology to source the necessary financing. This may enable an organisation
to achieve a more optimal financing mix (Gomber, Koch & Siering 2017). Digital financing is discussed
in detail in module 2.
Note: The term ‘digital financing’ should not be confused with the term ‘digital finance’. While the
former explicitly focuses on financing aspects, the latter embraces all business functions — including
financing (Gomber, Koch & Siering 2017).
Financing services that are available through innovative digital platforms include the following (Gomber,
Koch & Siering 2017).
• Invoice financing and invoice factoring. A business borrows against or sells its accounts receivable to
a third party. This provides the business with a means to meet immediate cash needs. Various online
platforms facilitate these relationships. For example, MarketFinance launched such a platform in 2011
to service the UK market. Within seven years, MarketFinance’s platform had facilitated more than
GBP2 billion in invoice finance. In 2018, MarketFinance became the first FinTech to partner with a
major UK bank (MarketFinance 2019).
• Electronic invoicing. Technology provides better coordination, faster transmission and automated
processing of invoices. This induces customers to settle their open accounts more quickly, offering
another opportunity for businesses to source funds.
• Lease-financing. An individual or business contracts for the use of an asset, such as a vehicle or
equipment, that is owned by the finance provider. Various online services now offer lease-financing
and this has become a simple method for individuals and organisations to acquire the use of necessary
assets without the need for a large upfront outlay.
• Crowdfunding. Money is raised through small contributions from a large number of people (the ‘crowd’).
The idea is not new, but digital platforms have lowered search and transaction costs, enabling far
more businesses to access crowdfunding and far more individuals and organisations to become funders.
Example 1.2 explores the role of crowdfunding in financing. Crowdfunding will be explained in greater
detail in module 2.

EXAMPLE 1.2

Crowdfunding
Crowdfunding is often used by start-ups, social ventures and creatives as it provides a way to seek funds
based on the idea or ‘story’ attached to the business or initiative rather than purely on the financials.
Since customer demand is often directly reflected in the amount of funding achieved via crowdfunding,
the approach overcomes uncertainty surrounding potential sales. In donation-based crowdfunding,
funders do not receive any compensation for their support, and in reward-based crowdfunding, funders
receive non-financial compensation (e.g. objects, products or services). Crowdlending and crowdinvesting
provide more conventional returns to funders: interest, and equity and profits.
Kickstarter (2020), launched in 2009, has attracted funding pledges of more than AUD4.6 billion for
nearly 500 000 projects, including movies, music, theatre and video games. Most Kickstarter most projects
involve reward-based crowdfunding. The Patreon (2020) crowdfunding platform uses a subscription model
whereby patrons provide ongoing financial support for creatives and artists. This model was particularly
popular during the Coronavirus (COVID-19) shutdown, when many artists were unable to perform or exhibit
Pdf_Folio:6
in public.

6 Digital Finance
 Brewdog is a UK-based brewery and hotel chain established in 2007 that has used crowdfunding as
part of its financing mix (Crowdcube 2020; Kirkegaard 2020).
• In 2011, it undertook an equity-based crowdinvesting campaign under the branding ‘Equity for Punks’,
raising GBP2 million from shares sold at GBP23.75 each. In addition to gaining equity in the company,
participants became entitled to discounts on Brewdog products.
• In 2017, the company sold a 22 per cent stake to a privacy equity firm for GBP213 million.
• In 2018, UK brewer Brewdog raised over GBP26 million via a fifth round of crowdinvesting, valuing the
business at GBP1.8 billion.
• Brewdog shifted its crowdfunding campaign from third-party platforms to its own website, under the
‘Equity for Punks Tomorrow’ branding.
• In 2020, Brewdog launched a crowdinvesting campaign offering 100 000 $100 non-voting shares,
representing 10 per cent of the equity in the Australian operation and indicating a valuation of
AUD100 million, even though Australian revenues in 2020 were about AUD5 million, resulting in a loss
of AUD1.7 million. The threshold for the campaign to proceed was set at just $300 000. The prospectus
notes that no dividends will be paid, but equity holders will be entitled to a discount at Brewdog bars
and various other rewards. The raising was intended to fund sustainable business initiatives.
• By 2021, Brewdog had raised more AUD154 million from 145 000 crowdinvestors across the world.
The Brewdog crowdfunding campaigns have attracted some criticism due to crowdinvestors paying a
substantial premium for shares over those offered to corporate investors.

.......................................................................................................................................................................................
CONSIDER THIS
Thinking about your own organisation or clients, could crowdfunding or one of the other platform-based financing
innovations play a valuable role in their financing mix? Why/why not?

Digital Investments
Digital investments support individuals or institutions in making investment decisions and in arranging the
required investment transactions. Digital investments include:
• online brokerage, and mobile and social trading, in the B2C area
• high-frequency and algorithmic B2B trading (Gomber, Koch & Siering 2017).
Online brokers fulfil the same tasks as human brokers but operate independently from time and location,
need fewer staff, can process more orders and operate at lower cost. Some platforms, such as eToro, offer
zero-commission trading and the possibility of fractional investing (enabling the purchase of 10 per cent
of a stock priced at $1000 for $100) (Finder 2020). These platforms may also provide access to multiple
markets and a range of trading tools, such as charts and analytics, that are comparable to professional
trading software.
Mobile trading refers to the trading of securities using mobile devices. Platforms for mobile trading offer
real-time access to financial markets and the possibility to trade independently from location and human
advisors or brokers (Gomber, Koch & Siering 2017).
Social trading refers to securities trading via internet platforms that combine social media networking
with investment strategies. The platforms (e.g. eToro) typically enable a user to observe, ‘follow’ or copy
the strategies of other traders (Gomber, Koch & Siering 2017).
Algorithmic trading automatically initiates and manages orders on electronic trading platforms, enabling
institutional investors to trade at high frequency and without human intervention. Algorithms can enable
large orders to be divided into smaller parcels to minimise the impact of trades on market prices or can be
used by hedge funds (Vardy 2020) to quickly exploit market anomalies.
Digital Money
As we shall see in module 2, there is no universally agreed precise definition of terms like digital money
or digital currency. The Digital Finance Cube can be used to examine any digital innovation in how money
and currency are created, stored, valued, regulated or exchanged. The common theme is that they exist
electronically rather than in physical form and thus may vary from digital representations of conventional
money through to new virtual currencies, including cryptocurrencies such as Bitcoin. Transactions using
these forms of money or currency occur via the exchange of data, primarily using online platforms. New
forms of digital money may operate independently from government-issued currencies, bank accounts and
the transactional detours traditionally necessary for foreign exchange. Thus, digital money has the potential
to transform many aspects of finance.
Cryptocurrencies are considered one of the key potential disruptors. They are decentralised, freely
convertible, virtual currencies that are based on encryption technology and hosted on a platform known as
Pdf_Folio:7

MODULE 1 The Digital Finance Ecosystem 7

a blockchain that removes the need for a trusted central intermediary to process transactions. Bitcoin and
Ethereum are the best-known cryptocurrency platforms (Gomber, Koch & Siering 2017). The current and
potential applications of these and other cryptocurrencies will be described in detail in module 2.
Digital Payments
Digital payments (also known as electronic payments or e-payments) refer to any payments that are
initiated, processed or received electronically. The first digital payment solutions, such as online banking,
were strongly inspired by the established account-based system of bank transfers. Since then, an array of
innovative solutions have been developed that more closely match the needs of businesses and individuals
(Gomber, Koch & Siering 2017). Digital payments will be discussed in detail in module 2. Here, we outline
a few key applications.
Mobile payments use mobile phone technology in the initiation and confirmation of the payment. Mobile
applications function as a substitute for established payment structures. Mobile payments are a focus for
not only financial institutions, but also technology companies, including Amazon, Apple, Facebook and
Google (Miller 2020). In developing countries, mobile banking is being used to provide access to safe and
secure financial services where traditional banking systems have been too costly to establish, and where
fraud is common.
Peer-to-peer (P2P) payments are digital payments between private individuals. They may use bank,
credit/debit card or non-bank service providers (e.g. PayPal and Google Pay) and occur in near-real
time — the moment the payment is initiated, the service provider, validates the payment so that the
receiver can trust they will receive the money. P2P payment platforms improve security by removing
the need for the users to share private banking information with each other. PayPal is the most successful
P2P platform and also has extensive application in merchant transactions, It has a market capitalisation
in excess of USD180 billion (PayPal 2020). Google Pay (Google Pay 2020) facilitates P2P, online and
in-store purchases. It also provides an API that allows merchants to add the service to websites and apps,
and allows users to store boarding passes, event tickets and loyalty cards.
Digital wallets (or e-wallets) are a digital storage application that fulfil most tasks of a physical wallet.
They facilitate cash and credit payments. They can be used in place of in-person and online card payments.
They remove the need for the two parties to share their private banking information. Digital wallets can
also store other information (e.g. a driver’s licence) and temporary tokens (e.g. a bus pass) (Gomber, Koch
& Siering 2017).
Example 1.3 describes how e-commerce start-up Crockd’s analysis of its likely future payment needs
led it to choose a FinTech solution from the outset rather than setting up with a traditional service provider.

EXAMPLE 1.3

Start-Up Crockd Chooses Airwallex Payment Solution

Crockd was established in Australia in November 2019. The company is an e-commerce retailer of do-it-
yourself pottery kits that allow its customers to learn pottery and create beautiful ceramics (e.g. reusable
coffee cups) at home. Its mission is to allow people to reconnect through creative crafts.
As an online business, the co-founders wanted their technology to scale up easily as the business grew.
They also planned an international supply chain. They identified that their payments needs were:
• a payments technology stack (all the technology underlying and delivering their payments platform) that
could scale up and adapt to meet their changing needs as the business grew
• access to cost-effective foreign exchange transactions, including for small transaction amounts
and volumes
• expert help to set up their finance processes.
Based on this set of needs, Crockd bypassed traditional banks and engaged with the Australian FinTech
Airwallex as their chosen provider. The choice was based on Airwallex’s:
• core focus on cross-border payment services
• end-to-end solution for business transactions
• ability to handle programmatic (on-demand automated) payments
• one-to-one customer relationship management.
The first three points represent the value of Airwallex’s payments solution, while the fourth point is a
strong differentiating customer service approach. Conventional banks are often too large to provide a
dedicated support person for small businesses and many FinTechs look to cost-minimising automated
solutions for client communication. A personal support manager for the business is valuable when
establishing new processes and navigating international payments for the first time. Airwallex’s FinTech
niche is to enable customers to instantly create global accounts with local bank details, access interbank
exchange rates and send money through clearing networks in more than 130 countries (Airwallex 2020).
Pdf_Folio:8

8 Digital Finance
 In the 6-month period since launch, Crockd experienced rapid sales and customer growth. As expected,
they soon found the need to transact globally, particularly for:
• sourcing materials from international suppliers
• hiring software developers overseas
• paying for software subscriptions in a foreign currency.
Using Airwallex as their business account gave Crockd access to competitive foreign exchange rates
and cost savings as a scaling business, where preserving cash flow is critical. Airwallex’s foreign exchange
rates were locked in upfront, providing Crockd with a cost-effective rate to start and certainty as they were
scaling up.
With the payments system in place, all transactions managed on a single platform and future terms
and conditions established, Crockd was able to then move all of their attention to customer acquisition
and growth.
Source: Airwallex 2020, ‘Crockd, how an Aussie side hustle accelerated into a global brand’.

.......................................................................................................................................................................................
CONSIDER THIS
Payments are a complicated aspect of almost every business. How could your organisation’s payments process be
improved? Are the solutions you have in mind available from conventional or FinTech payments providers or would
they be created by process changes in your own organisation?
Digital Insurance
In the B2B space, digital insurance platforms provide a range of value-adding services, including in
particular data analytics to enable insurers and their clients to service and monetise their customers more
optimally, including through improved relationship management and customer experience, and better
identification of cross-selling opportunities.
In the consumer space, digital insurance has been enabled by the peer-to-peer concept. Friends and
family form alliances, in which each member pays a certain amount of money to the digital platform.
Part of the payment is used for a premium with an insurance company, and the remainder is stored in an
account available to the rest of the group. In the case of small insurance events, the damage is remedied
using money from the group account. The saves the insurance company high administration expenses for
small insurance cases, which can then be reflected in lower premiums for customers. In large insurance
events, the insurance company takes responsibility for the pay-out. If few claims are made, the members
may be repaid a portion of the money stored in the group account (Gomber, Koch & Siering 2017).
Digital Financial Advice
Review sites and comparison portals evaluate, score and compare products and services. In the finance
sector, these usually focus on financial product reviews or financial product comparisons. Finance-focused
online communities and social media platforms facilitate discussion and sharing of information. Review
sites, comparison portals, online communities and social media enable access to advice and also present a
new channel in which finance service providers must monitor and manage their reputation.
Another development in digital financial advice is the creation of robo-advisers — algorithms that gen-
erate investment proposals based on inputs or data analysis of investment goals, financial background and
risk aversion. Robo-advisors are growing in sophistication, but currently focus on portfolio management
and investment strategies based on established theories (e.g. modern portfolio theory) and limited asset
classes (e.g. equities or exchange-traded funds) (Gomber, Koch & Siering 2017). Robo-advice trades off
cost against the benefits of more personalised and responsive advice. For example, InvestSMART’s robo-
adviser (InvestSMART 2020) assesses risk appetite and investment goals to match clients with one of nine
diversified exchange-traded fund portfolios and then keeps the client advised of investment performance
over time.
Digital Finance Technologies and Technological Concepts
Having established the digital finance business functions, the second dimension of the Digital Finance
Cube can be used to understand the technologies and concepts driving those functions, including:
• blockchain
• social networks
• near-field communication (NFC)
• peer-to-peer technology
• big data analytics
• enablers such as mobile devices, cloud technologies, information security technologies, automation
and AI.
Pdf_Folio:9

MODULE 1 The Digital Finance Ecosystem 9

Blockchain
A blockchain is a type of distributed ledger — a platform that provides an ordered, timestamped and
highly secure record of transactions. The entire history of verified and valid transactions between network
users is contained in the blockchain ledger. Blockchain has applications in digital currency transactions
(e.g. the Bitcoin cryptocurrency), contracting, crowdfunding and e-wallets. Non-financial applications in
government, health, culture and art are also emerging.
To date, many businesses that have invested in blockchain have not realised a significant return, but this
may be due to a misunderstanding or misapplication of the technology. Blockchain remains one of the
most potentially disruptive technologies and is considered a potential foundation for the next-generation
financial system. Blockchain is discussed in detail in module 2.
Social Networks
The connectivity that characterises the Network Age enables interaction and the development of networks
via social media platforms. Some platforms are focused (e.g. the digital investment platforms discussed
earlier and the professional-networking platform LinkedIn), while others are general-purpose (e.g. Face-
book, with more than 2.5 billion active users) exist on a massive scale and generate, analyse and sell big
data. Social media platforms provide an opportunity for businesses to reach and interact directly with
existing and potential customers in new ways. Social networks of course also enable customers to interact
with one another, creating an upside and downside risk to an organisation’s reputation that requires careful
management.
Near-Field Communication
NFC is a standardised protocol that enables two devices to communicate when brought close to each
other. It is wireless (using radio frequency) and operates point-to-point over a distance of up to about 4
cm. Using NFC to process payment transactions is one of the more common digital finance applications.
Many merchants, particularly those with high volume transactions, such as coffee shops, now facilitate
payment using NFC.
A customer’s NFC-enabled mobile device, such as a smart phone or watch, is brought towards the
merchant’s NFC device. The NFC protocols identify the payer, initiate the payment transaction and
immediately arrange the transfer of money from the payer’s account to the payee’s account.
P2P Technology
A P2P system is intended to share resources and data in such a way that avoids reliance on a central
intermediary. P2P systems are built on a technology architecture in which participants (peers) enable
other participants to access and interact with their technology infrastructure and data processing power.
Resources are thus shared. P2P technologies require underlying mechanisms to ensure data security,
fair sharing and to prevent fraudulent uses. Blockchain, discussed earlier, is one such set of underlying
mechanisms.
Big Data Analytics
As described in section 1.1, the Network Age is characterised by big data — the enormous volume and
variety of data generated by pervasive interconnectivity. The insights that can be generated from big
data have great potential value for business, but to unlock these insights, the business requires advanced
analytics abilities. Many companies are thus investing in data analytics, visualisation tools, AI and machine
learning. These approaches enable organisations to understand customers and thus provide better customer
experience through digital relationships (described in detail in module 3) and to understand all facets of
the business (e.g. customers, operations, human resources, suppliers) to make more-informed decisions to
achieve the business’s objectives (discussed in detail in module 4).
Further Enablers
Besides the specific technological concepts described above, various technological enablers have impor-
tant functions in digital finance as they render possible or facilitate financial processes, functions
and business models. Important enablers include fast and mobile internet connections, AI, world-
wide connectivity, intuitive user interfaces, security technologies (such as biometrics) and automation
technologies.

Digital Finance Institutions

Digital finance institutions form the third dimension of the Digital Finance Cube. They include FinTech
companies (both start-ups and established technology companies entering the financial domain), and the
incumbent traditional service providers.
Pdf_Folio:10

10 Digital Finance
FinTech Companies
FinTech companies have emerged either as FinTech start-ups or technology companies without a history
in financial services that have developed FinTech offerings. As their name implies, FinTech companies
integrate technology and financial services. Initially, the FinTech sector targeted niche finance functions
that were not well served by traditional providers. This approach has evolved over time, however, as
FinTech companies have used innovative approaches to successfully win customers from incumbent
providers (Gomber, Koch & Siering 2017). FinTech innovations are described in detail in part C of
this module.
FinTechs are often able to create business models that provide more flexibility, efficiency and innovation
than those of traditional service providers, but face strong challenges from the market power of incumbents
and a regulatory system designed around the industry’s old business models.
Traditional Service Providers
Traditional financial service providers include asset management companies, banks, insurance companies
and brokerage companies. Traditional financial services encompass a broad range of services including:
cash accounts, savings, money management, investment management, money transfer and payments
(e.g. credit cards), portfolio management, financial advice, money loaning and lending (e.g. mortgages,
consumer loans, credits), foreign currency exchange, equity trading, brokerage, insurances, and pen-
sion planning (Gomber, Koch & Siering 2017).
The traditional financial service providers have adopted new technologies and sought to innovate
existing business functions. This is driven by the need to continually improve customer service, the
need to be competitive in the marketplace, and the need to defend existing and future business against
emerging FinTechs.
.......................................................................................................................................................................................
CONSIDER THIS
The Digital Finance Cube was designed to be both highly generalisable and flexible. It provides a framework to
consider the interaction of business functions, technologies and service providers. The dimensions are intended to be
adapted and extended by new elements as digital finance innovation continues. How would you draw a Digital Finance
Cube for your organisation or a client? What are the relevant business functions, technologies and service providers?

QUESTION 1.2

Define ‘digital payments’ and explain how the use of digital payments is central to modern
commerce.

ANALYSING DRIVERS OF INNOVATION USING THE

TEN TYPES FRAMEWORK
Technology is any process by which a company transforms information and data, human labour, or
economic capital, into products or services of greater value. Innovation is a change in the way technology
is used. Innovation can sustain growth within existing business models or create disruption that prompts
the transformation of an industry.

Ten Types of Innovation Framework

The Ten Types of Innovation framework (Keeley, Pikkel, Quinn & Walters 2013) is a useful tool to:
• evaluate and enrich a potential or developing innovation
• analyse an existing approach.
When using the Ten Types framework:
• focus on a particular platform within the business rather than the entire organisation
• carefully analyse initiatives
• do not mistake activity for innovation
• remember that true differentiation does not come easily.
The Ten Types framework is structured into three categories, as shown in figure 1.2. The types on
the top of the framework are the most internally focused and distant from customers. The types become
increasingly apparent and obvious to end users as one moves down the framework.
Pdf_Folio:11

MODULE 1 The Digital Finance Ecosystem 11

 FIGURE 1.2 The Ten Types of Innovation framework

Profit model

Configuration
Network

Structure

Process

Offering
Product performance

Product system

Service

Experience
Channel

Brand

Customer engagement

Source: Keely, Walters, Pikkel & Quinn 2013, Ten Types of Innovation: the discipline of building breakthroughs, John Wiley &
Sons.

Profit Model: How the Company Makes Money

Innovative profit models represent new ways to convert a company’s offerings and other sources of value
into cash. Innovative profit models often challenge an industry’s assumptions and conventions about what
to offer, what to charge, or how to collect revenues. Common examples of profit model innovations include
premium pricing, where companies figure out how to charge more for their offering than competitors do,
or auctions, where the market sets the price for goods. A new entrant may design its profit model to make
it easy for customers to try its products (e.g. metered use), while the incumbent may counter with models
that make it difficult for existing customers to switch (e.g. subscriptions or bundled services).
The ideal profit model will vary widely by context and industry. In not-for-profit organisations this type
of innovation is more appropriately thought of as a ‘value model’. To succeed, profit models or value
models must align with organisation’s overarching strategy and innovation intent.
Network: How the Company Connects with Others to Create Value
Network innovations provide a way for companies to take advantage of other companies’ processes,
technologies, offerings, channels and brands. Network innovations allow each business in the network
to capitalise on its own strengths while harnessing the capabilities and assets of others and sharing risk.
Many of the FinTech innovations we discuss later in the module are based on network innovation, where
niche services are provided by coordinating individual component services from a variety of organisations.

Structure: How the Company’s Resources are Organised

Structure innovations are focused on organising company resources in unique ways that create value.
They can include everything from superior talent management systems to configurations of heavy
capital equipment. An enterprise’s fixed costs and corporate functions can also be improved through
structure innovations. Ideally, such innovations also help attract talent by creating productive working
environments or fostering a level of performance that competitors are unable to match. Examples of
structure innovations include building incentive systems to encourage employees to work towards a
particular goal, standardising assets to reduce operating costs and complexity, and creating a corporate
university to provide sophisticated, continuous training. For example, Whole Foods (James 2020b) made
details of the salaries and bonuses of every employee accessible to other employees to create transparency
and ensure a focus on goals rather than office politics and personal agendas.
Process: How the Company Uses Signature or Superior Methods to Do its Work
Process innovations involve the activities and operations that produce a business’s primary offerings.
They involve significant changes that enable the company to use unique capabilities, function efficiently,
adapt quickly and build market-leading margins. Process innovations often form the core competency of
Pdf_Folio:12

12 Digital Finance
a business and may include patented or proprietary approaches that yield long-term advantage. A process
innovation must include a methodology or capability that is substantially different from and superior to
industry norms.
Examples of process innovations include lean production whereby managers reduce waste and cost
throughout a system, process standardisation, which uses common procedures to reduce cost and com-
plexity, and predictive analytics, which model past performance data to predict future outcomes — helping
companies to design, price and guarantee their offerings accordingly.
Product Performance: How the Company Develops Distinguishing Features and Functionality
Product performance innovations address the value, featuresand quality of a company’s offering. This
type of innovation involves both entirely new products as well as updates and line extensions that add
substantial value. Product performance innovations can delight customers and drive growth, but are often
easily imitated and so rarely deliver long-term competitive advantage. Common examples of product
performance innovation include: simplification to make it easy to use an offering; sustainability to provide
offerings that do no harm to the environment; or customisation to tailor a product to an individual’s
specifications.
Product System: How the Company Creates Complementary Products and Services
Product system innovations relate to how individual products and services connect or bundle together to
create a robust and scalable system. This is fostered through interoperability, modularity, integration and
other ways of creating valuable connections between otherwise distinct and disparate offerings. Product
system innovations help build ecosystems that captivate customers and defend against competitors. Product
system innovations can include offerings that the company does not itself own or produce.
Product bundling — taking several related products and selling them in a single package — is a common
example of a product system innovation. Technology companies have used this type of innovation to build
platforms (e.g. app stores, developer kits and APIs) that spur others to develop products and services
for them. Other product system innovations include extensions to existing products, product and service
combinations and complementary offerings.
Service: How the Company Supports and Amplifies the Value of its Offerings
Service innovations ensure and enhance the utility, performance and apparent value of an offering. They
make a product easier to try, use and enjoy; they reveal features and functionality customers might otherwise
overlook; and they fix problems and smooth difficulties encountered by customers. A successful service
innovation can elevate an average product into a compelling experience that will encourage return custom.
Common examples of service innovations include product use enhancements, maintenance plans,
customer support, information and education, warranties and guarantees. The AmazonSmile program
(James 2020a) donates 0.5 per cent of all purchases to a charity of the customer’s choice, creating a
compelling reason for customers to prefer the platform.
Service innovations are increasingly delivered through electronic interfaces, remote communications
and automated technologies. Service can be a prominent part of the customer experience, or an invisible
safety net that customers sense but never see.
Channel: How the Company Delivers its Offerings to Customers and Users
Channel innovations encompass all the ways that a company’s offerings connect with customers and users.
While e-commerce has emerged as a dominant force in recent years, traditional channels such as physical
stores are still important, particularly when creating immersive experiences. Skilled channel innovators
often find multiple complementary ways to bring their products and services to customers to ensure users
can buy what they want, when and how they want it.
Channel innovations are particularly sensitive to industry context and customer habits. Flagship stores
can be an extremely valuable channel innovation, creating signature venues that showcase a company’s
brand and offerings, while short-term pop-up stores may be useful to maximise customer access during
holidays. In contrast, selling directly through e-channels or other means can reduce overhead costs,
maximising margins and cost advantage. Indirect distribution or multi-level marketing are alternative
approaches to recruiting others to promote and/or deliver an offering to the customer.
Brand: How the Company Represents its Offerings and Business
Brand innovations aim to ensure that customers recognise, remember and prefer a company’s offerings
over those of competitors. They are typically the result of carefully crafted strategies that are implemented
across many touchpoints between a company and its customers, including communications, advertising,
Pdf_Folio:13

MODULE 1 The Digital Finance Ecosystem 13

service interactions, channel environments, and employee and business partner conduct. Brand innovations
can transform commodities into prized products, and confer meaning, intent and value to the company’s
offerings and the company itself. They might demonstrate that the company stands for a set of values,
expressing those beliefs transparently and consistently. Brand extensions offer a new product or service
under the umbrella of an existing brand.
In B2B contexts, brand innovations are not limited to the final manufacturer or the consumer-facing
producer of a product; branding components and making customers aware of their value can build both
preference and bargaining power.
Customer Engagement: How the Company Fosters Compelling Interactions
Customer engagement innovations involve understanding the deep-seated aspirations of customers, and
using those insights to develop meaningful connections between them and the business. Effective customer
engagement innovations help people make their lives more memorable and fulfilling.
These innovations increasingly take place in the social media space, as many companies move towards
delivering organic, authentic and mutual interactions. Companies are also using technology to deliver
simplicity in complex areas, making life easier for customers and becoming trusted partners in the process.
Even simple gestures like elegant and intuitive packaging can extend and elevate the experience customers
have with a company — long after the point of purchase.
.......................................................................................................................................................................................
CONSIDER THIS
Now that you have worked through the Ten Types of Innovation framework, reflect on how it may help you to:
(a) identify specific areas for innovation in your own business
(b) assess whether a proposed innovation will create greater value and hence should be supported.
Which areas of innovation would you expect to participate in during the course of your work?

QUESTION 1.3

Differentiate structure innovations from process innovations and discuss how they relate to
improving company performance.

QUESTION 1.4

Compare and contrast the four main types of experience innovation: service, channel, brand and
customer engagement.

1.3 IMPACT OF TECHNOLOGY ON BANKING/

FINANCIAL MARKETS
We begin this section by briefly discussing traditional financial markets and financial institutions so we
can better understand the changes that are emerging.
The structure of the financial system is provided by financial markets and financial institutions:
• financial markets facilitate the creation and exchange of financial assets
• financial institutions provide financial services and invest their funds in financial assets.
A complex economy, such as that of Australia, cannot function efficiently without a competitive and
sound financial system. An efficient financial system gathers money and allocates it to the best investment
opportunities — financing those with the highest rates of return and best credit ratings and rejecting those
with low rates of return and poor credit ratings.
Businesses use this money for day-to-day expenses or to invest in new productive assets to expand their
operations. Consumers require funds to purchase things such as houses and cars. A competitive financial
system drives the interest rates on deposits higher and those on loans lower, ensuring interest rates are
determined according to the level of risk. The financial system also provides various mechanisms to allow
for financial risk to be managed and/or transferred among entities.
Pdf_Folio:14

14 Digital Finance
HOW FUNDS FLOW THROUGH THE TRADITIONAL
FINANCIAL SYSTEM
The financial system moves money from lender-savers (whose income exceeds their spending) to borrower-
spenders (whose spending exceeds their income), either directly though financial markets or indirectly
through financial institutions as shown in figure 1.3.

FIGURE 1.3 Direct vs indirect flow of funds

Direct financing
Financial markets
Funds Wholesale markets for the creation and sale of financial Funds
securities, such as shares, bonds and money market
instruments. Large corporations use the financial markets to
sell securities directly to lenders.

Lender-savers Borrower-spenders
• Consumers • Consumers
• Businesses • Businesses
• Government • Government

Financial institutions
Institutions, such as commercial banks, that invest in
financial assets and provide financial services. Financial
Funds institutions collect money from lender-savers in small Funds
amounts, aggregate the funds, and make the loans in larger
amounts to consumers, businesses and government.
Indirect financing
Source: Parrino et al. 2021, Fundamentals of corporate finance 4e, John Wiley and Sons Australia Limited.

A CHANGING LANDSCAPE
Banks are domestic, but the network is global. Banks are structured around paper, but the network is
structured around data. Banks distribute through buildings and humans, but the network distributes through
software and servers. Network Age innovations will not replace banking, but they will diminish and change
it. The historical systems of value exchange are becoming a smaller percentage of trade as new structures
are implemented to allow value to flow.
A series of events and trends beginning around 2007 triggered the start of major changes in the banking
and financial services industries:
• the global financial crisis of 2007 to 2008
• the consequent damaged profitability, reduced trust and changed regulatory environment
• technological advances and trends, such as high levels of smart-phone penetration and the development
of sophisticated APIs that allow different technology systems to exchange data.
Start-ups and technology companies began to challenge established financial institutions by offering
specific, niche services to consumers, businesses and incumbent financial institutions. Banks in response
have focused increasingly on their customers’ requirements in a bid to improve customer experience and
service, and thus defend their existing business. Together, this reflected and reinforced a shift in customer
expectations towards innovative services that provide convenience, low cost and personalisation. Banks
also identified a need to understand the balance between the online and the in-person components of
their business.
Other key trends include:
• financial inclusion — the use of mobile smart phones and mobile wallets to bring financial services to
billions of people who were previously unserved by financial institutions
• social networks — the increasing power of consumers to communicate with each other, moving control
of communications from business to consumer
Pdf_Folio:15

MODULE 1 The Digital Finance Ecosystem 15

• emerging digital currency platforms — the use of technologies to create new mediums and pathways of
exchange that diminish the role of traditional intermediaries
• interconnectedness — the proliferation of internet-connected smart devices known as the Internet of
Things (IoT), which is transforming the world into one big, connected, smart structure. IHS Markit
estimate that 78 billion ‘things’ will be communicating by 2025. Exchanges between these ‘things’ will
generate trillions of transactions in just minutes.
The Network Age is likely to concern digitalising value in a digital networked value structure that is
real time, global, connected, digital and near free. It is based on everything being connected. This new
structure will not work on a system built for paper with buildings and humans. The new structure is most
likely to be a new layer on top of that old structure. A hybrid structure could emerge that will see banks
become part of a new value system that incorporates digital currencies, financial inclusion, micropayments
and peer-to-peer exchange.

A NEW MODEL OF INNOVATION — WORKING TOGETHER

The first wave of the FinTech industry (from 2010 to 2014) targeted areas that banks underserved or
overlooked, including SME funding, student finance, frictionless mobile payments and checkout. Victor
Matarranz, former head of Group Strategy, Banco Santander, coined the term FinTech 1.0 to describe
this first wave. These FinTech start-ups fell into three categories:
1. those that focused on payment processing
2. those that generated new lending models using peer-to-peer structures
3. those that helped banks through personal financial management and risk modelling tools.
Common to all was the central use of technology, a focus on digitally savvy customers, and the
creation of flexible platforms that could quickly adapt to new needs. This stood in considerable contrast to
traditional institutions. The FinTech industry’s expectations were for an explosive and disruptive change,
and an unbundling of the traditional bank, but in reality the initial wave of FinTechs remained generally
small players next to the large established banks.
From 2014, FinTech 2.0 began to emerge. FinTech 2.0 is characterised by:
• increasing collaboration and cooperation between banks and the FinTech companies
• a trend towards open financial structures.
Collaboration between different organisations is creating open financial structures in which financial
services are created and delivered by combining services, components and data created by different
providers. This is largely facilitated by the widespread adoption of the application programming interface
(API). API is a set of protocols that enable different software components or systems to communicate with
each other. With API, banks and other financial services providers can incorporate the technology from
FinTech companies, simplifying the process of adding innovative technology services by piecing together
building blocks of flexible services — a sort of financial Lego. The flexibility of APIs makes it easier to
create experiences that users will enjoy, because the experience can be easily decoupled from the system
behind it. API also enables businesses to develop their own solutions or connect different internal processes
by mixing and matching a portfolio of financial technologies rather than having to build every piece of the
technology from scratch.
In this context then, banks remain the cornerstone on which economies are built and are likely to
continue to play a central role, with much of their innovation driven by integrating FinTech companies’
technologies. FinTechs rely on the banks to provide the overall platform for their operations, but are
creating a fundamentally different way of viewing and approaching the financial services industry —
optimising particular segments of the financial value chain (whether that be international money transfers,
loans, or payment processing) and offering their specialist services to other businesses and banks, via APIs.

OPEN BANKING AND OPEN MARKETPLACES

Open banking is based on an open marketplace created through apps, APIs and analytics. The key to the
open bank vision is that everything can be connected from the bank to business to consumer. For banks to
operate in such a marketplace, they will have to open their historically closed systems to offer their APIs for
others to use. Equally, it means that they will most likely become a curator and aggregator of other apps, APIs
and analytics in order to give their customers the best user experience. This is the driver of open banking. An
open bank can move quickly. It can incorporate any FinTech and can connect to any FinTech.
Figure 1.4 presents the current and expected future states of bank processes, indicating the creation of
services from individual components.
Pdf_Folio:16

16 Digital Finance
 FIGURE 1.4 Current and future bank processes

Current state
Human-centric Enterprise integration
business processes Application A
within the walls
Bank P1 P2 P3
of the business
employees
and complex Legacy core
Customer App B App C App D
legacy core systems
systems

Integration Component systems Account opening

Future state
Human and robotics- Customer Origination
enabled processes in Accounts/statements
P1 P2 Underwriting
the cloud or within Deposit processing
the walls and Analytics
Customer Bank Robotic
component-based Payment processing
employees process
modern core systems Loan processing
automation

P4
P3

Source: Adapted from Courbe 2016, ‘Financial services technology 2020 and beyond: embracing disruption’, PwC, p. 33.

MODULE 1 The Digital Finance Ecosystem 17

 Technology continues to develop at a rapid rate, and the speed of innovation only appears to be
increasing. It may not be long before a global, full-service, digital bank emerges to truly disrupt the
industry. This bank may use AI in a range of applications from back-office administration tasks to
customer-facing investment choices and portfolio management. Changes will be driven by existing
competitors, but also the emergence of new entrants in the form of FinTech start-ups, and in response
to the demands of customers and regulators. It is likely that no financial institution will be impervious to
the changes happening in the industry.
.......................................................................................................................................................................................
CONSIDER THIS
Think about a financial service your organisation or client uses. Could a better solution be built by integrating various
aspects of different competing services? Apply this thinking to a process in your own organisation — could the
process be made more efficient or more effective by ‘plugging in’ to data or systems in other parts of the organisation?

QUESTION 1.5

What are the main differences between FinTech 1.0 and 2.0 companies, and what impact is
FinTech 2.0 having on the banking industry?

SUMMARY
The Network Age is characterised by a global network of internet-enabled devices and machines that
connect individuals and organisations, and create, process and exchange data at low cost and in near-real
time. Combined with automation, advanced analytics applied to big data, and AI, the Network Age is
bringing about a digital transformation of finance.
To succeed in digital finance, accounting and finance professionals will need a digital mindset and
high levels of digital literacy to be able to understand, evaluate and support the adoption of innovative
applications of technology to create value for the business and help achieve its objectives.
The Digital Finance Cube provides a framework to describe, understand and analyse digital finance
technologies/applications and service providers in relation to a business’s finance functions and its
operational, tactical and strategic objectives. The Ten Types of Innovation framework helps identify and
focus attention on the aspects of a business model that may be improved or transformed through the
development or adoption of digital finance innovations. It also helps to evaluate the potential of available
digital finance solutions to add value to the organisation. Together, the frameworks provide tools to
navigate the business impacts of digital finance technologies and innovations on business models, business
functions, and the traditional and FinTech institutions that provide financial services.
Technology is bringing about a change in the financial services market, in which banks’ role is being
diminished. Services are increasingly built through the combination and integration of components from
different organisations. This is expected to increase as data and banking become more open.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

1.1 Evaluate the complexity of digital transformation and its impact on the work of accounting and
finance professionals to meet specific business needs.
• The technologies associated with the Network Age are driving new ways of creating value.
Automation, analytics, visualisation and near-real time data exchange between individuals and
organisations are driving the digital transformation of accounting and finance.
• Accounting and finance professionals need to adopt a digital mindset and develop digital literacy to
be able to assess the value of various technologies to the organisation, and support their effective
implementation.
• Value creation in the finance system, and within organisations, increasingly occurs through the
sharing of data and the creation of services through the flexible combination and coordination of
component services.

Pdf_Folio:18

18 Digital Finance
 1.2 Analyse the complexity associated with the practical implementation of emerging technologies
and their impact on the finance ecosystem.
• Automation, analytics and AI can be used in combination to create complex and powerful digital
capabilities with an enormous scope of application.
• The Digital Finance Cube provides a framework for understanding and evaluating the potential of
technologies/applications and service providers to improve or transform the business’s key finance
functions.
• The Ten Types of Innovation framework provides a structure through which to identify or evaluate
the potential value of innovations across specific aspects of the business model.
1.3 Support the adoption of digital technologies to achieve an organisation’s strategic goals.
• Accounting and finance professionals should support the adoption of technologies by focusing
on value creation for the business entity; using agile funding models; developing broad enabling
skills and a digital mindset; early-adopting advanced analytics and automation technologies; and
establish a digital ecosystem model of service delivery.

Pdf_Folio:19

MODULE 1 The Digital Finance Ecosystem 19

PART B: DIGITAL FINANCE ECOSYSTEM
INTRODUCTION
Throughout the modern industrial era, industries have been organised as linear value chains in which each
organisation creates value by transforming inputs to outputs before passing the outputs to the next link
in the chain. Some companies (e.g. Royal Dutch Shell and BP) pursued vertical integration so they could
control the entire value chain. This enabled economies of scale that created competitive advantage.
Digital technologies enable value creation to occur in new ways. The linear value chain is being
challenged by the development of digital ecosystems in the Network Age. Digital ecosystems are defined
by complex networks in which value is created through the interaction of different services, often involving
different organisations.

1.4 DIGITAL ECOSYSTEM

A digital ecosystem is defined as a dynamic integration of organisational departments, suppliers, tools,
systems, customers and external partners, brought together to increase data flow throughout an organisation
and drive business performance. It is a set of distributed, adaptive and socio-technical systems in which
individuals and organisations are increasingly dependent on each other.
Digital ecosystems enable an organisation to grow by adding value to the relationship between the
organisation and their customers, and by removing outdated systems and technologies that restrict the
organisation’s ability to keep pace with contemporary consumers’ changing preferences and needs.
Digital ecosystems require flexible infrastructure that supports not only information exchange, but also
collaborative knowledge creation, evolution and sharing across a number of cooperative and collaborative
networks that traditionally work in a bottom-up and rather improvised way.
In cooperative networks, participants share information and expertise while remaining independent
and only interact when necessary to harmonise efforts. In collaborative networks, participants are
interdependent, thus requiring a mutual commitment to working with other members of the network.
For a digital ecosystem to work, synergistic opportunities for the use of new approaches need to be
recognised and then appropriate new systems and tools identified and embraced. Organisational structures
can be united, and/or complementary external partners can be sought. By developing a digital ecosystem,
companies can deliver value to customers through new services, products and business models. Each
organisation’s ecosystem is unique to the organisation. At the same time, the organisation and the
components of its ecosystem will form part of the ecosystems of many other organisations. The typical
characteristics and components of a customer-centric digital ecosystem are represented in figure 1.5.

DIGITAL ECOSYSTEM COMPONENTS

The creation of value involves three interrelated and interdependent digital ecosystem components:
• software
• data
• information and communications technology (ICT) infrastructure.
Any digital ecosystem will include facets of each. As mentioned earlier, each organisation’s or business
unit’s digital ecosystem is unique and thus the relative role of each component will vary.

Software Ecosystems
Software ecosystems are created by the interaction of businesses via a common technological platform
to produce software and services. The interactions involve the exchange of information, resources
and artefacts, and enable developers to build specific solutions to create complementary value (Alves,
Oliveira & Jansen 2017). This is represented in figure 1.6. These independent developers extend and
enrich the platform while sharing costs, risks and benefits with the platform owner. Examples of successful
software platforms include Apple’s iOS and App Store, and the Android operating system. These platforms
establish a framework in which other organisations can create and deliver software solutions to the
platform’s customers. For example, a software developer can produce an app using one of Apple’s
developer kits, and distribute that app via Apple’s App Store to customers who have bought into the Apple
product and service ecosystem.
Pdf_Folio:20

20 Digital Finance
 FIGURE 1.5 Typical characteristics and components of a customer-centric digital ecosystem

Software

Data-oriented Data-driven

Customer
centred

Automated ICT infrastructure

Dynamic

Source: CPA Australia 2021.

FIGURE 1.6 A software ecosystem is built on a common technological platform

Information

Common
technological
platform

Resources Artefacts

Source: CPA Australia 2021.

Data-Oriented Ecosystems
Data-oriented ecosystems provide organisations with data that is relied on to understand customers
and to make better decisions. As described in part A of the module, various technologies have vastly
increased the volume, variety and velocity of data, and this data can increasingly flow in near-real time
across networks. This has provided the basis for the development of data-oriented ecosystems. Analytic
platforms, along with AI, machine learning and other tools, can integrate many data sources to search
Pdf_Folio:21

MODULE 1 The Digital Finance Ecosystem 21

and summarise the habits and preferences of individual customers to anticipate their next actions, thereby
creating opportunities to create additional value.

ICT Infrastructure Ecosystems

ICT infrastructure ecosystems are the foundation of any digital ecosystem. ICT infrastructure refers to
the hardware and software services that capture, store and organise data. The infrastructure includes servers
for storage, search languages and hosting platforms. This infrastructure is interconnected and consists of
thousands of individual networks. For example, the DE-CIX Apollon internet exchange based in Frankfurt
is spread over 30 data centres and interconnects over a thousand networks including application providers,
cloud providers and content delivery networks (DE-CIX 2021).

THE CHARACTERISTICS OF A DIGITAL ECOSYSTEM

Successful digital ecosystems are:
• customer centred
• dynamic
• data-driven
• automated.

Customer Centred
A customer-centric approach involves making the customer the focus of decisions across all aspects
of the business. While many companies claim to have adopted a customer-centric approach, in reality
few strategies extend beyond the customer-facing departments of the company. A customer-centric
personalised approach is not limited to customer service and marketing; it is a holistic approach across
every department.

Dynamic
A digital ecosystem is a collaborative and dynamic environment, replacing linear value chains and the
segmented and siloed departments of traditional business structures. Collaboration is adopted at every
level of the business, eliminating the conventional hierarchy and helping to identify new markets, new
technologies and new business models. Cooperation and collaboration also frame interactions with external
partners in the ecosystem. A digital ecosystem provides ways to scale and leverage innovation and new
technologies. This dynamic approach gives the business the agility to move with future disruption, and to
not be a victim of change.

Data-Driven
The more information a company has about its potential target customers, the better it can attract them with
uniquely appealing offerings, create customer loyalty and maintain customer engagement with products
and services. From social media to customer service interactions, big data can reveal insights into what
consumers are thinking about a brand, what they need and what they want. Big data is also sourced from
processes within the organisation and from other participants in the digital ecosystem, providing insights
into how to improve the efficiency and effectiveness of all aspects of the business. For example, Walmart’s
Data Café uses a constantly refreshed database consisting of 200 billion rows of transactional data —
representing the most recent few weeks of business (Marr 2016). In addition, it draws on 200 external
sources for meteorological data, economic data, telecom data, social media data, fuel prices, events taking
place in the vicinity of their stores and other relevant information.

Automated
Digital ecosystems generate big data. Participants in digital ecosystems need to process and interpret this
data at scale and speed in order to provide consumers with the personalised and seamless experience
they increasingly demand. AI and automation technologies make this kind of data analytics possible,
creating consistent valuable insights into consumer preferences, trends and behaviours, and enabling both
automated and human decision-based responses.

Pdf_Folio:22

22 Digital Finance
HOW DIGITAL ECOSYSTEMS CREATE AND DELIVER VALUE
Digital ecosystems enable enterprises to drive business processes more efficiently. Digital ecosystems
deliver value through:
• increasing sales
• increasing return on investment (ROI)
• opening new revenue sources
• reducing risks
• increasing speed of technology adoption.

Increasing Sales
Data-driven insights into customer preferences and habits enable a business to implement consistent and
relevant messaging across their customer service and digital channels. Businesses are then better positioned
to innovate based on those insights and offer new products and services that are responsive to the ever-
changing demands of consumers. This can translate to increased sales.

Increasing ROI
Big data analytics enable greater understanding of each aspect of the business, its interactions with external
parties, and the nature and needs of those external parties. This enables the business to ensure resources are
deployed optimally and processes work efficiently. For example, the business is able to plot touchpoints
throughout a consumer’s experience and thus optimise products and services to meet their demands.
A 2019 study by McKinsey found that businesses with an ecosystem had higher earnings before interest
and taxes (EBIT) than those without, suggesting that over a five-year period, an ecosystem could capture
an additional 10 per cent in EBIT growth (Fong et al. 2019).

Opening New Revenue Sources

Big data analytics provide customer insights that enable businesses to create new products and services to
drive new revenue streams and growth. By consistently delivering products and services that meet the needs
of the consumer, brands develop more customer loyalty and increase customer retention. For example,
Target in the USA (Salzman 2019) has used analytics to identify which customers are pregnant and infer,
within a two-week window, when the customer is due to give birth. Using this information, Target sends
the customer coupons and advertisements for products that are relevant to an expecting parent. This insight
benefited Target with an estimated USD1 billion in additional revenue.

Reducing Risks
While decision making in a traditional business is often made on the basis of observation and informed
guesswork, a digital ecosystem embraces the fluidity of data and data modelling to predict the outcome of
different decision options. This reduces risk, while enabling the company to be more receptive and agile
to change and to more efficiently and effectively deploy resources. The integration of data into all aspects
of a business, both internally and in interactions with external parties, does, however, introduce a range
of risks associated with data security and privacy. Cybersecurity risks can have devastating consequences.
These risks therefore need to be managed so the organisation’s overall risk profile remains aligned with
its risk appetite. This will be discussed in module 5.

Increasing Speed of Technology Adoption

The interconnectedness inherent in a digital ecosystem enables businesses to embrace new technology in
ways that were previously difficult or impossible. For example, rather than being held back by outdated
legacy software or being forced to make large and risky upfront investments in new in-house systems,
businesses can now access new technology via cloud computing services and software as a service (SaaS)
solutions, such as Salesforce. The rate of technology adoption is increasing, as technology capabilities are
reinforcing and creating a virtuous circle of value while lowering the risk of adoption.
Example 1.4 describes Amazon’s complex digital ecosystem and the strategy that guides its ongoing
development.

Pdf_Folio:23

MODULE 1 The Digital Finance Ecosystem 23

 EXAMPLE 1.4

Amazon’s Successful Digital Ecosystem Strategy

Amazon has evolved from its origins as an online bookseller to become one of the world’s most successful
and extensive digital ecosystems. Its ecosystem integrates with thousands of diverse organisations and
hundreds of millions of customers (Jacobides et al. 2019). Amazon’s revenue increased by 26.5 per cent
in the first quarter of 2020 to reach USD75.5 billion (Protalinski 2020). Some components of Amazon’s
ecosystem are outlined below.
Amazon.com: Retail Platform
Much of Amazon’s revenue growth comes from its retail ecosystem partners — the third-party sellers
on Amazon.com. Former CEO Jeff Bezos believes that the company’s independent sellers outperform
those using other platforms such as eBay because Amazon provides the data, tools and platform to help
resellers manage inventory, process payments, track shipments and sell their goods internationally. In
turn, Amazon accumulates data and revenue from its clients that enable it to leverage its investments and
experiment with innovations in retailing, thus creating a cycle of increasing value (Jacobides 2019).
Amazon Web Services: Cloud Computing
Amazon Web Services (AWS) is the market leader in cloud computing, ahead of Microsoft Azure and
Google Cloud. In the first quarter of 2020, sales growth, while on a slight slow-down, still managed
to achieve 33 per cent growth, resulting in sales revenue exceeding USD10 billion and accounting for
approximately 13.5 per cent of Amazon’s total revenue for the quarter (Protalinski, 2020).
Amazon Prime: Subscription Services
Amazon’s main subscription service is Amazon Prime, which has 150 million paid members. It includes
Prime Video, which has launched Prime Video Cinema in the UK, US and Germany to enable users ot
stream in-theatre movies at home. Subscription services grew by 28 per cent in the first quarter of 2020
to USD5.56 billion (Protalinski 2020).
Alexa: Customer Experience
Alexa is Amazon’s virtual assistant based on voice AI. It is accessible through Amazon’s own range of
Echo devices and third-party systems such as LG’s InstaView refrigerator. Alexa is a highly interactive
cloud-based virtual assistant that helps to create a customisable living experience by connecting to smart
household devices such as WeMo switches and Nest thermostats. As an intelligent voice recognition and
natural language service, it can be used to voice-enable any connected device that is equipped with a
microphone and speaker.
Amazon was not the first to move in the personal virtual assistant space; it was the third. Like many
other leading ecosystem orchestrators, Alexa did not enter the market as clearly superior technology;
rather, it was Amazon’s strategy that made Alexa a successful part of the digital ecosystem. Alexa attracts
complementary partners from many market segments and countries. It has more than 38 core partners
spanning four continents and 11 countries as well as numerous other alliances, that enhance its flexibility
and ability to deliver value.
Amazon Other: Advertising
Amazon’s ‘other’ category mainly consists of the advertising business. The data generated across
Amazon’s digital ecosystem gives the company extensive insight into what its customers want and do
not want to purchase. Amazon uses machine learning to gather more relevant data and leverages this
information for its advertising business, which in turn drives sales. In the first quarter of 2020, sales revenue
was up 44 per cent to USD3.91 billion (Protalinski 2020).
Amazon Cash: Digital Payments
Amazon partnered with Western Union to offer customers more payment options. Amazon Cash users
deposit cash directly into their Amazon account at any of Western Union’s 100 000-plus participating
agents. Deposits range from USD15 to USD500 per transaction and can be made using a smart phone
or printed barcodes. The service is free for customers, but they cannot withdraw funds once refunded;
funds can only be used for purchases via Amazon’s online platforms.
Amazon Cash makes online shopping possible for the unbanked or underbanked, which represent
25.2 per cent of households in the US in 2017 (FDIC 2017). This collaboration brings customers more
convenience and choice to make purchases on Amazon.com or Amazon’s mobile app regardless of
physical location, and across different financial ecosystems (PYMNTS 2020). This platform solves the
complexity of collecting local currency and converting it into the merchant’s currency on the other end of
the transaction.

Pdf_Folio:24

24 Digital Finance
 Amazon Pay: Trusted Payment Channel and Less Friction
Amazon Pay provides users with the option to purchase goods and services outside Amazon mar-
ketplace using address and payment method information stored in an Amazon account. Third-party
e-commerce stores add an ‘Amazon Pay’ button to their checkout process using the Amazon Payments
software development kit. This button redirects users to their Amazon account, where they select a
payment option and receive their purchase receipt. Amazon generates revenue from Amazon Pay by
charging 2.9 per cent + USD0.30 per domestic transaction. Users in India can make P2P transfers in
Amazon Pay through a unified payments interface.
Amazon Pay:
• increases customer trust, as payment goes through he Amazon channel
• streamlines payment processes across different platforms, as users are not required to re-enter card
and address information
• increases the likelihood of purchase for smaller platforms or retailers where users do not have
an account
• provides Amazon with valuable data on user spending outside of its shopping platform.

Amazon Lending: Inventory Loans for Amazon Marketplace Sellers

Amazon Lending offers short-term inventory loans for businesses that sell on the Amazon Marketplace.
Amazon Lending prequalifies sellers based on metrics the platform has collected (e.g. the seller’s sales
volume). Only invited sellers are eligible to apply for a loan. Loan amounts range from USD1000 to
USD750 000, with terms from 3 to 12 months, and interest rates from 6 per cent to 19.9 per cent (Dastin &
Baertlein 2020).
In 2018, more than 20 000 businesses on Amazon received a loan through Amazon Lending (Dastin &
Baertlein 2020), and by the end of 2019, Amazon stood to receive $863 million from sellers to whom it
provided financing through the lending program, according to an Amazon SEC filing.
In 2020, Amazon was planning the introduction of a new digital credit line for US-based merchants with
partner bank Goldman Sachs (Son 2020).

.......................................................................................................................................................................................
CONSIDER THIS
A digital ecosystem is characterised by the extensive flow of data within and between organisations to maximise value
creation. To what extent is your organisation or client integrated into a digital ecosystem? Based on the discussion
above, assess the potential and value of more extensive integration.

EVALUATING A DIGITAL ECOSYSTEM

Having established the fundamental characteristics and benefits of a digital ecosystem, we will now explore
how to evaluate a digital ecosystem in terms of the business’s objectives. This provides a method to assess
the performance of the business’s ecosystem and to evaluate potential changes to its ecosystem.
The goal of a digital ecosystem is to maximise the organisation’s value by integrating tools, skills, data,
partnerships and infrastructure to deliver benefits effectively and efficiently. A digital ecosystem is vital
to succeeding in today’s disruptive environment, but an overly complex, poorly integrated or unmanaged
ecosystem can be a drain on resources and productivity.
An evaluation of a digital ecosystem should address the questions, issues and approaches presented in
figure 1.7.

FIGURE 1.7 Evaluating an organisation’s digital ecosystem

Question 1: How is the business utilising technology?

Is there an established strategy behind the current use of technology, including software, data, analytics,
AI and automation? Is there a plan to evaluate and implement these technologies for current and future
development?
A comprehensive evaluation should review all the tools and systems used within the organisation,
including consultation with each team that uses any particular technology. A digital ecosystem is an
organisation-wide initiative, and every stakeholder needs to be accounted for in the evaluation.

Question 2 : Do the current software and data tools enable a consistent customer experience?
Are all interactions accounted for at every touchpoint in the customer experience? How is the flow of data
handled throughout the organisation? Can the digital ecosystem be more efficient at distributing data and
insights to the departments that need it?
Pdf_Folio:25

MODULE 1 The Digital Finance Ecosystem 25

 A comprehensive evaluation should be able to define how each software and data tool is used and
how it contributes to value creation in the organisation. Then look at how each tool can be connected to
increase the efficiency and effectiveness of the organisation’s data assets. Do some tools perform similar
functions for different departments? Can the tools be automatically connected, or do they require manual
data transfer? Can the existing tools systems be better integrated? Are the current tools the best choice?
Question 3 : How do employees and departments engage with the ecosystem?
What can the organisation’s departments do differently to increase efficiency? Are there new systems and
processes that can be introduced?
An evaluation should appraise the effectiveness of each system and tool: can they be combined to
increase efficiency? Discuss the use and effectiveness with the employees and stakeholders that use
these tools and systems every day. Do some tools need to be upgraded or replaced to improve the flow
of data throughout the ecosystem?

Question 4 : What software and data tools need to be implemented?

The outcome of the evaluation should be the creation of an action plan to improve the flow of data in
the organisation. Each software and data tool should be ranked according to its importance within the
business’s digital ecosystem. Determine what ecosystem improvements can be done and create an order
of implementation to ensure maximum effectiveness and efficiency as new tools are introduced.
Source: CPA Australia 2021.

The questions in figure 1.7 form the basis for an evaluation of a digital ecosystem. Comprehensive
digital ecosystem evaluations provide vital insights into how the organisation is functioning, but they take
time. The insights gained from an evaluation will reveal those areas for cost savings, increased efficiency
and identify opportunities to further drive growth and revenue.
.......................................................................................................................................................................................
CONSIDER THIS
The next section examines the digital financial services ecosystem. As we work through it, keep the evaluation
methodology in figure 1.7 in mind and assess how your organisation or clients could integrate services available
in the digital financial services ecosystem.

1.5 DIGITAL FINANCIAL SERVICES ECOSYSTEM

The digital financial services (DFS) ecosystem describes the digitalisation of the financial industry in
general. The DFS ecosystem consists of:
• users (consumers, businesses, government agencies and non-profit groups) who have needs for digital
and interoperable financial products and services
• providers (banks, other licensed financial institutions and non-banks) who supply those products and
services through digital means
• financial, technical and other infrastructures that make them possible
• governmental policies, laws and regulations that enable them to be delivered in an accessible, affordable
and safe manner and contribute to financial inclusion, economic health, and the stability and integrity
of the financial system.
While some DFS ecosystem processes and services are well-established, other new services and business
models bear disruptive potential for the financial industry. Digital financial ecosystems have been adopted
much more rapidly in other countries than Australia. For example, China’s Tencent WeChat platform
enables users to send messages, make payments, invest, order taxis, buy bus tickets and more, from a single
integrated system (McKinsey 2017). WeChat has more than 1.17 billion users (Q1 2020) (Iqbal 2020).
This compares to just 127 million users of Apple Pay. Example 1.5 describes how Airwallex (introduced
in example 1.3) is working to become more integrated with the DFS ecosystem.

EXAMPLE 1.5

Airwallex Increasing Integration

Airwallex simplifies international business accounts by bringing them into a single platform, and further
simplifies financial and accounting processes by integrating with key accounting software such as Xero.
This means clients do not have to manually handle data produced through Airwallex or build their own
Pdf_Folio:26

26 Digital Finance
 system to process that data. Airwallex’s current integration involves providing an hourly bank feed into
Xero for all domestic and international transactions. Over the longer term, Airwallex plans to integrate its
platform with a variety of software and tools. For example:
• invoicing/quoting software — payment gateway integration into invoices so customers can pay via
debit/credit card upon receiving the invoice
• accounting software — expense management integration from Airwallex Borderless Cards issued to
employees/teams (i.e. pushes)
• payroll software — automatically push international batch payroll payments into Airwallex from the
payroll software
• e-commerce platforms — payment gateway integration into e-commerce platforms (e.g. Shopify, Big
Commerce, Neto).
This will create more efficiencies and value for Airwallex’s clients by managing the flow of data between
Airwallex services and the other components of the client’s digital finance ecosystem.
Source: Airwallex 2020.

GOALS OF DIGITAL FINANCIAL SERVICES

An efficient financial system will allocate savings to productive users of funds at least cost. It should
offer a large range of financial instruments and institutions to assist investors balance risk, liquidity and
return. It should also cater to a wide range of borrowers, from the well-established to those with high-risk
new ventures. The community should be able to trust the integrity and soundness of the system, without
believing that everything is guaranteed by government. It should allow institutions to innovate, employing
new technology and offering new products. It should be open to competition.
Providers, users and regulators of digital financial services also seek to achieve greater financial
inclusion — to use technology to deliver financial services to users and businesses that have not
traditionally been served by financial institutions. Financial inclusion brings the lowest-income earners
into the formal economy, and thus expands the market, opens new opportunities for development, and
helps address poverty. In particular, financial inclusion provides:
• safety and security — the ability to store and manage value without needing to protect cash as a
physical asset
• speed and transparency — the ability to avoid the delays, leakage and fraud that can affect cash
payments, by moving to traceable digital payments with stringent identification procedures, immediate
funds transfer and digital record-keeping
• increased flexibility — the ability to access a wider range of payment, savings, credit, information and
other financial services at low cost
• savings incentives — access and interfaces to saving products to improve the ability and willingness
to save
• credit histories — the creation of transaction histories to support future borrowing by consumers
and merchants
• women’s empowerment — digital financial remittances empower women within their households and
enable the recipient to keep financial transactions private, even within a family.
For example, in rural Uganda, smartphone digital payments (Sekabira & Qaim 2017) improve the
welfare of rural households by smoothing consumption, providing higher household incomes through
off-farm activities and curbing poverty. Typical off‐farm income sources are small businesses in trade,
transport and handicrafts, which benefit from novel savings and money transfer opportunities through
mobile money. Digital payments enable users to sell a larger proportion of their crops (such as coffee) as
shelled beans to buyers in high-value markets rather than to local traders immediately following harvest.
Mobile money services reduce the cash constraints and facilitate transactions with buyers farther afield.
As such, digital payments are contributing to rural development and financial inclusion in Uganda.

REQUIREMENTS FOR A DIGITAL FINANCIAL

SERVICES ECOSYSTEM
The DFS ecosystem includes the many consumers, businesses and governments that are involved in the
use and provision of digital financial services. The actors and services that constitute a DFS ecosystem
depend on two fundamental support structures: a solid level of infrastructure readiness and an enabling
Pdf_Folio:27

MODULE 1 The Digital Finance Ecosystem 27

environment. Figure 1.8 shows the basic architecture of a DFS ecosystem. The following subsections
explain its operation.

FIGURE 1.8 A DFS ecosystem

DFS providers Digital financial services

Providing digital Products and services

financial services provided to users
• Banks • Transaction accounts
• Other financial institutions • Payments services
• Licensed non-banks • Savings accounts
• Investment services
• Loans
Users • Insurance services
Entities using DFS products
and services
• Consumers
• Merchants
• Businesses
• Governments
DFS provider support services Use cases
• Not-for-profit groups
Enterprises and networks that Situations in which DFS
extend coverage of DFS services are used
• Storing funds
providers and interfaces to
• Buying
users
• Agents • Paying bills
• Processors • Sending/receiving funds
• Borrowing
• Saving
• Insuring assets and risks

Infrastructure readiness Payments systems Energy availability

Technical systems to enable Voice and data communication Identity systems
digital financial services networks

Enabling environment Regulators Standards bodies

Regulatory, supervision and standard Financial inclusion policies Industry groups
setting enabling environment (national,
regional and international)

Source: International Telecommunication Union 2016, ‘The digital financial services ecosystem’, www.itu.int/en/ITU-T/
focusgroups/dfs/Documents/09_2016/FINAL%20ENDORSED%20ITU%20DFS%20Introduction%20Ecosystem%2028%
20April%202016_formatted%20AM.pdf.

Infrastructure Readiness
Infrastructure readiness refers to the availability of technical systems that enable digital financial services.
Components of infrastructure readiness are discussed below.
Payments Systems
Payments systems are required for transactions between and among end users, including consumers,
merchants, businesses and governments. These payments systems may be public, semi-public, or private;
they may be ‘closed-loop’ or ‘open-loop’. Security of payments systems is a requirement of infrastructure
readiness. In addition, a certain degree of payments system interoperability among participants in payments
is required. Interoperable payment systems allow two or more proprietary platforms to interact seamlessly,
enabling the exchange of payment transactions between and among payment service providers and,
consequently, users. Interoperability enables users to make digital payment transactions with any other
user in a convenient, affordable, fast, seamless and secure way, possibly via a single transaction account.
Pdf_Folio:28

28 Digital Finance
Communication Networks
Voice and data communication networks support the exchange of data to and from end users and
providers. Certain levels of communication network quality and security are thus a necessary component
of infrastructure readiness.
Sufficient Energy
Sufficient energy must be available to operate the other infrastructure and any devices used by participants
in a DFS ecosystem. The massive exchange of data and the supporting infrastructure and devices involved
in a DFS ecosystem consumes considerable energy. Some Fintech applications, such as blockchain,
consume very large amounts of energy. Current blockchain designs run on algorithms that can consume
up to 215 kWh per transaction (Omezzine & Schleich 2019) (the equivalent of letting a 25 W incandescent
light bulb burn for a full year). This is mainly because validating and securing transactions on the
blockchain requires huge computing power.
Identity Systems
Identity systems must be available to identify end users and their providers and must feature authentication
systems capable of recognising and validating these identities. Identity systems may be national IDs,
sectorial IDs (e.g. financial industry identifiers, bank account numbers, or mobile phone numbers)
or private sector IDs (e.g. WeChat or PayPal identifiers). Some IDs are biometrically enabled (using
fingerprints or facial recognition) and this is expected to become a significant part of the ecosystem, given
the importance of the mobile phone (Thales 2020; Naiya 2018).

Enabling Environment
The enabling environment refers to:
• laws and regulations — the legal requirements relating to financial services, telecommunications, data,
competition and consumer protection that both enable and constrain the activities of DFS ecosystem
participants
• national policies — the frameworks within which a government seeks to promote the overall wellbeing
of its society; for example, measures to improve financial inclusion
• standard-setting bodies and their standards — the organisations that work with industry to formulate
standards and protocols to ensure interoperability between systems and organisations; for example,
EMV (Europay, Mastercard and Visa) is global standard for chip cards and the associated transaction
authentication technology
• industry groups — the organisations that collectively represent DFS ecosystem participants to promote
their interests; for example, the Mobey Forum is a global, not-for-profit industry association focused on
the sharing of digital finance knowledge between financial institutions to help shape the future of digital
financial services.

Consumers, Businesses and Governments

The ecosystem itself includes the many consumers, businesses and governments that are involved in the
use and provision of digital financial services. This includes the following.
• Users. Entities that are consumers of digital financial services. This includes consumers; merchants,
billers and other payments acceptors, businesses, governments and non-profit agencies.
• DFS providers. Entities that provide digital financial services to users. It includes both traditional
financial services providers (banks, savings institutions, credit unions and other financial institutions)
and non-traditional providers. The ability of non-traditional providers to act as DFS providers is
constrained by national law and regulation.
• DFS support service providers. Entities that provide services to DFS providers. This includes processors,
platform providers, and a wide range of software and hardware providers (e.g. terminals, ATMs). It also
includes agents (who may work on behalf of either bank providers or non-bank providers), which form
an important component of the digital financial services ecosystem.
Note that any given organisation in the digital financial services ecosystem may play multiple roles. For
example, an e-money operator may be both a provider of data and voice services and a direct DFS provider.
A card network may be both a provider of a payment system and a DFS support service provider.

Pdf_Folio:29

MODULE 1 The Digital Finance Ecosystem 29

The Evolution of the DFS Ecosystem — Achieving Digital Liquidity
The widespread adoption of mobile phones and the development of payment technologies that could be
hosted on them are major factors behind the development of a global digital financial services ecosystem.
Mobile payments developed in two ways.
• Closed loop systems. Where non-bank providers, often MNOs, create transaction accounts allowing
their subscribers to store funds in these accounts and make transfers to other subscribers. The primary
weakness of the closed loop is a lack of interoperability: the subscriber to one system cannot pay to a
subscriber of another system.
• Open-loop systems. Where banks are the primary provider of digital financial services. Regulators are
broadening the set of providers who can access these payments networks, either directly or through
bank partners, to try to achieve socio-economic goals, including greater financial inclusion. The primary
weakness of the ‘bank-led’ model has been adoption among lower-income earners.
Both models share a common problem in that funds put into these special transaction accounts are
withdrawn to cash almost immediately. An effective DFS ecosystem requires a post-cash state of digital
liquidity where users would leave their funds in electronic form. What would it take for the ecosystem to
evolve to this state? Four principal drivers are commonly recognised.
1. The delivery of bulk payments (generally government payments or wages) into digital wallets (transac-
tion accounts managed by mobile devices) is seen as a critical enabler for consumer adoption of wallets.
Bulk payments can not only deliver funds immediately into digital wallets, but they can also improve
the odds that the recipient will get their full intended payment.
2. The enablement of merchant services infrastructure to receive payments out of digital wallets is seen as
the most important feature in reducing dependency on ‘cash-out’. Users will be more willing to leave
funds in a digital wallet if they are able to use these funds as they currently use cash.
3. The development of interoperability among providers of transaction accounts is seen as the key
capability to enable ‘ubiquity’, the ability of any one user to make payment to any receiver, regardless
of who is providing the transaction account for that receiver.
4. The delivery of additional financial services, such as savings, lending and investing, through connection
to the digital wallet is seen as the key to realising many of the longer-term objectives of financial
inclusion. Consumers and small merchants who are able to safely save and invest money, and borrow
to support short- or long-term needs, are more able to stabilise their financial lives and avoid many of
the perils experienced in an all-cash economy.
Just as different countries have chosen different early models for digital financial services to support
(many developed at a grass roots level), countries will also see different pathways to a full deployment
of these services. However, there is expected to be increased regional or global coordination on policy
issues connected with the ecosystem, which may lead to more convergence among countries on supported
models and systems.
An important over-arching issue in the development of the DFS ecosystem is the need to invest in and
manage two sides of the payment ecosystem at once. In other words, this practically means providing the
infrastructure to load electronic money into consumer transaction accounts and to enabling consumers to
be able to spend this money in electronic form, rather than cashing out, principally through the enablement
of merchant electronic payment acceptance.
As with any ecosystem a transaction cannot be successful without two parties agreeing: consumers
who accept electronic money will simply ‘cash-out’ if they can’t spend it electronically, thus perpetuating
the costly cash management problem of agents. Merchants, on the other hand, will not accept electronic
payments unless there is a significant number of consumers who are ready to make them. Each is dependent
on the other for digital liquidity to work.

ISSUES AND CHALLENGES IN THE DFS ECOSYSTEM

Not surprisingly, regulators, providers and the wide range of parties working to implement and enable the
digital financial services ecosystem are dealing with complex issues. These issues can be summarised into
four potential risks (this also applies to digital ecosystems in general): the digital divide, data privacy and
security, quality of work and competition.

Digital Divide
Digital platforms within the ecosystem can widen the digital divide by serving only those with access to
smartphones and computers and risk deepening exclusion for those offline as more opportunities move
online. Key issues include the following.
Pdf_Folio:30

30 Digital Finance
• Internet access and affordability. Cost is still the main barrier for internet access. In Africa, the average
cost for 1GB of data is 7.12 per cent of the average monthly salary. In some countries, 1GB costs as
much as 20 per cent of the average salary (A4AI 2019).
• Gender gap. Despite growing internet penetration across the globe, the digital gender gap is widening
in some parts of the world. In Africa, women’s access to digital technology is 25 per cent lower than
men’s according to the International Telecommunication Union (ITU) (ITU 2019).
• Access to devices. In 2020, smartphones accounted for 70 per cent of connections (Cerwall, Jonsson &
Carson 2020). Platforms can widen the digital divide by serving only those with access to smartphones
and computers. Depending on the market, options for feature phones can significantly impact inclusion.
• Gap in digital skills. ITU found that 65 per cent of non-internet users in Africa, Asia and Latin America
did not use the internet because of a lack of skills (ITU 2019). Even when they have access to affordable
handsets, reliable data connectivity and stable power, many people do not know how to access digital
financial services or are not comfortable with technology. Digital literacy is needed to effectively close
the digital skills divide.
• Agent networks. As a result of these gaps, it can be hard for DFS providers to reach the bottom of the
pyramid with financial services and the benefits they bring. In many markets, DFS providers still target
the middle class. However, DFS providers can employ agent networks to close the digital divide and
reach low-income people in remote and rural areas.

Data Privacy and Security

Data that is collected from users can be used to provide better services, but data can also be misused.
Some issues around data privacy and security are described below. A detailed discussion of data privacy
and security issues in digital finance is included in module 5.
• Targeted advertising based on user data can exclude specific customer groups from services. Targeted
advertising is not always a problem. For example, it would be logical for a restaurant to target only
customers who live nearby. However, this selection could be based on discriminatory characteristics,
for example, race or those closely correlated with discrimination, for example, marketing to only
selected locations based on racial composition. Biased algorithms can lead to exclusion based on race,
occupation, gender, and so on.
• For many DFS providers, especially social and communications platforms that do not collect fees, user
data is a key source of revenue.
• DFS providers rely on data generated by users’ historical transactions and behaviours to make decisions
about financial products and services for customers. The more data the DFS provider has, the better their
ability to tailor products and services to customer needs and to serve those users who are traditionally
excluded by banks because they lack a financial history.
• In many cases, users have either not consented to the use of their data or have agreed to complicated
terms and conditions they did not fully understand.
• Data might be sold to third parties or accessed through a data breach. This exposes customers to risks
that they may not be prepared to face. Lack of accountability on the use of data can lead to data abuses
and cybercrime.

Quality of Work
Digital ecosystems can expand income opportunities for people, particularly those of low income.
However, work through digital platforms often lacks the security and benefits of conventional work.
• Most digital platform workers — for example, Uber (Reis & Chand 2020) or Freelancer — are
independent contractors rather than employees. As such, they generally do not have the benefits and
workplace protections offered to traditional employees.
• Digital platform work can drive workers to informality. However, this is more prevalent for developed
markets since workers in emerging markets already have a high level of informal and self-employment.
• Most were not salaried employees before joining the digital platform, so they move from informal to
semi-formal employment rather than from formal to semi-formal employment.
• While digital platform work has benefits, including flexibility, autonomy and potential for increased
income, it also comes with risks that undermine the quality of work.
• Many digital platform workers have inconsistent and/or unpredictable income patterns, which can
present challenges if credit repayment is not flexible.
• Lack of worker protections and benefits, such as paid leave and insurance, result in long hours, high
pressure and on-the-job injuries. Some digital platforms set up partnerships to offer some benefits like
insurance at preferential rates.
Pdf_Folio:31

MODULE 1 The Digital Finance Ecosystem 31

• Large power imbalances between digital platforms and workers make negotiations difficult. Pay cuts
are particularly challenging if workers have taken on credit that is no longer affordable or profitable.
• Access to financial services tailored to the income patterns of digital platform workers together with
policy and regulation to offer benefits and protections could improve the quality of work.

Competition
Because digital ecosystems need to scale, the space is likely to be dominated by only a few players. Limited
competition can affect fees and prices.
• Digital ecosystem providers rely on scale and network effects, which leads to market concentration.
• Providers that can afford to, may expand into new markets and/or users may dominate the market. They
can leverage their dominance in one sector (e.g. search or e-commerce) to gain dominance in another
sector (e.g. P2P payments, digital wallets). The data and customer relationships they gained in one sector
can be used as a competitive advantage in another area, where their competitors do not necessarily have
access to the same data. For example, Google and Apple preinstall their payment services (Google Pay
and Apple Pay) in their devices.
• A fight for market share can result in a pricing war that is detrimental for producers and suppliers
of services on the platforms, especially for generic services like transport and food delivery, where
platforms control pricing directly.
• Dominant companies can use bundling or tying strategies to restrict competition or customer choice.
• Competition laws and regulation are needed to address competition issues that are specific to the
digital economy.

1.6 THE PAYMENTS ECOSYSTEM

In this section, we will explore digital payments ecosystems that exist within the overall DFS ecosystem.
There are numerous participants in payments ecosystems. Some of the main players in the North America
market, for example, are presented in table 1.1.

TABLE 1.1 Digital payments ecosystem providers by role

Role Key providers

E-wallets Google Wallet, Visa Checkout, Apple Pay, Swap

Bank credit cards Wells Fargo, HSBC, Chase

Business credit cards Best Buy, Target

E-wallet platforms HyperWallet, Fundamo, GoNow, Payou, Zenius

Card associations Visa, MasterCard, American Express

Acquirers Wells Fargo, FirstData, TD, Moneris

Processors Chase, GlobalPayments, FirstData

Third-party processors Stripe, PayPal, Square

ISOs Everlink, Pivotal Payments

Point-of-sale terminal technology Ingenico Group, Verifone, Magtek

Integrated systems Micros, Vivonet, Profitek

In-store terminal payment providers Chase, Payfirma, GlobalPayments

E-commerce payment providers Stripe, Payfirma, Apple Pay, PayPal

Recurring billing payment providers Stripe, PayPal, Payfirma

Mobile payment providers Square, Venmo, Intuit

Tablet POS providers Vend, NCR, Square, Payfirma

Source: CPA Australia 2021.

Pdf_Folio:32

32 Digital Finance
 Within the payment ecosystem, a closed-loop payment network exists as a layer operating between
consumers and merchants. Components of this layer include Amazon Payments, Bitcoin, PayPal, Boku,
Sometrics and Dwolla.
In 2014–15, Google Wallet announced plans to launch a P2P payment service that would allow
free money transfers between users. Apple also launched a platform. These platforms developed into
Google Pay and Apple Pay (discussed in detail in example 1.6). The evolution of these technologies has
given rise to new authentication norms at the device level and positioned Google and Apple as viable
alternatives to banks for payments.

EXAMPLE 1.6

Apple Pay’s Digital Payments Ecosystem

One of the key changes occurring in the digital financial services sector is the entry of new participants
that have not previously been involved in the industry. In particular, while financial institutions have brought
technology into their systems, technology companies have brought financial services into theirs.
Apple launched its Apple Pay payments product in 2014. By 2020, Apple Pay had become the most
popular mobile contactless payment system in the world. Contactless payments in the USA are forecast
to grow from USD178 billion in 2020 to reach USD1.5 trillion by 2024 (Detrixhe 2020). Apple Pay’s DFS
ecosystem involves the following.
• Users. All entities that are consumers of Apple Pay services. This includes consumers, merchants and
other payments acceptors, and businesses.
• DFS providers. All entities that provide Apple Pay services to end users. It includes both traditional
financial services providers (banks, credit unions and other financial institutions) and other non-bank
providers, which may include e-money operators, postal authorities and a variety of different commercial
providers.
• DFS support service providers. All entities that provide services to DFS providers. This includes proces-
sors, platform providers, and a wide range of software and hardware providers (e.g. terminals, ATMs).
• Digital financial services. Apple Pay’s financial services that are accessed and delivered through digital
channels (e.g. payments and remittances).
• Use cases. All situations in which Apple Pay can be used (e.g. making payments, and sending or
receiving funds using messages or asking Siri). Apple Pay makes riding trains and buses simple in
major cities across the globe (e.g. in Chicago, New York, Tokyo, Beijing, Shanghai and London) — the
customer pays by simply holding their iPhone or Apple Watch up to the reader at the turnstile. Apple Pay
also supports purchases in a wide variety of apps (e.g. paying for a hotel room, a pizza delivery or a
new pair of sneakers with a single touch).
For consumers, the choice of payment platform is no longer simply about payments, but about the
added value they receive. Apple Pay’s value proposition is based on security, ease of payment and
integration with Apple’s other offerings. For those who always have their mobile phone with them, it is
more convenient than using a physical credit or debit card. Apple Pay (Apple 2020) works with Apple’s
iPhone, Apple Watch, iPad and Mac hardware.
Apple Pay enables contactless, secure purchases in stores, on participating websites and within
selected apps. It, of course, supports payment within Apple’s own network of platforms, including iCloud,
Apple News+, Apple Music and Apple Arcade.
Apple also built Apple Pay on the following attributes.

Energizer Effects
Apple Pay take advantage of Apple’s vertical integration efficiency through blending hardware, software
and user-friendly interfaces into a harmonious ecosystem. This quality is specific to Apple Pay and helps
provide a new revenue stream for the entire iOS ecosystem.
Privacy
Apple prioritises its customers’ privacy concerns. It does not store:
• what was bought
• where it was bought
• how much was paid.
Apple also refrains from exchanging credit card information with merchants during transactions, which
further boosts its security mechanism as card information is less likely to be compromised. Apple Pay
uses a device-specific number and unique transaction code to avoid the need to store the user’s card
number on their device or on Apple servers.

Pdf_Folio:33

MODULE 1 The Digital Finance Ecosystem 33

 Merchant Adoption
Apple Pay has been widely adopted by financial institutions and merchants. It is integrated with the
American Express, MasterCard and Visa credit card payment networks. By 2020, its adoption had grown
to 54 countries across the globe, including Australia, New Zealand, China, Taiwan and Singapore. Most
financial institutions across these countries have adopted it, including Bank of America, Chase, Wells
Fargo, Citi, NAB, Westpac, ANZ and Commonwealth Bank. In the US, 65 per cent of all retail outlets
support Apple Pay, including Starbucks, Whole Foods, Bloomingdales, Disney, McDonalds, Taco Bell
and Target. McDonald’s says Apple Pay accounts for 50 per cent of all its tap-to-pay transactions. Service
providers like Uber and Groupon also support the platform. Sending and receiving money with Apple Pay
is currently only available to US residents over 18. These services are provided by Green Dot Bank.

Consumer Adoption
While many larger merchants have set up to accept Apple Pay, consumers still need to take a card or cash
to most stores, not just their phone. If consumers want to use Apple Pay at their grocery store, service
station, laundromat and street food stalls, then Apple needs to provide incentives for small merchants to
adopt the platform.

Security/Fraud Protection
Apple Pay payments are authorised using Apple’s fingerprint and Face ID technologies. Apple Pay
also uses a tokenisation system and security on the iPhone during the payment transaction to protect
against fraud.

Potential for Data Analytics

Apple has made a point of prioritising customer privacy by not storing transaction information. To date, it
has forgone the potential for big data applications that could be supported by its customer data. However,
it could in the future, for example, use big data through technologies such as iBeacon to provide live
feeds or additional spot discounts on products within one’s vicinity while shopping in a physical store.
This approach to analysing big data as it flows in would avoid transactional data storage and spur
the development of several applications around this domain. Apple Pay and Apple Watch users would
eventually benefit from these network externalities.
In 2019, Apple became a bank in the United States when it released its Apple Card, a credit card
featuring low rates and no fees with transactions built on top of Apple Pay with Goldman Sachs as
the bank of record and Mastercard as a key partner providing a global base. As Tim Cook, CEO of
Apple, stated:

We wanted to take the Apple Pay experience even further. We saw an opportunity to transform another
fundamental method of payment. That’s the credit card. We think Apple’s uniquely positioned to make
the most significant change in the credit card experience in 50 years (cited in Dignan 2019).

Source: Information from Apple 2020, ‘Apple Pay’, accessed June 2020, www.apple.com/apple-pay.

.......................................................................................................................................................................................
CONSIDER THIS
Based on the description of Apple Pay, what role do you think digital payments will play in your business or your
clients’ businesses? Will they be primarily used for B2C or B2B transactions or both?

SUMMARY
An organisation will be part of many digital ecosystems. From the organisation’s own perspective, its
ecosystem includes the integration of organisational departments, systems, technologies, customers and
external partners, enabled by software, ICT and data exchange within and external to the organisation.
Digital ecosystems are customer-centric and value is created and consumed through the relationships
between different ecosystem participants.
The effectiveness of an organisation’s digital ecosystem may be evaluated or improvements designed
using the set of questions and issues presented in figure 1.7. A digital ecosystem seeks to adopt systems,
technologies and cooperative partnerships that create synergies.

Pdf_Folio:34

34 Digital Finance
 The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

1.1 Evaluate the complexity of digital transformation and its impact on the work of accounting and
finance professionals to meet specific business needs.
• Financial services and finance functions exist within a digital ecosystem which emphasises the
integration of systems, data and services both internally to the organisation and with customers
and external organisations.
• The evaluation of a business’s processes and performance increasingly factors in its interactions
in the ecosystem, which create new ways of adding value, but involve complex interconnectivity.
• Digital ecosystems are based on data. Advanced analytical approaches provide a way to generate
insights from this data that enable customer-facing and back-office performance to be improved.
1.2 Analyse the complexity associated with the practical implementation of emerging technologies
and their impact on the finance ecosystem.
• Figure 1.7 presented a methodology based on questions and issues, including consultation through
an organisation, to evaluate current and potential uses of technologies and integrated systems in
the organisation’s digital ecosystem.
• Access to infrastructure and other enablers and willingness to engage with digital finance tech-
nologies varies greatly between institutions and different societies. An organisation must be aware
of the financial inclusion and exclusion implications of the technologies they use.
1.3 Support the adoption of digital technologies to achieve an organisation’s strategic goals.
• The methodology presented in figure 1.7 can be used to identify weaknesses and potential
improvements in an organisation’s digital ecosystem and thus enable the design of an improved
ecosystem based on the adoption of new technologies and greater integration.

Pdf_Folio:35

MODULE 1 The Digital Finance Ecosystem 35

PART C: FINTECH (INNOVATIONS)
INTRODUCTION
To evaluate how digital finance technologies could be used to meet business needs and to support the
adoption of appropriate value-adding technologies, it is necessary to develop sufficient understanding of
those technologies and their use cases.
This part examines FinTech developments, how they are currently being used in business, including by
accounting and finance professionals, and some specific directions in which FinTech may evolve in the
near future.

1.7 FINTECH IN BUSINESS

The adoption of FinTech changes a company’s internal operations and its external interactions with
customers, regulators and other service providers.

THE SCOPE OF FINTECH

The FinTech sector covers a broad range of businesses. FinTech is being developed and implemented
by start-ups, established technology companies moving into finance, and established finance operators
adopting more technology-based approaches to their business. FinTech also encompasses numerous
markets. For example, there is RegTech for regulatory technologies, WealthTech for wealth management
technologies, and InsurTech for insurance technologies.
FinTech has also gained subcategories relating to lending, analytics, digital identity, cybersecu-
rity, small- and medium-sized enterprise (SME) finance, financial inclusion, payments, robo-advice,
blockchain, distributed ledgers, neobanking and more. In addition, technologies related to the cloud, IoT,
AI, machine learning, biometrics and others are creating FinTech themes and impacts. As such, the term
is often now used to refer to any technological innovation in finance.
We can define FinTech companies as: companies that primarily use technology to generate revenue
through providing financial services to customers either directly or through partnerships with traditional
financial institutions.
Common FinTech services include:
• financial planning:
– online budgeting
– financial planning and retirement management tools
• savings and investment:
– P2P lending
– equity crowdfunding
– online advice
– online stockbroking
• payments:
– foreign exchange
– remittances
– branchless banking
– smartphone payments
– cryptocurrencies
• borrowing:
– online loan providers and brokerages
– online invoice financing
• insurance:
– online comparison websites
– online-only brokers
– insurance providers.

Pdf_Folio:36

36 Digital Finance
Current FinTech Solutions in Business
Jack Zhang, the co-founder and CEO of Airwallex, closely monitors the development of FinTech solutions
across the sector. He notes a range of emerging and current FinTech applications, including:
• the New Payments Platform released by the Reserve Bank of Australia to enable flexible, real-time and
data-rich payments (the UK and some other countries have implemented similar platforms to which
financial institutions can subscribe)
• AI enabled analytics to extract data from a variety of information sources to fulfil ‘know-your-customer’
(KYC) obligations under anti–money laundering (AML) legislation and achieve a fast onboarding of a
new consumer or business client
• machine learning enabled analytics to analyse big data to determine a credit score and thus decide
whether to offer credit to businesses or consumers
• increasingly open data access so organisations can, with permission, integrate information from multiple
organisations to better serve a customer or client; for example, transparency within the credit score sector
enables data from all the banks in Australia to be collected to create a holistic view of an individual’s
or organisation’s credit history
• real-time notifications of finance data and events to enable more timely financial management.
There are many more examples, with FinTech’s regularly developing new solutions.

FINTECH VS TRADITIONAL FINANCIAL SERVICES

Categorising a FinTech company can be difficult as the field is both broad and overlapping in many
dimensions. The types of services provided by FinTech companies can vary — ranging from technology
for traditional financial services such as wealth management, insurance, payments and banking to newer,
innovative areas such as peer‐to‐peer lending or blockchain technology. There are also a number of
technology companies that offer some form of financial services and traditional financial institutions that
leverage technology to offer financial services. For example, Apple developed Apple Pay, described in
example 1.6 in the previous part, to offer mobile payment services for Apple iPhone users. Apple Pay
could on its own be considered a payments or FinTech platform. Thus, Apple Pay would clearly be
classified as a FinTech offering, but Apple would likely not be a FinTech company given the expanse of its
other non‐FinTech products and services, with its FinTech offerings comprising only a small proportion
of revenues.
Nevertheless, publicly traded FinTech companies occupy three primary niches.
• The FinTech payments niche includes companies that facilitate and/or support the transfer of money,
particularly non‐cash transactions. Key sub‐niches include processors that provide solutions related to
the transfer and processing of money, and software/hardware companies that provide software/hardware
that primarily supports the transfer and processing of money, including buy-now-pay-later services. The
majority of Australian listed FinTechs are in the payments sector. The top three largest public Australian
FinTech payments companies in early 2021 were Afterpay Limited, Zip Co. Limited and EML Payments
Limited.
• The FinTech solutions niche includes companies that provide technology solutions to assist businesses
and financial institutions with financial services. Key sub‐niches include outsourced companies that
are third‐party providers of FinTech solutions, payroll/administrative companies that improve the
human resources function through technology, and content companies that provide content/research
that supports financial services and decision making. Australian FinTech solutions examples include
FinTech Chain Limited and Cashwerkz Limited.
• The FinTech technology niche includes companies that provide software and services to one of three
different financial services subsectors, including banking, investments and healthcare/insurance. An
Australian FinTech technology example is Integrated Payment Technologies Limited, which provides a
clearinghouse service.
The success of FinTech companies is in part due to their ability to focus on a niche segment of the
industry, rather than trying to compete on all levels. Banks on the other hand, have always tried to own every
aspect of the financial services spectrum — this is where they are now struggling as alternative players
offer more sophisticated services for customers within a specific niche. For example, banks and payments
companies can send money internationally by integrating with technologies such as the Currencycloud
API, rather than having to develop proprietary technology. The Currencycloud API is discussed briefly in
example 1.7.
Pdf_Folio:37

MODULE 1 The Digital Finance Ecosystem 37

 EXAMPLE 1.7

Choosing the Level of Engagement

Part B of this module described how digital ecosystems create value by integrating components of dif-
ferent systems and organisations. Rather than develop or buy a complete suite of services, organisations
can choose at what level to engage with service providers in their digital ecosystem.
For example, UK-based Currencycloud (Currencycloud 2020) provides a fully cloud-based platform for
cross-border B2B payments. Currencycloud’s platform serves a range of businesses, including banks,
foreign exchange brokers and money transfer services. Organisation’s access Currencycloud’s platform
by having their developers use the API building blocks provided by the company to build customised
payment solutions. This enables Currencycloud’s clients to choose the level of engagement they require,
and ultimately this allows for a payments infrastructure to be embedded into the client’s products or
services in a way that provides customers with a seamless experience.

.......................................................................................................................................................................................
CONSIDER THIS
The ability to create new customised services by integrating building blocks via APIs is one of the defining features of
the digital finance ecosystem. How aware are you of services relevant to your work or your clients’ businesses that
can be accessed in this way?

In essence, FinTech 2.0 is deconstructing financial services into their base elements. Some are back
office, some middle office and some are front office. Smart devices, integrated via apps, make the front-
office customer experience exceptional, API plug-and-play interfaces in the middle office make the
connection between front and back office simple and in real time, while machine learning, AI, deep data
analytics, cloud structures alongside blockchain shared ledgers are reconstructing back-office services.
Because most FinTechs focus on niches, businesses often need to subscribe to multiple FinTech
providers to meet their end-to-end digital finance needs. The flexibility to combine service components
from different suppliers is one of the benefits of FinTech, but this must be evaluated against the
extra complexity of dealing with multiple platforms and multiple service providers. Some FinTechs are
building towards a fully integrated, broader set of financial products that fulfil end-to-end business needs.
Example 1.8 explores these issues in relation to start-up electric bicycle company Bolt.

EXAMPLE 1.8

FinTech Mix
Bolt is a global start-up founded in Australia, which offers a subscription service for its electric bicycles.
Bolt is used by thousands of food courier delivery riders riding for Uber Eats, Deliveroo, DoorDash and
many others. The electric bicycles allow delivery riders to maximise delivery hours and their subscription
model provides riders with access to credit without taking on substantial debt.
Bolt uses a combination of FinTechs to meet its financial needs, including the following.
• Stripe to provide the payment gateway on Bolt’s website for collecting weekly subscription payments
from riders through credit/debit card payments.
• Airwallex to provide a global business account to collect investment funds from overseas investors and
to make payments to international electric bicycle suppliers.
• Brex to provide corporate cards for paying bills and expenses (e.g. software subscriptions).
Table 1.2 summarises the expansion of Airwallex’s offerings from a global payments and collections
platform through the addition of new financial products that are fully integrated into its core platform.

TABLE 1.2 Airwallex modern business account products

Collections Conversion Payment

Initial products Global accounts Foreign exchange (FX) Payments platform

Easily setup conversion Perform domestic and
international bank Hold funds in multiple international payments at
accounts to collect currencies and convert high speed, most clearing
funds/revenue from currencies at market- within the same day.
overseas customers. leading FX rates.

Pdf_Folio:38

38 Digital Finance
 New products Payment gateway Borderless cards
(launched in 2020) Collect credit card Easily issue and manage
or e-wallet payments corporate cards for
(e.g. Wechat pay) from your team.
customers on your Pay domestic and
website. international bills, with 0%
international transaction fees.
Integrated expense
management
Auto-expense reconciliation
on employee corporate
card purchases into the
accounting software.

Source: CPA Australia 2021.

It is evident from table 1.2 that the new Airwallex Business Account would meet all of Bolt’s needs with
a single fully integrated solution. An integrated FinTech solution could deliver the following benefits.
• Improve cashflow. Using an integrated FinTech solution as both a business account and payment
gateway (for collecting card payments from customers), reduces the time business need to wait to
‘clear customer payments’. An integrated FinTech solution can clear this instantly as opposed to a
2–3 day waiting period, thus improving business cash flow.
• Simplify reconciliation process. Leveraging a corporate card solution that is integrated into a business
account and an expense management functionality further simplifies employee expense management,
without the need for third-party expense management applications.
• Easier access to credit. Access to cash flow is often a challenge for businesses, especially newer
businesses or start-ups. Using an integrated FinTech solution would help businesses consolidate
revenue and expense data into a single account to facilitate credit assessment.
Additionally, through an advanced user access management system, an integrated FinTech could allow
a business to provide restricted read-only access to external parties, such as lenders to assess suitability
for credit. Bolt will need to decide whether these types of benefits are more appealing than maintaining
its current FinTech mix, also considering switching costs and alternative end-to-end solutions on offer.
Source: Airwallex 2020.

.......................................................................................................................................................................................
CONSIDER THIS
How would you evaluate the relative merits of an all-in-one service, such as that provided by traditional financial
services providers, against a service constructed from components offered by FinTechs via API integration?

STRATEGIC ISSUES IN THE FINTECH SECTOR

There are two fundamentally different approaches evident in the FinTech sector.
1. FinTechs attacking existing business structures by delivering equivalent financial services through a
better experience using digital technologies to remove friction, reduce costs and increase revenue.
2. FinTechs creating new structures to serve the needs of the unserved and underserved, such as mobile
wallet or low-cost remittance services that have not been catered for by the conventional institutions.
Governments are not generally keen to support companies that focus on breaking bank monopolies, even
though the existence of these monopolies hinders innovation. For example, peer-to-peer lending in some
countries is only allowed to take place through a bank, but the banks don’t have to offer such a service or
collaborate with such a service — and as such a service would decimate their profit line, why would they?
On the other hand, governments do want to encourage innovation in financial services and providing
an environment in which FinTechs can experiment with new approaches is one way to do this. Hence,
some governments, including the Australian Government, are adjusting regulations to provide FinTechs
with flexibility, streamlined compliance obligations and a chance to prosper while maintaining sufficient
community protections and the stability of the overall finance system.
To date, banks have proven quite resilient to the disruptive forces brought by FinTech. They are
increasingly seeking to innovate with their own financial technologies or to collaborate with FinTech
providers. Many industry institutions, however, view the giant technology companies (BigTech) of today
such as Amazon, Google, Facebook and Apple with concern. FinTech‐related efforts such as Apple Pay
Pdf_Folio:39

MODULE 1 The Digital Finance Ecosystem 39

and Google Wallet are already evident and BigTech could potentially disrupt not only the traditional
institutions, but many FinTech company business models as well.

1.8 CURRENT USE OF FINTECH BY ACCOUNTING

AND FINANCE PROFESSIONALS
As automation takes over much of the routine work done by accountants, members of the profession
need to adapt to new roles. Some will become expert interpreters of quantitative business data, from both
accounting and non-accounting sources, while others will become expert advisors to businesses wanting
to incorporate FinTech into their operations.

FINTECH INNOVATIONS IN RETAIL

Digital transformation is changing the way people shop. As FinTech makes more products and services
available to the retail sector, retailers, both online and in stores, will need expert advice on how they can
safely and securely provide customers with the convenience FinTech offers. We will look at five ways in
which FinTech innovations are changing the retail experience.
Pay Later
The credit card sector is being disrupted by buy-now-pay-later services, such as Afterpay, which allow
customers to pay in instalments. Younger consumers and other consumers with no or poor credit history
will find buy-now-pay-later services are more accessible than credit cards so businesses wanting to sell to
that demographic need to be able to integrate it into their payment options.
Open Banking
Open banking gives customers the option to allow third-party access to their accounts. FinTech companies
can then develop and offer products using open banking APIs that access account details directly to evaluate
credit risk or generate better pricing of loan products.

Mobile Point-of-Sale
Handling physical cash creates many problems for small businesses operating through pop-up shops or
farmers’ markets. Being able to take card payments using mobile devices has made it easier for retailers to
take payment from any customer. All they need is an internet connection, a smartphone and a card reader.
As NFC becomes standard in smartphones even a card reader becomes unnecessary.
Cross-Border Payments
International payments remain a field where a cheap, standardised option is needed. Most payment systems
remain linked to domestic banks or credit cards where currency transactions come with fees attached. The
growth in mobile wallets varies a lot between countries, but with the growing acceptance of cryptocurrency
people are more likely to have some form of digital wallet app on their computer or smartphone. Once this
is combined with acceptance by retailers international shopping will change significantly.
Checkoutless Stores
Increased automation of the in-store experience is still in its early stages. For many Australians supermarket
self-checkout or petrol station pay-at-pump is all they have experienced. However, as Amazon-go stores
have demonstrated, it is possible to serve customers in otherwise conventional stores without any human
interaction. In the extreme example there are no registers, checkouts or queueing as the shopper scans an
app on the way in, selects their shopping and walks out with the purchase costs automatically calculated
and charged to the shopper’s account.
Lessons for Accountants
What can an accountant take from this? Should they be worried that technology may put them out of work,
or can they see opportunities? It is important to remember that there are some things computers do well
and some things they are less able to manage. Computers are good at repetitive routine tasks, and poor at
creative tasks — at least for now. To remain relevant the accounting profession needs to move away from
anything a computer can easily do and concentrate on adding value by doing what computers cannot. In
a sense any accountant worried about technology making them unemployed should concentrate on being
‘more human’.
Pdf_Folio:40

40 Digital Finance
 The changes FinTech is making to the retail sector are mainly to do with automation, processing and
data collection. Cashless payment services, open banking and general automation creates large volumes of
data. While technology is great at creating and recording data it still needs the human touch when the time
comes to analyse it with any degree of judgement. That is where accountants can continue to add value for
businesses.
Finally, accountants are well-established as key advisors to their clients. There is a strong opportunity to
use a digital mindset and digital literacy to help clients (and of course the accountant’s own organisation)
to understand and analyse the potential value of technology-driven innovations in their businesses.
Example 1.9 describes the use of asset tracking software to save costs, reduce environmental waste and
improve marketing team access to marketing assets.

EXAMPLE 1.9

Cost and Environmental Benefits from Asset Tracking by ouvar

Point-of-sale (POS) products are goods used to help sell other products. For example, special displays in
supermarkets are often used to give prominence to one brand over all the others just sitting on the shelf.
These present a unique set of problems for businesses, as, unlike normal products, they are not sold, so
what happens when the promotion is over? Should they be dismantled and moved into storage until they
are needed again, or should they just be thrown away?
Disposable products are certainly not desirable in modern society and add unwanted expenses so it is
beneficial for a business to be able to track the use of their POS inventory and ensure it can be reused.
An innovative software program, ouvar, was developed in Australia to manage POS inventory. It provides
marketing staff with a secure online platform where they can view, order, monitor and track POS items
from a mobile device.
When not in use, POS material will be stored at any convenient location: such as logistics warehouses,
factories, storage sheds or a sales representative’s car. These assets are important for day-to-day sales
promotions — it is important a business knows where their assets are located and the condition they
are in.
ouvar provides for:
• sales analytics — accurate data on the use of POS assets and store-by-store sales data enables
evaluation of the effectiveness of different POS assets
• asset tracking — putting businesses in a stronger position when valuing POS assets
• access to data — secure and controlled access to internal and external parties, enabling, for instance,
accountants to check data as part of providing audit and assurance services.

Many companies follow strategies similar to ouvar’s, building new functionality into existing technology
to serve niche markets or are content just to offer one or two tools. While that may limit growth it also
limits competition. Other, larger, providers put out a suite of connected products aiming at medium to large
clients needing tools they can use over different business divisions.
Digital technologies are changing how all businesses work, not just retail. While traditional accounting
compliance and financial forecasting is still important, much of the work involved is being automated. As
just as much of the data is now available in real time, the demand is for real time reporting and analysis
for effective decision making. The challenge for accountants is to use technology to find ways to do their
work faster and more effectively.
To add value to an organisation, an accountant should try to develop a digital mindset. This entails
constantly looking at how new technology can help a business automate and simplify processes, and look
for opportunities to create value for customers by adding useful features to products or through better
service delivery. FinTech is making a wide range of new tools available for accountants.
.......................................................................................................................................................................................
CONSIDER THIS
Automating processes, data collection and analytics should be part of an accountant’s everyday experience.
Are they?

Pdf_Folio:41

MODULE 1 The Digital Finance Ecosystem 41

 QUESTION 1.6

Provide analysis of potential reasons for digital implementation fails and lessons learned from
these failures. Read the following article before answering the question: www.cio.com/article/
3211485/why-it-projects-still-fail.html.

INNOVATION INCENTIVES IN THE FINANCIAL

SERVICES SECTOR
FinTech is driving disruption of the financial services sector. New business models are creating challenges
for regulators and market participants. We will now explore innovation incentives in financial services
and the key reasons for FinTech innovation, before highlighting some of the FinTech innovations in the
financial sector that are disrupting the wealth management value chain, developing new payments systems
and creating new financial markets.
Technology has numerous potential applications in most industries. A few elements of the financial
services industry make it a particularly attractive target for technology-based innovations. For example,
the business models of traditional financial institutions such as banks, insurance companies and wealth
managers are unique from one another but share common characteristics. These common characteristics
and the role that FinTech can play are explored below.

Profitability
The first common characteristic is profitability. Financial institutions have historically been profitable
and collectively form a highly profitable segment. Savvy technology entrepreneurs and venture capitalists
are recognising that these market conditions in other industries have historically enabled technology
companies to develop and prosper. On the other hand, participants in the financial sector are partnering
with FinTech companies to reduce inefficiencies in their operations to cut costs and improve profitability.

Basic Necessity
Another common characteristic of financial institutions is that the financial services they offer are a basic
necessity. While one can imagine a world where the delivery vehicle for companies that provide basic
financial services is different and largely digital, it is difficult to imagine a world without financial services
for payments, deposits, lending, borrowing and investing.

Regulation
Regulation is yet another common characteristic of financial institutions and that regulatory burden has
increased over time, particularly since the corporate collapses of the early 2000s and the global financial
crisis of 2008–09. This offers opportunities for technology solutions that can alleviate regulatory/compli-
ance issues. Heightened regulation also tends to limit a traditional financial institution’s ability to innovate,
which increases its need and desire for FinTech partners and solutions.

Legacy Systems with Hope of Innovation

Another challenge to innovation is that financial services is a mature industry and companies rely on a
number of legacy technology systems. Legacy technology systems are, in many cases, not enough to cope
in today’s environment. This has created an opening for new technology companies and applications within
the sector to develop. In order for financial institutions to survive and thrive in the future, different parties
(investors, traditional incumbents and entrepreneurs) must work together to modernise the traditional
legacy technology infrastructure.
Technology entrepreneurs often look for problems to solve. There are a number of problems related to
modernising the legacy systems of traditional financial institutions and reducing friction for services and
applications that customers are increasingly demanding.
Financial institutions are attempting to foster innovation either internally, through partnerships with
start-ups, by sponsoring corporate accelerators/incubators, or by strategic investments/acquisitions. While
these traditional financial services companies are increasingly looking to innovate, they are also consider-
ing how to innovate responsibly by managing potential risks and selectively determining how to incorporate
FinTech into their strategic plan.
Pdf_Folio:42

42 Digital Finance
Equity
A significant proportion of the global population is unbanked or underbanked and applying technology to
the financial services industry is viewed as one way to both expand and improve services to this significant
proportion of the population. For example, smart phones with banking apps have had a revolutionary
impact on small business in parts of Africa where fixed line phones and bank branches are rarely found.
Additionally, financial health and literacy are global issues and a number of FinTech innovations offer
opportunities to improve financial health and literacy around the world.

Evolving Preferences
Millennials are driving change in finance and other industries. Those financial institutions that are well
positioned for Millennials will likely outperform those that are not. Millennials tend to be more comfortable
using digital channels for financial services. As they acquire more financial assets, financial institutions
that can leverage FinTech to meet Millennials’ preferences will garner a tailwind for forward growth.
FinTech has risen on the shoulders of technology developments. The development of mobile computing
and communications helped lay the foundations for today’s FinTech environment. However, this is now
mature technology that has been around for more than a generation. As Millennials gained influence,
consumer preferences have shifted towards using technology as a first means of interacting with financial
service providers and other vendors. When COVID-19 resulted in widespread lockdowns in 2020 many
other consumers and businesses had no choice but to interact digitally.

1.9 INNOVATION THINKING IN FINTECH

This section explores how innovation is disrupting wealth management, payment systems and finan-
cial markets before looking at some emerging technologies, innovation roadblocks and innovation
opportunities.

WEALTH MANAGEMENT
FinTech is well-placed to revolutionise various aspects of the wealth management value chain. Some key
areas are summarised in figure 1.9 and described further below.

FIGURE 1.9 FinTech innovation targets

Go to market Onboarding Distribution

• Real time data • Automatic client risk • Roboadvice

• News and analytics profiling • Data analytics
• Product development • Paperless KYC • Automated risk
• Client communication • AML monitoring identification
• Performance monitoring

Source: CPA Australia 2021.

Typical go-to-market activities include providing real-time data, news and analytics, market intelligence,
product and service development, client communications and performance monitoring. FinTechs currently
deliver intuitive, technology-enabled multi-channel experiences. This is also an area where social media
insights increasingly play a role through analysing ‘what the market says’.
Client onboarding is often an area of frustration for customers, due to the high number of risk-related
questions and repeated conversations required to set up an account. New entrants are solving these issues by
using customer and behavioural data and gamification techniques to automatically identify the risk profile
of clients, the loss acceptance levels, and to capture information as part of new regulatory requirements.
Incumbents should keep up by exploring opportunities for cloud-based utilities to perform risk functions
such as KYC, AML and surveillance monitoring extremely cost-effectively.
In terms of delivery or distribution, smart algorithms have led to the emergence of robo-advice, which
could potentially address the advice gap as adoption scales. A key opportunity area for incumbent players
will be to use hybrid models and goal-based advice. These solutions use complex algorithms to support
life-stage planning, taking clients’ full-life situation (today and in the future) into account. There is a clear
Pdf_Folio:43

MODULE 1 The Digital Finance Ecosystem 43

opportunity for FinTech in the area of holistic and comprehensive financial advice delivery. Algorithm-
based propensity models and life-stage planning could outplay a significant portion of human-based
investment advice.
Ongoing relationship management includes customer life cycle management, relationship management
activities, performance reporting, education and coaching, and community management. This is an area
where human interaction is typically preferred. That said, wealth management clients typically also have
an appetite for digital and technology interactions. Some banks are trying to address this through offering
the opportunity to communicate with the bank using WhatsApp. Wealth managers need to consider how to
use each engagement option, what is appropriate and at which moments to use them across the customer
life cycle. Also, a lot of work has been done to improve the channel experience while staying compliant
with regulators’ requirements in terms of security and privacy.
The lower cost structures in FinTech wealth management allow cost-effective servicing of lower wealth
customers, creating more opportunities for them to build wealth. Consider the example of low-cost
online brokerage, where even with ‘low’ fees it has not been cost effective to invest less than $3000 to
$5000 in each transaction. Now new FinTech alternatives such as Sharesies in New Zealand are bringing
new investors to the share market. Sharesies offers a fully online paperless onboarding process to most
customers. KYC requirements are satisfied through supplying a valid New Zealand passport number and
linking to an existing bank account for deposits and withdrawals. As shares are held ‘in street name’ under
a trust account Sharesies can offer fractional shares and no minimum investment amount. The ability
to invest ‘spare change’ means many investors can get a taste for the share market without needing the
discipline to put together thousands for their first investment. Sharesies offers all the standard features
found with consumer FinTech offerings. Customer communications are supplemented by blogs, live chat
and videos. Webapps are available with interactive dashboards to monitor investments.

PAYMENTS
Payments is arguably the oldest area of FinTech innovation. It is a core part of traditional financial
services but innovations such as cryptocurrency may fundamentally change financial services. Recent
developments include mobile wallets (e.g. Venmo, Alipay, Paytm), mobile payments (e.g. Square, iZettle,
SumUp), online checkout (e.g. Stripe, Klarna, Adyen), digital currencies (e.g. Bitcoin, ether, zCash) and
payments infrastructure (e.g. Digital Asset Holdings, SETL, Ripple). Example 1.10 describes payments
FinTech developed by Airwallex, which has featured in earlier examples in this module.

EXAMPLE 1.10

Airwallex
Airwallex is an Australian/Hong Kong company specialising in providing more efficient foreign exchange
services to business clients. Their main product is based around the three related services of providing
foreign currency accounts, foreign exchange transactions and international payments. Airwallex’s value
proposition is based on reducing the complexity and cost of these services.
Airwallex has developed a virtual credit card optimised for multi-currency transactions. It enables a
business to create and issue staff members with virtual cards, set up for use in any currency, all linked back
to a single Airwallex account. The use of a single account simplifies accounting and the ability to create
new virtual cards on demand reduces administration. In addition, Airwallex provides greater security — a
user can create a single-use virtual card so that a vendor cannot go on to use the card details fraudulently.
Security is further enhanced by customisable transaction limits for each virtual card. Virtual cards can be
stored in digital wallets and the multi-currency feature helps control transaction fees. The Airwallex offering
also provides detailed and real-time data collection to support analysis of transactions.
So, what are the accounting implications?
• Pricing analytics. More accurate data on international transactions will help price future transactions.
• Forex balances. Companies will find it much easier to keep funds in foreign currencies for future use,
but increasing accounting forex exposure.

Pdf_Folio:44

44 Digital Finance
 QUESTION 1.7

Airwallex has developed Fintech solutions for businesses such as digital business banking and
virtual employee cards, foreign currency transfers and accounts. Airwallex also provides detailed
and real-time data collection to support analysis of transactions. How would the work of an
accountant be affected by these technology and support the organisation’s goal? Read the ‘The
Role of FinTech in Modernising Businesses’ article on the CPA Australia website before answering
the question. Search for the article in the search bar at www.cpaaustralia.com.au.

FINANCIAL MARKETS
Various FinTech innovations have been introduced to the financial markets. We discuss some of
these below.

P2P Lending
P2P lending (also known as marketplace lending) uses software to connect people and businesses who
have money, with people and businesses needing money, while mitigating risk through real-time credit
analytics. A number of approaches have been pursued, some of which are described in example 1.11.

EXAMPLE 1.11

P2P Lending Models

RateSetter (2020) is a platform where: the borrower sets up an account and requests a quote; the platform
performs a basic credit check and, within a few minutes, quotes a personalised interest rate; the borrower
fills out a more detailed loan application if they are happy with the quote; a final decision on the loan
is made within a few days; and approved loans are paid to the borrower the following business day.
RateSetter sources funds from personal investors. Those investors do not choose which loans to invest
in, but are allocated a portfolio of loans automatically.
MoneyPlace (2020) operates similarly to RateSetter, but sources its funds from institutions.
ThinCats (2020) provides SME lending through its platform’s connections to wholesale investors,
including high-net-worth professional investors and self-managed superannuation funds. ThinCats uses
an auction model to price loans — investors bid on loans at various interest rates and amounts. ThinCats
borrowers can borrow between $50 000 and $300 000 for periods between two and five years.
Marketlend (2020) operates similarly to ThinCats, but SMEs can borrow $100 000 to $10 million on the
Marketlend platform.
TruePillars (2020) allows investment by ordinary individuals and offers secured loans.
Bigstone (2020) concentrates on equipment loans rather than general purpose business lending.

.......................................................................................................................................................................................
CONSIDER THIS
Accounting and finance professionals advising SME clients or investors need to be aware of the opportunities
business finance P2P lenders provide, but also need to ensure they maintain a current awareness of variation in
offerings across this changing industry. If this role is part of your current or future work, how aware of the difference
options in P2P lending are you?

The main drivers of innovation in P2P lending have been regulation and a shift from personal to
institutional investment. In the United Kingdom, Zopa was originally regulated under fair trading law, not
financial law. Moving to formal financial regulation helps give the sector credibility. Financial regulation of
P2P lending also provides an interesting distinction between Australian and New Zealand law, as Australia
managed to find room in its existing regulatory structure for P2P lending to be introduced but this was not
possible in New Zealand. P2P lending has only been possible in New Zealand since the Financial Markets
Act 2013 replaced the much stricter Securities Act. The move away from personal lending to institutional
lending is also apparent in both Australia and New Zealand, with Harmoney, the highest profile New
Zealand P2P lender, shutting its website to new personal lenders in 2020.

Pdf_Folio:45

MODULE 1 The Digital Finance Ecosystem 45

 One area where there is room for change is for P2P lending to no longer be solely a primary market, but
to add a secondary market where existing loans can be traded. Marketlend has a ‘loan exchange’, while
ThinCats is working towards introducing this feature. However, as secondary markets require many unique
lenders to create liquidity the move towards institutional lending may mean only SME lenders provide this
investment option.

SME Finance
Innovations in SME finance enable investors to lend money directly to SMEs and start-ups, generating
a huge new flow of capital that would otherwise probably not exist. Two of the key innovations involve
invoice financing and crowdfunding.
Invoice Financing
Invoice financing often mixes the ideas of P2P lending with financial factoring. Factoring and discounting
has been used for years, but on the internet can grow from a small, relatively unknown, service to a standard
alternative for SME finance. Factoring and discounting are similar services that enable a small business
to be paid early for its outstanding invoices. In factoring, the company providing the finance collects the
invoice payment from the client and takes a commission for having paid the business early. For example,
if a business is owed $20 000 by a client who normally pays in sixty days, a factoring company will offer
the business $18 000 today and it, in turn, will get $20 000 sixty days later for a $2000, or 10 per cent,
commission. This is a form of peer-to-peer lending where the financing of all the outstanding invoices
comes from investors.
Although few local providers of invoice finance use the P2P model, some are making use of other
forms of FinTech to create new business opportunities. FundTap (FundTap 2020) is a New Zealand based
business offering invoice financing across Australia and New Zealand through an application linked to each
client’s cloud-based accounts. Online invoice financing works because the provider can access accounts
from a wide range of clients, giving companies like FundTap the ability to track payment patterns and use
analytics to quickly evaluate credit risk. This puts them in a strong position to accurately price the offer
for the SME client. The client retains the right to choose which invoices to borrow against. When each
invoice is paid FundTap will use a direct debit from the client’s account for repayment. Technically, online
invoice financing is closer to discounting than factoring as payments pass through the client’s accounts.
Online providers are able to provide finance for much lower value invoices than traditional providers as
their online model is less affected by economies of scale. Discounting smaller invoices also helps grow the
market by opening it to a wider range of SMEs, not just those with large receivables from trade customers.
The development of online invoice financing shows how a range of different developments can come
together to create FinTech innovation. We can see a possible starting point in the development of P2P
lending in the UK, where general lending to SMEs led to the innovation of specific invoice-linked lending
to SMEs. However, that form of P2P lending was not replicated in Australia or New Zealand. Instead
the local development of cloud accounting provider Xero created an incentive for linked application
development. Combining new business ideas in the UK with a cloud framework in New Zealand creates
new variants working for local businesses.
Product Crowdfunding and Crowdfunded Equity
Two crowdfunding models, project crowdfunding and crowd-sourced equity, provide new businesses with
an important source of funds. Project crowdfunding enables start-ups to obtain initial funding from their
potential customers through the pre-sale of goods or services. This provides an alternative to seeking bank
loans. The cost for a start-up to reach its target audience via marketing in the media can also be avoided
through the use of crowdfunding platforms such as Kickstarter, Indiegogo and Pozible.
Traditionally, banks have been reluctant to fund start-up SMEs because they have had no data to analyse,
to assess the risk and return of funding the SME. Project crowdfunding businesses overcome this, as the
funding of a crowdfunded business directly reflects the demand from the marketplace and customer. In
other words, the unknown data the bank is looking for — the demand for the product — is determined and
demonstrated upfront, before the business gets started.
Crowd-sourced equity, better known outside Australia as equity crowdfunding, takes this a step further
by allowing companies to sell shares directly to investors through the crowdfunding platform. Unlike initial
public offerings (IPOs) on the traditional share market, crowd-sourced equity offers are often directed at the
same potential customers a company would target in project crowdfunding. These offers are also exempt
from many of the standard IPO disclosure requirements, making the process far more accessible for small
companies needing to raise funds to grow.
Pdf_Folio:46

46 Digital Finance
 The growth of equity crowdfunding in New Zealand indicates the importance of network effects
in platform-based FinTechs. Although network effects in social media suggest a single platform will
dominate, it is possible for more platforms to succeed if they are sufficiently different to each other.
Example 1.12 describes the different approaches of the first two licenced equity crowdfunding platforms
in New Zealand, Snowball Effect and PledgeMe. Crowdfunding is discussed in more detail in module 2.

EXAMPLE 1.12

PledgeMe and SnowBall Effect

PledgeMe (2020) was one of the first licensed project crowdfunding platforms to emerge after New Zealand
legalised equity crowdfunding in 2014. In 2016, PledgeMe added a P2P lending licence to broaden its
product range. By the end of 2019 PledgeMe New Zealand had run 57 equity crowdfunding campaigns,
of which 37 were successful, raising over $25 million. PledgeMe has also used its own service, raising just
over $1 million through three separate campaigns to finance its growth. Following Australia’s adoption of
similar equity crowdfunding laws, PledgeMe Pty Ltd was established in Australia and gained the necessary
authorisation to operate there.
Network models are central to crowdfunding platforms. Companies using PledgeMe’s platform take
advantage of PledgeMe’s existing crowd as a source of potential investors. However, the relationship
works both ways as a client company’s existing crowd will come under PledgeMe’s influence at it
takes over marketing the share offer. Aspects of product innovation and brand innovation are also
evident in PledgeMe’s promotion of many social enterprises across project, equity and peer-to-peer
offerings. They have also backed the development of the Tā Koha platform, which supports Māori women
entrepreneurs. By becoming part of the social enterprise sector PledgeMe has become the go-to platform
for growing social enterprises. PledgeMe has taken network effects much further than other Australasian
crowdfunding platforms by offering project and equity crowdfunding as well as peer-to-peer lending. This
suite of complementary services is an example of product system innovation.
In contrast, Snowball Effect (2020) provides only equity crowdfunding and is very selective with its
clients, mainly choosing SMEs with established products over start-ups. This selectivity means they have
supported fewer companies than PledgeMe, but have a much higher success rate and have raised more
funds in total.
Both platforms survive as each has developed its niche market and has succeeded in that market.
Meanwhile four other New Zealand equity crowdfunding platforms have failed. Two failed after attracting
few client companies and not raising the minimum thresholds. Another failed after two successful
fundraising campaigns, and four unsuccessful campaigns plus the embarrassment of seeing one success-
ful client move to PledgeMe for its follow-up campaign. One platform, attempting to create its own niche
in property crowdfunding, failed before making its first investment offer. Four other platforms continue to
operate, but with very little business. With network effects, success brings more success, while failure
is often critical. The only platform, other than PledgeMe and Snowball Effect, to maintain a successful
record is Equitise, which also operates in Australia.

.......................................................................................................................................................................................
CONSIDER THIS
In what circumstances might you advise a business to consider crowdfunding to raise funds?

APIs, Cloud and Open Accounting

As described earlier in the module, new financial marketplaces operate in an ecosystem based around apps,
APIs and analytics, enabling many different businesses to participate and integrate into service offerings.
Cloud computing moves data and processing from in-house systems to highly connected external
services. This not only provides increased accessibility for a dataset’s owners, but also the potential
to provide third parties with controlled access to data. Cloud-accounting platform Xero’s marketplace
features dozens of third-party APIs able to add functionality and services for any business using Xero. For
example, a business using Xero that needs to improve its inventory management can search for a suitable
API service that can integrate purchases, inventory tracking and sales reporting directly into its accounting
system. Some providers offer products with broad application to a range of industries, while others offer
specialised features required in specific industries such as managing wine excise and wine equalisation
tax (WET).

Pdf_Folio:47

MODULE 1 The Digital Finance Ecosystem 47

 An underlying concept is the idea of open accounting (and ‘open banking’, discussed earlier) in which
data becomes a more valuable resource through permitted sharing with stakeholders. Open accounting
provides more detail than open banking due because accounting information is more comprehensive.
Open banking only measures cash transactions, but accounting also records non-cash transactions with
economic significance to the business. For example, consider a business dealing with cash flow difficulties
by delaying payments to ensure the cash balance remains positive. Banking records may still appear healthy
as there are few outflows and a positive cash balance, but accounting records will show something is not
right as payables increase.

Neobanking
Neobanking refers to the sector created by emerging bank start-ups. Neobanks vary considerably. For
example, the neobanks established in China — YESBANK and WeBank — are very different to those
in Europe and the United States. The Chinese neobanks grew out of commerce and chat services and
therefore have a different ethos and look to banks like Soon in France, from AXA Group. In Europe there
is considerable activity in the neobank sector, with new bank start-ups from bunq in the Netherlands,
CheBanca! in Italy, Lunar Way in Denmark and N26 in Germany. The United Kingdom probably leads the
market for neobanks, however, as there are around forty new bank start-ups. UK neobanks include Atom,
Fidor, Loot, Metro, Monese, Monzo, Starling, Tandem and Zopa. These banks fall into two categories:
full banking services with a bank licence (e.g. Atom and Starling) and bank front ends such as Loot. All
of these neobanks are competing on the basis of giving users a better digital experience than traditional
financial companies.
The ability of neobanks to enter the market depends on the support of regulators. Neobanking in
Australia is still in its early stages, but Australia has now legislated to provide a regulatory ‘sandbox’ to
enable FinTechs to develop new products or services without having to go through the full and expensive
licencing normally required in the financial sector. Qualifying Australian FinTechs can operate for up to
12 months and have up to 100 retail customers without the usual licences. This provides FinTechs with
an opportunity to develop, but also pressure to move quickly to qualify for and obtain a licence and bring
their products to market.
To gain insight into how this works, consider Singapore, where a lot of pressure to succeed in FinTech
arises from competition with Hong Kong to be the dominant financial market in Asia. During 2019 the
Monetary Authority of Singapore (MAS) announced it would issue up to five new digital banking licences
in 2020 (Faridi 2020). Singapore is a prime target for neobanks which tend to appeal to younger customers
who do not value branch networks as a convenience, but instead see physically visiting a bank as something
best avoided. Neobanks also provide mobile users with detailed account dashboards up front and advanced
risk evaluation behind the scenes. Again for younger customers without much credit history these are
valuable services. Singapore and neighbouring countries have predominantly young demographic profiles
which suit neobanks.
General economic changes also support the neobank model. By avoiding branch networks and legacy
systems, neobanks have lower costs structures than traditional banks, and this translates to lower fees and
higher interest rates for savers. Given near-zero interest rates the slightest saving in fees or increase in
returns makes a huge difference.

EMERGING FINTECH
An understanding of FinTech developments to date provides some basis to examine emergent technology.

Edge Computing
‘Edge’ computing is associated with the IoT — the interconnection of smart devices over the internet.
Current IoT systems are often highly centralised with data and processing concentrated in central servers.
Edge computing involves using cheaper new processors to move storage and processing to ‘the edge’,
that is, to the IoT devices that traditionally only create raw data. This approach is:
• more efficient, as less data needs to be sent between the device and central server
• more reliable, as it is less vulnerable to data loss should connections be lost
• faster, as less data is exchanged and data is processed as needed within the device.

Pdf_Folio:48

48 Digital Finance
 In addition, from an accounting perspective, edge computing may result in access to more detailed
data. For example, financial accountants may be able to access better data about asset use to evaluate
fair values; management accountants may find it provides relevant non-financial data for performance
evaluation; auditors will need to deal with data access issues.

Decentralised Finance
Perhaps edge computing will develop into something more challenging to traditional finance. Recent
developments in cryptocurrency and blockchain seek to incorporate the underlying distributed blockchain
structure into financial applications. This is known as decentralised finance (DeFi). DeFi is discussed in
more detail in module 2.

AI and Robo-advice
For many years now, digitisation, automation and AI have been expected by some to lead to computer-
based intelligence that will fundamentally change every aspect of society (Kurzweil 2005). Many small
changes have already occurred, not least in financial services and, in particular, in payments. Concerns
about jobs being lost to automation technologies have been somewhat balanced by new jobs created where
people can focus on higher value work.
FinTech innovators have drawn on automation and AI to provide new services, particularly low-cost
services. The financial services industry is transforming rapidly towards fee-only models and the use
of digital financial advisors. Automated investment services are being introduced as automated advice
systems (robo-advisors) become institutionalised.
FinTechs are experiencing pressure to counter the resurgent competition of incumbents. Some are
providing ‘Robo-as-a-Service’ platforms that enable businesses to access automated advice or automated
process technologies via a subscription rather than having to develop or purchase the technology. Others
are focusing on goal-based investing to achieve specific personalised investment outcomes for customers
rather than simply pursue the highest return. Platforms that can deliver personalised strategies enable a
way to compete on factors other than cost. Some FinTechs are focusing on smart compliance services.
These are discussed in module 5.

INNOVATION ROADBLOCKS
Many of the incentives for innovation covered in section 1.8 can also act to hinder future innovations.
For example, while regulations have been modified to enable FinTech innovation, regulators must remain
fundamentally concerned with protecting investors and the financial system as a whole. FinTech has not
made risks disappear. Indeed, the way FinTech has helped bring financial services to many of the world’s
unbanked or underbanked people means that the effect of future financial failures could be much broader
than in the past. Many FinTechs are limited to wholesale and professional investors, simply because they
cannot operate within the financial regulations designed to protect retail investors.
A lack of creativity can also be a roadblock to innovation. Despite all the discussion about FinTechs
creating a new financial system, to date most FinTech is a variation on a traditional finance model. Terms
like WealthTech, RegTech and InsureTech show how new technology is still rooted in old ideas.
Advanced analytics, AI and machine learning technologies often take place inside ‘black boxes’ — we
cannot review the algorithms they use — and they sometimes, for example, produce racist or sexist outputs
due to biases existing in the raw data. This is contrary to the usual careful documentation processes in
traditional finance and contrary to the expectations and needs of modern society.
Profitability and financial sustainability remain uncertain for many FinTechs. Margins are tight and
competition high. Although the majority of FinTechs are financed through venture capital and private
equity rather than public offers and IPOs, a major market correction would cause serious financial and
reputational damage to the industry and present an obstacle to further development.

INNOVATION OPPORTUNITIES
To finish on a more positive note, there are many current technologies still well short of reaching full
potential. Big data analytics, machine learning and AI all offer the possibility of automated yet personal
service. Blockchain, distributed ledger technology, stablecoins and DeFi possibilities are still just in the
early development stages.

Pdf_Folio:49

MODULE 1 The Digital Finance Ecosystem 49

 AirWallex CEO Jack Zhang believes a set of key skills and attitudes is required to successfully innovate
in FinTech. He suggests:
• keeping an open mind to how technology can resolve issues
• focusing time and effort on helping clients and customers to forward plan
• using technology to help clients or customers save time and costs and achieve efficiencies in running
their business.
Zhang advises:
There’s going to be a lot more interesting advisory roles to help your customers to improve [their] overall
business efficiency using FinTech.
I think the core skill to be able to strive in this industry is problem-solving. That — if you have a bit
of an engineering or science background, or you attend some sort of courses in this area — is going to be
very, very helpful. It’s not necessary that you have to be able to write code or be able to develop a website;
that’s not really what technology is. The core skillset we’re looking for is the ability to solve complicated
problems, and then using technology to deliver a better customer experience.
[It is] not necessary that you have to deliver it yourself; there’s engineers to help you to deliver these
product services with much better experience. It’s being able to… abstract a complicated problem into a
simple solution so that engineers can help you to implement it … problem-solving skill is the key to be
able to do well in this industry.

.......................................................................................................................................................................................
CONSIDER THIS
Knowledge of digital finance technologies, including automation, AI and analytics, and FinTech solutions are enablers.
How do you convert this enabling knowledge into solutions that help a business achieve its strategic goals?

SUMMARY
Numerous FinTech innovations have been developed by start-ups, BigTech and traditional institutions.
Some FinTech solutions are relatively comprehensive, while others are narrowly focused and intended to
provide a specific service or function within a digital ecosystem that is constructed by integrating multiple
‘building block’ components.
Accounting and finance professionals need to be aware of current and emerging FinTech technologies
and applications across various business functions and segments, including payments, wealth management
and financial markets. Knowledge of FinTech innovations enables the accounting and finance professional
to identify and evaluate them as potential solutions to business needs. This is the key step that links
knowledge and awareness to outcomes and will be the focus of the final part of this module.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

1.1 Evaluate the complexity of digital transformation and its impact on the work of accounting and
finance professionals to meet specific business needs.
• Accounting and finance professionals need to maintain a current knowledge of FinTech innovations
across multiple segments and how these innovations are being applied in business. This knowledge
enables evaluation of the potential of FinTech solutions to help meet specific business needs.
1.2 Analyse the complexity associated with the practical implementation of emerging technologies
and their impact on the finance ecosystem.
• FinTech solutions are often narrowly focused to address a specific niche requirement. This means
a digital finance ecosystem can be built by integrating components from multiple service providers
into a business’s own systems. A business can integrate these components using APIs, and
financial institutions and FinTechs can cooperate to provide services to customers or clients
through a single unified interface.
1.3 Support the adoption of digital technologies to achieve an organisation’s strategic goals.
• Knowledge of FinTech innovations enables evaluation of their potential role in the processes and
activities the organisation undertakes to achieve its strategic goals. This in turn facilitates adoption
of value-adding technologies into the business’s digital finance ecosystem.

Pdf_Folio:50

50 Digital Finance
PART D: DIGITAL TRANSFORMATION
Technologies and applications provide tools to more efficiently and effectively pursue an organisation’s
strategic goals, but digital transformation needs to be driven by the organisation’s people.
Every strategy in an organisation should be aligned with the overall organisational strategy. Digital
strategy is now often so fundamental to the organisation’s overall strategy that it not only aligns with
and supports it, but also serves as one of the major inputs to its development. Technology is often deeply
integrated into the ways an organisation creates and delivers value. As technology and its applications
evolve quickly, strategic management is embracing more flexible approaches.
In the modern business environment, an organisation is unlikely to remain successful against its com-
petitors if it fails to use technology and innovation to achieve efficiencies, respond to changing customer
or client needs and more effectively create value. This establishes an imperative to digitally transform the
business to achieve faster time to market, ongoing innovation, higher quality and operational efficiency.
Because digital technologies are deeply embedded into business processes, a digital transformation strategy
needs to be based on thorough evaluation of business needs and the appropriate technologies. A detailed
implementation plan also needs to be prepared and actioned.

1.10 ORGANISATIONAL STRATEGY

Canadian management researcher Henry Mintzberg described organisational strategy as ‘a pattern in
a stream of decisions’ (Mintzberg 1978). This decision-based concept of strategy has two important
implications. First, strategy is not necessarily apparent from analysis of any one decision. It must be viewed
in the context of multiple decisions and the consistency among the decisions. Second, the organisation must
be aware of alternatives in all of its decisions.
A strategy can be expressed in a formal document that identifies long-term goals and outlines how
resources will be used to accomplish them, but this document must be responsive, flexible and dynamic.
Formal strategy documents are useful in focusing attention on the competitive environment and indicating
how corporate objectives can be secured even as conditions alter. Of course, it is important to recognise that
new strategies and objectives may emerge as the environment changes in ways that could not be predicted.
Unfortunately, it is not always possible to accurately predict the future based on the past in a fast-changing
global economy. Organisations need to be prepared for a wide range of eventualities. Importantly, a strategy
provides the plan for allocating and using resources with consistent strategic intent — that is, with all
organisational energies directed towards a unifying and compelling target or goal (Hamel & Prahalad 1989).
In the context of globalisation, changing technologies and shifting social and economic needs, the ‘long-
term’ aspect of strategy is becoming ever shorter. As it does so, the challenges to strategists become even
greater. It used to be that companies could count on traditional ‘build-and-sell’ business models that put
them in control. In the early days of the car-making industry, for example, Henry Ford once said ‘Any
customer can have a car painted any colour that he wants, so long as it is black’. His firm, quite literally,
was in the driver’s seat.
Today the business environment has changed, and strategy is increasingly driven by customers and
flexibility. John M. Jordan, former director of e-commerce research for EY, said ‘Customers are calling
the shots, telling companies what they want, and companies have to respond to those desires or lose out’.
Stephen Haeckel, former director of strategic studies at IBM’s Advanced Business Institute, describes the
shift in approach this way: ‘It’s a difference between a bus, which follows a set route, and a taxi, which
goes where customers tell it to go’ (Stepanek 1999). A number of writers have identified broader waves of
change in the environment that force business strategists to restructure, and often reinvent, their corporate
strategies.
Organisations that digitally transform by integrating digital technology into all areas of their business
will be able to fundamentally change how they operate and deliver value to their customers. Organisations
that continually transform will be better placed to handle future disruptions. The pace of technological
innovation is so fierce that only digitally transformed businesses are likely to succeed in the future.

Pdf_Folio:51

MODULE 1 The Digital Finance Ecosystem 51

STRATEGIC MANAGEMENT PROCESSES
It is much easier to describe strategy than to actually devise and implement one. ‘Find out what customers
want, then develop or use the appropriate production or product technologies to deliver it to them at an
affordable price and with the best service’ is a simply stated idea, but in practice this task is complex
because of uncertainties and the unpredictability of the business environment.
Every strategist must remember that at the same time they are trying to create competitive advantage for
an organisation, competitors are always attempting to do the same. This gives rise to demands for strategies
that can be called ‘bold’, ‘aggressive’, ‘fast-moving’ and ‘innovative’. Strategies must be both well chosen
and well implemented.
Strategic management is the process of formulating and implementing strategies to accomplish long-
term goals and sustain competitive advantage. The essence of strategic management is:
• looking ahead
• understanding the environment and the organisation
• effectively positioning the organisation for competitive advantage in changing times.
Strategic managers and decision makers must think strategically as they try to position their organisa-
tions for contemporary markets. They must think strategically in deciding how to use new technologies to
maximum advantage. They must think strategically in analysing the conditions in the increasingly volatile
global economy, highlighted by the ‘global financial crisis induced’ economic downturn and the massive
disruption created by the global response to the COVID-19 pandemic. They must think strategically where
it really counts — in respect of what customers and clients really want.

STRATEGIC MANAGEMENT ENVIRONMENTS AND GOALS

Michael Porter, a business strategy academic and consultant, says that ‘sound strategy starts with having
the right goal’ (Hammond 2001). He argues that the ultimate goal for any business should be superior
profitability. This creates value for investors in the form of above-average returns, returns that exceed
what an investor could earn by investing in alternative opportunities of equivalent risk (Hitt, Ireland &
Hoskisson 1997). The nature of the competition within an organisation’s environment largely determines
whether above-average returns are achievable. An understanding of the organisation’s markets is crucial for
setting strategic management goals. Good economic analysis is therefore essential. Indeed, Michael Porter
has long recognised that the roots of the structural and market analysis within strategic management lie
within economics (Porter 1980).
An alternative view seeks to balance outcomes for a broader range of stakeholders, where financial
outcomes are sought alongside positive social and environmental outcomes.
The goals of an organisation inform the development of its strategy — indeed, the strategy is the plan for
how to achieve the goals. Strategic goals are often expressed in terms of specific financial and non-financial
objectives. They are used to drive decisions about how the organisation will allocate its resources.
Strategic objectives are often translated into numerous metrics or key performance indicators that can
be used to assess performance against the strategic goals. These tend to form the basis of management of
the organisation and serve to align actions throughout the organisation with its strategic objectives.
.......................................................................................................................................................................................
CONSIDER THIS
What are the strategic objectives of your organisation or a client’s organisation? How does your work support your
organisation or your clients to achieve their strategic objectives?

1.11 DIGITAL TRANSFORMATION STRATEGIES

The accomplishment of strategic objectives is significantly influenced by the organisation’s competitive
environment. As technology becomes increasingly pervasive throughout business, organisations need
to design and implement a digital transformation strategy to support business continuity and protect
productivity and functionality.
A digital transformation strategy must be designed and implemented in a way that enables technology
to play a viable, value-adding and sustainable role in a business. Like any strategy, digital transformation
strategies need to evolve with the organisation’s needs.
Pdf_Folio:52

52 Digital Finance
WHAT IS A DIGITAL TRANSFORMATION STRATEGY?
The appeal of new technology to entrepreneurs is in the way it can make previously unworkable business
models viable. Consider, for example, the possibilities created by 5G cellular services which make faster
data downloads possible. Video content can be downloaded and watched in real time, automated devices
can communicate and coordinate, augmented reality (AR) can better utilise cloud processing instead of
depending on the limited processing power of mobile devices (Brandon 2019).
Faced with these and similar possibilities it is tempting to start making immediate changes to try to
obtain an advantage. Every new technology over the next decade will have businesspeople looking for
ways to turn that technology into valuable change.
A formal digital transformation methodology is described in the next section, but the basic approach
is to:
• analyse the organisation’s needs within the context of organisational culture
• set suitable objectives
• understand and document risks
• run pilot programs and tests
• ask employees for feedback
• proceed with the implementation
• analyse the effectiveness of the implementation.
Within this approach, the business must avoid:
• the problems of embracing the technology too early (e.g. internal resistance to change, or a lack of
internal stakeholders with adequate training on the new technology)
• implementation plans that cause excessive disruption
• any plan that cannot identify, monitor and evaluate meaningful change within the organisation.
A digital transformation strategy will be effective when the organisation can match the technology with
its culture, risks and business objectives.
While technology strategy is an input to organisational strategy, it is critical to separate business goals
and processes from digital transformation goals. Remember, the aim is to improve the business not to
disrupt to the point where it no longer functions.
Some organisations create a digital roadmap to guide their transformation into an intelligent enterprise
by identifying which digital technology components are a perfect fit for their ecosystem.

DIGITAL TRANSFORMATION METHODOLOGY

Digital transformation involves strategic decision‐making capabilities, an innovation platform, technolog-
ical capabilities, organisational capabilities, project management and stakeholder engagement from the
enterprise. Organisations need to identify and prioritise digital opportunities and then plan to execute the
initiatives that will address the current needs.
Implementation phases that have been successfully used by multiple enterprises for their digital
transformation are represented in figure 1.10 and described below. Note that while we describe the steps
one by one, in practice the methodology is not linear — there is overlap and iteration between the different
stages to derive and implement the transformation strategy. Additionally, each organisation is unique and
the methodology may be adapted to the organisation’s specific needs and circumstances. In doing so,
however, it is crucial to avoid overlooking any of the issues presented here.

Opportunity Assessment
During the opportunity assessment phase, organisations need to identify business problems and objectives,
and then evaluate the potential for technology to solve those problems or contribute to achieving those
objectives. This requires a good understanding of the technologies and their applications. The opportunity
assessment should be consultative to gain insight into processes, challenges and ideas that exist throughout
the organisation. Example activities in this phase include:
• identify the organisation’s strategic objectives
• brainstorm innovation ideas as applicable within the organisation
• engage consultants to provide access to expertise and multiple perspectives
• identify potential technology and applications
• begin to evaluate the technology and applications, including their potential to add value to the
organisation and the risks and costs associated with them.
Pdf_Folio:53

MODULE 1 The Digital Finance Ecosystem 53

 FIGURE 1.10 Digital transformation methodology phases

Assess the opportunity

Create a vision of the future of the organisation

Mobilise stakeholders

Design the digital roadmap

Implement and test a prototype

Check stakeholder engagement

Transition

Ongoing evaluation and improvement

Source: CPA Australia 2021.

To‐Be Enterprise Model

A ‘to-be enterprise model’ refers to the use of a vision of what the organisation should look like and how it
should function in the future to guide current efforts. Organisations with a to-be enterprise architecture
(Kabai 2017) standardise and organise technology that aligns with business goals to support digital
transformation. These organisations create three-year roadmaps to ensure their business strategy meets
information technology-based innovation. Example activities in this phase include the following.
• Identify the new IT business model that would best support the digital transformation of the enterprise.
• Design the to‐be organisation structure and operating model for the enterprise.
• Design the transformation roadmap and seek validation from stakeholders.

Mobilisation
The mobilisation phase is a crucial step that helps the organisation align its strategy and goals to the
transformation strategies and obtain buy-in from stakeholders, in particular the workforce. The buy-in of
the workforce is crucial for the organisation as teams will need to engage with and learn new ways of
working with technology and technology-enabled processes. A lack of buy-in can create resistance which
can undermine the ability of the organisation to successfully transform (Wyer 2019). Example activities
in this phase include the following.
• Map the current business processes, operations and systems to the target structure.
• Consult with stakeholders and placing value on their input.
• Ensure two‐way communication channels are open between stakeholders and those designing the
transformation.
• Promote and demonstrate the value the digital transformation will create for the organisation and
stakeholders.

Design
The design phase (Wyer 2019) articulates the digital transformation goals into an executable plan for
implementing the change throughout the organisation. With a roadmap in place, resources, including
human resources, can begin to be mobilised towards achieving specific aspects of the plan.
Pdf_Folio:54

54 Digital Finance
 The plan will help ensure implementation remains aligned with the overall objectives of the transfor-
mation. Example activities in the design phase include the following.
• Create the implementation project plan.
• Create a detailed transformation roadmap for the development activities.

Test
The implementation of technologies, particularly those that are deeply integrated into systems and
processes, is complicated. Digital transformation is intended to re-shape the organisation and as such the
potential benefits, the risks and the costs are substantial. It is therefore prudent to evaluate and test the
design of the transformation when possible to do so. For example, a prototype of a new technology can be
tested for its integration with the organisation’s other technologies and/or systems. Those who will use or
interact with the new technology should be involved to ensure they have the skills to use it and to check
that it functions as intended. For example, if a manual data entry process is to be automated, test data can
be run through the system and the results can be checked to ensure the system works effectively, that the
data is managed in accordance with organisational policies and that processes are in place to deal with
‘exceptions’ that the technology cannot handle.
Example activities in the test phase include the following.
• Plan to continuously improve the prototype and its implementation.
• Test the technology.
• Test the integration of the technology with other systems.
• Test user acceptance.

Customer Engagement
Customer engagement can be very beneficial for technologies that affect customer experience. For
example, implementing a cloud accounting platform that can integrate with client accounting records will
proceed much more smoothly and is more likely to achieve its intended outcomes if customers are involved
in the design and implementation. Customer engagement allows digital transformation to be driven from
the outside-in by engaging with customers to seek input into product design and improve customer
experiences. Ideally, a customer-centric ecosystem should be based on dynamic market conditions and
the customer journey. Example activities in customer engagement include the following.
• Understand customer needs and priorities.
• Test the product or service with customers, including integration with their systems if applicable.
• Seek and evaluate feedback for improvements.
• Address customer concerns.

Transition
The transition phase sees the launch of the technologies and their full integration into the organisation’s
ecosystem of technologies, tools and processes. Example activities in this phase include the following.
• Transitioning responsibility for the ongoing use of the technology to the business team or shared service
team, depending on the enterprise organisation structure.
• Launching the technology for the transformation.
• Reinforcing objectives and performance measures.

Ongoing Evaluation and Improvement

Finally, it is rare to be able to plan and implement complex technologies and systems perfectly. Once
in use, the technologies and applications should be monitored to assess their effectiveness in supporting
business objectives. This monitoring process will identify any problems with the implementation of the
solution and identify areas for further improvement. Importantly, technology is advancing rapidly and
there is a constant stream of innovations that may be used to improve the organisation’s systems. A well-
planned and implemented digital transformation will allow for the integration of new innovations as they
are developed or become available.

DIGITAL TRANSFORMATION IN ACTION

By applying a comprehensive transformation methodology, organisations can leverage technology into
valuable change with a viable, sustainable impact on their business. Until recently, most of the world’s
most successful enterprises were long-established business that innovated and grew over many decades
by industrialising the practices and policies that made them successful. The Network Age, however, is
Pdf_Folio:55

MODULE 1 The Digital Finance Ecosystem 55

characterised by new competitors and business disruptors and many of today’s most successful businesses
are technology-based organisations that have used technology to transform industries and achieve rapid
growth. Agility and adaptation to new technology are critical for business to survive. Often, the very
systems, policies and practices that have enabled past success stories can inhibit that agility. Digital
transformation within an enterprise is not easy — it requires changes to practices, policies, technology
architectures, talent and organisational culture. Examples 1.13 and 1.14 explore digital transformation
in action.

EXAMPLE 1.13

An Industrial IoT Platform as a Business Solution

A global manufacturer and distributor of machines for processing wood wanted to:
• improve operational efficiencies
• reduce costs
• open up new revenue streams such as machine usage analysis and production process optimisation
services.
It saw an opportunity to do this by implementing connected asset management technologies across
its industrial machinery. An industrial IoT solution was envisaged. It would deliver new capabilities to the
business’s customers and build robust new services for its machinery aftermarket.
Approach
The business designed an industrial IoT operating model, business case, solution and roadmap of the
program.
The pilot solution was first implemented across eight machines at one of the business’s customers.
Pilot services included preventive maintenance alerts, machine management and manufacturing events
analysis. Sensors and devices on the machines produced in‐depth analytics for display on user‐friendly
dashboards using data visualisation on mobile devices.
Results
The pilot program helped the enterprise improve customer service and loyalty, reduce warranty and
maintenance costs, and obtain real‐time customer data and alerts.
The enterprise now has the ability to use performance and usage insights from the field to improve
product development and add features that would be beneficial to the customer.
The predictive maintenance and in‐depth analytics helped to improve the productivity of the machines
and customer satisfaction, as it reduced machine outages significantly.
Conclusion — IoT Solutions
IoT offers great potential for companies to grow by penetrating new markets and offering new products and
services or modifying their existing products to make them smarter to meet the new consumer demand.
Executives recognise the importance of IoT and its impact on building an intelligent enterprise but face
challenges in allocating adequate budgets to cover the entire spectrum of IoT and make investments —
in the analytics to act upon the data collected by the devices, in the technology platforms to store and
analyse the data, in the security and controls of the IoT ecosystem, and in the development of in‐house
skills to manage all aspects of the IoT solution and architecture.
In order to facilitate this journey, the enterprise should initiate a small pilot project with a compelling use
case, which could be just one small production line or just one of the products in the portfolio, and analyse
the results and benefits derived from this transformation. As the data is generated in real time, within a
matter of a few weeks or months the enterprise will be able to create a business case and strategy for
implementing IoT within its operating environment. This will be one of the steps in the digital transformation
and building an intelligent enterprise that can strive, thrive and survive.

EXAMPLE 1.14

Transformation to the Cloud

One of the world’s leading pharmaceutical conglomerates had a complex legacy environment with multiple
operating systems in physical and virtual servers across 400 data centres globally.
Due to the highly complex structure of the enterprise, a wide variety of server and application
management standards were created over time. Manual server provisioning and deprovisioning through
various IT management systems and groups for approvals could take up to six weeks. The architecture of

Pdf_Folio:56

56 Digital Finance
 the organisation prevented the IT team from quickly serving its business unit customers. Application and
server extension over time had become a significant negative impact on the IT operation’s bottom line.
A cloud platform was identified as a potential way to transform the organisation by removing its
dependence on unintegrated legacy systems.
Approach
The enterprise deployed an industry-leading design for a data centre with network virtualisation. A data
centre environment fully automated by software was set up in North America, Europe and the Asia–Pacific
regions. During the transformation period, more than 850 servers a month were migrated to the cloud.
An agile transformation strategy (including DevOps — the integration of software development and IT
operations) was implemented incrementally and iteratively over multiple sprints, leveraging kanban and
scrum methods for tracking and predicting program outcomes in an optimised sequence.
The build time for servers was reduced from 6 weeks to 90 minutes, and was able to integrate
compliance and regulatory requirements, performance monitoring, predictive analysis and enhanced
security.
Results
The business achieved savings in excess of USD200 million in the IT operations from this transformation
of infrastructure and services to the cloud.
To suit the organisation’s individual needs, 50–60 per cent of workloads were migrated to an
on‐premises private cloud while 20–30 per cent of workloads were migrated to a virtual public cloud
solution. The use of legacy infrastructure was reduced to less than 20 per cent of workloads, which itself
resulted in more than USD110 million in savings.
The new data centre operating model resulted in 25 per cent labour savings.
Conclusion — Cloud-Based Solutions
The pace at which businesses are being disrupted, along with the changing demands and expectations
of customers, are forcing enterprises to challenge their existing business and operational models and
leverage cloud‐based solutions across various functions within the enterprises to streamline and scale
operations and stimulate ideas for new products and services.
Cloud computing is now a matured platform for the enterprise to devise a strategy to move to the cloud
and benefit from the explosion of cloud opportunities available, whether it is a single cloud application or
a complete enterprise transformation.
The journey to the cloud involves setting the cloud strategy, identifying the right solution for the appli-
cation portfolio, and restructuring the infrastructure by adjusting the applications within the ecosystem to
take advantage of what the cloud can deliver.

.......................................................................................................................................................................................
CONSIDER THIS
How would a digitally transformed ‘to-be’ enterprise architecture for your organisation or client’s organisation differ
from its current business model?

VALUE DRIVERS
A value driver is anything that can be done to increase value. For example, from the business’s perspective
a value driver would improve profitability, promote growth, reduce risk or contribute to some other
outcome that aligns with the organisation’s strategic objectives. Value drivers from a customer perspective
are anything that improves the value of a product or service relative to a competitor’s product or service.

Creating Value through Digital Transformation

There are various digital transformation activities that an organisation can undertake to achieve a
competitive advantage. Let’s explore some digital transformation methodologies that businesses use to
drive improved performance.
Operational Efficiency
Operational efficiency reduces operational and research and development expenses. Common methodolo-
gies include:
• adopting agile practices that flexibly and efficiently respond to business needs
• prioritising on the basis of business value
• automating operational processes
• monitoring output per resource.
Pdf_Folio:57

MODULE 1 The Digital Finance Ecosystem 57

Time to Market
Decreasing time to market helps businesses achieve incremental sales growth by reducing the time to launch
their products to market, creating a competitive advantage. To reduce its time to market, a business can:
• adopt an agile project implementation methodology to create an accelerated and predictable develop-
ment lifecycle
• implement standardised processes for better team cohesion and planning.
Product Innovation
Innovation helps the enterprise achieve incremental sales by improving and adding products to the
portfolio. Product innovation is a key driver of sales growth, which can be achieved by:
• drawing a visionary product roadmap
• transforming the role of the product owner
• responding to new requirements and feedback to improve customer satisfaction
• establishing a culture that values innovation
• enhancing alignment across teams
• improving forecast accuracy and timeline planning for future innovations.
Quality
Improved quality in products and deliverables helps the enterprise achieve incremental sales, leading
to higher customer satisfaction, fewer rejection rates and repeat purchases. Businesses can transform
quality through:
• establishing standardised guidelines for processes
• driving a culture of self-quality management
• reducing timelines to minimise waste
• automating testing to reduce human errors.
.......................................................................................................................................................................................
CONSIDER THIS
The initial years of digital finance involved applying technology to create efficiencies in back-office processes. While
creating efficiencies is still a key aim, digital finance initiatives now often focus on transforming business models to
create new product and service opportunities and enhance the customer experience (Gomber, Koch & Siering 2017).
Where does your organisation or client fit into this view of digital finance?

1.12 HOW DIGITAL TRANSFORMATION STRATEGY

CAN HELP ACHIEVE AN ORGANISATION’S GOALS
Organisational goals should drive every aspect of digital transformation — from how an organisation
delivers customer value, to how management and employees leverage technology to drive performance
and productivity. Successful digital transformation strategies align culture, people and digital tools with
an organisation’s goals. Ideally, digital transformation should help organisations achieve agility, flexibility
and efficiency in operations while maintaining a customer focus.
In this final section, we apply what we have learned throughout this module specifically to the role of
accounting and finance professionals. We will review some of the benefits of digital transformation, the
obstacles to successful innovation and the role of accounting and finance professionals in both a digital
transformation strategy and the digitally transformed profession.

BENEFITS OF DIGITAL TRANSFORMATION

A digital transformation should be approached with a focus on the organisation’s strategic goals.
The core role of the finance function is to evaluate performance, screen and allocate capital, monitor the
use of that capital, and facilitate transactions and risk management. The better these tasks are performed
the more likely an organisation can grow sustainably. Digital transformation improves these vital services
by providing more up-to-date or real-time data, more sophisticated analysis and reporting, and more trust
in the information provided.
Innovations in technology, risk transfer, and credit and equity generation should increase the material
wellbeing of economic players. Innovation can help individuals and businesses to attain economic goals
more efficiently, providing new possibilities for mutually advantageous exchanges of goods and services.
Efficiency in financial services lowers the cost of capital and facilitates better investment decisions.
Pdf_Folio:58

58 Digital Finance
 The general benefits of digital transformation to business span improved resource management,
employee empowerment, better customer insights, easier globalisation, better internal collaboration and
transparency, as well as helping develop a generally agile and innovative culture.
Digital transformation of the corporate accounting function moves restricted access, centralised record-
keeping to an open, decentralised model with real-time data access. Managing accounts receivable and
invoices is traditionally labour-intensive due to the need to keep records as complete, accurate and up-to-
date as possible. Automated systems not only save processing time, but improve analysis of credit risk,
thus reducing bad debts, and can predict which accounts are likely to be problematic and highlight them
for early intervention. Likewise, better accounts payable management can help a business maximise early
payment discounts and benefit from strong vendor relations.
In audit, there is likely to be continued digitisation as distancing and technology change the way the
work is performed. Provided an organisation’s data is in a suitable, machine-readable form, the benefits
are more than simply better access. Digitalisation of audit processes will help increase security by allowing
a digital trail of when and by whom each file was accessed. Digitisation also has the potential to evolve
auditing from sampling accounts to automated checking of every transaction undertaken.

WHY MOST COMPANIES STRUGGLE TO INNOVATE

To achieve their goals, organisations require the right resources and capabilities, including the right talent.
New ideas and initiatives depend on the people within the organisation. Innovation is not simply about
optimising profit margins, but about finding new ways to create more value. Most companies find it difficult
to innovate.
The technology is available for the enterprise to adopt and enable new insights, new innovations, and
new ways to interact within and beyond the business; however, innovating is not always straightforward.
The top ten reasons most companies have difficulty innovating are listed in figure 1.11.

FIGURE 1.11 Top 10 obstacles to innovation

1. Public relation value versus real results. Often organisations exhibit ‘innovation theatre’ or ‘innovation
optics’ to make it look like they are adopting an innovation mindset and practices, when in reality they
are not internalising or acting on it.
2. Hampered by heritage. There is simply too much legacy infrastructure to be able to adapt and change.
3. No real sense of urgency. Established and successful businesses often fail to perceive a sense of
urgency to change. In the case of banks, for example, what usually drives them is not customers or even
emerging FinTechs, but regulators. This promotes the view that unless it is mandated, why bother?
4. Cannibalisation of existing revenue streams. Some digital innovations pose a threat to existing
revenue streams. Many organisations and their stakeholders resist innovations that risk or harm
established revenue. Often, this means organisations focus on short-term results rather than longer-
term sustainable performance.
5. A lack of experienced innovators. The hierarchical nature of many businesses tends to act to eradicate
innovation before it can be acted on. This prevents an innovation culture from being established and
extinguishes the motivation for employees to drive innovation from within.
6. A culture clash. Many companies have a culture that emphasises risk minimisation, which directly
conflicts with the pursuit of change. In such a culture, once there is emerging resistance to change,
that resistance tends to be quickly adopted throughout the organisation.
7. A lack of ownership and sponsorship. The leaders of organisations attribute their success to past
approaches and their knowledge of the organisation and industry. They often resist engaging with
the perceived risks of technology that they do not understand. A lack of support at the top of the
organisation makes it almost impossible to pursue innovation.
8. ‘Compartmentalised’ innovation. Innovation takes place around the periphery in departmental com-
partments but is never internalised across the enterprise. This undermines the value technology-
enabled innovations can deliver through deep integration.
9. Governance. Regulatory requirements are, by their nature, built around the current and past state
of an industry. They tend to constrain innovation and thus discourage organisations from exploring
different ways of conducting their business.
10. Who else is doing this? While some organisations base their strategy on differentiation, many
organisations prefer to adopt and maintain industry-wide approaches. In essence, ‘If no one else
is doing it, then we’re not either’.
Source: CPA Australia 2021.

Pdf_Folio:59

MODULE 1 The Digital Finance Ecosystem 59

 From organisations prioritising innovation optics over value-adding transformation, to a fear of canni-
balising existing revenue streams, to an unwillingness to lead the pack, figure 1.11 has identified reasons
companies encounter difficulty innovating. Rather than focus all of their efforts on overcoming these
specific barriers, digital transformation leaders instead focus on creating a company-wide ‘vision for
digital’, improving collaboration across functions and developing the ability to experiment quickly with
digital technologies.

QUESTION 1.8

Outline the main obstacles to avoid in a digital transformation strategy.

THE ROLE OF ACCOUNTING AND FINANCE PROFESSIONALS

IN DIGITAL TRANSFORMATION
Successful innovation depends on three things. First is the innovation itself. Second is alignment between
the innovation and the organisation’s strategic needs. Third is the human element in developing and
executing the digital transformation, including transforming the roles professionals play. Example 1.15
explores ANZ’s process to prepare for digital transformation with a focus on the role of internal audit in
assessing plans against identified key success factors.

EXAMPLE 1.15

Internal Audit’s Role in ANZ’s Digital Transformation

ANZ has recognised the pressures on the financial services industry arising from FinTech innovations and
increasing demand from customers for personalised and convenient experiences.
ANZ developed a goal to drive its digital transformation: to deliver excellent digital experience for retail,
commercial and institutional customers, accelerating their ability to get on top of their money and business.
ANZ’s digital transformation plan encompasses digital projects, banking services, data analytics,
innovation and strategic partnerships, brand proposition and a human-centred design.
Internal audit was involved in the transformation to collaborate with the digital transformation business
stakeholders and ensure that the risk management and governance of transformation projects are robust.
For example, internal audit conducted a baseline review of ANZx, which is one of the largest transformation
projects ANZ has undertaken. The project’s scope is to re-imagine the customer experience and reinvent
the Australian business to enable ANZ to better meet evolving customer expectations, simplify products
and processes, ensure integrity and efficiency, and leverage modern technology.
The review is different to the traditional internal audit review which provides assurance on the design
and operational effectiveness of controls. It is also not a strategic review of the project. The objective
of the review that internal audit performed was to assess the program against specific key success
factors agreed with management and critical for the success of any large transformation program. The
assessments and insights from the review provided valuable input to the transformation team and helped
the objective team plan to execute the transformation.
A second role of internal audit in the transformation was to build an internal data analytics team,
recognising that data mining and data analytics are crucial in the context of big data. The aim was
to improve risk assessment to provide a deeper business understanding to assist in audit intelligence.
The methodology expanded the audit approach from one based on testing sample data to testing the
full dataset. This enables high-risk patterns to be identified earlier during the end-to-end testing. Data
analytics also helped to provide extra insight to audit issues identified over the course of the year.
This in turn helped identify the common root causes and helped with the preparation of audit’s annual
thematic paper.

Getting Started
The digitisation process may begin by taking an inventory of core use cases relevant to the business and
determining where each digital technology could support an operational objective. The potential value
gained from digitisation of a finance process and the feasibility of doing so should be assessed. Unit leaders
should be engaged to identify and explore the key problems in existing processes, such as slow reporting
Pdf_Folio:60

60 Digital Finance
and incomplete data. Finally, a full systematic review of technology capabilities should be undertaken to
define system requirements and investments.
It is important to have a clear vision of the target state for a digital finance function, and that this is aligned
to the company’s overall business strategy. In addition, chief financial officers (CFOs) need to ensure that
digitisation and transformation adheres to strong cybersecurity standards (Choi, Kaplan & Lung 2017).

The CFO
The high-profile digital transformation or innovation stories that get media attention tend to be about
customer-facing processes improving customer engagement. These are often driven by chief marketing
officers and chief digital officers, but what of the CFO? The finance function is central to organisational
change as it allocates resources. Accounting and finance must take the lead in using digital technologies
and make the most of its resources. Digital technology can enable the CFO to help build competitiveness.
Finance has traditionally been a specialist and isolated function within business. Accountants focused
on recording transactions correctly, ensuring that suitable controls were in place and external reporting
existed for compliance. Controls focused on specific business units with plans, budget and profitability
reports. However, in a networked and collaborative world, finance needs to work closely with all other
company functions to solve problems and explore solutions. Recent developments in digital enterprise
technologies can help the CFO transform the finance function. In the following section we will outline
some of the ways the CFO can become involved in digital transformation.
Access to Data
Fast changing and volatile business environments require fast access to the latest data that can be used
for forward planning. Accounting and finance professionals need a single source of truth — data collected
from multiple, possibly inconsistent sources, need to reconcile. Real-time data at the finest granularity level
also allows analysts to run simulations and predictive analytics and explore multiple options. Automatically
reconciled and compliant data platforms help finance departments do a ‘soft close’ anytime.
Involvement in Day-to-Day Operations
In high-performing organisations CFOs are increasingly involved in operations, providing insight to
business units and using agreed metrics to hold them accountable for results, not simply tracking
transactions. The CEO can focus on evolving strategy and communicating with stakeholders, but the line
between CFOs and chief operating officers (COOs) is blurring to the point where the CFO performs some
functions normally assumed by the COO.
The old accounting work of recording, classifying and summarising financial data has transferred to
machines. Where accountants are needed is providing expert interpretation of financial data in analytics.
Interpretation involves an interpersonal capability, nuance and qualitative judgement that remains outside
the ability of machines. Interpretation is where the finance function can best deliver the value to the
organisation.
An Understanding of Data Interpretation
Accounting and finance professionals cannot assume that data interpretation will necessarily become their
role in a digitalised future; they need to prove they deserve the role by showing how they can use it to
create value. That will be difficult if the finance unit is not making full use of digital transformation itself.
To provide valuable operational advice, the finance function’s operating model must maximise its own
efficiency and agility.
Combining Soft Skills with Technological Solutions
Soft skills are becoming more important as routine work is automated. Communication, collaboration and
teamwork skills dominate in senior management. Successful businesses will use evolutionary business
models, constantly embracing new technologies and adapting to the changing business environment. AI
may suggest a solution, but people with influence and communication skills are required to make it real.

The Management Accountant

Every business decision affects the financial statements. A management accountant’s role in advising
strategy, operations and technology decisions means they have a key say in the decisions influencing the
entire value of the organisation.
The traditional role of the accountant, reporting short-term financials, is not sufficient in a world of
disruptive technology — and it will be barely required as technology automates traditional accounting
work. Organisations need people who can enhance the financial analysis by incorporating external factors
Pdf_Folio:61

MODULE 1 The Digital Finance Ecosystem 61

like geopolitical risks and emerging regulatory frameworks. The management accountant is the existing
role with the best match to the new job requirements and therefore it is the role most likely to expand in
scope to fill this need.
Specifically:
• Management accountants are analysts who can determine what numbers mean for the company. They
can answer management’s standard questions, but also deliver new insights through analytics and
visualisation. Insights could be about the supply chain, costs, innovation or consumer behaviour. As
they know what data is needed to run the organisation, they know what data digital transformation
must produce.
• Management accountants use budgeting and forecasting to help senior managers make the best financial
and business decisions, playing a central role in forming and executing long-term strategy. They combine
technical accounting depth with business operations breadth.
• Management accountants must be able to manage and lead digital transformation teams successfully.
Many management accountants are experienced team leaders. For successful digital transformation
they need to develop strategies and execute detailed plans across multiple departments and divisions
of an organisation.
Any organisation that fails to recognise the value of management accountants or recruit the right
talent for the role will face a skills gap. Organisations need financially literate professionals who can
not only report the numbers, but also create a narrative around the data to shift ideas and move the
organisation forward.

The Financial Accountant

Financial accountants have much to gain from process automation and real-time reporting. For example,
using online data and natural language processing allows AI-based accounting systems to automatically
classify transactions or check manual classifications. To promote the digital transformation process,
financial accountants should use their natural tendency to collect data, and gather as much information as
possible about available tools to show key decision makers what can be achieved in a digital transformation.
Relevant accounting areas where digital transformation is having an effect include: automated invoice
management systems, supplier vetting and onboarding, paperless procurement practices through the
analysis of unstructured data, automated expense management, and digital or distance audits.
Key changes, other than procurement and technology implementation, for the financial accountant are
similar to those needed from the management accountant. All corporate accountants need to become more
involved in the operational side of business, working closely with managers to learn what insights they
require from the accounting function. All accountants will also need to ensure they learn any new skills
required as they move from reporting to analysing and interpreting financial information. It will also help
to become literate with the common IT-focused approaches to finding solutions, such as agile approaches
and design thinking where solutions are found through gradual, iterative, processes instead of trying to put
together a complete solution all at once.

General Employees and Digital Transformation

Digital transformation cannot be achieved by imposing new technologies on employees and expecting them
to find ways of making things work. Leaders need to listen to employees for insight on which changes are
needed and encourage a culture of continuous improvement, then empower employees to learn to manage
the details and make sure the day-to-day digital experience works. Employees who are given freedom and
space to realise their potential can make an extraordinary difference to organisations.
While organisational strategy is the focus of digital transformation, often purpose is more important to
employees. An organisation needs purpose because it gives its people a sense of meaning and inspiration.
Most people do not come to work for strategy. Purpose and meaningful work drive the behaviours
and values of most employees. Leaders at all levels in the organisation need to translate and simplify
complex messages related to an organisational and digital transformation strategy into something relevant
to employees’ jobs. Organisations must provide training and support to develop employees’ skills and
capabilities to allow them to do things they need to do and try new things.
As digital transformation and automation takes away traditional transactional jobs, organisations need
to change the role of finance. As finance becomes more integrated with operational aspects of a business,
CFOs need to develop staff for both finance positions and roles elsewhere in the organisation. Creating
horizontal opportunities for accounting and finance professionals is possible in shared service hubs
where employees qualified for accounting and finance roles can explore other roles for professional and
Pdf_Folio:62

62 Digital Finance
 career development. This will help ensure as many stakeholders as possible are prepared to contribute to
transformation at the fast pace required by the modern digital world.
.......................................................................................................................................................................................
CONSIDER THIS
If ‘organisations need to change the role of finance’, how will this be done? Who will create this change? What is your
responsibility in this context?

QUESTION 1.9

Compare and contrast the roles taken by the CFO and the management accountant in
implementing digital transformation.

QUESTION 1.10

Identify the changing roles of accounting and finance professionals in supporting digital
transformation in their organisation. Read the following article before answering the question:
www.genpact.com/downloadable-content/insight/leap-on-new-f-and-a-priorities-and-
expectations.pdf.

KEEPING PACE IN A FAST-MOVING WORLD

If enterprises want to outpace the disruption that is ongoing in the entire world, they need to equip
themselves with technology that will help them adapt to the change quickly.
Digital transformation involves using new technologies to drive significant improvements in all business
segments. This includes being able to capitalise on new opportunities and effectively transform existing
businesses with enabling technologies. A digitally transformed enterprise can promptly cater to changing
customer demands and use technology to achieve business outcomes and create value.
A digitally transformed enterprise is able to continuously leverage the exponential power of digital tech-
nology to drive new levels of operational efficiency, innovate new products and services, build new sources
of growth and revenue models, be agile in the workplace, and provide personalised customer experience.
Typical barriers to digital transformation include complex business processes, highly customised
solutions, stringent policies and practices, business units working in silos within the enterprise, lack of
proper infrastructure, the gap in skill sets, and multiple and disparate architectures in the ecosystem. To
overcome these and other barriers, the digital transformation needs to be driven by the organisation’s
people working in alignment with the business strategy, with technology staff providing the requisite
support. Figure 1.12 outlines key questions the organisation needs to address before it embarks on a
transformation program.

FIGURE 1.12 Key questions for the enterprise before proceeding with transformation

• How shall we adapt to new digital trends?

• How shall we identify new opportunities and business scenarios?
• How shall we get started?
• How shall we attract new talent from the market?
• How shall we incorporate change management?
• How shall we convince the stakeholders to approve the idea?
• How shall we internally fund and govern digital transformation projects?
• How shall we help the employees and business partners get connected through digital means?
Source: CPA Australia 2021.

Pdf_Folio:63

MODULE 1 The Digital Finance Ecosystem 63

 Below, we will discuss some of the changing technologies that should be monitored to ensure the
organisation’s keeps pace.

Cloud Computing, Big Data and Analytics

As a bare minimum most enterprises need a cloud computing platform to run a successful digital
transformation, as the cloud provides a scalable, flexible, elastic, easily accessible and cost‐efficient
platform to run the business. Without the cloud layer, the enterprise would not be able to achieve the
required automation and orchestration for the next layer, known as the data layer, that comprises big data
and analytics.
Data from the internal ecosystem and the external environment is streamed into the enterprise’s database.
This data needs to be transformed into essential business insights so that it can be used in the business to
make informed and smart decisions. In order to get the information, the user needs to access it through the
devices layer.

Internet of Things
Technology has given people the flexibility to use mobile smart devices from almost any location, and this
is further enhanced by wearable devices such as smart watches, smart tags, and smart glasses with AR. To
connect these devices and collect the data they generate, the enterprise needs the network layer supported
by IoT.
Through sensors and other devices, this layer creates a vibrant marketplace by connecting employees,
partners, suppliers, vendors, customers and the general public with the enterprise’s business processes. It
supports internal and external collaboration that can optimise business processes and create new business
opportunities.

METHODS AND PRACTICES

The following methods and practices are central in a digitally transformed organisation:
• design thinking — an iterative approach to defining problems and creating solutions
• agile — an incremental approach to developing solutions, instead of trying to create a complete solution
all at once
• development and IT operations (DevOps) — practices combining software development with IT
operations to shorten development times
• lean practices — a process for quickly developing solutions while minimising waste and achieving
high quality
• quality engineering — management, operation and maintenance of high-quality systems
• automation — creating technology for monitoring and controlling systems
• behavioural development — incorporating behavioural science and psychology into solution design
• data‐driven innovation — deriving new solutions from AI and machine learning based analytics.

TECHNOLOGIES AND ARCHITECTURES

An organisation will usually adopt a selection of the following technologies and architectures to execute
its digital transformation. Many of these are explored in the later modules.
• Robotic process automation • Analytics
• IoT • Natural language processing
• Artificial intelligence • Deep learning
• Machine learning • Microservices/APIs
• Blockchain • User interface
• Big data • SaaS, IaaS, PaaS
• Cloud computing • Enterprise resource planning systems
• Virtual reality • Cybersecurity
• AR • 3D printing
• Wearables • Identity management

Pdf_Folio:64

64 Digital Finance
FINANCIAL INNOVATION IN ORGANISATIONS — LOCKING IN
THE BENEFITS
To digitally transform, an organisation needs to evaluate all the emerging technologies against industry
trends, business relevance, technical feasibility and the overall ecosystem. The enterprise should then
identify and prioritise those emerging technologies. Those that have the highest priority and biggest impact
should be implemented as soon as possible. Those that have broad application should be on the horizon to
be implemented in the next one to three years (short-term deployment). Those that should be considered as
part of the enterprise’s long‐term technology strategy and roadmap should be prioritised to be implemented
in the next three to five years. Figure 1.13 sets out a rough timeframe for technology deployment, though
this should be adapted to the organisation’s individual circumstances. Some of these technologies will be
familiar. Many of them will be discussed in more detail in following modules.

FIGURE 1.13 Technology deployment timeframes

Immediate deployment Short-term deployment Long‐term deployment

• AI • Predictive analytics • Activity streams

• IoT • Machine learning • Behavioural analytics
• Robotic process automation • Identity management • API orchestration
• Chatbots • Blockchain • Bioinformatics
• Cloud computing • Industrial robots
• Big data analytics • Connected home
• Smart sensors • Edge computing
• Cybersecurity • Fraud detection
• Agile development • Natural language processing
• Industry-specific APls
• 3D printing
• Simulation modelling
• Design thinking
• User experience

Source: CPA Australia 2021.

EXAMPLE 1.16

Digital Transformation at Evergreen Markets

When Cameron O’Dell was headhunted to take the role of chief information officer (CIO), he was given
a clear mandate to lead the digital transformation of Evergreen Markets. Working hard over the past five
months, he has just presented a comprehensive plan to modernise the company.
Members of the executive had each taken part in developing the plans, but only the chief executive
officer (CEO) had been exposed to the full blueprint. The executive team had not anticipated the extent of
the changes now being proposed. As chief financial officer (CFO), Sara Wong had a better idea than most
as she had been involved in ensuring the proposal was financially viable before it was shared with the
board and her colleagues. Yet, seeing the whole project set out before them, she was concerned about
the size and audacity of the proposal.
Evergreen Markets had been in business for over 50 years, growing from a single store in suburban
Brisbane to a national chain of more than 400 supermarkets. It was ranked third in the highly competitive
supermarket industry. The proposal for digital transformation had the potential, should it work, to
modernise the business and position it to change supermarket retailing in Australia.
The CIO was proposing a comprehensive modernisation of Evergreen Markets’ systems that would,
over time, cover all interactions with customers, suppliers and other stakeholders. From a technological
perspective, the proposed changes were based on a combination of cloud data storage and computing,
extensive use of IoT devices in-store and through the supply chain, and ultra-fast 5G data transfers,
ensuring data was available and being used where, when and how it could add the most value.

Pdf_Folio:65

MODULE 1 The Digital Finance Ecosystem 65

 The modernisation program would create an integrated digital ecosystem, enabling access to real-
time data, and generate superior analytical insights for management. Specifically, the technology would
be used to improve inventory management and stock tracking, interactive technology for customer
engagement, and ultimately cashier-less checkouts.
Improvements to inventory management would initially include: (a) in-store stock tracking to ensure
local staff would know which shelves need restocking and (b) store-by-store tracking linked to an AI-
based automatic re-ordering system to move stock around the company’s store network and order new
stock from suppliers. Once that part of the system was operating effectively, the second phase of the
digital integration of inventory management would introduce automatic order-filling through the use of
warehouse robotics to sort online orders and re-stock retail outlets.
Interactive technology would be used to improve in-store engagement with customers. Old-fashioned
paper price tags on shelves would be replaced with five-cm-high digital displays running the full length
of the shelf. Hidden behind the displays, IoT devices would scan each customer’s electronic signature
to identify them, and then present customised advertising and special offers alongside pricing and basic
nutritional information. Customers could also scan QR codes to download detailed nutritional information,
access recipes matching their purchases, or receive discount ‘eCoupons’ for complementary products.
Despite the extensive use of technology supporting this system, it was hoped that these changes would
help personalise the shopping experience.
Finally, Evergreen Markets planned to extend the interactive technology to support cashier-less
checkouts. Cashier-less checkouts had been proven feasible by Amazon-go stores, which used extensive
scanning and sensors. Evergreen would use a slightly different design, allowing shoppers to scan
purchases directly into their smartphones while shopping, so they simply pay at an automated checkout
upon exit instead of having to scan all the items again. This function would be available to any customers
who downloaded the required app, which was an extension of the existing app used for promotions and
customer loyalty rewards.
Given the reach of this digital transformation plan, senior management were concerned it would
fundamentally change the nature of the business and employees would need to adapt to a very different
work environment. CFO Sara Wong decided to hold a meeting to discuss the changes with her direct
reports and assess how well they were developing a digital mindset. During the meeting she asked, ‘If we
apply the “Ten Types of Innovation” model to the proposed digital transformation . . . how many types of
innovation can we identify here?’
Christos, the company treasurer, jumped in quickly. ‘Looking at the first four innovations, the configu-
ration ones, I think we have at least three of the four covered. There are certainly network, structure and
process innovations. Network innovations are in the increased connections between our suppliers and
us, and the value we will get from extra data flow in the supply chain. Robotic automation at the checkout
and in the warehouse are structure innovations. For process innovations, we will have a much leaner
inventory management system — by using technology to make better predictions of sales, we will need
less stock on hand, and this will also help with reducing waste from expired products. It is the potential
for profit-model innovations I am not sure about. I mean, at the heart of everything we are running a chain
of supermarkets. It is a low-margin, high-volume business, and that doesn’t really change with all this
technology.’
Internal auditor Sakae had been listening carefully, nodding her head at first, but she started tapping
her pen on the desk when Christos spoke about profit-model innovations, which everyone in the group
knew was her way of letting them know she had something to say. ‘I agree on most of this, but I also think
there are profit-model innovations. Look at how these changes will encourage greater bundling of goods.
We are changing from simply selling a mixed bunch of ingredients to selling a full recipe package.’
As she had the others’ attention, Sakae continued to discuss the offering innovations. ‘We could also
see those changes as product-performance innovations, but I’m not sure as it all depends on how we see
our products. Do we keep to a traditional view of our products as the goods we sell or are we transitioning
to become a completely different type of business? I read about other companies’ digital transformations
and it is common for them to say how their value comes from the data generated, not selling goods and
services. I am concerned that we do not lose sight of the underlying reality that we make money from
selling groceries.’
Christos spoke up. ‘I agree that we need to keep an eye on where our profits come from. I think we can
also say that improving our supply chain changes the product in that we minimise the risk of stock-out.
Our products add the feature of always being available when shoppers want them.’
Sakae nodded and began to speak again. ‘There are certainly experience innovations for our customers:
the app, automatic checkout and faster online shopping. But where are the benefits? We hope customers
buy more. We hope to cut staffing costs and allow longer shopping hours. There is also a risk that these
innovations make shopping too impersonal and push regular customers away.’
Sara, sensing this part of the discussion needed to wrap up, decided to move the discussion on. ‘What
about the Digital Finance Cube model?’

Pdf_Folio:66

66 Digital Finance
 Christos responded first, ‘Pretty much everything I have seen in this proposal concentrates on digital
finance technologies, and that is just one side of the cube. If Evergreen accepts the project, we really
should think about where the other sides fit in. We will need to arrange financing —should we use traditional
sources of funds or should we extend the digital transformation to use digital finance business functions,
which are viable here? That will also help determine how we deal with the third dimension — are we going
to work with traditional financial institutions or look to the new digital financial service providers?’
At first no one responded. Then Sara spoke up. ‘Well, that is a big question. I think we all need to spend
some time reflecting on these issues before we come back and weigh up the possible answers.’
If work had seemed to move quickly for CIO Cameron O’Dell while preparing the digital transformation
strategy, that was nothing compared to the following months. Since the proposal was adopted, a
seemingly endless stream of meetings has converted the blueprints into detailed plans for implementing
Evergreen Market’s digital transformation.
Cameron had noticed that along with the complexity of planning the implementation, he had also
started to face some resistance and pushback, as people within the business started to realise that their
comfortable and familiar lives were about to be disrupted — and they started to worry about job security.
Cameron also had some influential supporters. One of the biggest, CFO Sara Wong, was encouraging
him to be even more ambitious, so the benefits could be realised as soon as possible. In particular,
Cameron was under pressure to get the in-store technology and mobile phone app up and running across
all stores as soon as possible. Strangely, Sara was also proving to be Cameron’s biggest critic, raising
numerous concerns about the implementation, and forcing Cameron to question every aspect of the
plan. Sara said that it was part of her role to ensure all reasonable scenarios had been considered and
to examine every possible risk to the business and its profits. Cameron suspected that Sara just liked
playing Devil’s Advocate and making him second-guess himself.
When Sara discussed the project with Cameron, she was likely to raise all kinds of risk-management
issues and identify potential problems. Mostly these had an accounting focus, and sometimes looked-
into the details of the technology, but when it came to raising questions Sara almost seemed proud of
identifying issues outside either Cameron’s or Sara’s fields of expertise. For example, Sara was very
concerned about both the legal and ethical implications of customers’ privacy needs. A major reason
for her concern was the use of 5G and IoT. 5G’s speed of data transfer meant a lot more data could be
stolen before the business had a chance to respond to a successful cyber-attack. IoT would open many
more gateways or attack surfaces a hacker could exploit to access the data.
Cameron was impressed by Sara’s work. She did not sound like Cameron’s idea of a traditional accoun-
tant when she started asking about staffing and training. She had clearly seen that the transformation was
not just about the technology. Employee interaction with the new systems would be just as important
as the hardware and applications. Given the scale of the technological change, organisational change
management would be required to change company culture across all team members. When Cameron
raised this with Sara, she just brushed it off lightly, saying that it was all part of her training to consider all
of a project’s costs and benefits, which was more what Cameron expected an accountant would say.
A more mundane question needing serious consideration was whether the company should outsource
its cloud or build its own proprietary server farm. While outsourcing was common practice, Cameron
was aware of Australian companies having problems when offshore cloud services failed to provide full
technical support during Australian business hours. Given the importance of minimising system downtime
to the success of the transformation plan, Cameron was very tempted to push for Evergreen to take on
the capital cost of setting up private servers in each state. Sara agreed that keeping servers private and
distributed across the country would aid security and improve latency statistics, but she was wary of the
added cost.
Sara had also been pushing Cameron to incorporate digital finance business functions into the plan;
something she would refer to as part of the Digital Finance Cube. This had always been on his mind as
part of the bigger picture, part of a longer term plan where the current project was just the first step, but he
had not incorporated it into the initial plan as he thought it would make it too big for the board of directors
to accept. There was room to incorporate digital trade finance into the program where suppliers were
already set up with the required technology. He was willing to allow a wider range of digital payments and
limited use of digital money from customers. However, he was wary of being too much of a market leader
in these developments and being stuck with expensive but worthless technology should the market end
up adopting a different standard.
Cameron’s background had included time in two start-up companies. Although he was tempted to
approach this project as a start-up —given the amount of change he often thought of this creating a
whole new company — he knew the organisational culture would not allow that to happen. One idea he
particularly did not want to import from the start-up environment was ‘failing fast’. In a business as large
and traditional as Evergreen Markets any failure would affect hundreds of staff, thousands of customers
and would simply be too damaging to brush off and walk away from.

Pdf_Folio:67

MODULE 1 The Digital Finance Ecosystem 67

 Avoiding failure, either fast or slow, was on Cameron’s mind when Sara asked him about the speed of
rolling out the new technology. She even asked whether it would be possible to launch the new hardware
and systems in all stores at the same time. This really had Cameron wondering if Sara was testing him.
Either way, he saw that as too risky. He was not prepared to ignore standard development approaches,
such as agile, where they could start small but with a design they could scale up quickly should the test
run show the technology was viable.
Eventually they had all the pieces in place, ready to test. Cameron’s plan was for an initial test run in
Tasmania, where Evergreen Markets had only four stores, two in Hobart and one each in Launceston and
Devonport. As this was one of their smaller markets, it would be easier to control any problems. It also
provided a large enough market to test some of the network aspects in linking data across the four stores
and their new data centre. As he reached for the computer keyboard to activate the first full system trial,
Cameron sensed the last year flash before his eyes, too fast to review properly — he was relieved he did
not notice any possible problems, and he hit Enter.
CFO Sara and company treasurer Christos had just returned from a meeting with Evergreen’s banker,
and although Christos thought the meeting had gone well, he could tell that Sara was not completely
happy. He broke the silence by asking her what she thought of the meeting. Sara replied, ‘Well I am not
really thinking of the meeting itself, but whether we are allowing ourselves to slip back into the comfort of
traditional thinking. I’m trying to re-frame that meeting with a digital mindset and think about what could
be different.’
Christos could see the opportunity. Despite all the changes taking place around Evergreen Markets, his
own position was not really any different. He had been thinking about ways he could use the changes to
enhance his position. ‘Well, yes, this is us dealing with the smallest side of the Digital Finance Cube and
wondering if there is more here than is first apparent. It looks like a simple choice between using traditional
financial services providers and new FinTech companies. Except our traditional bankers are quite happy
to lend the funds we need to finance the transformation project, and Cameron is not pushing for huge
changes in accepting digital money or payments, so there does not seem to be much need to make a
decision about digital finance institutions. However, we did not get to where we are by taking the easy
answer, we need to think a bit more about this.’
‘Go on’, said Sara.
‘When I look at the FinTech industry there are concepts I see us bringing into Evergreen: networks,
distribution models, decentralised approaches to business. We always had a network of stores, but now
we are making the network more formal and connected. We are still in the early days, but in time I think
we will see our inventory management and online sales systems combine into a new distribution model
for groceries. I would not be surprised if we end up running our stores 24/7 with most of the day set aside
for in-store shopping and the late nights set aside for filling online orders, or maybe we end up running
some stores for online order fulfilment only.’
‘Setting up our own servers in each state is a classic decentralised approach. This is great for risk
management and keeping physical backups apart, but it may also affect senior management thinking —
if the data is distributed perhaps the decision makers should also be distributed.’
‘All this is nothing compared to how far we could take things if we wanted to. Look at those FinTech
companies; what they are missing is the physical infrastructure we have. There is nothing unusual
in companies like ours acting as distributors of financial products, but now the range of products is
exploding, so perhaps this represents a growing opportunity. Instead of looking at the institutional side of
the Digital Finance Cube for institutions as financial providers, what if we looked at the new FinTechs for
possible partnerships?’
A few weeks later Sara found herself talking to internal auditor Sakae about the company’s identity
and core strategy again. Sara liked talking to Sakae. There was something in the different way she saw
things and talked about business that Sara found enriching. Remembering the points Sakae had made
about the company’s value drivers, Sara wanted to revisit the issue and how the transformation program
fit with the company’s identity and strategic focus. ‘So, Sakae, I would like to know what you think now.
Is our strategy just to grow the business and sell more groceries, or is it to undertake a more fundamental
change, through the digital transformation, into a supplier of services such as a shopping experience or
a new way of buying groceries?’
Sakae did not take long to respond; she had obviously spent some time thinking over the issue. ‘We are
still a retailer. If this project works as well as is planned then we will become a very data-rich, well-informed
and efficient retailer . . . but still a retailer. Sometimes I like to think that this will move us from being a
supermarket to a ‘super’ market.’
‘But we cannot forget that our core business is in an oligopolistic industry. We are a significant player in
that industry, but we are not the market leader. Just like all other oligopolies, every large company keeps
a close eye on the competition, which makes it difficult to develop a sustainable competitive advantage
as the competition will just copy any good ideas you have.’

Pdf_Folio:68

68 Digital Finance
 ‘When I look at the competition, I have to worry that all this work and expense will bring no net change
to our market share. There is nothing in the transformation program that is not being picked up and
duplicated (in many cases it is just a rough copy using more basic technology) by our competitors.
‘Despite that, our early gains in customers and market share might be sustainable, at least for now. The
key difference seemed to be the way Evergreen Markets integrated all the changes and made sure they
worked together and complemented each other. Our competitors only saw a part of what Evergreen was
doing. By failing to address the holistic nature of the digital transformation our competitors have let us
develop a sustainable competitive advantage.’

.......................................................................................................................................................................................
CONSIDER THIS
Evergreen Markets attributes much of its recent success to the holistic nature of its digital transformation —
and it is considering going further by distributing financial products offered by FinTechs. It believes it may have
established a sustainable competitive advantage. Evaluate the pros and cons of taking such an all-encompassing
approach to digital transformation. Would you have done the same? Why/Why not? Which stakeholders do you think
have benefited from Evergreen’s transformation and how? Do you agree Evergreen has a sustainable competitive
advantage?

SUMMARY
Digital transformation needs to be driven by the organisation’s people and align with the goals detailed in
the organisation’s overall strategy. The pace of change in technology and customer expectations creates
an imperative to adopt technologies to achieve efficiencies and improve the value of the organisation’s
products and services.
A digital transformation strategy should be based on an evaluation of how available technologies can be
used to meet business needs. A detailed implementation plan needs to be prepared and actioned.
Accounting and finance professionals have specific roles to play in planning and implementing digital
transformation. Their work will be heavily impacted by digital technologies, especially automation,
analytics and AI technologies. It is therefore important accounting and finance professionals engage with
digital transformation to ensure it achieves its intended outcomes for the organisation and enables future
accounting and finance work to be effective and efficient and thus create value for the organisation.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

1.1 Evaluate the complexity of digital transformation and its impact on the work of accounting and
finance professionals to meet specific business needs.
• The digital transformation of accounting and finance is affected by numerous technologies. The
main ones are automation, analytics and AI which individually and in combination will re-shape the
work the profession does and how it creates value for businesses.
• Accounting and finance professionals need to engage with digital transformation to ensure it is well
planned and implemented, achieves the intended outcomes and results in effective solutions for
the accounting and finance team and the organisation more broadly.
1.2 Analyse the complexity associated with the practical implementation of emerging technologies
and their impact on the finance ecosystem.
• A digital transformation implementation methodology should be used to design and execute the
digital transformation. Ongoing monitoring and evaluation are required to ensure the expected
outcomes and continuous improvement are achieved.
1.3 Support the adoption of digital technologies to achieve an organisation’s strategic goals.
• Rapid changes in technology and the business landscape have created an imperative for organisa-
tions to digitally transform. While many factors work against innovation in organisations, accounting
and finance professionals should evaluate the potential of technologies and drive or support
adoption of those that will add value to the organisation.

Pdf_Folio:69

MODULE 1 The Digital Finance Ecosystem 69

REVIEW
This module has explored the emergence of the data-enabled Network Age, which has created an
imperative for organisations to digitally transform using technologies such as automation, analytics and
AI. The integration of these technologies into the processes and systems of an organisation, including,
to varying extents, the organisation’s interactions with external parties in the digital ecosystem, will
substantially change how businesses operate.
As technology takes over the transaction-based processing and data handling traditionally performed
by accounting and finance professionals, their role in business will change to dealing with more complex
issues that require human judgement.
While digital transformation can seem threatening and most organisations have to deal with numerous
obstacles to its success, the accounting and finance professional has an obligation to their organisation,
clients, the profession and themselves to:
• adopt a digital mindset and build their digital literacy — understand new technologies and be able to
evaluate their potential to solve business needs and contribute to strategic goals
• understand how the finance function and the organisation or their clients fit into an integrated digital
ecosystem in which value is often created through interactions
• build a working knowledge of the current and emerging applications of specific finance and related
technologies in business
• support the digital transformation of finance and business more broadly
• prepare for a transformed future in which accounting and finance takes on a more strategic focus.
The rest of the modules in this study guide will explore how the specific technologies most relevant to
accounting and finance are being developed and used, equipping you to meet these expectations.

REFERENCES
A4AI 2019, ‘2019 Affordability report’, A4AI, October, accessed June, https://a4ai.org/affordability-report/.
Agrawal, A, Dinneen, B & Seth I 2016, ‘Are today’s CFOs ready for tomorrow’s demands on finance?’, McKinsey, 9 December,
accessed June 2020, https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/are-todays-cfos-
ready-for-tomorrows-demands-on-finance.
Airwallex 2020, ‘Crockd, how an Aussie side hustle accelerated into a global brand’, Airwallex blog, 7 September, accessed April
2021, www.airwallex.com/blog/crockd-customer-story.
Alves, C, Oliveira, J & Jansen, S 2017, ‘Software ecosystems governance: a systematic literature review and research agenda’,
International Conference on Enterprise Information Systems (ICEIS), Conference Paper, January, accessed June 2020,
https://www.researchgate.net/publication/316284388_Software_Ecosystems_Governance_A_Systematic_Literature_Review_
and_Research_Agenda.
Apple 2020, ‘Apple Pay’, accessed June 2020, https://www.apple.com/apple-pay/.
Bersin, J 2016, ‘Digital leadership is not an optional part of being a CEO’, Harvard Business Review, 1 December, accessed
June 2020, https://hbr.org/2016/12/digital-leadership-is-not-an-optional-part-of-being-a-ceo.
Blystone, D 2020, ‘Search engines that compete with Google’, Investopedia, 5 February, accessed June 2020, https://www.
investopedia.com/articles/investing/071515/search-engines-compete-google.asp.
Bock, R, Iansiti, M & Lakhani, R 2017, ‘What the companies on the right side of the digital business divide have in common’,
31 January, accessed June 2020, https://hbr.org/2017/01/what-the-companies-on-the-right-side-of-the-digital-business-divide-ha
ve-in-common.
Brandon, J 2019, ‘What is a digital transformation strategy?’ TechRadar, 13 November, https://www.techradar.com/news/what-is-a
-digital-transformation-strategy.
Cerwall, P, Jonsson, P & Carson, S (eds) 2020, ‘Ericsson mobility report’, June, accessed June 2020, https://www.ericsson.com/en/
mobility-report/reports.
Choi, J, Kaplan, J & Lung, H 2017, ‘A framework for improving cybersecurity discussions within organisations’, November,
McKinsey.com.
Courbe, J 2016, ‘Financial services technology 2020 and beyond: embracing disruption’, PwC, accessed April 2021, www.pwc.
com/gx/en/financial-services/assets/pdf/technology2020-and-beyond.pdf.
Crowdcube 2020, ‘BrewDog Equity for Punks V’, accessed June 2020, https://www.crowdcube.com/companies/brewdog-plc-1/
pitches/bk2BkZ.
Currencycloud 2020, accessed June 2020, https://www.currencycloud.com/.
Dastin, J & Baertlein, L 2020, ‘Amazon pauses sellers loan repayments amid coronavirus’, Reuters, 26 March, accessed
June 2020, https://www.reuters.com/article/us-health-coronavirus-amazon-exclusive-idUSKBN21C3GM.
DE-CIX 2021, ‘GAIA-X: a dynamic and secure way to cloud and edges: working together to build a new generation digital
ecosystem’, accessed April 2021, https://www.de-cix.net/en/about-de-cix/research-and-development/gaia-x.
Deloitte 2019, ‘Moving to the future with finance’, accessed February 2021, https://www2.deloitte.com/content/dam/Deloitte/us/
Documents/finance-transformation/us-moving-to-the-future-with-finance.pdf.
Pdf_Folio:70

70 Digital Finance
Detrixhe, J 2020, ‘Apple Pay is on pace to account for 10% of all global card transactions’, Quartz, 12 February, accessed
June 2020, https://qz.com/1799912/apple-pay-on-pace-to-account-for-10-percent-of-global-card-transactions/.
Dignan, L 2019, ‘Apple’s next big innovation: becoming a bank via Apple Card’, Tech Republic, 25 March, accessed June 2020,
https://www.techrepublic.com/article/apples-next-big-innovation-becoming-a-bank-via-apple-card/.
Faridi, O 2020, ‘Fintech arrival bank is applying for a full service digital banking license in Singapore’, Crowdfund Insider,
8 March, accessed June 2020, https://www.crowdfundinsider.com/2020/03/158452-fintech-arival-bank-is-applying-for-a-full-
service-digital-banking-license-in-singapore/.
FDIC 2017, ‘FDIC national survey of unbanked and underbanked households’, accessed June 2020, https://www.fdic.gov/
householdsurvey/.
Finder 2020, ‘eToro launches zero brokerage share trading in Australia’, accessed June 2020, https://www.finder.com.au/etoro-
launches-zero-brokerage-share-trading.
Fong, C, Huang, J, Robinson, K & Ungerman, K 2019, ‘Prime day and the broad reach of Amazon’s ecosystem’, 2 August,
accessed June 2020, https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights/prime-day-and-the-
broad-reach-of-amazons-ecosystem.
FundTap 2020, accessed June 2020 https://fundtap.co.nz/.
Gomber, P, Koch, J & Siering, M 2017, ‘Digital finance and FinTech: current research and future research directions’, Working
Paper (January 2017) Forthcoming in the Journal of Business Economics, vol. 87, pp. 537–580; doi:10.1007/s11573-017-
0852-x, accessed June 2020, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928833.
Google Pay 2020, ‘About’, accessed June 2020, https://pay.google.com/about/.
Grunewald, A & Maclay, C n.d., ‘Lynk: a technology platform connecting informal workers to new clients’, accessed June 2020,
https://solve.mit.edu/challenges/work-of-the-future/solutions/5368.
Hamel, G & Prahalad, CK 1989, ‘Strategic Intent’, Harvard Business Review, May–June, pp. 63–76, cited in Schermerhorn, J,
Davidson, P, Factor, A, Poole, D, Woods, P, Simon, E & McBar, E 2016, Management: Asia–Pacific Edition, 6th edn, John
Wiley & Sons Australia.
Hammond, K 2001, ‘Michael Porter’s Big Ideas’, Fast Company, March, cited in Schermerhorn, J, Davidson, P, /Factor, A, Poole,
D, Woods, P, Simon, E & McBar, E 2016, Management: Asia–Pacific Edition, 6th edn, John Wiley & Sons Australia.
Hitt, M, Ireland, R & Hoskisson, R 1997, Strategic Management: Competitiveness and Globalization (Minneapolis: West, 1997),
p. 5, cited in Schermerhorn, J, Davidson, P, Factor, A, Poole, D, Woods, P, Simon, E & McBar, E 2016, Management: Asia–
Pacific Edition, 6th edn, John Wiley & Sons Australia.
Information and quotes from Stepanek, M 1999, ‘How Fast Is Net Fast?’, Business Week E-Biz, 1 November, pp. EB52–EB54,
cited in Schermerhorn, J, Davidson, P, Factor, A, Poole, D, Woods, P, Simon, E & McBar, E 2016, Management: Asia–Pacific
Edition, 6th edn, John Wiley & Sons Australia.
InvestSMART 2020, accessed June 2020, https://www.investsmart.com.au/.
Iqbal, M 2020, ‘WeChat Revenue and Usage Statistics (2020)’, 13 May, accessed June 2020, https://www.businessofapps.com/
data/wechat-statistics/.
ITU 2019, ‘Statistics’, accessed June, https://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx.
Jacobides, M 2019, ‘Amazon’s ecosystem grows bigger and stronger by the day: should we be worried?’, Forbes, 9 May, accessed
June 2020, https://www.forbes.com/sites/lbsbusinessstrategyreview/2019/05/09/amazons-ecosystem-grows-bigger-and-stronger
-by-the-day-should-we-be-worried/#451bc12b31ea.
Jacobides, M, Lang, N Louw, N & von Szczepanski, K 2019, ‘What Does a Successful Digital Ecosystem Look Like?’, BCG, 26
June, accessed June 2020, https://www.bcg.com/en-au/publications/2019/what-does-successful-digital-ecosystem-look-like.
aspx.
James, A 2020a, ‘Sustainability driven innovation: service innovation’, PennState College of Earth and Mineral Sciences, accessed
June 2020, https://www.e-education.psu.edu/ba850/node/722.
James, A 2020b, ‘Sustainability driven innovation: structure innovation’, PennState College of Earth and Mineral Sciences,
accessed June 2020, https://www.e-education.psu.edu/ba850/node/701.
Kabai, I 2017, ‘Measuring the performance of enterprise architecture’, Information Week, 1 November, accessed June 2020,
https://www.informationweek.com/devops/measuring-the-performance-of-enterprise-architecture/a/d-id/1327872.
Keeley, L, Pikkel, R, Quinn, B & Walters, H 2013, Ten types of innovation: the discipline of building breakthrough, John Wiley &
Sons, Koboken, NJ.
Kickstarter 2020, ‘About us’, accessed June 2020, https://www.kickstarter.com/.
Kirkegaard, M 2020, ‘Brewdog launches $10m Australian equity raise’, BrewsNews, 15 December, accessed February 2021,
https://www.brewsnews.com.au/2020/12/15/brewdog-launches-10m-australian-equity-raise/
Kruppa, M & Murphy, H 2019, ‘’DeFi’ movement promises high interest but high risk’, Financial Times, 30 December, accessed
June 2020, https://www.ft.com/content/16db565a-25a1-11ea-9305-4234e74b0ef3.
Kurzweil, R 2005, The singularity is near: when humans transcend biology, Viking Press, cited in Taaffe, O (ed) 2019, Banking on
Change: the development and future of financial services, p. 199, John Wiley & Sons, Chichester, West Sussex UK.
MarketFinance 2020, ‘Press’, accessed June 2020, https://marketfinance.com/press.
Marketlend 2020, accessed June 2020 https://www.marketlend.com.au/.
Marr, B 2016, Big Data in Practice (use cases), John Wiley & Sons, Chichester, West Sussex, UK.
McKinsey 2017, ‘Financial ecosystems: the next horizon for US banks’, 12 July, accessed June 2020, https://www.mckinsey.com/
industries/financial-services/our-insights/financial-ecosystems-the-next-horizon-for-us-banks.
Miller, C 2019, “Facebook Pay’ takes on Apple Pay with in-app purchases, Messenger transfers, more’, 9 to 5 Mac, 12 November,
accessed June 2020, https://9to5mac.com/2019/11/12/facebook-pay-apple-pay-competitor/.
Mintzberg, HH 1978, ‘Patterns in Strategy Formation’, Management Science, vol. 24, pp. 327–36, cited in Schermerhorn, J,
Davidson, P, /Factor, A, Poole, D, Woods, P, Simon, E & McBar, E 2016, Management: Asia–Pacific Edition, 6th edn,
John Wiley & Sons Australia.
MoneyPlace 2020, accessed June 2020 https://moneyplace.com.au/.
Pdf_Folio:71

MODULE 1 The Digital Finance Ecosystem 71

Monzo 2020, ‘About’, accessed June 2020, https://monzo.com/about/.
Naiya, P 2018, ‘More than one billion smartphones to feature facial recognition in 2020’, Counterpoint, 7 February, accessed
June 2020, https://www.counterpointresearch.com/one-billion-smartphones-feature-face-recognition-2020/.
Omezzine, F & Schleich, J 2019, ‘The future of blockchain according to experts in the energy sector’, The Conversation, 5 March,
accessed June 2020, https://theconversation.com/the-future-of-blockchain-according-to-experts-in-the-energy-sector-111780.
Parrino, R et al 2021, ‘Fundamentals of corporate finance 4e’, John Wiley and Sons Australia Limited.
Patreon 2020, https://www.patreon.com/.
PayPal 2020, ‘Home’, accessed June 2020, https://www.paypal.com/au/home. Pingit 2020, accessed June 2020, https://www.
pingit.com/.
PledgeMe 2020, accessed June 2020, https://www.pledgeme.co.nz/; https://www.pledgeme.com.au/.
Porter, M 1980, Competitive Strategy: Techniques for Analyzing Industries and Competitors, New York: Free Press.
Protalinski, E 2020, ‘Amazon reports $75.5 billion in Q1 2020 revenue: AWS up 33%, subscriptions up 28%, and ‘other’ up 44%’,
Venture Beat, 30 April, accessed June 2020, https://venturebeat.com/2020/04/30/amazon-earnings-q1-2020/.
PwC 2019, ‘Crossing the lines: how fintech is propelling FS and TMT firms out of their lanes’, Global Fintech Report 2019,
accessed June 2020, https://pwc.blogs.com/pwcresearch/2019/10/crossing-the-lines-how-fintech-is-propelling-financial-servi
ces-and-technology-firms-out-of-their-la.html
PYMNTS 2020, ‘How Amazon, Western Union and other players are pushing to improve x-border retail’, 23 January, accessed
June 2020, https://www.pymnts.com/news/retail/2020/how-amazon-western-union-and-other-players-are-pushing-to-improve-x
-border-retail/.
RateSetter Australia 2020, accessed June 2020 https://www.ratesetter.com.au/.
Reis, A & Chand, V 2020, ‘Uber Drivers: Employees or Independent Contractors?,’ Kluwer International Tax Blog, 3 April,
accessed June 2020, http://kluwertaxblog.com/2020/04/03/uber-drivers-employees-or-independent-contractors/?doing_wp_cr
on=1592376088.1006278991699218750000.
Salzman, M 2019, ‘Five marketing trends for now — and what they’re trying to tell us’, 19 August, accessed June 2020,
https://www.forbes.com/sites/blakemorgan/2017/12/15/leveraging-customer-data-to-create-relevant-customer-experiences-2-
examples/#2f6e62c761d3.
Sekabira, H & Qaim, M 2017, ‘Mobile money, agricultural marketing, and off-farm income in Uganda’, Agricultural Economics,
15 May, accessed June 2020, https://onlinelibrary.wiley.com/doi/abs/10.1111/agec.12360.
Snowball Effect 2020, accessed June 2020, https://www.snowballeffect.co.nz/.
Son, H 2020, ‘Amazon unveils small business credit line with Goldman in latest tie-up between tech and Wall Street’, 10 June,
accessed June 2020, https://www.cnbc.com/2020/06/10/amazon-and-goldman-sachs-unveils-small-business-credit-lines-up-to-1
-million.html.
Thales 2020, ‘Biometrics: authentication & identification (definition, trends, use cases, laws and latest news) — 2020 review’,
Digital Identity and Security, 5 May, accessed June 2020, https://www.thalesgroup.com/en/markets/digital-identity-and-security/
government/inspired/biometrics.
ThinCats Australia 2020, accessed June 2020 https://www.thincats.com.au/.
TruePillars 2020, accessed June 2020 https://www.truepillars.com/.
Vardy, N 2020, ‘The greatest moneymaking machine in Wall Street history’, Investment U, 12 May, accessed June 2020,
https://investmentu.com/quant-investing-wall-streets-greatest-moneymaker/.
Wyer, S 2019, ‘How to mobilise your organisation for digital transformation’, EDM, 7 August, accessed June 2020, https://www.
edmgroup.com/en/blog/digital-transformation-mobilisation.

Pdf_Folio:72

72 Digital Finance
MODULE 2

FUTURE OF MONEY
LEARNING OBJECTIVES

After completing this module, you should be able to:

2.1 evaluate the effectiveness of digital currency and payments in meeting the organisation’s objectives
2.2 assess the effectiveness of using cryptocurrency and distributed ledger technology in solving complex
business problems
2.3 support the adoption of alternative finance sources to the organisation’s stakeholders as an innovative
solution to traditional finance requirements.

PREVIEW
As explained in module 1, every business is positioned within an ecosystem of value- driven economic
activities. The monetary system — and overall financial system — is transitioning to technology-enabled
business models that can bring further democratisation, inclusion, efficiency and effectiveness, and open
up new pathways for innovative business models.
Achieving a transient or competitive advantage requires every organisation and professional to under-
stand the reason and rationales behind these changes. This will help evaluate and establish business cases
that adopt appropriate digital technologies and applications within an organisation’s strategic, business,
innovation and financial reality. In this module we explore technologies and applications for digital
currency, digital payments, distributed ledgers, cryptocurrencies and alternative finance. We conclude with
an assessment of the future direction of banking.
Part A of the module describes the functions and characteristics of money to establish a basis for
evaluating the potential applications of a variety of digital currencies. Digital currencies involve new
financial and monetary infrastructure and processes that require evaluation and management in terms
of business strategy, operational strategy, regulation, compliance, accounting, ethics, societal impacts
and finance.
Part B of the module describes the characteristics and applications of a variety of digital payment
technologies. Some of these are well-established, widely adopted and exist as a formalised part of the
financial system. Others are being developed using various financial technologies to overcome weaknesses
of existing systems and to provide personalised, frictionless payment experiences to customers. A
common feature of digital payments is the potential to capture rich data associated with each transaction.
Part C of the module describes the concept of distributed ledgers and the mechanisms that enable
blockchain platforms to provide secure transactions without the need for a central trusted authority and
to create a secure, transparent and immutable ledger. We also discuss smart contracts, which are self-
executing contracts that operate on a blockchain platform and a range of other blockchain applications.

Pdf_Folio:73
 Part D examines cryptocurrencies, which are a type of decentralised virtual currency that exists on
blockchain platforms. Cryptocurrencies are seen as a potentially transformative innovation that could
fundamentally change the global financial system by eliminating the role of central authorities and
intermediaries. At present, they are largely unregulated and operate outside the formal financial system.
Part E explores alternative lending and funding innovations that have been enabled by technology.
These are of particular value to start-ups and small to medium-sized enterprises (SMEs), which often
face hurdles accessing required capital through traditional providers.
Part F concludes the module with an assessment of the future direction of banking in response to the
increasing integration of technology and finance.

Pdf_Folio:74

74 Digital Finance
PART A: DIGITAL CURRENCY
INTRODUCTION
The nature of money has evolved over time in accordance with changes in technology and changes in
people’s needs. The interconnected nature of the Network Age, the globalisation of commerce and the
speed and ease with which individuals and organisations want to transact have driven the development of
digital currency technologies and platforms. Some of these are essentially electronic equivalents of familiar
fiat currency and other established financial instruments, but some are radically new — independent from
government or central banks, largely unregulated, hosted on platforms that eliminate the use of traditional
intermediaries, and operating outside the formal global financial system.
To evaluate the potential uses of new forms of money or currency, it is necessary to understand:
• the functions of money and currency in the real economy
• the relative advantages and disadvantages of different types of money and currency for particular uses
• the characteristics of new forms of money and currency
• how money and currency may evolve in the future.
We will discuss these topics in this part of the module. This will provide the knowledge required to
evaluate the potential use of digital currencies in meeting an organisation’s specific objectives.

2.1 MONEY AND CURRENCY

In this section, we will explore the functions and properties of money, and compare and contrast different
types of money and currency.

FUNCTIONS OF MONEY
Money can be defined as an item or a verifiable record that is accepted for payments (goods and services)
and repayment (e.g. debts, taxes) within a specific socio-economic context (e.g. a country). For any item or
verifiable record to be considered as money it needs to fulfil the following functions (Swammy, Thompson
& Loh 2018):
• Medium of exchange (primary functionality). Money intermediates the exchange of goods and services,
overcoming barter’s dependence on the mutual want of goods.
• Measure of value/unit of account (primary functionality). Money measures the market value of goods,
services and any other transaction. Money in this sense is a unit of account. For example, in Australia
the unit of account is the Australian Dollar.
• Standard of deferred payment (secondary functionality). Money operates as a standard of deferred
payment — an accepted way to settle a debt (e.g. salary, loans or rent).
• Store of value (secondary functionality). Money is an asset bearing a relatively stable sustaining value.
To be a store of value, it must be able to be saved in a reliable way; stored in a reliable way; retrieved in
a reliable way; and used as a medium of exchange upon retrieval in the future.
Financial instruments are monetary contracts that take place between parties. Financial instruments
are essential for any business activity to function properly. Any financial instrument that can fulfil the
above-mentioned functions of money is considered to be money. All the available financial instruments
within an economy are referred to as the money supply for a specific economy.

PROPERTIES OF MONEY
To fulfil the primary and secondary functions, money must have the following properties.
• Fungibility. The uniform quality of an object makes the object interchangeable and indistinguishable
so that any one dollar is equal to any other dollar.
• Durability. Money must endure long enough to be utilised in any future transactions.
• Portability. There must be ability to handle and deal in money in small quantities that can be exchanged
or transferred in value.
• Recognisability/cognisability. The value of money must be easy to identify so all parties to a transaction
can verify and accept the authenticity and value of the money.
• Stability. Money must be able to sustain value over time so as to be used for transactions and avoid
transaction costs.
Pdf_Folio:75

MODULE 2 Future of Money 75

• Divisibility. It must have the ability to be divided into small units.
• Scarcity. The supply of money in circulation cannot be unlimited.

DIFFERENCES BETWEEN MONEY AND CURRENCY

The terms money and currency are often used interchangeably, but they are not equivalent. Table 2.1
indicates the key differences between money and currency.

TABLE 2.1 Differences between money and currency

Money Currency

A store of value Not a store of value

Tangible Tangible or intangible

Has intrinsic value Does not have intrinsic value

Can be used to derive the value of any product Cannot be used to derive the value of a product
or service or service

Source: CPA Australia 2021.

TYPES OF CURRENCY
Figure 2.1 provides a taxonomy of currency. We will briefly discuss traditional currencies in the next
section, before moving on to a detailed discussion of digital currencies.

FIGURE 2.1 A taxonomy of currency

Commodity

Commodity-
backed
Traditional

Fiat

Currency Representitive/
fiduciary

Regulated E-money
Digital

Unregulated Virtual

Source: CPA Australia 2021.

TRADITIONAL CURRENCIES
Traditional currency is any form of money that is in public circulation and used as a medium of
exchange — for payments or repaying debt. Traditional currencies are subject to government approval and
endorsement as legal tender. Traditional currencies can be exchanged against each other and can be either
floating (determined by market supply and demand) or fixed (determined by governmental intervention).
Traditional currencies can be commodities, commodity-backed, fiat or fiduciary.

Pdf_Folio:76

76 Digital Finance
Commodity Currency
Commodity currency is a physical commodity (e.g. coined metals, cowry shells or cocoa beans) used to
represent money (Velde & Weber 2010). Table 2.2 lists the advantages and disadvantages of commodity
currency.

TABLE 2.2 Commodity currency — advantages and disadvantages

Advantages Disadvantages

• Lower inflation and devaluation • Manipulation of allocation and usage

• Ability to serve for an additional purpose • Supply limitation
(e.g. gold jewellery) • Prone to fluctuations in value
• Seigniorage* is impossible • Mutual matching of needs and quantities: difficult to
• Little to no political influence/value assess the value of the item that is purchased/sold
• Almost impossible to divide into small
denominations
• Can be difficult to transport or carry
• Can be perishable
• Variations in quality can be observed

*Seigniorage is the profit made by a government when it issues currency — the difference between its face value and its
production cost.
Source: CPA Australia 2021.

Commodity-Backed Currency
Commodity-backed currency can be exchanged on demand for a commodity (e.g. gold), but does not use
the commodity itself as the medium of exchange (Selgin 2015). Historically, national currencies were
back by a country’s reserves of gold. Table 2.3 outlines the advantages and disadvantages of commodity-
backed currency.

TABLE 2.3 Commodity-backed currency — advantages and disadvantages

Advantages Disadvantages

• Lower inflation • Prone to devaluation

• Less governmental influence • Variations in quality
• Intrinsic value • Slower economic growth
• Less risk of deflation; hence, better as a • Relatively fixed in supply
saving medium • Volatile
• More costly to produce than fiat currencies

Source: CPA Australia 2021.

Fiat Currency
Fiat currency is issued by a government as legal tender and is not backed by physical commodities. The
currency’s value is dependent on confidence in the issuing government and is influenced by supply and
demand (Kiyotaki & Wright 1991; Goldberg 2015). Fiat currency has become the norm in most societies
(Kiyotaki & Wright 1991). Table 2.4 outlines the advantages and disadvantages of fiat currency.

TABLE 2.4 Fiat currency — advantages and disadvantages

Advantages Disadvantages

• Established • Counterfeit
• More stability • Insecurity
• More growth in terms of supply • High transaction fees (contrary to digital currency)
• Inflation
• Value pegged to government

Source: CPA Australia 2021.

A country’s national currency is a fiat currency. In principle, central banks are responsible for regulating,
controlling and managing the creation, issuance and distribution of national currencies. There are also
supranational currencies, such as the Euro, and currencies that are pegged to another currency (e.g. the
Bulgarian Lev is pegged to the Euro).
Pdf_Folio:77

MODULE 2 Future of Money 77

 National currencies can be converted to other currencies and vice versa. These conversions take place
within a foreign exchange market. Currencies may be:
• fully convertible — no restrictions or limitations (e.g. US Dollar)
• partially convertible — controlled by central banks (e.g. Indian Rupee and Chinese Renminbi)
• non-convertible — where neither participation in the international currency market nor conversion is
allowed (e.g. North Korean Won, Cuban Peso, Iranian Rial).

Representative/Fiduciary Currency
Fiduciary currency is accepted as a medium of exchange, but is not legal tender. Hence, people have the
right not to accept it as a means of payment. Fiduciary currency is based on the promise provided by
the issuer to exchange it for a commodity or fiat currency upon request. The most widely used fiduciary
currency is the bank cheque. Table 2.5 outlines the advantages and disadvantages of fiduciary currency.

TABLE 2.5 Representative/fiduciary currency — advantages and disadvantages

Advantages Disadvantages

• Pegged to fiat currency or a commodity (rarely) • Value depending on confidence, good faith and trust
• Paper certificate • Not an enforceable accepted medium of exchange
• Easy to carry • Prone to counterfeit
• Can be manipulated

Source: CPA Australia 2021.

.......................................................................................................................................................................................
CONSIDER THIS
Before reading section 2.2 on digital currencies, consider what you already know about them. Choose two or
three digital currencies you are aware of and compare them against the traditional fiat and fiduciary currencies we
have described above. What advantages and disadvantages do you think each type of digital currency might have
compared with traditional fiat and fiduciary currencies? How might this affect their use in business?

2.2 DIGITAL CURRENCIES

Digital currencies exist only as balances or records stored within databases. Beyond that description, there
is no widely accepted, consistent definition of what a digital currency really is. To organise our discussion,
we categorise them into three types.
• E-money is a regulated digital currency.
• A virtual currency is an unregulated digital currency.
• A cryptocurrency is a decentralised virtual currency that uses cryptography to authenticate
transactions.

E-MONEY (ELECTRONIC MONEY)

In contrast to physical currencies such as notes and coins, e-money is a digital representation of
government-issued fiat currency. Table 2.6 outlines the advantages and disadvantages of e-money.

TABLE 2.6 E-money — advantages and disadvantages

Advantages Disadvantages

• Backed by fiat currency • Can increase consumption and uncontrolled

• Practical to use spending
• Faster transactions • Fees for cross-border transactions (often excessive
• Global transactions and usually not favourable exchange rates)
• Traceability of transactions • Prone to cybersecurity risks and hacking
• Reduces fraud and circulation of ‘black money’ • Loss of privacy
• Can create societal inequalities and lead to
financial exclusion

Source: CPA Australia 2021.

Pdf_Folio:78

78 Digital Finance
 As it is a digital representation of a fiat currency, e-money is widely accepted and used as a payment
system. E-money includes stored-value cards (e.g. debit cards, credit cards, prepaid cards and travel cards)
and various services that are accepted by businesses to process payments for goods and services (e.g.
Square and PayPal).
E-money can be differentiated into hardware- and software-based products.
• Hardware-based products feature a physical element and hardware-based security features, such as a
credit card with an embedded security chip. Transactions are typically performed with a physical device,
such as an EFTPOS terminal.
• Software-based products operate on devices such as computers and smartphones. A transfer typically
requires the device to connect to a payments server via the internet. Examples include PayPal, Afterpay
and Klarna, which are established payment processors for many online retailers.
Regulators around the world have converged towards a set of e-money regulations intended to
protect consumers, but enable innovation and competition (Krueger 2002; Mester 2000; European
Commission n.d.).

Central Bank Digital Currency (CBDC)

Major central banks have recently begun discussing the potential for institutional adoption of a Central
Bank Digital Currency (CBDC) scheme — a digital form of a country’s fiat currency, which would be
backed, regulated and administered by governments and work on either a national or a supranational level
(Burchardi et al. 2020; Hamza & Jedidia 2020). CBDCs could potentially revolutionise global payments
by removing intermediaries, enabling real-time settlement of cross-border transactions, or creating a
cashless society (discussed next). A CBDC would be safe, secure and stable, and potentially enable no-
cost transactions (Bordo & Levin 2017). One option being explored is to use blockchain to enable CBDC.
The adoption of CBDCs could affect commercial banks if central banks were to enable consumers to hold
a bank account with the central bank itself (Fernández-Villaverde et al. 2020). China recently announced
the development of the sovereign ‘digital yuan’.
A CBDC is expected to be aligned to the following criteria (Grym et al. 2017).
• The currency is issued by a central bank in a digital form.
• The currency provides the freedom for anyone to hold it.
• It is the same currency as banknotes or central bank deposits.
• The currency can serve as a payment mechanism within retail payments.
• The currency does not depend on a third party or central counterparty to verify or process a transaction
and hence enables real-time settlements of financial transactions.

Cashless Society
E-money and innovative financial products make transitioning to a cashless society increasingly feasible.
The response to the COVID-19 pandemic has perhaps accelerated this transition, by encouraging cashless
and contactless payments, and increased use of online transactions. Governments, financial services
institutions, policymakers, regulators and associations around the globe are investigating how a cashless
society could operate, along with debating the advantages and disadvantages of such a system. Some
potential advantages and disadvantages/challenges are listed in table 2.7.

TABLE 2.7 Cashless society — advantages and disadvantages

Advantages Disadvantages/Challenges

• Reduced crime as there is no physical money to steal • As currency becomes data, cybersecurity becomes
• Reduced money laundering as cashless transactions a threat
are traceable and the parties are usually identifiable • Compromised privacy as cashless transactions are
• More cost-effective, as there is no need to print, traceable and the parties are usually identifiable
handle or store physical money • Reliance on availability and scalability of technology
• Seamless foreign exchange transactions, as they will to enable transactions
not need to involve handling of cash • Reliance on interoperability of systems (including
establishment of standards)
• Fees charged by payment service providers,
particularly if one or a few become dominant
• Potential exclusion of those with limited access to
technology or skill with technology

Source: CPA Australia 2021.

Pdf_Folio:79

MODULE 2 Future of Money 79

 Along with the logistical challenges that such a transition would entail, there are more serious and
foundational elements to be considered, especially around the creation or continuance of underbanked or
unbanked communities on the basis of behavioural, socioeconomic or technological factors, such as poor-
quality internet access, or distrust of technology (Poon 2020; Alderman 2020). People who are elderly,
from low-income backgrounds, lacking technology skills, homeless or unemployed may become more
vulnerable in a cashless society.

Decoupling E-Money and Cash

One of the obstacles to setting official interest rates below zero (where charges would be imposed on
savings held with financial institutions) is that people simply withdraw their cash (Schoenberg 2019).
International monetary bodies, such as the International Monetary Fund (IMF), have conducted research
into establishing a dual currency system in which cash and e-money would be decoupled. In such a
system, when negative interest rates are applied to e-money, the cost of converting cash to e-money would
simultaneously change at the same rate, effectively removing the incentive to hoard cash. Such a system
is considered feasible, but would need further conceptual development. In addition, IMF research has
indicated that bank profitability could reduce in light of negative interest rates and banks could impose
fees on customers to reduce/close their deficit gaps (Assenmacher & Krogstrup 2018).

VIRTUAL CURRENCY
Virtual currencies are created by the developers of online virtual communities or platforms. The functions
of any virtual currency within the platform are fulfilled only upon agreement among the members or
participants and/or according to the terms or rules coded into the platform.
Centralised virtual currencies are controlled by a single administrator (usually the developer of the
platform) who acts as the intermediary in transactions. Decentralised virtual currencies use cryptography
to establish trust between participants and thus eliminate the need for an intermediary.
While virtual currencies have no official role in the real economy, some types of virtual currencies
are accepted as payments for goods and services or can be exchanged with fiat currency. Some virtual
currencies, particularly cryptocurrencies, are seen as having the potential for widespread adoption as an
alternative to conventional currencies and payment systems.
Table 2.8 outlines advantages and disadvantages of virtual currencies.

TABLE 2.8 Virtual currencies — advantages and disadvantages

Advantages Disadvantages

• Cheaper • No consumer protection

• Faster (instant settlements) • Potential instability of platforms
• Potentially more secure • Price volatility and fluctuations
• More transparent • Cyberthreats (theft, hacking, loss, fraud)
• Convenient • Unregulated
• Centralised or decentralised • Not backed
• No intrinsic value
• Potential security issues

Source: CPA Australia 2021.

Below, we will discuss centralised virtual currencies. In section 2.3, we will discuss cryptocurrencies,
which are a decentralised virtual currency. Centralised virtual currencies may be categorised according
to how they interact with real economy money, as shown in figure 2.2. Note that any particular virtual
currency may not necessarily fall neatly into a single category.

Closed Virtual Currency

Closed virtual currencies (also known as fictional currencies) are predominantly used in specific virtual
communities. The ‘gold’ currency used in the World of Warcraft online role-playing game is an example of
a closed virtual currency. Users earn, spend and trade the virtual currency within the game or platform. As
closed virtual currencies have limited or no use beyond the boundaries of the virtual community, financial
system regulators have not regulated their use. Sometimes users violate the rules of the game by making
real-world agreements relating to their in-game use of the virtual currency, and the platform operators act
to address this if it is discovered (Guo & Barnes 2011; Jiminez 2007; Segendorf 2014b).
Pdf_Folio:80

80 Digital Finance
 FIGURE 2.2 Relationship between centralised virtual currencies and real economy money

Convertible (bidirectional)
Closed virtual currency Unidirectional virtual currency
virtual currency

Real economy money Real economy money Real economy money

Virtual money Virtual money Virtual money

Can be used for virtual Can be used for virtual

Used only for virtual
and real goods and and real goods and
goods and services
services services

Source: CPA Australia 2021.

Unidirectional Virtual Currency

Unidirectional virtual currencies can be earned on the platform, like closed virtual currencies, or purchased
using conventional currency. The platform operator defines the terms and conditions, including the
purchase price. Unidirectional virtual currencies can be spent on virtual goods and services or real
goods and services. However, conversion of the virtual currency to conventional currency is not possible
(Segendorf 2014b). Regulation of unidirectional virtual currency is focused on consumer protection rather
than the financial system (Vandezande 2017).
Loyalty programs are an example of a unidirectional virtual currency. Frequent flyer points, for example,
are earned through travelling or by interacting with program partners (e.g. using a credit card linked to the
program). Some programs also allow points to be purchased with conventional currency. Points can be
used to purchase flights or other goods and services, but cannot be converted to conventional currency.
As points collected with most loyalty programs do not have an attributed cash value, customers’ account
balances can be potentially devalued or eliminated, as occurred when Air Berlin’s Topbonus program
ceased operations (Bloom 2020; Genter 2020).
Major airlines in recent years have continuously devalued their loyalty programs, increasing the number
of points required to redeem rewards (Rosen 2019). The reason behind such actions is that while new
miles are being continuously issued by the loyalty programs, redemptions do not increase at the same
rate, requiring the prices for the redemption of a reward to rise. This oversupply of points may arise
because the loyalty programs are poorly conceived or poorly managed, or when a struggling business
has sought to receive short-term liquidity by promoting their loyalty programs (Leff 2018). Typically
these deliberate devaluations occur while businesses are operating successfully and have a high number
of paying customers, resulting in high utilisation of equipment (e.g. aeroplanes). This circumstance
leads to limited opportunities for the redemption of rewards, resulting in devaluations. If the business
is experiencing a crisis however, the utilisation of equipment tends to be low. The available capacities can
be allocated towards reward redemption. Therefore, typically devaluations are postponed, and businesses
avoid angering customers (Leff 2018).

Convertible (Bidirectional) Virtual Currency

Convertible (bidirectional) virtual currencies (also known as open virtual currencies) can be purchased
and sold using conventional currency at an exchange rate set by the platform operator (Segendorf 2014b).
Convertible virtual currencies are thus more fully integrated with the real economy. Example 2.1 examines
the interactions between the Second Life virtual world currency, managed by the platform’s developer
Linden Lab, and the real economy.

Pdf_Folio:81

MODULE 2 Future of Money 81

 EXAMPLE 2.1

Second Life
Second Life is an online digital world in which players can virtually pursue their interests and
dreams — from piloting spaceships to creating content and art, or meeting and interacting with other
people (Rymaszewski 2007). The platform’s operator, Linden Lab, regulates the game, including issuing
and managing the in-game currency, the Linden Dollar.
In its terms of use, Linden Lab specifies that the Linden Dollar is not a currency (Linden Lab 2017).
However, given its interaction with the real economy, the European Central Bank does consider Linden
Dollars to be a convertible virtual currency (European Central Bank 2012). This conclusion was based on
the following.
• Linden Lab’s role as an issuing bank and sole authority and regulator within Second Life is specified in
the platform’s terms of use. Linden Dollars can be exchanged for US Dollars at a floating exchange
rate via the Lindex platform. Like a real-world central bank, Linden Lab intervenes to manage the
exchange rate (Chen 2009). The company can modify the quantity of the money in circulation as it
deems necessary (European Central Bank 2012).
• Players who earn Linden Dollars within the platform can convert them to US Dollars. One user
acted as a property developer within Second Life, buying and subdividing real estate in a series of
transactions that saw their USD9.95 account grow to more than USD1 million over a period of 2.5 years
(Nuttall 2006).
• At the peak of its popularity, leading real-world companies established virtual stores on the Second Life
platform as part of their marketing initiatives (Heuzeroth 2010).
• Some in-game banks offered high interest rates on Linden Dollar savings accounts. This led many users
to convert US Dollars into Linden Dollars in order to be able to earn interest. There was some concern
that aspects of Second Life may have constituted investment scams.

.......................................................................................................................................................................................
CONSIDER THIS
Fiat currencies derive their value from confidence and trust in the issuing government. What ultimately underpins the
value of Linden Dollars or frequent flyer miles? How might this affect a business’s decision to use a virtual currency?
Is there a way to manage any risks you have identified?

Regulators have largely ignored virtual currencies that cannot be exchanged back into conventional
currencies, but bidirectional virtual currencies are attracting increasing regulatory attention, partly due to
their potential use for illegal activities and partly due to their potential impacts on the established global
financial system — they essentially compete with conventional currencies (European Central Bank 2012).
Example 2.2 describes how an unregulated virtual currency platform was extensively used for criminal
activities before being shut down by the US Government.

EXAMPLE 2.2

Liberty Reserve
Liberty Reserve (LR) was a convertible virtual currency (pegged to the US Dollar) that could be converted
back and forth between Euros or US Dollars via unlicensed third-party ‘exchangers’ (Simser 2015). Within
the platform, LRs could be transacted securely and anonymously. The exchangers retained no identifying
data or transaction record and thus there was no traceability to individuals or organisations. The absence
of regulatory oversight saw the platform used extensively for money laundering, the funding of terrorism
and other criminal activities (Mullan 2016; Surowiecki 2013; Trautman 2013).

.......................................................................................................................................................................................
CONSIDER THIS
Since virtual currency technology is still developing, along with regulators’ understanding of the implications and the
necessary compliance regime, the technology is expected to evolve into more mature, scalable and secure business
models that will be less prone to manipulation and malicious actions. How would the current lack of regulation and the
potential for future regulatory changes factor into your evaluation of a virtual currency’s potential uses for legitimate
business purposes?

Pdf_Folio:82

82 Digital Finance
 The virtual currencies we have discussed above have all been centralised — a central authority issues
and manages the currency within the virtual platform. Cryptocurrencies, such as Bitcoin, which we will
discuss in the section 2.3, are an example of decentralised convertible virtual currencies that operate
without a central intermediary.

QUESTION 2.1

Outline the issues that airlines, and other businesses with points-based rewards programs, should
consider when allowing the volume of outstanding points to grow?

2.3 CRYPTOCURRENCY
Cryptocurrencies are decentralised virtual currencies. On a cryptocurrency platform, the cryptocurrency
is transferable directly from a payer to a payee on a distributed ledger that is handled and secured by
cryptographic protocols. This eliminates the need for intermediation by a centralised authority.
The cryptocurrencies themselves are usually referred to as coins. As there is no centralised issuing
authority, the mechanism by which coins are created is written into the software itself. These rules are
published. Usually, coins are created and awarded to members of the platform that facilitate its operation by
solving the cryptographic ‘puzzles’ that enable transactions. However, coins can also be issued in exchange
for conventional currency or an established cryptocurrency. This approach is usually used to raise the initial
funds to create a cryptocurrency platform.
As a convertible virtual currency, cryptocurrencies can be converted to conventional currencies and vice
versa via businesses operating as cryptocurrency exchanges. Some businesses also accept cryptocurrency
payments for goods and services. As there is no central authority, the value of a cryptocurrency is
determined by supply and demand. They appear to be gaining increasing acceptance as a legitimate
platform for commercial applications.
Table 2.9 outlines some advantages and disadvantages of cryptocurrencies.

TABLE 2.9 Cryptocurrency — advantages and disadvantages

Advantages Disadvantages

• Secure transactions without supervision • Volatile value

• Open transactions, transparent to all users • Energy intensive (due to the computing
• Private transactions (potentially anonymous) requirements)
• Possible association with illegal activities such as
money laundering
• Unregulated

Source: CPA Australia 2021.

The best-known cryptocurrency is Bitcoin (Calvery 2013). Bitcoin’s convertibility with conventional
currencies is described briefly in example 2.3. Cryptocurrencies are considered a potentially transformative
technology. Part D of this module will provide a detailed discussion of their characteristics, applications
and potential future role.

EXAMPLE 2.3

Bitcoin
Bitcoin is the most established cryptocurrency platform. It was first released in 2009. Bitcoin is the name
of both the platform and the currency. Bitcoin is perceived as a potentially transformative force in the
global monetary system and payment infrastructures, since the processing of Bitcoin transactions is not
dependent on intermediaries or centralised clearing and settlement bodies. Disintermediation of financial
transactions would fundamentally change the nature of the global financial system.

Pdf_Folio:83

MODULE 2 Future of Money 83

 The progressive popularity of Bitcoin has led to the establishment of Bitcoin ATMs. These enable people
to purchase Bitcoin using cash (the usual method) or debit card. Some of them provide bidirectional
functionality — serving both the purpose of purchasing and selling Bitcoin against a specific real-time
exchange rate with a percentage-based transaction fee.
Bitcoin is stored in a dedicated personal Bitcoin wallet or a printed paper wallet that is generated by
the Bitcoin ATM upon completion of the transaction. Loss of access to the wallet results in loss of access
to the Bitcoin stored in it.
There are two types of Bitcoin machine.
• Bitcoin cash kiosks that are connected to a Bitcoin exchange rather than a bank account.
• Bitcoin ATMs that are connected to a bank account by means of a debit card.
The operation of Bitcoin ATMs needs to comply with the respective jurisdictional know-your-
customer/anti-money laundering (KYC/AML) regime. However, some argue that the anonymity inherent
in Bitcoin ATMs that handle cash or prepaid cards create an opportunity for money laundering and illegal
practices (Hyman 2015), along with potential severe taxation-avoidance issues. There is also potential for
unlicensed Bitcoin ATMs to be established.

.......................................................................................................................................................................................
CONSIDER THIS
Over the course of its existence, Bitcoin’s value has proven volatile. In 2010, 1 Bitcoin was valued at USD1, in 2017
its value varied between about USD1000 and USD20 000, in December 2018 it was valued at USD3300 and in early
2021 it reached USD50 000. How would this volatility affect the use of Bitcoin (or a similarly volatile cryptocurrency)
in business? Could a business successfully manage the risks associated with this volatility?

SUMMARY
Money serves as medium of exchange, measure of value/unit of account, standard of deferred payment
and store of value. Currency serves as a representation of money and enables transactions. Traditional
fiat currencies are issued and backed by governments. Fiduciary currencies are contractually linked to fiat
currencies and are also widely accepted.
E-money is a digital form of conventional currency and has replaced physical currency in many
transactions. Virtual currency, on the other hand, is not issued by a government and only has value
through the mutual agreement of the members of the platform on which it exists. Some virtual currencies
may be exchanged for conventional currency. Centralised virtual currencies are managed by the platform
developer. Cryptocurrencies are decentralised virtual currencies and are managed by rules coded into the
software that operates the platforms on which they run. Cryptocurrencies are seen to have potential to
revolutionise the global financial industry by removing the need for trusted intermediaries to facilitate
transactions.
Table 2.10 summarises the differences between e-money, virtual currency and cryptocurrency.

TABLE 2.10 E-money, virtual currency and cryptocurrency

Cryptocurrencies E-money Virtual currencies

Legal status Unregulated Regulated Unregulated

Governing structure P2P through blockchain Supervised by central No supervision from

network of computers authorities, such as central authorities (e.g.
Reserve Bank of Australia RBA) but monitored by the
(RBA) issuing organisation

Issuer Users in the crypto- Central bank or public Organisations

currency network authority

Value Determined by the Determined by fiat Determined by the issuing

supply/demand of currency (e.g. organisation
cryptocurrency in the AUD, USD)
markets

Pdf_Folio:84

84 Digital Finance
 Conversion Converted to fiat currency Easily converted as Not all virtual currencies
equivalent based on it is a digitally stored are convertible to fiat
the market price of representation of fiat currency. For convertible
cryptocurrency currency virtual currencies,
conversion rate is fixed
by the issuer

Examples Bitcoin, Ether E-money stored in digital Qantas frequent flyer

and mobile wallets (e.g. points, Linden Dollar in
PayPal, Apple Pay) Second Life

Source: CPA Australia 2021.

The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

2.1 Evaluate the effectiveness of digital currency and payments in meeting the organisation’s
objectives.
• An understanding of the features, advantages and disadvantages of traditional currencies provides
a foundation for evaluating the potential applications of digital currencies.
• E-money represents fiat currency and is well established as a payment system through credit cards
and payment processors such as PayPal.
• A centralised virtual currency is issued and controlled by the developer of the currency’s platform. A
cryptocurrency is issued and controlled by transparent rules embedded in the platform’s software.
• An evaluation of the effectiveness of digital currency in meeting an organisation’s objectives must
consider issues including, but not limited to, how the value of the currency is derived, the volatility
of the currency, the regulations and potential regulatory changes that apply, the mechanisms for
converting the currency and the extent of adoption of the currency.

Pdf_Folio:85

MODULE 2 Future of Money 85

PART B: DIGITAL PAYMENTS
INTRODUCTION
Digital payments are widely adopted throughout the economy and have, for many years, been transitioning
payments away from the use of cash, cheques and other traditional forms of payment.
Like most aspects of finance, digital payments are subject to ongoing innovation to improve their
efficiency and effectiveness. This is sometimes referred to a PayTech. In this part of the module, we
will examine various types of digital payments and their use cases to provide a foundation from which
to evaluate the potential application of digital payments to achieve an organisation’s objectives.

2.4 DIGITAL PAYMENTS

A payment is a transfer of funds, assets or goods, or services, in exchange for another form of funds,
assets or goods, or services. This exchange is conducted in acceptable proportions, which have been pre-
determined and agreed among the parties that are involved in the transaction.
A digital payment refers to an exchange in which value is transferred electronically from one party to
another. No physical cash or fiduciary money is exchanged during a digital payment transaction.

PAYMENT SYSTEMS AND METHODS

Payment systems can be categorised as large value or retail. We will discuss each in turn.

Large-Value Payment Systems

Large-value payment systems process large volumes of high-value critical payments. Large-value
payments ensure the solid and undisrupted functioning of the monetary system and the economy as a
whole. This payment system is mostly related to interbank/inter-financial institutional transactions. These
systems are usually regulated by central banks. Examples of large-value payment systems include:
• government securities clearing systems
• foreign exchange clearing systems (Forex)
• real-time gross settlements
• SWIFT (Society for the Worldwide Interbank Financial Telecommunication)
• high-value cheques clearing systems
• interbank cheques clearing systems.

Retail Payment Systems

Retail payment systems settle obligations involved in the routine purchasing, and selling, of goods and
services. Retail payment systems include:
• cash payments
• paper-based payments
• card-based payments
• electronic payments and remittances
• mobile-enabled payments
• crypto-enabled payments.
Different payment systems involve different regulations and compliance, agreed-upon payment proce-
dures and institutions.
A range of retail payment methods exist and the choice of which to use depends on the customer, the
amount, the payment system to be used, the reason for payment, or the jurisdiction of the payment, among
other factors. The predominant retail payment methods are:
• exchanging — the exchange of cash money, usually banknotes or coins
• provisioning — the transfer of money from one account to another, involving a third party. Credit and
debit cards, money transfers, cheques, recurring payments and all forms of digital payment fall into this
category.
Common payment methods are summarised in table 2.11.

Pdf_Folio:86

86 Digital Finance
 TABLE 2.11 Common payment methods for personal and business customers

Payment method Description Type of customer

Cash This is the traditional method used for face-to-face Personal

payments.
Is increasingly replaced by digital payments.

Direct deposits Customers instruct banks to take funds from a bank Personal
account to complete an online payment.
This is an automated clearing house payment.

Digital wallets Stores customer information, funds information and Personal

(broader term) money transfer information.
Most digital wallets allow the customer to pay with a
smartphone.
Examples include PayPal, BPay (bill payment service),
Masterpass, Alipay, Visa Checkout, app-based
mobile payments.

Mobile wallets (mobile- Mobile wallets use near-field communication (NFC) to Personal
based digital wallet) connect with a point of sale (POS) terminal.
Examples include Apple Pay, Samsung Pay and
Android Pay.

Prepaid cards Store value that customers can spend at a selected Personal
merchant or range of merchants.

Direct credit Direct credit is ideal for payroll payments. Business

Details can be amended and re-used in the future.
This is an Automated Clearing House payment.

Direct debit service This is ideal for managing payments from customers. Business
(initiator) Very useful for managing cash flow.
This is an Automated Clearing House payment.

Credit cards Credit cards are the most common way for customers to Personal and business
pay both online and during face-to-face transactions.
A payment gateway (POS) is required.
Businesses use credit cards for certain employees to
pay for professional expenses,

Automatic payment This is ideal when a fixed and regular amount between Personal and business
personal accounts, or from one account-holder to
another, needs to be paid.
An example is a monthly rent payment.

One-off payment Payment of an amount to a person or business once Personal and business
(direct credit) This is an automated clearing house payment.

Bill payment Each payment is set up individually and can be Personal and business
authorised for future dates.
For regular payments, e.g. paying for utilities.

Funds transfer This involves moving money between accounts. Personal and business

Direct debit (payer) This is an automatic payment attached to a debit or Personal and business
credit card.
It is ideal for utility or other service payments.
The service provider issues an invoice and the amount
is automatically deducted from the card (or from a
bank account) making sure that the invoice/bill is paid
on time.
Authorisation of service providers to deduct the amount
is required.
This is an automated clearing house payment.
(continued)
Pdf_Folio:87

MODULE 2 Future of Money 87

 TABLE 2.11 (continued)

Payment method Description Type of customer

Cheque A cheque is a form of promissory note, usually issued Personal and business
through a bank cheque book.
Payments can also be processed in fiduciary money;
this is becoming less popular.

Cryptocurrencies These are decentralised and distributed payments Personal and business
outside the traditional financial system.

Source: CPA Australia 2021.

DIGITAL PAYMENT SYSTEMS

The payment systems and methods described above have inherent peculiarities and functionalities, and
are part of a broader monetary, financial and regulatory system. The emergence of the digital economy
has dramatically changed the payments landscape. New business models and types of payment systems
have emerged. These developments are primarily intended to provide a safe, secure and seamless customer
experience, along with enabling cost-effective and faster facilitation of transactions. For businesses, digital
payments can also provide real-time data to integrate into their analytics strategy.
There are usually four types of digital payment.
• Card-based payments. These payments typically involve a physical card, such as a credit or debit card,
as well as a POS terminal where users need to insert or swipe their card.
• Electronic fund transfer (EFT). These payments tend to be direct credit and debit transfers. Examples
of EFT payment service providers include BPAY’s Osko (fund transfer and invoice payment) and PayID
(instant payments via a banking app).
• Digital wallets. These payments are made via digital platforms and include mobile payments (app-
based), mobile wallets and cryptocurrency wallets.
• Hybrid payments. These payments combine multiple payments technologies, and include smart
payments, contactless payments, biometrics, voice commands, stablecoin and crypto-enabled payments,
and buy-now-pay-later (Bank for International Settlements 2016; Caddy et al. 2020; Dab et al. 2017;
Euromonitor 2019).
These four types are discussed in detail in section 2.5. Here, we will examine services, protocols and
technologies that enable innovative digital payment methods.

Payment Gateways and Payment Service Providers

Payment gateways enable digital payments by transmitting customer transaction information to the
business’s merchant account, where funds are held until the transaction is cleared. Once the transaction is
settled, the bank releases the funds to the business’s bank account.
Bricks-and-mortar businesses use payment gateways for physical card reader and NFC-capable devices
so customers can make on-site payments. The payment gateway sits between the POS terminals and
the company’s internal systems. It receives, authorises and fulfils payments made via cards and other
contactless technologies. Most large businesses tend to manage and process these payments on-site using
their internal servers and systems.
Online businesses use payment gateways for online payment platforms, such as PayPal and Stripe,
to enable a secure payment environment. PayPal’s payment gateway is a redirect system that takes the
customer to the PayPal page for finalisation of a payment. Stripe’s payment gateway is less visible
to customers because checkout is completed on the business’s own site, with the payment processing
completed through Stripe’s back-end.
A payment service provider (PSP) (or third-party payment processing company) provides merchants
with everything they need to access digital payments. PSPs usually provide both a merchant account and a
payment gateway. Because a PSP works with a wide range of different merchants, they take on the financial
risk of every business they are connected with.
Businesses use PSPs because they handle and manage the entire payment process for the business.
They allow businesses to access a variety of payment channels, so they can provide a seamless payment
experience to their customers. In Australia, Adyen, Stripe, BitPay, eWay, iATS payments, Tyro and PayPal
Express Checkout are among the PSPs that provide payment gateways and merchant accounts.
Pdf_Folio:88

88 Digital Finance
EMV
EMV is a global standard for payments that deals with the authentication and security of chip-card
transactions. EMV chip-cards are almost impossible to counterfeit.
Merchants need special payment-processing devices to comply with EMV standards. The data that
is transmitted from an EMV card during a transaction is encrypted, so even if a third party intercepts
transaction information, it will be almost impossible for them to use.

NFC
NFC payments are equally secure to EMV payments. NFC allow smartphones and payment readers to
communicate when they are placed within a few centimetres of each other. NFC payments use a mobile
wallet. They are contactless, faster and more convenient than EMV, and thus are becoming more popular.
Contactless payments will be discussed in more detail later in this topic.
.......................................................................................................................................................................................
CONSIDER THIS
The security mechanism of EMV chip-cards only works with EMV processing devices. If a merchant runs a fraudulent
credit card in a credit card reader that is not EMV-enabled, then the issuing bank can refuse any liability for loss of funds
since banks and processing networks have changed their liability policies. Businesses have thus been compelled to
use EMV terminals to process EMV cards. However, EMV payments are already being displaced by NFC payments.
How can a business manage the risk of needing to constantly upgrade payment technologies?

Australia’s New Payments Platform

Australia’s New Payments Platform (NPP) is an open-access, industry-wide infrastructure that enables
near-real time data-rich payments (AusPayNet 2018; Rush & Louw 2018). The NPP launched in 2018.
Before the launch of the NPP, online payments between accounts in different banks could take up to three
days due to the clearing and settlement process. Such transfers required the use of BSB and bank account
numbers, resulting in numerous cases of mistaken payments. Transfers made through the NPP follow
the RBA’s Fast Settlement Service, making funds available instantly at the receiver’s account without
settlement and credit risks (Fitzgerald & Rush 2020).
The NPP:
1. enables versatile, fast and data-rich payments for the ecosystem’s stakeholders
2. enables real-time settlement and clearing for simple and sophisticated payment solutions (less than a
minute) between two bank accounts held with different financial institutions
3. utilises PayID to simplify payments and provide detailed information to go along with payments.
PayID streamlines the sharing of account details by allowing phone numbers, email addresses and ABNs
to be used for account number addressing.
Owned and operated by BPAY, Osko is the first NPP overlay service. An overlay service provides banks
with access to exactly the same software (and thus ensures interoperability), while enabling each bank to
impose their own branding. Osko payments:
• enable businesses and consumers to send payments to and from eligible bank accounts held at
participating financial institutions within Australia. Real-time clearance of available funds can be made
to PayIDs and BSB accounts
• ensure a consistent customer experience via predetermined and prescribed service-level agreements
• allow detailed data-enriched remittance information (up to 280 characters) to be embedded in payments.
In total, 60 banking institutions (including the Big Four, other major banks and some neobanks) have
adopted or are adopting Osko.
.......................................................................................................................................................................................
CONSIDER THIS
Osko enables up to 280 characters of data to be embedded in payment transactions. What potential applications
are there for this feature?

Cloud-Based Payment Systems

Cloud-based payment systems enable payments over the internet without the need for a physical POS
terminal. A cloud-based POS terminal accessed via the web provides greater flexibility, allows interoper-
ability with traditional EFTPOS systems, integrates with mechanisms such as Apple Pay, is scalable and
resilient, and provides a cost-effective pathway to keep up to date as new payment mechanisms emerge.

Pdf_Folio:89

MODULE 2 Future of Money 89

 Cloud-based payment systems tend to be more secure than physical systems, because they must have
solid, robust and regularly updated security measures in order to remain compliant with the Payment Card
Industry Data Security Standard (PCI DSS).
Cloud-based payment systems offer integration with and interoperability between other systems, such as
accounting software, loyalty programs and customer interfaces (including mobile, attended and unattended
retail interfaces). A cloud payment system can be either public or private. The choice depends on the
strategic utilisation and the level of integration and migration with other channels/key systems that a
banking institution wishes to achieve, along with potential trade-offs between security and scalability.
Payments are not a siloed function; on the contrary, they are deeply embedded in organisational
processes, infrastructures and across key channels and systems. This means that integration requires
synchronisation of all key systems, along with considerations regarding security and privacy to manage
cybersecurity risks. Adoption and integration within legacy payment systems therefore needs to be
carefully planned to ensure a smooth transition to cloud-based payment systems.

2.5 TYPES OF DIGITAL PAYMENTS

Digital payments include a cohort of different instruments that can be used in a variety of ways (stand-
alone, combined or blended). There are usually four overarching categories of digital payment, each
including multiple payment instruments, as shown in figure 2.3. We will discuss each category in turn.

FIGURE 2.3 Digital payment categories and instruments

Digital payments

Electronic fund
Card-based Digital wallet Hybrid
transfer (EFT)

Smart and
Credit card Direct debit Mobile-based contactless (e.g.
Tap & Go)

Biometerics (e.g.
Platform/online-
Debit card Direct credit smile-to-pay,
based
fingerprint, voice)

Unified payments Mobile Buy-now-pay-later

interface application

Cryptocurrency Crypto-enabled
wallet and stablecoins

Source: CPA Australia 2021.

CARD-BASED PAYMENTS
Card-based payments (e.g. credit cards, charge cards, debit cards, prepaid cards and stored-value cards)
are considered digital payments because they are usually initiated, authorised, authenticated, cleared and
settled electronically (Bank for International Settlements 2016).
The following parties participate in a card-based payment.
1. The consumer (cardholder) intends to make a purchase and promises to pay the issuing bank the amount
of the purchase.

Pdf_Folio:90

90 Digital Finance
 2. The issuing bank (where the consumer holds an account) offers credit (line of credit) and/or debit
(debiting funds from the consumer’s bank account) capability to the consumer and is responsible for
transferring the money of the purchase to the acquiring bank. The issuing bank is liable for the amount
of the purchase to the acquiring bank.
3. The acquiring bank (the bank of the merchant) is responsible for accepting the money for the purchase.
If the merchant is not able to provide the purchased goods or services, the acquiring bank is liable to
the issuing bank for the charges made by the merchant.
4. The merchant is responsible for selling goods and services and is able to accept debit, credit or prepaid
cards as a medium and promise for payment.
The terms and references, processing protocols, fees, obligations and other factors are determined by
the companies that administer the particular card, the banking institutions, and the relevant payment and
financial regulations.
Prepaid or stored-value cards have monetary value stored in the actual card or in the account associated
with the card. Prepaid cards are usually issued under the name of the cardholder, whereas stored-value
cards are in most cases anonymous.
A charge card enables the cardholder to purchase goods or services which are paid by the card issuer
(e.g. a company providing a corporate taxi charge card to an employee to travel to the airport).
.......................................................................................................................................................................................
CONSIDER THIS
In 2018, Mastercard initiated the Green Payment Partnership to encourage the global payments industry to shift
towards more sustainable card materials. What other environmental issues might be associated with different physical
and digital payment methods? Would these factor into your business decisions?

ELECTRONIC FUND TRANSFER (EFT)

EFT involves direct debit and credit transfers between accounts within and across financial institutions.
A unified payments interface (UPI) enables direct transfers between two accounts using a mobile app and
thus UPI transactions are considered EFT-based instruments. EFT-based payments are considered digital
payments, as the process can be conducted electronically (Bank for International Settlements 2016).
Electronic bill payments are also considered EFT payments, because funds are transferred from one
account to the other in order to pay a bill. In Australia, the most popular electronic bill payment system
is BPAY. BPAY enables payments to be made via a banking institution’s online, mobile or telephone
banking interface to organisations that are registered as BPAY billers.

DIGITAL WALLETS
While card-based payments and EFT are widely adopted, digital wallets are a relatively new payment
technology. A digital wallet (or e-wallet) is an electronic device, software program or online service that
a party can use to electronically transact with another party by means of digital currency. A digital wallet
can store:
• information about the user’s payment instruments, including credit and debit cards, prepaid cards and
bank accounts
• identification documentation
• a variety of other information such as boarding passes for flights, concert tickets and loyalty cards.
Users access their digital wallets mainly through the internet and via electronic devices such as
computers and smartphones.
• The digital wallet itself can be used for online purchases.
• Digital wallets operated via mobile devices can be used for NFC-based payments.
The functionality of digital wallets is steadily evolving beyond basic financial transactions. A digital
wallet can serve the purpose of a payment channel, storage of information and transmitter/receiver of
encrypted data. For example, a digital wallet can be used to authenticate the wallet-holder’s personal
credentials including legal identification. Cryptocurrency wallets may also store private keys for cryp-
tocurrency coins.

Business Applications
Both from a merchant (business) and customer/user point of view, it is important to understand the
utilisation of digital wallets, and have a solid understanding of the terms and conditions applicable for
responsible use of both the hardware and software technology.
Pdf_Folio:91

MODULE 2 Future of Money 91

 Especially from the business side, it is important to partner with reputable, reliable and secure providers
in order to minimise or even eliminate fraud that can result in liability issues, loss of funds, bad customer
experiences and reputational damage.
The advantages and disadvantages of digital wallets are summarised in table 2.12.

TABLE 2.12 Digital wallets — advantages and disadvantages

Advantages Disadvantages

• Convenience and comfort. No need for access to • Not all retailers may accept all kinds of digital wallets.
cash, physical cards or account numbers. • Consumers still need to carry a smart device.
• Can hold many different types of cards (e.g. credit, • The device that holds the digital wallet needs to be
debit, loyalty, reward and ID cards, and coupons). electronically charged.
• Information is securely stored within a third-party • Security depends on the device settings and
system, and is protected by password and/or up-to-date software. Responsible management and a
biometric verification. degree of ‘tech-savvy’ is required.
• Widely accepted around the world. • Depending on the merchant, wallet and POS
• Payment initiation and authorisation is required by terminal, additional charges/fees may be incurred.
means of PIN or biometrics provision. • Could lead to irresponsible and uncontrolled
• Can track spending habits and promote better spending (e.g. buy-now-pay-later schemes are easy
financial wellness (e.g. assigning a fixed budget, to access and use).
or breaking down spending by category). • Can be costly for merchants, especially if they
• Cost-effective for retailers: no need for human develop their own digital wallet (development,
tellers/cashiers; technological developments in maintenance and software/hardware costs
POS terminals can reduce transaction costs for may apply).
merchants (e.g. Square). • Can lead to human cashiers/tellers becoming
• Seamless experience for customers/users creates a redundant or unemployed.
competitive advantage for merchants. • System outages can prevent merchants from
• Can support scalability of businesses and provide processing digital wallet payments.
access to new revenue streams (e.g. formerly • Encryption of customer information requires constant
cash-only merchants, such as vendors at updates and maintenance to avoid privacy and
markets, may now accept payments using a security issues.
contactless POS).

Source: CPA Australia 2021.

Types of Digital Wallet

Digital wallets can be the following.
• Mobile-based — hosted on a mobile device such as a smartphone. This type of digital wallet includes
applications that are developed for specific mobile devices (e.g. Samsung Pay for Samsung devices;
Apple Pay for iPhones; Google Pay for Android devices and Microsoft Wallet (for devices running
Microsoft Edge). Smartphone-specific applications allow for the linkage and storage of debit and credit
card information in order to make a digital payment at retail and online stores. Smartphones and
smartwatches are the two most popular means of payment. A POS terminal is required and payment
is processed by means of NFC contactless technology.
• Platform/online-based — hosted in software, either in the cloud or on a computer (e.g. PayPal). These
wallets can be accessed via browsers.
• Mobile application — provided by banks/credit card providers or third parties. This type of digital
wallet includes mobile banking applications and other apps that have been developed by credit card
providers (e.g. Visa Checkout, Mastercard Masterpass) and stand-alone apps developed by third parties
as alternative payment methods (e.g. Venmo, Adyen and Chase Pay).
• Cryptocurrency wallet — used to store cryptocurrency (e.g. BRD Bitcoin wallet for iOS). Crypto wallets
are explained further in section 2.11).
Mobile wallets are very secure as they leverage complex encryption and tokenisation technologies
to generate time-limited token numbers which are used to process a specific transaction linked to the
encrypted data that is stored in the mobile device. Mobile wallets primarily utilise NFC and quick response
(QR) codes in the payment process. Table 2.13 compares the three most widely adopted mobile wallets —
Apple Pay, Google Pay and Samsung Pay.

Pdf_Folio:92

92 Digital Finance
 TABLE 2.13 Comparing mobile wallets — Apply Pay, Google Pay and Samsung Pay

Apple Pay Google Pay Samsung Pay

Payment capability NFC NFC NFC

Online purchases Yes Yes No

In-person Yes, in major retailers Yes, in major retailers Yes, in major retailers
purchases

Supported cards Major credit card providers Major credit card Major credit card
Loyalty and reward cards providers providers
Loyalty and reward cards Loyalty and reward cards
Ability to directly connect
to PayPal account

Person-to-person Yes No — requires separate No

transfer app

Security feature Data never stored on phone, Data encrypted and Data not stored on the
or on Apple servers stored on secure servers, phone
Two-factor authentication not on phones Iris, fingerprint or PIN for
through Touch ID or Face ID Virtual account number authentication of every
Actual account numbers not shared with merchants, transaction
shared with merchants not the actual account
number

Source: CPA Australia 2021.

.......................................................................................................................................................................................
CONSIDER THIS
For your business or a client’s business, what is the relevance importance of each factor listed in table 2.13?

HYBRID FORMS OF DIGITAL PAYMENTS

Digital payment technologies and applications continue to evolve. Innovative blending of different payment
technologies and data sources has given rise to various hybrid forms of digital payments in the quest to
create a more seamless, secure, modern and convenient customer experience and business operation.
We will briefly explore how mobile technologies, smart devices, contactless payment technologies,
buy-now-pay-later and cryptocurrencies have been integrated with other digital payment methods to
create hybrids.

Mobile
Mobile devices, communication technologies and cloud-based POS terminals enable digital payments to
be conducted anywhere (Bank for International Settlements 2016; Euromonitor 2019; Hinchliffe 2019).
Some mobile POS (mPOS) technologies can process transactions without an active internet connection by
communicating directly between the POS terminal and customer’s device.
Digital payment methods that use mobile technologies have applications in-store and for remote pay-
ments. For example, in-store retail transactions can be decoupled from shop checkouts, while tradespeople
can use remote mobile payment methods to process payments using a smartphone, tablet or other device on
job sites. Both approaches provide a seamless customer experience, and a secure and efficient transaction
for the merchant.
In-store and remote payments can use mobile wallets, described in the previous section, or QR
code payments. A QR code is a two-dimensional barcode that can store data information and is readable
and quickly decoded by a smartphone. QR codes work via certain banking apps. Consumers initiate a
payment by scanning the QR code on the retailer’s POS terminal (Euromonitor 2019). QR codes used in
applications such as boarding passes cannot be edited, but QR codes linked to a webpage or other system
can be updated, and these are useful in many business applications (e.g. enabling customers to scan a
QR code on a café menu to place an order). US-based CVS Pharmacy is rolling out Venmo QR code
technology and PayPal as a payment method across its retail stores. Shoppers will be able to scan a QR
code with their smartphone to pay by means of stored credit or debit cards, PayPal Balance, PayPal Credit,
Venmo Rewards or Venmo Balance.
Pdf_Folio:93

MODULE 2 Future of Money 93

 Remote mobile payments can be conducted via:
• internet using a browser or app to pay for goods and services. Potential methods include entering
card details into a web-form or payment page manually, charging a card attached to a mobile app
automatically, using a PayPal account, or following a link attached to a digital invoice.
• payment links embedded in an email, SMS, social media post or message/notification provided by an
app. The link opens a checkout page, where the customer can enter their card details.
• SMS payments processed through the user’s phone network provider. The payment is added to the phone
bill or deducted from prepaid credit held on the SIM card. This service is simple, but can attract high
fees due to the number of intermediaries involved.
• direct carrier (or operator) billing in which the customer’s phone number is utilised as the payment
credentials and, upon authentication, the payment is added to the customer’s phone bill, similar to an
SMS payment.
Mobile is one of the defining technologies of digital financial services, so it is not surprising that some
businesses that began as mobile communication services have leveraged their technology, user base and
data-enabled capabilities to enter the payments space and thus access new value-creation and revenue
streams. Example 2.4 briefly describes three such companies.

EXAMPLE 2.4

Mobile Platforms Entering the Payments Space

LINE Pay is a mobile wallet and payment application integrated with LINE’s mobile messaging application
(Euromonitor 2019). LINE Pay allows consumers to store Visa, Mastercard and JCB credit and debit cards.
JCB cards are only accepted by some merchants on LINE-affiliated websites. For in-store payments,
consumers make payment with the LINE Pay application either by showing a personalised code that staff
can scan, or by scanning the merchant’s QR code from the POS terminal. Consumers are also able to
make purchases online by choosing LINE Pay as a payment method, where available. Doing so will take
consumers to the LINE Pay online page to complete the payment.
WeChat Pay functions similarly. WeChat Pay is a mobile wallet and payment application that is
integrated into the WeChat messaging application. Consumers can link Visa, Mastercard, American
Express, Discover Global Network and JCB credit and debit cards to the mobile wallet. It allows consumers
to make payments through personalised codes or via QR code in stores. WeChat Pay also allows
consumers to make payments online. Furthermore, WeChat Pay enables consumers to make person-
to-person fund transfers through its application.
WhatsApp is a messaging application owned by Facebook. Facebook has been exploring ways to
enable its customers to make digital payments using its messaging apps. Integrating digital payments
across all of Facebook’s platforms, including WhatsApp, will lay the groundwork for more diverse digital
payments within the Facebook ecosystem. WhatsApp has integrated a mobile wallet functionality in its
messaging app. This service launched in Brazil recently, allowing customers to link their credit cards issued
by Brazilian banks to WhatsApp Pay, and make person-to-person digital payments to their contacts within
the messaging app for free. Customers are also able to make online purchases from small merchants
(BBC 2020).

.......................................................................................................................................................................................
CONSIDER THIS
What role should mobile digital payments play in your business or your client’s business?

Smart and Contactless Payments

Smart and contactless payments are types of proximity-based payments. Proximity-based payments allow
consumers to initiate a transaction without touching a POS terminal. Instead, they simply hold their card
or device close to the merchant’s POS terminal. The COVID-19 pandemic has facilitated faster uptake of
hybrid forms that incorporate contactless payment.
Instruments that enable contactless payment include credit and debit cards, smart cards, digital wallets
and banking apps hosted on smart devices. Merchants can also use smartphones as payment terminals.
Most contactless payment systems use radiofrequency identification (RFID) or near-field communication
(NFC) to make secured payments. The process takes less time than chip-card and PIN technologies.

Pdf_Folio:94

94 Digital Finance
 Example 2.5 examines one financial institution’s development of wearable payment devices as a
possible next step in customer convenience.

EXAMPLE 2.5

Wearables for Payments

Kredietbank ABB Insurance CERA (KBC) Bank is a Belgian financial institution offering multi-channel
banking, insurance and asset management services. KBC has been exploring ways to better implement
mobile payments beyond using smartphones. From December 2018 to December 2019, KBC conducted
trials of mobile payments through wearables with 1000 of its customers (Russey 2018). Following a
successful trial, KBC rolled-out mobile payments through wearables. All KBC customers are now able
to add their debit card to their choice of wearables, which include rings, smartwatches, key fobs and
bracelets developed in collaboration with fashion brands such as Berg, Gemini and Mondaine (Clark 2020).
To pay, customers imply bring their wearable device close to the merchant’s POS terminal.
Small-value contactless card transactions can be completed without a PIN code, but identity verification
is important crucial to the use of contactless payments for larger transactions. Biometrics offer one
solution, enabling payments to be verified by scanning a consumer’s fingerprints, voice or facial features
(Graham 2015). The iPhone, for example, can use fingerprint or facial recognition technology to finalise
an Apple Pay payment in combination with NFC technology. BNP Paribas has introduced Visa cards
that use fingerprint authentication to enable secure larger-value contactless card transactions (Flinders,
2020). Biometric-enabled POS systems (normally utilising a camera) capture the required information from
consumers and match it to bank accounts or databases (France-Presse 2019). While some businesses,
such as Alipay in China, have already adopted biometrics, it remains a nascent technology when compared
to other forms of digital payments.

Buy-Now-Pay-Later
Buy-now-pay-later services like Afterpay allow consumers to buy and receive goods immediately
while paying off the full price in instalments. Example 2.6 describes how Afterpay works.

EXAMPLE 2.6

Afterpay
Afterpay enables consumers to pay for purchases in four fortnightly interest-free instalments. Customers
store credit card information with Afterpay, and Afterpay approves spending limits based on customers’
repayment history. Using Afterpay online is similar to other online wallets. Consumers select Afterpay as
the payment option and log in. The payment arrangement is set up automatically without consumers
needing to do anything else. The process of using Afterpay in a physical store is similar to using
smartphone/smartdevice wallets for in-store payments. The first instalment is automatically charged to
the customer’s Australian credit card. An email receipt is sent to the consumer. Provided the consumer
pays on time, there is no additional cost to them. Late fees are charged if instalments are paid late.
From the merchant’s perspective, Afterpay integrates with various POS platforms. Afterpay settles the
transaction with the merchant. Afterpay therefore assumes any credit or fraud risk. The merchant receives
their funds 48 hours after settlement. Merchants pay a fee and a commission per transaction.
Afterpay has been accused by consumer associations of promoting irresponsible spending and leading
customers into huge debts.
There is debate about whether Afterpay is a payment system or not. Afterpay argues that it is a
customer acquisition channel for merchants, and that it has substantial differences from regular credit
card schemes. The value proposition behind Afterpay’s business model is not grounded on its payment
processing functionality, but rather the connectivity attribute between retailers and consumers (especially
Millennials). Afterpay classifies itself as a platform with a built-in payment functionality similar to Amazon
or Uber Eats.

.......................................................................................................................................................................................
CONSIDER THIS
How would you evaluate Afterpay’s value proposition in terms of the needs of your business or your client’s business?

Pdf_Folio:95

MODULE 2 Future of Money 95

 Buy-now-pay-later organisations are essentially unregulated in Australia. Some groups claim this could
be detrimental to vulnerable people, as these organisations are offering unregulated credit (Derwin 2020).
In response to a Senate inquiry and a call by the Australian Securities and Investments Commission (ASIC)
for stronger consumer protections, buy-now-pay-later organisations such as Afterpay, Zip and Openpay
are developing an industry code of standards (Eyers 2020).

Stablecoins and Payments

In section 2.3, we briefly described the use of cryptocurrencies in digital payments. One of the key
obstacles to the use of cryptocurrency for mainstream payments is the instability often associated with
them, particularly Bitcoin. A stablecoin is a cryptocurrency that the platform attempts to peg to a ‘real-
world’ asset in order to achieve a relatively stable value. Eftpos has partnered with Hedera Hashgraph to
explore and test the development of a digital Australian dollar stablecoin for micropayment purposes. In
principle, a digital wallet that is loaded with stablecoins could be used for pay-per-page, pay-per-second
or streaming purchases. Stablecoins are discussed further in part D of the module.

CONSIDERATIONS FOR BUSINESS

Digital transformation places a business within a digital ecosystem. For example, a business can use
Shopify to set up its website. All the payments that happen on Shopify will automatically aggregate into a
single platform that is also integrated with the business’ accounting system, expense management system,
HR system, payroll system and procurement system. Everything is integrated, enabling a much better
shopping experience or expense experience, and a much more efficient way of running a business, saving
time and costs. Payments are no longer considered to be mere transactions. They have become a holistic
modern and seamless customer experience for competitive advantage.
The benefits of digital payments for business are summarised in figure 2.4.

FIGURE 2.4 Benefits of digital payments

Security
• Digital payment systems store payments information in a secure server or a microchip embedded in the
phone (for Apple Pay).
• The consumer’s payment information is tokenised during the transaction. No actual payment informa-
tion is transmitted.
• The security features protect the merchant from fraudulent claims against charges made using a
stolen card.
Convenience and seamless checkout
• For businesses with an e-commerce site, digital payments often mean consumers’ details are pre-
populated, providing customer convenience and reducing the risk of errors that cause problems in
fulfilling the transaction.
• Businesses can focus on providing a customer value proposition that extends beyond the goods and
services offered to the whole shopping and payment experience.
Increased efficiency, long-term cost-saving
• Digital payments are relatively easy for businesses to adopt because most POS terminals work
with a variety of payment technologies. Cloud-based POS terminals enable upgrades as the
technology evolves.
• Errors when processing manual payments are minimised as information is synchronised automatically
and in real-time with providers.
• Digital payments enable a digitised workflow and easier transaction tracking, creating cost-efficiencies
throughout payment life cycle.
Source: CPA Australia 2021.

Possible costs of implementing digital payments for businesses with a physical presence include:
• the costs associated with properly training staff on the various digital payment methods
• possible loss-of-sales costs in the event of widespread digital systems failure (particularly if there are
no alternative cash-based payment procedures in place)
• installation costs for POS terminals.
Pdf_Folio:96

96 Digital Finance
 Example 2.7 describes Airwallex’s Airwallet hybrid solution for businesses that transact internationally.

EXAMPLE 2.7

Airwallet
The conventional way to access credit was to complete information on a paper-based application form and
submit it at a physical bank branch for assessment. Digital finance has largely replaced this approach. For
example, Airwallex’s Airwallet lets its customers set up a bank account, even an international account,
instantly. The account instantly allows receipt of payments in various countries, using a card, wallet or
bank-to-bank transfer.
Upon a payment being made, the recipient receives a notification instantly, instead of having to check.
This provides real-time transparency of all transactions. All transaction data is automatically synchronised
with the business’s accounting systems such as Xero, removing the need for Excel-based reconciliation.
Similarly, a corporate card product replaces the traditional corporate card and its associated paperwork.
For example, using a traditional bank, a paper form would be completed for each employee that will be able
to use the card. Employees need to submit physical receipts, the details of which then are input manually
into the business’s expense management system. With the Airwallex corporate card, the business can
instantly issue a card to an employee, all the know-your-customer onboarding is automatic and digitalised,
so it can be done online. The expense information is automatically synced to the accounting system.
Receipts can be recorded as photos and uploaded to the cardholder management system.

.......................................................................................................................................................................................
CONSIDER THIS
How would you evaluate Airwallet’s value proposition for your business or your client’s business?

QUESTION 2.2

Discuss the advantages and disadvantages of smart, contactless payments systems.

2.6 THE FUTURE OF DIGITAL PAYMENTS

In this section, we discuss a number of trends and issues in digital payment technologies and applications.
Emerging issues are important to consider when evaluating the benefits and risks of using digital payments
to achieve the organisation’s goals.

CASHLESS SOCIETY
We briefly discussed the concept of a cashless society in section 2.2. RBA data shows cash transactions
accounted for only 27 per cent of all payments in 2019, compared to 69 per cent in 2007 (Caddy et al. 2020)
and the COVID-19 pandemic is expected to have further reduced the use of cash. Globally, countries have
been slowly phasing out higher value banknotes, and there are serious discussions by governments about
the implementation of digital currencies (Wood & Morris 2020). Moving towards a cashless society will
have major impacts (Kale 2020), and businesses would be required to adopt digital payments (either at will,
or through regulation). Organisations offering digital payments will need to build trust and continuously
innovate to increase their ability to cope with a significant uptake of digital payments by consumers and
businesses. Consumers, especially those who are less tech-savvy and those who are vulnerable (and have
limited access to technology and devices), would need support to learn and adapt to these changes, and
this could create some challenges and barriers.

PERSONALISATION
Financial institutions and services providers, like many businesses, are increasingly utilising customer
data to provide personalised services to customers. For example, the financial services affiliate of Alibaba
in China, Ant Technologies, offers tailored financial services packages and merchant offers to customers
using advanced analytics (Dab et al. 2017). Grab in Asia-Pacific uses personalisation to differentiate itself
from competitors by providing a localised loyalty program, GrabRewards, to customers when they use
Grab’s services (Euromonitor 2019).
Pdf_Folio:97

MODULE 2 Future of Money 97

 There may be an upward trend towards collaboration between traditional financial institutions and
digital payments platforms (AusPayNet 2018) to enable further personalisation efforts to meet customer’s
expectations for convenience and seamless payments experiences.

FRICTIONLESS PAYMENTS
Frictionless payment is the ability to make payments with minimal human-to-human and human-to-
machine interactions. Imagine driving up to a petrol station, filling your vehicle with petrol, getting back
into your vehicle and driving off. A minute later, you receive a notification on your electronic device
informing you that you have been charged for petrol. That is a frictionless payment. BP currently has such
a system, but it requires the customer to confirm some details in the car before they fill up.
Woolworths’ Scan&Go app is another example of how frictionless payments are manifesting in
Australia. The app allows consumers to scan items they have picked up, bag them and make payment for
the items. After making payment, the consumer only needs to scan the QR code at the Scan&Go counter to
finalise the transaction. The whole process requires no human-to-human interaction, and minimal human-
to-machine interaction.
There is a trend towards more frictionless payment solutions, in part due to changes in consumer
demographics, with Gen Y and Gen Z consumers gravitating toward mobile payment applications that
minimise interactions (Accenture 2017b; Riemer et al. 2017). This could result in an increase in the uptake
of FinTech platforms providing digital payments. Traditional institutions are also introducing their own
digital payments platform to meet the expectations of these consumer groups. Gen-Z consumers are likely
to want a more advanced payments system that incorporates big data and artificial intelligence (AI) into
mobile payments (Accenture 2017b).
.......................................................................................................................................................................................
CONSIDER THIS
How frictionless are payments in your business or client’s business? Could digital payments improve the payment
experience? How?

CYBERSECURITY/FRAUD PROTECTION
Digital payments involve the transfer and exchange of electronic information, which is susceptible to
cybersecurity breaches and fraudulent practices. While FinTech and financial institutions innovate to
provide more advanced payments systems, criminals are also attempting to out-innovate these companies.
Managing cybersecurity and fraud risks are therefore important priorities in the digital payments space
(Accenture 2017b).
Organisations are providing additional layers of security to protect themselves and provide consumers
with confidence. For example, when a new device is used to log in to an account or service, a notification is
sent to the user’s nominated primary device (and often two-factor identification is required to gain access).
Biometrics can also be used to provide added security and fraud protection. By using a combination of face
and voice to fulfil KYC/AML measures when accessing online-based banking services, organisations are
providing an additional layer of security to protect customers’ banking information and increase customer
trust in financial services. HSBC in the UK claims that the introduction of voice biometrics at its call
centres prevented almost GBP400 million of customers’ money from fraudulently falling into the hands
of telephone scammers in 2019.

FINANCIAL LITERACY
Financial literacy is the possession of the skills and knowledge to make informed financial decisions.
A lack of financial literacy among consumers will be detrimental to their financial well-being (Panos &
Wilson 2020). Individuals and groups lacking financial literacy may be at risk of financial exclusion, taken
advantage of by unethical individuals or businesses, or make poor decisions. For example, a customer with
poor financial literacy could be led into using buy-now-pay-later services despite being ill-equipped to
make timely repayments given their financial situation. This could potentially cause the customer to face
hardship if they default on their repayments.

THE CHANGING CONTEXT OF DIGITAL PAYMENTS

Banks are no longer the guardians of the payments industry. The entrance of non-financial players,
primarily BigTechs, that provide technological and data-driven capabilities are paving the way towards
Pdf_Folio:98

98 Digital Finance
 a payment-as-a-service mentality that will be driven by interconnectivity, interoperability, omnichannel
and integration of systems, processes and infrastructures.
Open banking is expected to play a central role in the sourcing and aggregation of more data and
the democratisation of payments as a vehicle for value creation. The gradual adoption of 5G mobile
communication technologies will enable faster, safer and optimised mobile and contactless payments that
will support innovative business models that utilise biometrics and other types of data for anti-money
laundering, know-your-customer and identification purposes.
The staging of the API and platform economy is expected to enable new governance and architectural
designs across all stakeholders of the digital payments ecosystem and beyond, embracing more change
in order to serve consumers and corporate customers. More developments are expected in order for the
financial services industry to capture growth. Payment and banking business models become customer-
centric, leveraging on streamlined operations, enhanced data analytics capabilities, along with simplified
cross-border payments and transactions.
All these trends need to be positioned within an organisation’s strategy development, in order to
effectively and efficiently evaluate how the business as a whole is changing, and determine which digital
payment processes may be most suitable to adopt (in line with relevant regulations and requirements).
.......................................................................................................................................................................................
CONSIDER THIS
The 2020 Digital Payments Report by Roy Morgan shows a decline in the use of bill payment services and online
payment platforms by Australians in 2020; a slight increase in contactless payment services in Australia; and growth
in the use of buy-now-pay-later, with 10.2 per cent of Australians now using some form of this service. How do you
expect digital payments to evolve? How would you choose a portfolio of digital payments services for your business
or client’s business?

QUESTION 2.3

Increased use of cryptocurrencies and e-money are moving us towards a cashless society. Assess
the pros and cons of a cashless society for a small retail business.

SUMMARY
The emergence of new and technology-enabled players who are introducing innovative digital payment
methods and platforms is shifting the overall payment landscape for merchants, consumers and financial
institutions. A new banking and payment services ecosystem is being shaped, featuring predominantly
digital payments using cards, EFT, digital wallets and hybrid approaches that blend aspects of all of these.
An evaluation of the role of digital payments to meet an organisation’s objectives needs to consider the
benefits, costs and risks of each potential application in terms of providing a personalised and frictionless
experience to consumers, and achieving efficiencies and creating value for the business.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

2.1 Evaluate the effectiveness of digital currency and payments in meeting the organisation’s
objectives.
• A digital payment refers to an exchange in which value is transferred electronically from one party
to another.
• Digital payments are widely adopted throughout the economy. Consumers and businesses are
transitioning away from cash. Consumers increasingly expect convenient and frictionless payments.
• Digital transformation places a business within a digital ecosystem in which the payment experi-
ence can be a source for competitive advantage.
• Evaluating the potential of specific digital payment options to achieve an organisation’s objectives
requires an understanding of their associated characteristics, advantages, disadvantages, value
proposition and risks.

Pdf_Folio:99

MODULE 2 Future of Money 99

PART C: DISTRIBUTED LEDGER
TECHNOLOGY
INTRODUCTION
Distributed ledger technology (DLT) is often considered to be a disruptive innovation that will continue to
affect multiple industries globally. In this part of the module, we will explain distributed ledger concepts,
including the advantages, disadvantages and risks associated with their use.
We will then discuss specific applications of DLT, including blockchain, and its potential applications
in business and finance, and smart contracts, including their role in decentralised finance (DeFi).

2.7 DISTRIBUTED LEDGER TECHNOLOGY

A distributed ledger is one that exists in a decentralised database architecture and that is not managed by
a central authority. In this section, we will explain basic DLT concepts and then examine the advantages,
disadvantages and risks associated with DLT applications.

DATABASES
A database is a structure for storing, managing and accessing data. Three different database architectures
are represented in figure 2.5.

FIGURE 2.5 Centralised, decentralised and distributed database architectures

Database Database
Address Address Database
book book
Address
MEL PER
Database book
Address Database
book Address
book
SYD
Database Database
Address Address
book book

Centralised database Decentralised database Distributed database

Source: CPA Australia 2021.

Centralised databases are located on a single storage device in a distinct location. They are easily
developed and maintained, but anything that leads to a loss of access to the storage device makes the
data inaccessible until the issue is resolved. Centralised databases can be slow, particularly as the volume
of data and number of users grow.
Decentralised databases are distributed over multiple interconnected storage devices in different physical
locations. These provide faster access and are more scalable as the volume of data and number of users
grow. They are more complicated to manage than centralised databases.
Distributed databases reside on all the computers participating in the network (these computers are
called nodes). A special type of algorithm called a consensus algorithm synchronises the data across every
participating computer. Since changes made to the database on one computer are replicated in the database
on every other computer, all participating computers need to be verified and honest. Distributed databases
have high robustness, reliability and availability. They are complicated and costly to set up, but operate
cost-effectively once established. One application of a distributed database is a distributed ledger.

Pdf_Folio:100

100 Digital Finance

DISTRIBUTED LEDGERS
Distributed ledgers are, by definition, shared ledgers. They may be shared to the general public or more
narrowly across a consortium or industry. Distributed ledgers use a consensus mechanism based on
cryptography to prevent malicious nodes from manipulating the database; for example, falsifying data
(Sunyaev 2020).
There are various types of DLT, each with its own data structure, distribution architecture and consensus
mechanism (Anwar 2018). Later sections in this module focus on the blockchain DLT.
As noted above, distributed ledgers may be shared to the public or to a smaller group. Distributed
ledgers are described as either permissioned or permissionless based on the way access and participation
is controlled.

Permissionless Ledgers
A distributed ledger without a specific owner is known as a permissionless ledger. Anyone can add data to
a permissionless ledger. Permissionless ledgers can be configured in such a way that existing data-entries
cannot be altered. These distributed ledgers then function as a permanent, public record, where people
can, for example, publicly assign property ownership. Because any data can be added and, once added,
cannot be changed, permissionless ledgers are a target for exploitation. For example, an analysis of the
core ledger of Bitcoin identified multiple links to online child abuse content embedded within the ledger.
As such, possession of the ledger would potentially be illegal in some jurisdictions. This poses a moral
and legal dilemma for users (BBC 2019; Gibbs 2018).

Permissioned Ledger
A distributed ledger with a defined set of owners is known as a permissioned ledger. The integrity of data
added to the ledger is assured through a limited consensus algorithm carried out by trusted parties (e.g.
governments or banks). The consensus system of permissioned ledgers tends to be less complex and faster
than the systems used in permissionless ledgers. In addition, permissioned ledgers create highly verifiable
data sets, leading to a high degree of confidence.

Advantages, Disadvantages and Risks of Distributed Ledger Technology

The ability of anyone to be invited to become a member of a distributed ledger network and contribute
to it creates new opportunities for collaboration. For example, car manufacturers could create a shared
network across their suppliers, ultimately becoming able to trace each car part down to the site where the
raw resources required to create the parts were mined, thus ensuring compliance.
Within the financial industry, DLT not only redefines how the different market participants interact,
but it is also a promising technology for replacing legacy systems, which are based on outdated database
technology that is becoming too expensive to maintain. An abstract concept of how the system could look is
shown in figure 2.6. Instead of each bank operating as a silo with its own centralised system that potentially
cannot communicate with the systems of partners, a shared network can be created, characterised by:
• interoperability — the ability of connected systems to exchange and make use of data
• security — the protection of data from intentional and unintentional illegitimate changes
• increased transparency — the recording of data on a shared ledger.
In the network in figure 2.6, Bank A can transact directly with Banks B and C, but Bank B and C do not
directly share data; rather they only interact via the distributed ledger.
DLT reduces the risk of losses from cyber-attacks as there is no single point of failure and different
nodes hold a copy of the ledger. On the other hand, DLT is particularly prone to operational risks. With
permissionless ledgers being immutable, errors such as a financial transaction to a wrong account, cannot
be revoked, modified or cancelled.
No industry standards on DLT have yet been established, meaning that many institutions experimenting
with the technology are creating proprietary solutions. Standardisation and harmonisation of those
proprietary systems will be essential to maintain the transparent and decentralised nature of such databases
without putting confidentiality and privacy matters in jeopardy.
The technology is not yet mature and there is uncertainty in terms of laws and regulations throughout the
world. If DLT is to be widely used, market participants will have to actively embrace a transition towards
DLT and change their customs and practices.

Pdf_Folio:101

MODULE 2 Future of Money 101

 FIGURE 2.6 Conceptual DLT design for the financial industry

Silo Silo Silo

Bank A Bank B Bank C

Database
Address
book

Bank B Database
Database
Address Address
book book

Bank A Bank C
Source: CPA Australia 2021.

Table 2.14 summarises the advantages and disadvantages of DLT.

TABLE 2.14 DLT — advantages and disadvantages

Advantages Disadvantages

• Reliability and availability • Scalability

• Instantaneous settlement • Operational risks
• Recording of ownership • Inability to modify, cancel or revoke erroneous
• Low communication cost transactions
• Increased transparency • Potentially high efforts to achieve consensus
• High security • Costly (implementation)
• Immutable record of transactions • Difficult to implement and support

Source: CPA Australia 2021.

The business applications of DLTs are largely in the experimental and exploratory stage, but there is
substantial interest and work by financial services institutions, governments, big technology leaders and
others to determine operational models that could be able to be adopted at a greater scale. Example 2.8
presents a number of recent use cases that utilise different aspects and attributes of DLTs.

EXAMPLE 2.8

DLT Use Cases

Eftpos Payments Australia, in collaboration with DLT company Hedera Hashgraph, is working on a project
that would test the possibility and feasibility of using a digital Australian dollar stablecoin for the purpose of
micropayments (purchasing online content, e.g. pay-per-page, pay-per-second and streaming services).
Bursa Malaysia, in partnership with Hashtacs, is developing a proof of concept for a blockchain-based
bond trading venue. The so-called ‘Project Harbour’ is aimed at utilising DLT and asset tokenisation to
grow Malaysia’s fixed income market. (Australia has the world’s first blockchain-based bond, which was
issued in 2018 by Commonwealth Bank.)
The Tel-Aviv Stock Exchange (TASE) is preparing to launch a blockchain-based securities lending
platform providing a ‘one-stop- shop’ for all the related securities lending activities.

Pdf_Folio:102

102 Digital Finance

 The Spanish banks Banco Sabadell, Banco Santander, Bankia, BBVA and CaixaBank have successfully
completed a proof of concept that enables the execution of payments triggered by smart contracts
(discussed in section 2.9) when a number of pre-determined and pre-defined conditions are met. The
system can be potentially used within real business environments.

DLTs can play a pivotal role in accelerating digital transformation. It is important to take into account
that each use case is different, and the advantages and disadvantages of DLTs must be contextualised within
the specific business, technological, compliance, regulatory and policy-driven organisational architectures
and designs. For example, a public-permissionless blockchain network (e.g. Bitcoin blockchain) might be
more transparent and free to join, but its attributes may not be fully appropriate for a specific business
model. A public-permissioned network, enterprise-level private-permissioned network, or consortium-
level network that has both permissioned and permissionless attributes may be more appropriate to a
specific use case. In other words, a business needs to identify its problems and requirements and then
evaluate whether or how a particular DLT may be used to address those problems, fulfil requirements and
improve performance.

2.8 BLOCKCHAIN TECHNOLOGY

Blockchain is a form of distributed ledger that uses cryptographic techniques to confirm data entries. Each
subsequent entry is cryptographically linked to previous entries. To edit or delete an entry would require
manipulating all the linked entries on a majority of the nodes in the blockchain network. The distributed
network architecture makes this practically impossible. The blockchain record is therefore described as
being ‘immutable’ (Meola 2020).
The first and best-known blockchain is Bitcoin which hosts the cryptocurrency of the same name. Bitcoin
will be discussed in some detail in part D.
Blockchain has attracted considerable global interest and attention because it is seen as having potential
to remove the need for centralised authorities and intermediaries across an almost unlimited set of use cases
ranging from financial transactions to automated contractual agreements. The hype surrounding blockchain
around 2018 saw many businesses attempt to promote and implement the technology prematurely — most
use cases developed by industry were merely proofs of concept or pilots (Avi 2019).
This section aims to provide an understanding of blockchain technology and various ways it can be
implemented to provide the foundations from which its potential value to an organisation can be evaluated.

CONSENSUS MECHANISMS
Figure 2.7 provides a high-level schematic of how blockchain transactions are processed.
Miners are nodes that specialise in adding new data to the blockchain. They do this via a set of
algorithmic-enabled consensus protocols that ensure the highest level of reliability even among unknown
and potentially unreliable parties (Binance Academy 2020). When a miner adds data (in the form of a
‘block’) to the blockchain, they receive a reward or fee, which is paid in cryptocurrency. Cryptocurrency,
as explained in Part A, is a decentralised virtual currency that exists in a blockchain platform. The mining
process is hugely competitive and requires enormous processing power. It is thus energy-intensive (in fact
it uses so much electricity that its environmental impact is considered a major disadvantage of blockchain).
A variety of consensus mechanisms are used on different blockchains. The two most popular are proof
of work and proof of stake. Proof of work is based on the principle that a difficult mathematical puzzle
has to be solved by miners and the solution has to be proven easily by nodes. The distribution of mining
power across numerous nodes around the world makes it almost impossible for an attacker to manipulate
the network (they would need to possess at least 51 per cent of the computational power of the system). The
larger the network, the more resistant to manipulation it becomes (Tar 2018). Some smaller blockchains
have, however, been successfully manipulated in this way.
Proof of stake is a consensus mechanism in which users who have stake in the system are granted
the opportunity to validate blocks and earn rewards (Vasin 2014). Within a proof of stake consensus
mechanism, blocks are not mined by competing nodes, but rather ‘forged’ by users working together.
They are faster than proof-of-work mechanisms and thus are more scalable. Proof of stake mechanisms
Pdf_Folio:103

MODULE 2 Future of Money 103

include methods to prevent those with the highest stakes in the system from manipulating the database.
Validator nodes are paid via fees linked to the transactions they have processed.

FIGURE 2.7 How a blockchain processes a transaction

2. Miners generate block

Blockchain network Database
Address
book

1. Add new data entry Miner

Database Database
Address Address
book book

3. Nodes validate the new block

Blockchain network
Database
Address
book Nodes

Database Database
Address Address
5. Confirmation of entry book book
added to address book

4. New block added to the blockchain,

becoming permanent and immutable

Blockchain network
Database
Address
book

New block

Database Database
Address Address
book book

Source: CPA Australia 2021.

A SOLUTION TO THE DOUBLE-SPENDING PROBLEM

The key advantage of blockchain as a DLT is that it contains a mechanism to solve the double-spending
problem. When a consumer makes a purchase with physical currency, they hand over coins or a banknote.
They cannot spend the same currency again, as they no longer have it in their possession. Digital currency,
however, exists in a digital file — there is no handing over of physical currency. An effective digital
currency scheme therefore requires a way to prevent someone from spending the same digital currency
more than once.
Pdf_Folio:104

104 Digital Finance

 Normally a credit card or other digital payment can be queried or disputed and resolved with the issuing
bank. In decentralised digital currencies, however, there is no centralised authority to clear and settle
transactions. Blockchain is able to prevent double-spending by timestamping blocks of transactions, which
are then broadcasted to the network nodes. Once a transaction involving the currency has been recorded in
the blockchain, the network will not accept a second transaction by the same user with the same currency.

PERMISSIONS AND OWNERSHIP

In a public blockchain, every user is allowed to begin interacting with the network by submitting
transactions and hence adding entries to the ledger (Zilavy 2018).
Participation in private blockchains is invitation-based. This invitation is either validated by the
initiator of the network or by predefined rules (Jayachandran 2017; Zilavy 2018).

Permissionless Blockchains
Permissionless blockchains are truly decentralised public blockchains. As there is no central authority,
this type of blockchain ensures a maximum level of transparency — every transaction can be read and
traced, resulting in a high level of trust in the system. They are open to anyone and can incentivise users
to participate. On the other hand, permissionless blockchains are slow to operate due to the high level of
security and the complexity of consensus algorithms, and there are scalability issues (Singh 2020). Some
potential use cases of permissionless blockchains involve voting, fundraising and digital identity.

Permissioned Blockchains
Permissioned blockchains have a control layer that grants access to accepted users. For example,
users wishing to participate in Facebook’s cryptocurrency Libra, have to be registered and cleared via
government identification (Singh 2019). Private permissioned blockchains allow for additional governance
structures, making them organised and easier to administer. Permissioned blockchains involve fewer nodes,
making the consensus algorithms operate more efficiently, but they tend to be less secure, as their security
relies on the integrity of the members — a relatively small number of nodes with malicious intentions
could alter the blockchain or introduce censorship. Potential use cases include supply chain management,
banking and payments, and food tracking.
Permissioned blockchains may be either public or private. In a public permissioned blockchain, the
control layer does not interfere with the blockchain decentralisation or authority. In a private permissioned
blockchain, the control layer also governs transactions performed by the participants of the network.
Private blockchains are closed ecosystems that are governed by one organisation that is responsible
for participation, consensus protocol, and shared ledger maintenance. Typically, large centralised organ-
isations which leverage the power of the network for their own internal business operations utilise this
approach. By deploying such blockchains in an isolated business network environment, selected parties
and business partners can be connected to the system and the benefits of an immutable shared database
can be fostered. Further, every participant of the network is known, thus proving to be trusted. As this
type of blockchain is utilised within a trusted environment, the consensus algorithms do not have to be as
complex, thus improving processing speed and scalability. If a new member aspires to join the network, it
has to be granted permissions accordingly. These permissions determine what the new member is allowed
to see and whether the new user can conduct transactions. Private blockchains are often criticised for not
ensuring anonymity or fully utilising the concept of decentralisation. Examples of private blockchains are
Ripple (XRP) and Hyperledger.

Hybrid Blockchains
Particularly in complex environments where the partners and clients involved change constantly, the
utilisation of private blockchains proves difficult, as the business network often changes. In order to tackle
such challenges, hybrid blockchains can be utilised. Hybrid blockchains combine the concepts of private
and public blockchains in order to benefit from key aspects of both concepts (Zilavy 2018). This means
that while some processes are kept public, other processes are kept private.
Applications of such blockchains can, for example, be found across supply chains. While products move
along the supply chain businesses can conduct transactions against a private blockchain, allowing
them to track the products’ current status. This utilises the performance and scalability benefits of private
blockchains. When the product arrives in the supermarket, customers can scan a QR code, accessing the
Pdf_Folio:105

MODULE 2 Future of Money 105

public blockchain, providing them with information on the product’s authenticity and origin. Hereby the
benefit of public blockchains, where anyone can participate, are utilised and customers do not have to go
through the approval process used by private blockchains to access the information they need (Mearian 2019;
Zilavy 2018).

Consortium Blockchains
Consortium blockchains are a special hybrid between private and public blockchains and are often
considered as partly decentralised. They combine the single highly trusted entity-model of private
blockchains with the low-trust environment of public blockchains. This is achieved by a pre-selected set
of nodes controlling the consensus process (Buterin 2015).
An example could be 20 financial institutions agreeing on developing a consortium blockchain. Every
institution participates with its own node. If 15 of them approve a newly created block, it is considered
valid. Meanwhile, reading the blockchain could be a public right, being accessible by anyone. Potentially
this reading right can be restricted, only allowing the public to receive cryptographic proofs of parts of the
blockchain (Buterin 2015).
IBM Food Trust is a blockchain application, aiming to create a safer, smarter and more sustainable food
ecosystem. It does so by digitising data and transactions across the supply chain. Whilst authorised users
can provide data, such as tracking information, test data and certifications to the network, consumers can
publicly access the history of individual food items from farm to store (IBM 2020).
Table 2.15 compares the different types of blockchains.

TABLE 2.15 Blockchain ownership and permissions

Public Private Hybrid Consortium

Consensus Permissionless Permissioned Both Permissioned

mechanism

Centralisation No Yes Partial Partial

Participation High Low Low Low

Write Public Restricted/Upon Restricted/Upon Restricted/Upon

invitation only invitation only invitation only

Read Public Restricted Both Restricted

Efficiency/Speed Low High High High

Security Cannot be Can be tampered Can be tampered Can be tampered

tampered with with with with

Trust among No Yes Yes (for the private Yes

participants part)
No (for the public
part)

Source: CPA Australia 2021.

.......................................................................................................................................................................................
CONSIDER THIS
In order to accommodate new business models and innovations, different variations of blockchain architecture have
been emerging including public permissionless, public permissioned and semi-decentralised. All these variations
blend different characteristics and attributes from the main blockchain types. Does blockchain have potential
application in your business or a client’s business? What type would be most appropriate and why?

QUESTION 2.4

A client who wants to adopt distributed ledger technology (DLT) comes to you for advice on whether
to use a permissioned or permissionless ledger. What factors would you advise your client to
consider in making their choice? Why?

Pdf_Folio:106

106 Digital Finance

2.9 SMART CONTRACT TECHNOLOGY
Smart contracts are transactions that self-execute based on a set of programmed conditions. Smart
contracts are one of the most promising applications that can run within decentralised architectures, such
as blockchain. The underlying philosophy behind smart contracts is their ability to enable and execute
end-to-end transactions without any third-party intervention. Smart contract applications are largely still
in the proof-of-concept stage, but appear increasingly feasible (Levi & Lipton 2018). Example 2.9 outlines
how a simple smart contract might work in relation to a cargo delivery.

EXAMPLE 2.9

Smart Contract Basics

Assume a cargo ship is carrying Container Y to Singapore for a client. A smart contract is programmed
to automatically execute the issuance of the Bill of Lading to the shipper once they arrive in Singapore
provided the container of the container are intact and unopened.
Pre-installed Internet of Things (IoT) sensors on the containers register and transmit data. If the sensor
data shows the contents of Container Y have not been opened and have been stored properly and in
compliance to the respective quality standards throughout the journey, then that data will trigger the smart
contract to self-execute because the terms and conditions of carriage have been met. The Bill of Lading
can be automatically issued.

Smart contracts can self-execute based on rules, but they are not intelligent tools — they cannot parse the
subjective requirements that feature in many conventional business contracts (Levi & Lipton 2018). Grigg
(2015) suggested smart contracts should be developed in such a way that, in addition to the software rules,
they capture the legal contract behind an issuance, document the relevant information the participating
parties need to know, be human-readable, be efficiently executed and enable flexibility.
A major shortcoming of current smart contracts is their inability to push outputs to external systems (e.g.
executing payments in fiat currencies on traditional payment systems). This can be somewhat overcome
by a blockchain intermediary called an oracle (described later in the module).
At present, smart contracts have a scalability issue — their cryptocurrency-only transaction limitations
mean they have not been significantly adopted by businesses.

ETHEREUM
Ethereum was designed as a general purpose blockchain that would enable the creation of smart contracts.
To improve scalability and network performance, the platform is adopting a number of measures as part
of a transition to Ethereum 2.0 (Muzzy 2020). These are:
• sharding — partitioning the blockchain into separate, but interoperable chains so that multiple transac-
tions can be processed simultaneously
• proof of stake — replacing the proof-of-work consensus mechanism with the faster and more scalable
proof-of-stake mechanism
• interoperability with other blockchains — creating a smart contract execution environment that allows
rules implemented by other blockchains to interact with the Ethereum blockchain.

DISTRIBUTED APPLICATIONS
Distributed applications (DApps) feature a web application interface built over the top of one or more
underlying smart contracts. They thus enable easy interaction with services provided by a blockchain
(Antonopoulos & Wood 2018; Metcalfe 2020). Being connected to a blockchain, DApps are more resilient
than established centralised applications and benefit from higher transparency, as everyone can inspect the
code and any interaction is permanently recorded (Antonopoulos & Wood 2018).
Example 2.10 illustrates how DApps can be utilised in order to transform a physical asset into a digital
asset on a blockchain (a process known as tokenisation).

Pdf_Folio:107

MODULE 2 Future of Money 107

 EXAMPLE 2.10

Tokenisation
Superfly is an established international airline which had to ground its entire fleet for months, due to
a global pandemic. Eventually, Superfly starts experiencing significant cash flow issues and identifies
blockchain as a potential technology to facilitate short-term liquidity.
The airline develops a DApp on the Ethereum network. Objects are transformed into digital assets
through tokenisation. Throughout the transformation, tokens are assigned to those digital assets. The
following types of tokens can be generated.
• Security token. The airline tokenises its fleet. Each plane is worth 100 tokens (1 token = 1 per cent of
a plane) and should be traded under the symbol ‘FLY’. By purchasing FLY-tokens, buyers conduct a
direct investment.
• Utility tokens. The airline tokenises future services such as flight tickets. For 100 ‘AIR’, backers can
redeem a ticket from Perth to Sydney. However, AIR is strictly linked to flight tickets and cannot be
redeemed for other services such as meals.
• Currency token. By creating currency tokens, the airline creates its own cryptocurrency, similar to Bitcoin.
Tokens will be discussed further in part D of the module.

.......................................................................................................................................................................................
CONSIDER THIS
Beyond the example above, could tokenisation have application for your business or a client’s business?

ORACLES
We identified earlier that the inability of smart contracts to interact outside the blockchain is a limitation of
their application. This can be partly overcome using oracles. An oracle is a live-feed of data from external
systems that are continuously monitored, treated as a source of truth and are used to trigger execution of a
smart contract when the defined conditions are met.
Oracles can be sensors that obtain data from physical objects or software that obtains data from systems
by means of APIs. The container sensors described in example 2.9 are a type of oracle. Inbound and
outbound oracles initiate an action or transaction in response to specific data and thus can enable the
development of smart contracts.
As third-party services, oracles are not part of a blockchain’s consensus mechanism and thus an
additional layer of trust is required between the contracts and the oracles. Oracles also require network
resources for collecting real-time external real-world data. Despite these requirements, oracles are the
most promising interfacing mechanism connecting external real-world data feeds to blockchains to enable
smart contracts.

COMPARING CONVENTIONAL AND SMART CONTRACTS

Example 2.11 illustrates how smart contracts operate compared with traditional contracts and table 2.16
summarises the differences.

EXAMPLE 2.11

Conventional vs Smart Contract

Alice wants to buy a house from Bob. In order to perform the transaction of selling the house today, Alice
and Bob have to consult lawyers, brokers and insurance providers. All of these stakeholders have to work
together, creating the contractual agreements that Alice and Bob need to sign. Next, the transaction takes
place throughout which Alice transfers the money to Bob, and Bob transfers the property to Alice. Apart
from being time-consuming, every consulted participating party charges a fee, making the entire process
expensive.
In a smart contract paradigm, this process is different. Alice transfers the money to Bob and he transfers
the property to her. The transactions between Alice and Bob are immutably stored and replicated in the
form of computer code (‘code as law’) within the blockchain. The external parties of today’s processes
are not required for the transaction, making it quicker and less costly. Note that the blockchain charges
fees based on the real-world transactions being conducted.
The differences are represented in figure 2.8.

Pdf_Folio:108

108 Digital Finance

 FIGURE 2.8 Comparing a conventional contract and a smart contract

Today

$$
Insurance
Lawyers
Brokers $
Banks

Alice Bob

Smart contract

Database
Address
book

$
Database Database
Address Address
book book
$

Alice Blockchain network/Smart contract Bob

Source: CPA Australia 2021.

TABLE 2.16 Traditional contracts vs smart contracts

Traditional contract Smart contract

Paper-based Blockchain-enabled (automatic initiation and

execution)

Law and legislation (room for human error) Code (no room for human error)

Legal language/terminology Computer language

Traditional contract Smart contract

Terms that can be changed, rewritten and interpreted Terms that cannot be changed
differently

Possibility of terms not being fulfilled or being executed Automatic fulfilment by all network participants
in a poor manner

Violation means court Automatic application of penalty, fine and sanction

Intermediaries (notaries, lawyers etc.) No third-party or intermediary

Exchange of values (delays) Exchange of values (instant)

Signed only at personal meetings of the parties/proxies Can be concluded from anywhere in the world without
personal presence

No guarantees, even in case of non-execution Storage of all data and counterparties on the
Law possibly no help to reimburse the losses blockchain
Conditions can be changed, the term of execution can User decision which information will be available to the
be postponed public

Source: CPA Australia 2021.

Pdf_Folio:109

MODULE 2 Future of Money 109

ADVANTAGES AND LIMITATIONS OF SMART CONTRACTS
A Deloitte CFO Insights report concludes that smart contracts are a worthwhile alternative to conventional
contracts when a network of participating parties frequently conducts transactions and at least one of the
participants has to perform manual or duplicate activities throughout each transaction (Chu et al. 2016).
Benefits of utilising smart contracts are as follows.
• Speed. Smart contracts automate manual tasks by utilising the software. This can lead to significant
improvements in processing speeds.
• Precision. By automating manual tasks, the risk of human error is reduced, thus making smart contracts
more accurate.
• Trust and safety. As smart contracts are building on distributed ledger technology, they inherit the
technology’s benefits, such as being distributed and reducing the risk of manipulation by utilising
consensus algorithms.
• Fewer intermediaries. By utilising distributed ledger technology a high level of trust is already insured.
Therefore, the reliance on third parties such as escrows, which provide trust-based services, is reduced —
potentially making them redundant.
• Lower cost. With fewer intermediaries and human intervention being involved, the cost of smart
contracts is lower than traditional contracts.
• New operational models. With smart contracts being a highly automated low-cost alternative to
traditional contracts, novel operational models become viable. Particularly in the field of often recurring
contracts, such as renewable energy trading, a significant impact is viable.
While smart contracts benefit in various fields from their automated performance, it is also a limiting
factor as the automation can only operate based on simple rules-based conditions. Complex terms cannot
be depicted as such simple rules, and therefore cannot be represented through a smart contract.
.......................................................................................................................................................................................
CONSIDER THIS
Assuming smart contracts become more widely adopted, what potential role might they play in your organisation or
a client’s organisation?

QUESTION 2.5

How are smart contracts relevant to the financial services sector (consider, in particular, financial
planning firms and insurance firms)?

2.10 BLOCKCHAIN IN FINANCIAL SERVICES

AND BEYOND
The section will present a number of financial services use cases of blockchain.
In line with the key attributes of blockchain technology, these applications aim at bringing trust,
transparency, accountability, lower-cost, security, interoperability and disintermediation in transactions
and processes that are foundational tasks for any kind of business and forms of commerce.

KYC VERIFICATION AND COMPLIANCE

Financial institutions have to verify their customers’ identities through KYC verification and check if these
customers conduct unlawful activities. KYC remains one of the most foundational, resource-intensive and
expensive functions required to ensure compliance and avoid financial fraud, financial terrorism, financial
crime and money laundering practices.
KYC procedures can involve large volumes of paperwork, manual labour, regulatory burdens, different
and often disconnected sources of personal data and miscommunication or lack of interoperability and
reconciliation of parallel systems. This leads to potential for errors, which in turn create compliance issues
and the risk of regulatory fines.
In light of the development of blockchain technology, financial services institutions are beginning to
explore the utilisation of decentralised and distributed computing architectures. These can facilitate the
accumulation and granularity of data from multiple authoritative service providers, registering them into a
Pdf_Folio:110

110 Digital Finance

single, unified and cryptographically secured ledger for efficient, effective, fast, transparent and safe KYC
verification procedures.
A number of companies are experimenting on products and services in relation to the application of
blockchain in KYC verification. These processes will be able to provide solutions towards delays in
customer on-boarding processes and non-interoperable systems. These tools aim to help financial services
institutions better facilitate digital identity, privacy compliance and customer onboarding processes. Data
sharing, management of personally identifiable information and ensuring transparency in the relationship
between regulatory and financial services institutions within an ecosystem, in an efficient, secure and
privacy-compliant manner, is the future of blockchain-enabled KYC verification and its compliance
regime. Moreover, KYC verification is one of the compelling cases mentioned in Australia’s National
Blockchain Roadmap.

REMITTANCES
A remittance is a fund-transfer transaction, mostly associated with immigrants who send money back to
their home countries. Current remittance schemes depend on third-party services and financial institutions
together with legacy systems. Within cross-border payments, the SWIFT network is responsible for
handling the transmission of messages across the payment chain whereas corresponding banks are
actually responsible for settling down the debits and credits of the accounts. Especially in the process
of international payments, multiple stakeholders are involved including corresponding banks, SWIFT and
central banks. This creates a complicated network of layers of messaging and transactions that attract
processing and messaging fees while at the same being a very lengthy process, making the current systems
very inefficient.
Blockchain provides a new way of processing cross-border payments by removing intermediaries and
correspondent banks, reducing at the same time excessive costs, charges, operational costs and turnaround
time for settlement.

ACCOUNTING/AUDITING
Even though blockchain technology is not yet adopted by accounting functions, there are some potential
use-cases worth exploring. The attributes of transparency and immutability of data recording will stream-
line audit and accounting processes by reducing fraud and improving regulatory compliance. Management
of documentation in terms of recording and timestamping will ensure seamless traceability, reduced errors,
cost and improved efficiency.
Smart contracts can facilitate the automated payment of invoices easing data verification in relation to
financial statements.
Conventional accounting is based on a double-entry system that deploys a centralised approach to
data storage and maintenance. Accounting information is retrieved by accounting professionals upon
request by clients and the regulator. This centralised ledger is directly accessible only by the accounting
professional and the auditor. Within blockchain-enabled accounting, the registration, maintenance and
storage of records is deployed in a distributed ledger that is accessible by all the relevant stakeholders. In
this context, a shift from a double-entry to a triple-entry bookkeeping model is observed, since all relevant
parties have an identical copy of the ledger at all times. Users are authenticated by the usage of private
and public keys. In this frame of reference, blockchain will also facilitate close to near-instant transactions
since real-time processing of transactions is introduced, due to the real-time settlement attribute ensured
via the network. Major accounting firms including KPMG, PwC, EY and Deloitte have been experimenting
with blockchain technology aiming at developing and adopting scalable, efficient and secure blockchain-
enabled services.

TRADE FINANCE
By definition, trade finance encompasses the infrastructure, processes and funding that is required in order
to support international trade supply chains. It is considered as the lubricant and fuel for global trade and
commerce. The current lifecycle is inefficient and primarily paper-based, requiring lengthy times for the
processing of letters of credit, document verification, along with establishing trust among the interrelated
stakeholders.
This also creates issues around vulnerability and exposure to fraud. Blockchain technology is able to
shift the current lifecycle into a digitised landscape, which is more secure and efficient, while at the same
time bringing traceability, transparency, effective governance, stakeholder accountability and reduced
Pdf_Folio:111

MODULE 2 Future of Money 111

risk of fraud. From digitised and authenticated documentation, real-time document verification to asset
digitisation and harmonised financing mechanisms across the entire trade lifecycle, blockchain technology
can support connectivity, audit and compliance capabilities, together with tracking of trade assets. The R3-
developed Corda blockchain provides interoperability in terms connecting different business networks.
Moreover, the partnership between TradeIX and AIG aims via the open blockchain-enabled TIX platform
to support companies by enabling the performance of trade finance transactions leading the way towards
an ‘internet of trade’ regime.

QUESTION 2.6

Discuss the advantages and disadvantages of blockchains being immutable.

QUESTION 2.7

Outline the KYC challenges that may arise due to the anonymity and privacy features of many
cryptocurrencies.

SUMMARY
Distributed ledgers operate on a decentralised network in which each node holds a copy of the ledger. This
provides high availability, reliability and speed. It enables every participant to view and interact with a
common ledger and thus has business applications such as supply chain management.
A blockchain is a particular type of DLT that achieves very high trust in the absence of a central authority.
It does so by using network consensus mechanisms based on cryptography that make it practically
impossible to change data once it has been added to the blockchain database. Because DLTs are shared by
definition, business applications of blockchain technology have often imposed permissions to restrict who
can access with the ledger and how they can interact with it.
One promising use of blockchain is to host and operate smart contracts. Smart contracts are coded into
software and then self-execute based on the conditions they contain. Various types of oracles exist to enable
smart contracts to send and receive data beyond the confines of the blockchain platform. Smart contracts
are still an emerging application.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

2.1 Evaluate the effectiveness of digital currency and payments in meeting the organisation’s
objectives.
• The blockchain DLT includes a mechanism to prevent the same digital currency being used in more
than one transaction, thus preventing double spending of cryptocurrencies.
2.2 Assess the effectiveness of using cryptocurrency and distributed ledger technology in solving
complex business problems.
• As a shared record, distributed ledgers when implemented using blockchain technology provide
high reliability and availability, instant settlement, a permanent record of transactions, high
transparency and high security.
• Blockchain ledgers have limited scalability, transactions made in error cannot be corrected, and
implementation can be complex.
• Most business applications of distributed ledger technology involve restricting access to the ledger
to trusted parties and may also modify the operation of the platform’s consensus mechanism.
• Blockchains can host smart contracts, which are self-executing contracts that are highly transpar-
ent and cannot be modified.
• The consensus mechanism on blockchain replaces the role of central authorities or intermediaries
in transactions and thus provides the potential to avoid delays and fees associated with the
conventional financial system.
Pdf_Folio:112

112 Digital Finance

PART D: CRYPTOCURRENCIES
INTRODUCTION
Traditional financial institutions (primarily banks) have institutionalised their dominance within the global
monetary system over hundreds of years. This dominance has created a centralised system of trust where
all transactions are recorded into central ledgers that have ordinarily been held and managed by banks.
Banks play the role of intermediaries for processing and clearing every transaction.
Complex and interconnected economies have thus become very dependent upon central banking
authorities, and banks have gradually become the ultimate providers of intermediated trust across the entire
financial services value chain.
The birth of cryptocurrencies is grounded in the need or desire to move away from centralised
infrastructures by removing the intermediaries (banks), while at the same time keeping and maintaining a
monetary infrastructure that would still permit the processing of transactions between strangers within a
distributed trust (or trustless) monetary architectural design. This new regime is based on the blockchain
technology that we described in part C of the module.

2.11 CRYPTOCURRENCIES
Cryptocurrencies may be defined as a form of decentralised, fungible and convertible virtual currency
secured using strong cryptography. Cryptocurrencies use blockchain technology as the underlying system
architecture.
Cryptocurrencies function like a digital token of value, that allow people and organisations to make
direct payments to one another through an online system (RBA n.d.). Cryptocurrencies are primarily used
outside traditional and incumbent financial services systems and they are exclusively exchanged over the
internet using a special type of digital wallet called a cryptocurrency wallet (crypto wallet).
Global developments within the cryptocurrency space have given rise to DeFi and new ways of
conceptualising the notion of money and transactions, but cryptocurrencies remain largely unregulated.
Extensive research and evaluation should be undertaken to properly understand cryptocurrencies before
engaging with their use.
A system is classified as a cryptocurrency if it meets the following six conditions.
1. The system is decentralised and is run by means of a distributed consensus protocol.
2. The system is able to keep an overview of the cryptocurrency units and their ownership by users.
3. The system defines if and how new cryptocurrencies can be created. If yes, under which gover-
nance scheme, what is the mining process, which consensus algorithm will be used, what are the
circumstances of their origin, and how will ownership of cryptocurrency units by users be determined
and confirmed.
4. The system is able to prove a user’s ownership of cryptocurrency units only by means of cryptography.
5. The system can enable transactions that can result in changes in the ownership of cryptocurrency units.
6. If two different transaction instructions are entered at the same time, the system can select one
transaction only, to ensure change of ownership of the cryptocurrency units only occurs once.
Most cryptocurrencies are created as a medium of exchange or to monetise operations of blockchain
transactions. Recently, cryptocurrencies are also being traded for the purpose of investment, or as
collectables. Figure 2.9 provides a taxonomy of cryptocurrencies.
We discussed CBDCs (which may or may not be implemented as cryptocurrency) in section 2.2. We
will now discuss coins, tokens and stablecoins.

COINS
The majority of cryptocurrencies are considered to be ‘coins’ when they have their own blockchain, they
are decentralised, and they can be used in peer-to-peer transactions. Coins are branched into two categories:
currency coins and privacy coins.

Pdf_Folio:113

MODULE 2 Future of Money 113

 FIGURE 2.9 A taxonomy of cryptocurrencies

Cryptocurrency

Central Bank
Digital Currency

Coin Token Stablecoin

Currency coin Utility tokens Fiat-collateralised

Commodity-
Privacy coin Security tokens collateralised

Non-collateralised

Consortium
stablecoin

Source: CPA Australia 2021.

Currency Coins
Most cryptocurrencies are currency coins. Currency coins have their own blockchain within which they
function as a currency. Bitcoin is currently the primary currency coin. Currency coins that are not Bitcoin,
are collectively known as alternative cryptocurrencies (altcoins).
Bitcoin
Bitcoin is the longest-established and best-known cryptocurrency coin. Despite not being legal tender,
some vendors accept Bitcoin as payment for goods and services. For instance, Bitcoin can be used to pay
for courses at Flinders University or buy a Lamborghini at Scuderia Graziani in Woolloomooloo (Crypto
News Australia 2020). See example 2.3 for more information on Bitcoin.
Alternative Cryptocurrencies (Altcoins)
Cryptocurrency coins other than Bitcoin are known as altcoins. Altcoins often differ from Bitcoin in terms
of protocol, architecture, consensus mechanisms, the reward process, or processing fees (among other
differences). Some target a specific industry (e.g. entertainment) or aim to overcome perceived flaws of
Bitcoin (Bradbury 2020).
Not all altcoins are simply alternative versions of Bitcoin. A number of altcoins use very different
algorithms, and serve very different purposes. For example:
• Litecoin (LTC) is able to process payments much faster than Bitcoin and is cheap to send in small
volumes, thus enabling micropayments (ASIC n.d.).
• Ether (ETH) is the cryptocurrency of the Ethereum blockchain. Ether is intended to enable and monetise
the operation of smart contracts and DApps, described in the previous part of the module (Divine 2020).
Unlike most other cryptocurrencies, there is no limit on the number of Ether that will be created, which
may affect its value through the forces of supply and demand.
• XRP is the cryptocurrency of the Ripple platform, which is a real-time digital payments system designed
for use by banking institutions in order to make faster payments. XRP is also known as the banker’s
coin. Ripple enables fast and cost-effective cross-border transfers between users in any currency,
such as fiat currencies, XRP and other cryptocurrencies. Instead of using a distributed ledger system
where users’ computers in the network are used to validate transactions, Ripple uses a distributed
Pdf_Folio:114

114 Digital Finance

 consensus mechanism. Transactions are validated through a network of servers. Global partnerships with
banking institutions and governments make Ripple very trustworthy. This can substantially influence its
scalability and widespread adoption. Ripple’s business model focuses on large-scale moving of money,
and not on person-to-person transactions. However, XRP is centralised, unlike most cryptocurrencies,
and Ripple Labs own most of the XRP in circulation.

Privacy Coins
Privacy coins facilitate monetary or information transactions between users in full anonymity and without
the creation of an identifiable track. Privacy coins are grounded on the philosophy that it is not necessary
to have individuals or organisations monitor and control financial transactions.
The Monero cryptocurrency platform (XMR) enforces privacy, conceals participants’ information and
ensures that no one can deliberately or accidentally reveal transaction details (Seth 2019). A person cannot
be linked to a transaction, but users can choose who can see their transactions (e.g. tax authorities). Due
to the untraceability of transactions, XMR is the most prominent currency on dark web markets.

TOKENS
Tokens operate on top of an existing cryptocurrency blockchain network — they are dependent on the
blockchain network of another cryptocurrency. Tokens can represent a real asset (tokenisation) and thus
can facilitate access to a product/service or a stock.
Tokens are classified as a fungible and tradable asset or a utility. Tokens are usually released via an
initial coin offering (ICO) process. An ICO is the cryptocurrency equivalent of an initial public offering
(IPO) on the stock market. Investors can participate in an ICO to receive:
• utility tokens — tokens for accessing dedicated products and/or services associated with the token
• security tokens — tokens that represent a stake in a real-world asset.

Utility Tokens
Utility tokens are used on DApps, which are built for the purpose of using smart contracts. Tokens are
used either to purchase things on the DApp or to acquire certain advantages (e.g. discounts, voting rights).
Tokens have a corresponding price that holders can utilise for buying and selling purposes. For a transaction
to be made on a DApp, the transaction needs to be verified and a transaction fee is payable paid using the
cryptocurrency (not with a token) related to the blockchain network that the DApp is built upon (usually
Ether or NEO).
Example 2.12 describes the basic attention token (BAT), a utility token for the digital advertising
industry designed to create a fair, transparent, efficient and mutually beneficial advertising exchange
marketplace for publishers, advertisers and users.

EXAMPLE 2.12

Basic Attention Token

The BAT rewards users for watching a range of advertisements. BAT is built on top of Ethereum. BATs
serve as the transferable, non-refundable native currency used within the Brave web browser. Brave is
a specialised native privacy-centred web browser. It provides unbiased blocking of all unneeded and
unsolicited advertisements, trackers, malware and third-party cookies. It constantly monitors the user’s
attention to determine what kind of content they are spending most of their time on and pays them BATs
as a reward for engaging with advertising content. This is intended to provide a fair and mutually beneficial
exchange between creators, publishers and consumers of advertising.

.......................................................................................................................................................................................
CONSIDER THIS
What might be the pros and cons of cryptocurrency coins and tokens for micropayments compared to conventional
and other digital currencies?

Security Tokens
Security tokens are essentially digital securities. A holder of security tokens is considered as the owner
of a real-world asset (i.e. one is not in the blockchain). Security tokens are regulated by the respective
government agency, depending on the jurisdiction. In principle, in order for someone to be able to access
Pdf_Folio:115

MODULE 2 Future of Money 115

security tokens they need to be an accredited investor. Swarm and Polymath are security token platforms
and they have the regulatory and compliance obligation to verify their users before they can use their
respective platforms for trading purposes. In Australia, ASIC is responsible for regulating securities.
Digital Asset and Exberry announced a partnership to launch a token-based exchange trading infras-
tructure. This cloud-deployed exchange aims to optimise the current processes and limitations of exchange
technologies, and bring security to the exchanges’ transactions by leveraging the immutability of the ledger.
This approach can accommodate both large global transactions and micropayments, while simultaneously
providing connectivity to the API economy.

Future Outlook
The token industry is still nascent and in light of the developments in the blockchain and in the regulatory
space more innovative usages for tokens are expected to emerge. Tokens could be used for payment
purposes if involved parties use this as a currency, digital asset ownership (tokenisation), rewarding
network participants, or even for accounting purposes. Tokens encourage the democratisation of assets
however, as always, clear regulatory and compliance oversight is required to protect investors, consumers
and the overall system.

STABLECOINS
Stablecoins are backed by real-world assets or benchmarks with the intention of making them less
volatile than other cryptocurrencies while still providing the instant processing, security and privacy of
cryptocurrency payments. As such, investors, users and institutions feel a greater level of security towards
stablecoins compared with other cryptocurrencies. There are various categories of stablecoin:
• fiat-collateralised stablecoins — pegged at a fixed ratio to and backed by reserves that include a large
proportion of one or more fiat currencies
• asset-collateralised stablecoins — backed by one or more commodities (e.g. gold)
• crypto-collateralised stablecoins — linked to one or more other cryptocurrencies by means of smart
contract
• non-collateralised (seigniorage) stablecoins — algorithmically regulate the supply of coins to stabilise
coin prices
• consortium stablecoins — issued by groups to enable instant cross-border payments.

Advantages and Disadvantages

The main advantages of stablecoins are as follows.
• They serve as a medium of exchange, complementing cryptocurrency functionalities.
• They provide a higher level of stability and predictability than some other coins.
• They enable integration of cryptocurrencies within traditional financial markets.
• They enable investors and traders to hedge their portfolios and reduce risk.
The main disadvantages of stablecoins are as follows.
• Fiat and commodity-collateralised stablecoins are less decentralised than other cryptocurrencies.
• Crypto-collateralised and uncollateralised stablecoins exclusively depend on the trustworthiness of the
source code and the wider community.
Stablecoins are expected to further promote cryptocurrencies in a more stable manner, as well as
providing safer and more convenient vehicles for transactions, investment and services. The USD Coin,
described in example 2.13, is intended to provide unprecedented stability for a cryptocurrency and provide
a way for fiat currencies to interact with smart contracts.

EXAMPLE 2.13

USD Coin
USD Coin is an Ethereum-powered fully collateralised stablecoin that is backed up by fully reserved assets,
which include fiat currency (USD cash) and cash equivalent securities (such as Treasury Bills). USD coin
is redeemable on the equivalent fiat currency in a 1:1 ratio. This is basically a digital dollar architecture
that allows for secure and fast transactions with less counterparty risk, operated within a decentralised,
open, global and ‘less trust’ crypto-powered infrastructure.
The value proposition behind the USD Coin is the fact that it develops an architectural design that
allows fiat currency to interact with smart contracts. This interaction provides developers with a viable
Pdf_Folio:116

116 Digital Finance

 opportunity, and an interoperable framework, to use fiat world currencies in blockchain applications. This
enables the mainstream adoption of blockchain technology and the maturation of financial contracts that
are built of smart contract platforms.
USD Coin can:
• be freely traded
• be supported by major ERC20-compatible wallets for secure transactions
• generate competitive interest rates.
In this context, the key use cases of USD Coins are:
• payments
• lending
• investing
• trading
• trade financing.
USD Coins are issued by financial institutions that are licensed and regulated, ensuring financial
and operational transparency and efficiency, along with the deployment of full banking and auditing
capabilities. Issuers frequently report on the USD Coin reserve holdings. The reports on those holdings are
issued on a monthly basis. The USD Coin is governed by an open-source technology and member-based
consortium.

.......................................................................................................................................................................................
CONSIDER THIS
How would your evaluation of the potential applications of cryptocurrency be influenced by the existence of a well-
established asset-collateralised or fiat-collateralised stablecoin?

CRYPTOCURRENCY APPLICATIONS
A number of uses currently exist for cryptocurrencies.
• Medium of exchange. A business can accept cryptocurrencies as payment for goods and services and
customers can therefore use them as a form of payment.
• Store of value. Investors can invest in cryptocurrencies. They would be considered a high-risk investment
because the market is partly unregulated, and the market value of most cryptocurrencies fluctuates
massively when compared to other assets.
• Income. Individuals and organisations with sufficient resources can contribute computing power to a
blockchain network to mine cryptocurrency.
These functions depend on regulatory and compliance regimes, which can vary across jurisdictions. It
is also important to be aware of the tax implications of cryptocurrencies. For example, Bitcoin can be
taxed as property, and gains and losses from trading cryptocurrencies can be subject to the capital gains
tax regime.
Cryptocurrency holders are able to exchange/trade cryptocurrencies against other assets including fiat
currencies or other digital currencies via cryptocurrency exchanges (e.g. Binance, Coinbase, Bitstamp,
Huobi and Upbit). Even though cryptocurrency owners can choose to be pseudonymous (Bitcoin), or
anonymous (Monero), cryptocurrency exchanges are required by law to collect personal information and
identification from their customers.

Institutional Players
It is useful to explore how institutional players are engaging with cryptocurrencies in order to understand,
adopt and integrate them as part of their business models. Examples 2.14 and 2.15 discuss strategies used
by institutional players to adopt cryptocurrencies.

EXAMPLE 2.14

MUFG
Mitsubishi United Financial Group (MUFG) is the largest financial institution in Japan and second-largest
in the world (Kelso 2018). With the legalisation of cryptocurrency in Japan in 2017, financial institutions
have been looking for ways to integrate cryptocurrency to overcome the operational banking issues of
digital currencies. MUFG’s plan was to create its own cryptocurrency, MUFG Coin, that would allow its
customers to use it to make everyday transactions as a legal tender. However, due to regulatory constraints,
MUFG launched a mobile payment service that utilises MUFG Coin as an e-money instrument instead
(Ueda 2019).
Pdf_Folio:117

MODULE 2 Future of Money 117

 EXAMPLE 2.15

JPM Coin and IIN

JP Morgan Chase is a US institutional financial services and investment organisation, providing its services
to international corporations, governments and institutions. Two cryptocurrency initiatives it is involved in
are described below.
JPM Coin
As a major institutional and investment bank, JP Morgan Chase is looking for ways to improve the speed
and security of its financial solutions, including international payments and corporate debt issuance
(Son 2019). JP Morgan Chase created their own cryptocurrency, JPM Coin, which is a cryptocurrency
that is based on a fiat currency (fiat-backed stablecoin); in this case, the US Dollar. JPM Coin enables
institutional clients to make instantaneous transactions at a fraction of the cost of similar cross-border
transactions. JPM Coin is considered as a private corporate currency (Burchardi et al. 2020).
JP Morgan Chase-led Interbank Information Network
JP Morgan Chase, together with a network of 320 banks are looking for ways to improve interbank
information sharing to speed up cross-border transactions. The network streamlined information sharing
systems into a blockchain-based Interbank Information Network (IIN). Doing so allowed these banks
to speed-up the processing of cross-border transactions as details about the transactions are instantly
available to every bank within the IIN, improving validation and processing lead-time significantly.

Retail Industry
An increasing number of businesses accept cryptocurrencies as a mode of payment. For example, Microsoft
accepts cryptocurrency as a payment method when purchasing games for its Xbox games console.
Starbucks and Overstock in the United States accept cryptocurrencies as payment for coffee and furniture,
respectively.
The video gaming industry has used virtual currencies for a long time (e.g. Second Life’s Linden
Dollar was discussed in section 2.2). As such, it is expected that game developers will incorporate
cryptocurrencies into the gaming experience (Efrima 2019).
As cryptocurrencies are still a relatively new development, there is a possibility that more businesses
will start adopting cryptocurrencies. As observed in Japan, if adopting cryptocurrencies means a better
payment experience for customers, businesses might see them as a way of improving their value proposition
(Orcutt 2019).

Crypto Derivatives
In finance, derivatives play a very strong role within institutional investment strategies. Derivatives are
effectively contracts between two (or more) parties to buy a specific asset at a future price. Derivatives are
used commonly in asset-trading such as the share market and foreign exchange functions (futures, swaps
and options). In the context of cryptocurrencies, there are developments that lean into the implementation
of crypto derivatives, which could result in making this blockchain-enabled asset class more appealing and
attractive to institutional investors.
Crypto derivatives would allow more parties to invest in cryptocurrencies (such as Bitcoin), but they
also potentially expose cryptocurrencies to even more speculative investing behaviour, thus increasing the
volatility of an already-volatile system. Global regulators are exploring ways to regulate futures trading
on cryptocurrencies more effectively. It will be interesting to see whether the developments surrounding
crypto derivatives will bring implications to the adoption of cryptocurrencies as a medium of exchange.
BitMex, Binance, FTX and Deribit are the most popular crypto derivatives exchanges. The Chicago
Mercantile Exchange (CME) recently launched options on Bitcoin futures, becoming the first established
derivatives exchange to adopt crypto derivatives. This constitutes a key milestone in the adoption of crypto
derivatives that provides institutional investors with trustworthy and compliant mechanisms, and tools, to
access them.

QUESTION 2.8

Explain whether stablecoins or older cryptocurrencies, such as Bitcoin or Ether, are more suitable
as a medium of exchange and as a store of value.
Pdf_Folio:118

118 Digital Finance

2.12 DECENTRALISED FINANCE
Decentralised finance (DeFi) is the application of blockchain-based software to create financial services
independent of centralised intermediaries and authorities. The objective of DeFi is to create an open
financial system as an alternative to the established centrally governed ecosystem. Apart from introducing
novel functionality such as smart contracts to the financial space, DeFi reduces operational risk (Medium
2019).
Thinking back to example 2.10, within a traditional system, Superfly would have to approach a
financial institution to negotiate necessary terms for receiving short-term liquidity. By using DApps
(see section 2.9), however, financial institutions as intermediaries were removed from the process. The
fundraising was conducted outside of any government or regulatory control.
Within the sphere of DeFi, this concept of removing the intermediary can be applied to a range of
financial transactions — for example, classic bank transfers as illustrated in figure 2.10.

FIGURE 2.10 Comparing the traditional financial system and DeFi

Traditional financial system

Bank Payment Bank

Sender Receiver
sender processor receiver

Decentralised financial system

Database
Address
book

Database Database
Address Address
book book
Sender Receiver

Blockchain network
Source: CPA Australia 2021.

THE FOUR PHASES OF DeFi DEVELOPMENT

DeFi Pulse data show that over USD6.3 billion worth of crypto-assets reside within the DeFi space (mostly
on the Ethereum network). DeFi is expected to evolve through four phases.
1. Interested parties (e.g. entrepreneurs, analysts, specialists) recognise the applicability of DLT to existing
financial products.
2. Experts recognise the potential for DeFi systems, followed by the rise of synthetic assets and
decentralised exchanges for spot and derivatives markets.
3. DeFi is implemented across financial products. The increasing sophistication of distributed ledger
technology enables more efficient and secure DeFi systems. Regulatory efforts, refined user experience
and solutions remove barriers to entry for organisations while consumer-ready products become
available.
4. Full decentralisation at the moment is a speculative phase. This is where financial products are
fully decentralised and distributed ledger technologies are employed for maximum efficiency and
Pdf_Folio:119

MODULE 2 Future of Money 119

 effectiveness. Users with no access to financial products or those who are unserved by existing financial
institutions will be able to choose from a range of products targeting their specific circumstances.

ADVANTAGES AND DISADVANTAGES OF DeFi

Obvious advantages of DeFi are the lowering of barriers to entry, augmented commercial opportunities
and financial inclusion. Through DeFi, individuals and organisations are able to source funding through
cryptocurrencies to develop their ideas, products and services. Furthermore, DeFi promotes financial
inclusion by helping residents in developing countries to raise funds and gain access to financial services
that would otherwise not be available to them. Moreover, DeFi has the potential to massively change the
remittances market by substantially reducing the cost of sending money across borders.
Obvious disadvantages of DeFi include the fact that any open system, regardless of the level of security
it offers, runs the risk of cyber-attack. An error in the code of a DeFi DApp could lead to massive loss of
funds. Most importantly, DeFi is not yet regulated, and therefore there is no real protection against harm,
loss of funds or any other malicious situation.

DeFi DAPPS VS INCUMBENTS

DeFi DApps have the following relevant differences when compared to traditional financial services
institutions.
• The management of DeFi DApps is determined by smart contracts and not by a single entity. DeFi
DApps can run automatically as soon as a smart contract is deployed to the blockchain network.
• The computer code of DeFi DApps is transparent and available for anyone on the blockchain to see
and audit. This transparency aims to bring an additional layer and an additional kind of trust to users.
Moreover, all transactions are publicly available (however, transactions are pseudonymous and not
linked to an individual’s real-life identity).
• DeFi DApps are globally accessible to anyone who has access to an internet connection (though local
regulation and compliance requirements may apply).
• DeFi DApps are permissionless. Anyone with an internet connection is able to develop and use a DeFi
DApp. Users can directly interact with the relevant smart contract via their cryptocurrency wallets.
• DeFi DApps are interoperable. Different applications can be combined together to form entirely
new products. An example of this would be the combination of prediction markets, stablecoins and
decentralised exchanges.
Some current DeFi innovations are as follows.
• Compound. A blockchain-enabled borrowing and lending DApp that enables someone to lend cryptocur-
rency and earn interest. It is also possible to deposit cryptocurrency to the Compound smart contract as
collateral in order to borrow against it. The Compound smart contract matches lenders and borrowers
automatically and automatically adjusts interest rates based on supply and demand.
• Synthetix. A platform that provides users with the opportunity to create and exchange synthetic versions
of gold, silver, cryptocurrencies and traditional currencies. These synthetic assets are then backed by
excess collateral that is locked within the Synthetix smart contracts. (A synthetic asset is a combination
of assets and/or securities. This combination is conducted in such a way that these assets and/or
derivatives produce the same financial effect and value as other assets. For example, a user may borrow
funds in Australian Dollars and lend the same amount in Euros.)

FUTURE OUTLOOK
Further progress, growth and ecosystem diversification are expected. The overall value proposition of DeFi
is to bring more democratisation and transparency to finance by leveraging technological breakthroughs.
DeFi complements traditional financial services by providing the opportunity for institutions to move real-
world assets on to blockchain networks. This shift can better support financial inclusion, especially for
populations in underbanked and unbanked societies.

QUESTION 2.9

Discuss the advantages and disadvantages of removing intermediaries in DeFi.

Pdf_Folio:120

120 Digital Finance

2.13 IMPACT OF CRYPTOCURRENCIES ON FINANCE
AND FUTURE OUTLOOK
This section will help form an evaluation of cryptocurrencies and determine what the future looks like for
cryptocurrency-led DeFi.

FINANCE PROFESSIONALS AND CRYPTOCURRENCY

Finance professionals may increasingly encounter across digital assets or cryptocurrencies in the course
of their work. Businesses exploring the potential of cryptocurrency may wish to begin by accepting
cryptocurrency as a method of payment. This is an attractive feature for clients that already hold
cryptocurrency.
One of the biggest challenges for finance professionals is the initial learning curve and staying on top of
what is current. There are more than a thousand digital assets on the market and that number is increasing
every day. Trying to understand which are the most worthwhile, which will last the longest, which might
increase the most in value is a constant exercise. This has parallels with how investment bankers spend
days upon days learning about what the companies are doing, reading their market reports, and staying up
to date with information.
Understanding the status of any particular blockchain project will be very important for finance
professionals so they can understand and explain the value or the dangers around a particular digital asset
that their employer or clients are holding or are thinking about investing in.
Because the blockchain and digital asset world is emerging, regulatory environments are adapting.
Because these technologies are unprecedented, it is difficult to predict and understand what rules might
apply and how they night change over time.
Cryptocurrency has existed for more than 10 years and is likely to at least remain, if not expand
substantially, particularly if CBDCs are implemented. Cryptocurrency should therefore be considered a
core competency for finance professionals.

BENEFITS OF CRYPTOCURRENCIES
The discussion above has highlighted a number of key benefits cryptocurrencies can bring to businesses,
consumers, systems and society as a whole. It is useful to summarise these in terms of four pillars.

Security and Transparency

Cryptocurrencies are secure because no central authority stores information about transactions and identities
of users. Cryptocurrency systems are more resistant to cyber-attack than are traditional financial systems.
Cryptocurrencies use public ledgers and therefore can bring transparency and openness to a financial
system that is currently perceived to be managed by hidden, centralised, and impenetrable financial
institutions. Transacting has been a form of exchange controlled by intermediaries. The underlying
technology behind cryptocurrencies (blockchain) envisions shifting the control of information and money
from centralised institutions to decentralised networks.

Privacy
Using cryptocurrencies increases anonymity and privacy. In traditional financial systems, privacy is
achieved when central authorities limit information access to financial institutions that process the
transactions and the sender and receiver of the transaction. If cryptocurrencies are used, privacy and
anonymity are achieved as the personal details of the sender and receiver are never revealed. They are,
instead, represented on the ledger by their tokens (Yellin et al. 2013). The public is able to see that
a transaction took place, but they are unable to access any information linking the transaction to any
identifiable real-word parties. The user is afforded the privacy of transactions that cannot be traced back
to them, unless they voluntarily disclose the transactions (Reiff 2020).
Transactional Benefits
Cryptocurrencies provide for lower transaction and banking fees (Reiff 2020) by eliminating intermedi-
aries. Disintermediation also means transactions are settled immediately without the time-lag that is often
associated with transactions processed by financial institutions.
Pdf_Folio:121

MODULE 2 Future of Money 121

Raising Capital
Cryptocurrencies allow blockchain and crypto businesses to raise capital easily for blockchain projects
through an ICO (ASIC n.d.). ICOs as a source of finance are described further in part E of this module.

RISKS OF CRYPTOCURRENCIES
Despite being secure and private, cryptocurrencies also carry many risks.
Regulatory Risk
Cryptocurrencies are a relatively young financial instrument, not yet subject to coherent regulatory frame-
works (ASIC n.d.). Regulatory risk is probably one of the most significant downsides of cryptocurrencies,
as the system is fertile ground for illegal activity. Numerous grey and black-market transactions are
conducted in Bitcoin and other cryptocurrencies (Disparte 2018). Cryptocurrencies are also increasingly
popular among money launderers. These developments are not surprising because, paradoxically, the
strengths that contribute to cryptocurrencies’ anonymity and security, also enable criminals to operate
below the surface. In 2018, the European Union (EU) included cryptocurrencies and cryptocurrency
exchanges when it adopted the Fourth Anti-Money Laundering Directive (Bigmore 2018). Cryptocur-
rencies were defined in the directive as a digital representation of value not issued by a central authority
(Staff of Global Legal Research Directorate 2018).
Market Risk
Holdings of most cryptocurrencies are concentrated; that is, only a handful of individuals and groups hold
the vast majority of funds (Disparte 2018). These individuals essentially control the supply of cryptocur-
rencies, making them susceptible to value swings, manipulation and ‘civil wars’. This exposes investors
and users to the risk of price volatility and negatively affects the adoption of these cryptocurrencies.
Cryptocurrency holders also face exchange issues. Not all cryptocurrencies have dedicated online
exchanges that allow direct exchange of cryptocurrencies to fiat currencies (Comm 2019). Therefore,
holders of non-mainstream and/or alternative cryptocurrencies face the possibility of not being able
to exchange their cryptocurrency for fiat currency without first converting their holdings into a major
cryptocurrency (usually Bitcoin).
Lastly, when compared to traditional payment processors such as Visa and PayPal, cryptocurrencies lack
arbitration processes in the event of disputes (ASIC n.d.). This effectively means that a user would have
no avenue for appeal if they were somehow cheated during a cryptocurrency transaction (Government of
Singapore 2018).

Fraud Risk
The anonymity and lack of traceability of cryptocurrency transactions enable fraudsters, money launderers
and tax evaders to avoid enforcement by authorities (ASIC n.d.; Disparte 2018).
BitConnect is a good example of fraud risk in cryptocurrency. BitConnect was a Ponzi-scheme,
promising investors a 10 per cent return on their initial investment. BitConnect crashed in 2018 and the
value of BitConnect coin plummeted (Comm 2019). Subsequent investigations by authorities suspected
that BitConnect was linked to money laundering activities and criminal syndicates.
The fraud risks associated with the lack of governmental oversight, and the example of BitConnect,
point to the current weaknesses in the cryptocurrency ecosystem. There is a need for a concerted effort
from national governments to collaboratively regulate cryptocurrencies and mitigate fraudulent activities.

Cyber-Attacks, Breaches and Failures

A key assumption of cryptocurrency proponents is that cryptocurrency is safer and more secure than storing
a fiat currency (BIDITEX Exchange 2019). However, cyber-attacks and breaches do happen. Despite the
protocols and decentralised systems in place, hackers are constantly improving their skillsets in order to
breach the security barriers of a wide range of financial institutions (Disparte 2018).

Technology Risk
Technological failure (Disparte 2018) in the cryptocurrency network can lead to lost data. Therefore, users
need to take precautions to avoid data loss, and even worse, cryptocurrency loss. For example, users can
lose their private keys, due to data storage failures, which can result in a permanent loss of access to
their cryptocurrency.
Pdf_Folio:122

122 Digital Finance

KEY CONSIDERATIONS AND FUTURE OUTLOOK
Cryptocurrencies have elevated financial services to a new level by bringing computer code into finance.
This is leading to the emergence of decentralised, disintermediated and distributed architectures. This is
placing pressure on incumbent institutions, regulators and policymakers to reconsider current financial
practice.
In simple terms what cryptocurrencies and the overall DeFi regime are trying to do is see traditional
financial instruments, tools, mechanisms, processes and principles through the lens of computer science,
and data-led technologies. As we have already seen, this has both benefits and risks.
There is no single answer as to whether, or why, cryptocurrencies are good or bad, or what advantages
and disadvantages they bring as this depends on the user, the business and the ecosystem. What
cryptocurrencies and the crypto-led world have shown is that technologies such as blockchain, smart
contracts, computer science and AI can contribute to and gradually change many narratives in our data-
led-world.
The crypto world began as a rival to traditional financial services and has been trying to capitalise
on an unregulated and mostly uncharted environment. However, the world of traditional finance and
the world of code-based finance are showing signs of coming together to develop new crypto-enabled
frameworks and instruments that can benefit businesses, customers and the society as a whole. In particular,
cryptocurrencies have been capturing the interest of investors and users (both as a means of a store of
value and medium of exchange/payment). A number of retail stores have begun to accept payments in
cryptocurrencies, opening doors to a new generation of crypto-inspired customers and new revenue streams
for businesses. The space is experiencing growth, and blended financial instruments promise connectivity,
speed, optimised processes, instant payments and new investment, and financial and funding vehicles.
.......................................................................................................................................................................................
CONSIDER THIS
Cryptocurrency enjoys a high level of public awareness, though relatively few truly understand it. If someone in your
organisation or a client asked how they could use it in their business now or in the future, how would you advise them?

QUESTION 2.10

What is the key advantage of cryptocurrency over virtual currency?

SUMMARY
Cryptocurrencies are a decentralised virtual currency hosted on blockchain platforms. In addition to the
cryptocurrency coins themselves, tokens may be created to digitise real-world assets or represent some
specific right. Stablecoins are pegged to some other benchmark in an attempt to achieve more stability
in the cryptocurrency’s value and thus provide greater confidence for users. Cryptocurrency overcomes
many of the weaknesses of other digital currencies. In particular, because it is based on blockchain,
it includes a robust and transparent system to validate and record transactions. It has therefore been
perceived as a potential way to move towards DeFi, which seeks to eliminate the role of central authorities
and intermediaries (such as the traditional financial institutions) in transactions.
In this part of the module we have examined the potential impact of cryptocurrency in business and the
financial system, including a number of use-cases, and explored associated benefits and risks to enable a
considered evaluation of potential cryptocurrency applications.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

2.2 Assess the effectiveness of using cryptocurrency and distributed ledger technology in solving
complex business problems.
• Cryptocurrencies have robust validation and security mechanisms and thus overcome many of the
problems involved with other virtual currencies.

Pdf_Folio:123

MODULE 2 Future of Money 123

 • Cryptocurrencies enable financial and information transactions to be conducted without requiring
a central authority or intermediaries, thus lowering costs and reducing processing delays.
• Cryptocurrencies tend to have unstable values, though stablecoins are being addressed to improve
this by pegging their values to other benchmarks or real-world assets.
• Benefits include security and transparency, privacy, cheaper, faster transactions and a potential
way to raise capital.
• Risks include regulatory risk, market risk, fraud risk, cyber security and technology risks.

Pdf_Folio:124

124 Digital Finance

PART E: ALTERNATIVE FINANCE
PROVIDERS
INTRODUCTION
Data-driven technological developments are transforming financial services, including traditional forms of
funding and lending. ‘Alternative finance’ aims to provide an additional and augmented value proposition
by democratising, disintermediating and decentralising access to capital.
In this part of the module, we will examine the most common alternative finance schemes to provide
the information necessary to evaluate their role in an organisation’s finance mix. We will also examine
emerging cryptocurrency-based funding methods.

2.14 WHAT IS ALTERNATIVE FINANCE?

Alternative finance is any form of financing through sources outside the conventional financial system
(such as regulated banks or capital markets) (Schueffel 2017).
Alternative finance is closely related to activities around raising capital and comprises lending,
investment and non-investment models, and enabling entities (individuals, businesses, and others) to raise
funds (Ziegler 2020).
Table 2.17 provides a taxonomy of alternative financing tools under the categories of debt, investment
and non-investment. (An additional category, crypto-based tools, will be discussed later in this topic.)

TABLE 2.17 Taxonomy of alternative financing tools

Type Section Business model

Debt Alternative lending P2P/Marketplace lending (consumer and business

lending)

Balance sheet lending

Invoice trading

Investment-based/ Alternative funding Equity crowdfunding (financial return

Financial return crowdfunding)

Real estate/Property-based crowdfunding (financial

return crowdfunding)

Profit-sharing (financial return)

Non-investment-based/ Reward-based crowdfunding (social crowdfunding)

Social Donation-based crowdfunding (social crowdfunding)

Source: CPA Australia 2021.

Alternative finance has grown in popularity in recent years. One particular contributor to this rise was
the Global Financial Crisis in 2008, and the impact of this event on the traditional capital markets. While
small to medium-sized enterprises (SMEs) heavily relied on the traditional system, banks in several OECD
countries started scaling back their lending portfolios, resulting in the stagnation of European short-term
money markets (Paulet 2018). It resulted in SMEs experiencing difficulties in obtaining required finance,
which drove them (particularly those in innovation sectors) towards seeking alternative finance providers.
Businesses with above-average growth potential were adversely affected by the inability to access
funding (Thompson, Boschmans & Pissareva 2018).

Pdf_Folio:125

MODULE 2 Future of Money 125

HOW DOES ALTERNATIVE FINANCE WORK?
Table 2.18 provides an overview of how traditional and alternative lenders perceive the process of funding.

TABLE 2.18 Traditional vs alternative lender funding process

Traditional lenders Alternative lenders

Paperwork and business conducted requiring Minimise paperwork and business conducted online
physical presence

A variety of qualifications and prerequisites (can be More relaxed and less strict qualifications and
very strict) prerequisites

Limited loan options Greater variety of loan options

Varied approval rate, usually low Varied approval rate, usually high

Lengthy approval process Quick approval process (usually a 24-hour turnaround)

High priority given to credit score and credit history Low priority given to credit score and credit history

High minimum lending amount Low minimum lending amount

Strict repayment terms, not flexible Relaxed and flexible repayment terms

Source: CPA Australia 2021.

It is important to note that these different approaches are generic. A prospective borrower needs to
engage with a lending scheme with careful consideration and appropriate research. Any evaluation should
be made against the borrower’s specific circumstances and objectives.
The flexibility of alternative finance is grounded primarily on the reach of lenders and borrowers, the
terms of conditions they have put in place, and the funding philosophy behind each lending provider.

WHY IS ALTERNATIVE FINANCE IMPORTANT?

Prior to the COVID-19 pandemic, alternative lending was expected to be USD291 474.3 million (total
transaction value) in 2020 with an expected annual growth rate of 8 per cent (compound annual growth
rate 2020–24) by 2024. Moreover, alternative financing was projected to reach USD6117.2 million (total
transaction value) in 2020 with an expected annual growth rate of 11.6 per cent (compound annual growth
rate 2020–24) by 2024.
The growth of the industry showcases the demand for innovative solutions that are agile, accessible and
easy to utilise, but that are also regulated and secure, to protect businesses and the individual consumer.
This increasing acceptance and the resilience of alternative finance will see the rise of more develop-
ments and interventions into the industry. A key area of note is the abundance of products and services
that are available for individual consumers and business owners (primarily SMEs) who now have the
opportunity to choose from different customised offerings, depending on their individual or business needs.
Alternative finance takes an essential role in achieving the United Nations Sustainable Development
Goals (SDGs) which pursue the overarching objective of mobilising the efforts of all countries to end all
forms of poverty, fight inequality and tackle climate change, among a range of other priorities. These goals
provide recognition of the interconnected mechanisms of social, economic, environmental, cultural, ethical
and political impacts of development, anywhere in the world (Walker et al. 2019). It has been estimated
that the existing financial system falls USD2.5 trillion a year short of the investment required to achieve
the SDGs (United Nations Conference on Trade and Development 2014).
Because of this, many individuals and business owners around the world may not have access to
traditional finance tools. While reasons for this vary, they may include having an improper business model,
a bad credit history, or not having enough assets to hold as security against the desired loan amount
(collateral). By extension, individuals or businesses who are seeking funding and lending opportunities in
developing countries, may not have access to traditional lending and funding streams, or even to traditional
banking services, due to being unbanked or underbanked. Alternative finance, in line with the intention of
the SDGs, aims to bridge the gap for these customers and provide financial opportunities to small business
owners who need to cover business expenses without delay.
While alternative finance primarily serves as a funding stream for SMEs, it can also serve individual
consumers, though this is currently less popular.
Pdf_Folio:126

126 Digital Finance

 The rise of alternative finance also aims to provide start-ups, entrepreneurial ventures, small business
owners and individuals across different sectors with the option of alternative finance, so that they do not
have to depend on traditional finance streams.

QUESTION 2.11

Why has there been a trend away from traditional sources of finance towards alternative finance
sources in the past decade?

REGULATING ALTERNATIVE FINANCE

At present, the level of regulation of alternative finance is relatively low (Rowan et al. 2019). The regulation
of alternative finance is, however, increasing and is expected to continue to increase with the growth of
alternative finance itself.
Regulators are exploring novel regulatory and compliance frameworks to support the growth of
alternative finance — recognising that it improves access to finance for consumers and SMEs and
stimulates competition in the financial services market (Rowan et al. 2019) — while protecting consumers,
businesses, investors and the overall financial system. Regulation is necessary for the scalability and
adoption of alternative finance schemes.
.......................................................................................................................................................................................
CONSIDER THIS
Before reading about specific lending and funding options in the following sections, think about instances in which
mainstream finance has failed to meet or optimally meet the needs of your organisation or a client’s organisation.

2.15 ALTERNATIVE LENDING

The two key pillars of alternative finance are lending and funding. This section provides an understanding
of the dominant alternative lending models to have emerged in recent years.

PEER-TO-PEER LENDING (MARKETPLACE LENDING)

Peer-to-peer (P2P) lending, marketplace lending and crowdlending all refer to the original model of
lending in which individual lenders provide loans to individual borrowers such as consumers or businesses.
Electronic platforms act as a matchmaker between the lenders and borrowers (Serrano-Cinca & Gutierrez-
Nieto 2016).
Borrowers create a listing for their loan application on a marketplace lending platform. This listing
would usually include information on the loan’s purpose and the lender’s financial situation. Lenders
can browse loan applications on the platform, and offer loans to borrowers. This provides investors with
continuous tailored investment opportunities and asset classes (Vallée & Zeng 2019). This diversification
of investments across different asset classes mitigates the risk of bad debt. The underlying interest rate is
based on the information provided by the borrowers and is set either by the lenders, who compete for the
lowest rate, or by the marketplace lending platform. The investment into a loan is normally not protected
by government insurance. Conventional intermediaries, such as financial institutions, are not involved
(Bachmann et al. 2011), but the process is intermediated by the marketplace lending company.
Marketplace lending platforms tend to utilise scoring algorithms in order to determine a borrower’s
risk profile, including their ability to repay the loan. Marketplace lending platforms conduct pre-screening
on loan applications, and investors can perform additional and more sophisticated screening in deciding
whether to proceed with financing a loan or not. The marketplace lending platform usually charges a fee
for providing the match-making services and the credit assessment.
In principle, marketplace lending platforms provide the following services:
• origination — locating prospective borrowers and conducting a creditworthiness check (rejecting or
classifying into risk categories)
• loan servicing — handling payments; loan performance monitoring
• recovery — recovering debt from defaults.
In contrast to traditional lending, borrowers benefit from peer-to-peer lending through an easier and
quicker application process, as well as potentially lower interest rates. This form of lending also appeals
Pdf_Folio:127

MODULE 2 Future of Money 127

to investors, as they can generate higher returns relative to other forms of investment (Lending Works n.d.;
Corporate Finance Institute n.d.; Norwich University n.d.). Marketplace lending can cover various asset
classes ranging from student loans, to unsecured consumer instalment loans, and mortgages. Technology
plays a pivotal role within marketplace lending by allowing users to assess information and data (to assist
with gaining credit information and assisting to detect fraud).
However, peer-to-peer loans are often unsecured, which might be a benefit to borrowers but results in
significant credit risk for the lender, who cannot be directly insured. In addition, borrowers have to provide
information to the platform in order for due diligence to be conducted (Lending Works n.d.; Corporate
Finance Institute n.d.; Norwich University n.d.).
Prominent marketplace lending platforms include LendingClub, Kabbage, Lendio, Prosper, SocietyOne,
PeerForm, Harmoney and Upstart. These platforms utilise innovative tools and augment data-driven
decision making by means of sophisticated machine learning techniques (see module 3). They also consider
multiple variables to develop statistical models of a prospective borrower’s financial capacity, and personal
propensity to repay a loan. Each of these marketplace lending platforms offers customised products and
services, which are also applicable to dedicated demographics and profiles.
The key attributes of peer-to-peer lending are summarised as follows.
• Flexible. Interest rates may be more flexible, especially if lenders ‘compete’ to offer better interest rates
and lend their money to a business.
• Legally required to repay. The borrower is legally required to repay the loan according to the
predetermined conditions and agreements.
• Disclosure requirements. Disclosure requirements are publicly available for all the potential lenders
to review.
• Granted. A loan, which was not granted by a bank can be granted in this scheme.
• Predetermined. There is no predetermined size for a loan. A range of different loan sizes encourages a
greater range of potential borrowers.
• Repayment/distributing. In most cases, the repayment of the loan is processed via the online platform by
means of direct debits. The online platform is responsible for distributing the repayments to the lenders.

BALANCE SHEET LENDING

Balance sheet lending or portfolio lending provides a loan directly to a consumer or business owner via
an electronic platform.
Within a balance sheet lending scheme, the platform sources money from capital markets and investors
as debt and/or equity and holds it on their balance sheet as an asset. The platform then lends the borrower
money and assumes the risk itself, in contrast to peer-to-peer lending, in which the platform does not
itself lend money. If there are losses in portfolio lending the platform is liable (Ziegler 2020). Revenue
is generated based on interest rate spread, which is the difference between the interest rate earned from
lenders, and the cost of borrowing from borrowers (Jenik, Lyman & Nava 2017).
In contrast to peer-to-peer lending, balance sheet lending is easier to manage, as only one lender is
involved, and that lender directly communicates with the borrower. This circumstance also results in
quicker processing times (Commercial Finance Network 2020).
Disadvantages of balance sheet lending are a particularly high cost for the borrowers, and the relatively
high risk assumed by lenders. Typically, borrowers opt for this form of financing when they do not qualify
for more conventional forms of financing (Commercial Finance Network 2020).

COMPARING PEER-TO-PEER AND BALANCE SHEET LENDING

Table 2.19 shows the key differences between peer-to-peer and balance sheet lending schemes.
TABLE 2.19 Comparing P2P and balance sheet lending

Peer-to-peer lending Balance sheet lending

Loan facilitated by the platform Loan issued by the platform

The platform does not need to have a banking license A platform needs to have a banking license

Loan issued at the risk of the peer-to-peer investor Loan issued at the risk of the balance sheet lender

Attracts fee for services (utilisation of infrastructure) Revenue is earned both from a platform’s fee structure
and from the interest payments accruing from loans
Pdf_Folio:128

128 Digital Finance

 Peer-to-peer investors take both risks and return on Relatively high risk assumed by lenders
investment (interest payments)

No additional costs (acquiring capital) to cover losses Additional costs to cover losses on bad loans
on bad loans

Cost structure deemed more transparent and value add Cost structure considered less transparent

Continuous balancing of capital lending and supply – Funds readily available to be distributed
can result in longer funding periods

Source: CPA Australia 2021.

Since the landscape of alternative forms of lending is evolving rapidly, and also in line with regulatory
and compliance developments, numerous online lenders are adopting hybrid forms of lending, utilising
both peer-to-peer and balance sheet lending schemes. It is expected that the experimentation and wider
adoption of these schemes will unveil more innovative and sophisticated models, enabling online lenders to
both diversify and specialise across different niche markets. It can also be expected that incumbent banking
institutions will engage more actively in partnerships, mergers, or acquisitions with online lenders, or even
run their own proprietary online lending platforms.

INVOICE FINANCE
Under the invoice finance umbrella two mainstream options can be observed: invoice factoring and
invoice trading.

Invoice Factoring
Invoice factoring involves a contractual agreement with a third-party provider, which is responsible for
managing the entire sales ledger. Such providers usually contact customers directly in order to collect
payments. Even though a number of companies find this convenient, research has shown that such an
arrangement may result in loss of trust and mismanaged approaches, which can put a delicate customer
relationship in jeopardy. Moreover, invoice factoring entails fees and contractual arrangements that can be
inflexible, costly and complicated.

Invoice Trading
Invoice trading, peer-to-peer invoice finance and invoice crowdlending allow businesses to sell
individual outstanding invoices through electronic platforms (e.g. Timelio, MarketFinance) in order to
obtain working capital. This type of pre-financing of outstanding invoices is a form of short-term debt, with
lenders being either individual or institutional investors (Dorfleitner 2017). Invoice trading is considered
to be asset-backed lending because the invoice serves as collateral.
Businesses would normally consider invoice trading as a source of finance for the following reasons:
• improving working capital
• freeing up cash that can be used for short-term liquidity optimisation
• paying expenses
• initiating new investments.
Invoice trading is beneficial to small businesses, as it is easy to apply for, and results in immediate short-
term liquidity without diluting equity. In addition, this type of lending allows small businesses to provide
payment terms to their clients without significantly affecting their working capital (Commercial Capital
n.d.; Reynolds 2018).

Comparing Invoice Factoring and Invoice Trading

One of the key differences between invoice factoring and invoice trading is the structure and the use of
P2P as a platform in invoice trading. This is illustrated in figure 2.11.
In contrast to factoring, which combines services such as managing financial liquidity, insurance,
monitoring of accounts receivable and is tailored towards large enterprises, invoice trading is targeted
towards smaller businesses and only offers the service of pre-financing outstanding invoices (Dziuba 2018).
This type of finance is becoming increasingly popular in the domain of supply-chain finance activities
(Ziegler 2020). Table 2.20 compares invoice factoring and invoice trading.

Pdf_Folio:129

MODULE 2 Future of Money 129

 FIGURE 2.11 Comparison of invoice factoring and invoice trading

Invoice Invoice Investors

factoring trading

P2P
Seller Financier Seller Investors
platform

Investors

Source: CPA Australia 2021.

TABLE 2.20 Invoice factoring vs invoice trading

Invoice factoring Invoice trading

Flexibility: Tend to dictate what is sold, and usually the Flexibility: Seller retains control of which invoices are
seller has to sell everything. sold, and when they are sold.

Transparency: There can be unanticipated, or Transparency: Usually there are no fees to trade
undisclosed fees. invoices, or these fees are very clear.

Contract: Seller can become locked into payment Contract: Seller can sign up and extract themselves at
contract, over a longer term. any time. They can usually pay as they go.

Set-up speed: Can be slow and may take up to 6 weeks Set-up speed: Usually very fast. Set-up occurs within
to receive funds. 48 hours and cash can be delivered within a day.

Privacy and confidentiality: The sellers debtors tend to Privacy and confidentiality: Usually the process is
be notified of their intentions. private and confidential.

Source: Adapted from Teng 2015.

Invoice Trading as an Investment Vehicle for P2P Investors

Unlike mainstream peer-to-peer lending schemes that deal with unsecured loans, invoice trading utilises
legitimate invoices as collateral. Invoice trading is more expensive than credit lines and can be used to solve
cash-flow issues related to clients with longer payment terms. In addition, this type of lending results in
the lender potentially contacting customers of the business, and if an invoice is not paid, the bad debt
is transferred back from the lender to the business to be processed (Commercial Capital n.d.; Reynolds
2018). This means that the lender is running the risk of a customer never paying an invoice. Most investors
choose not to lend the total amount of the invoice to incentivise the borrower to collect the total amount
of the invoice that is still owed. Investors are able to put together a diversified portfolio by sharing invoice
risks with other investors (i.e. purchasing portions of a range of different invoices).

QUESTION 2.12

Explain how the invoice finance business model has evolved with the introduction of electronic
platforms.

2.16 ALTERNATIVE FUNDING

This section aims to provide an understanding of different types of crowdfunding as a mainstream form
of alternative finance (funding) and evaluates the role of crowdfunding in achieving an organisation’s
strategic goals.
Crowdfunding was introduced in module 1. It aims to fund projects or ventures by raising capital
(usually small amounts) from a large pool of people, known as ‘the crowd’. The initiator and backers
are brought together by a platform (almost always an online platform). Crowdfunding can be used to fund
Pdf_Folio:130

130 Digital Finance

both for-profit and social/not-for-profit entrepreneurial ventures. It requires three key parties: the initiator,
the people who support the idea and the platform.
In recent years, different models of crowdfunding have emerged, ranging from businesses offering equity
of the firm to donations towards projects (Belleflamme & Lambert 2014).

INVESTMENT-BASED CROWDFUNDING
Investment-based crowdfunding has significantly grown in popularity in recent years. It is based on
companies offering contractual instruments, equity or debt via an online crowdfunding-platform to a crowd
(Rossi & Vismara 2018). An ownership interest in the business is exchanged (Dehner 2015). In contrast
to other forms of crowdfunding, investment-based crowdfunding campaigns are typically launched by
businesses instead of individuals. The maximum amount of funds to be raised is typically limited (Rossi
& Vismara 2018).
The most common types of investment-based crowdfunding are outlined in the sections that follow.

Equity Crowdfunding
Regulatory changes in some countries have allowed privately owned businesses to raise capital by offering
a specified amount of bond-like shares or equity to investors (Ahlers et al. 2015; Salampasis 2020).
Equity crowdfunding enables early-stage businesses that are not yet publicly traded to raise money by
means of equity, by providing the opportunity to the crowd to become shareholders. Equity crowdfunding
can be conducted in a shorter time-frame and more cost-effectively than an IPO (Ahlers et al. 2015;
Salampasis 2020).
This form of investment can offer potentially high returns for investors, but is highly risky and the
investors typically lack the capability to conduct extensive research on potential investments. The shares
are illiquid as they are not listed on stock exchanges (Ahlers et al. 2015; Salampasis 2020).
As equity crowdfunding involves the sale of a security, legislation in many countries imposes restrictions
on its use, including limits on the participating business’ size, or limits on the funds raised per year.
Australia, for example, requires that the crowdfunding campaigns have to involve accredited intermediaries
(Ahlers et al. 2015; Salampasis 2020). More generally, equity crowdfunding is usually subject to securities
and financial regulations. In Australia, types of equity-based crowdfunding that result in a financial reward
fall under the Corporations Act 2001, as they can amount to a financial product. Other types of equity-
based crowdfunding resulting in ownership or equity interest in exchange for funds are also considered to
fall under the Corporations Act as they can amount to a managed investment scheme. All these activities
are also under the oversight of ASIC (Stevens et al. 2019).
Long-established means of equity funding, such as venture capital, private equity and angel investing
schemes, involve one-to-one relationships with investors. Crowdfunding instead involves an ecosystem of
investors by means of an online platform.
The key attributes of equity crowdfunding can be summarised as follows.
• A predetermined set of terms describing the overall scheme (e.g. how much to sell, how investors will
get rewarded and what will be the price). In order to determine these terms an in-depth analysis and
concise valuation of the venture is required.
• A set of payable fees is required for the online platform (e.g. administration, legal, advisory). These fees
can be significant.
• It provides many people with the opportunity to invest; therefore, on the one hand, there is a breadth of
potential investors, while on the other, the venture does not depend only on fewer wealthier investors.
• The venture must be investment-ready; therefore, a detailed business plan and financial predictions/fore-
cast are required. Key information and accurate data must be readily available for investors to review,
ideally along with relevant marketing materials.
• The online platform will conduct the necessary due diligence, but potential investors also have the right
to conduct their own due diligence and often require additional and more specific information and data
that the business must make available.
• The venture will have to factor in legal costs, in order to manage and comply with all the associated
legal aspects.
• The cohort of investors can be diverse and it is very important to have predetermined conditions around
the purpose of voting rights, the level of control external shareholders will have on the business, the
compensation schemes and other relevant issues.

Pdf_Folio:131

MODULE 2 Future of Money 131

Property-Based Crowdfunding
Property-based crowdfunding or real estate crowdfunding (O’Roarty 2016) involves an entrepreneur
or a property developer (seeker of funding) pooling together funds from investors (providers of funding
who are not ordinarily large-scale investors in these cases) to pay crowdfunding mortgages, which are
secured on specific properties, or to finance property development.
In order to pool the individual investments of the crowd, a special purpose vehicle (SPV) that is managed
by the crowdfunding platform is required (O’Roarty 2016). An SPV is a legal entity, which aims to carry out
a specific purpose or activity. Throughout its existence an SPV cannot have employees, conduct economic
decisions, or go bankrupt (Gorton & Souleles 2007).
Investors seek to be rewarded with dividends and potential capital growth. A major success factor for
campaigns in this domain is that detailed information, outlining the risks of the investment opportunity, is
available (Lowies, Viljoen & McGreal 2017).
Table 2.21 lists the benefits of property-based crowdfunding for investors, and for property developers
(borrowers).

TABLE 2.21 Benefits of property-based crowdfunding

Investors (equity or debt investments) Property developer (borrower)

• Reduced complexity and risk • Higher autonomy and lower fees compared to
• Diversified investment portfolio traditional bank loans
• Higher reach – democratisation provides smaller • Acquiring financing at a faster speed
investors with the opportunity to invest in high-end,
prestigious developments

Source: CPA Australia 2021.

Property-based crowdfunding is branched into two different forms.

• Equity-based property crowdfunding — where the investor will be offered a percentage of ownership
(share) of the property that is available for investing (commercial or residential), proportional to the
investment that has been made. The investor can receive a return on investment (ROI) either based on
the rental income of the percentage of ownership in a case where the property is sold.
• Lending-based property crowdfunding (debt) — where the investor is lending money to the property
owner (the investor becomes a lender and acts as a creditor). The lender will receive a fixed return that
is based on the amount that has been lent and the interest rate. Repayments depends on the type of loan
(short term vs long term). The property itself serves the purpose of being the collateral for the loan.
Each scheme has advantages and disadvantages. The choice between the two, primarily depends on the
kind of return on investment the investor is looking to achieve, together with the perceived reward: risk
ratio. Tables 2.22 and 2.23 summarise the key advantages and disadvantages of equity and lending-based
property crowdfunding schemes, respectively.

TABLE 2.22 Equity-based property crowdfunding — advantages and disadvantages

Advantages Disadvantages

• Has the potential to generate higher returns. • Returns are driven by market prices (volatility) and
• There are tax benefits (normally tax is paid after the may not be guaranteed.
shares are sold). • Due diligence on the companies that run property-
• There are no upper limits on the return on investment. based crowdfunding projects might be difficult.
• Holding period can be very lengthy (in most cases
investments are illiquid).
• Extensive due diligence is required for informed
decision-making (potential difficulties in properly
assessing the real estate market).
• Some property-based crowdfunding platforms may
only accept accredited investors.

Source: CPA Australia 2021.

Pdf_Folio:132

132 Digital Finance

 TABLE 2.23 Lending-based property crowdfunding (debt) — advantages and disadvantages

Advantages Disadvantages

• It is safer, compared to equity (debt gets paid first). • Has lower returns due to lower risks.
• The return on investment is usually more predictable • Due diligence on the companies that run property-
and stable (fixed return based on the interest rate). based crowdfunding projects might be difficult.
• There is a shorter holding period (duration is always • Extensive due diligence is required for informed
known). decision-making (potential difficulties in properly
assessing the real estate market).
• Some property-based crowdfunding platforms may
only accept accredited investors.

Source: CPA Australia 2021.

A blended option called convertible debt is also available, in which start-ups acquire funds from investors
in the form of a loan (lending), which is repaid at a later stage in the form of property shares (equity).

Profit-Sharing (Financial Return) Crowdfunding

Through the profit-sharing model of crowdfunding, businesses sell a share of their future profits or
royalties to investors in the crowd (Belleflamme, Lambert & Schwienbacherd 2014). Online platforms
provide firms with the opportunity to repay investors a multiple of the investment as a percentage against
future revenues. Research has demonstrated that profit-sharing contracts can provide a higher net present
value (NPV), along with a lower probability of bankruptcy (Fatehi & Wagner 2019).

QUESTION 2.13

Outline the main features of equity crowdfunding models for financing entrepreneurial ventures.

NON-INVESTMENT-BASED CROWDFUNDING
Non-investment-based crowdfunding schemes can be either rewards-based crowdfunding or donation-
based crowdfunding.

Reward-Based Crowdfunding
In reward-based crowdfunding, a project attracts the crowd by offering a tangible non-financial reward,
such as a branded t-shirt, or the promise of a product that they will receive in the future (Dehner 2015). In
this context, entrepreneurs incentivise financial donations in return for a service or product. The business
benefits from this form of crowdfunding by not having to dilute its equity. This type of crowdfunding
is very popular within the creative industry where products would probably not qualify for other types
of financing.
This form of crowdfunding also enables businesses to test demand for a product at an early development
stage (Salampasis 2020).
Table 2.24 summarises the advantages and disadvantages of reward-based crowdfunding.

TABLE 2.24 Reward-based crowdfunding — advantages and disadvantages

Advantages Disadvantages

• Considered to be one of the most cost-effective ways • Usually generates only very small amounts of
of raising funds funding
• No collateral needed, but a credit check is required • Potentially difficult to reach a funding goal
• A simple process • Idea exposure to competitors can potentially result
• Equity and control of the company are retained. in having the idea stolen
Funds do not need to be repaid

(continued)

Pdf_Folio:133

MODULE 2 Future of Money 133

 TABLE 2.24 (continued)

Advantages Disadvantages

• Opportunity to gain wider exposure that can • If the funding goal is not reached, this can incur
potentially result in onboarding more early adopters financial penalties and bad publicity
while raising brand awareness • May not be suitable for complicated concepts, or
• Opportunity to test the value proposition projects that are hard to explain

Source: CPA Australia 2021.

In Australia, reward-based crowdfunding does not fall within the Corporations Act and ASIC oversight.
However, due to the promise of rewards, it can be considered to fall under contract law or the Australian
Consumer Law (Stevens et al. 2019).
Reward-based crowdfunding campaigns are provided by a range of crowdfunding platforms. The most
popular platforms are Kickstarter, Indiegogo, Crowdfunder.co.uk and Patreon. Each of these platforms
charges a fee, provides different tools and has different terms and conditions that should be understood
prior to engagement.

Donation-Based Crowdfunding
Donation-based crowdfunding builds upon the intrinsic value of a project, receiving donations from
individuals who do not expect ownership or returns from the project (Dehner 2015). This form of
fundraising is typically utilised by individuals or not-for-profits (Salampasis et al. 2020). Donation-based
crowdfunding is a vehicle to pool funding from the crowd in order to finance a project with a social purpose
or cause, without the expectation of having the funds returned. Examples might include raising funds for
renovating a school, creating a community garden or covering high and unanticipated medical expenses.
Table 2.25 summarises the advantages and disadvantages of donation-based crowdfunding.

TABLE 2.25 Donation-based crowdfunding — advantages and disadvantages

Advantages Disadvantages

• Donated funds are received quickly. • A number of crowdfunding platforms can keep a
• A number of crowdfunding platforms do not charge percentage of the donations as a fee.
fees for donation-based campaigns. • Requires marketing and in some cases it may be
• Can be leveraged to reach a broader network of difficult to reach out to the crowd.
people. • It can be considered a ‘crowded’ marketplace where
• Can pool small donations from a large number of numerous venturers may be ‘competing’ for funds.
people (crowd). • A number of crowdfunding platforms may impose
• Builds accountability and transparency in terms of minimum funding targets.
how donations are managed and utilised. • It may be difficult to reach funding targets,
• Offers the opportunity to establish a broader sometimes if funding targets are not reached then
community of social cause advocates and supporters. the funds are not released by the crowdfunding
platform.
• Donations could be used for tax evasion or money
laundering purposes.

Source: CPA Australia 2021.

Within Australia, donation-based crowdfunding does not fall under the Corporations Act and no ASIC
oversight is provided (Stevens et al. 2019).

2.17 CRYPTO-BASED FUNDING

DLTs and, more specifically, the Ethereum blockchain system, aim to foster disruptive innovation,
decentralisation and democratisation of entrepreneurial financial funding and investments, changing the
way stakeholders invest through new crypto-enabled mechanisms (Salampasis et al. 2020).
Contrary to other forms of crowdfunding, tokenised crowdfunding allows for crowdfunding tokens (in
most cases) to be traded within a secondary market. A number of approaches are described below.
Pdf_Folio:134

134 Digital Finance

INITIAL COIN OFFERINGS
ICOs enable businesses to sell utility/access tokens compliant with Ethereum’s ERC-20 standards.
ICOs have significant benefits over traditional entrepreneurial sources of finance, such as founder
bootstrapping, bank debt, angel investors and venture capital, and IPOs for more advanced firms.
ICOs enable firms to raise substantial funds quickly and cost-effectively at a very early stage of the
business’s development. This can facilitate rapid technology and business model development, without
giving up equity or taking on debt. Many of the blockchain models are network-related; the attractiveness
of this business model for potential investors (and those targeted to use blockchain solutions) is affected
by having a critical mass of participants, particularly key industry players who are already utilising or
are willing to utilise the platform (Chen & Wu 2018). Pre-sales or airdrops (free deposits) of tokens or
coins are often made to key players with the intent of incentivising them to join the platform and in the
hope that they will encourage others to do so, due to the potential of a substantial increase in the value
of tokens during and after the ICO (Chen & Wu 2018). The ability to raise funds quickly to develop
and market the blockchain platform may provide a first-mover advantage, and a barrier against future
competing offerings.
From the investor perspective, ICOs provide a relatively unique vehicle to participate in very early-
stage investments in a liquid form because many, but not all, of the coins issued, are tradable on
cryptocurrency exchanges. It has been argued that ICOs represent a democratisation of investment:
individual investors can directly support the development of blockchain solutions that they would like
to see succeed, rather than enabling intermediaries, such as bankers, venture capitalists and executives of
large companies to decide which ventures get funded (Chen & Wu 2018). The ICO process is illustrated
in figure 2.12 and described below.

FIGURE 2.12 The ICO process

Blockchain — smart contract

Project ICO Investors

Create smart contract Key parameters Funds
(soft & hard cap; $
Funds duration; token price)

Create smart Send funds to smart

contracts before Token contract and receive
ICO Facilitates token usage corresponding tokens
(initial distribution; automatically
Create smart contract Token
subsequent transfers)

(Human) initiating processes Fully automated processes

Source: CPA Australia 2021.

• The venture that wishes to raise funds prepares a whitepaper describing the purpose of the project and
the token that will be issued for the purpose of the fundraising process (crowdsale).
• A smart contract required for the token sale is written and added to a tokenisation platform such as
Ethereum.
• A website is developed that includes all the necessary information about the project, the venture and the
ICO campaign.
• The venture may wish to list its token on one or several marketplaces or exchanges. This means that
after the ICO campaign is completed secondary trading can be enabled.
• The venture engages in a marketing and promotional campaign (usually on social media).
• Once the ICO campaign is launched investors can purchase tokens by sending transactions to the token
smart contract.
• Upon completion of the ICO and upon condition that they are listed on an exchange, tokens can become
tradable. At the same time, the venture can pool the crowdsourced funds and use them to fund the
venture.
Pdf_Folio:135

MODULE 2 Future of Money 135

 The ability of companies to raise so much money, so rapidly through ICOs is, to a large extent,
enabled by the evolving nature of regulation of ICOs around the world. Many offerings effectively take
place in relatively unregulated markets without the offerings necessarily being vetted or endorsed by
knowledgeable and trusted intermediaries. Investments in coins issued through an ICO, either through
the ICO or subsequently on a cryptocurrency exchange, represent a high risk for investors due to the
early stage of businesses raising funds, experimentation around blockchain business models, and the
aforementioned lack of regulation (Chen & Wu 2018). Not surprisingly many ICO raisings have failed.
Regulators around the world are developing regulation more aggressively, examining the behaviour of
founders and promoters, and seeking to introduce regulatory certainty for companies. Example 2.16
examines the ICO campaign of a blockchain-enabled online education platform.

EXAMPLE 2.16

BitDegree
BitDegree launched an ICO campaign in December 2017. BitDegree is a blockchain-enabled online
education platform. The platform has its own token (BDG) that is used for scholarships and to acquire
technical talent. Via the BitDegree platform students are offered online courses, and businesses can recruit
technology talent to support the development of the future workforce. The utility token sale began on
1 December 2017 and ended on 28 December 2017, attracting 12 000 contributors. The total amount
raised was $22 130 000. The ICO token price was 10 000 BDG = 1 ETH. The total token number was
660 000 000. The BitDegree utility token distribution was:
• 66 000 000 tokens for the BitDegree Foundation
• 165 000 000 tokens for the scholarship pool
• 336 600 000 tokens available to the public at the time of the ICO campaign launch
• 66 000 000 tokens for the team of developers
• 13 200 000 tokens for advisors and partners as incentives/rewards.
The accepted currency was Ether (ETH). The token was issued immediately after the ICO. KYC
processes took place.

INITIAL EXCHANGE OFFERINGS

Initial exchange offerings (IEOs) aim to provide improvements over the ICO system (Salampasis
et al. 2020).
Essentially, IEOs follow the same pattern as ICOs, but a cryptocurrency ‘exchange’ (also known
as launchpad) acts as an intermediary and conducts and underwrites the sale (Artzt & Richter 2020;
Salampasis et al. 2020).
The exchange is responsible for the overall audit and analysis of the project, evaluating the potential of
the token before initiating the IEO, and managing the entire process via its online platform. IEOs bring
more standardisation to achieve greater reliability compared with ICOs.
Since the IEO process is conducted via a cryptocurrency exchange, the token issuer (crypto start-up)
is required to pay a listing fee, together with a percentage of the tokens that have been sold during the
IEO. The tokens are sold on the platform of the cryptocurrency exchange. Even though IEOs utilise smart
contracts (in the same manner as ICOs do), the IEO investors need to fund their exchange wallets with
accepted coins (such as Ether) first, in order to purchase the tokens issued by the crypto start-up. This
means that the smart contract is managed by the cryptocurrency exchange. Moreover, in IEOs the token
ownership can be tracked within the accounting system of the cryptocurrency exchange and not on the
blockchain (Artzt & Richter 2020).
Table 2.26 summarises the differences between ICOs and IEOs.

TABLE 2.26 ICOs vs IEOs

Initial coins offerings Initial exchange offerings

The fundraising campaign is conducted via the token The fundraising campaign is conducted via the
issuer’s (crypto start-up) website. website of the cryptocurrency exchange.

The crowdsale is managed by the crypto start-up. The crowdsale is managed by the cryptocurrency
exchange.

Pdf_Folio:136

136 Digital Finance

 The smart contract is managed by the crypto start-up The smart contract is managed by the cryptocurrency
that is conducting the token sale. exchange.

KYC/AML can happen but this is determined on a KYC/AML is conducted by the cryptocurrency
project by project basis. exchange.

The crypto-start-up is required to put together a The cryptocurrency exchange handles the marketing
marketing campaign in order to raise awareness and campaign (cost is factored in the fee agreement).
attract attention (can be costly).

Screening is not required in order to launch a crowdsale. Screening is required and the cryptocurrency
In principle, anyone is able to launch an ICO campaign exchange is responsible for screening the crypto start-
in a country where it is legal. up before it will permit the crypto start-up to utilise its
platform in order to raise funds.

If a crypto start-up wishes to list its tokens after the The cryptocurrency exchange will automatically list the
crowdsale then this needs to happen through an tokens after the crowdsale.
exchange.

Source: CPA Australia 2021.

Due to the lack of regulatory oversight, numerous ICO campaigns took place without ensuring proper
KYC/AML processes were met. Many crypto start-ups (token issuers) exploited the situation and initiated
ICO campaigns, without promising value propositions, and with unscalable business models. Some crypto
start-ups had not even communicated a proper whitepaper. This resulted, across numerous cases, in the
funding of a range of dubious and sometimes illegitimate business models, and many investors lost their
money. This is the main reason for the widespread failure of ICOs, and the development of more concrete
and proper blockchain-enabled funding schemes such as IEOs. IEOs aim to protect investors by ensuring
proper KYC/AML processes and complying with regulatory requirements. To that respect, from an ICO
process, understanding, and evaluation perspective, it is very important to know whether proper KYC/AML
processes took place, in conjunction with the nature of, and the objective of the organisation seeking to
use this business funding model.

INITIAL DEX OFFERINGS

Initial DEX offering (IDO) is a novel fundraising mechanism within the crypto-based funding space. This
method is very new and is therefore in the experimental phase. A DEX is a decentralised cryptocurrency
exchange. The value proposition behind DEXs is that they allow crypto start-ups to list tokens without
paying the fees that centralised cryptocurrency exchanges would normally require (as in the case of IEOs).
Moreover, the decentralised protocols operated by DEXs are permissionless and so ensure greater reach
for the tokens.
An IDO generally consists of four steps.
• Step 1: pre-sale. Early-stage backers and venture capitalists bootstrap the network. In exchange for
taking on early risks they received tokens (usually at a slightly discounted rate).
• Step 2: public sale. The public sale takes place on a Decentralised Exchange (DEX). It is important to
note that contrary to ICOs, the capital that is raised during an IDO is denominated in a mix of Ethereum
(ETH) and stablecoins.
• Step 3: listing. Listing on the decentralised cryptocurrency exchange occurs. There is no need for
approval or for payment of any fees.
• Step 4: liquidity incentivisation. This constitutes a broad set of programs that a token issuer can initiate
in order to commence usage of their product and/or service.
IDO is a method for raising funds for DeFi crypto projects. This method is only applicable for projects
that have a functioning product/service and it is not appropriate for projects that are either in a pre-product
phase, or for organisations that wish to raise funds on the promise of a whitepaper (as in ICOs, IEOs).
As a new crypto-based funding vehicle, it is expected to be some time before IDOs potentially become a
reliable mechanism for raising capital.

SECURITY TOKEN OFFERINGS

A security token offering (STO) is similar to an ICO, but an STO token tracks ownership against some
sort of a real-world asset such as shares. STOs are, therefore, perceived as security offerings.
Pdf_Folio:137

MODULE 2 Future of Money 137

 The ownership information that relates to the investment product is represented by a security token and
is recorded on the blockchain. This makes fractional ownership of a security possible.
Benefits of STOs include the following.
• STOs can provide greater liquidity as they can practically allow anyone from around the world
to participate.
• STOs establish a robust global trading capability due to the ability to tokenise financial instruments or
assets. This ability also enables easier global tradability.
• STOs, through the fractional ownership attribute, can reduce barriers to entry and provide opportunities
for low capital investors to participate and contribute. Moreover, due to the fact that this method does not
depend on intermediaries, it is considered to be a more cost-effective and cost-efficient funding scheme
than ICOs.
• STOs provide flexibility to business owners as they do not depend on a specific exchange.
• STOs provide security to investors due to their built-in compliance mechanisms (KYC/AML) and the
fact that STOs are backed up by tangible assets that offer legal rights (e.g. voting rights or distribution
of revenue to investors).
The main disadvantages associated with STOs are around the administrative burden that a venture needs
to undertake to ensure they comply with regulatory requirements, especially securities laws. Compared
with ICOs, STOs are more difficult to launch because they must comply with regulatory requirements,
including offering an investment contract that complies with securities regulation, and they can only raise
funds from accredited investors.
Moreover, the relevant jurisdictional regulatory requirements can limit access to an STO, resulting in a
smaller pool of prospective investors.
Table 2.27 summarises the differences between ICOs and STOs.

TABLE 2.27 ICOs vs STOs

Initial coin offerings Security token offerings

They do not need to be in compliance with regulatory They must be in compliance with regulation (in
requirements. principle securities law).

They are considered a higher risk investment vehicle. Risk is lower.

They are not asset-backed. They are asset-backed.

The true value cannot be easily assessed (highly True value can be assessed easily.
speculative).

Source: CPA Australia 2021.

QUESTION 2.14

Outline the obstacles to raising funds through an ICO.

2.18 IMPACT ON THE ORGANISATION

This section deals with the process of choosing funding appropriate to the organisation’s strategic goals.
From a venture point of view, a variety of financing needs may arise, depending on the stage of development
of the venture.
• Pre-start-up phase. During this phase financing needs can emerge from requirements to develop a
prototype, to prepare a strategic commercialisation plan, to conduct market research, or to further
conduct research and development.
• Start-up phase. During this phase financing needs can emerge from requirements for purchasing
inventory and equipment, to manage professional fees (legal, accounting, advertising etc.) and of course,
from expenses that are prepaid (rent, insurance policies, utility bills, salaries among others).
• Post-start-up phase. During this phase financing needs can emerge from ongoing costs for advertising,
salaries, utilities, rent and to cover immediate, seasonal, cyclical or even unexpected cash flow
requirements.
Pdf_Folio:138

138 Digital Finance

• Growth phase. During this phase financing needs can emerge from plans to expand, plans to add more
distribution channels, potential for acquisition, plans to expand geographically (both interstate and
international) and to cover the cost of underwriting more financing.
Funding usually involves a cost, whether a direct financial cost or losing a degree of independence
or control over the business. For example, a bank loan means a commitment to a lengthy repayment
plan; an equity-crowdfunding campaign gives shareholders some control over the business. Choosing the
funding model (either traditional or alternative) most appropriate to the organisation’s unique needs and
circumstances is critical.

BORROWER AND INVESTOR PERSPECTIVES

From the borrower’s perspective, the choice of funding scheme should consider the:
• amount of money a business/individual needs
• purpose of utilising this money
• profile of the borrower
• type of business/project/individual need that this money is meant for
• strategy in place to engage potential investors and bankers
• intention and plan for repayment.
From a prospective investor’s perspective, the choice of funding scheme should consider the:
• type of risks that a prospective investor is willing to take (higher risk, higher return)
• type of investing engagement and return on investment that is desired (short, mid, long-term)
• amount of money a prospective investor is willing to invest
• values and principles a prospective investor (and/or their community) has and shares
• perceived impact and change in the world a prospective investor would like to bring (contribute to)
• level of engagement a prospective investor would like to have with the borrower/investee.

CHOOSING BETWEEN OR BLENDING MAINSTREAM AND

ALTERNATIVE FINANCING
Table 2.28 shows the mainstream sources of funding, blending both traditional and non-traditional forms
of funding, alongside crypto-based funding.

TABLE 2.28 Funding sources

Crypto-based Equity Non-investment Debt

• ICO • Early stage venture • Reward-based • Family and friends

• IEO – Equity crowdfunding crowdfunding • Small business loan
• IDO – Venture capital • Donation-based • Peer-to-peer lending
• STO – Business angels (early crowdfunding • Leasing
investors) • Charities, foundations, • Debt crowdfunding
– Accelerator-based donations • Factoring/invoice
funding discounting
– Investment bankers • Banks
• Late stage venture – Bank loan
– IPO – Bank overdraft
– Credit cards
• Microfinance
• Government-funded
capital

Source: CPA Australia 2021.

Each of these funding schemes can be used for different purposes and has inherent peculiarities and
conditions. Matching a venture’s characteristics with the appropriate form of funding is the most important
strategic question. Consider examples 2.17–2.19.

Pdf_Folio:139

MODULE 2 Future of Money 139

 EXAMPLE 2.17

Business A
Business A has high risk and the return on investment is quite uncertain and unstable. The cash-flow is
weak and the growth rate is expected to be low to moderate. The business has high leverage, meaning
that the business has more debt, compared to equity. Finally, the business’ management is unproven and
there are doubts that it will be able to realise the goals and the value proposition of the business.
Points of Consideration
Taking into account the characteristics of the business, the likely options as a source of funding could
be personal funds, friends and family or other forms of bootstrapping (e.g. credit cards, personal loans,
bartering).

EXAMPLE 2.18

Business B
Business B has low risk and the return on investment seems to be more predictable. The cash-flow looks
strong and the leverage is low. Moreover, the financials are properly audited and managed and the overall
balance sheet and cash flow look strong and healthy. There is no history nor indication of loan repayment
issues. Furthermore, the business’ management team are capable, and there is confidence that they are
managing the business in a sound and effective manner. The owner-manager of the business is trustworthy
and understands the business.
Points of Consideration
Taking into account the characteristics of the business the appropriate umbrella of funding schemes would
be debt financing. The specific form of debt financing will depend on multiple parameters, as already
discussed.

EXAMPLE 2.19

Business C
Business C is expected to offer a high return. The value proposition and the business model leverage on
a unique and highly innovative business idea that has a high and sustainable potential. The business is
expected to experience high growth. The business is active within a very niche market with high barriers to
entry. Moreover, the management team has proven itself and is able to drive further growth of the business.
The owner-manager and the team have a solid understanding of the business, they are trustworthy, and
they share the vision and genuine desire to succeed. Management is capable and has identified all the
potential risks and has put in place a range of different contingency plans to minimise disruption.
Points of Consideration
Taking into account the characteristics of the business, the appropriate umbrella of funding schemes
would be equity financing. However, debt financing might also be an option depending on the owners’
willingness to dilute or not their ownership. Both equity and debt financing have advantages and
disadvantages and dedication to either scheme depends on contextual peculiarities. A blended approach
may also be possible.

IMPACT ON THE CURRENT FINANCE SYSTEM

Technology is driving change to financial services and the overall finance system, and the emergence
of alternative finance business models unveils a shift in the way both debt and equity funding will be
perceived and implemented in the future. What will be critical across all these cutting-edge developments
is informed decision-making and for all stakeholders to be aware of the changes that digital transformation
and disruption bring, both to funding and lending, but also in the broader finance system.
Current asset classes (e.g. IPOs, banking loans, venture capital) have begun to look expensive,
complicated and unattractive. Investors are always looking to alternative methods, and new asset classes
to leverage different investment opportunities. SMEs and start-ups are facing multiple barriers and hurdles
in their quest to obtain capital.
Pdf_Folio:140

140 Digital Finance

 The new landscape of alternative finance and the rise of FinTech is establishing new norms that enhance
current funding and lending schemes, promise better management of economic stress, and enhance data-
driven governance, transparency, and risk management. In this context, more competitive dynamics are
expected to arise, and additional pressure and reliance will be placed upon technological innovation,
data governance, regulation, compliance, sound policy and industry-led tools. The disintermediation and
decentralisation of the value chain allow consumers to shift further toward digital technology, e-commerce,
peer-to-peer systems, and decentralised forms of funding and lending.
Investors, borrowers and consumers, in general, are becoming more informed, more value-driven and
more ethically conscious, putting a lot of attention on the types of projects that they invest in, while taking
environmental, social, governance and ethical criteria into account. At the same time, capital formation is
becoming more distributed and the flow of global information allows people anywhere in the world to be
reached.
Alternative finance and FinTech are strongly positioned within the entire finance system, providing an
opportunity for businesses and individuals to utilise data-driven technology to invest and manage assets,
capitalising upon many opportunities around the world. At the same time, regulation needs to proactively
support these business models while protecting the integrity and security of the finance system and the
consumers.
This democratisation and diversity of capital require innovative regulatory and compliance regimes,
novel policies to support growth, employment and social change, while challenging incumbent institutions
to innovate in order to remain relevant and part of the competition. Moreover, it puts forward the
establishment of new cultural norms around funding and lending, and highlights the critical role of trust
in financial services towards delivering transparent, novel, ethical, and just outcomes for consumers.

SUMMARY
Alternative finance is any form of financing through sources outside the conventional financial system.
It has grown significantly in recent years as technology has driven innovation. This has provided new
opportunities for SMEs and start-ups in particular, who have long encountered difficulties raising finance
through traditional providers.
Alternative lending includes peer-to-peer lending, balance sheet lending and invoice finance. Investment
and non–investment based crowdfunding provide another potential source of funding. Finally, for cryp-
tocurrency businesses, a variety of funding mechanisms have been developed. Initial coin offerings are the
cryptocurrency equivalent of IPOs. Perceived shortcomings of ICOs have, however, sparked a number of
alternative approaches.
The choice of funding, whether mainstream, alternative or a mix must be made with careful considera-
tion for the business’s particular needs and circumstances, including its phase of development, cash flow,
expected growth, existing debt, debt-to-equity ratio, credit and other factors.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

2.3 Support the adoption of alternative finance sources to the organisation’s stakeholders as an
innovative solution to traditional finance requirements.
• Alternative finance business models are changing the way debt and equity funding is implemented.
• Stakeholders need to be aware of the changes in order to be able to make informed decisions.
• Alternative finance sources can be cheaper, less complicated and easier to access, particularly for
SMEs and start-ups that traditionally facing multiple barriers in accessing capital.
• The disintermediation and decentralisation of the financial services value chain increasingly enables
a shift toward decentralised forms of funding and lending.
• Alternative finance sources include peer-to-peer lending, balance sheet lending, invoice finance,
crowdfunding and crypto-based funding.

Pdf_Folio:141

MODULE 2 Future of Money 141

 PART F: FUTURE OF BANKING
INTRODUCTION
Shifting customer preferences and changes to regulations have historically had a profound impact on the
banking industry (Bellens & Meekings 2020; Rowland 2017). The pervasive use of technology has led
to the introduction and mainstreaming of online and mobile banking. Regulatory impacts include the
introduction of the supplementary leverage ratio (SLR) and liquidity coverage ratio (LCR) in response
to regulations intended to ensure banks have sufficient liquidity to cover for losses.
FinTech has begun to alter the future of banking and payments globally by enabling and developing new
business models and value propositions within a highly regulated industry (PwC 2016).

2.19 FUTURE OF BANKING

The banking industry is undergoing unprecedented change due to the shifting customer preferences,
regulatory changes, rapid advances in technology and the entry of FinTechs into the financial services
market. In this section we will focus on the potential future of banking as it relates to the future of
money overall.

CUSTOMER PREFERENCES
Customer preferences are the major catalyst for innovation within banks. Banks are embracing technologi-
cal developments to connect and cultivate relationships with their customers. Moreover, banks are seeking
to leverage the abundance of data that is becoming available to them, in order to better understand their
customers, and provide more customised products and services that personalise the banking experience,
such as real-time offers on the banking app when customers are walking past certain retail stores.
Customers as a whole are increasingly comfortable with technology, and prefer it when it delivers
convenience, practicality and usability. The increased adoption of digitalisation has reduced face-to-face
interaction, but customers still prefer it when they need to solve complex issues, seek specialist advice and
guidance, or engage with complex products, such as a mortgage (Dallerup et al. 2020). Because of this,
bank–customer interactions are shifting to a blended model.
Customers also increasingly expect seamless integration between businesses and financial services
(PwC 2016b). For example, Australian businesses that accept online payments may now benefit from
providing their overseas-based clients with the option to pay in currencies other than Australian Dollars.
Because of this, businesses now expect their banks to be able to manage all the back-end transactional
services of converting foreign currencies and verifying transactions.
Accenture’s 2017 Global Distribution & Marketing Consumer Study identified three archetypes of
banking consumer with different preferences (Accenture 2017a). These are summarised in table 2.29.

TABLE 2.29 Banking consumer archetypes

Nomads Hunters Quality seekers

• Digitally active • Price sensitive • Value brand integrity

• Seek to capitalise on new delivery • Digitally competent, but still value • Value excellence in service
models face-to-face engagement • Loyal
• Willingly share data to receive • Expect banking to be service-driven • Seek to engage with organisations
personalised and customised services • Prefer traditional providers that put the customer first
• Willing to engage with non-traditional • Require and prefer services that • Not particularly price sensitive
service providers involve human interaction • Value data protection
• Expect banking to be service-driven • Open to new services • Value responsive service
• Expect personalisation from banks • Trust is critical
• Appreciate bank innovation • Interested in innovation
• Appreciate self-service opportunities • Open to automation
• Seek a new bank branch service • Seek a value-enhanced experience
experience

Source: Adapted from Accenture 2017, ‘2017 Financial Services Global Distribution & Marketing Consumer Study’.

Pdf_Folio:142

142 Digital Finance

ENABLERS OF CHANGE
Two key enablers of new financial services are advances in technology and the evolving regulatory
framework.

Technologies
Digital banking technologies provide a bank’s customers with the ability to bank online, and process
contactless and instant payments. These technologies also affect the bank’s ability to digitally streamline
and improve everything from front-end operations to back-end functions.
The key characteristic of these technologies is the fact that they are data driven. They depend on solid
data management and governance schemes, along with interactivity and interoperability capabilities.
A key element, when considering and evaluating technologically led applications, is the fact that behind
a single business model a combination of technological capabilities can co-exist. Due to the fact that all
these technologies are data-driven and data-led, they institutionalise and embody a data-embedded culture
within banking, opening doors for cutting edge products, services and business models.
At the other end of the spectrum though, banking organisations need to realise that these technologies
cannot simply function as ‘plug-and-play’ or off-the-shelf solutions — well considered and planned
integration processes are required to shift from legacy systems and existing organisational architectural
designs. These technologies require appropriate mindsets that embrace innovation and thrive in a multi-
disciplinary setting. Organisations will require talent that can see and operate beyond generic and siloed
proprietary domains.
The most prominent technologies that are spurring change, and have the most potential to shape the
future of banking, include:
• hybrid cloud — enterprise-wide frameworks to enable AI to perform advanced analytics (discussed in
modules 3 and 4) on banks’ big data in order to better understand and engage with customers
• automation — a blend of technologies (be discussed in module 3), is being used to automate tasks
and processes, augment human performance to improve the speed, quality and scale of operations, and
enable new service innovations
• API platforms — the integration of data, processes and services across multiple systems to create new
service experiences for customers (Shevlin 2020)
• instant payments — payment innovations that enable near-real time exchanges to meet business and
customer expectations
• augmented reality — an immersive technology to enhance customer experience, and provide a new way
of capturing information and visualising data
• blockchain — a potentially decentralising and disintermediating transformative force in the financial
system, but also a platform that may enable traditional institutions to improve certain banking functions
and activities such as cross-border payments and digital identity verification
• AI — enabling advanced analysis of big data to improve and implement sound and informed decision-
making across the entire value chain of financial services
• prescriptive security — the use of advanced analytics, AI, big data analysis and real-time monitoring
tools to help organisations foresee and gain earlier visibility of potential cyberthreats
• smart devices and the Internet of Things (IoT) — enabling new ways for institutions and customers to
interact.

Regulatory Framework
Key developments in the regulatory framework include: smart regulation and compliance, regulatory
sandboxes, and the open banking and the Consumer Data Right (CDR) scheme. We will discuss each
of these below.
Smart Regulation and Compliance
Regulation tends to be slower than technological developments. It often fails to keep pace in a proactive,
agile and responsive manner. The exponential growth of technological developments and the high adoption
rate in banking and the other financial services industries signal to regulators and policymakers that
current regulatory frameworks and regimes are not keeping up with the emerging financial technologies
environment.
Regulatory technology (RegTech) aims to instil a data-driven and data-led mindset in the key areas of
regulatory monitoring, reporting and compliance. RegTech aims to implement more granular and effective
Pdf_Folio:143

MODULE 2 Future of Money 143

supervision of the financial services industry and provide close to real-time insights that can support the
investigation of compliance breaches, and act proactively when a problem is identified.
RegTech is leading to a fundamental shift from a risk-based or problem-based regulation to stakeholder
and competition-based regulation, or opportunity-based regulation. A revised mindset around regulatory
innovation is embedding a collaborative problem-solving attitude, an appreciation for technological and
policy evolution, the cultivation of the notion of smart compliance, and the seeding of new strategies for
trust. RegTech is discussed further in module 5.
Regulatory Sandboxes
A regulatory sandbox provides innovators in FinTech the opportunity to test new products, services and
business models within a controlled environment (i.e. the sandbox) outside of existing regulations (NSW
Department of Industry 2016).
This is intended to stimulate innovation in two ways.
1. Remove regulatory obstacles that could prevent emerging innovators from testing products and services
(Relihan 2018), while maintaining sufficient oversight and control.
2. Provide regulators with knowledge and awareness of emerging and upcoming FinTech innovations, to
better understand and thus respond to the benefits and risks of these technologies (Siering & Otto 2020).
In 2020, the Treasury of the Australian Government finalised federal-level regulations, paving the way
for the establishment of an enhanced regulatory sandbox to boost the Australian FinTech ecosystem. This
is discussed further in module 5.
Open Banking and the Consumer Data Right Scheme
Open banking refers to the sharing of data between banking institutions. As described in module 1, in
Australia, the CDR scheme requires banks to share customer data (via a secure channel, i.e. APIs) with
competing banks, accredited FinTechs, and other accredited businesses when directed, and with customer
consent.
Open Banking is expected the generate the following benefits:
• increased and improved competition among incumbents, FinTechs, BigTechs and other accredited
businesses
• reduced operational costs
• enhanced user convenience
• better consumer protection
• greater connectivity within the financial services ecosystem
• more innovation
• new streams of revenue
• reduced start-up costs for new customer acquisition.

Barriers to Change
Alongside the enablers of change, it is important to recognise there are barriers to digitally enabled banking
applications. These include:
• cost and resources
• regulation and compliance
• organisational and cultural resistance
• scalability of IT-led business models
• legacy systems and processes.

WHAT DOES THE FUTURE OF BANKING LOOK LIKE?

The new digital era is fundamentally changing the way people do business. Banking is undergoing
substantial, and to a certain extent, accelerated transformation. The integration of data-led technological
developments and smart analytics capabilities, together with the sharing and interoperability of data, pave
the way towards the next generation of banking services. We will explore various aspects of the possible
future of banking below.

Operational Effectiveness and Efficiencies

Businesses that are adopting more digital and card-based payment methods have reported increased
operational advantages. Table 2.30 lists the benefits identified by Australian and New Zealand businesses
in a Deloitte survey (Deloitte 2018).
Pdf_Folio:144

144 Digital Finance

 TABLE 2.30 Business improvements associated with digital payments

Business improvements (digital Percentage of respondents who

payments vs manual payments) noted an improvement

Reduction in payment processing time 75%

Reduction in the number of approvals 74%

required

Reduction in general administration cost 68%

Better visibility and data reporting 63%

Better supplier relationships 53%

Better cash flow 47%

Source: Adapted from Deloitte 2018, ‘SME digital payments: New opportunities to optimise’,
The Paytech Revolution Series, Deloitte, https://b2bpay.com.au/wp-content/uploads/2018/03/
Deloitte_Payments-Landscape-Report-2018.pdf.

Businesses have increasingly comprehensive access to information about financial products and increas-
ing ability to acquire and utilise financial products that are tailored to fit their needs. This adoption of
new technologies and digitisation will allow these businesses to provide better experiences to their own
customers, and enable them to gain access to international markets. The next step for businesses is to
conduct internal and external assessments of their capabilities and options so they can make informed
decisions on how to best implement these developments into their existing processes.

Banks’ Strategic Response to FinTechs

The three main strategies adopted by incumbent banking institutions in response to FinTechs and the overall
transformation of the banking sector are:
• reinforcing the core — augmenting existing offerings through in-house digital transformation to build
digital capabilities for core banking and digital banking
• creating a new distribution channel — strategically leveraging third parties for distribution to create
value for all stakeholders by
– providing third parties with access to data and services by means of open banking
– embedding services into third-party customer experiences (creating invisible banking)
– developing and launching co-branded products and services
• launching new ventures — creating new business models by becoming an ecosystem builder.
In creating new business models, banks can create new ecosystems, extend existing ones or diversify
into non-financial ecosystems (e.g. hospitality, travel or retail). By adopting this strategy banks could
potentially shift from being developers of financial solutions to become assemblers and curators of data-
led and consumer-driven financial services, innovative tools and new offerings. Example 2.20 examines
how Ant Technologies has been doing this.

EXAMPLE 2.20

Ant Technologies
Ant Technologies is a spin-off of China’s Alibaba, offering financial services such as a mobile wallet
(i.e. Alipay), online lending platform (i.e. MyBank), and an investment fund (i.e. Yu’e Bao) (Mansueto
Ventures n.d.). In 2018, Ant Technologies introduced a cross-border remittance network based on its
blockchain system through Alipay in Hong Kong and GCash in the Philippines.
Ant chose to partner with Standard Chartered Bank as the settlement bank for Alipay and GCash. This
collaboration means customers can remit money instantly between Hong Kong and the Philippines at
more competitive exchange rates with a minimal transaction fee (Business Wire 2018).
Ant Financial recently rebranded to Ant Technologies under the scheme of ‘definancialising’ operations,
in order to focus on providing technology services to financial institutions. This scheme could be a
precursor to regulatory arbitrage, as it operates the Alipay mobile payments network and the Tianhong Yu’e
Bao money market fund as a technology provider, not a financial institution. Time and future developments
will determine how BigTech players will behave when trying to meet the digital demands of the new era
of banking.
Pdf_Folio:145

MODULE 2 Future of Money 145

Neobanks in Australia
A neobank is any FinTech firm that offers digital or mobile-only financial services and has its own banking
licence. There are also non-neobank FinTechs and other money-related apps which, instead of acquiring
their own licences, have formulated partnerships with existing licence holders.
Neobanks focus on their customers’ user experience. A neobank’s initial service offering could be
limited to prepaid debit cards, before branching out into other personal finance products and services
(e.g. payment and money transfer, loans or budgeting). Neobanks target curious and informed customer
segments who are willing to try new financial services brands. A number of neobanks operate under
a ‘freemium’ or subscription-based revenue model, offering their products for free while charging for
additional features by means of multi-tiered and/or premium accounts (e.g. Revolut). Moreover, a number
of neobanks develop their business models by targeting niche markets. Generally neobanks have the
following characteristics.
• There are no branches; neobanks operate completely online.
• All operations take place via a mobile app.
• Customer onboarding can take place fully online, anywhere, anytime.
• Tools and services are provided to track and manage expenses and savings.
• International transactions are processed quickly and securely.
• Customer service is optimised through apps that are engaging, customer-friendly and intuitive.
• Neobanks promote a new and innovative ‘culture’ in banking.
Advantages of neobanks include:
• lower costs
• user-friendly interface
• transparency
• more loan options and easier approvals.
Disadvantages of neobanks include:
• no physical branches
• lack of consumer protection
• no deposit insurance.

Banking-as-a-Service (BaaS)
Banking-as-a-service (BaaS) is where organisations with a banking licence integrate their digital banking
services directly into the products and services of other non-bank businesses (Dolan 2019). As a key
component of open banking, banks are sharing their APIs with partners and other FinTechs to allow these
parties to develop new services around the banks’ digital banking services. These third-party partners
normally pay a fee to the bank to gain access to its API (Dolan 2019).

Banking-as-a-Platform (BaaP)
Banking-as-a-platform (BaaP) is where banks integrate services from other FinTechs to change the
banks’ existing offerings. In the BaaP model, the customers belong to the bank and the bank integrates
functionalities and services from FinTechs and non-bank partners. For example, a bank might integrate
a third-party robo-advisor or chatbot into its banking app. Banks utilise the BaaP approach to retain
customers who might be tempted to move to FinTechs that offer more personalised products.

Trust
Essentially, trust means believing that someone (or something) is inherently good and honest, and also safe
and reliable (Cambridge Dictionary 2020). Trust is an important competitive advantage in the increasingly
data-driven banking industry (McIntyre 2019).
Trust will determine the level of blended and augmented relationships between consumers and banking
institutions, along with the overall dynamics of banking ecosystems. The interoperability, transferability
and sharing of data will enable new forms of trust, which will not be solely based on long-lasting principles,
but on consent. Consumers’ consent will not be ongoing and permission to use data will not be permanent.
Banking institutions will have to constantly and continuously ‘verify’ the level of trust. This will occur
not by being self-contained providers, but by keeping their promise to deliver on personalised customer
experiences. Trust could become portable and may depend on the most optimal insights generated by the
usage and control of data sharing. Banking providers should not view consumer trust as a taken-for-granted
proprietary asset.
Pdf_Folio:146

146 Digital Finance

Next Steps
Banking is the core financial services function to be ‘hit’ by the FinTech wave, and as a result, is
already experiencing core changes across its entire value chain. This digital transformation has also
enabled changes at the organisational, cultural, political, policy, regulatory and societal level. It has
sparked discussions about ethics, responsibility, accountability, decentralisation, disintermediation and
talent among others.
From a decision-making point of view, it is vital for every banking organisation not only to be aware of
these changes and trends but to be an active curator. More collaboration and synchronisation are expected
among the many players within the banking ecosystem, in order to leverage the untapped potential of data
and provide a seamless, frictionless and innovative experience to customers.
The open banking regime is expected to drive a new era of interconnected and interoperable banking,
giving a new ‘push’ to financial data and shifting the mindset from ‘data-as-an-ownership’ to ‘data-as-a-
service’ and ‘data-as-a-value’. It will encourage banks to adopt a PaaS business model, becoming a hub
for innovation, and promoting interconnectivity for various ecosystem stakeholders. Accredited third-party
organisations will be able to build new financial products and services, and offer them directly through their
own online platforms rather than having a banking site act as a broker or host.
Not all technological underpinnings have reached maturity and many of the applications we have
discussed are still in a proof-of-concept phase. New banking business models should not focus just on
customer experience and design of new products or services. The focus should primarily be in the design
and development of secure, inclusive, trustworthy, transparent and accountable systems of data integrity
and analytics that can support the creation of novel and innovative products, services and processes.
Technology is not a panacea, but rather the enabler that spurs disruptive transformation and heralds the
new era of banking, with or without banks.

QUESTION 2.15

Discuss how RegTech can be used to make financial regulation relevant for FinTech companies.

SUMMARY
The banking industry is undergoing unprecedented change. Banks are seeking to leverage their data to
better understand their customers, and thus provide a personalised banking experience. New technologies
increasingly enable data-driven approaches to create innovative business models and services.
Regulators have introduced a number of changes to support innovation in the banking industry, including
the promotion of open banking and the creation of regulatory sandboxes to support the development
and testing of innovative services (and enable regulators to learn about them). RegTech aims to make
regulatory monitoring, reporting and compliance data driven, with a focus on stakeholders, competition
and opportunity rather than risk and problem solving.
Banks are responding to FinTech by digitally transforming their core offerings; creating new distribution
channels by providing third parties with access to data and services; embedding services into third-party
customer experiences; developing and launching co-branded products and services; and launching new
ventures based on new business models.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

2.1 Evaluate the effectiveness of digital currency and payments in meeting the organisation’s
objectives.
• Banks are responding to financial technology by transforming their offerings and adopting data-
driven business models and services, resulting in increasingly integrated and personalised cus-
tomer experiences, including in the payments space. Businesses shifting towards digital payments
experience reduced payment processing times, more efficient approvals, better access to data and
a range of other benefits.
Pdf_Folio:147

MODULE 2 Future of Money 147

 • Changes in the banking system brought about by FinTech are prompting a regulator response that
further enables innovative financial services, including those around digital currency and payments.

CASE STUDY

Little Phil
Problems and Opportunities
Charities generate nearly AUD1 trillion of donations worldwide per year, with the funds used to support
nominated causes and to administer the charity. Despite the size of the charitable-giving sector, a number
of problems inhibit people from giving, and reduce the impact of funds that are donated. These issues
include the following.
• Expensive intermediary costs. Third-party fundraisers, international money transfers and internal charity
staffing costs can take up the majority of funds raised by a charity. For example, third parties can charge
large up-front fees for securing donations and marketing. These fees can sometimes exceed 80c for
every dollar donated. Therefore, the funds actually reaching the recipients intended by the donor are far
short of funds original given. The use of traditional fundraising tactics (cold calling, door knocking and
street canvassing) may create an aversion to giving. As a consequence of poor fundraising practices,
the public is losing trust in charities, and fewer people are donating.
• Outdated fundraising methods. Traditional fundraising methods do not appeal to Millennials, leading
to a generation gap in giving. Donors are demanding transparency and accountability from charities,
wanting to see the direct impact of their donation. They think, ‘If technology can track an Uber, your
post or a pizza, why can’t donations be tracked?’
• Lack of transparency. With limited exceptions, donors cannot see how and where their donation is being
distributed; that is, the impact of their giving.
• Exploitation by recipients. Many charities do not have the ability to validate beneficiaries’ access to
support from other charities, leading to inefficiencies and undermining the impact of donations by
denying other recipients who have a genuine need. There is no system of data sharing among charities
to validate beneficiaries who may register with multiple charities.
Approach
Little Phil, short for Little Philanthropist, intends to apply a combination of blockchain technology,
cryptocurrency, digital payments and software applications (collectively ‘the Little Phil Platform’) to:
• decrease fundraising and operational costs so more funds are distributed to the cause
• improve transparency, accountability and control over how donors’ funds are used
• provide evidence of the direct impact of donations.
Little Phil conceptualises the problems and the solution as shown in figure 2.13.

FIGURE 2.13 Improving charity

Current problem Little Phil solution

Charity Book supplier
Middleman Locked by
delivers
smart contract

Giver Charity Giver Receiver

Can only give money Give money or items Unlocks payment
(like school books)

Reward tokens Giver notified

Receiver?
Blockchain updated

Source: Little Phil ICO White Paper, p. 9.

A user case scenario for the Little Phil Platform, involving the donation of funds as part of a charity
campaign, is set out in the steps below. The platform can also be used to make direct donations to

148 Digital Finance

 charities or donations to suppliers to provide goods and/or services to recipients. In these other user
case scenarios, the charity and supplier would have their own digital wallet for holding cryptocurrency.
• Step 1: Charities, donors and recipients register with the Little Phil platform. Recipients are validated
using a unique digital identity (UDID), an electronic identity solution.
• Step 2: Charity campaigns are displayed on the Little Phil mobile app.
• Step 3: The app user (donor) selects a charity campaign and makes a donation in a fiat currency or a
cryptocurrency (e.g. Ethereum or Bitcoin). Little Phil initially charges 6 per cent per transaction, payable
in Little Phil Coin (LPC), with the intention that this rate will decline as the volume of donations increases.
• Step 4: The donation is held in escrow (or locked) by a smart contract.
• Step 5: Once the recipient is validated using UDID and the campaign total is achieved (if applicable),
the smart contract is unlocked, and the Little Phil platform purchases the equivalent donation value of
LPC from a digital currency exchange.
• Step 6: The LPC is distributed to the recipient’s wallet, who can then convert the LPC into their fiat
currency (or another cryptocurrency).
As the Little Phil Platform operates on a blockchain, all transactions and costs will be visible. For
example, the user can track the flow of funds from the initial giving, to the holding of funds in a smart
contract, to the ultimate receipt, and in certain cases the actual spending.
Development
The Little Phil Platform will be built on the Ethereum Blockchain, an immutable ledger that records
transactions involving cryptocurrencies, such as LPC, and smart contracts. This blockchain technology
will also be available for use by charities to develop their own platform, known as a white-label solution,
in which Little Phil will charge a usage fee. As such, charities can elect to join the Little Phil Platform or
develop their own platform using Little Phil’s blockchain technology.
Smart Contracts
The Little Phil platform will use two smart contracts, categorised by Little Phil as ‘proof of need’ and ‘proof
of impact’.
• Proof of need. Before a receiver can be listed on the platform, a UDID is created using biometric data
(e.g. facial recognition). When a charity sets up a profile for a recipient, the UDID chain of users is
searched for a matching UDID to prevent duplication of donations and minimise fraud. Further, any
donations to the receiver are associated with their UDID and recorded on the ledger. Charities can use
this information to decide whether to distribute donations to a recipient.
• Proof of impact. The smart contract holds payments in escrow, until validation is provided by the receiver
using their UDID.
Little Phil Coin
LPC uses the ERC-20 Ethereum token standard. LPC, like other popular tokens such as Tether (a type of
stablecoin), uses the existing infrastructure of the ERC-20 tokens to create its token. Tokens must have a
specific utility. LPC will be primarily used for:
• speedy, low-cost transfers of donations to the digital wallet of the charity, supplier or direct recipient
(as the case may be)
• tracking transactions
• giving credits that can be purchased by businesses, brands or individuals
• rewards and incentives for donors (reward tokens); for example, each time someone gives on the Little
Phil platform, a portion of the amount is returned to the donor’s account, which can be used for future
giving or future use for an emergency relief fund
• an emergency relief fund which is comprised of reward tokens, enabling funds to be mobilised quickly
in response to a disaster
• the platform fee.
Outcomes
Little Phil initially focused on the development of LPC and the smart contracts, which necessitated the
integration of KYC/AML processes to comply with Commonwealth legislation. More recently, research
and development has taken place on the UDID functionality and further building out the software for the
platform. Little Phil has also built a fully functioning iOS native application (Little Phil – Good Moments
available now in the App store) and a cross platform web-application (www.littlephil.org). A number of
charities have been onboarded to the Little Phil Platform, which at this stage is limited to fiat currency
transactions.
Little Phil conducted an ICO of LPC tokens in late 2018. The ICO took place during the ‘Crypto Winter’
(mid 2018 – mid 2020). Many projects, with intentions of using ICO funds to build a platform or a business,
failed. Little Phil has also drawn on traditional capital raising methods and government incentives to
continue its development of the infrastructure which will support the integration of the LPC token and
the blockchain technology (e.g. the KYC/AML system for identification).

Pdf_Folio:149

MODULE 2 Future of Money 149

 Next Steps
The next steps for Little Phil include:
• the development of an employee and customer crediting system for giving. Rather than the charity as a
client, a business is the client with its customers and/or employees being gifted giving credits that they
can then give to a cause or charity of their choosing
• the continued development of LPC as a stablecoin (LPC–USD; LPC–AUD) to minimise the fluctuation
of the token price compared to the amount donated
• the finalisation of partnerships with other blockchain projects that are aligned to Little Phil’s social impact
mission. A percentage of proceeds from the blockchain project go to causes and charities on the Little
Phil platform
• finalising and expanding the key areas of use of LPC including:
– giving credits for employee giving, customer giving and promotions
– rewards and incentives for users of Little Phil (e.g. earn for giving, sharing, inviting friends to give)
– rewards and incentives for charities to join and use Little Phil (e.g. register your charity, launch a
campaign, share it to your network and earn 1000 LPC)
– use with other crypto and blockchain company partnerships
– track giving on the blockchain
– exploring a direct to beneficiary giving solution; that is, the methods for sending donations directly
to a beneficiary who does not have a bank account.
Source: Developed from information in the Little Phil ICO Whitepaper, http://ico.littlephil.org/assets/whitepaper/little-phil
-whitepaper.pdf?v=1.1; and pers. comm. with Joshua Murchie, co-founder of Little Phil.

Pdf_Folio:150

150 Digital Finance

REVIEW
The future of money is being shaped by various interconnected forces. All are related to the near-real time
and low-cost capture and exchange of data between individuals and organisations.
Digital payments technologies within the formal financial system enable businesses to create seamless
customer experiences, where payment is convenient, fast and secure. By integrating payments technologies
with mobile devices, consumers and businesses are increasingly empowered to transact from almost
anywhere, whether in person or remotely. Digital payments also enable rich data to be captured with each
transaction, which in turn provides the business with further information to better personalise and improve
the service it delivers to customers.
A strong theme in innovations around money is the prospect of achieving more efficient, lower cost
and private transactions by shifting to a model of decentralised finance, in which technology replaces the
role of central trusted authorities (e.g. banks) and other intermediaries. This would be achieved by enabling
peer-to-peer transactions via technology platforms. Blockchain is currently seen as the technology with the
most potential to achieve this, as it can verify transactions and create an immutable record on a transparent
ledger without involving a central authority. In doing so, blockchain-based cryptocurrencies overcome
many of the weaknesses of other digital currencies. Blockchain also lends itself to applications that could
benefit from a shared, secure and transparent ledger. At present, cryptocurrencies are largely unregulated
and are not widely adopted. Nevertheless, government, business and individuals are engaging with the
potential applications of blockchain and cryptocurrencies.
The ability to create digital platforms has given rise to new alternative finance options. These platforms
facilitate relationships between parties seeking debt or equity finance and parties seeking to lend or invest.
They hence bring the parties together without the intermediary role played by financial institutions in
traditional financing. This enables both parties to exercise more direct control over the source and use
of their funds. SMEs and start-ups, in particular, have benefited from the ability to raise capital from
alternative sources.
These factors are all contributing to substantial changes in the banking industry, with financial services
no longer necessarily centred around banks. As financial technology companies have introduced innovative
services and technology companies have begun to diversify into the finance market, traditional services
providers have sought to use digital technologies to improve their products, to integrate with third parties
to access new markets and to create new business models. The regulation of banking is slowly responding
to better enable innovation in the sector while maintaining consumer protection.
An understanding of the benefits, costs and risks associated with new and emerging technologies
in payments and funding (along with changes in the nature of the financial system itself) enables an
accounting and finance professional to evaluate their role in solving an organisation’s problems and
meeting its objectives. Based on this evaluation, the professional can promote and support the use of
appropriate innovations by their organisation or clients.

REFERENCES
Accenture 2017a, ‘2017 Financial Services Global Distribution & Marketing Consumer Study’, https://financialservicesblog.
accenture.com/series/2017-financial-services-global-distribution-marketing-consumer-study.
Accenture 2017b, ‘Driving future of payments: 10 mega trends’. Accenture, https://www.accenture.com/au-en/insight-banking-
future-payments-ten-trends.
Ahlers, GKC, et al. 2015, ‘Signaling in equity crowdfunding’, Entrepreneurship Theory and Practice, vol. 39, no. 4,
pp. 955–80.
Alderman, L 2020, ‘Our cash-free future is getting closer’, New York Times, 6 July, accessed July 2020, https://www.nytimes.com/
2020/07/06/business/cashless-transactions.html.
Antonopoulos, AM & Wood, G 2019, Mastering Ethereum: Building Smart Contracts and DApps, O’Reilly Media.
Anwar, H 2018, ‘The ultimate comparison of different types of distributed ledgers: Blockchain vs Hashgraph vs Dag vs
Holochain’, 24 December, accessed June 2020, https://101blockchains.com/blockchain-vs-hashgraph-vs-dag-vs-holochain/#
prettyPhoto.
Artzt, M & Richter, T 2020, Handbook of Blockchain Law: A Guide to Understanding and Resolving the Legal Challenges of
Blockchain Technology, Wolters Kluwer.
ASIC n.d., ‘Cryptocurrencies and ICOs’, Moneysmart.gov.au, accessed July 2020, https://moneysmart.gov.au/investment-
warnings/cryptocurrencies-and-icos.
Assenmacher, K & Krogstrup, S 2018, Monetary policy with negative interest rates, International Monetary Fund,
Washington, DC.
Pdf_Folio:151

MODULE 2 Future of Money 151

AusPayNet 2018, ‘Towards an internet of payments — Global platforms redefining the payments landscape’. Australian Payments
Network, https://www.auspaynet.com.au/sites/default/files/2019-02/Towards_an_Internet_of_Payments_Dec_2018_
Whitepaper.pdf.
Avi 2019, https://news.bitcoin.com/survey-blockchain-was-most-overrated-buzzword-of-2018/, 18 February, BBC, accessed July
2020, https://www.bbc.com/news/technology-47130268.
Bachmann, A, Becker, A, Buerckner, D, Hilker, M, Kock, F, Lehmann, M, Tiburtius, P & Funk, B 2011, ‘Online peer-to-peer
lending — A literature review’, Journal of Internet Banking and Commerce, vol. 16.
Bank for International Settlements 2016, ‘Payment aspects of financial inclusion’, https://www.bis.org/cpmi/publ/d144.pdf.
BBC 2019, ‘Child abuse images hidden in crypto-currency blockchain’, 6 February, accessed 13 June, https://www.bbc.com/news/
technology-47130268.
BBC 2020, ‘Facebook launches WhatsApp digital payment service’, 2020, BBC News, 16 June, https://www.bbc.com/news/
business-53059913.
Belleflamme, P and Lambert, T 2014, ‘Crowdfunding: Some empirical findings and microeconomic underpinnings’, SSRN
Electronic Journal.
Belleflamme, P, Lambert, T & Schwienbacher, A 2014, ‘Crowdfunding: Tapping the right crowd’, Journal of Business Venturing,
vol. 29, no. 5, pp. 585–609.
Bellens, J & Meekings, K 2020, ‘How banks can stay relevant as customer preferences change’, EY, 10 February, https://www.ey.
com/en_au/banking-new-decade/how-banks-can-stay-relevant-as-customer-preferences-change
BIDITEX Exchange 2019, ‘The risks of cryptocurrency: The dangers of investing in crypto’, Medium, 7 August, https://medium.
com/swlh/the-risks-of-cryptocurrency-the-dangers-of-investing-in-crypto-406fad8307e5.
Bigmore, R 2018, ‘Cryptocurrencies: A timeline’, The Telegraph, 18 May, https://www.telegraph.co.uk/technology/digital-money/
the-history-of-cryptocurrency.
Binance Academy n.d., ‘What are nodes?’, accessed July 2020, https://academy.binance.com/blockchain/what-are-nodes.
Bloom, LB 2020, ‘You won’t believe how many airlines haven’t survived coronavirus. How does it affect you?’, Forbes, 27 June,
accessed July 2020, https://www.forbes.com/sites/laurabegleybloom/2020/06/27/airlines-coronavirus-travel-bankruptcy/.
Bordo, M & Levin, A 2017, Central bank digital currency and the future of monetary policy, Cambridge, MA.
Bradbury, D 2020, ‘What are altcoins?’ The Balance, 29 June, https://www.thebalance.com/altcoins-a-basic-guide-391206.
Burchardi, K, Mikhalev, I & Kok, SA 2020 ‘Get ready for the future of money’, BCG, 12 May https://www.bcg.com/
publications/2020/get-ready-for-the-future-of-money
Business Wire 2018, ‘AlipayHK and GCash launch cross-border remittance service powered by Alipay’s blockchain technology’,
Business Wire, 25 June, https://www.businesswire.com/news/home/20180625005561/en/AlipayHK-GCash-Launch-Cross-
Border-Remittance-Service-Powered.
Buterin, V 2015, ‘On public and private blockchains’, 7 August, accessed June 2020, https://blog.ethereum.org/2015/08/07/on-
public-and-private-blockchains/.
Caddy, J, Delaney, L, Fisher, C & Noone, C 2020, ‘Consumer payment behaviour in Australia’, Reserve Bank of Australia,
https://www.rba.gov.au/publications/bulletin/2020/mar/consumer-payment-behaviour-in-australia.html.
Calvery, JS 2013, Statement of Jennifer Shasky Calvery, Director Financial Crimes Enforcement Network United States
Department of the Treasury, accessed July 2020, https://www.fincen.gov/sites/default/files/2016-08/20131119.pdf.
Chaikin, D 2013, ‘The rise of virtual currencies, tax evasion and money laundering’, Journal of Financial Crime, vol. 20, no. 4.
Chen, L & Wu, H 2009, ‘The influence of virtual money to real currency: a case-based study’, 2009 International Symposium on
Information Engineering and Electronic Commerce, Ternopil, Ukraine, 16–17 May: IEEE, pp. 686–90.
Chen, Y 2018, ‘Blockchain tokens and the potential democratization of entrepreneurship and innovation’, Business Horizons, vol.
61, no. 4, pp. 567–75.
Chu, Y, Ream, J & Schatsky, D 2016, ‘Getting smart about smart contracts’, accessed June 2020, https://www2.deloitte.com/us/en/
pages/finance/articles/cfo-insights-getting-smart-contracts.html.
Clark, S 2020, KBC rolls out support for wearable payments, NFCW, 30 June, https://www.nfcw.com/2020/06/30/366903/kbc-
rolls-out-support-for-wearable-payments/.
Comm, J 2019, ‘The 3 biggest cryptocurrency risks you need to consider’, Inc.Com, 2 February, https://www.inc.com/joel-comm/
3-dangers-that-could-hit-bitcoin-in-2019.html.
Commercial Capital n.d., ‘Factoring invoices: Pros and cons’, accessed July 2020, https://www.comcapfactoring.com/blog/
invoice-factoring-advantages-disadvantages/.
Commercial Finance Network2020, ‘Balance sheet lending — everything you need to know’, 7 February, accessed July 2020,
https://www.uk-commercialfinance.co.uk/balance-sheet-lending/.
Corporate Finance Institute n.d., ‘What is peer-to-peer (P2P) lending?’, accessed July 2020, https://corporatefinanceinstitute.com/
resources/knowledge/finance/peer-to-peer-lending/.
Crypto News Australia 2020, ‘Who accepts bitcoin as payment in Australia?’, https://cryptonews.com.au/guides/who-accepts-
bitcoin-as-payment-in-australia.
Dab, S, Poddar, B, Dye, T & Trina, F 2017, ‘How banks can thrive as digital payments grow’, Boston Consulting Group,
https://www.bcg.com/en-au/publications/2017/banks-thrive-digital-payments-grow.aspx.
Dallerup, K, et al. 2020, ‘Customer preferences spur retail banking channel evolution’, McKinsey and Company, https://www.
mckinsey.com/industries/financial-services/our-insights/banking-matters/customer-preferences-spur-retail-banking-channel-
evolution#.
Deloitte 2018, ‘SME digital payments: New opportunities to optimise’, The Paytech Revolution Series, Deloitte, https://b2bpay.
com.au/wp-content/uploads/2018/03/Deloitte_Payments-Landscape-Report-2018.pdf.
Derwin, J 2020, ‘Buy now, pay later companies are completely unregulated and it’s leaving Australians vulnerable, Splitit CEO
Brad Paterson argues’, Business Insider Australia, 21 February, https://www.businessinsider.com.au/buy-now-pay-later-
regulation-australia-splitit-2020-2.

Pdf_Folio:152

152 Digital Finance

Disparte, DA 2018, ‘Beware of crypto risks — 10 risks to watch’, Forbes, 21 July, https://www.forbes.com/sites/dantedisparte/
2018/07/21/beware-of-crypto-risks-10-risks-to-watch/.
Divine, J 2020, ‘Bitcoin (BTC) vs. Ethereum (ETH): Which is a better buy?’ US News & World Report, 24 January,
https://money.usnews.com/investing/cryptocurrency/articles/bitcoin-vs-ethereum-which-is-a-better-buy.
Dolan, S 2019, 21 August, ‘How banking-as-a-service (BaaS) works and industry outlook for 2020’, Business Insider,
https://www.businessinsider.com/banking-as-a-service-industry.
Dorfleitner, G, Rad, J &Weber, M 2017, ‘Pricing in the online invoice trading market: first empirical evidence’, Economics Letters,
vol. 161, pp. 56–61.
Dziuba, DT 2018, ‘Crowdfunding platforms in invoice trading as alternative financial markets’, Roczniki Kolegium Analiz
Ekonomicznych/Szkoła Główna Handlowa, vol. 49, pp. 455–64.
Efrima, A 2019, ‘Five predictions for the future of blockchain and cryptocurrency’, Forbes, 13 June, https://www.forbes.com/sites/
forbestechcouncil/2019/06/13/five-predictions-for-the-future-of-blockchain-and-cryptocurrency/.
Euromonitor 2019, Fintech in Asia Pacific: Digital payment platforms, Euromonitor International, p. 42.
European Central Bank 2012, ‘Electronic money’, accessed June 2020, https://www.ecb.europa.eu/stats/money_credit_banking/
electronic_money/html/index.en.html.
European Commission n.d., ‘E-money’, accessded June2020, https://ec.europa.eu/info/business-economy-euro/banking-and-
finance/consumer-finance-and-payments/payment-services/e-money_en.
Eyers, J 2020, ‘Six-month delay to buy now, pay later code of conduct’, Australian Financial Review, 18 May, https://www.afr.
com/companies/financial-services/six-month-delay-to-buy-now-pay-later-code-of-conduct-20200518-p54two.
Fatehi, S & Wagner, MR 2019, ‘Crowdfunding via revenue-sharing contracts’, Manufacturing & Service Operations Management,
vol. 21, no. 4, pp. 875–93.
Fernández-Villaverde, J, Sanches, D, Schilling, L & Uhlig, H 2020, ‘Central bank digital currency: Central banking for all?’,
No. w26753, National Bureau of Economic Research.
Fitzgerald, E & Rush, A 2020, ‘Two years of fast payments in Australia’, Reserve Bank of Australia, https://www.rba.gov.au/
publications/bulletin/2020/mar/two-years-of-fast-payments-in-australia.html.
Flinders, K 2020, ‘BNP Paribas uses biometrics to increase contactless payment limit’, ComputerWeekly.Com, 30 June,
https://www.computerweekly.com/news/252485402/BNP-Paribas-uses-biometrics-to-increase-contactless-payment-limit.
France-Presse, A 2019, ‘Smile-to-pay: Chinese shoppers turn to facial payment technology’, The Guardian, 4 September, https://
www.theguardian.com/world/2019/sep/04/smile-to-pay-chinese-shoppers-turn-to-facial-payment-technology.
Genter, JT 2020, ‘What happens to your miles when an airline declares bankruptcy’, Forbes 15 May, accessed July 2020: https://
www.forbes.com/sites/advisor/2020/05/15/what-happens-to-your-miles-when-an-airline-declares-bankruptcy/#3233687f2a16.
Gibbs, S 2018, ‘Child abuse imagery found within Bitcoin’s blockchain’, The Guardian, 20 March, accessed June 2020,
https://www.theguardian.com/technology/2018/mar/20/child-abuse-imagery-bitcoin-blockchain-illegal-content.
Goldberg, D 2005 ‘Famous myths of “fiat money”’, Journal of Money, Credit and Banking, vol. 37, no. 5, pp. 957–67.
Gorton, GB & Souleles, NS 2007, ’Special purpose vehicles and securitization’, The risks of financial institutions, pp. 549–602,
National Bureau of Economic Research, Inc., accessed April 2021, https://ideas.repec.org/h/nbr/nberch/9619.html.
Government of Singapore 2018, ‘Risks of cryptocurrencies, initial coin offerings and other digital tokens’, MoneySense, 29
October, https://www.moneysense.gov.sg/articles/2018/10/risks-of-cryptocurrencies-initial-coin-offerings-and-other-
digital-tokens.
Graham, B 2015, ‘The future of biometrics in payments’, Finance Digest Magazine, https://www.financedigest.com/the-future-of-
biometrics-in-payments.html.
Grigg, I 2015, ‘On the intersection of Ricardian and smart contracts’, accessed June 2020, https://iang.org/papers/intersection_
ricardian_smart.html.
Grym, A et al. 2017, ‘Central bank digital currency’, Bank of Finland Economics Review, vol. 5.
Guo, Y & Barnes, SJ 2012, ‘Explaining purchasing behavior within World of Warcraft’, Journal of Computer Information
Systems, vol. 52, no. 3, pp. 18–30.
Hamza, H & Jedidia, KB 2020, ‘Central bank digital currency and financial stability in a dual banking system’, in Impact of
Financial Technology (FinTech) on Islamic Finance and Financial Stability, IGI Global, pp. 233–52.
Heuzeroth, T 2010, Warum keiner mehr ‘Second Life’ haben möchte, 11 June. accessed June 2020, https://www.welt.de/
wirtschaft/article7999480/Warum-keiner-mehr-Second-Life-haben-moechte.html.
Hinchliffe, R 2019, ‘Barclays launches accessory shop for Pingit customers’, FinTech Futures, 21 August, https://www.
fintechfutures.com/2019/08/barclays-launches-accessory-shop-for-pingit-customers/.
Hyman, M 2015, ‘Bitcoin ATM: A criminal’s laundromat for cleaning money’, St. Thomas Law Review, vol. 27, p. 296.
IBM 2020, ‘IBM Food Trust: A new era for the world’s food supply’, accessed June 2020, https://www.ibm.com/blockchain/
solutions/food-trust.
Jayachandran, P 2017, ‘The difference between public and private blockchain’, 31 May, accessed June 2020, https://www.ibm.
com/blogs/blockchain/2017/05/the-difference-between-public-and-private-blockchain/.
Jenik, I, Lyman, T & Nava, A 2017, ‘Crowdfunding and Financial Inclusion’, CGAP (Consultative Group to Assist the Poor)
working paper.
Jimenez, C 2007, ‘The high cost of playing Warcraft’, BBC, 24 September, accessed June 2020, http://news.bbc.co.uk/2/hi/technol
ogy/7007026.stm.
Kale, S 2020, “You can’t pay cash here”: How our newly cashless society harms the most vulnerable’, The Guardian, 24 June,
https://www.theguardian.com/money/2020/jun/24/you-cant-pay-cash-here-how-cashless-society-harms-most-vulnerable.
Kelso, CE 2018, ‘Japan banking giant Mitsubishi goes crypto with own coin’, Bitcoin News, 18 May, https://news.bitcoin.com/
japan-banking-giant-mitsubishi-goes-crypto-with-own-coin/.
Kiyotaki, N & Wright, R 1991, ‘A contribution to the pure theory of money’, Journal of Economic Theory, vol. 53, no. 2,
pp. 215–35.
Krueger, M 2000, ‘E-money regulation in the EU’, Journal of the European Communities, vol/ 27, no. 2.
Pdf_Folio:153

MODULE 2 Future of Money 153

Leff, G 2018, ‘Here’s why frequent flyer programs devalue their currency’, View From The Wing, 27 October, accessed July 2020,
https://viewfromthewing.com/heres-why-frequent-flyer-programs-devalue-their-currency-2/.
Lending Works n.d., ‘Peer-to-peer lending: Advantages and disadvantages for loan customers’, accessed July 2020, https://www.
lendingworks.co.uk/finance-guides/p2p-lending/peer-to-peer-lending-advantages-disadvantages-borrowers.
Levi, SD & Lipton, AB 2018, ‘An introduction to smart contracts and their potential and inherent limitations’, 26 May, accessed
June 2020, https://corpgov.law.harvard.edu/2018/05/26/an-introduction-to-smart-contracts-and-their-potential-and-inherent-
limitations/#3.
Linden Lab 2017, ‘Second Life terms and conditions’, 31 July, accessed July 2020, https://www.lindenlab.com/legal/second-life-
terms-and-conditions.
Lowies, B, Viljoen, C & McGreal, S 2017, ‘Investor perspectives on property crowdfunding: Evidence from Australia’, Journal of
Financial Management of Property and Construction, vol. 22, no. 3, pp. 303–21.
Mansueto Ventures n.d., ‘Ant Financial: Most innovative company’, Fast Company, accessed 11 August, https://www.
fastcompany.com/company/ant-financial.
McIntyre, A 2019, ‘People trust banks, but banks need to continue to earn that trust’, Forbes, 25 March, https://www.forbes.com/
sites/alanmcintyre/2019/03/25/people-trust-banks-but-banks-need-to-continue-to-earn-that-trust/.
Mearian, L 2019, ‘Why hybrid blockchains will dominate ecommerce’, Computer World, 5 September, accessed June 2020,
https://www.computerworld.com/article/3435770/why-hybrid-blockchains-will-dominate-ecommerce.html.
Medium 2019, ‘Decentralized finance vs. traditional finance: What you need to know’, Medium, 19 September, accessed June
2020, https://medium.com/stably-blog/decentralized-finance-vs-traditional-finance-what-you-need-to-know-3b57aed7a0c2.
Meola, A 2020, ‘Distributed ledger technology & the blockchain explained’, Business Insider, 16 January, accessed June 2020,
https://www.businessinsider.com/distributed-ledger-technology-blockchain?r=DE&IR=T.
Mester, LJ, et al. 2000, ‘The changing nature of the payments system: should new players mean new rules?’ Business Review, Mar,
pp. 3–26.
Metcalfe, W 2020 ‘Ethereum, smart contracts, DApps’, in Yano, M et al. (eds), Blockchain and Cryptocurrency (Economics, Law,
and Institutions in Asia Pacific), Springer Singapore, pp. 77–93.
Mullan, PC 2016, A History of Digital Currency in the United States, Palgrave Macmillan US, New York.
Muzzy, E 2020, ‘What is Ethereum 2.0?’, Consensys, 12 May, accessed June 2020, https://consensys.net/blog/blockchain-
explained/what-is-ethereum-2/.
Norwich University n.d., ‘Pros and cons of peer-to-peer lending for a small business’, accessed July 2020, https://online.norwich.
edu/academic-programs/masters/business-administration/resources/infographics/pros-and-cons-of-peer-to-peer-lending-for-a-
small-business.
NSW Department of Industry2016, ‘Regulatory sandboxes’, [Text], Innovation NSW, https://www.innovation.nsw.gov.au/
regulatorysandboxes
Nuttall, C 2006, ‘Second Life’s first millionaire’, FT, 28 November, accessed June 2020, https://www.ft.com/content/af06673b-
b071-3123-8887-b073108d50bc.
O’Roarty, B et al. 2016, ‘Real estate crowdfunding: gimmick or game changer’, Investment Property Forum, p. 27.
Orcutt, M 2019, ‘Will people ditch cash for cryptocurrency? Japan is about to find out’, MIT Technology Review, 22 January,
https://www.technologyreview.com/2019/01/22/1467/will-people-ditch-cash-for-cryptocurrency-japan-is-about-to-find-out/.
Panos, GA & Wilson, JOS 2020, ‘Financial literacy and responsible finance in the FinTech era: Capabilities and challenges’, The
European Journal of Finance, vol. 26, no. 4–5, pp. 297–301.
Paulet, E 2018, ‘Banking liquidity regulation: impact on their business model and on entrepreneurial finance in Europe’, Strategic
Change, vol. 27, no. 4, pp. 339–50.
Poon, L 2020, ‘Coronavirus hastens the rise of the cashless economy’, Bloomberg, 14 July, accessed July 2020, https://www.
bloomberg.com/news/articles/2020-07-14/the-costs-of-an-increasingly-cashless-economy.
Prensky, M 2001, ‘Digital natives, digital immigrants Part 1’, On the Horizon, vol. 9, no. 5, pp. 1–6.
PwC 2016a, ‘Escaping the commodity trap: The future of banking in Australia’, PwC, https://www.pwc.com.au/pdf/pwc-report-fut
ure-of-banking-in-australia.pdf.
PwC 2016b, ‘Future of payments in Australia: The future of transaction banking and payments in 2020’, PwC.
RBA n.d., ‘Cryptocurrencies (Australia)’, Reserve Bank of Australia, accessed July 2020, https://www.rba.gov.au/education/
resources/explainers/cryptocurrencies.html.
Reiff, N 2020, ‘What Are the Advantages of Paying With Bitcoin?’ Investopedia, https://www.investopedia.com/ask/answers/
100314/what-are-advantages-paying-bitcoin.asp.
Relihan, T 2018, ‘Will regulating big tech stifle innovation?’, MIT Sloan School of Management, https://mitsloan.mit.edu/ideas-
made-to-matter/will-regulating-big-tech-stifle-innovation.
Reynolds, J 2018, ‘Invoice factoring and invoice financing pros and cons you need to know’, Fund Box, 9 October, accessed July
2020, https://fundbox.com/blog/invoice-factoring-and-invoice-financing-pros-and-cons-you-need-to-know/.
Riemer, K, Hafermalz, E, Roosen, A, Boussand, N, El Aoufi, H, Mo, D & Kosheliev, A 2017, ‘The fintech advantage: Harnessing
digital technology, keeping the customer in focus’ Technical Report, University of Sydney, Business School and Capgemini.
https://ses.library.usyd.edu.au/handle/2123/16259.
Rosen, E 2019, ‘It’s time to ditch U.S. frequent-flyer programs for international ones’, Bloomberg, 9 April, accessed July 2020,
https://www.bloomberg.com/news/articles/2019-04-09/it-s-time-to-ditch-u-s-frequent-flyer-programs-for-international-ones.
Rossi, A & Vismara, S 2018, ‘What do crowdfunding platforms do? A comparison between investment-based platforms in
Europe’, Eurasian Business Review, vol. 8, no. 1, pp. 93–118.
Rowan, P et al. 2019, ‘Regulating alternative finance: Results from a global regulatory survey’, The World Bank Group.
Rowland, M 2017, ‘Banking and the battle for customers’, KPMG, https://home.kpmg/au/en/home/insights/2017/12/banking-
battle-for-customers.html.
Rush, A & Louw, R 2018, ‘The New Payments Platform and Fast Settlement Service (Australia)’, Reserve Bank of Australia,
https://www.rba.gov.au/publications/bulletin/2018/sep/the-new-payments-platform-and-fast-settlement-service.html.
Pdf_Folio:154

154 Digital Finance

Russey, C 2018, ‘KBC Bank invites 1000 people to test new wearable payments solution (world)’ Wearable Technologies, 20
November, https://www.wearable-technologies.com/2018/11/kbc-bank-invites-1000-people-to-test-new-wearable-payments-
solution/.
Rymaszewski, M 2007, Second Life: The Official Guide, John Wiley & Sons.
Salampasis, D, Pickering, M & Klaußer, V 2020, ‘Blockchain-enabled entrepreneurial financial funding and investments: the new
era of initial coin offerings’, in M Ahmed (ed.), Blockchain in Data Analytics, Cambridge Scholars Publishing, Newcastle upon
Tyne, p. 145.
Schoenberg, S 2019, ‘How the ECB would handle a crisis’, The International Economy, vol. 33, no. 1, p. 5.
Schueffel, P 2017, The concise Fintech compendium, School of Management Fribourg , accessed April 2021, www.researchgate.
net/publication/322819310_The_Concise_Fintech_Compendium.
Segendorf, B 2014b ‘What is Bitcoin?’ Sveriges riksbank economic review, p. 2.
Selgin, G 2015, ‘Synthetic commodity money’, Journal of Financial Stability, vol. 17, pp. 92–9.
Serrano-Cinca, C & Gutiérrez-Nieto, B 2016, ‘The use of profit scoring as an alternative to credit scoring systems in peer-to-peer
(P2P) lending’, Decision Support Systems, vol. 89, pp. 113–22.
Seth, S 2019, ‘What Is Monero (XMR) Cryptocurrency?’ Investopedia, https://www.investopedia.com/tech/introduction-
monero-xmr/.
Shevlin, R 2020, ‘The 5 hottest technologies in banking for 2020’, Forbes, 3 February, https://www.forbes.com/sites/ronshevlin/
2020/02/03/the-5-hottest-technologies-in-banking-for-2020/.
Siering, LM & Otto, TC 2020, ‘Regulatory sandboxes’, Lexology, 5 February, https://www.lexology.com/library/detail.aspx?g=
419b7b84-bde0-4c29-bb63-41df2aa3d0b1.
Simser, J 2015, ‘Bitcoin and modern alchemy: in code we trust’, Journal of Financial Crime, vol. 22, no. 2, pp. 156–69.
Singh, N 2019, ‘Introduction to permissioned blockchains’, 101Blockchains, 2 June, accessed June 2020, https://101blockchains.
com/permissioned-blockchain/.
Singh, N 2020, ‘Permissioned vs permissionless blockchains’, 101Blockchains, 28 May, accessed June 2020, https://
101blockchains.com/permissioned-vs-permissionless-blockchains/.
Son, H 2019, ‘JP Morgan is rolling out the first US bank-backed cryptocurrency to transform payments business’, CNBC, 14
February, https://www.cnbc.com/2019/02/13/jp-morgan-is-rolling-out-the-first-us-bank-backed-cryptocurrency-to-
transform-payments--.html.
Staff of Global Legal Research Directorate2018, ‘Regulation of cryptocurrency around the world’, The Law Library of Congress,
https://www.loc.gov/law/help/cryptocurrency/world-survey.php#_ftn120.
Stevens, S, et al. 2019, ‘Crowdfunding: Guidance for Australian legal practitioners’, Law Council, Canberra, Australia, accessed
August 2020, https://www.lawcouncil.asn.au/publicassets/4ef19895-b922-ea11-9403-005056be13b5/Crowdfunding%
20Guidance%20Note%20Final.pdf.
Sunyaev, A 2020, ‘Distributed ledger technology’, in Sunyaev, A (ed.), Internet Computing, Cham: Springer International
Publishing, pp. 265–99.
Surowiecki, J 2013, ‘Why did criminals trust Liberty Reserve’, The New Yorker.
Swammy, S. Thompson, R & Loh, M 2018, ‘History of money’, in Swammy, S, Thompson, R & Loh, M (eds.) Crypto Uncovered.
Cham: Springer International Publishing, pp. 1–16.
Tar, A 2018, ‘Proof-of-work, explained’, Coin Telegraph, 17 January, accessed June 2020, https://cointelegraph.com/explained/
proof-of-work-explained.
Teng, B 2015, ‘Invoice trading 101 for SMEs’, accessed August 2020, https://www.slideshare.net/nalinee_c1/invoice-interchange-
introduction-to-invoicetrading.
The Treasury 2020, ‘Regulatory sandbox to boost Fintech innovation and competition in the financial system’, Australian
Government, media release, 28 May, https://ministers.treasury.gov.au/ministers/jane-hume-2019/media-releases/regulatory
-sandbox-boost-fintech-innovation-and-competition.
Thompson, J, Boschmans, K & Pissareva, L 2018, OECD SME and Entrepreneurship Papers, accessed June 2020, https://www.
oecd-ilibrary.org/docserver/dbdda9b6-en.pdf?expires=1593515323&id=id&accname=guest&checksum=EAE87E5518E3AF4B
638C3C6606BF180A.
Trautman, L 2013, ‘Virtual currencies: Bitcoin & what now after Liberty Reserve, Silk Road, and Mt. Gox’, Richmond Journal of
Law and Technology, vol. 20, p. 1.
Ueda, S 2019, ‘MUFG digital currency finds second life as mobile payment’, Nikkei Asian Review, 5 December, https://asia.nikkei.
com/Business/Finance/MUFG-digital-currency-finds-second-life-as-mobile-payment.
United Nations Conference on Trade and Development ‘World Investment Report 2014: Investing in the SDGs: An Action Plan’,
UNCTAD, 5, p. 2015.
Vallée, B & Zeng, Y 2019, ‘Marketplace lending: A new banking paradigm?’ The Review of Financial Studies, vol. 32, no. 5,
pp. 1939–82.
Vandezande, N 2017, ‘Virtual currencies under EU anti-money laundering law’, Computer Law & Security Review, vol. 33, no. 3,
pp. 341–53.
Vasin, P 2014, ‘Blackcoin’s Proof-of-Stake Protocol v2’, https://blackcoin.co/blackcoin-pos-protocol-v2-whitepaper.pdf, p. 71.
Velde, FR & Weber, WE 2010, ‘Commodity money’, in SN Durlauf & LE Blume (eds.), Monetary Economics, Palgrave
Macmillan UK, London, pp. 27–33.
Visa Inc. n.d., ‘Visa contactless payments’, accessed June 2020, https://www.visa.com.au/pay-with-visa/contactless-payments/cont
actless-payments.html.
Walker, J, Pekmezovic, A & Walker, G (eds.) 2019, Sustainable Development Goals: Harnessing Business to Achieve the SDGs
Through Finance, Technology and Law Reform, Chichester, West Sussex, United Kingdom: Wiley.
Wood, P & Morris, M 2020, ‘The world’s most cashless country has a warning for Australia’, ABC News Breakfast, 9 June,
https://www.abc.net.au/news/2020-06-09/australia-can-learn-from-swedens-move-to-a-cashless-society/12282764.

Pdf_Folio:155

MODULE 2 Future of Money 155

WRCB 2020, ‘Who accepts bitcoin in 2020? 10 major companies, 1 February, https://www.wrcbtv.com/story/41640735/who-
accepts-bitcoin-in-2020-10-major-companies.
Yellin, T, Aratari, D & Pagliery, J 2013, ‘What is bitcoin?’ CNNMoney, https://money.cnn.com/infographic/technology/what-is-
bitcoin/index.html.
Ziegler, T et al. 2020, ‘The global alternative finance market benchmarking report: Trends, opportunities and challenges for
lending, equity, and non-investment alternative finance models’, Cambridge Centre for Alternative Finance.
Zilavy, T 2018, ‘What is a hybrid blockchain and why you need to know about it?’, Medium, 19 October, accessed June 2020,
https://medium.com/the-capital/what-is-a-hybrid-blockchain-and-why-you-need-to-know-about-it-c7b887d2bae.

Pdf_Folio:156

156 Digital Finance

MODULE 3

TECHNOLOGY AND ITS

USE IN FINANCE
LEARNING OBJECTIVES

After completing this module, you should be able to:

3.1 select appropriate digital tools, using accounting and finance knowledge, that provide innovative solutions
to complex business problems
3.2 evaluate the impact of innovative technologies on the work of accounting and finance professionals to
communicate the benefits and risks to key stakeholders in the organisation
3.3 appraise the suitability of technology in creating efficiencies and solving complex business problems.

PREVIEW
Modules 1 and 2 explored how the near-real time and free flow of data in the global network of
interconnected devices, systems, individuals and organisations has shaped a digital finance ecosystem
that redefines how value is created, delivered and consumed. Data is at the core of almost every business
process, every transaction and every service experience. In this module, we will explore the use of digital
tools that apply data in a wide range of business processes to achieve efficiencies and create value. These
tools have extensive ‘back-office’ and ‘customer-facing’ applications — and many of them increasingly
integrate across the entire business.
Part A explores the concept of automation — the use of technology to replace human labour to achieve
efficiencies and enable the deployment of human resources to focus on higher value work. A balanced
scorecard is explained as a framework in which to evaluate the potential and performance of automation
technologies in achieving the business’s objectives.
Part B of the module focuses on robotic process automation, which is the use of technology to replace
human labour in simple rules-based tasks, often those involving the processing of data. This type of
automation essentially mimics the steps that a human worker performs, but many times faster and without
quality variation.
Part C of the module explores artificial intelligence (AI) — a collection of technologies that exhibit
capabilities normally associated with human intelligence. AI technologies can work with data in sophis-
ticated ways and has many applications in generating business insights, improving customer experience,
automating processes and helping team members work more effectively.
Part D of the module explores a specific type of AI called machine learning (ML) that is able to interact
with data in even more sophisticated ways.
With the benefits, costs, risks and potential applications of these digital tools established throughout
the module, Part E of the module concludes with a discussion of how to select and implement the most
appropriate digital tools to solve business problems and help achieve the business’s objectives.

Pdf_Folio:157
PART A: AUTOMATION
INTRODUCTION
Automation enables more efficient use of resources. It is one of the key technologies underpinning
digital transformation and all of the digital tools we will discuss in this module have some application
in automation.
In this part, we introduce the foundational concepts of automation. We will describe what automation
is and how it works and explore the value and benefits that automation of business processes can provide
to consumers, employees and organisations.
We discuss how to match automation capabilities to business goals using a balanced scorecard, and how
to develop an effective automation strategy and implementation plan.

3.1 THE BASICS OF AUTOMATION

Automation can be defined as the application of technology to achieve outcomes with minimal human
input. In the past, when people spoke of automation they were typically referring to industrial automation,
such as the introduction of robots to factory assembly lines. Today, automation more often refers to the use
of computers and software to undertake business or personal tasks that would otherwise need to be done
by human workers.
The purposes of using automation technologies include to:
• reduce operating costs
• enhance productivity and efficiency
• enable high resource availability
• ensure high process reliability
• improve staff performance.

KEY AUTOMATION TECHNOLOGIES

Automation in accounting and finance can draw on a range of technologies of varying sophistication, each
suited to particular applications. Each technology has associated benefits, costs and risks. In this section
we will briefly introduce three technologies that can be applied in automation: robotic process technology,
AI and a specific type of AI called machine learning. Often the best solution for a particular business
problem will combine more than one of these technologies.
Regardless of the combination of technologies used, a successful automation strategy depends on a
robust data strategy. We will describe a few basic data concepts below. Module 4 will examine the
development and content of a data strategy in detail (and particularly for analytics applications).

Data in Automation
Data is used both for analysis and to exchange information between different processes and systems.
Historically, digital systems could only work with highly structured data. Today, technology can work
with data from almost any source and in a wide variety of formats.
It is useful to think of data in terms of its structure.
• Structured data adheres to a pre-defined model, which makes it straightforward to analyse. In a
database, it conforms to a tabular format with a clear relationship between the rows and columns (in the
same manner as a spreadsheet). For example, in a database, a column might be defined ‘SupplierABN’
and the data in that column in each record would be the supplier’s 11-digit Australian Business Number.
• Semi-structured data does not conform to a tabular format like structured data, but does contain tags,
markers or metadata that facilitate processing. For example, an ABN would be enclosed in tags such as
‘<ABN>…</ABN>’. Examples of semi-structured data include JSON and XML formatted documents.
Another example is the inclusion of date and geolocation information in a photo file taken with a
camera phone.
• Unstructured data does not conform to a predefined structure and is not organised in a predictable
manner. Unstructured data makes sense to humans, but is difficult for traditional software algorithms to
process. Common examples of unstructured data include legal documents, audio or video, social media
posts or movie reviews.
Pdf_Folio:158

158 Digital Finance

 The more structure data has, the easier it is for computers to store and process. However, structure
often comes at the cost of richness of meaning. Consider, for example, the difference between looking
at a photo and reading a list of key words that describe the photo. Sophisticated computer systems are
increasingly able to store and analyse data despite a lack of structure. This has opened up new opportunities
for organisations to derive value from the data they collect. We will examine the key digital tools used in
automation next.

Automation Technologies
Desktop automation (e.g. Excel macros and auto-emailers) has been in use for many years to handle simple
data and tasks. While automation is useful in managing basic tasks, such as copying and pasting data, it can
also undertake much more complex tasks such as evaluating customer reactions to marketing campaigns
and adjusting outputs accordingly. To achieve these various results, different technologies are required.
These include:
• robotic process automation (RPA)
• artificial intelligence (AI)
• machine learning (ML), which is a particular type of AI.
Note that AI and ML also have numerous other applications and can be used to generate a range of
benefits for the organisation beyond just the efficiencies created from automating business activities. By
understanding the potential applications, benefits, challenges and risks of each technology, it becomes
possible to identify potential solutions to complex business problems and to evaluate how various digital
tools could be chosen, adopted and applied to create value for the organisation.
We will briefly introduce each of these three technologies below. They are discussed in detail in later
parts of the module.
Robotic Process Automation
Robotic process automation (RPA) refers to software robots (bots) that automate simple to medium-
complexity tasks and processes by applying a set of rules known as an algorithm. In essence, RPA bots
interact with other software to perform tasks in the same way a human user would, but much more quickly
and without variations in quality. RPA relies on pre-defined business rules, which means it works well with
structured data, but is unable to handle unstructured data. Examples of RPA software include Blue Prism,
Automation Anywhere and UiPath solutions.
An email bot is an example of an RPA application. An email bot can examine an incoming email’s
sender details, subject line and attachments, and take appropriate action, such as quarantining virus-
infected emails (through the use of simple algorithms that track known threat patterns or search for
obvious suspicious criteria), downloading attachments for an invoice processing application to work on,
or connecting the email to a bill processing system. Another example, new hire onboarding, is outlined in
example 3.1.

EXAMPLE 3.1

An Onboarding Bot
Onboarding refers to the process of bringing a new hire into the organisation. When a new colleague joins
the team, they need a new user account, an email address and phone number, and IT equipment and
systems access specific to their role. In many organisations, this process would involve manual processing
by team members across the organisation, including at least the new hire’s manager, IT staff and HR staff
who are likely to exchange paperwork or emails to organise and coordinate the onboarding process.
As much of the onboarding process involves repetitive and formulaic tasks, it is a good candidate for
RPA. An RPA onboarding bot would begin work when an HR officer enters the new hire’s details into the
organisation’s employee records system. Based on the new hire’s role, the bot could follow a rule-guided
process to, for example, automatically:
• create a user account in the organisation’s IT systems
• assign credentials
• create an email address based on the hire’s name
• allocate a phone number or update the office phone directory based on the hire’s location
• send a request to IT to install a desktop computer or provide a laptop with the relevant software installed
• send a request to the office services team to provide an access card to the building
• send a welcome pack with relevant information and documents to the hire’s new email address.

Pdf_Folio:159

MODULE 3 Technology and its use in Finance 159

 This streamlines the whole process, drawing data from multiple systems as required and reducing
manual processing by staff, freeing them to conduct more strategically important activities for the
organisation, including handling the more ‘human’ aspects of bringing a new hire into an organisation.

While RPA bots largely replicate what a human software user would do, they can perform the tasks far
more quickly, 24 hours a day, 365 days a year without making errors. This can deliver substantial benefits
to the organisation. For example, Australian Unity, a mutual health and wealth company with more than
one million customers, introduced an RPA solution to extract and review data from government forms.
The project eliminated 22 493 hours of manual work, freeing up skilled labour to focus on higher value
tasks (UiPath n.d.).
.......................................................................................................................................................................................
CONSIDER THIS
What aspects of your work could be handed off to RPA bots? How would you add value to the organisation with the
time this would free up in your day?

Artificial Intelligence
Artificial intelligence (AI) describes a machine that uses algorithms to simulate human intelligence. It is
more sophisticated than RPA in that it is not restricted to applying predefined rules to predefined inputs.
AI is an umbrella term — it includes any technology intended to model human intelligence, for example:
• ML — a type of AI that can train and improve algorithms based upon historical experience
• deep learning — a type of ML that mimics the neural networks in human brains to work with complex
interactions and relationships between data.
The relationship between these three technologies is illustrated in figure 3.1.

FIGURE 3.1 Relationship between AI, ML and deep learning

Artificial
intelligence

Machine
learning

Deep
learning

Source: Diagram adapted from Serokell 2020.

AI also includes a range of other specific technologies. For example, natural language processing
(NLP) is a type of AI that applies computational linguistic techniques to text to enable a machine to
communicate with a human through natural language.
AI is valuable for:
• adding intelligence to process automation, thus creating intelligent automation
• processing and analysing unstructured data to derive insights
• enabling interaction between machines and humans, particularly customers and employees.
Apple’s Siri, Google Assistant, Amazon’s Alexa and Microsoft’s Cortana are examples of consumer-
focused AI. They can understand human verbal requests and respond. They can control a smart device,
undertake helpful activities such as listing or dictating messages, searching the web, and making useful
suggestions. An application in identify verification is described in example 3.2.

Pdf_Folio:160

160 Digital Finance

 EXAMPLE 3.2

Passport Validation
Tens of thousands of people enter Australia from abroad every day. Australia invests significant resources
to prevent criminal entry into the country and ensure national security. The Australian Border Force uses
AI technology to calculate the risk each traveller presents in terms of criminality and national security. The
traveller’s biometric characteristics such as facial features, iris and fingerprints are collected unobtrusively
by AI technology before departure and on arrival into Australia through an airport. In near-real time, this
information is matched against existing data to confirm the person’s identity and visa or residency status.
Human personnel are alerted when a potential issue is identified.

.......................................................................................................................................................................................
CONSIDER THIS
What aspects of your work could benefit from AI technology? Try to think of at least one example for each of intelligent
automation, analysis of data, and machine–human interaction.

Machine Learning
Machine learning (ML) is a specific type of AI. In ML, the machine is able to learn from data to develop
its own algorithms and thus make predictions. The volume of data ML can analyse and the speed with
which it can explore complex relationships between data enable it to far exceed humans’ ability to analyse
data. There are many different methods within ML. We will explore some of these later in the module.
An example application of ML is in fraud detection when dealing with credit card and online banking
transactions. In this application, the ML platform processes vast amounts of financial data generated
by the usage pattern of each account holder in order to develop a fraud detection model. Each future
transaction can then be examined using this model to distinguish between legitimate behaviour and
fraudulent behaviour, and thus generate an alert in relation to fraudulent transactions or even block the
transaction. This application thus combines elements of analytics and automation. An ML application that
combines analytics, automation and machine–human interaction is described in example 3.3.

EXAMPLE 3.3

Sales Optimisation
Sales and marketing campaigns have traditionally viewed the target market as a whole or divided into a
few target segments. The business treats each customer within a particular segment the same way.
Some businesses are seeking a competitive edge by personalising sales and marketing to individual
customers. This is made possible by ML. ML can analyse customer data to predict their interests and
needs. This provides the organisation with information to better understand their customers. Moreover,
ML can personalise marketing and sales information for each customer, thus automating both the analysis
and the action taken. ML can use the same data to analyse customer feedback, forecast sales and
predict customer churn.

ML-assisted invoice management can handle accounts payable/receivable processing for a large number
of clients. These solutions can alert sales teams in advance about specific deals, or about customers that
are at risk of defaulting. ML can also be used to help companies detect vulnerabilities to cyber attacks or
to data privacy breaches. ML-based email scanners can be implemented to reduce spam phishing emails
reaching human employees, thus, reducing the risk of these emails being inadvertently actioned.
.......................................................................................................................................................................................
CONSIDER THIS
Suggest at least two ways your business or a client’s business could use ML to analyse data to discover insights and
automatically act on those insights.

It should be evident from the examples above that AI and ML are not merely automation technologies;
rather they support a wider range of digital tools that have broader applications across analytics, decision-
making and customer experience. We will look at some of these applications in more detail in later sections
in this module.
Pdf_Folio:161

MODULE 3 Technology and its use in Finance 161

COMBINING TECHNOLOGIES
In practice, the accounting and finance professional should develop an awareness of the capabilities of
different automation technologies so they can identify when they may be of value to the organisation to
solve specific problems or create efficiencies. The potential application, benefits, challenges and risks can
then be communicated to stakeholders. An automation solution can then be developed and evaluated as
part of a broader digital strategy.
Depending on the nature and resources of the organisation, multiple automation technologies may be
used. For example, AI and ML can be integrated with RPA to create intelligently automated processes.
Intelligent automation continues to rapidly evolve and is becoming a core component of many businesses,
as it provides opportunities for optimisation across many different tasks and functions. With intelligent
automation, finance professionals can not only provide real-time insights into the current status of the
business, but also look into the future and proactively steer the business.
A combination of RPA and AI (including ML and NLP) creates intelligent process automation that
extends RPA capabilities to handle unstructured data and complex processes. It is thus able to automate
larger portions of an enterprise’s workflow.
Cognitive automation, on the other hand, develops new insights through data discovery that combines
internal and external data and then uses those insights in autonomous decision-making. Cognitive
automation can engage intelligently with customers or employees.
Example 3.4 examines the how an automation application was improved with additional technologies
to create more value for the organisation.

EXAMPLE 3.4

Evolving Automation
An organisation operating in the Australian property industry explored the potential to automate aspects
of its business. This led to the adoption of an RPA solution from service provider UiPath to automate tasks
within its accounts payable processes.
One formerly manual task being handled by the RPA bot was matching invoices with the associated
purchase order and receiving document to ensure the invoice details were genuine before authorising and
making payment. If the bot identified missing information or a discrepancy between the three documents,
it held the invoice back from the payment process and generated an alert for a team member to investigate.
Automation of this matching process led to significant efficiencies. However, the RPA bot required
structured invoice data, so members of the accounts payable team were spending significant amounts
of time examining invoices, identifying the relevant information and manually keying the data into the
organisation’s enterprise resource planning system (ERP). Besides the time involved, the keying of data
introduced a new error point.
Looking to eliminate the risk of errors and free team members from laborious data entry, the organisation
sought to improve the capabilities of its automation solution. The enhanced solution would need to be
able to identify incoming invoices, automatically extract the relevant information and enter it as structured
data into the enterprise resource planning system.
The solution the organisation adopted involved adding intelligent content management technology
into the accounts payable process. A document capture and optical character recognition solution from
ABBYY was implemented to automatically pick up an invoice as comes into the organisation, regardless
of how it arrives or what format it is in, extract the invoice data and deliver that data to the RPA bot
(Rapidmation 2021).
This intelligent process automation solution eliminated manual data entry. The enhanced solution was
more efficient, reduced errors, reduced fraudulent invoices and required team members only to investigate
alerts generated by the system and provide final approval for payment of certain invoices, enabling them
to focus on higher value work.

.......................................................................................................................................................................................
CONSIDER THIS
Does manual data entry consume resources in your business or a client’s business? Could a solution like the one
described in example 3.4 add value to the organisation and, if so, how?

QUESTION 3.1

Discuss how AI and ML can be used to enhance RPA.

Pdf_Folio:162

162 Digital Finance

3.2 THE VALUE OF AUTOMATION
Organisations throughout the world are investing in automation to generate a variety of benefits. In fact,
automation is expected to replace up to 140 million work functions worldwide by 2025. This section firstly
examines the types of tasks automation can do. The section then describes the use of a balanced scorecard
as a framework to evaluate the performance of automation against a business’s objectives.
In general, automation can deliver the following.
• Efficient processes. Processes are improved by replacing human labour in time-consuming and low-
value tasks, and automating transactional work.
• New ways to do business. Automation can create new channels to market and more opportunities to
improve customer experiences. Businesses may use automation as a way to compete with other providers
in the market that are using cutting-edge technology.
• More satisfied and engaged customers. Advanced analytics help businesses discover what their cus-
tomers value, and predictive decision-making helps them meet customer needs.
• Improved employee morale and engagement. Rebalancing employees’ workloads away from repetitive
tasks and towards more value-added activities improves morale and engagement, which can in turn
provide businesses with better innovation and competitive differentiation.

USING INTELLIGENT AUTOMATION FOR VISUAL, LINGUISTIC

AND PREDICTION TASKS
To conceptualise where intelligent automation could benefit a business, it is helpful to consider three
categories of tasks: visual tasks, linguistic tasks and prediction tasks. We’ll explore each of these below.
Some of these applications will be more relevant than others to specific types of business activity.

Visual Tasks
Unstructured data contains a wealth of information. Historically, though, it has been difficult or impossible
for computers to work with unstructured data. AI, including ML and deep learning, can interpret
unstructured data and create useful output as a result. Below, we will discuss tasks that AI can perform on
visual data.
Facial Recognition
Many technologies now recognise facial features (human or otherwise) in photos, pictures and videos.
They then interpret the characteristics to provide useful information. For example, this functionality can
be used by:
• social media platforms to identify people so they can be tagged in photos
• retailers to determine how happy a customer is during, or following, an interaction in store
• security services to identify particular persons of interest.
Item Recognition
‘Smart’ cameras can identify objects. For example, in the retail environment smart cameras can identify
stock items, visual merchandising assets and so on. This enables use cases such as instant inventory
checks to ensure an appropriate level of stock is on hand in any given area, and visual merchandising
checks to ensure optimal use of shelves and displays. Convenience store chain Amazon Go uses item
recognition technology to register when items are being taken off (or returned to) shelves, and to track
them in ‘virtual trolleys’ (Cheng 2019). Customers can simply take what they like, pay automatically
from their Amazon accounts and walk out of the store. The conventional check-out process is redundant,
improving the customer experience and saving the store costs in labour and stock losses (theft).
Traffic Flow
Some software platforms monitor and analyse the flow of traffic, whether vehicular traffic on roads
or shopper traffic in a mall or store. This enables designers, engineers and store managers to optimise
flow. For example, the insights gained can be used by retail managers to arrange displays and stock to
facilitate better customer search patterns. Shopping centres can provide facilities such as extra seating in
heavily trafficked areas, and optimise rental income by charging more for store locations that have more
customers walking past their doors.

Pdf_Folio:163

MODULE 3 Technology and its use in Finance 163

Data Visualisation
As discussed in module 1, our highly digital world generates vast volumes of real-time data. In its raw
form, this data is difficult to understand. Even when summarised as numbers or words on a page, it can be
difficult to gain insight into what the data means. Moreover, waiting for a report to be prepared introduces
delays. AI technologies can now process large amounts of data and produce visual representations of what
the data means, to support quick interpretation and use of that data. The automatic generation of real-time
visualisations enables real-time management.
Graphic and Web Design
Certain graphic design tasks require human artistic endeavour, and professional skills that may not be
easily automated. However, AI technologies can take the information on a page and automatically make it
more visually appealing, and/or suggest how the user could make improvements themselves.
Adobe’s Sensei can automate image pattern identification functions such as editing, patching and
reinventing a specific image. For example, ‘sky replacement’ technology can generate an artificial
background for photographs (Fisher 2020). A website builder that incorporates AI technologies can use
client feedback to design custom-tailored websites attuned to the client’s business needs.

Linguistic Tasks
Linguistic tasks involve language-related functions (e.g. interpreting text or understanding the intent in
voice-based searches).
Content Categorisation
Content categorisation is the automatic understanding and interpretation of large volumes of text to identify
themes, duplication or repetition, important content and so on. It can be used to analyse customer reviews
(e.g. positive, negative or neutral), gain new ideas for promotional campaigns, or identify new business
opportunities. It can also consolidate key reports into short, more usable pieces for reporting or planning,
or to complete competitor research or general market research.
Contextual Extraction
Context data are relevant facts about an environment. For a business organisation, this can include
data from customer interactions, social media, weather, news, data from Internet of Things devices and
location data.
Contextual extraction is the mining and processing of relevant information, in a structured manner, from
a broad range of sources. This can play a similar role to the content categorisation function, but there is a
greater sense of focus and relevance in what it picks up and highlights.
For example, Apple’s Siri and Google Assistant provide suggestions based on previous user behaviour,
while smartphones provide inclement weather warnings based on the user’s location. For a business,
seasonal weather patterns could affect sales in certain places, particularly in areas subject to extreme
weather, and this information may be crucial for planning. A company may obtain real-time contextual
data to learn about customers in these areas who may need different products or services at these times,
and the business can respond accordingly to provide better experiences.
Document Summarisation
Document summarisation involves automatically providing summaries of large bodies of text to highlight
the most important points. It can be used for a variety of research functions as well as performance analysis
and reporting. Apple’s Siri is able to fulfil this function.
Speech-to-Text and Text-to-Speech Conversion
Speech-to-text and text-to-speech conversion enables businesses to offer their customers greater con-
venience in performing certain tasks and/or enjoying certain product features. This technology enables
chatbots and voice-based assistants like Alexa and Siri.
Chatbots and Voice-Based Assistants
Chatbots and voice-based assistants enable humans to interact with machines in more human-like ways. A
chatbot is a text-based version of this functionality. Chatbots are often used to improve customer service
and experience across most components of the buying cycle. In the United States, Taco Bell’s chatbot
takes customer orders (Heilpern 2016), while Virgin America’s chatbot enables customers to search and
book flights. Many organisations now support customers on their websites to more easily and effectively
complete tasks with the help of a chatbot, rather than needing to call for support.
Pdf_Folio:164

164 Digital Finance

 Siri, Alexa and Google Assistant are voice-based assistants that perform tasks in response to a user’s
spoken instructions. Voice-based assistants enable many opportunities in marketing, and create enormous
improvements in accessibility and convenience of certain business functions. For example, customers can
order a pizza from their couch through a voice-based assistant, seek information from search engines and
make calendar appointments.
Machine Translation
Machine translation is the functionality of converting text or speech from one language into another.
This function is used in multinational businesses to support better in-house communications, to create
smooth and more compelling customer experiences with businesses that have international customers, and
to enable businesses to use knowledge from international publications (that could otherwise have been
missed opportunities).
Vocal Biomarkers
Technologies can analyse and interpret, in real time, customers’ moods and emotions in certain situations,
based on what they say and how they say it. This allows, in particular, phone-based sales and customer
service staff to make real-time adjustments to maximise their outcomes. It also empowers managers and
leaders to analyse and interpret historical records to enable improved outcomes in future.
Pepper, manufactured by SoftBank Robotics in Japan, is able to react to humans’ emotional states. If, for
example, Pepper detects disappointment in a customer’s voice, it will respond with an apology (SoftBank
Robotics n.d.).
Emotion Analytics
Like vocal biomarkers, AI technologies can interpret what is said, and how it is said, to add extra levels
of detail and information to any chat situation. This function enables enhanced customer experience
through analytics on chat functions or websites. This, in turn, enables an appropriate response by company
representatives. It also enables additional depth of features and value in existing functionalities of certain
products, such as interpreting how stressed or overwhelmed a staff member may be, based on emails they
may be sending.

Prediction Tasks
The visual and linguistic tasks described above involve analysing data and automatically acting on the
basis of that analysis. Prediction tasks go a step further and provide recommendations or automatically
take action based on what the AI predicts will happen in the future. As with the other task categories, AI-
powered prediction enables businesses to be more effective and efficient in their regular activities, while
also generating a greater customer experience.
Recommendation Engines
AI, particularly deep learning, enables organisations to predict what their customers may benefit from and
be looking for. This empowers the organisation to suggest a product, service or experience to a customer
before they ask for it. It may be the next song to listen to, movie to watch, item to purchase, person to
connect with, or research term to consider. For example, Netflix, Spotify, LinkedIn and Google all feature
a recommendation engine.
This functionality allows businesses to offer greater customer value and greater customer experience,
boosting sales and customer satisfaction.
Behaviour Prediction
AI can examine customer and market data to predict the products that customers are likely to purchase
based on other purchases they’ve made and/or actions they’ve taken. Marketers can then design and
optimise campaigns in real time to foster the best possible results. On the flip side, businesses can also
identify ‘at risk’ customers who are unlikely to make a purchase or are unlikely to be a return customer —
and invest in new tactics to address the situation.
In terms of security-related functions, certain technology use cases identify fraud by comparing new
data and behaviour against data, and behaviour from previous instances.
Intelligent Predictive Analytics
Predictive analytics uses historical data to predict potential future scenarios. AI is able to greatly enhance
predictive analytics capabilities by dealing with greater volumes and variety of data.
In healthcare, this functionality can be used to identify patients’ potential health risks based on different
types of diagnostic test results. In retail, it can help to optimise promotional campaign design and customer
Pdf_Folio:165

MODULE 3 Technology and its use in Finance 165

 journey design for the greatest sales outcomes. In enterprise resource planning, it is used for human
resource planning, process design and development, and activity planning which is then optimised in
real time.
.......................................................................................................................................................................................
CONSIDER THIS
Reflect on your own organisation or a client’s organisation and identify where intelligent automation could be of value
in visual, linguistic and prediction tasks.

QUESTION 3.2

Differentiate visual tasks, linguistic tasks and prediction tasks, providing an example of each.

USING A BALANCED SCORECARD TO EVALUATE

AUTOMATION AND COMMUNICATE ITS BENEFITS
From the discussion above, it is clear that automation offers businesses many financial and non-financial
benefits. A balanced scorecard is a strategic and operational planning and management tool that we can
use as framework in which to identify and assess these benefits, thus, providing a way to evaluate both
the potential applications of automation and the performance of solutions against specific objectives once
implemented.
The balanced scorecard presented here has six categories of organisational resources and objectives that
are of varying importance to different stakeholders:
1. customer advocacy
2. productivity
3. people
4. flexibility
5. scalability
6. controls.
By focusing attention on these and developing specific performance measures for each category, the
balanced scorecard helps plan and manage automation to deliver valuable outcomes for all stakeholders.
It also helps communicate those benefits to stakeholders. A range of potential benefits are described for
each sector of the balanced scorecard in figure 3.2.

How to Use the Balanced Scorecard

The six categories in this balanced scorecard apply to any industry and represent factors important
to stakeholders and aligned with business goals. Figure 3.2 has provided some sample benefits for
consideration, but the priorities will vary from one organisation to another depending on the organisation
and its stakeholders. Consultation and analysis will enable organisation-specific priorities to be developed
for each category and thus an organisation-specific balanced scorecard to be created.
When discussing automated solutions with stakeholders, questions and discussion should be targeted to
determine which factors best match each stakeholder’s needs and expectations.
The sectors of the balanced scorecard also form a framework for educating stakeholders about all
benefits of automation for themselves, other stakeholders and the organisation as a whole.
.......................................................................................................................................................................................
CONSIDER THIS
You are a stakeholder in your organisation or your client’s organisation. Which categories of the balanced scorecard
are most relevant to you? What benefits would you be seeking?

QUESTION 3.3

Explain how the balanced scorecard can be used to identify and assess the benefits of automation.

Pdf_Folio:166

166 Digital Finance

 FIGURE 3.2 A balanced scorecard for automation

Customer Benefits of leveraging automation

advocacy • Improve customer response time by reducing cycle time.
• Reduce wait time via available processing capabilities.
• Reduce errors and rework that impacts on the customer.

Benefits of leveraging automation

Productivity
• Reduce the annual cost of human resources.
• Be right the first time with consistent execution of
processes and reduce costs associated with rework.
• Increase the volume of work which can be performed over
a given period.

People Benefits of leveraging automation

• Automate manual transactional activities.
• Assist employees to provide improved advice and
recommendations.
• Free up employees to perform more value-added activities.

Flexibility
Benefits of leveraging automation
• Ensure processing is not restricted to normal hours
of operation.
• Have the capacity to be switched off or redistributed.

Scalability Benefits of leveraging automation

• Rapidly scale the process to increase customer or
transactional volume at peak times, such as during
marketing campaigns for a product or service.
• Be scaled at a low cost to meet business demand.

Controls
Benefits of leveraging automation
• Improve audit and risk management.
• Provide improved control of the risk framework.

Source: CPA Australia 2021.

3.3 PLANNING FOR SUCCESS

Careful planning and application of automation to a well-designed process will create efficiency, but
automation applied to a clumsy process will at best fail to create efficiencies and at worst magnify
existing problems.
Once automation has been identified as a potential solution to a business problem, it is important to
consider factors that will influence or determine the success of implementation. Detailed planning is
required. We will examine planning in more detail in part E of the module, after we have explored a
wider range of technologies and applications, along with their potential benefits and risks. To help build
Pdf_Folio:167

MODULE 3 Technology and its use in Finance 167

a comprehensive understanding, the following factors are worth keeping in mind as we work through the
remaining sections.
• Analysis of root causes. Understand a problem’s underlying root causes to streamline the process, as
well as any hurdles for automation.
• Plan for the journey. Automation takes time. Choose the processes you want to automate and allocate
time to prepare the data, systems and human resources.
• Standardisation. Establish standards of common elements and features in the process.
• Optimisation. Design the process to optimise the interaction between human and automation machine.
• Prepare the environment. Configure existing technologies to be ready to interact with the automation of
the process.
• Prepare the data. If data is unstructured, different automation tools will need to be applied. This will
impact on how long it takes to achieve the business’s goals and may increase the costs of delivery.
• Use tools that are fit for purpose. Know which technologies will be used and how they will solve
the business’s problems. Consider using other tools combined with automation technology to deliver a
better result.
• Implementation. Implement automation tools to replace manual activities.
• Obtain the expertise. The more complex the business process and range of automation technologies
needed, the more specialist skills will be required. Support from specialist automation services
companies may be a good option if the required skills or capacity are not available in-house.
• Post-implementation review. Monitor the results and prepare for any adjustment required to meet the
objectives set.

BUILDING AN EFFECTIVE AUTOMATION STRATEGY

A simple guiding principle for building an automation strategy is:
Automate things that computers do better than humans.
Empower humans to do what they are better at.
An effective automation strategy will be built around the strategic goals of the organisation. There are,
however, five common areas that every organisation needs to consider when developing an automation
strategy. Automation requires:
1. data of sufficient quality
2. automation technologies such as RPA or various types of AI, and appropriate algorithms to perform
the work
3. infrastructure to support the data and automation technologies
4. commitment, cooperation and coordination across the organisation to improve processes
5. skills to plan and implement automation, and to work differently in the transformed organisation.

Data
Sufficient quality of data is a key component of a successful automation strategy. The type and quality
of data the organisation currently collects or can access needs to be assessed to determine whether it will
effectively support the intended automation applications. If the organisation does not currently have the
appropriate data, it needs to find a way to collect or organise access to it as a prerequisite for continuing
with an automation strategy. It may need to adopt further processes to prepare the data for use. In
addition, automation delivers the most benefits when systems are integrated. Work may need to be done
to ensure data is consistent and shared appropriately across the organisation. These issues should inform
development of a data strategy or review and revision of the existing data strategy.

Technologies and Algorithms

The organisation’s intended use cases will determine which algorithms must be created to perform the
work and hence which technologies will be required. The selection of technologies needs to consider
the benefits, costs and risks involved. For example, RPA solutions can be relatively easily acquired and
implemented. Team members can often work directly with the RPA platform to create the algorithms by
which the bots will work. On the other hand, advanced ML applications may require specialist consultants
or staff, new infrastructure and a considerable investment of time to achieve the intended benefits.
It is the algorithms that leverage data and infrastructure to create business value. Hence, algorithms,
whether simple RPA scripts or the basis of complicated ML models, determine the outcome of automation.
The quality of algorithm is therefore crucial, and algorithms can form part of an organisation’s
Pdf_Folio:168

168 Digital Finance

competitive advantage. On the other hand, many algorithms are open source and benefit from ongoing
crowdsourced improvements.
Throughout the rest of this module we will examine benefits, challenges and risks of each technology
to enable an informed evaluation and selection of appropriate technologies as part of the overall
digital strategy.

Infrastructure
Automation technologies and the data they rely on require appropriate computing power for storage,
access and processing. The initial and ongoing costs of this infrastructure need to be considered when
developing the automation strategy. An organisation should consider the data storage and processing
solutions available to determine whether the best solution is on- or off-site (the latter may be a cloud-
based solution) or a combination of both. Relevant issues to consider include costs, the availability of
expertise, how cybersecurity risks will be managed and how robust data governance will be achieved.

Organisation
The benefits of automation will not be realised unless the organisation is adequately prepared. Automation
provides the highest ROI and the most benefits for all stakeholders when it is coordinated across multiple
areas of the organisation. Teams need to be willing and able to interact with each other.
Existing processes need to be sufficiently streamlined and robust for the application of automation to
them. Automation applied to an inefficient process will not correct the inefficiencies. Processes should be
optimised before being automated.

Skills
As in all business endeavours, an organisation’s people will have a substantial effect on the success of
automation implementation. Organisations can upskill existing staff members who already have knowledge
of the business’s unique needs, bring in new talent or outsource automation services to specialist external
providers. Perhaps a combination of approaches may be the best fit.
In addition, most automation approaches still ultimately provide outputs that humans use to make
decisions or incorporate into more complex work. Working effectively with technology solutions requires
a cultural shift and a digital mindset. The organisation should invest in preparing and supporting team
members to work in a more automated environment. This will benefit the organisation and its employees.
Importantly, automation often replaces work currently done by team members. Team members should be
given the opportunity to develop their skills in higher value work wherever possible.

.......................................................................................................................................................................................
CONSIDER THIS
Two elements of an effective automation strategy are organisational preparedness, including the ability to cooperate
and coordinate across different teams, and skills, including the ability to help plan and implement automation and then
work in a or automated environment. How would you assess your organisation’s or a client organisation’s readiness
for automated solutions?

SUMMARY
Automation refers to the use of computer and software resources to perform tasks and processes that would
otherwise be done by human resources. Automation is a key technological application enabling digital
transformation. Automation technologies can help an organisation to reduce its operating costs, enhance
productivity and efficiency, achieve high levels of scalability and process reliability, Increase customer
engagement, and finally improve its performance. The balanced scorecard can be used to evaluate and
communicate the benefits of potential automation initiative to a variety of stakeholders.
Beyond well-established desktop automation technologies, robotic process automation (RPA) and
artificial intelligence (AI) — including machine learning (ML) and other types of AI technologies —
have created new opportunities to automate tasks that conventionally required human labour. RPA is the
use of software robots to automate tasks and processes that can be described by pre-defined business
rules. AI algorithms can similar aspects of human intelligence and thus automate activities that require
Pdf_Folio:169

MODULE 3 Technology and its use in Finance 169

varying degrees of human-like judgement. ML technologies enable the machine to learn from experience
and feedback and thus improve its performance over time. These technologies are to be explored in further
in the next parts.
The best automation technology for an organisation depends on its specific needs, objectives and
business processes. Often a combination of technologies will be used. Successful implementation of
automation in an organisation requires data of sufficient quality; appropriately chosen technologies and
algorithms; supporting infrastructure; commitment, cooperation and coordination among members across
the organisation; and skills both to implement automation and work successfully with technology in an
automated environment.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

3.1 Select appropriate digital tools, using accounting and finance knowledge, that provide
innovative solutions to complex business problems.
• RPA, AI and ML can be used to automate business processes, including those involving intelligent
analysis, decision making and engagement with customers and employees.
• Different automation technologies can be combined to create intelligent automation solutions
across workflows.
• The balanced scorecard provides a framework to evaluate the potential and performance of
automation solutions against a range of financial and non-financial objectives.
3.2 Evaluate the impact of innovative technologies on the work of accounting and finance
professionals to communicate the benefits and risks to key stakeholders in the organisation.
• Automation can reduce the need to allocate human resources to low-value repetitive work, thus
creating cost and time efficiencies, reducing errors, enabling professionals to focus on higher value
work and improving employee morale.
• A balanced scorecard can be used to identify and focus on a mix of financial and non-financial
outcomes for stakeholders. This in turn facilitates communication of these benefits to stakeholders.
3.3 Appraise the suitability of technology in creating efficiencies and solving complex
business problems.
• Automation technologies can deliver efficient processes, facilitate new ways of doing business,
result in more satisfied and engaged customers and improve employee morale and engagement.
• Intelligent automation can create efficiencies in business processes, undertake visual and linguistic
tasks, and perform predictive analysis.

Pdf_Folio:170

170 Digital Finance

PART B: ROBOTIC PROCESS AUTOMATION
INTRODUCTION
As described in part A, RPA uses software robots to automate tasks and processes. RPA is typically
applied to repetitive work tasks that would often cost a human resource significant time that could be
more effectively used elsewhere to create value.
In this part, we will explore RPA and its applications in finance and other aspects of business. We will
examine the benefits, risks and challenges that must be considered when evaluating RPA’s potential to help
resolve problems and achieve business goals.
In combination with later parts of the module, this will provide the knowledge and skills to appropriately
evaluate and incorporate RPA into a comprehensive digital transformation strategy to drive and improve
overall organisational performance.

3.4 THE BASICS OF RPA

Robotic process automation (RPA) is an umbrella term for the use of software tools to automate a
combination of repetitive processes, activities, transactions and tasks in business applications with human-
assisted exception handling.
RPA is suitable for manual and repetitive tasks such as:
• procurement-payment automation
• quotation-to-order-to-receipt automation claims processing
• IT processes report generation
• sales and invoice processing
• customer relationship management
• inventory management
• data migration
• entry system integrations.

HOW DOES RPA WORK?

An RPA bot exhibits a combination of the following characteristics.
• The bot follows a script to replicate the actions and steps that a human would usually take to complete
a computer-based task. Tasks completed in sequence form a complete process.
• The bot uses [if, then, else] rules to deal with structured data. For example, one of the rules in the bot
described in example 3.4 would be something like ‘IF the quantity on the invoice matches the quantity
on the purchase order THEN check the quantity on the receiving document, or ELSE generate an alert’.
• The bot uses a combination of user interface interactions; that is, from the underlying software’s
perspective the bot is the same as a human user.
• The bot connects to other systems to access and share data according to the bot’s algorithm.
• The bot generates an alert when confronted with anything outside its pre-configured rules.
• The bot requires pre-configuration with a set of business rules and in what sequence those rules should
be applied.
• The bot requires re-configuration whenever any aspects of a task or process changes.
The aim of RPA is to reduce the burden of repetitive tasks for staff, eliminate human error, and improve
the efficiency, accuracy, availability and scalability of the processes. RPA is most valuable when deployed
throughout an enterprise with enterprise-wide standard operating processes, allowing multiple departments
to streamline value-added work. RPA is not by itself able to learn and adapt to new situations like AI and
ML can. However, AI and ML can be integrated with RPA to create more sophisticated solutions, variously
referred to as cognitive automation, intelligent process automation or hyperautomation.

Pdf_Folio:171

MODULE 3 Technology and its use in Finance 171

UNATTENDED, ATTENDED AND HYBRID RPA
RPA may be categorised according to how the RPA bot is triggered; specifically, whether a human initiates
the bot to perform its tasks.
Unattended RPA
Unattended RPA interacts directly with computer systems to perform a business process from start to
finish without human involvement. Unattended RPA bots can be triggered to begin their work by:
• the input of data (e.g. when a customer enters information into an online form)
• input from another bot (e.g. when the output of one process serves as the input to another)
• the progress of a workflow (e.g. when the bot performs tasks that integrate into a broader workflow)
• a time-based schedule (e.g. when a bot processes end-of-day data from a cash register).
When the process is complete, the bot hands its output on to a human or on to another machine.
Unattended RPA is useful in back-office situations where large amounts of data are processed. For
example, an accounting department could use it to process invoices.
Unattended RPA requires high-quality structured data and clearly defined rules. If the bot encounters a
problem (usually missing or non-compliant data), it pauses and alerts a human. Unattended RPA bots run
on virtual machines and thus do not interrupt the work of team members unless an exception occurs.
Attended RPA
Attended RPA is triggered by the user as needed. This type of RPA augments the user’s activities rather
than replacing them entirely. Attended RPA provides benefits of automation within a process that is, as a
whole, too complex or varied to be entirely automated. The human and machine work as a team, passing
tasks back and forth until the process is completed.
Use cases for attended bots include acting as virtual assistants or supporting human decision makers.
For example, accounting staff processing end-of-month financials could trigger a virtual assistant bot to
extract data from multiple sources and paste it into a destination system or document, thus speeding up the
process, reducing errors and enabling the team member to focus on aspects of the process where they add
most value. An internal auditor could launch a bot that correlates journal postings in different periods to
look for any anomaly and use the analysis to suggest improved practices for the company.
Hybrid RPA
Hybrid RPA uses a combination of unattended and attended RPA. Typically, a human user would trigger
the attended RPA bot as usual, and the attended RPA bot would trigger the involvement of unattended RPA
bots as needed within the process. Alternatively, an unattended RPA bot could trigger an attended RPA bot
to involve a human in some aspect of a process.
Hybrid RPA uses the most appropriate RPA technology for each part of a process and enables the bots
and human to work on different tasks at the same time, thus achieving optimal efficiency.
For example, in a call centre, a hybrid RPA bot could use NLP technology (described later in the
module) to analyse the conversation between a team member and customer in real time and display relevant
information to the team member to help them take the necessary next steps.
Whether to use attended, unattended or hybrid RPA is determined by the requirements of the process,
with the aim being to select an approach that is cost-effective and efficient.

QUESTION 3.4

What are the main factors to consider when choosing between unattended RPA and attended
RPA?

BUSINESS PROCESS MANAGEMENT

As described earlier, the most effective outcomes from RPA are achieved if the processes are
optimised before being automated. Business process management (BPM) is a holistic discipline to
optimise business activity flows in support of enterprise goals, spanning application systems, human
resources, customer relationships and external business entities. BPM can include BPM software. BPM
software has substantially greater scope than RPA. Table 3.1 summarises the differences between RPA
and BPM software.
Pdf_Folio:172

172 Digital Finance

 TABLE 3.1 Comparing RPA and BPM software

RPA BPM

A technology to streamline business process A holistic workflow approach

automation

Deals with smaller, repetitive tasks Covers the entire enterprise business workflow

Completed by bots that comprise a certain part of a A complete enterprise application system
business process

Streamlining of one particular business process Collective management of business processes

A complement to a solid BPM approach An end-to-end solution

Source: CPA Australia 2021.

WHERE DOES RPA FIT?

Kinetic Consulting Services (2016) classifies automation solutions into the four categories shown in
figure 3.3.

FIGURE 3.3 Categories of automation solutions

Multiple decision making

Level 4 Cognitive
Multiple sources of data to gain intelligence on a topic
Intelligent-based computing
Statistical-based self-learning
NLP understanding of meaning
No ‘personality’

Level 3
Pattern recognition Intelligent
Pattern-based
Work with unstructured data automation
automation
Self-learning
Limited intelligent decision making

Level 2 More sophisticated macro application

Rule-based Rule-based workflow RPA
automation Work on structured data
Work across different applications
No intelligent decision making

Level 1
Traditional Simple macro application (e.g. Excel) Macro app
automation
Predefined connectors to other applications

Source: Developed from Kinetic Consulting Services 2016.

Traditional automation — using macros or integrating systems with application programming interface
(API) protocols — operates at Level 1. RPA offers the most benefit in processes that follow structured
rules to complete simple tasks using structured data (Level 2 in figure 3.3). The following section
compares traditional automation and RPA automation.
.......................................................................................................................................................................................
CONSIDER THIS
Which level or levels of automation in figure 3.3 are most relevant to your work? What role does RPA have to play?

Pdf_Folio:173

MODULE 3 Technology and its use in Finance 173

Comparing RPA and Traditional Automation
RPA tools enable users to configure and deploy software bots that mimic human actions utilising
predefined activities and business rules to autonomously execute a combination of tasks and processes
across different software systems to deliver the desired result. Their ease of configuration and focus on
automating processes differentiates them from traditional approaches to automation. Table 3.2 gives some
further insight into the differences between RPA and traditional basic automation.

TABLE 3.2 RPA vs traditional automation

Robotic process automation Traditional automation

Focuses on process automation. Focuses on minimising human intervention.

Does not require any modification in the existing Requires certain customisations in the existing IT
systems or IT infrastructure. infrastructure.

Mimics human actions to automate repetitive, Does not mimic human actions.
rule-based tasks.

Users can preconfigure a large number of bots to Users require different domain-specific programming
perform the allotted tasks without the requirement techniques on physical machines to perform
of physical machines. parallel execution.

Orchestrates multiple applications (e.g. email, Interoperability issues are a challenge due to the
enterprise resource planning and customer limitations of customised APIs.
relationship management) to synchronise data flow
and create automated results.

Flexible to update any business flow. Difficult to maintain or upgrade traditional automation
technology due to hardware and software incompatibility.

Can be configured by users. Customisation of application is restricted by reliance on

APIs and need to code.

Source: CPA Australia 2021.

RPA can thus be more easily implemented than traditional automation approaches that require cus-
tomised code or work by integrating systems using API. RPA can also be contrasted with spreadsheet
macros that automate the work of completing complicated mathematical calculations, or invoicing
programs that automate the generation of sales invoices based on goods or services provided. The major
difference between these types of automation and RPA is the level of human input required in the process.
Once RPA is initiated, it performs a series of tasks, whereas these other approaches to automation perform
a single task at a time. Figure 3.4 compares how a macro would be used and how an RPA bot would be used
to complete a simple calculation. Note that in the RPA process the human inputs required by the macro
are replicated by the software.

Comparing RPA and Intelligent Automation

Levels 3 and 4 in figure 3.3 represent automation of complex processes that require decision-making
capabilities in the algorithms and/or use unstructured data (McGuire 2017). RPA by itself is not suitable
for these applications. However, as described earlier, in practice an automation solution is often created
through a combination of technologies. RPA can be enhanced by ML and AI. An RPA bot can simply
follow its defined rules, or it can work together with ML and/or other AI capabilities to undertake tasks
to further streamline the business process and customer experience. This combination of technologies is
often referred to as ‘intelligent automation’ and it offers strategic and analytical capabilities far beyond
that of standalone RPA. In such applications, the RPA bot will still be performing processes, but it will be
integrated with and instructed by intelligent technologies.
It is important to match the automation approach with the business’s needs and capabilities. Not all
businesses have the maturity, resources and/or requirement for intelligent automation. For some businesses,
such as the one described in example 3.5, standalone RPA is the right solution.

Pdf_Folio:174

174 Digital Finance

 FIGURE 3.4 A macro vs RPA

Human determines the need for At a predetermined trigger, the

calculations. computer determines the
calculations that are required.

Human identifies calculations to

be used and defines variables. The computer’s algorithm knows
the calculations to be used and
identifies the variables needed
(accessing different systems if
Human enters variable into
necessary to access data).
calculator.

Computer performs calculations.

Calculator performs calculations.

Computer records the output,

Human records the output and
ready for humans to apply when
applies it to their task.
needed.

Use of a macro within a An RPA process

human process
Source: CPA Australia 2021.

EXAMPLE 3.5

An RPA Solution
Xcello Credit has a backlog of customer requests that now average a turnaround time of 3–5 days. A
sales manager and sales assistant at Xcello have identified the possibility of using RPA to automate
some processes to improve turnaround times. They have decided to investigate and perhaps pilot an
RPA system to automate the creation of new line of credit accounts for existing customers.
The sales manager has documented the process, including the pain points, for the vendor as follows.
The Customer Request
A call centre representative has to take a phone call from an existing customer who requests a new line
of credit account. Because the caller is an existing customer, the call centre representative only needs
to record information about the new request and the details of the customer’s property that will serve as
collateral. All the other information will come from Xcello’s customer database. The next step is for a sales
assistant to complete the request.
The Backlog
As the next stage of the process can only be handled manually by the sales assistant, the customer
request sits in a backlog, in many cases for up to 5 days, until the sales assistant has time to process it.
This is inefficient and a suboptimal experience for customers.
The Sales Assistant’s Process
When processing the backlogged requests, the sales assistant uses information from two systems:
• the business process management system, where the details were originally entered
• the credit line confirmation decision-making system.
Using the customer number, the sales assistant copies information from the customer database into
yet another system: the line of credit account system.
The sales assistant then takes the information from the credit line confirmation decision-making
system and uses a calculator on a government website to determine the tax valuation and assessment
of the property used as collateral. Accessing yet another system takes more time, and introduces the
potential for inadvertent errors, even when the sales assistant is working as effectively as possible. About
10 per cent of credit account requests would contain an error at some point in the process.
Finally, the sales assistant copies the information in the line of credit account system and presses the
button to create an account. The system is now ready to generate the documents the customer will need
to sign. It only takes the sales assistant about 20 minutes to complete the process for each customer, but

Pdf_Folio:175

MODULE 3 Technology and its use in Finance 175

 it has involved four separate systems and data in almost 36 fields. There is significant scope for errors to
be made and little prospect of clearing the backlog of customer requests.
An RPA Solution
Because the process outlined follows defined rules, an RPA bot could be configured to complete each of
the steps completed by the sales assistant, including logging into the different systems and copying and
pasting the data.
The Benefits
An RPA bot performing the process described above could take about 45 seconds per customer, clearing
the entire backlog within a day and providing almost real-time processing for future requests.
The RPA bot eliminates errors arising from the manual copying and pasting task. If it encounters missing
data or some other exception, it generates an alert for the sales assistant’s attention.
The sales assistant was freed up to deal with more value-adding sales tasks.

3.5 BENEFITS OF RPA

RPA has brought improvements to the processes of many organisations by automating repetitive tasks. In
reducing or removing the need for human involvement in those tasks, team members can channel their
effort towards more critical business functions that require human intelligence and empathy.
According to Tucci (2020) and Dilmegani (2020), RPA promises many benefits to an organisation.
• RPA can optimise business resources by reducing the risk of human errors in handling tedious tasks.
• RPA introduces flexibility to existing processes by adapting human tasks with small changes so that the
processes can become more flexible and scalable in handling the increase in business volume.
• RPA tools, when working along with BPM workflow systems, can improve cost-effectiveness in
reducing the human–machine waiting time.
• Replacing document creation and reading processes with RPA bots can improve communication by
providing faster and more accurate information than humans. Bots complete the process accurately the
same way every time, reducing error rates and improving consistency.
• The automatic scheduling capability of unattended RPA can assist human staff with better control of
business activities such as triggering a sales process wholly or partly when it detects a sales order email
has been received.
• Job satisfaction is improved with RPA bots handling the tedious tasks. Employee satisfaction can be
improved by releasing them to perform more meaningful and rewarding tasks. As employees receive
appreciation, they become active drivers to high morale.
• RPA bots help companies identify business insights through data analytics with minimal error because
RPA bots can collect data with a broader scope than humans. Humans can work on more focused analytic
algorithms to yield a better result.
• RPA can efficiently, accurately and reliably screen invalid or out-of-context input data and reject it or
generate an alert. This can help avoid costly mistakes.
• RPA can reduce the risk of unauthorised access to a system by integrating access control with multiple
enterprise-wide applications. RPA can enhance the security level of enterprise data by ensuring a client’s
applications are not modified or enhanced without a proper procedure.
• RPA can extract business and system performance data automatically, and store the data to meet
governance, compliance and regulatory requirements.
• RPA can also reduce the chance of human interaction with sensitive data, thus reducing the potential
for fraud.
• RPA can help improve the performance of legacy systems by applying RPA to parts of existing processes
without making changes to the current systems.
• RPA can increase employee productivity and remove time and cost from business processes.

Pdf_Folio:176

176 Digital Finance

CREATING A BUSINESS CASE FOR RPA
A business case for adopting RPA to address a business problem or help the business achieve its objectives
should be built on the full range of relevant benefits. Later in this section we will use the balanced scorecard
to identify benefits important to a range of stakeholders. First, however, we should recognise that at the
most fundamental level — cost reduction — RPA has a very strong value proposition.
As figure 3.5 shows, RPA can achieve significant cost savings over human labour. For decades now,
many organisations have sought to reduce costs and improve scalability by offshoring some of their
business processes. Many of these processes are candidates for RPA and as the figure shows, RPA may
prove cheaper than offshoring.

FIGURE 3.5 Cost comparison of back-office worker to RPA in USD

$60 000

$49 000
$50 000
$44 950

$40 000 $37 700

USD

$30 000

$20 000
$10 150 $7250
$10 000
$5400

$–
US UK AUS Philippines India RPA
Source: Kinetic Consulting Services 2016.

RPA clearly has a strong potential financial benefit. In section 3.2, we introduced a balanced scorecard
as a framework to understand, prioritise, evaluate, communicate and assess the performance against a
range of other benefits for an organisation. Using the scorecard to identify these benefits is a useful step
in developing a comprehensive business case to adopt RPA.

RPA’s Balanced Scorecard

Figure 3.6 presents the automation balanced scorecard from figure 3.2, customised for RPA. The benefits
in each category are generally applicable, but an analysis should be done specific to the organisation and
proposed RPA solution.
Having identified the benefits relevant to a specific implementation of RPA, a business case for its
adoption can be built.
Example 3.6 describes how Coca-Cola built a business case for adoption of RPA to improve efficiency
in human resources processes (Blue Prism n.d.).

Pdf_Folio:177

MODULE 3 Technology and its use in Finance 177

 FIGURE 3.6 A balanced scorecard for RPA

Customer • Significant improvements to both the speed and accuracy

advocacy of data entry and retrieval
• Reduced customer wait times
• Increased quality of customer interactions
• Enhanced customer satisfaction

Productivity
• Increased productivity through reduced errors (avoiding
employee fatigue and double handling)
• Increased productivity through greatly increased speed
and volume of work performed

People • Increased employee productivity by automating low-value,

low-complexity work
• Increased employee satisfaction from more engaging work
• Increased value from employees freed to perform more
value-added or strategic activities such as analysing,
reporting and advising

Flexibility

• Can be reconfigured by users to deal with changes to the

process workflow

Scalability
• Cheap and easy to implement for well-defined processes
• Requires very little computing power to run, so they can
be scaled to higher volume or more widespread processes
with little business investment or risk

Controls • Functions are reliable, consistent and repeatable

• Can be managed with a defined set of rule-based metrics
• Dashboards provide a view of the performance of the
automation routines
• Reliability and consistency improves businesses’ ability to
audit and manage risks within their processes, and thereby
improves compliance
• An audit trail of all activities is created

Source: CPA Australia 2021.

EXAMPLE 3.6

Coca-Cola
Coca-Cola is one of the world’s largest beverage companies with complex multinational operations.
It recently consolidated its HR and finance shared services organisations, along with its customer
contact centre.

Pdf_Folio:178

178 Digital Finance

 It was found that the HR team was struggling with the huge range of resources available to them. At
the same time, they had limited ability to understand the cause of problems affecting their business and
thus were limited in their ability to help.
Seeking a higher performance outcome from its investment in HR services, Coca-Cola set three
objectives to improve the process efficiencies of HR’s business operations.
1. HR processes and strategies should be executed in the same way for all the client organisations.
2. HR should keep abreast of best practices and deliver timely and accurate Payroll and HR
operational processes.
3. HR should provide a superior user experience in resolving employee inquiries within its finance division
and, in time, to other divisions.
Process Selection in Building the Case
Having identified the desired outcomes, Coca-Cola spoke to internal subject matter experts who owned
the most manual HR processes to understand the volume, frequency patterns and number of hand-off
situations. The purpose was to identify which processes were most viable for automation and posed
the most significant risk due to the number of people involved in the process. Coca-Cola made use of
an online mapping tool to gain insight into how much automation could be applied to each of the 150
identified processes.
The RPA Solution
Coca-Cola identified that more than 50 HR audit processes across multiple SAP systems and multiple
human touchpoints could be automated using RPA. A staggered schedule was established for the audits
so that team members would be able to deal with exceptions manually without holding up the process.
The solution was designed to achieve time-savings and redeploy human attention away from the manual
process and towards the output data.
The solution was also designed to ensure confidentiality of the data and the reports generated.
A case management system was proposed to track reports to determine when things were delivered
and actioned — something that the manual process was not able to provide.
Outcomes
Having built a compelling business case and a viable plan, Coca-Cola proceeded with the RPA solution.
The results were as follows.
1. RPA added 16 hours extra capacity (from an 8-hour day to a 24-hour day) without additional headcount
being required to take on eight times more work.
2. RPA provided improved accuracy and 100 per cent coverage on all audited transaction data, removing
the need for spot audits.
3. Innovation-driven career development paths improved for employees as the company automated
manual tasks; individuals had opportunities to shift into more advanced roles that involved more
valuable, analytical work.
4. RPA improved customer experience by removing time-consuming, transactional work. The HR people
could dedicate more time to providing human interaction and had more time to work through sensitive
or complex employee situations. Customer experience improved with higher human interaction.
5. RPA improved compliance, as HR audit reports became trackable with a better quality of process data
than the manual process. New insights were obtained to further improve the company’s operational
performance.

.......................................................................................................................................................................................
CONSIDER THIS
Which segments of the balanced scorecard were addressed by Coca-Cola’s RPA solution and how?

RPA IN THE FINANCE FUNCTION

There are numerous effective applications for RPA in an organisation’s finance function. We will describe
some of these below.

Financial Review Preparation

RPA can facilitate the preparation of regular financial reports by:
• connecting and automating data movement from various finance systems for rapid consolidation
and reporting
• cleansing data for easier formatting between applications, such as Adobe Acrobat and Microsoft Excel,
to create readable reports.
Pdf_Folio:179

MODULE 3 Technology and its use in Finance 179

Account Reconciliation
RPA can improve the efficiency of account reconciliation by:
• downloading subaccount balances into pre-approved formats
• uploading transaction data from various subsystems and different formats
• performing data validation and exception research and handling
• creating and balancing journal entries, noting and remediating discrepancies.

Standard Journal Entries

With RPA, organisations can:
• create standard monthly journal entries
• enter and manage data into their ERP systems
• perform validation analytics to ensure accurate entries.

Portal Queries
Organisations often work with suppliers via portals that do not have well-defined integration protocols (or
APIs). RPA can streamline the process of working with supplier portals by connecting to all portals and
automatically gathering or posting relevant information. This can occur either at pre-set times or as part
of a defined workflow.

Data Consistency
Customers’ details can frequently change as they move house, change their name, or even make significant
changes to their financial situation (e.g. taking out a mortgage). RPA can assist by regularly scanning
customer information for accuracy using a designated reference point, such as a bank statement or tax file
number, and update customer records if required.

Enhancing System Compatibility

To perform certain regular accounting and reporting functions, data must be moved from one system to
another — an issue often arises of compatibility of data between these systems. RPA helps resolve this
issue by formatting data from one system so that it can be ‘understood’ by a second system.

Regulatory Compliance
Regulatory technology, or RegTech, is a large and growing area that has emerged largely from regulatory
requirements imposed in the finance field. Initially introduced in many organisations to improve internal
processes and reduce compliance costs, RegTech became important as a way to monitor risk in order to
comply with increasing regulatory requirements following the global financial crisis.
While AI and ML have a role to play in RegTech, RPA is the most commonly used type of technology
currently underpinning it. RPA offers benefits in the RegTech area by:
• decreasing errors in data and reporting
• increasing staff efficiency, allowing greater time to investigate and resolve instances of non-compliance
• reducing risk by improving compliance with anti-money laundering and know-your-customer (KYC)
regulations.

Financial Information Analysis

RPA analytics is a way of applying RPA, in a non-invasive way, to manual processes across an organisation.
RPA analytics can complement data analytics as it can be integrated with data processing platforms to
operate cohesively across the whole company. This ensures that business performance is based on data
and statistical methods. One of the significant incentives in this approach is the reduction of errors in data,
because it is a well-known issue that manual processing and compiling data is prone to human error.
ANZ Bank has been at the forefront of using RPA analytics to improve its efficiencies. It launched
500 bots to handle several different banking service areas, including mortgage originations, account
reconciliations, audit compliance reviews, monthly reports and customer payments. In one section of
the organisation, it reduced the number of staff from 40 to 2. The RPA implementation has yielded
multiple benefits for the bank including savings in operating costs, improved accuracy in the handling
of financial information, higher productivity, better compliance with regulations set by the Australian
Prudential Regulation Authority (APRA) and Australian Securities and Investments Commission (ASIC)
and improved customer satisfaction.

Pdf_Folio:180

180 Digital Finance

 BNY Mellon has applied RPA analytics in its trade settlement process, which has reduced the time
required to reconcile a failed trade from 10 minutes to 0.25 seconds.

Audit Control Processing

Internal audit is required to identify, test and recommend controls. Many of these are well suited for RPA
because the exceptions or abnormal conditions they are intended to detect can be defined by a set of rules.
In addition to controls, RPA can also enhance how an internal audit works. For example, some of the
tasks that RPA could automate include: identifying open items, tracking progress against the annual audit
plan, monitoring key business risk indicators and reporting.

Combatting Financial Fraud

RPA is useful in combatting fraud in terms of the following.
• Monitoring of fraudulent commercial transactions. Commercial and personal information solicited by
government bodies, banks, organisations and services can are be monitored 24/7 for proper usage and
anything that looks suspicious is flagged for attention. Such a process requires continuous monitoring
of all activity logs, and so RPA bots are a viable option. RPA can look for all fraudulent activities based
on predefined conditions.
• Online credit card applications. The whole credit card application process is systematically defined.
Credit card companies use RPA bots to handle the complete workflow of processing a credit card
application, from collecting and verifying all required information from the applicant, to running credit
and background checks, issuing the credit card, and sending and activating the card.

Sales and Inventory Reconciliation

Invoice processing is a key function for many businesses and contains a high volume of repetitive manual
tasks. Errors and inefficiencies in these tasks can result in issues such as delayed or incorrect payments.
RPA can create substantial improvements over a manual sales and inventory reconciliation process. We
will examine one business’s solution in example 3.7.

EXAMPLE 3.7

Sales and Inventory Reconciliation

A finance organisation was consistently experiencing a high volume of blocked invoices — approximately
2500–3000 per month. This impacted on the timely payment of invoices and, ultimately, on the client
experience.
More formally, the business issues can be described as:
• low value time spent manually drafting and sending requests
• time spent on administrative activities within the process takes away time that could be spent on
resolving the blocked invoices
• reconciliation of four different reports was a highly manual, repetitive and time-consuming task
• manual reconciliation led to errors and escalations which required additional time and effort to resolve
• the human effort to reconcile required printing around 1500 pages per day
• a team of 20-plus people were performing this activity.
It can be seen that some of the inefficiencies were compounding each other.
The overall process was broken down into steps to identify which aspects could be automated. The
activities performed by a bot in the RPA solution are shown in figure 3.7.
The benefits observed were:
• 25 per cent improvement in productivity
• 40 per cent reduction in ‘aged blocked invoices without dependencies’
• 80 per cent of invoice classification achieved (including price, quantity) compared to 50 per cent prior
to RPA implementation
• 50 per cent reduction in cycle time (7–8 minutes per invoice compared to 15–18 minutes before RPA)
• 39 per cent reduction in cycle time across the total process (7.4 to 4.5 hours)
• reduction of full-time-equivalent labour from the initial scope of 21 to 4
• maintenance of zero defects on quality and turn-around time
• capacity of analysts shifted to handling more complex tasks and exceptions.

Pdf_Folio:181

MODULE 3 Technology and its use in Finance 181

 FIGURE 3.7 Automation of activities within the sales and inventory reconciliation process

Sales and inventory reconciliation

Activities performed by the software robot

Report is generated to RPA triggers an Excel

itemise non-reconciled items. macro to process reports.

Runs a macro to reconcile

orders comparing the sales Logs in to TELSMART.
versus the production schedule.

Runs macro to reconcile

Uploads the final POS
material usage between sales
report to TELSMART.
and change in inventory.

Downloads the Validates the information that will

product usage report. be sent via email to the requestor
(the reason driving the block).

Downloads daily After validation, win

production schedule. automation sends the email
directly to the requestor.

Downloads the sales

and inventory reports
Logs in to systems.
from SAP.

Source: CPA Australia 2021.

.......................................................................................................................................................................................
CONSIDER THIS
To configure an RPA bot requires every step of a process to be understood and documented. The aspects of the
process that can be automated can then be identified. Choose a familiar manual process from your own work and
list each step. Which steps could be automated and why? Which could not and why?

RPA IN BUSINESS
RPA can be used to target improvements in key processes in a wide range of business functions
beyond finance, in processes that span different parts of the organisation and across different industries.
An accounting and finance professional should be aware of broader applications that are relevant to
business overall.
Pdf_Folio:182

182 Digital Finance

Business Functions
In this section we will briefly describe RPA applications across a number of core business functions.
Human Resources
RPA can provide substantial assistance with the repetitive and high-volume tasks required in HR, such as:
• administering learning and development plans by notifying employees and managers of training
requirements and reminding them when certification renewals are required
• managing travel and expense claims, including approving standard claims when they fall within
predefined rules
• streamlining the onboarding process for new employees by collecting all relevant information from the
employee and providing them with processes and information as required — such as passwords, login
information and other critical new-hire items
• validating employee time records and payroll data to remove the need for manual processing of payroll;
includes automatically managing leave entitlements and use
• improving the security, accuracy, efficiency and completeness of personal information collected.
Supply Chain Management
As supply chain management is a complex and interconnected function, RPA can help to:
• integrate systems and tools from across a company’s supply chain, allowing for increased visibility and
control of suppliers, products and delivery processes
• eliminate the need for manual input of purchase orders — these can be triggered at pre-set times,
frequencies or when stock drops to a defined level
• reduce human error and duplicity in the supply chain process, thereby reducing costs
• ensure the supply chain can function 24/7 with negligible down-time, via software connectivity and
automation of key processes
• speed up the execution and delivery of orders, thereby improving the customer experience.
Marketing and Sales
RPA’s advantages in the field of marketing and sales typically focus on making the best use of the vast
amounts of data collected, by assisting with tasks such as:
• enabling faster third-party data integration (as compared to API-based integration, which can require
significant time and investment)
• applying business rules to process and sort customer data for marketing campaigns
• streamlining the placement of digital advertisements by automatically deploying them to the appropriate
platform/s at the predetermined times
• compiling customer data from multiple sources into a single reliable CRM or other system, from which
to generate new campaigns
• triggering chatbots to assist customers with simple sales and customer service enquiries. If used well,
these chatbots can increase customer engagement and lead to increased sales.
Example 3.8 examines a bank’s marketing use case for RPA.

EXAMPLE 3.8

Updating Customers’ Marketing Preferences

In the marketing arena, meaningful and authentic customer conversations begin with identifying whether
the customer would like to be contacted at all, and then engaging in appropriate communications
with them. A large bank implemented RPA to quickly and effectively process customers’ marketing
preferences, thereby enabling a significantly earlier start on marketing campaigns targeted to these
customers — and in turn, increasing revenue opportunities.
The Situation
When the bank issued new credit cards, customers were able to opt in or out of future marketing from
the bank. Over a three-month period, approximately 300 000 customers elected to receive the marketing.
The bank needed to record these marketing preferences in its customer relationship management (CRM)
system quickly and accurately to enable marketing campaigns aimed at these customers to begin.
Manual Processing
A list of all customers opting-in to marketing was created as an Excel spreadsheet. This list was sent to
the call centre so that employees could update the ‘marketing’ field for each customer in the CRM system.
Pdf_Folio:183

MODULE 3 Technology and its use in Finance 183

 The work was undertaken during ‘quiet times’ in the call centre and took three months to complete. The
process also required additional quality checks to be carried out, to ensure all data was entered accurately.
Automated Processing
An RPA bot was programmed to read the customer details from the Excel spreadsheet, log in to the CRM
system and update the relevant ‘marketing’ field. The bot was able to complete the updates to all 300 000
records in one week, with no errors (and no requirement to quality check the process output). The RPA
bot took one person just three weeks to build and test comprehensively.
The Outcome
The decreased processing time of RPA, along with the increased accuracy, allowed the bank to commence
its marketing campaign to these customers approximately two months earlier than if the process was
manual. This enabled a potential revenue increase of up to $10 million.

.......................................................................................................................................................................................
CONSIDER THIS
Given the pervasive use of technology in business today, why do you think manual processes such as the one
described at the start of example 3.8 still persist in many organisations?

Business Processes
RPA can exchange data across multiple systems and thus automate processes that involve different parts
of the organisation.
Sales Order Processing
RPA can complete many actions across multiple business portals and systems; some of the most common
applications include the following.
• Incoming customer emails and attachments processing. The company can apply RPA to screen all
incoming emails and classify them. Sales-related emails can be assigned different priority levels to
ensure a response within an appropriate timeframe by the appropriate personnel. Automating email order
processing can increase the speed and accuracy in handling incoming orders as well as empowering the
sales team with a tool that helps them deliver a better customer experience.
• Customer orders processing. With all the required information available, RPA bots can handle customer
orders automatically without human intervention from the early stage of receiving the orders, validating
the correctness of the order line items, updating the order processing system, checking for estimated
time of arrival (ETA), and continuing with the order fulfilment stage. RPA can eliminate manual data
entry effort and reduce human errors and accounting costs. It can also allow for better pricing validation
and sales data control.
• Order fulfilment. Online storefronts can use RPA bots to fetch sales order details from different provider
databases, warehouse stock level can be monitored and shipments can be tracked in real time from
mobile devices. RPA enables streamlined and parallel order processing tasks to achieve improved
accuracy, reduced labour costs, faster delivery of shipments and reduced delivery overheads.
• Customer account reconciliation. Customers commonly request statement reconciliation either by
phone or in writing. This can be handled by the RPA bot to process the request without delay. RPA
can check for duplicate payments to reduce the time spent manually verifying bank statements with
customers and improve overall efficiency by helping customer service personnel, who will then have
more time to handle other more critical requests.
IT Processing
Many IT processes can be automated with RPA, including the following.
• Application system user access control. Modern-day role-based access control mechanisms require IT
personnel to propagate user access rights from one application system to another, based on the role
or roles of the user. RPA bots can perform this task without human intervention. They can assess the
employee’s credentials and grant access and permission to the relevant system resources.
• Retrieving and distributing data to and from multiple data sources. Multinational organisations run their
business with back-end databases located in different locations. RPA bots can process the requests in
batches asynchronously or in real time, depending on the priority of those requests, to ensure better
performance to the whole of the enterprise’s application system.
Pdf_Folio:184

184 Digital Finance

Product and Service Marketing
RPA can assist with basic product and service marketing tasks such as scraping social media content and
data from the web. RPA software is the perfect candidate for content scraping as the data to be collected
from websites, such as social media posts, stock trading figures, commodities trading data, news and media
sites, will be known. RPA bots can scrape those websites continually for specific information of interest,
analyse them, and ready the information for reporting to the relevant stakeholders.
Cybersecurity
The increasingly embedded nature of technology in organisations increases cybersecurity risks, but
technology can also be used to help automate aspects of the management of these risks, through the
following.
• Data leakage detection. RPA bots can help with classifying risk and monitoring data loss 24/7. When
these issues are detected, RPA triggers the associated incident response process to deploy the necessary
security controls to protect the systems and prevent the problem from spreading.
• Threat exposure analysis. RPA bots can be deployed to conduct penetration testing exercises to enable
an organisation to better understand its business environment vulnerabilities, while also focusing on
delivering business solutions.

Industries
While some core business functions operate similarly across many different businesses, different industries
have their own particular characteristics and thus opportunities for RPA to add value.
Healthcare
There are many opportunities to leverage the benefits of RPA in the healthcare sector, including deploying
RPA to:
• manage the online and offline complexities of appointment scheduling to allow for patients to make
online bookings
• process finance-related activities such as recording costs of treatments administered, generating bills,
accepting online payments and synchronising data across multiple systems
• handle health insurance coverage and claims and streamline settlement processes.
Insurance
As another industry driven by large amounts of data — and the need for extremely high levels of data
accuracy — insurance companies can use RPA to:
• verify customer information using a variety of systems and use this as the basis of robust quoting and
underwriting processes
• make basic changes to policies and customer details, within given parameters
• remind customers when renewals are due and process these renewals as required
• settle claims in low value, standard cases.
Telecommunications
With the vast majority of people in industrialised countries owning at least one mobile device — if not
more — the data created by the telecommunications industry is extensive. RPA can help by:
• collecting and consolidating customer data from different phone companies and systems
• transferring customer data between different provider and carrier systems, portals and applications
• extracting data on competitors’ plans and pricing, to ensure the company remains competitive.
Government
Governments can also benefit from the use of RPA to cut costs and enhance process efficiencies, including
when it is used to:
• complete verification processes on individuals, such as when they register a property purchase or other
legal transaction
• populate automatic forms and notifications
• integrate legacy systems with newer systems.
Not-for-Profits
RPA can be a valuable technology for not-for-profit organisations. The simplicity and low cost of RPA
implementation makes it an appropriate first step into automation for not-for-profit organisations, which
face many of the same challenges as corporations — in particular, the growing requirement for staff to
complete menial time-consuming processes to ensure compliance and data quality, and generally support
Pdf_Folio:185

MODULE 3 Technology and its use in Finance 185

 the operations of the organisation. Instead of this repetitive manual labour, employees would rather work
on mission-specific tasks. In not-for-profits (Sremack 2018), the kinds of tasks where RPA can provide
tangible benefits include:
• creation and implementation of digital and print marketing campaigns
• tracking of regulatory compliance across multiple jurisdictions
• management of volunteers and staff.
.......................................................................................................................................................................................
CONSIDER THIS
So far, we have described a range of benefits and applications of RPA. An evaluation of any digital tool should of
course consider the costs, risks and challenges alongside the benefits. A digital strategy will need to address these
if it is to effectively serve the business. Before reading the next section, think about what challenges and risks might
be associated with an RPA initiative.

3.6 RISKS AND CHALLENGES FOR USING RPA

One of the reasons for the growing adoption of RPA in business is that the costs and risks are often assessed
to be comparatively low compared to the benefits the technology can provide. Nevertheless, like any
business innovation, RPA still carries some risks and these need to be assessed and managed to ensure
they do not impact negatively on the business’s objectives.
The risks and challenges relate primarily to data security, technical glitches or failures, uncoordinated
changes to integrated systems, flawed adoption or implementation processes, and negative impacts on
employee morale and performance. Each of these risks can reduce the efficacy and/or return on investment
of the technology. We will discuss each in turn.

DATA SECURITY
As RPA is a software-driven innovation, it creates vulnerabilities in the areas of cybersecurity and data
privacy. By their very nature, RPA software bots are designed to access data across various departments
in an organisation — and even from partner systems outside the organisation.
Although not common, experts have suggested that hackers may be able to modify any session that a
software bot is performing to either affect the operation of the RPA or extract sensitive business data.

Mitigation Strategy
The organisation’s overall digital strategy should include cybersecurity and data management strategies
to ensure data is handled appropriately and secured from theft and malicious or inadvertent misuse. It is
crucial to ensure the organisation’s technology security systems are robust prior to implementing RPA,
investigate whether the RPA solution will introduce any new vulnerabilities, and determine if additional
security is necessary for each RPA process implemented.

TECHNICAL ISSUES
All software has the potential to contain errors in programming or design which can impact on its operation.
When an RPA bot is configured by the users themselves, this risk may be greater than for professionally
configured systems.
Flaws in the implementation of RPA can then compound across huge amounts of data. For example, if a
data field from one portal is copied and then pasted in the incorrect place in the target location, all records
will be erroneous.
These kinds of technical issues can also damage the customer experience if, for example, they result in
incorrect invoices being generated or marketing campaigns being sent to the wrong people.

Mitigation Strategy
Appropriate testing must be conducted, with the nature and extent of testing to be based on the potential
impact of the RPA making an error. More critical processes naturally require a higher level of testing.
It is also advisable to scale the implementation of the RPA into production. A small number of
transactions can be processed and the results closely monitored to determine whether the bot is operating
as expected. Once reliable results are achieved, the volume of processing can be progressively increased
over subsequent days, while still monitoring the outputs. to ensure the RPA is operating as intended.
Pdf_Folio:186

186 Digital Finance

 It is important to anticipate technical issues and have a strategy for resolving them should they occur.
For example, if data is incorrectly calculated or assigned in a database, how will this be undone?

SYSTEM CHANGE
RPA processes are only as stable as the underlying information or systems they access. That is, if a
particular RPA bot sources data from one system to use in a task in another system, this process will
only continue to work for as long as both base systems remain the same. If one of the source data fields
changes, the information the bot accesses is likely to be compromised and therefore unreliable.

Mitigation Strategy
The organisation should put in place mechanisms to ensure any systems changes are made with considera-
tion for the impact they will have on other integrated systems and planned changes should be communicated
to relevant parties throughout the organisation.
The user should regularly check that the RPA bots are functioning as intended and that the data they are
using remains accurate. If any changes have occurred, the bot’s programming should be adjusted to render
it functional again.

PROCESS SELECTION
Although it will not impact on the functional integrity of an RPA bot, the selection of the most suitable
process to automate will make an enormous difference to the outcomes achieved. An RPA implementation
should have a defined set of expected business outcomes and established metrics for determining
performance. A successful implementation should be quickly evident, but applying RPA to unsuitable
processes may not only waste time and money but may in fact magnify any underlying inefficiencies in
the overall workflow — and require substantial time to rectify.

Mitigation Strategy
Process selection should be based on a careful analysis of different processes to identify which are the best
candidates for automation. In addition, the processes and overall workflows should be evaluated to identify
whether they are optimally designed. Business processes should be improved where possible, including
through better coordination between different parts of the organisation, before they are automated.

EMPLOYEE MORALE
Introducing new software or technology, such as RPA, has the potential to positively transform a workplace
by delivering wide-ranging and substantial benefits to numerous stakeholders. However, it is important to
recognise that the introduction of RPA will affect various employees differently.
• Some employees would find their jobs more fulfilling once RPA takes over mundane tasks, but others
may not.
• Employees who are not technologically proficient may be increasingly concerned about training and
upgrading their skills for adapting to RPA and other technologies.
Failing to communicate the inevitable changes to various workflows and processes can result in
confusion or disengagement among employees.

Mitigation Strategy
RPA will inevitably impact on team members. Any business process and workflow changes as a result of
RPA should be clearly communicated to all affected employees, along with the rationale and benefits for
the changes.
.......................................................................................................................................................................................
CONSIDER THIS
How would you communicate plans for an RPA initiative to your colleagues? What would you expect to be
communicated to you if the initiative was being introduced to your work area?

Pdf_Folio:187

MODULE 3 Technology and its use in Finance 187

3.7 BUILDING AN EFFECTIVE RPA STRATEGY
In section 3.3, we discussed five key issues that should be considered when building an automation strategy:
data, technologies and algorithms, infrastructure, organisation, and skills. In addition to the general points
made in section 3.3, an RPA strategy should pay particular attention to (Kelly 2019).
• The organisational implementation model. How will RPA fit into the business structure? For example,
will the management and operational function of RPA be centralised to a single business unit which
then services all other business units, or will each existing business unit make its own decisions around
implementation and managing RPA themselves?
• Governance. Just as in other areas of business operation where risk management (and therefore
governance) is critical, RPA implementation requires careful planning and ongoing management.
Structures should be put in place to control when and how RPA is used, and planning should occur to
mitigate any possible negative impacts — particularly for unforeseen issues with how the RPA functions.
• Key performance indicators (KPIs) and continuous improvement. Typically, RPA, like most business
innovations, is implemented to resolve a specific business need. To ensure that RPA continues to meet
that need and provide benefits to the business through changing circumstances over time, it is important
to define and measure clear KPIs throughout the life of the implementation. Also, it is critical not to
assume the implementation will work first time, or that the first implementation will be sufficiently
effective over the long term. The RPA process should be subject to continuous improvement, like any
important business process, to ensure the investment does not stagnate or fail to evolve. As solutions
in RPA develop and change it will be crucial to iterate the organisation’s technology in order to
remain current.

RPA SUCCESS FACTORS

The following five criteria should be considered when assessing the suitability of RPA for a process. If
these criteria are not satisfied, RPA may fail to function, or may simply fail to deliver substantial benefits.
1. The process is high volume and repetitive. RPA can reduce time and increase accuracy in this type
of operation.
2. The process relies on structured digital data. RPA works on structured data digitally, whether online or
locally on the user’s computer.
3. The process has clear business rules and low or no exception rates. RPA requires well-defined rules and
exception-handling algorithms which means undefined rules or a high exception rate will cause RPA to
fail to deliver the expected result.
4. The process is prone to error when using human labour. RPA performs the process exactly according
to the rules, eliminating human error.
5. The process is time-sensitive or highly seasonal. RPA offers an opportunity to improve customer and
employee experience by meeting the fluctuating demand for manual labour in the existing workflows.
Unlike human labour, RPA is easily, cheaply and quickly scalable.
In addition to the five criteria above, consideration should be given to the following guidelines when
choosing the appropriate business processes (Tucci 2020).
• Choose business processes and their associated applications which are stable before applying RPA.
• Apply RPA for simple applications that operate in high volume. Applications involving a large number
of decisions in one process (i.e. more than five decisions) probably require an alternative approach
(Tucci 2020).
• RPA bots are sensitive to changes in any application which demands effort to reconfigure the algorithms
and the business rules. Limiting the number of applications involved to five or less will help keep change
action manageable.
.......................................................................................................................................................................................
CONSIDER THIS
We have described RPA as a technology that is easy to implement and that can deliver substantial benefits quickly.
However, 30–50 per cent of initial attempts to implement RPA in an organisation fail. Why do you think that might be
the case? Do you think some aspects of an RPA strategy are more important than others? Why?

Pdf_Folio:188

188 Digital Finance

 QUESTION 3.5

Create a checklist that can be used to assess the suitability of a process for RPA.

DEVELOPING AN RPA SOLUTION

In traditional basic automation, the process requires programming APIs (an application intermediary that
allows messaging between applications) and other tools to integrate different systems. Consequently, the
developers of these kinds of automation must have a good understanding of the target systems they are
integrating in order to enable effective automation.
In contrast, RPA is a predominantly front-end process which mimics the actions of the user at the user
interface level; that is, RPA is concerned with computers performing tasks in the exact same way a human
user would (without necessarily requiring visibility to the back-end functionality of the systems involved).
Therefore, it is also easier to develop RPA programming as there is much less need to interact with the
underlying complexities.
The following eight steps provide a guide for developing an RPA solution.
1. Know more about RPA. Understand what RPA can provide, such as assistance with repetitive and high-
volume tasks. Also, be aware of RPA’s limitations, such as not able to handle complex processes.
2. Define RPA objectives. Understand how RPA will add value and align to business goals.
3. Obtain stakeholder buy-in. A convincing business case works best in explaining and justifying how and
why an RPA solution will benefit the company. The balanced scorecard provides useful information for
the business case.
4. Deploy RPA on a small scale. Always start with a transparent and manageable scope as a pilot, to verify
the viability and sustainability of the RPA solution.
5. Scale the RPA effort. Roll out the RPA solution in controlled phases. Leverage lessons learned from
previous RPA roll-out and incorporate the learning into the next RPA roll-out.
6. Implement governance and compliance. Every RPA solution should be monitored for governance and
compliance against a set of policies, standards, KGIs and KPIs to ensure the RPA solution complies
with regulations and performs according to the objectives.
7. Build the virtual workforce. It is crucial to administer learning and development plans by notifying
employees and managers of training requirements and reminding them when certification renewals are
required.
8. Measure, review and improve. Measurement is the key to evaluating the performance of the RPA
solution. It is important to involve the stakeholders to review and agree on what and how to improve.

EXPERIMENTING WITH RPA

Step 4 above suggests deploying RPA on a small scale to verify that the solution is viable and sustainable.
Indeed, it may be worth simply experimenting with RPA to learn more about it before more formally
developing an RPA solution.
RPA is so simple and easy to deploy that it is accessible to almost anyone and there is little financial or
business risk in experimenting with it. The following steps could be used for a small-scale experiment or
basic proof of concept.
1. Select an RPA tool to trial or investigate if the business already has access to one of these tools.
2. Choose a simple process to automate, and ensure it is suitable for RPA (according to the five success
factors listed above).
3. Understand the time taken to perform the process and the volume of transactions/activities. This will
assist in determining the success of the automated process
4. Record or configure the process steps and business rules using the RPA software.
5. Test and refine the bot.
6. Trial the RPA bot for a defined amount of time, progressively increasing the volume and type of trans-
actions processed. Gather data on relevant metrics including productivity and employee engagement.
7. Analyse findings and determine if RPA has been successful for this particular process. If so, consider
rolling it out to other processes or functions within the business. If not, consider what factor(s) could
be amended to realise the benefits of RPA.
Pdf_Folio:189

MODULE 3 Technology and its use in Finance 189

IMPLEMENTATION AND BUILDING TO RPA MATURITY
RPA is perhaps the quickest and easiest of the automation technologies to implement. Consequently, many
businesses have already begun their RPA journey by implementing one or more bots in their operation —
and if they have not yet done so, they may be seriously considering RPA among their upcoming business
innovations.
The spread of RPA adoption means that companies are necessarily at different stages of maturity
regarding their attitudes towards — and use of — RPA. RPA maturity may be conceptualised as shown in
figure 3.8 and described below.

FIGURE 3.8 RPA maturity model

n
atio
orm
tra nsf
ig ital Leadership
s sd
ne
B usi
Agility

Leadership

RPA
Agility Transition capability
stage
Quick wins Effectiveness
Leadership Transition Maturity
stage Efficiency
POC
Evolution
Validation

RPA maturity
Source: CPA Australia 2021.

Proof of Concept — Validation

The purpose of a proof of concept for RPA is to validate whether the technology is appropriate for the
business’s context and needs. When evaluating technologies at this stage, it is important for businesses to
select a process which is suited to RPA — not too simple nor too complex — and be realistic about what
they are hoping to achieve.
Businesses may also seek input from others (consultants or other businesses) about the success or
otherwise of RPA in similar contexts to evaluate if it may be right for them.

Transition Stage — Evolution

Once a business has decided to embark on the RPA journey, it enters a transition stage where agility is
critical. There may be misfires or failures at this stage, but if properly used as learning experiences, these
issues need not derail the selection of RPA nor the benefits it provides.
Overcoming organisational resistance and resource constraints is critical in this stage, so it is important
that the appropriate processes be selected as targets for RPA implementation.

Quick Wins — Efficiency

If the appropriate processes have been selected and early issues have been ironed out, the business will
then enter the stage of RPA efficiency where they have achieved some ‘quick wins’. These wins have
delivered value, raised awareness of RPA in the organisation and contributed to organisational learnings
around the technology in that specific context.

Pdf_Folio:190

190 Digital Finance

Transition Stage — Maturity
The business may decide to settle at the previous stage and not progress further in their RPA maturity
journey as they may have achieved the benefits they sought. However, if they choose to continue, a business
must begin to implement governance and structure around their RPA implementation to set themselves up
for sustained long-term success.

RPA Capability — Effectiveness

Once it has reached this stage, a business has developed an RPA capability which is sustainable and can
be scaled across multiple areas of the business.
Example 3.9 describes the implementation of RPA at DKG Insurance Brokers.

EXAMPLE 3.9

Enabling Professionals to Focus on What Matters

DKG Insurance Brokers provide business and personal insurance cover. Their value proposition is to
provide individual customers with personalised service and products that are created to meet their
business and risk management profiles.
One of DKG’s directors was introduced to the concept of RPA when seeking a consultant to develop
internal customer relationship management systems to handle underwriting and claims.
The business was aware that its brokers were spending 80 per cent of their work time on administrative
tasks rather than serving existing and prospective clients, and enhancing their knowledge of the risk
environment. It described its objectives from two stakeholder perspectives.
1. Redesigning the customer experience.
2. Improving staff morale and engagement by minimising the amount of back-office administrative work
in their roles.
With these objectives in mind, the business analysed its processes and identified three priority areas to
automate: debtor management, motor vehicle insurance renewals, and managing claims emails.
Debtor Management
The RPA solution to improve debtor management was simply to connect the company’s existing
accounting ledger platform with its other systems so that statements and invoices could be automatically
generated and emailed to clients so that brokers would not have to spend time manually processing data.
When this solution was discussed with team members, some expressed concern that their personal
clients may react negatively to receiving automated email communications. After discussion, the imple-
mentation went ahead. A jump in premium payments was immediately noticed and no evidence has
emerged that clients are concerned about the automatic communications.
Motor Vehicle Insurance Renewal
The business was aware that its motor vehicle insurance policies were not a profitable part of the business.
Nevertheless, to provide a high-quality and comprehensive service to its clients, it was necessary to offer
such insurance. The time brokers were spending on managing motor vehicle cover renewals was a drain
on resources.
An RPA solution was designed to source the best cover for clients based on the data the business holds
about them. This has minimised the time brokers need to spend handling each renewal, thus restoring
profitability to the motor vehicle insurance product.
Claims Emails
The manual processing of the 350 insurance claims that would arrive by email each day was a substantial
inefficiency in the business. The work involved extracting the relevant information from the emails and
entering it into a document management system. The claim would be categorised and tagged for further
action in the customer relationship management system. There was a lack of consistency in how different
employees processed the claims and the volume of claims led to backlogs.
Team members spent a few weeks analysing all the variations in claims emails to come up with
categories (almost 50) that would form the basis of the rules the RPA bot would follow to manage each
claim. The RPA bot works across three separate systems.
DKG director Luke Kelly described the aim of the RPA initiative:

We don’t want our human resources performing mundane tasks. It’s so much more powerful for our
people to spend time with customers, understanding what they want and need, listening to them and
solving problems for them.

Pdf_Folio:191

MODULE 3 Technology and its use in Finance 191

 Following the success of their RPA solutions, DKG is investigating evolving their automation strategy
into more complex capabilities. Their vision is to create a digital assistant for each broker in the business
by using AI and ML capabilities to automate more complex processes. DKG believes this would enable
brokers to work more efficiently and get more done. They are also exploring options to enable employees
to build their own automation solutions combing RPA, AI and ML.
Source: Adapted from Rapidmation n.d., ‘DKG automates to survive and thrive’.

SUMMARY
RPA is an automation technology that uses software robots to perform low-complexity, high-volume tasks.
RPA bots follow simple algorithms to interact with data, software and systems in the same way a human
user would. RPA is able to process data far more quickly than humans with no variability in quality (and
thus with no errors), enabling humans to focus on more complex and value-adding work. RPA may work
autonomously or as an assistant to a team member, depending on the specific processes involved.
RPA has a wide range of applications in various business functions and across industries. To properly
evaluate its potential, the associated risks and challenges need to be assessed. These are related to data
security, technical issues, system changes, process selection and employee morale.
While RPA is a relatively simple technology, many initial attempts to implement it fail. An RPA strategy
should focus on suitable processes, optimise processes before automating them, include initiatives to
achieve stakeholder buy-in, introduce RPA technology gradually, and scale up once the application of
RPA is proven and accepted.
In practice, an RPA strategy is likely to be informed and shaped by other aspects of the organisation’s
digital strategy, including potentially the use of AI and ML technologies. These technologies are discussed
in the following parts of the module.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

3.1 Select appropriate digital tools, using accounting and finance knowledge, that provide
innovative solutions to complex business problems.
• RPA automates low-complexity, high-volume tasks to create time and cost efficiencies.
• RPA is suitable for the automation of processes that can be described by a set of simple rules; it
is not suitable for processes that involve many decision points.
• RPA can work across multiple systems, but requires structured data.
• Applications of RPA include compiling financial reports, reconciliations, journal entries, cleaning
data, regulatory and compliance processes, basic information analysis, document matching and
many more.
3.2 Evaluate the impact of innovative technologies on the work of accounting and finance
professionals to communicate the benefits and risks to key stakeholders in the organisation.
• A balanced scorecard can be used to identify and focus on a mix of financial and non-financial
outcomes for stakeholders. This in turn facilitates communication of these benefits to stakeholders.
• The use of RPA to automate processes in accounting and finance enables professionals to focus
on more complex, value-adding tasks. This improves employee morale and creates value for
the organisation.
• RPA, once implemented, performs tasks with no variation in quality and thus does not make errors.
• Like any business innovation, a proposal to introduce RPA should be evaluated with regard to its
benefits, risks and challenges. Generally, RPA is easy to implement and low risk.
3.3 Appraise the suitability of technology in creating efficiencies and solving complex
business problems.
• RPA is a useful technology to automate processes to create time and cost efficiencies for an
organisation. It can be combined with other technologies to enhance its capabilities. It enables
team members to focus on more complex issues facing the business.

Pdf_Folio:192

192 Digital Finance

PART C: ARTIFICIAL INTELLIGENCE
INTRODUCTION
AI technologies are transforming the accounting and finance sector, and the world of business as a whole.
With the ability to learn and adapt, AI is poised to develop increasingly sophisticated capabilities that will
allow it to execute a growing number of tasks that finance professionals perform today. Given its heavy
reliance on numbers and data, the accounting and finance sector is well placed to take advantage of AI.
AI has three broad applications:
• automation
• analytics
• employee and customer engagement (Davenport & Ronanki 2018).
Within each of these broad areas, there are numerous specific applications, and many of them do not
fall neatly into one category.
AI has the potential to transform the finance function and the way organisations and professionals
work. While companies and employees alike are trying to grapple with the changes that AI brings,
these developments should not be feared. Instead, organisations and individuals should leverage the new
technologies and embrace the opportunities created in the years ahead (Goh et al. 2019).
In this part, we will explain what AI technology is, how it works and how AI-enabled technologies can
improve functions in various industries. We will also consider the benefits that AI provides to consumers,
employees and organisations, and discuss some of the risks and challenges involved in implementing AI.
We will conclude by considering the steps required to develop an effective AI strategy and determine how
best to resolve business problems with an AI solution.

3.8 THE BASICS OF AI

In common usage, AI refers technologies that allow machines (computers) to mimic human cogni-
tive functions to solve problems and learn from their actions. The tasks or actions that are tradi-
tionally goals of AI research include reasoning, knowledge representation, planning, learning, NLP,
perception and the ability to manipulate objects. Although significant progress has been made in
many of these areas, the existence of true ’natural intelligence’ in machine form is still some way in
the future.
However, real-world business applications of AI are in use now. In fact, there is an imperative for
organisations to evaluate the value AI applications can bring. As Rhys Evas of Versent suggests:
For Australian businesses and for global businesses, if they don’t start adopting this technology stack,
they’re going to be overtaken by competitors who are using it. It gives them greater channels to market and
can easily allow them to operate in new ways they’ve never thought of before … AI … can really reshape,
at the core of most businesses, how they produce their product and how they get it to their customer.

HOW DOES AI WORK?

AI is a broad field of study, which has developed simultaneously along multiple lines of investigation.
As such, there is no universally accepted definition of the capabilities a machine needs to demonstrate to
be considered ‘intelligent’, but four main targets have historically been used to measure and motivate the
development of AI. These four targets are illustrated in figure 3.9.

FIGURE 3.9 Targets to measure and motivate the development of AI

Process and reasoning Behaviour

1. Thinking 2. Thinking 3. Acting 4. Acting

humanly rationally humanly rationally

Source: Adapted from Kosasih 2019.

Pdf_Folio:193

MODULE 3 Technology and its use in Finance 193

 Regardless of which of these targets the ‘goal’ of an AI instance falls into, the AI will analyse its
environment and take action to maximise its chance of success. This analysis and action is based on
algorithms. AI algorithms are typically engineered by beginning with one or more simple algorithms
and then building on them to create more complex algorithms. The goal of the system can be explicitly
defined or positive and negative feedback can be provided based on outputs to shape the behaviour of
the algorithm. The system can also be capable of learning from data, so that it can enhance and refine its
existing algorithms to become more effective at working towards its goal.

A BRIEF HISTORY OF AI
Before we explore current AI capabilities and the benefits they can offer, we will briefly review key points
in the historical development of AI.

1950 — Where it all Started

In 1950, Alan Turing, a computer scientist began to examine whether machines could ‘think’. He then
refined this to consider whether computers would be able to sufficiently imitate a human that they could
be indistinguishable from one in an interaction.
He devised a test (referred to as the ‘turing test’) which requires one human to have a conversation with
two separate other participants. One would be a human and the other would be a machine designed to
generate human-like responses. The test was simple: could the human responder and computer responder
be distinguished?
His conclusion was that machines could indeed think, which has of course been heavily debated since.

1956 — The Term ‘Artificial Intelligence’ is Created

John McCarthy, a computer scientist — who is widely considered to be the father of AI — coined the term
‘artificial intelligence’ as part of his proposal on the topic for the 1956 Dartmouth Conference.

1959 — The First AI Lab is Established

With growing interest in the field, MIT established the AI Lab in 1959. Since then, it has merged with
the MIT Lab for Computer Science to become ‘CSAIL’. According to MIT, CSAIL remains one of the
world’s most important labs in the development of information technology research focused on emerging
technologies in computer science, wireless and AI.

1975 — The First Significant AI Use Case is Created

After a decade in which interest in AI waned, there was a powerful AI use case developed in 1975. Stanford
University developed ‘MYCIN’, which helped physicians to identify the bacteria which may be causing
an infection such as meningitis, before recommending an appropriate dosage of antibiotics, based upon
the body weight of the patient.
The system used a comprehensive knowledge base of data, alongside a set of approximately 600
algorithms. Its recommendations were shown to be appropriate in 65 per cent of cases, compared to a
range of 42.5 per cent to 62.5 per cent for recommendations provided by human physicians.

1996 — A Computer Beats a Chess Champion

After a decade of development, IBM’s chess-playing computer beat the reigning world chess champion,
Garry Kasparov, in one game of chess at a major tournament in 1996. Though Kasparov went on to win
the tournament, in 1997 Deep Blue returned and defeated Kasparov.

2002 — Robots Replace Human Editors

With the rise of the internet and the digital economy, Amazon made the decision to replace human editors
with basic AI systems in 2002 and arguably led the way in showing the business world how AI could
be used.

2011 — Voice Capabilities are Developed

The capacity of AI continued to slowly grow as data became more readily available and potential use
cases became more obvious. In 2011, Apple introduced Siri to the world. Arguably the first (substantial)
voice-based conversational interface, this catalysed the race towards the best voice assistant.

Pdf_Folio:194

194 Digital Finance

2016 — Next-Level Strategic Capabilities are Unveiled
In 2016, Google’s AlphaGo AI machine beat the world champion of ‘Go’, the world’s most difficult
strategy game, which has 1080 possible outcomes (compared to checkers which has only 1020).
With recent developments in the field, the value of AI technology is now catching up with its promise.

AI ENABLERS
It appears in recent years as though a ‘tipping point’ has been reached in the application of AI to business
contexts. A number of key factors have fallen into place, enabling AI to deliver demonstrable improvements
when used appropriately.

Data
The Internet of Things (IoT), which refers to any and all devices that have internet connectivity, generates
volumes and varieties of data (known as big data) that far exceed the data collections of the past. As
of 2020, it is believed there are more than 20 billion IoT devices, with this number expected to grow
rapidly. Capturing this data provides organisations with the potential to develop deep and strategically
important insights.

Processing Power
Computer processing power grows exponentially, with hardware, software and internet connec-
tivity now incomparably faster than decades ago. Alongside this, the interest in AI, and specific
advanced types of AI including ML and deep learning, has continued to grow. Recent breakthroughs
in deep learning mean computers can now uncover insights which had previously been thought impossible.

Readiness to Adopt
As with all technologies, if people are not prepared to adopt and use it, then its relevance and value
is hampered.
As a result of living in an increasingly digital and technology-enabled world, customers are far more
comfortable trying new technologies, and looking for ways to maximise the value on offer.
With greater readiness and interest from people (and thus business customers and markets), it is easier
to gain a return on investment (and therefore easier to secure an investment to try something new).

Use Cases
Thanks to a rising tide of technological development, there is now far more relevance and value to be
uncovered through the use of AI. Data has been proven time and again to be invaluable in business
decision-making, so using AI-powered technologies to more effectively evaluate this data makes good
business sense.
As the economy continues moving towards a digital-centric model, having technologies which support
customers in their digital interactions is also appealing to business. For example, an increased volume of
email traffic has created a relevant use case of AI automatically sorting it for us.
This increase in relevance and value in turn drives an increase in willingness to adopt AI technologies,
in a reinforcement loop.

Investment
The previous factors have increased the willingness of investors to back AI. These lead indicators of
success and easier-to-achieve successful use cases provide a clear ROI. Each success story brings a
slightly bigger investment, which brings a slightly bigger return — and the cycle continues.

TYPES OF AI
AI capabilities can be classified into two main categories: weak AI and strong AI.
• Weak AI — also called ‘narrow AI’ or ‘artificial narrow intelligence (ANI)’ — is the simplest form
of AI and refers to any AI instance that can perform a single task effectively. Weak AI aims to mimic
human behaviour in a particular context rather than mimic full human intelligence. Because they are
programmed within a narrow set of constraints, weak AI instances may seem quite intelligent, but their
ability to apply their algorithms outside of their given context is extremely limited. Even with recent
advances in the field and increasing business adoption, all forms of AI in the world at the moment are
considered weak AI.
Pdf_Folio:195

MODULE 3 Technology and its use in Finance 195

• Strong AI — also called ‘general AI’ or ‘artificial general intelligence (AGI)’ — refers to any AI
instance that can exhibit natural intelligence. That is, it can process information and respond as a human
could to a situation. Although we are making progress towards machines that can ‘see’ and respond
to visual and auditory input, they still fail to develop the complex reasoning that would allow them
to demonstrate human problem-solving behaviour across multiple situations. The development of true
examples of strong AI may not occur for some time yet.

QUESTION 3.6

Differentiate weak from strong AI and discuss which is most likely to be found in Australian
businesses.

3.9 BENEFITS OF AI
Earlier in the module, we described that AI could be used to add intelligence to automation. Integrating
intelligent automation across an enterprise can transform the customer experience, increase productivity
and reduce costs. It enables new business models in which organisations can:
• re-design business processes with intelligent automation at the core
• transform how, where and when the work is done
• minimise human intervention in day-to-day processing, and focus on more critical activities
and decisions.
We have also noted that AI can be used in analytics and in engagement with stakeholders. There is often
no clear delineation between these applications, as AI often works by analysing data and making some
type of automated response, including potentially communicating with employees or customers.
Applications of AI can be:
• Insightful. AI can enable visibility and insight across hundreds of processes, allowing employees to
spend more time collaborating with their colleagues, suppliers or customers.
• Efficient. AI is capable of performing tasks that would once have required intensive labour, or may not
have been possible at all. It enhances efficiency and output while freeing people up to focus on important
tasks that involve critical thinking and emotions.
• Progressive. Automation is an ever-evolving process. Advancements in AI are spawning a new phase
of automation: intelligent automation. This is particularly relevant to workflow, and document ingestion
and generation.
• Personalised. AI is changing the way enterprises operate to optimise processes, personalise customer
and employee experiences, and enable rapid and informed decision-making.
• Evolving. AI continues to evolve and is reaching larger scale use in industry and government. The
advancement in AI technologies and access to broader sets of data in numerous forms (e.g. structured,
unstructured, sentiment) continues to unlock more value for businesses and deliver a great experience
for customers.
• Touchless. AI can perform procedural and manual activities. Delegating these tasks to AI means that
humans no longer have to touch them, unless or until there is a need for a person to be alerted. This frees
up the organisation’s people to:
– focus on where they add the most value to the customer experience
– create new value for the organisation
– enforce the necessary controls and checks to protect the organisation and help maintain quality
products and services in response to targeted alerts from the AI.
The design for a ‘no-touch’ environment is characterised by reduced operational risk, decisions based
on fact or high confidence and a superior experience for customers, colleagues and investors.

AI IN FINANCE AND BUSINESS

Coming from a background of technology innovation and experimentation, AI may still feel futuristic and
somewhat daunting to apply in a business context. However, there are multiple ways — big and small —
that businesses already implement AI to solve problems and create greater efficiencies in the way they
conduct their business. These include:
• website analytics, to improve marketing strategies and connect with a wider audience
• management of employees’ training and learning, to help fill gaps and ensure currency
Pdf_Folio:196

196 Digital Finance

• data analytics, to identify patterns in data that are unable to be seen by even the most experienced human
analyst (usually due to the sheer volume of data)
• sentiment analysis, to identify how a target audience is responding to content and/or products
• user targeting, to ‘follow’ potential customers with advertising based on their online activity
• image management, to monitor and flag potentially problematic images of goods or services online, so
they can be amended as necessary.
When implementing AI, the business goals don’t change; how they are achieved changes. AI-powered
technologies in business do not change the ‘what’, but the ‘how’, of key functions. For example, a
marketing manager might need to complete a thorough review of a group of websites to ensure the
company’s brand is not being used improperly. The goal does not change. However, by using AI rather
than a human team member, it can be achieved quicker and easier. AI facilitates the business goal; it does
not make the task irrelevant.

AI in Different Industries
Information is a key component of business competitiveness in the twenty-first century, but without the
ability to process and analyse that information, businesses risk falling behind their competitors.
In the previous section we discussed different types of generalised benefits AI can provide businesses.
Below, we will discover how AI can enhance functions across some specific industries.
Finance
AI has countless applications in financial services, including:
• informing customers about their spending behaviour by analysing data from their smartphone check-ins
• providing customers with customised updates using NLP to read text such as news, broker reports and
social media feeds
• making credit decisions through automating the approval process for loan and credit card applications
• forecasting future sales and demand for products and services using historical market data, as well as
external data sources such as social media.
ANZ Bank in Australia moved early in creating a proof of concept that would help predict risk on
home loans (Mason 2017). Another common use case in banking is the performance of KYC processes,
as described in example 3.10.

EXAMPLE 3.10

Improving KYC
Banks and other financial institutions use a KYC process to validate the identify of their customers, both
when they open an account and periodically after that (Thales Group n.d.). KYC is required by regulators
as part of measures to combat money laundering, terrorism financing and other criminal activities. If the
KYC process breaks down, the bank is fined by regulators (globally, banks lose billions of dollars due to
such fines each year) and their reputation is damaged, which in turn means a loss of trust with customers.
AI technologies have potential application to improve efficiency and compliance in KYC processes. The
bank’s business goals mean that a successful AI application would be defined by the ability to:
• reduce the time to check a customer’s identify documents
• ensure regulation compliance
• safeguard against damage to the bank’s reputation.
AI technologies are able to scan identity documents to extract data, thereby improving data entry
efficiency. AI can also access external sources for additional customer identity information, if necessary,
to validate earlier results.

.......................................................................................................................................................................................
CONSIDER THIS
Why does the application described in example 3.10 require an AI solution rather than an RPA solution?
Healthcare
AI diagnostics are widely used in healthcare to:
• recognise the presence of disease in patients
• produce diagnostic interpretations for diseases
• scan digital images to highlight possible diseases
• design treatment plans.
Pdf_Folio:197

MODULE 3 Technology and its use in Finance 197

 IBM’s Watson and Google’s DeepMind Health are being used by many medical healthcare
organisations to provide faster access to data to help diagnose diseases (PwC 2017).
Agriculture
AI diagnostics are used in agriculture to:
• predict the time it takes for a crop to be ripe and ready for picking
• manage and track the health of crops via algorithms and data collected on the field
• track improvements in cultivating crops.
CSIRO in Australia has launched a land use database for farmers to use. The data will help them
predict farm performance (Johnston 2019).
Aviation
AI diagnostics allow aircraft simulators to come up with the best success scenarios in combat situations
based on the placement, size, speed and strength of the forces and counter forces.
In addition to military use, civil aviation is also using AI. Delta Airlines in the US has created a facial
recognition kiosk for checking in (Sennaar 2019).
Recruitment
Recruiters use AI diagnostics to screen resumes, rank candidates according to their level of qualification
and predict candidate success in given roles through job matching platforms.
From a prospective candidate’s perspective, it can also be used to send more targeted job ads.
LinkedIn uses AI to provide job recommendations by matching the candidate’s skills and the job listing
(Agarwal 2018).
Marketing
A common use of AI diagnostics in marketing is ‘next best action’, which is a marketing strategy that
gathers information about individual customers and then uses that information to:
• encourage a sale
• retain the customer’s business
• determine the cost-to-benefit ratio of serving that customer.
Retail
Especially with the trend towards significant online shopping due to the COVID-19 pandemic, retail is an
industry which makes significant use of AI, including to:
• monitor and optimise supply chains, both for delivery of stock to the retailer and then delivery of orders
to customers
• analyse customer data to predict future peaks and troughs in demand
• analyse customer data to make product and service recommendations based on purchase history.
As a large retailer across multiple markets, Amazon is one example of a business using AI not only to
optimise stock levels for typical annual peaks and troughs, but also to respond to variations such as the
pandemic, which has drastically altered traditional spending patterns of consumers. For example, in some
markets, sales of exercise equipment and baking supplies rose exponentially when people were confined
to their homes, while clothing and footwear sales plummeted.

3.10 RISKS AND CHALLENGES FOR USING AI

AI offers enormous benefits to businesses, but the potential risks can also be significant. Businesses
evaluating the potential applications of AI need to thoroughly understand the associated risks so they
can be managed.

AI RISKS
Risks associated with AI technologies can cause consequences at the individual, organisational and
societal levels.

Risks to the Individual

The risks of AI to the individual are many and varied, but can include:
• a risk to privacy — arises because the organisation holds personal data is stored
• a risk to reputation — may be jeopardised due to distortion of identity by AI models
Pdf_Folio:198

198 Digital Finance

• poor financial decisions — driven by recommendations from flawed AI models or AI-driven phishing
and other fraud
• bias against minorities — due to inherent bias in AI models, which may mean that minorities miss out
on many things, such as job selection or getting mortgages
• a risk to physical safety — in light of fatalities and injuries due to autonomous cars.

Risks to the Organisation

The risks of AI to organisations can include:
• financial performance could be affected — by poor recommendation models for budgeting, price
forecasting and investment
• poor hiring practices — based on flawed or biased AI recruitment models
• legal issues — due to data privacy breaches and discriminatory practices in AI models
• risks to reputation — due to poor data security or overly aggressive marketing approaches, or in case of
scandal from discriminatory AI practices
• insufficient modelling for natural disasters and emergencies.

Risks to Society
The risks that AI poses at a societal level can include:
• compromises to national security — through data breaches of a highly sensitive nature or loss of control
over AI-enabled machinery or services
• insecurity and volatility in financial markets — caused by flawed AI algorithms
• manipulation of governmental processes — leading to many outcomes including incorrect
electoral results
• threats to interconnected physical infrastructure such as communications, electricity and water
supplies — due to flawed AI decision-making models.

DATA CHALLENGES
Aside from the risks related to AI, issues around data quality present a significant challenge to successfully
implementing AI. The suggestion that there is not enough high-quality data available for AI to function
properly may seem counterintuitive, given that big data is one of the biggest drivers of the current interest
and success of AI in the business world. However, the issue is not straightforward. There are some key
criteria which need to be met for data to be suitable for use in creating accurate and effective AI models.

Sensitivity
As data becomes more private, and/or there is a greater risk for negative outcomes if the data is used
inappropriately, consumers are becoming increasingly wary as to when, where, how and why they make
such data available. As the instances of data misuse increase, so too does the wariness of consumers.

Availability
Organisations such as Amazon that have collected data for extended periods of time, or even younger
companies that have proactively collected data, have the key ingredient for starting their AI process.
Conversely many organisations may find that, as a result of ignorance, naivety or poor decision-making,
they may have failed to collect the necessary data for AI and data-driven decision-making. Without the
data, they have no AI capability.
Organisations may also find that despite sensible and even extensive data-collection activity, they do not
have the right type(s) of data for their proposed AI use case.

Usability
Many organisations have been collecting potentially very useful data for a long time; however, much of
that data has been recorded in ways that are not useful for AI. For example, governments and councils
have extensive data records about a host of interesting topics relevant to humans, but this information is
often filed in archives that are inaccessible due to bureaucracy or kept in paper form which is impractical
to try to digitise.

Volume
Despite the size and variety of big data, it is not uncommon that the data is insufficient to successfully
complete a particular AI task. According to one Amazon AI team member, machines do not just need
Pdf_Folio:199

MODULE 3 Technology and its use in Finance 199

more information than humans to understand concepts or recognise features, they require ‘hundreds of
thousands of times more’.

Bias
Humans unwittingly exhibit bias in decisions and actions. Therefore, it stands to reason that the data we
collect (and use to train our AI systems) will likewise contain bias in myriad different ways, including along
racial, gender or ethnic lines. For AI to be truly effective, such biases must be identified and eliminated
from data sets and hence AI algorithms — or the resulting recommendations or outputs from AI will be
flawed. Example 3.11 briefly discusses how bias in Amazon’s data led to unethical and poor decisions by
its AI-enabled recruiting solution.

EXAMPLE 3.11

Bias in Amazon’s AI recruiting tool

It was revealed in 2018 that Amazon’s human resources function had used AI-enabled recruiting software
between 2014 and 2017 to help review résumés and make recommendations, but had discontinued its
use after biased outcomes were discovered. The software was found to be more favourable to male
applicants because its model was trained on résumés submitted to Amazon over the previous decade,
when many more male candidates were hired.
The software reportedly downgraded résumés that contained the word ‘women’ or implied the applicant
was female.

Many other businesses may be making decisions driven by unintentionally biased data, but there are
also ways to counteract this. Some service providers specialise in deploying AI solutions to identify and
counteract hidden bias in companies’ operations.
.......................................................................................................................................................................................
CONSIDER THIS
What type of biases could appear in data that you use to develop business insights? How would you recognise the
presence of the bias?

MANAGING RISKS AND CHALLENGES WHEN

IMPLEMENTING AI
Having identified some of the risks and challenges associated with AI implementations above, in this
section we examine mitigation and management strategies.

Appropriate Data
The quality of AI outputs depends on the quality of data inputs. The organisation should ascertain from
the outset what data it needs and how it should source it to support its AI solutions. The types and sources
of data should be directly relevant to the business’s objectives. Often the most relevant data will be internal
data, such as that captured during interactions with customers, but ambitious AI initiatives will likely
need data from multiple sources.
Data should be analysed to detect any hidden bias. One way to achieve this would be to run some of the
data through the AI model and compare it to the results of a person doing the same analysis. Differences
that occur may indicate a bias in either the data itself or the resulting AI model.

Data Preparation
A clear data governance model and the use of high-quality data sources will increase the confidence of team
members in the information and recommendations being provided. Giving team members visibility of the
data lineage (where the data has come from) and the rules that are being applied to make recommendations
or decisions will help build confidence that the AI solution is performing as expected.
Data from multiple sources will often be in a variety of formats. This data will need to be collated and
prepared for use by the AI model. Structured data is more readily usable in AI; if unstructured data is used,
the AI will first need to be trained to read the data before it can use it.
As described above, with the advancement of AI technologies and their sophistication in analysing data
and trends, it is important to regularly review and validate AI models for bias. Otherwise, this could lead
to incorrect recommendations (and hence, inappropriate decisions) if left undetected.
Pdf_Folio:200

200 Digital Finance

Employee Communication
Change management should be undertaken to alleviate potential concerns employees may have about AI
replacing their job functions. The goal of AI is to enhance, not replace the way employees work. The
use of AI can significantly improve the experience companies provide to their customers and employees.
Employees will benefit from opportunities to spend time on strategic initiatives, provide richer insights and
recommendations to their customers or clients, and create a competitive advantage for their organisation.
For automation applications, the balanced scorecard developed for RPA may prove useful to help discuss
the benefits that can be obtained.

Skills
One of the key decisions that affects the success of the AI solution is whether it is designed and deployed
by way of:
• outsourcing to specialist providers
• in-house development
• purchase of an off-the-shelf solution.
The more complex the solution is, the more specialist skills will be required. If these skills do not exist
within the organisation, they could be developed or acquired, but support from specialist services providers
is also a valuable option.

Costs
Costs to be considered when evaluating a potential AI solution include:
• cost of outsourcing specialist skills and services
• costs associated with extending the capabilities of AI post-implementation.
• costs of upgrading the technology
• cost of the ongoing maintenance of the AI models or algorithms
• additional future costs as the solution is scaled up.
To maximise return on investment, AI models and data sets should be leveraged across the organisation
where possible. Some AI solutions may lend themselves to modification or adaptation to solve other
business problems.
Example 3.12 examines Tesla’s development of self-driving vehicles based on cutting-edge AI. Self-
driving vehicles clearly involve many benefits, but also substantial risks.

EXAMPLE 3.12

Driving Innovation
Tesla is developing AI technology to enable vehicles to drive themselves. Since its entry into the automotive
market, Tesla has used AI to collect all possible data analytics from Tesla car owners. This data is sent
to the cloud for analysis with algorithms and software. The collected data has helped Tesla to grow and
improve their self-driving and driver-assist systems.
With the help of AI, and in particular ML, Tesla cars can decide what driving actions are needed in real
time, including identifying hazards such as oncoming traffic, following road signs, finding empty parking
spots and parking automatically.
The AI also gives the cars the ability to form networks with other Tesla vehicles nearby to share local
insights and information.
Tesla uses big data and AI to analyse customer satisfaction. The capture gathers data from its online
customer forum and analyses this to generate insights that inform future products development.
It is evident that driverless vehicles must raise legitimate safety and privacy concerns that will need to
be addressed before mainstream acceptance can be achieved.
• Will data analytics sourced from car owners help or hinder the advancement of autonomous vehicles?
With any technology solution, it is important to consider data privacy issues and take measures to
protect consumers’ personal information (such as medical and financial information) being captured or
stored. In Tesla’s case, this data also holds tremendous value so there it may be a target for cyber-
attack. Researchers at McKinsey and Co estimate that the market for the vehicle-gathered data would
be worth around USD750 billion a year by the end of 2030, providing a potential motivation for Tesla to
sell access to its data.
• Are autonomous cars safe? Like any computer system, AI is not infallible and there has already been
at least one fatality caused by a self-driving car. In 2018, an Uber self-driving vehicle struck and killed
a female pedestrian in Arizona. The Uber vehicle was in autonomous mode, with a human driver at
Pdf_Folio:201

MODULE 3 Technology and its use in Finance 201

 the wheel. Uber’s analysis of data from the vehicle discovered that the car’s sensors had detected the
pedestrian, but its self-driving software had decided not to take any action. Although Uber was not
held to be criminally liable — as the court ruled that the pedestrian had walked in front of the car — the
company suspended testing of the self-driving feature. The ultimate future of the company’s self-driving
car project remains uncertain.

.......................................................................................................................................................................................
CONSIDER THIS
If your organisation or a client adopts an AI solution to analyse financial data to inform decision-making around
investment opportunities, how serious could the consequences of an error be? What mechanisms would be in place
to detect such an error?

QUESTION 3.7

What are some of the likely risks for organisations adopting AI models?

3.11 BUILDING AN EFFECTIVE AI STRATEGY

An AI strategy is a vital tool for every organisation to define AI priorities, goals, milestones, mission and
vision. An AI strategy aims to provide a road map for adopting and implementing AI within an organisation,
in a manner that is aligned to the business strategy. Each organisation’s AI strategy should be tailored to
its unique requirements.

ALIGNING AI STRATEGY AND BUSINESS STRATEGY

An AI strategy is not merely a subset of the overall business strategy, with independent targets and
outcomes. Instead, a successful AI strategy exists to support the goals of the business strategy (which
are often in the form of KPIs) through the use of technology. The technology is merely a means to an end,
rather than a goal of its own (see figure 3.10).

FIGURE 3.10 AI strategy supports the goals of the business strategy

Business strategy

KPI KPI KPI

AI strategy

Source: CPA Australia 2021.

Methodology for AI Strategy

Each company’s AI strategy will necessarily be unique to their needs. In section 3.3, we described five
key areas that should be considered in designing an automation strategy, regardless of the automation
technologies used. An automation strategy that includes AI technologies should therefore consider: data,
technologies and algorithms, infrastructure, organisation and skills.
Moreover, however, an AI strategy should comprehensively address the application of AI to solve
business problems or meet business needs across automation, analytics and intelligent engagement. A
specific methodology for building an AI strategy could be as follows.

Pdf_Folio:202

202 Digital Finance

Step 1: Define the Organisational Purpose
Start by ensuring the business’s purpose is absolutely clear. The vision, mission statement and strategy
will help establish the business’s purpose.
Step 2: Understand the Strategic Priorities
The business strategy provides the core values for the AI strategy, so the business’s strategic priorities,
goals and objectives must be understood. That means:
• understanding what business value means
• translating that definition into a business strategy
• focusing on AI solutions that explicitly deliver on the most critical elements of that strategy.
Step 3: Identify the Opportunity
To fully maximise the potential of AI, the most important thing is to design and execute a use case which is
directly related to the problems or opportunities which are most pressing to the organisation. For example,
if an organisation is struggling to keep up with the volume of work, the best use of AI would be in more
efficiently completing core activities, rather than creating an AI-powered, industry-leading breakthrough.
If an organisation’s cost base is too high, then perhaps AI could be used to create a more self-servicing
customer service function which frees up staff time and reduces costs.
However, if there is an opportunity for an organisation to become an industry leader by introducing
an AI-powered product which would revolutionise customer value, then perhaps it would make sense to
explore the more novel uses of AI.
Step 4: Define Success
Describe, in detail, the level of success required. For example, perhaps a chatbot could support customer
service by reducing response times. What does a successful chatbot look like? How many customers could
it serve? What queries would it handle? How accurate would responses need to be? How happy would
customers need to be with the responses? What else would it need to do?
Every use case requires different questions to reveal the right information. If this information is not
available, then it is not possible to build or deploy an AI function — because there is no understanding of
what it needs to do or what it needs to be trained on.
Step 5: Create a Data Strategy
The AI strategy should be underpinned by a data strategy and governance approach. Every AI transfor-
mation journey starts with data. A good data strategy underpins what data is being captured, in what way,
and for what purpose, and the data strategy drives value as much as the AI does.
The data needed to train the model should be included as part of the data strategy. Well-labelled input
data and algorithms are the key ingredients for AI to work. Any quantity, sensitivity or labelling challenges
related to the data need to be overcome.
A plan should be formulated for collecting, accessing, handling and labelling the required data.
Infrastructure to meet current and future needs should also be considered.
While it is the volume of big data that enables much of AI to work, more data is not always better.
Curating the right data to deliver the desired outcome is the most effective way to fuel an AI strategy that
delivers value at speed and scale.
Step 6: Define the Solution
In this step, the form of the solution is explored and chosen. Depending on the problem to be solved and
the business benefits to be delivered, a pre-built application may be sufficient. These pre-built solutions
are often called AIaaS (AI-as-a-service) and may reduce solution development time (The Unbelievable
Machine 2017).
The downside to AIaaS is that many providers do not publish the algorithms behind these models so it
is not possible to customise them to meet specific requirements or to have visibility into how they generate
their outputs. Nevertheless, pre-built applications will often be sufficient, and they are often available at a
significantly lower cost than creating a custom-built application.
For larger, more sophisticated challenges, a custom-built model may be required.
Step 7: Define the Build, Testing and Deployment
An agile or iterative approach to building, testing and training the AI model is the best approach for
AI solutions.
Building can involve simple customisation of existing applications, merging existing applications, or the
custom build of a fit-for-purpose AI model with services such as Amazon Lex and Polly. GE Appliances
Pdf_Folio:203

MODULE 3 Technology and its use in Finance 203

used these services to deal with high-volume customer calls to provide product information and answer
customer queries before referring more difficult queries to a call service representative.
Once the build is complete, the testing needs to kick in to ensure that the model can perform the required
task accurately enough and often enough to make it a viable solution. Some use cases can proceed with
less accurate and less frequent success (e.g. filing photos), but in more complex and sensitive instances
(e.g. driverless cars) success needs to be very accurate and very consistent.
In either instance, the testing involves labelled input data, feedback, and correction provided by humans.
This is crucial to ensure the AI machine works as intended.
Once the model is performing to the level required, deployment can take place. This involves internal
and external communication strategies, testing in the real-world environment and ongoing optimisation.
It is often worth taking an iterative approach to the launch. Start with a smaller scope of data and
objectives and deploy the AI with a small group of users and/or customers to identify any issues or
opportunities for improvement.
Lastly, consider the feasibility and viability of the solution. Does the business have (or have access to)
the necessary resources? If so, will using them provide a justified return on investment in its own right and
compared with other options?
Step 8: Ongoing Measurement and Maintenance
Consider and plan how the use of AI can be proven to be valuable to the business. This should be based
on valid metrics that relate to the agreed KPIs. Consider the flow-on on effects the AI solution could have
for the team, business unit or wider organisation? How will these be identified, measured and proven?
AI solutions require regular assessment and review so there must be a method and appropriate
resources in place to maintain and monitor the performance of the AI, and make adjustments and
improvements as required.
Example 3.13 describes a problem facing a large banking corporation and how they approached the
development of an AI-driven solution.

EXAMPLE 3.13

Resolving Customer Complaints

A large banking corporation was aware in general terms of wide-scale problems in its management of
customer complaints. The extent of the problem was brought into focus when some simple data analysis
produced the following statistics:
• 48 000 complaints were received in the month
• 18 000 complaints were handled by front-line staff
• 30 000 complaints were referred to specialised complaint-handling agents
• the resolution time for a complaint ranged from 3 to 56 days
• more than 150 customer care agents were involved in customer complaints handling.
Consultation with customer care agents revealed that the agents would reliably investigate complaints
or problems reported, but that inconsistencies in the data captured from customers made it difficult or
impossible to quickly resolve most of the issues.
The bank developed a set of objectives that would define success in terms of improving its complaints
handling performance. These were:
• reduce customer complaints
• deliver faster complaint resolution
• reduce resolution costs
• improve the bank’s reputation.
At this point, the bank recognised it needed specialist expertise and so engaged IBM to explore
possible solutions rather than try to develop its own approach without adequate resources or capabilities.
Presented with the bank’s definition of a successful solution, IBM proposed an AI-based solution that
could classify the cause of a complaint and suggest the best-fit investigative actions for customer care
agents to pursue. RPA technologies were also incorporated to generate a timely response to customers
via email. Together these technologies served to resolve a significant number of complaints and reduced
the bank’s backlog.

.......................................................................................................................................................................................
CONSIDER THIS
Does your organisation have in-house expertise to understand the possibilities of AI? Could the business develop an
effective AI strategy? If not, at what point would you advise the business to seek expert help?
Pdf_Folio:204

204 Digital Finance

 QUESTION 3.8

A client who wants to integrate AI systems into her business comes to you for advice on how to
create an effective AI strategy. What are the key parts of an effective AI strategy? Why?

SUMMARY
AI refers to technologies that can behave in ways that mimic aspects of human intelligence. AI has three
broad applications:
• automation
• analytics
• employee and customer engagement.
Across these categories, there are numerous business applications. AI can add intelligence to
automation to transform the customer experience, increase productivity and reduce costs. AI can be used
in analytics to generate insights from data that could not be generated using conventional approaches. AI
can engage intelligently engage with stakeholders to respond to requests or proactively provide support or
services. There is often no clear delineation between these applications, as AI often works by analysing
data and making some type of automated response.
AI requires vast volumes of data and substantial processing power. The introduction of AI to an
organisation requires specific skills and acceptance by team members. AI technologies are complicated
and the costs to develop, implement and improve an AI machine over time are significant. For some
organisations, purchasing ready-built solutions or outsourcing a solution can be an effective approach.
An AI strategy will form part of a broader digital strategy. AI solutions must be aligned to and support
the larger business objectives. Clearly defined measures of success must be established to enable proper
development, implementation and evaluation of proposed or actual AI solutions.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

3.1 Select appropriate digital tools, using accounting and finance knowledge, that provide
innovative solutions to complex business problems.
• AI is able to process unstructured data and perform high-complexity analyses and tasks.
• AI can be used to intelligently automate processes, analyse big data to generate insights, and
intelligently engage with stakeholders.
3.2 Evaluate the impact of innovative technologies on the work of accounting and finance
professionals to communicate the benefits and risks to key stakeholders in the organisation.
• The use of AI to analyse big data generates insights that cannot be obtained using conventional
analytics. This provides accounting and finance professionals with information to better support
the organisation’s objectives.
• The use of AI may have a negative impact on employee morale and performance, particularly if job
losses are feared.
• Like any business innovation, a proposal to introduce AI should be evaluated with regard to its
benefits, risks and challenges. AI requires a significant investment of time and resources and
introduces potentially serious risks that must be understood and managed.
3.3 Appraise the suitability of technology in creating efficiencies and solving complex
business problems.
• AI is a useful technology to automate processes to create time and cost efficiencies for an
organisation; to analyse big data to generate insights; and to intelligently engage with customers
and employees.

Pdf_Folio:205

MODULE 3 Technology and its use in Finance 205

PART D: MACHINE LEARNING
INTRODUCTION
This part explores machine learning (ML), which is a branch of AI that can use data as an input to train
and improve algorithms based upon historical experience, and ultimately make predictions that can be
of great benefit to business. This can allow organisations to better know their customers’ wants and
needs, accurately forecast project outcomes, make sales predictions, and help employees and managers
make complex decisions in real time with the ultimate goal of improving organisations’ services and
business models.
In this part, we will explore how ML works, and some of the common uses for ML in the finance industry.
We will also discuss deep learning and NLP as part of ML. We will explore the risks and challenges to be
addressed when implementing ML technologies, and subsequently learn how to evaluate the potential of
ML to achieve business goals and resolve complex business problems.

3.12 THE BASICS OF ML

ML is the science of getting computers to learn as humans do. It is a key branch of AI and underpins many
automation use-cases in the finance world.

HOW DOES ML WORK?

In traditional programming, a computer is given input data and an algorithm from which to produce output.
As long as the algorithm provides the necessary instructions, the machine can handle the task. The problem
is that it is simply not possible to write rules for every situation. The moment the task has a variable that
is not in the instructions, it ceases to work.
By using ML, programmers can provide a handful of variants of a base rule and then let the machine
learn the countless possibilities it might encounter. Consider driverless cars, for example. Programmers
could not write instructions on how to deal with every possible type of danger involving a pedestrian.
Instead, they can teach the car to not hit pedestrians and then provide the machine millions of photos of
pedestrians walking or running on or near roads — so anytime the car senses something similar, it knows
it needs to take a particular action (avoid hitting the pedestrian). This is essentially ‘reasoning’, which
machines have not been able to do until recently. This change means technology can achieve much more
than ever before.
In ML, a computer may be given:
• input data with the corresponding output data so it can learn the algorithm itself and, thereby, generate
valid output data for new input data — this is called supervised learning
• a complex set of input data with no corresponding output data; the machine identifies the relationships
in the data to provide valuable insights for decision makers — this is called unsupervised learning.
The difference between traditional software programming and ML is illustrated by figure 3.11.

FIGURE 3.11 Traditional programming vs ML

Traditional
programming Supervised ML Unsupervised ML

Data Algorithm Data Output Data

Machine Machine Machine

Output Algorithm Algorithm

Source: CPA Australia 2021.

Pdf_Folio:206

206 Digital Finance

 Supervised and unsupervised learning will be discussed in a little more detail later.
ML as a concept has been around for decades, but only recently has it become practically feasible,
thanks to factors such as vastly growing varieties and quantities of data, increased computing power and
usability and storage of output data. ML can now process vastly more complex levels and types of data
and therefore produce significantly more valuable recommendations with greater levels of accuracy, even
at a very large scale.
Data is the key to ML. ML involves algorithms and data, but the data is considered the key to its success.
If the data is clear and accurate, the machine will be able to identify the variants on the base algorithms and
learn from new cases presented. Conversely, if the data is not complete or valid, the conclusions arrived
at by the ML process will be flawed. Given that data is so crucial to the success of ML, it is important to
ensure it is prepared properly prior to implementing ML. This is discussed further in module 4.
ML is not useful in isolation. It is an enabler or driver of other technologies and technology use-cases
which can create valuable business outcomes. For example, the recommendations that are provided through
platforms such as Google, Netflix and Amazon are all powered by ML. So too are recommendations for
advertising improvements on Facebook or Instagram.
It is important to recognise that ML is a developing field with numerous potential applications in solving
complex business problems. To be able to consider, develop and evaluate potential business applications,
it is important to understand the basics of how machines learn. Example 3.14 provides an overview of
how Google Maps uses ML.

EXAMPLE 3.14

ML in Google Maps
Google Maps is a good example of how a predictive ML model learns from historical data. Every time a
Google Maps user enters a destination, Google Maps adds this to its data set of ‘places the user goes’. It
also collects information about other locations the user goes on the same trip (such as a favourite coffee
shop, where the user often stops for five minutes to pick up a hot drink), the time of day or days of the
week the user goes to each destination, and so on.
Then, a predictive ML model uses that information to help make the user’s interactions with Google
Maps quicker and easier. When the user opens the map to enter a destination, a list of possible
destinations will appear, so that if one of those is correct the user can select it with a single touch instead
of having to key in an address. Additional data can be drawn from the user’s Google calendar to identify
destinations they are likely to want to go in the immediate future based on their upcoming appointments.
With each selection the user makes, the Google Maps algorithm is further refined, so that next time they
wish to select a destination, the list of suggestions will be more closely matched to their likely requirements.
Google Maps also uses outlying data to help improve its ML algorithms. For example, when the user
does not want to go to a destination that is in the list of suggestions provided, they may think that the
predictive ML algorithm has failed them — and to some extent it has, as it currently cannot accurately
predict every single trip the user will take. However, in entering an unpredicted destination the user is also
providing the ML model with additional data to work with. It will analyse this new data and try to improve
its algorithms to refine its predictions for next time.

Supervised and Unsupervised Learning

Machines learn through feedback, just like humans. ML uses a reinforcement learning algorithm, which is
reward-based learning that works on the principle of feedback. That is, predictive ML adapts to improve
its performance as it continues to learn from new information received. For example, an ML model may be
presented with an image of a computer and asked to identify it. If the ML model identifies the image as a
tablet, it is given corrective feedback to say it is actually an image of a computer. The ML model will learn
from the feedback and when it comes across any other images of a computer, it will be able to classify
them more accurately.
Earlier in this module we touched on the distinction between ‘supervised’ and ‘unsupervised’ learning
in relation to the quality and structure of the data provided to an ML model. We will now explain
these further.

Pdf_Folio:207

MODULE 3 Technology and its use in Finance 207

Supervised Learning
In supervised learning, the ML model is given accurate, clearly categorised and recognisable data to learn
from. The machine can rely on the labels already applied to the data to help classify and evaluate the data.
Supervised learning, therefore, tends to lead to more precise predictions.
In finance we can use supervised learning to build predictive models, such as those which indicate
which customers are likely to default on their home loans. This is achieved by comparing the behaviour
of prospective customers with that of previous customers who defaulted.
Another use of supervised learning is to make recommendations that lead to increased sales. If we
analyse the behaviour of previous customers, we can make recommendations to new customers who behave
the same way. We do not have to wait for the customer to decide for themselves.
It is important, however, to be aware of the risk of overfitting. Because ML algorithms build upon an
original algorithm over time, as the machine learns from the data its algorithms tend to become excessively
complex and specific in order to explain all variations that exist in the data. This is known as overfitting.
Overfitting is counterproductive because it focuses on one specific data set and will not necessarily translate
to effective analysis of other data. Overfitting is counteracted by providing negative feedback to the
machine when overly complex algorithms are developed.
Unsupervised Learning
The majority of the learning that humans and animals do is classified as ‘unsupervised’. If an ML machine
is given a collection of information that has not been categorised with labels, it will use its own algorithms
to try to categorise the information before evaluating it. Unsupervised learning is more difficult and time-
consuming for a machine because the input it is using is less organised and less easily recognisable.
A common use case for unsupervised learning would be a task that is impractical or impossible for a
human to do themselves — such as segmenting a database with millions of records. An ML model using
unsupervised learning could identify major trends or relationships in the data and the people in the business
or the machine itself could use what the machine learns to inform future business decisions.
For example, unsupervised learning could identify that one customer regularly fails to pay their invoices
until they are at least 30 days overdue. With that insight, the business may choose to establish more stringent
payment terms specific to that customer, or otherwise alter their supplier relationship to ensure the business
is not disadvantaged in those transactions.

QUESTION 3.9

How does the data used in supervised machine learning and unsupervised machine learning differ?

Deep Learning
Deep learning is a discipline within ML. Like all approaches to ML, deep learning is used as a way of
teaching machines to behave like humans and therefore bolster opportunity and productivity for businesses.
In place of conventional ML algorithms to evaluate data and generate outputs, deep learning uses artificial
‘neural networks’ to mimic the complexity of analysis performed in a human brain’s neural networks.
Neural networks process data through a layered structure of algorithms or decision points. A deep learning
model which uses neural networks therefore has a greater capacity to ‘learn’ or evaluate multifaceted data
than standard ML models. In fact, not only can neural networks process a significantly greater amount of
data than ML models, they actually require a significantly greater amount of data in order to create accurate
outputs. Figure 3.12 illustrates the basic principle by which neural networks function.
Figure 3.12 illustrates that a simple neural network contains connections between multiple nodes,
allowing for powerful processing and analysis of data. It takes in the data, called ‘input data’, trains itself
to recognise patterns in that data and then makes a prediction or an informed decision about the data.
The result is referred to as ‘output data’. The right side of figure 3.12 shows how a deep learning neural
network takes this strategy further by applying multiple layers of analysis to data, exponentially increasing
the patterns and insights that can be uncovered. The level of learning and analysis from a deep learning
neural network can be complex enough to mimic human expertise in some fields, such as market valuations
and loan approvals (see example 3.15).

Pdf_Folio:208

208 Digital Finance

 FIGURE 3.12 Deep learning neural network

Simple neural network Deep learning neural network

Input data Hidden layer Output data

Source: CPA Australia 2021.

EXAMPLE 3.15

Home Loan Applications

Joan is a highly experienced loans officer, who (among other responsibilities) is required to evaluate
applicants to determine if they qualify for a home loan.
Joan’s decision is based on a completed application form which contains 10 questions, each of which
is answered on a scale from 1 to 5. The possible variants of the completed form, therefore, number in
the thousands, and Joan must find a way to evaluate each one commensurate with the risk the applicant
poses to the bank.
Like all humans, Joan’s brain contains a neural network that allows her to use ‘intuition’ to recognise
certain similarities and patterns that her brain has become attuned to.
In a more robust and fool proof method, Joan could train an automated deep learning neural network
using historical loan applications and approvals (or denials). The neural network could then be provided
each new loan application as input data and it would be able to make accurate predictions of approval as
output data.

.......................................................................................................................................................................................
CONSIDER THIS
In what aspects or your work do you make decisions like Joan’s? Would any of those decisions benefit from full
consideration of all relevant factors, as could be achieved with deep learning?

QUESTION 3.10

Explain why an AI system can be better at finding patterns in data than even a very experienced
financial analyst.

When to use Deep Learning

Deep learning is able to process, interpret and make use of far larger and more complex data sets than
conventional ML. It is also better at unsupervised learning, or learning from data that is unstructured. As
a result, deep learning is able to perform far more complex tasks, and in some cases determine whether its
own prediction is accurate or not — similar to how a human would draw conclusions.
In contrast, as illustrated in example 3.15 earlier, standard ML cannot self-determine the accuracy of
its output and instead relies on human feedback. It then ‘learns’ by incorporating this feedback into its data
set, refining the algorithms it has developed and aiming to generate more accurate results next time.
Deep learning enables the most sophisticated AI technologies, simplifying complex tasks and creating
new connections and insights. Table 3.3 further illustrates deep learning’s extended abilities over standard
ML for certain applications (Serokell 2020).

Pdf_Folio:209

MODULE 3 Technology and its use in Finance 209

 TABLE 3.3 Comparing standard ML and deep learning

Standard machine learning Deep learning

Healthcare Categorising patient records Diagnosis of diseases

Reminding patients of follow-ups Discovery of new drugs

Investment Investment advice based on historical Real-time portfolio management

profile and investor data Prediction of stock price movements

Customer experience Collation of customer identity information Verification of customer identity

using multiple sources of information
including image and voice recognition

Source: CPA Australia 2021.

ML and NLP
NLP is a branch of AI that allows computers and machines to understand, manipulate and interpret human
language. In simple terms, NLP uses algorithms to identify and extract data from text and speech and
match it to natural language rules that have been converted into a format that the computer can understand.
When data has been provided in natural language format, the NLP model will use algorithms to extract
the meaning associated with the input and provide the appropriate outputs.
NLP is the driver and enabler of many other technologies and technology use cases. For example, NLP
can be used in combination with ML to streamline customer support by analysing customer phone calls.
This is beneficial to customers and the company as it improves the ability to analyse the calls and resolve
the issues that prompted them. NLP ‘interprets’ what a person says or writes by identifying key words
and phrases and sending requests to an app. It can pair this with other information, such as the person’s
location and map and business data, to respond to requests such as ‘What pizza restaurants are close by?’
Like ML, NLP is not a new field, but increasing computer power, increasing levels of available data
and a growing number of use cases have driven a resurgence of interest and development.
Figure 3.13 shows how the NLP machine understands a human who is asking a question in speech or
writing and uses that understanding to inform its response. Without NLP, the human had to type their
question in a syntax that matched the computer’s predetermined instructions.

FIGURE 3.13 How NLP works

Understanding the Understanding written

user’s speech material by reading it

(Intellectually) responding
to the user on the basis of
the understood content

Source: CPA Australia 2021.

Humans communicate in countless ways and, to maximise value, NLP technology must be equally
dynamic in its ability to understand. Current sophisticated NLP makes it possible for computers to read
text, hear speech, interpret it, measure emotional responses and determine which parts are important.

Pdf_Folio:210

210 Digital Finance

 Businesses are now using NLP in combination with ML in a variety of ways, including to:
• support key research and strategy tasks by analysing and organising large bodies of text into
meaningful categories
• create better customer experience by enabling spoken language as a way for users to instruct a machine
• support employees in uncovering strategic insights by analysing large amounts of business data to
identify common themes and ideas.
In an interesting application, NLP is being used to facilitate public consultation and community
engagement with some of New Zealand’s ethnic Samoan communities. Beca, an advisory, design and
engineering consultancy, used IBM’s virtual agent technology to create Tala, a natural language agent
that can interact with people online in either Samoan or English. Tala sought feedback on community
facilities from Samoan speakers, and in early trials, was successful in making the topic of conversation
less daunting and formal than it would usually be. Community members were therefore more willing to
participate in providing feedback, ensuring their views could be better represented in public decisions.
Another use of NLP is to facilitate end-user interactions with applications. A common example is virtual
agents such as Google Assistant, Apple’s Siri, Amazon’s Alexa and Microsoft’s Cortana.
Many terms are used to refer to conversation-based applications, including ‘chatbots’, ‘conversational
agents’ and ‘virtual assistants’. Although there are many subtleties and the exact classification of some
technologies may be contentious, broadly we can say the following.
• Chatbots are simple programs designed to interact on a single-turn exchange basis. That is, they are
designed to answer a simple question or perform a small number of single simple tasks. For example, a
user might ask, ‘What’s the current balance of my account?’, and the chatbot will respond.
• Conversational agents can respond to complex queries or requests by engaging a user in a series of
questions to identify the exact problem and, ideally, resolve it. For example, a user might say, ‘I’m
having a problem logging in to your online portal’ and the conversational agent would work through a
series of questions and responses to identify the cause of the problem.
• Virtual assistants (sometimes called ‘personal assistants’) are the most sophisticated conversation-
based applications, as they respond uniquely to an individual user over time and learn from their
interactions to improve their performance. For example, virtual assistants can learn a user’s preferences
and then assist with managing to-do lists, travel arrangements and calendar appointments.
Businesses may use multiple conversation-based applications for different purposes, or the type of
NLP-powered application they use may evolve over time. Example 3.16 examines Telstra’s use of chatbot
technologies.

EXAMPLE 3.16

Telstra’s Chatbot
Telstra handles more than 50 million calls a year through its customer contact centre. Telstra’s adoption
of AI began with the implementation of one customer-facing chatbot (called Codi), which was initially a
routing bot developed to understand a customer’s needs and direct them to a live chat agent. With the help
of IBM’s Watson virtual assistant technology, Codi has evolved into a ‘digital concierge’ or ‘conversational
agent’ that can offer customers’ answers in real time. This has resulted in a reduction in agent handling
time, a reduction in traffic to chat, messaging and call centres, and increased adoption of digital self-
service tools.
Having identified a range of potential use cases for virtual agents like Codi, Telstra has now expanded
its chatbot network. Around nine chatbots, conversational agents and virtual assistants operate within a
variety of functions, from an ACE bot assisting field service engineers with troubleshooting, to product-
specific bots such as Simmo, tasked to answer questions about pre-paid products.

.......................................................................................................................................................................................
CONSIDER THIS
The virtual assistants from Apple, Amazon, Google and Microsoft are probably the most familiar NLP applications for
most people. Could you envisage a role for an NLP-enabled assistant in your own work?

QUESTION 3.11

Outline the advantages of using NLP in robo-advising.

Pdf_Folio:211

MODULE 3 Technology and its use in Finance 211

TYPES OF ML
ML is increasingly being used alongside other AI technologies to analyse past human behaviours to predict
future behaviours. There are four main areas in which ML can be applied to enhance business functions.
These are described below.

Cognitive ML
Cognitive ML focuses on recognising and understanding text, speech, photos, audio and video in a way
that aims to mimic human thoughts. Cognitive ML uses data as models of humans, mostly focusing on the
areas of text, speech and common-sense reasoning to construct effective and self-teaching algorithms to
mimic human outcomes.
For example, NLP uses data to build algorithms that enable chatbots to recognise and mimic not only
how humans use language, but also the tone of happiness, excitement, sadness, anger and other human
emotions that form the non-verbal element of language. Visual recognition uses data to build algorithms
for visual pattern recognition.
Cognitive ML supports businesses through applications such as:
• indexing business documents, emails, images and social media to help users search through them
• processing photos or audio files to measure and control quality
• using virtual agents (chatbots) to communicate in natural language with customers in commercial or
customer service settings, and analysing customers’ emotions and social tendencies.

Predictive ML
Predictive ML characterises and analyses historical and recent data to predict an accurate future outcome.
Predictive ML utilises data analytics techniques and tools to produce predictive outcomes. As the
algorithms learn from new cases, the software improves over time.
Predictive ML is extremely powerful and can help businesses offer better services, be more efficient and
outperform competitors. It is currently predominantly used by larger companies. Applications include:
• forecasting revenues and sales for certain products in combination with weather predictions (e.g. stores
sell more umbrellas when it is raining)
• predicting the probability of customers moving to a competitor (churn rate) based on their contacts with
customer service
• predicting maintenance of engines and wind turbines based on data coming from IoT sensors; an IoT
sensor enables computers to collect data from other internet-enabled devices via cloud technology
• supporting intelligent credit management and collection processes through automated advice to release
or block a sales order
• supporting businesses’ legal functions with advice based on jurisprudence data.

Optimising ML
Optimising ML focuses on applying algorithms to find the most efficient and effective outcome for a
process. Examples of everyday use include automatic colour correction of photographs and GPS navigation
systems that find the optimum route to the user’s destination. For example, Google Maps uses ML to
identify traffic patterns from previous data and therefore consider routes that have been the best in the
past. Additional information from crashes, road works and closures is then analysed by AI algorithms to
calculate the best route.
Optimising ML supports businesses through:
• process optimisation
• logistical optimisation (e.g. in warehouse operations)
• supply chain optimisation (e.g. based on time or cost).

Classifying ML
Classifying ML is an intelligent way to segment and cluster data in large data sets. In some cases, it is
unsupervised, which means its algorithm has not ‘learned’ from historical data but is ‘smart’ enough to
identify patterns in data on its own.
One common use of classifying ML is credit card fraud detection. For example, if a credit card
transaction takes place in Amsterdam and within 10 minutes the same credit card is used for a transaction
in Singapore, the ML algorithm detects an irregularity, blocks the transaction and warns the customer.

Pdf_Folio:212

212 Digital Finance

 Classifying ML can support businesses to work with the data they are collecting from other sources to
improve outcomes. Some examples include:
• identifying unusual behaviour of servers in a data centre to prevent service interruptions
• classifying customer or market segments
• conducting crime analysis within national police forces.

3.13 BENEFITS OF ML
Five main areas in which businesses can realise benefits from the use of ML are as follows (Raza 2019).
1. Real-time decision making. Businesses can use ML to transform large, unwieldy data sets into actionable
information. The speed at which ML can process data means this information is available in real time,
allowing businesses to respond quickly to changing market conditions.
2. Eliminating manual tasks. Not only can automation replace the need for humans to complete basic
repetitive tasks but, with the addition of ML, machines can now also adjust to variable inputs or changing
internal conditions. Automation can therefore effectively complete tasks which are more complex or
dynamic, further reducing the need for human intervention.
3. Enhancing security and network performance. Cybersecurity threats occur quickly and can cause
widespread damage or data loss within a very short space of time. The speed and processing capacity
of ML means it is uniquely suited to continuous analysis of network security, identifying and reporting
on any breaches or anomalies much faster than a human could.
4. Improving business models and services. The application of technological innovation to existing
products and services can help businesses gain and preserve an advantage over competitors. ML has
been particularly beneficial in this regard in recent years with businesses such as Airbnb using models
heavily leveraging ML capability.
5. Reducing operating expenses. In addition to completing routine tasks, ML can also support business’s
customer support functions through the use of chatbots and other similar technologies. By answering
customer queries quickly and accurately, ML can significantly reduce customer support costs to a
business.

ML IN FINANCE AND BUSINESS

The finance industry’s use of ML, and ML with NLP, is on the rise. Financial institutions rely on it for data
and business intelligence to make informed business decisions. For example, NLP when combined with
ML or other AI technologies, makes it possible for financial institutions to assess a credit applicant’s risk
or gauge sentiment on their brand across the Internet. Some key NLP with ML applications in finance are
as follows.
• Contract analysis. Contract analysis is an internal task that is repetitive, mundane and can easily be done
with the help of NLP and ML. Enterprises like JP Morgan have had high success using NLP-powered
software to analyse contracts, helping them to free up 360 000 labour hours annually.
• Compliance and risk management. Assessing employee compliance to bank and regulatory policies and
procedures is a key focus for banks and insurance companies. NLP capabilities can enable compliance
officers at banks to find specific information relatively quickly amongst thousands of digital documents
and voice recordings. For example, compliance officers can determine whether bankers and customer
support agents are interacting with customers in compliance with regulations or they can search for
customer data and confirm it has been deleted when a customer has requested this.
• Customer service. NLP has also had a major impact on customer service. NLP is being incorporated
across virtual agents and other software to enhance customer service and resolve queries. With features
such as sentiment analysis, NLP can often deliver as a technology for driving better results from
customer services and support by interpreting the customer’s sentiment, not merely the literal meaning
of the words they are saying.

Fraud Detection
Security threats in finance are increasing and ML algorithms are excellent at detecting fraud. For example,
banks can use this technology to monitor thousands of variables in every account transaction in real
time. The algorithm examines each action a cardholder takes and assesses if an attempted activity is
characteristic of that particular user. This model spots fraudulent behaviour with high precision.

Pdf_Folio:213

MODULE 3 Technology and its use in Finance 213

 If the system identifies suspicious account behaviour it can request additional identification from the user
to validate the transaction or block the transaction, if there is, for example, at least 95 per cent probability
of it being a fraud.
ML algorithms need just a few seconds or less to assess a transaction. The speed helps to prevent fraud
in real time, not just spot it after the crime has already been committed.

Underwriting
ML algorithms work well with the underwriting tasks common in finance and insurance. Data scientists
train ML models on thousands of customer profiles, with hundreds of data entries for each customer. A
well-trained system can then perform the same underwriting and credit-scoring tasks with real-world data
inputs, thereby helping human underwriting employees work much faster and more accurately.
Banks and insurance companies tend to retain large amounts of historical consumer data, so they can
use these data sets to train ML models.

Algorithmic Trading
Algorithmic trading uses a computer program to place a trade. The trade, in theory, can generate profits at a
speed and frequency that is impossible for a human trader. In algorithmic trading, ML uses a mathematical
model which monitors the news and trade results in real time and detects patterns that can force stock
prices to go up or down. It can then proactively sell, hold or buy stocks according to its predictions, which
helps make better trading decisions.
ML algorithms can analyse thousands of data sources simultaneously, something that human traders
cannot possibly achieve.

Robo-Advice
A robo-advisor is an online application that provides automated financial guidance and services. Robo-
advisors are commonplace in the financial industry, with two major applications of ML in the advisory
domain.
• Portfolio management. An online wealth management service that uses algorithms and statistics to
allocate, manage and optimise clients’ assets. Users enter their current financial assets and goals, such
as saving a million dollars by the age of 50. A robo-advisor then allocates the current assets across
investment opportunities based on the risk preferences and the user’s desired goals.
• Recommendation of financial products. Many online insurance services use robo-advisors to recommend
personalised insurance plans to a particular user. Customers choose robo-advisors over personal
financial advisors due to lower fees and personalised and calibrated recommendations.

Automated Journal Processing

Financial organisations are increasingly using ML technology to perform intelligent tasks that support
the automation of various business processes, customer-facing services and other data-driven functions.
Example 3.17 illustrates how a financial organisation applied ML to automate a complex web of journal
processing and reporting tasks to streamline regular reporting and enhance the user experience.

EXAMPLE 3.17

Streamlining Reporting
Goal
A financial institution seeking to enhance user experience established a goal: Improve the experience for
users involved in journal processing and reporting tasks.
The steps to achieving this goal were determined to be:
• automating journal processes
• enabling users to acquire multi-disciplinary skills
• facilitating more accurate continuous reporting.
Challenges
Users were unable to access the required data, prepare the journal and identify errors. In the original
process, various factors made it challenging for the user to complete the required tasks including the
following.
• Accessing the required data
– Users had diverse needs based on their role.
– Users accessed multiple different source systems.
Pdf_Folio:214

214 Digital Finance

 • Preparing the journal
– Account codes and classifications were complex, adding time and difficulty to the data labelling
process.
– Journals had specific formatting requirements which needed to be adhered to, even if the source
information was not in the same format.
• Identifying errors
– Users manually entered a large volume of data which was time-consuming to check.
– There were unique formatting requirements across multiple entries, making very high levels of
accuracy difficult.
Implementation
Automation was applied in varying degrees across the journal and reporting processes as follows.
• Creation — fully automated activity
• Review — partially automated activity
• Analysis — provided insights
Outcome
60 per cent efficiencies were achieved with ML; 30 per cent with the manual process.
Benefits
75 per cent of journal processing was automated, shifting human effort to analysing outcomes and
facilitating more accurate continuous reporting.
• Cycle time: journal cycle time reduced by 60–75 per cent through touchless automation, which in turn
enabled acceleration of month close.
• First-pass accuracy: 100 per cent first-pass accuracy was achieved through ML.
• Operational controls: real-time proactive controls were built on a best-in-class process with zero audit
failures and mitigated risks
• Business insights: the ML-infused advisor now provides early insights into performance and business
impacts.
• Team skills: uptake of multi-disciplinary skills was achieved, shifting employees’ focus to business
partnering and value creation.
Efficiencies were achieved across the following user tasks.
Receiving the Data
• Before: Manual follow-up was required with input issues. No information available in new journal set-up.
• Now: An automated scheduler is deployed to check for data input and availability and to send
users alerts.
Processing the Journal
• Before: Users spent more than 70 per cent of their time performing journal steps with repetitive issues.
• Now: Users now only need to intervene when there are exceptions, which have been minimised
through ML.
Validating the Outcome
• Before: It was impossible for users to review all journals. Checks at random led to delayed closure.
• Now: A digital advisor is deployed to provide qualitative review using historical behaviour and rules that
force the organisation’s policies.
Collaboration between Users
• Before: Email-based follow-up led to delays and often did not provide an audit trail.
• Now: Chatbot and collaborate features are deployed to provide instant opportunities for users to
connect and retain a single source of truth for future reference or document back-up.
Gathering Insights
• Before: No insights were available, or were delayed when they were available, often making them
irrelevant to business decisions.
• Now: The digital advisor gives users real-time performance and financial impact insights with recom-
mended actions.

QUESTION 3.12

Explain how applying machine learning to unstructured data can assist accountants in their work.

Pdf_Folio:215

MODULE 3 Technology and its use in Finance 215

3.14 RISKS AND CHALLENGES FOR USING ML
ML can deliver enormous advantages to businesses and their stakeholders. However, ML comes with risks
and challenges that must be understood, evaluated and managed. The risks and challenges described for
AI in section 3.10 also apply to ML. We will discuss three related key risks below.

Data-related Risks
Not having enough data and/or having ineffective data can present risks to any application of digital finance
technologies. These risks are significant in relation to ML models as the quality of the input data largely
determines the quality of the algorithms created and, in turn, the output data.
Data-related risks in ML include the following.
• Data quality. Assess the data source, how it has been processed, its completeness and its accuracy to
ensure data quality is sufficient.
• Limited data. An effective ML model can be built on a small amount of data, but that model might
not continue to be accurate in the long term unless more information is provided to test and refine the
algorithms created. Therefore, the data set should be expanded over time to extend the capabilities and
learning of the model.
• Homogeneous data. This risk relates to lack of variety in the data. For example, to forecast home prices
in a city it is more effective to use as many (high-quality) different data sets as possible to build the
models. Ideally the different data sets will feature many different types of demographical data points.
Time should then be allocated to ‘feature engineering’ to find the best model inputs for accurate outputs.
Training on homogeneous data can lead to algorithms that do not give accurate outputs when more
diverse data are introduced.
• Data compliance and privacy issues. data privacy laws and ethics constrain how an organisation can —
or should — use the data it holds. The risk of misusing data must be managed.
Earlier in the module, we noted that biased data could results in biased outputs from AI machines.
Significant investment is required to ensure input data is not biased. This becomes much more challenging
with ML, because ML continuously seeks new data, uses it to refine its own algorithms and often
automatically takes action based on its findings. Biases evident in data can quickly skew the outputs.
This can result in poor or even quite damaging decisions being made. Microsoft, for example, launched an
ML-based chatbot on the Twitter platform in 2016, only to withdraw it within a day because it published
thousands of racist and misogynist tweets in response to similar tweets directed at it from a particular
group of users.
.......................................................................................................................................................................................
CONSIDER THIS
If ML processes millions of data points in real time and automatically acts on that input, how can an organisation
ensure the decision-making of the ML is legitimate, ethical and in the best interests of the business’s objectives?

QUESTION 3.13

Discuss the degree to which results produced by each of the automation technologies can be
explained.

Output Interpretation Risks

Regardless of the quality of the data and the ML model, there is a risk that the output might be
misinterpreted. This can arise when there is a mismatch between the assumptions made when the model
was built, and the assumptions made by the people interpreting the output.
Data scientists are good at building ML models, presenting the outputs and reporting on the findings,
but it is also important to work closely with those who will use the output to avoid such a mismatch. Data
scientists and users need to share clear and consistent expectations about the output and how it will be
interpreted.
In addition, there is a risk that if requirements are not clearly established, the ML model built may not
serve the intended purpose, thus wasting resources. For example, an organisation built an ML model to
help with sales forecasting. The model was built on the assumption that all data would be rolled up to
quarterly data for modelling and reporting purposes. However, stakeholders were accustomed to working
with weekly revenue data and struggled to use output focused on quarterly sales revenue.
Pdf_Folio:216

216 Digital Finance

Customer/User Interaction Risks
People interact differently with virtual agents to the way they would with a human. Understanding how an
interaction with a virtual agent will affect the customer/user experience is critical to avoiding an adverse
reaction. In the development of a virtual agent, it is important to engage the end user or a customer control
group in the design and testing or ‘learning’ phase of the virtual agent. For example, if a virtual agent is
being created to help employees find information on their company’s accounting policies and procedures,
members from the finance team should be engaged in the design process.
Customers will interact differently with a virtual agent than a person on the phone or via email. The
types of questions they ask and the language used need to be considered to make sure the query or request
can be successfully completed. For customer-facing virtual agents, it is better to start with a focused set of
intents or actions and extend these over time as the agent learns. This will provide a much better customer
experience than an agent that cannot successfully address the questions it is being asked.

3.15 BUILDING AN EFFECTIVE ML STRATEGY

In section 3.11, we described how to build an effective AI strategy. Because ML is an AI technology, a
strategy for ML will naturally form part of this broader AI strategy. In this section we will consider where
ML may be reflected in the AI strategy and the need to ensure the ML investment is scalable across the
organisation.

INCORPORATING ML INTO THE AI STRATEGY

Section 3.11 described a methodology to create an AI strategy. The organisational purpose and strategic
priorities will of course be determined by the business strategy and objectives. The aspects of the AI
strategy that may relate specifically to ML are:
• identifying the opportunity
• defining success
• creating a data strategy
• defining the solution
• defining the build, testing and deployment
• ongoing measurement and maintenance.
We will discuss aspects of these now.
Awareness of a range of ML applications, along with the associated benefits, risks and challenges
enables us to explore and evaluate the potential use of these technologies to create efficiencies or help
solve complex problems. Any ML use case included in the AI strategy should be directly related to the
organisation’s priority problems or opportunities.
For example, if inefficiencies are identified in an organisation’s journal process, then the potential of ML
(and other technologies) to address these inefficiencies can be evaluated. If the inefficiencies arise from
the need to collect and reformat or manually re-enter data from numerous inconsistent sources, then ML’s
abilities to seek, identify and process the data it needs could offer a solution or form part of a solution in
combination with other technologies, such as RPA to automate this process, alert the team to any exceptions
it cannot deal with itself, and generate visualisations or reports for management in real time. This could
be a valuable benefit for organisations with extensive or complex journal processing needs.
For a different organisation, the journals process may be outsourced and this would not be a priority
problem. They might instead be in a highly competitive market where they need to target customers with
personalised offers and a great customer experience. For that organisation, an ML strategy might be built
around analysing big data, and automatically sending personalised marketing or services to individual
customers’ smartphones.
They key is to ensure that appropriate technology is chosen on the basis of its ability to address the main
opportunities or problems the business faces.
Once ML has been identified as an appropriate solution for the business, the required outcomes need
to be described in detail. For example, to implement ML-enabled journals processing, we might specify
a required cycle time, maximum tolerable error rate, and labour hours saved. Personalised marketing
and customer service implementations might require a specific increase in sales or revenue, a decrease
in customer churn or increase in customer satisfaction.

Pdf_Folio:217

MODULE 3 Technology and its use in Finance 217

 Once success has been defined, the data needed to implement the solution (including training data)
and measure the outcomes can be determined. ML use cases are likely to require data and data processes
beyond those in the general AI strategy.
The development of an ML solution can be expensive and time-consuming. The costs need to be
evaluated against the identified benefits. If the solution is intended to create a competitive advantage, then it
will need to be built specifically for (and quite possibly within) the organisation. If the solution has already
been developed and implemented by others, then implementation time and costs will be considerably less
but may respond less directly to the organisation’s needs.
Like other AI, the building, testing and training of an ML model should be iterative. Because ML
develops its own algorithms, the risks involved in ML require close and ongoing attention to ensure the
machine acts accurately and ethically in accordance with the organisation’s expectations. A formal process
of regular assessment and review should be planned and implemented.

A STRATEGY FOR SCALABILITY

A common flaw in many organisations’ approach to ML is to view it as a solution on one narrow problem
rather than as a capability that can be leveraged across the organisation. While a business case for investing
in a particular ML technology or project might focus on specific valuable applications, an ML strategy
should be developed in such a way it enables the technology to scale across different business processes
and business units, wherever it can support the wider business strategy. A well-considered enterprise ML
architecture and strategy will be able to address issues and opportunities across the business rather than
just within a narrow area of application (Gusher 2018).
Example 3.18 examines how of ML integrates with the Commonwealth Bank of Australia’s
AUD5 billion digital strategy.

EXAMPLE 3.18

CBA ML Strategy
How CommBank is Training its Machine Learning Customer Engagement Engine
The Commonwealth Bank of Australia (CBA) has built a Customer Engagement Engine it has touted as
powering customer experience through the use of artificial intelligence (AI) and machine learning.
‘[It] is an advanced system which combines AI, machine learning, and our customer data to continuously
optimise and prioritise across all of the available messages, alerts, conversations, and communications
we can have with our customer at any given time, across all of our channels,’ CBA chief analytics officer
Andrew McMullan said.
‘And all of that in real time.’
Speaking with media at the launch of the bank’s new app, McMullan said CBA runs over 200 machine
learning models on top of 157 billion data points. He said these models are continuously ‘optimising,
prioritising, and returning the next best personal message to our customers as they interact with us across
all channels’.
McMullan said the bank has invested a lot in automated machine learning capability.
‘So maybe there’s a message that we want to test with some of our customers, in one of the assets
within the mobile app, we’ll push that message live and in the background we’ll switch on one of our
advanced machine learning models,’ he explained.
‘As our customers engage with that message, maybe a click through a “yes, please”, or “no, thanks”,
the machine learning model in the background is learning from that to really more accurately predict which
type of customers really enjoy experiences with that particular message.’
When CBA is happy with the performance of the model, McMullan said it would switch that conversation
on and add it to the system to become another message that will be shared with customers.
‘As I navigate my way through the experiences in the mobile app, each of the assets has been
personalised by making a call to the Customer Engagement Engine to say, “What’s the next best message
to determine this particular communication?”’
Providing a scale of the system, McMullan said that each day the bank’s applications make over 20
million calls to the Customer Engagement Engine to return personalised messages.
Over the next 12 months, the bank expects it will have the opportunity to deliver 3 billion personalised
messages to its customers.
‘One of my favourites is our Smart Alerts ... on credit cards. We’re constantly monitoring our customer
data and if a customer hasn’t paid the minimum amount or paid down their credit card balance, three days

Pdf_Folio:218

218 Digital Finance

 out from being due, we will send them an alert, make it really easy to click through to make a payment,’
McMullan said, offering an example of how the bank is using the Customer Engagement Engine.
‘If you haven’t done that and your payment is due in two days, another alert. One day, same day, even
one day’s grace. The last 12 months alone, we’ve built the ability to send over 20 million alerts to our
customers to help them avoid fees and charges on credit cards.’
Another example is how CBA is trying to help customers manage their bills.
McMullan said that by using natural language processing, the bank is attempting to better understand
all the regular payments and bills that a customer has in order to identify any anomalies.
He shared a personal anecdote where he was on a monthly subscription that had a price hike.
‘You can see [from that] example there are hundreds of opportunities for us to just notify our customers
and let them know that something has changed, and then they can decide what to do from there,’ he said.
The final example McMullan shared was helping the bank by using the system during the
application process.
‘Our customers begin an application and for many reasons they drop out. Maybe they haven’t submitted
the document, finished entering a specific field, or even signed the document. The Customer Engagement
Engine is constantly scanning over that, identifying exactly what the customer needs to do next, and we’ll
reach out to the customer to let them know what it is that they need to do to continue the application
process,’ he explained.
‘We are determined to improve the financial wellbeing of our customers and communities.’
According to McMullan, for customers that have been receiving the personalised messages, the net
promoter score is up to six points higher than it is from customers that don’t receive messages.
Source: Barbaschow 2019, ‘How CommBank is training its machine learning Customer Engagement Engine’, ZDNet.com,
www.zdnet.com/article/how-commbank-is-training-its-machine-learning-customer-engagement-engine.

.......................................................................................................................................................................................
CONSIDER THIS
Two years after the Commonwealth Bank launched the strategy discussed in in example 3.18, it announced a ‘refresh’
of its digital strategy. It had doubled the number of ML algorithms in its Customer Engagement Engine and was
making changes to it every day. In general terms, how can an ML strategy provide direction while enabling ongoing
development?

SUMMARY
ML is a type of AI in which the machine can develop its own algorithms based on patterns it identifies
in data. It refines its algorithms over time based on experience. Thus, the machine ‘learns’. ML requires
large volumes of data and substantial processing power, and is implemented in conjunction with other
AI technologies, often including NLP, which enables it to handle unstructured data and communicate its
outputs with stakeholders in natural language. It may also be combined with RPA so that it can drive
intelligent processes.
ML applications may be categorised as cognitive, predictive, optimising or classifying, but many
applications combine multiple approaches. ML enables the analysis of large datasets to support real-
time decision-making, supports intelligent automation, enhances security and network performance,
provides new ways to improve business models and services, and can create efficiencies that reduce
operating expenses.
Deep learning is a discipline within ML. Deep learning uses artificial ‘neural networks’ to mimic the
complexity of analysis performed by humans by processing data through a layered structure of algorithms
or decision points.
The key challenges in using ML relate to the need for robust data governance, ensuring valid
interpretation of outputs, and ensuring engagement with customers or other users of the technology is
effective and beneficial.
For organisations with valuable use-cases and the required resources and capabilities to use an ML
solution, ML can play an important role within the organisation’s digital strategy. The ML strategy should
ensure the investment can be scaled across the entire organisation over time rather than being restricted to
narrow applications.

Pdf_Folio:219

MODULE 3 Technology and its use in Finance 219

 The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

3.1 Select appropriate digital tools, using accounting and finance knowledge, that provide
innovative solutions to complex business problems.
• ML is able to intelligently handle unstructured data.
• ML is able to generate insights not possible through other approaches to data analysis.
• ML integrates with other technologies such as NLP to enable automated responses to the insights
it generates, including interacting with customers and employees.
• ML can generate outputs which predict future behaviour based on past behaviours and thus enable
proactive and pre-emptive decision making.
• ML enables optimisation of processes.
• ML’s ability to undertake classification tasks has a range of applications in areas such as fraud
detection and cybersecurity.
3.2 Evaluate the impact of innovative technologies on the work of accounting and finance
professionals to communicate the benefits and risks to key stakeholders in the organisation.
• ML enables real-time decision-making based on real-time analysis of large volumes of complex
data, including through predictive analysis.
• ML supports intelligent automation, enhances security and network performance, provides
new ways to improve business models and services, and can create efficiencies that reduce
operating expenses.
3.3 Appraise the suitability of technology in creating efficiencies and solving complex
business problems.
• ML can be used to optimise and intelligently automate processes, including engagement with
stakeholders.
• ML can generate insights and predictive analysis from complex data in real time.

Pdf_Folio:220

220 Digital Finance

PART E: VALUE OF TECHNOLOGIES
INTRODUCTION
Senior management should communicate the organisation’s vision for implementation of digital transfor-
mation technologies, including how staff can acquire or develop the new skills required to use digital tools,
and the appropriate training and support should be provided. Businesses need talented individuals who can
provide insights into the digital information available through the effective implementation of technology.
The demand for analysts with the appropriate business experience, skills and knowledge to use and manage
digital tools is increasing (Hood 2018). Knowledge in data analytics, such as digital data creation and
sharing, statistical programming, data mining and data visualisation, is also highly regarded. Beyond
gaining insights from financial data, the critical role for professionals is to build business advantages for
the organisation based on the insights gained.
In this part, we will examine how to select digital tools to best fit the specific business needs of an
organisation. We will also develop an understanding of how a digital transformation strategy can address
the changes required to work in a digitally enhanced future.

3.16 CHOOSING THE BEST TECHNOLOGY

The different technologies discussed throughout this module all have strengths and weaknesses, benefits
and costs. An effective digital strategy will seek to adopt and implement a mix of technologies that
optimises use of resources and effectively addresses business problems and needs, in alignment with the
business’s overall strategic objectives. While matching the technology to the specific need, the technologies
should not be evaluated in isolation or as alternative approaches, but rather as synergistic parts of an overall
digital strategy.
David Thurkle, the cognitive process transformation growth leader at IBM, suggests:
When it comes to digital transformation, it’s not a question of who has the best technology, but who has
the best understanding and appreciation of what the technology can unlock.

Therefore, the selection of technologies is inseparable from the understanding of how that technology
will be used to benefit the business. Technology can help organise processes, provide business com-
petitiveness, improve customer service, enhance internal and external communication, increase business
productivity and profitability, and more.
With the rapid development in technologies, this section aims to model the choice of technology against
a particular scenario. The guiding principle should be that the ‘best’ technology is technology that matches
the business’s needs.
Example 3.19 steps through a bank’s launch of a new credit card product to model how technologies
might be chosen for any one particular problem.

EXAMPLE 3.19

Technology Selection
A bank recently launched a new credit card with a market-leading rewards program and a 0 per cent
interest rate on all transferred balances for the first six months. The bank typically receives around 1000
credit card enquiries and applications each month, but since the campaign launch they are now receiving
5000 a month. Call wait times in the bank’s customer contact centre have increased from an average of
5 minutes to 15 minutes, with a much higher drop-out rate than normal.
The bank’s marketing manager and head of credit card processing are concerned that they are missing
out on possible new credit card customers due to the poor customer experience. They brainstormed some
ideas to use automation technologies to help address the problem.
They chose to proceed with an AI-powered virtual agent to capture and answer customer enquiries
about credit cards. By implementing a virtual agent to capture and answer customer queries, the bank’s
customers reported a significantly improved experience: 30 per cent of all customer enquiries and
applications for the new credit card were handled by the virtual agent and average call handling time
was reduced by 50 per cent for customers who interacted with the virtual agent.

Pdf_Folio:221

MODULE 3 Technology and its use in Finance 221

 Not all of the improvements were directly related to the credit card product either. With the virtual agent
taking over handling of a range of customer enquires the overall call handling time in the call centre reduced
from an average of 15 minutes per call to 8 minutes per call.
As a consequence of the introduction of the virtual agent, call centre staff experienced a 20 per cent
improvement in their overall productivity.
The implementation of the virtual agent significantly improved the customer experience when dealing
with initial enquiries and discussion when applying for the bank’s new credit card. However, the bank has
been receiving a lot of calls and complaints because of the amount of time it takes to send out the cards
to customers once they’ve been approved.
Prior to this promotion, the bank would usually receive 300 applications for review and approval and
send out approximately 200 new credit cards each week. With the increased traffic due to the promotion,
this has increased to more than 800 new applications being received each week and around 500 new
cards being approved and sent out over a two-week period.
The card processing team, responsible for processing approved applications is overwhelmed with the
volume of approvals, and their processing time has increased from 1.5 days to 3.5 days for each successful
application.
The card issuing process includes significant manual processing, re-keying between systems, and many
handoffs. There are no staff available to help the processing team with their increased workload.
The bank explored technology options to help address this problem and settled on an RPA bot to
streamline the card-issuing process and reduce the need for manual data entry. Once programmed
correctly, the RPA bot was able to process up to 60 per cent of the bank’s new credit card applications
without the need for human intervention. The volume of re-work due to errors reduced by 20 per cent
due to the reduced need to re-key customer information, and the number of handoffs between different
employees (completing different parts of the card issuing process) was also reduced.
The RPA bot was able to function 24 hours a day, 7 days a week so the backlog of applications
was quickly resolved and the ongoing volume of applications was able to be efficiently dealt with.
Consequently, the card processing team reported an increase in engagement and job satisfaction as
they were able to focus their time on resolving non-standard applications. Customers were also much
happier with the speedy service.
Despite the improvements resulting from the implementation of the RPA bot in the card processing
team, there are still some issues with delays in the card issuing process for the bank’s new credit cards.
When examined more closely, the delays are tracked to the credit assessment team, another team that
is involved in the approval process of the applications. For each application, the credit assessment team
is responsible for assessing the customer’s credit rating and the affordability of the card to determine if
the customer should be approved for the card they have requested.
Just like the card processing team, the credit assessment team is overwhelmed with the volume of
new applications as a result of the bank’s marketing campaign. With no new staff available to them, they
are struggling to keep up, and customers are still experiencing some delays while the bank reviews and
approves new applications.
To address this problem, the bank elected to implement an AI-powered solution to assess and
automatically approve customer credit applications, along with an ML component to update customers
directly on the status of their application and request additional information if required.
The AI solution was able to process credit approvals for up to 40 per cent of the new credit card
applications without the need for human intervention. For approvals which could not be automatically
processed, the information compiled by the AI solution reduced the amount of time a credit assessor
needed to spend processing the application by 40 per cent.
Like the credit processing team, the engagement and job satisfaction of the credit assessment team
members improved significantly as they no longer needed to struggle with the volume of repetitive manual
work, and were instead able to focus their experience and skills on processing cases that were exceptions,
or that had special requirements.
The solution’s capabilities were also valuable to the bank at a strategic level; the AI algorithms were able
to detect and analyse any bias in the applications being approved or denied by the credit assessment
team. The bank had increased visibility and confidence that they were meeting regulatory requirements
and controls for responsible lending.

Automation technologies are most effective when the most relevant capabilities are harnessed. In each
phase of example 3.19, many different technologies could have been deployed, but it was critical for the
bank to appropriately match the technology with the functionality required.
.......................................................................................................................................................................................
CONSIDER THIS
Where could RPA, AI, ML and combined technologies be applied in your business or a client’s business? Try to
develop some specific use cases and the rationale for the choice of technology. Focus on the use cases that would
provide most value to the organisation. Could any of the solutions be applied across multiple problems?
Pdf_Folio:222

222 Digital Finance

3.17 RESHAPING FOR AN AUTOMATED FUTURE
In the earlier sections of this module, we built an understanding of how each class of technology works
and explored specific value-creating applications of those technologies, along with the risks and challenges
associated with their use. In this section we will examine digital transformation strategy, value creation
with technology, with a focus on automation in particular, how to prepare for a digitally transformed future
and some ethical issues that must be considered when adopting technology tools.

ELEMENTS OF A DIGITAL TRANSFORMATION STRATEGY

Digital transformation describes the process of moving analogue or traditional ‘non-digital’ technologies
fully into the digital space, taking advantage of virtually unlimited data storage and computational power
to interact flexibly and in real time with highly connected users who are mobile and have multiple ways
to create, send and receive data.
A digital transformation strategy describes how digital technologies will be implemented to achieve
the digital transformation goals set out in the corporate strategy. The digital transformation strategy also
details how success will be measured, thus providing a set of indicators to assess performance.
A basic concept in organisational strategy is alignment between the business’s functional strategy (the
organisational plan for each function, such as finance or manufacturing) and the operational strategy (how
the business achieves its objectives through resources and processes). Downes and Nunes (2013) suggest
that the nexus between functional and operational strategy must be even stronger for digital transformation.
In the context of a business’ digital transformation strategy:
• operational strategy may include innovative product development, new business processes and identi-
fying new markets
• functional strategy may include delivering enhanced IT, HR and financial outcomes.
The significant technological transformations we are all experiencing in our working and personal lives
are expected to translate into transformational business outcomes. E-commerce is a good example of
the potential for digital transformation. Not only has e-commerce disrupted traditional retail by allowing
consumers and other businesses to buy and sell goods and services over the internet, but it also has flow-on
effects to all parts of the business, and the broader economy. Consider the extensive disruption triggered
by Amazon’s business model. Amazon started as an online bookstore, but has since disrupted every market
that it has entered through radical digital transformation:
• logistics (guaranteed shipping times)
• improved digital delivery via numerous subscription services such as Prime and Audible
• real estate (warehouses instead of shopfronts)
• cloud computing and AI-services on demand, via the popular and powerful Amazon Web
Services (AWS).

Digital Priorities and Objectives

IDC (2021) identifies four digital strategy priorities that are essential to the successful digital transforma-
tion of an enterprise. These are described in table 3.4.

TABLE 3.4 Essential digital strategy priorities for digital transformation

Strategic area Digital strategy priority

Technology strategy: The what The organisation must keep abreast of emerging technologies and determine
how these technologies might be applied to the organisation.

Talent strategy: The who The organisation must acquire or grow talent to ensure staff have the skills
and knowledge required to transform, or have a strong framework to source
specialist skillsets.

Governance strategy: The where The organisation must clearly define the KGIs, responsibilities, account-
abilities, organisation design and KPIs that will be employed across the
enterprise to govern the implementation of digital transformation.

(continued)

Pdf_Folio:223

MODULE 3 Technology and its use in Finance 223

 TABLE 3.4 (continued)

Strategic area Digital strategy priority

Processes strategy: The how The organisation must create well-defined business activities, rules and
procedures, and prioritise data and resource ownership, so that process
transformation can be applied throughout the enterprise.

Source: CPA Australia 2021.

Common Themes
Matt et al. 2015 suggest that all digital transformation strategies have four key objectives in common.
• Technology creation. Application of new technologies to the organisation to improve how important
resources are used, create greater organisational agility, and alter the basis of competition
• Value innovation. Creation of superior value for customers and lower costs for the company in a way
that aligns with the company’s strategic focus
• Structural modification. Creation of dynamic operational relationships between various entities within
(and in relation to) the organisation
• Financial revolution. Disruption of financial institutions and transformation of how financial institutions
generate and utilise insights from business data, in turn producing business model innovations,
enhancing the competitiveness of the company and its workforce, engendering new risk dynamics and
anchoring new challenges to the policymakers.
Example 3.20 provides an example of technology creation leading to financial revolution.

EXAMPLE 3.20

Technology Creation Linked to Financial Revolution — Facebook

Billions of Facebook users are able to share content in real time, including status updates, photos, and
streaming content. This user-base is a captive market for personalised advertising, providing a new
way to add value into a previously saturated industry. Social media and search engine providers have
revolutionised the advertising marketplace, and digital advertising now accounts for around 90 per cent of
the market when compared to traditional analogue equivalents (such as billboards or broadcast television
advertisements). This has led, in turn, to a financial revolution for Facebook and other entities like it that
have benefited greatly from advertising revenue.

Key Elements
We have discussed key priorities and common themes of digital transformation strategies. We will now
look at three key elements of the strategy:
1. KGIs
2. gap analysis and identifying alternatives
3. road map and KPIs.
Key Goal Indicators
One of the enduring questions regarding digital transformation is how success is measured against the
investment that is made in transformational technologies. One way to do this is through the use of key
goal indicators (KGIs). Establishing KGIs is a critical part of any digital transformation journey, as there
can be a significant gap between the digital transformation vision and its ultimately realisable reality.
Some companies that are extremely successful in the non-digital world fail to execute in the digital
universe, whether through technology failures, misalignment between operational and technical strategy,
or a failure to properly measure and manage risks.
Digital transformation goals can be measured through KGIs, including:
• attraction of new clients
• establishment of new service supply channels
• reduction of cost per client
• increases in productivity
• reductions in risk
• alignment with industry standards.
Pdf_Folio:224

224 Digital Finance

Gap Analysis and Identifying Alternatives
The starting point for any digital transformation initiative is a gap analysis that interrogates: where is the
business now, where does it want to go, and what does it need to achieve to get there?
A number of dimensions can be considered in a gap analysis, including the following.
• Strategy. Why is a company not performing in the current environment?
• Market. Why are sales not increasing?
• Human resourcing. What staff are needed to perform future functions, compared to those that the
organisation currently employs?
• Profit. Notwithstanding the other dimensions, how can the company change in order to meet profitability
expectations, return on capital targets, and so on?
In order to gauge the impact of alternative ways of doing things, businesses may need to consider the
use of business analytics and/or mapping of business processes.
Road Map and KPIs
Following from the identification of gaps and alternative ways to do things, a road map should be created,
and a set of KPIs developed for the specific milestones in the plan.
This begins with the identification and prioritisation of goals, culminating in what is essentially a
program management exercise, that may use project scheduling tools like a Gantt chart to identify critical
paths, timelines for delivery, and project budgets.
At each stage of the road map, KPIs can be identified and measured, providing the organisation with a
mechanism to measure project success. Some typical KPIs for digital transformation include:
• user retention (worst case), or user growth (ideal case)
• time savings
• productivity increases
• actual new revenue
• actual cost savings
• marketing conversions
• customer experience improvements.
Example 3.21 describes elements of the Australian Government’s digital transformation strategy.

EXAMPLE 3.21

The Australian Government’s Digital Transformation Strategy

The Australian Government’s Digital Transformation Strategy (DTA 2018) is arguably the most successful
and high-profile local case to emerge in recent years. The strategy is straightforward but highly ambitious:
to deliver ‘simple, clear and fast public services’, and bring the government out of an era in which
paperwork for government customers had increased.
The Australian Government aims to build common digital platforms that make it easy to deal with the
government, that enable different agencies to work together and deliver joint services for the people of
Australia. One of the strategies is to drive partnerships between the government and numerous third-party
Australian businesses to ideally introduce more competition into the market.
For example, with the introduction of the goods and services tax (GST) more than 20 years ago, it was
envisaged that businesses would lodge their tax returns using a digital signature contained in a file. The
system was complex, unwieldy, and resulted in the Australian Taxation Office (ATO) building new facilities
to process paper returns, as most businesses were unable to lodge online.
The ATO case was not isolated, and a whole-of-government transformation was then planned with three
basic goals making government services:
1. easy to deal with
2. informed by the customer
3. suited to the digital age.
These three goals were then used to create a roadmap, linking actions and projects across a range of
horizontal and vertical layers. A dashboard was provided for all stakeholders to check on the progress
towards KGIs, included platform technologies shared by all departments, including data exchange
standards, blockchain, availability of government data, digital services standards, agile delivery and
common myGov services (including authentication and mail). Success in achieving these KGIs helped
address gaps in service delivery that resulted in a whole range of new services, including mySkills,
Bloodnet, myTax, NAPLAN Online, and so on.

Pdf_Folio:225

MODULE 3 Technology and its use in Finance 225

 As of June 2019, the government has implemented over 30 digital initiatives, some key examples of
success are described below.
1. The myGov portal provides faster and more efficient notifications to people through email, and via SMS.
2. The myTax portal handled over 3.5 million tax returns submitted for the financial year 2017–18.
3. The mySkills portal can assist millions of students and employers to make informed decisions on the
training that best suits their needs.
4. The online digital permit validation service minimises the time required for importers to get their permits
in order, and they no longer need to physically present all permits to port authorities.
The striking thing about this strategy is not only what it has achieved so far, but also the long-term
plans for new services over the next seven years, including a move to eCensus from the current pencil
and paper approach, as well as a new National Criminal Intelligence System (NCIS), and a National Public
Register of Sex Offenders.

VALUE CREATION USING AUTOMATION

When the capabilities of automation are appropriately matched to the business need, organisations and
their stakeholders can realise significant benefits. Loh and Ashton (2019) divide these benefits into three
categories:
• increased efficiency
• improved decision making
• enhanced control environment.
These categories are a helpful framework for understanding the ‘big picture’ of automation benefits, in
particular how they relate to finance functions. To understand the business benefits of intelligent automation
at a more granular level, we could again apply the balanced scorecard that we introduced in section 3.2 to
any particular use case of set of business problems.
Table 3.5 shows how Deloitte, EY, PwC and KPMG have been applying automation technologies in their
businesses. Some of these use cases may provide insight into how these technologies could be leveraged
by other organisations in finance-related functions.

TABLE 3.5 Automation technology use cases

Use case Benefits

Deloitte Implemented AI-enabled document There was a 50% reduction in the time
reviewing process to extract relevant spent in extracting legal documents,
information from various documents. invoices, customer financial statements
and minutes.
Applied IBM Maximo technology to
automate cognitive asset inspection
process.

EY Applied AI to the analysis of leasing AI was able to handle 70–80% of a

contracts. simple lease’s contents.
EY (Australia) implemented EY (Australia) is now able to handle
AI-enabled audit function. 50% of bank audit confirmations with
AI (confirming audit requests, collating
relevant audit information for analysis).

PwC Applied NLP to process unstructured NLP was able to generate insights from
data. complex agreements, contracts and
minutes.
Developed general ledger AI (GL.ai), to
analyse documents and prepare reports. The GL.ai system, which has been
successfully implemented in 12
countries, is able to speed up the audit
process and generate insights that boost
efficiency.

Pdf_Folio:226

226 Digital Finance

 KPMG Developed KPMG Ignite, a set of AI KPMG Ignite was applied to banking
tools, to enhance businesses and LIBOR analytics and was able to help
processes. Transamerica, a wealth and health
company, with a LIBOR reader to
Applied an NLP call centre engine to
eliminate many months of contract review
convert customer calls to unstructured
with an accuracy rate of 98%, which
text, assigned with identity keywords to
improved on the 85% accuracy rate
gauge customer sentiment and predict
achieved by manual processing.
future trends.

Source: Faggella 2020.

The Value of Automation in Finance

Finance functions can benefit from automation as they typically have many processes that are manual
and repetitive, or involve large amounts of data. Loh and Ashton (2019) have identified some of the key
finance processes that can especially benefit from various automation approaches, clearly indicating how
many areas of the business automation can affect. Some of these applications in finance include:
• RPA:
– customer and vendor master data management
– reconciliations – banks, accounts receivables, payables, intercompany transactions, general ledgers
– payment processing and some travel and expense management
– journal entry processing
– planning and budgeting
– financial and management reporting
• AI:
– forecasting and analytics
– managing travel and expenses
• intelligent automation:
– supplier’s invoice processing
– order processing.

GOVERNANCE, RISK AND COMPLIANCE CHALLENGES

OF AUTOMATION
Introducing automation to an organisation will inherently introduce new risks which may impact on
the ability of the organisation to meets its objectives as well as governance, compliance and regulatory
obligations, particularly those in relation to data governance. Senior managers in organisations are
required to ensure their business has stringent, consistent, cohesive and enforceable governance, risk and
compliance (GRC) structures.
• Governance. The process of setting and implementing clear business objectives, policies and standards
across the entire organisation and ensuring they are properly executed.
• Risk management. The process of mitigating and managing business-related risks and uncertainty
through establishing control mechanisms throughout the organisational environment, and the processes
required to meet the business objectives and governance requirements.
• Compliance. The process of ensuring adherence to all business rules, policies, and guidelines which
are established internally or externally.
An organisation with an effective GRC structure will be ready to comply with all government
regulations, and will be well-prepared to deal with the threats and risks that the company may be exposed
to on a day-to-day basis.

Pdf_Folio:227

MODULE 3 Technology and its use in Finance 227

 Each different type of intelligent automation technology can give rise to different risks and challenges,
but there are some commonalities. According to McKinsey (2018), these risks can lead to consequences
at an individual, organisational and societal level. Intelligent automation can pose many different risks
to the individual, including a risk to privacy, a risk to reputation, bias and even a risk to physical safety.
The organisational risks posed by intelligent automation include a risk to reputation and data security, and
also extend to legal issues and poor financial performance. At the broadest level, intelligent automation
solutions can pose a risk to society by compromising financial markets or national security, manipulating
government processes and even jeopardising the security of infrastructure such as communications,
electricity and water supplies.
A World Economic Forum (WEF) survey (2020) of AI adoption in five different financial service sectors
found that risk management ranks highest in the following three service sectors:
• deposits and lending (56 per cent)
• payments market infrastructure (53 per cent)
• professional services (53 per cent).
It is the second highest in investment services (55 per cent).
About 53 per cent of respondents in the WEF survey believed that AI adoption would worsen
business risks (World Economic Forum 2020). Respondents were concerned about the safeguarding of
AI applications and felt that these processes may result in data breaches and bias in automated decision-
making (according to 58 per cent of respondents). The concerns included:
• breaches in personal privacy
• cybersecurity breaches
• concentration risk
• aggravated prejudices and discrimination
• damaging service accountability mechanisms
• overall financial market risks.
With regard to privacy breaches, there have been many incidents regarding the violation of the use
of social media to sell or expose personal information by service providers. The Facebook–Cambridge
Analytica case is the best known. In 2018, Facebook faced allegations that user data was utilised without
consent to track and influence the choices of voters during the 2016 United States Presidential Election.
Cambridge Analytica had gained access to the private information of more than 50 million Facebook users.
The company had offered tools to analyse personal details on Facebook users’ identities, friend networks
and ‘likes’. Cambridge Analytica was able to map personality traits, based on user activity, and then use
that information to target audiences with digital advertisements that were intended to influence how the
user chose to vote (Chan 2020).
As a result of the Facebook–Cambridge Analytica incident, the EU has suggested that any AI that is
used by governments and organisations should be what is known as ‘trustworthy AI’. In addition to being
lawful, ethical, and technically robust, the EU suggested seven additional trustworthy AI requirements:
1. total human oversight
2. robust technologies
3. stringent privacy and governance on data
4. transparency in decision making
5. fairness in the AI algorithms
6. clearly defined human and machine well-being
7. total accountability of the AI machine.
The most important action a business can take to mitigate risks associated with the adoption of AI-
enabled automation is to develop an AI strategy, which sets out its AI priorities, goals, milestones,
mission and vision — all in support of the business’ overall strategy. Strategy development has been
discussed throughout the module. In the next section, we will briefly examine how automation technologies
themselves can be used to manage automation-related risks. We will revisit this issue in module 5.

Automation of Governance, Risk and Compliance

The volume and velocity of data used in digital tools presents a significant risk management challenge.
Effectively meeting this challenge often involves the use of more automated tools — to safeguard the
integrity, confidentiality, and availability of data assets, and control how data is used, stored, and operated
to ensure all business functions within an organisation use the data effectively, efficiently and responsibly.

Pdf_Folio:228

228 Digital Finance

 The benefits of governance, risk management and compliance automation include:
• establishing reliability, consistency and control for an integrated business environment
• providing a standard operating platform and practices for the whole organisation
• choreographing data governance and system development processes, such as automated metadata
harvesting and multi-data source cataloguing for real-time metadata synchronisation with business
governance
• delivering added value to data management and impact analysis for governance and risk mitigation
• automating data movement visualisations that enable management to have a detailed view of the business
data path starting from data source, through different stages, and ultimately on to other external business
entities. It can collect and process internal compliance data for ease of interpretation and application at
the executive level of the company.
An automated GRC solution can identify and expose management threats, detect any anomalies
introduced by any new updates to systems, and provide new insights to ensure a business is compliant.
Additionally, GRC automation can manage internal activities, and control risk within the organisation
to ensure that all staff comply with governmental regulations. Furthermore, GRC automation provides
visibility and standardises communication in the reporting and handling of any incidents within the
organisation.
Example 3.22 examines how digital tools could be used to solve various challenges, including GRC
challenges, for a bank.

EXAMPLE 3.22

Digital Tools to Solve Challenges Facing a Bank

This example considers a fictitious financial services organisation (a bank) which faces innumerable
challenges in a rapidly changing regulatory, commercial, and risk environment. We will then examine how
to assess whether AI, ML, RPA or a combination of technologies may be the most appropriate technology
strategy to provide a solution in each scenario, applying the balanced scorecard where appropriate.
This process should make it clear how to identify appropriate strategies for an organisation, and how
to potentially solve a range of challenges with technology.
Business Problems
Business problems that may arise for the bank in 2021 and beyond include:
1. responding to the ongoing consequences of the COVID-19 pandemic
2. changes to banking regulation
3. cybersecurity risks.
We will consider each of these scenarios in turn.
COVID-19
At the corporate level, according to KPMG (KPMG 2020), there is a significant risk to bank profitability
from COVID-19. This is because interest rates and margins remain low, while the risks being incurred are
increasing. At the departmental level, in lending, individual loans have to be written in an environment
where the variance in bank funding costs are growing, and the risk of bad loans is also rising. Internal
operational requirements are therefore changing, since mortgage decision rules (based on lower-risk and
more stable environments) may not be suited to the new lending situation, yet liquidity demands that
the bank continue to lend. Rather than being conservative, the external business environment is actually
supportive of further growth in the lending markets, with, for example, the federal government actually
introducing lending reforms to make it easier for businesses and individuals to borrow money through
reduced regulation (Crowe 2020).
So, how can RPA, ML and AI address the COVID-19 challenges for the bank?
At the operational level, RPA could be used to speed up the mortgage assessment process as well
as supporting the automation of the lending process, by checking for errors and exceptions early in
the process.
ML could be used to improve the scoring of lending applications, especially where future lending
decisions need to be based on a varying set of criteria. This means that classifiers could be trained with
current information about which customers are likely to face arrears. This approach has been adopted
at Ellie Mae (a software company) through the new AIQ Credit Analyzer, which undertakes ML-based
reviews of credit evaluation and due diligence for its client banks (Bates 2020).
At the higher organisational levels, AI could be used to run stress tests to test whether the bank is likely
to weather millions of different risk-based scenarios. Simudyne (2020), for example, works with Barclays
bank to run bottom-up scenarios in real time, trying to identify situations that would impact on the bank’s
bottom line.
Pdf_Folio:229

MODULE 3 Technology and its use in Finance 229

 Changes to Banking Regulation
A key change to banking regulation has been the introduction of the Consumer Data Right (CDR)
legislation, which heralded a new era in ‘open banking’. Effectively, open banking allows consumers to
grant third-party access to their financial data, rather than having one provider control that data. At the
corporate level, this can be seen as both a threat and an opportunity — banks that can develop platforms
to make use of this data will be able to introduce new data-hungry products and services; banks that
cannot make the transition may fail.
At the departmental level, the CDR has greatly increased technical and regulatory work to enable
compliance with the Privacy Act, the General Data Protection Regulation (GDPR), as well as the CDR.
Internal operational requirements also necessitate the implementation of API standards to enable the real-
time transfer and consumption of customer data. The external business environment is not favourable to
traditional banking through this lens: disruptive, digital-only payment providers like Alipay (linked to the
e-business site Alibaba), or Apple Pay, continue to threaten the dominance of big banks.
These technology companies also have the capacity and expertise to adapt quickly to the changing
regulatory environment.
So, how can RPA, ML and AI provide opportunities for the bank in regard to open banking?
At the executive level, AI could assist the bank by ensuring that lending decisions do not inappropriately
result in discrimination against minorities or underprivileged groups through algorithmic bias. This could
be promoted as a contribution to the bank’s triple bottom line.
At the operational level, RPA could be used to code the various overlapping regulations relating to Open
Banking, and provide reports on compliance and governance requirements.
At the departmental level, ML could be used to monitor trends and patterns in customer behaviour
and use these to recommend new products or services. FinTech companies like Tink (a European open
banking platform) use this approach by providing the best match between a set of fuzzy customer
requirements and banking products that are the predicted best fit (Brodsky et al. 2018).
Cybersecurity Risks
Cybersecurity risks in the financial services sector can bring about damages that include both tangible
losses (including theft from customer accounts, and recovery from disasters), as well as intangible losses,
including damage to brand reputation and loss of goodwill arising from publicised incidents.
At the corporate level, boards must deal with a complex and often bewildering array of conflicting and
overlapping standards for governance, risk and compliance, such as ISO 27001, NIST and others, as
well as local government advice (including the ‘Essential Eight’ from the Australian Signals Directorate).
At the departmental level, banks must implement CPS234, the APRA-defined standard for banking
information security, which requires operational teams to monitor and manage incidents, as well as to
conduct internal assurance processes, including penetration testing. Banks must report incidents to
APRA within 72 hours or face significant penalties. Internal operational requirements include identifying all
assets and cataloguing all information security configurations. The external business environment remains
challenging, but very competitive, as some banks introduce security enhancements (such as two-factor
authentication devices) to achieve brand superiority (Woodcock 2020).
AI, ML and RPA already play a critical role in designing and implementing safeguards for cybersecurity
in banking, and this trend will only increase.
At the operational level, RPA can be used to verify and cross-check the access controls, and the network
and systems permissions granted to different users and application across the bank.
Internally, ML can be used to learn patterns of suspicious network activity that can be used to detect
attacks against the bank.
At the executive level, AI rule-based systems can be developed to determine whether the bank is
operating consistently with a range of governance frameworks (or not) and suggest possible remedies
to achieve compliance.

.......................................................................................................................................................................................
CONSIDER THIS
What aspects of governance, risk management and compliance in your role could be affected by the adoption of
digital technologies? Could any of these prevent the adoption of any particular technology? Could some of your
governance, risk management and compliance work itself be automated?

QUESTION 3.14

Explain how automation can both increase governance risks, and improve the management of
governance risks.

Pdf_Folio:230

230 Digital Finance

ETHICAL CONSIDERATIONS
As intelligent automation technologies become more complex and — in the case of AI and ML — develop
and refine their algorithms based on their experiences, the risk of unintended consequences increases. For
example, in a recent experiment at the University of Bologna, two AI algorithms were set to compete
against each other in a virtual marketplace. Their goal was to make the maximum possible profits and they
were able to set their own selling price for their ‘products’. Before long, the two algorithms had begun to
collude and raise prices to the detriment of consumers (cited in Goh et al. 2019).
It is not enough to assume that if AI solutions are based on high-quality data inputs then they will
function as the developer intended. These technologies must be subject to regular oversight and review to
ensure that their outputs are in line with the business’s values and ethical requirements.
There are some basic steps that businesses can take to promote ethical use of AI, ML and RPA
technologies. For one tangible method for ensuring continuing ethics in intelligent automation, consider
the checklist in figure 3.14. Unsworth (2019) developed this list of important questions for internal audit
teams to consider when ensuring AI solutions are well managed, but they could equally apply to oversight
of any kind of intelligent automation.

FIGURE 3.14 Checklist for internal audit of AI solutions

• Is the AI initiative well-defined, governed and monitored against your expected business outcomes?
• Are all ethical, moral and safety considerations fully addressed in any responsible AI program?
• Are ethical criteria well-defined and are algorithms developed effectively?
• Are the relevant criteria appropriately tailored for the business?
• Are algorithms subject to continuing review and monitoring for their continued relevance and
effectiveness?
• Is data subject to processing being completely and accurately captured?
• How is data security, privacy and protection maintained?
• In what circumstances should a human override be applied were things to go wrong, and how is this
decision and application controlled and monitored?
Source: CPA Australia 2021.

Müller (2020) highlights some of the key topics of debate when considering the ethics of AI and robotics
and outlines some key concerns. Many of these topics are complex and we only provide a brief overview
of some interesting challenges and considerations below.

Privacy and Surveillance

A boundary is always required to protect access to private personal identifiable data. It is dangerous for AI
to have unbridled access to certain types of data.

Manipulation of Behaviour
Policies are required to limit online traders and service providers from exploiting customers using the
technologies and personal information at their disposal. At the moment, there are calls to stop many online
platforms from abusing personal information to maximise their profits, or influence a person’s behaviour,
by exploiting a users’ personal information and behavioural biases. Some extreme cases may involve
online criminal activities such as deepfake scams, deception, and making false claims to induce or facilitate
addiction to online gambling services. (Shao 2019)

Opacity of AI Systems
There is a need for humans to be able to gain insight and control how a particular pattern was identified by
an automated decision algorithm with due process, accountability, community engagement, and auditing.
It is risky and dangerous for an AI system to draw conclusions without a human having some awareness
or oversight as to how this conclusion has been reached.
.......................................................................................................................................................................................
CONSIDER THIS
If your organisation or client implemented an ML solution to analyse data and provide insights and recommendations,
what would you need in order to have confidence to act on those insights and recommendations?
Pdf_Folio:231

MODULE 3 Technology and its use in Finance 231

Bias in Decision Systems
Amazon’s decision to cancel a racist AI-driven recruiting program in 2018 clearly shows that AI decision
making can lead to bias in hiring recommendations (Woodie 2018). This system preferred candidates who
had ‘white-sounding’ names because the data this ML system had been trained on was biased. As discussed
earlier in the module, Amazon was also criticised for using recruitment software that was favourable
towards male applicants between 2014 and 2017. Therefore, the need to maintain a balanced and fair
decision system is often a difficult topic for AI to get right, and difficult for AI developers to manage.

Human–Robot Interaction
AI can be used to manipulate humans into believing and doing things. There is a belief that humanity needs
to prevent AI from working with processes or behaviours that involve deception, threaten human rights
and dignity, or violate the fairness in humanity. A common example is automated web bots or auto-dialled
phone calls that seek to scam users into making fraudulent payments.

Automation and Employment

Productivity gains through increased automation may replace human workers, and digital automation may
replace human information-processing needs. Hence, the dilemma is that on one hand new jobs are created
through automation (for developers and people who are trained to work with and alongside AI), but this
must be balanced with the loss of jobs associated with those automated tasks that the AI or RPA can now
handle alone.
This is a complicated question of social responsibility and a true cost–benefit analysis of rampant
automation is difficult to quantify.

Autonomous Systems
There is a need to balance ethical issues in autonomous systems, such as self-driving cars or robot vacuum
cleaners, where the AI exists to serve its owner. It must be determined whether an owned AI may be
influenced to pursue the owner’s self-interest in a manner that could endanger or disadvantage others (e.g.
whether it is possible to instruct a self-driving car to speed at the risk of other members of society).

Machine Ethics
This refers to the principles and techniques required for creating an artificial machine that can follow ideal
ethical principles, and exhibit the mechanisms required to be capable of engaging in moral behaviours
Anderson and (Anderson 2007). There is a need to ensure that the behaviour of AI towards human users
and other AI machines is ethically acceptable. There has also been significant controversy around the use
and scope of technologically enabled autonomous weapons systems, or so called ‘killer robots’ that in some
cases may be able to harm humans based on predefined rules, without the need for a specific human-made
decision or input.

Artificial Moral Agents

This is the study of finding a way to program a robotic machine to be able to compute and choose the
best moral action of a mature human with ethical competence. There is a need to ensure the rights and
responsibilities of AI machines to ensure they behave ethically. This might include a requirement for
chatbots and virtual agents to follow positive philosophical theories when dealing with humans, to ensure
a person is not exploited or harmed by an AI, or given advice that would disadvantage the person.

Singularity and Superintelligence

This is a need to ensure humans are always ultimately in control of AI systems, even if an AI were to
one day become ‘super intelligent’. The potential for a sentient AI is a very futuristic concept and the
premise of the ‘technological singularity’ — where the capabilities of technology irreversibly surpass the
capabilities of humanity — is mainly the remit of science fiction films and publications. However, as our
grasp of AI technology improves, it is important that the element of human control remains front of mind
to avoid the potential risk of a truly ‘rogue’ AI.

QUESTION 3.15

Discuss the relative risks and benefits of using personal data in RPA, AI and ML applications.
Pdf_Folio:232

232 Digital Finance

PREPARING FOR AN AUTOMATED FUTURE
The module has focused on how intelligent automation is currently applied in the business world — and
in particular, in digital tools that can add value in finance functions. In this final section, we will look to
the future.
• Finance functions can use the analytics and predictive capabilities of AI and in particular ML to move,
increasingly, from reactive supporting roles to strategic – and even visionary – leadership roles.
• Finance functions can integrate other contemporary technologies, such as blockchain and IoT, which
have been introduced in earlier modules of this study guide.

Transition to Strategic Roles

Singh and Ng (2019) propose three main ways in which finance can approach and facilitate the transition
to the digital finance era.
• Intelligent finance. A continuation of existing implementations and trends allows businesses to move
towards the use of intelligent automation to streamline and improve manual processing and compliance
tasks, both in finance and in other departments throughout the business.
• Digital factory and incubation. Finance teams can play a critical role in the digitisation of their
businesses. Not only can finance lead by example in the adoption of intelligent automation technologies,
they can also leverage these tools in complex analysis to help identify other areas of the business which
will likewise benefit from these technologies.
• Developing future finance talent. With the changing focus of the finance function and the use of
intelligent automation to complete repetitive manual tasks, the focus of finance employees must
change to embrace the innovation and collaboration required by the uptake of intelligent automation.
It is anticipated that the need for roles such as financial controller and accounts payable clerk, who
traditionally completed highly repetitive manual tasks, will decrease significantly. Instead, they will
be replaced by financial planners, data scientists and others who can offer a strategic and analytical
perspective on creating business value.

Integrate Other Technologies

Numerous technologies additional to those discussed in this module are being developed and applied in
finance and related roles. Digital literacy requires an understanding of these technologies so they can
be considered for their value in achieving the organisation’s objectives. Two examples are blockchain
and IoT.
Blockchain
As described in module 2, blockchain technology makes use of cryptography features that support
verification, identification, authentication, integrity and a guarantee of immutability, as well as enabling
transparent and decentralised smart contracts and smart ledgers. Blockchain provides distributed and
independent verification which establishes a new way to conduct business transactions among unknown
and/or untrusted entities.
Blockchain technology has found use cases in various financial business environments.
• Intesa Sanpaolo, one of the leading banking groups in Italy, uses Corda, a custom Ethereum blockchain
technology with a total of 16 other financial institutions. Corda manages interbank reconciliation in a
closed ecosystem known as a consortium chain (Stanislav 2019). The result of a ten-month trial shows
a dramatic improvement in the interbank reconciliation process and increased efficiency. Coupling
blockchain with automation helps the banks identify errors in interbank transactions by sharing data with
improved security and accuracy, as well as standardising processes and communications for correcting
issues between the participating banks.
• Another use case of blockchain and automation is the formation of a company called Lygon, jointly
owned by ANZ Bank, Westpac and the Commonwealth Bank of Australia. The company developed a
blockchain-based platform to handle the banks’ guarantee process. The automated process claims to
eliminate fraud and reduce the time taken by tenants and landlords to agree on commercial leases. This
platform delivers three benefits.
– A trusted blockchain record of the digitised documents that reduces the risk of missing the original
document details and allows data to be shared securely using the blockchain technology.
– Strong cryptographic security and non-repudiation proof of transactions eliminate fraud and enable
a secured channel in the sharing of information to external organisations.
– Transparent operation and reporting for participating organisations.
Pdf_Folio:233

MODULE 3 Technology and its use in Finance 233

Internet of Things
IoT refers to a large number of small intelligent objects that are manufactured with built-in sensors,
processors, software and other components. These intelligent objects can collect information through their
sensors and communicate and exchange information with other IoT devices and systems over the internet.
These devices can be ordinary household objects such as your fridge, television set, door locks, or smart
watch, or they may be more sophisticated technologies such as facial recognition surveillance systems and
sophisticated machines such as intelligent passport gates (Sighila et al. 2016). There are currently billions
of connected IoT devices, and this number continues to grow.
The finance sector finds IoT devices useful in process automation applications and digital asset
management. These devices provide specialised information from their sensors, such as the location and
the environmental condition of the IoT device. This can help track distribution, maintenance issues, and
even help keep track of weather conditions. Intelligent devices even implement blockchain operations by
permanently keeping records of all authenticated transactions.
One successful use case for IoT and blockchain in banking, is the blockchain–IoT based smart contracts
application used by Commonwealth Bank of Australia, Wells Fargo and the trading firm Brighann Cotton.
The system was able to handle the transaction between two banks using blockchain, smart contracts, and
the IoT devices assigned to track a shipment of cotton from Texas in the US to Qingdao in China. Coupled
with AI automation of the shipment and settlement process, the real-time status of the transaction could
be monitored continuously, and aggregated performance details of all transactions are available (Internet
of Business n.d.).
Another use case is the smart ATM solution offered by Diebold, a US financial and security services
corporation. The smart ATM uses multiple technologies to secure payment transactions, such as tokens,
biometrics, and magnetic secure transmission technology. The smart ATM enables users equipped with
the relevant IoT device to schedule a session, walk up to the nearest smart ATM and choose one of the
available verification options to complete the transaction in less than 10 seconds without touching the ATM
keypad physically (IoT for All 2017).

3.18 CASE STUDY

In this section, we present an extended case study that draws together issues from across the module.

EXAMPLE 3.23

The Value of Technology

The first three months as a graduate management trainee were nothing like Hannah Neale had expected.
Although she had majored in accountancy at university, the trainee program was designed to give Hannah
exposure to all facets of EasyStreet Transport Limited’s business, which meant she had spent very little
time doing anything accounting-related.
EasyStreet Transport was in the transportation business. More than simply moving goods from A to
B, EasyStreet Transport operated a full contract logistics operation for smaller businesses, repair and
maintenance workshops for both their own and other companies’ trucks, and supported the workshops
with a comprehensive spare parts importing and supply operation. There were healthy profits to record
and assets to track, but so far Hannah’s work had been more about moving goods around than recording
the process.
Now on her second rotation, Hannah was starting to see her work move slightly towards what she
thought of as ‘accounting’, but at the same time she had to admit that the training program was revealing
gaps in her knowledge. The first rotation had been in the spare parts warehouse. As each order appeared
on her iPad she would collect the required parts from the shelves and box them for delivery. Occasionally,
she found she needed to check the orders with her supervisor as some boxes were poorly labelled and
she did not have the background in trucking that would help her identify what the part was supposed to
look like. As all trainees had been instructed to note and recommend areas for improvement, Hannah had
suggested the part-picking instructions should include pictures of the required parts to reduce errors by
the pickers. Two weeks later, at the regular end of week review sessions, she was surprised to learn that a
much-modified version of her idea would be adopted, but instead of pictures to help the picker EasyStreet
Transport was investigating using AI linked to cameras to check each box contained the correct parts
before shipping.
The introduction of AI-based camera checks was just one small part of a comprehensive digital
transformation program EasyStreet Transport had initiated to keep itself at the leading edge of the industry.
Pdf_Folio:234

234 Digital Finance

 At the bare minimum the company’s plans called for every process that could be mechanised or automated
to be automated, using RPA, AI and ML. Whichever method showed the most promise for improving the
underlying process would be adopted.
As news of the automation project spread through the company, Hannah’s second rotation, to
EasyStreet Transport’s human resources business unit, became extremely busy. Suddenly staff throughout
the company and union representatives were requesting copies of contracts and employment agreements
as they tried to determine whether their job was secure. As a new trainee, Hannah was kept in the
background doing low-level compliance work while the human resource specialists managed the more
complicated work. Watching, and realising how the courses she had chosen at university left her almost
completely unprepared in this field, Hannah was relieved when she found herself becoming the go-to
person for salary, tax and superannuation queries.
Most work was on other issues, so it also gave her time to reflect on how backwards things sometimes
seemed. The most she had known about automated systems was that some American companies were
developing self-driving cars. With her new job in the transportation industry, Hannah had also done a little
Google-research on self-driving trucks out of curiosity, she could not help but find it a little ironic that the
employee group that seemed least threatened by automation was the truck drivers, as they just would not
believe self-driving trucks would be viable in their lifetime.
Around three weeks into this rotation, Hannah was having her weekly review and catchup with her
supervisor in human resources when the conversation took an unexpected turn. Her supervisor Penny
Lee revealed that she was very uncomfortable with the business automation and wanted to know how it
appeared to an accountant, like Hannah.
At first Hannah wondered if this was some kind of test, but not sure how it would be she decided to
play it straight and honest. ‘Well, I think the key to this, or any large project, needs to be a cost–benefit
analysis. There is room to choose how benefits and costs are measured, but in the end that can also
depend on what you measure and how you measure it. One thing we do in management accounting
is use a balanced scorecard, where we select appropriate dimensions and measure all the costs and
benefits, not just financial but also the non-financial.’
‘It is also important to consider which stakeholder groups we are considering. As you can see, the
reason we are so busy here at the moment is because there are so many employees concerned they will
carry most of the cost. If we just stick to a shareholder primacy approach and only care about shareholder
returns then cutting staff through automation can be a good thing as it cuts costs. If it is only about the
shareholders’ financial return then the social costs of cutting staff are external to the business once you
get past any redundancy costs.’
‘On the other hand, if we look beyond the shareholders, look at all stakeholders and really think about
the long-term sustainability of the company within society and the community then there are more non-
financial costs we need to consider, and then the value of automation needs to be understood in a
different way.’
Penny was silent, thinking over what she had just heard, this made Hannah a little nervous and she
started wondering if she had gone too far. ‘Are you just testing me?’, she asked.
‘I’m asking you because you seem bright, and no-one would really believe you if you told them I had
opened up about my concerns like this. Anyway, these are not normal times and normal business practice
is not working for me right now. Either way, what I am about to tell you is strictly off the record. If you prefer
we can end this conversation now.’
Hannah thought for a bit, then replied, ‘No, I believe you want what is best for the company and if I was
to get in trouble for helping you then this is not the sort of company I want to be part of.’
Penny was quiet, thinking, then decided to open up. ‘Yesterday I saw a demonstration of how AI and
ML could be used for recruitment and employee evaluation. I was not happy with what I saw.’
‘There was a lot of bias in the recruitment results. The computer did a very good job in selecting drivers
similar to the majority of drivers we use. On one hand they would have been perfectly OK employees, but
on the other hand there were better candidates who were not selected by the computer. The fact is many
of our best recent driver hires are women, but we have not hired many women in the past — most of our
drivers are male. That is pretty standard in the industry.’
‘What really concerned me was that, although, for straight legal reasons, gender identity was not
included in the data the computer used, it still managed to only select men. Probably because it had
worked out that those drivers were most similar to our existing driver base, but completely missing the
temperament factors which make good drivers and are more common in our women drivers.’
‘The other demonstration was for staff performance evaluation that could potentially be used to select
which employees stay and who loses their jobs if we end up cutting staff. The computer had no problem
selecting the best- and worst-performing staff, but could not provide any sort of justification for the
selections. How could I tell someone they would no longer be working here if the only reason I can offer
is “the computer said so”?’
‘It seems to me that bringing AI into human resources is a really bad idea, but how do I convince senior
management without making it seem that I am only trying to keep my job?’
Pdf_Folio:235

MODULE 3 Technology and its use in Finance 235

 Luckily Hannah had been using what little spare time she had to read up on automation practices,
something Penny had been too busy to do, and was able to provide an answer.
‘Ok, to clarify the problem: no matter what, senior management wants increased automation. But
technology is not a one-size-fits-all solution. There are three main technologies being considered: RPA,
AI and ML.’
‘It is clear to us that AI and ML are not suitable for many HR decisions. The computer is both figuratively
and literally a ‘black box’ with these processes, we have no idea how the decisions are made and these
need to remain human decisions so they can be explained. Instead, your tactics need to be pushing for
RPA and taking the focus away from AI and ML.’
Penny was confused. ‘What? Robots in HR? Were you even listening?’
‘No, no, not robots like in the movies, but software bots. Little computer applications which are good
for repetitive tasks like collecting information needed as part of new staff on-boarding processes or
compliance tasks.’
‘The benefits come about through increased efficiency and productivity, lowering costs. Just think in
terms of forms being filled out online or automatically by bringing in data from other systems. We do some
of that already when we import data from transport logs for driver workload and salary calculations.’
‘Sure, this automation will cut back on time HR staff use for manual processes, and yes it could result in
some cut back in HR staff. It would also allow HR to spend more time working on value-added activities
such as supporting internal training programs.’
Penny thanked Hannah for her ideas, she started thinking that the automation program might not be so
bad after all, but she had a lot of work to do if she was going to get this right.
Later that week Hannah found herself talking over lunch to a friend, Warren, she knew from the parts
warehouse. Warren was joking that Hannah would need to come back for another rotation because the
automation program was going to change it so much, she would not recognise it. Hannah’s conversation
with Penny had made her a bit wary of how the company might use AI and this made her ask Warren
for details.
It turned out that the earlier idea of using a camera and AI to scan orders to check the parts were correct
had been pushed back to a late phase in the automation program. There were a lot of easier projects which
could be completed using the company’s existing data rather than go through every item in inventory and
try to train a computer to recognise it.
The first project was to use AI to predict stock requirements, both from customers, and for the
warehouse itself. The way the global supply chain had been affected by COVID-19 had made management
sensitive to supply chain vulnerabilities so this was an area they were focused on fixing. EasyStreet
Transport had years of incoming and outgoing order data which the new AI systems were using to replace
the old inventory management systems. Already there had been successful cases where parts had been
dispatched to a client’s home city in anticipation of an order coming though, surprising the customer
with rapid delivery when the actual order was made. So far, those successes were rare, but there was an
expectation that the system would get better with time and as more data became available.
These developments were easy to initiate as the company had suitable, structured data they could use
to train the AI system. Yet, the fact that they wanted to use AI to predict future stock needs was pushing
the boundaries of what AI could do. No matter how good the system and data were, predicting the future
has always been somewhere between difficult and impossible.
Hannah had studied some statistics at university, but, from what she could see, the analysis being
done by the AI was well in advance of what she had studied. As far as she could tell, the problem involved
splitting the data into training and test sets. Normally the data would be split randomly, but because the
data they were using was measured over time, the training set would use the earlier data and the test set
would use later data. The idea was to see if the models generated by the training set would still work in a
later period. They would work, but never as well as they hoped.
The warehouse’s other project was much more futuristic. They were using Google’s AI engine to convert
voice to text to assist in taking phone orders. Orders could be lodged by drivers anywhere and anytime by
phone, as they did not always have computer access to make online orders. Each call would be transcribed
into a file, converted to email, and sent to the warehouse so it could be prepared for shipping as soon
as confirmation was made. This, NLP application depended on an outside provider and therefore would
bring in ongoing costs, but developing similar technology internally was simply not viable.
Hannah was now getting into the habit of analysing the automation program from an accounting
perspective. It occurred to her that everything was so dependent on the quality and quantity of data
used. There was value in the warehouse’s database just as much as there was value in the inventory held
by the warehouse. The difference being that, as far as she could see, following the standard accounting
rules would not allow internally created data’s value to show on the balance sheet. The NLP parts-ordering
project also made her realise how much non-numeric, unstructured, data EasyStreet Transport collected
every day. The potential for value creation by making better use of this data seemed almost unlimited.
Finally, on her third rotation, Hannah found herself working in accounts. All her extra study getting
familiar with automation processes was starting to be noticed at EasyStreet Transport, so she was
Pdf_Folio:236

236 Digital Finance

 assigned to work with one of the development teams on an ML project to improve the company’s
credit analysis.
Generally, EasyStreet Transport’s customers were good at paying bills on time, or at least with a
little reminder, but that had deteriorated since the onset of COVID-19. Many businesses were running
on tight budgets and delaying payments, which in turn was having a negative effect on cash flows in
transportation. In this environment it was becoming very important for EasyStreet Transport to make better
credit decisions.
From talking to others in the company about the range of automation programs being applied, Hannah
was developing an appreciation for the key determinants of success or failure in business automation.
Now, working in a team including AI developers and ML experts she was able to ask the detailed questions
she needed to round out her new knowledge.
As she had worked out earlier, the key factor was data. The developers had a phrase: garbage in,
garbage out. Hannah could now see that was the problem behind the bad HR demonstrations Penny
had told her about. The input data was flawed. Although it did not include gender identifiers, there was
unintentional bias arising from other included factors which correlated to gender.
For the credit-decision project, Hannah was worried that the weaknesses in the inventory management
AI — it not being able to predict future inventory needs as well as the company wanted — were likely to
be seen in credit decisions as well, as credit decisions were about future late payments and default.
Hannah decided it would be a good idea to examine the data inputs, trying to identify possible sources
of bias. It did not take long to find one. All historical payment records to be used in the training data were
for customers who had been granted credit in the past. There was no data for customers who had not
been granted credit as they had no choice but to pay cash up-front. This greatly reduced the variation in
data available, and Hannah now knew from statistics and talking to the developers that variation in the
data was key to the maths and statistical analyses underlying the AI and ML processes.
At first, she could not think of a solution. They could hardly make up data or grant credit to everyone
to collect a more variable dataset. Then she realised that a solution might be found in widening the range
of data being used. Instead of just using the, mainly numerical, accounting records, Hannah searched
for other data, finding extensive records of emails communications with customers. After talking to the
developers about bring in this unstructured data, the development team found the test dataset produced
much better results.
As an accountant, Hannah was now not only seeing value in the data, but how important it was for
adequate controls to be put in place to protect the data from theft, unauthorised manipulation, and misuse.
Just as the company needed to protect its physical assets and cash, it was becoming critical to business
survival to protect the data. While privacy laws meant the company was putting extra protections in place
for any personal data, Hannah was concerned that not enough was being done to control, audit, protect
and collect data for current and future uses.

.......................................................................................................................................................................................
CONSIDER THIS
How capable is Hannah at:
• selecting appropriate digital tools, using accounting and finance knowledge, that provide innovative solutions to
complex business problems
• evaluating the impact of innovative technologies on the work of accounting and finance professionals to
communicate the benefits and risks to key stakeholders in the organisation
• appraising the suitability of technology in creating efficiencies and solving complex business problems?
Think about how your own abilities compare with Hannah’s.

SUMMARY
Technologies such as RPA, AI and ML are valuable solutions to complex business problems when they
are appropriately applied. Any particular problem will be most effectively and efficiently addressed by
a specific technology or combination of technologies. Understanding the applications, benefits, risks and
challenges of each technology enables an appropriate evaluation against well-defined goals and objectives.
Digital transformation of an organisation requires a cohesive strategy aligned to the overall business
strategy. Each decision should be focused on the value that is created for the organisation and its
stakeholders.

Pdf_Folio:237

MODULE 3 Technology and its use in Finance 237

 The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

3.1 Select appropriate digital tools, using accounting and finance knowledge, that provide
innovative solutions to complex business problems.
• Digital tools should be selected for their ability to answer a specific need. A useful guiding principle
is that the ‘best’ technology is the technology that matches the business’s needs.
• Technologies should not be evaluated in isolation, but rather as synergistic parts of an overall digital
strategy.
3.2 Evaluate the impact of innovative technologies on the work of accounting and finance
professionals to communicate the benefits and risks to key stakeholders in the organisation.
• Innovative technologies can achieve process efficiencies, create new insights by analysing data in
powerful ways and engage with employees and customers to enhance their experience.
3.3 Appraise the suitability of technology in creating efficiencies and solving complex
business problems.
• Understanding the applications, benefits, risks and challenges of each technology enables an
appropriate evaluation against well-defined goals and objectives.

Pdf_Folio:238

238 Digital Finance

REVIEW
An accounting and finance professional heading into this new future that will be heavily influenced by
intelligent automation, advanced analysis and increasing interaction with cognitive technologies, must
consider how their professional skills may be best leveraged. As the adoption of technology increases,
organisations will have different priorities for the value they are seeking from their human resources. It is
crucial for the professional to identify and address any skill gaps.
Numerous processes in accounting and finance involve applying rules to data. These processes are
expected to be automated in the near future, enabling the organisation to leverage its investment in
accounting and finance professionals towards more value-adding work.
AI technologies can be used to achieve a degree of intelligent automation, as well as generate insights
from data and engage with customers and employees. Accounting and finance professionals can draw on
the insights generated to help the organisation develop new or improved business models. Technology
is likely to become a partner to the professional as they do their work, integrating seamlessly into
workflows — this requires an acceptance of the change and the flexibility to adapt.
As ML is one of the technologies which has the greatest applicability to finance, basic technical skills in
this area and an understanding of the business context surrounding implementation of ML will provide the
insight required to analyse and advise the business both in finance and more generally (Goh et al. 2019).
With an understanding of the benefits, costs, risks and potential applications of various digital tools,
the accounting and finance professional can make a valuable contribution to the development and
implementation of a digital strategy that optimises their value to the business.

REFERENCES
Agarwal, D 2018, ‘An introduction to AI at LinkedIn’, LinkedIn, accessed August 2020, https://engineering.linkedin.com/blog/
2018/10/an-introduction-to-ai-at-linkedin/.
Anderson, M & Anderson, SL 2007, ‘Machine ethics: Creating an ethical intelligent agent’, AI Magazine, vol. 28, no. 4, accessed
October 2020, https://www.researchgate.net/publication/220605213_Machine_Ethics_Creating_an_Ethical_Intelligent_Agent.
Barbaschow, A 2019, ‘How CommBank is training its machine learning Customer Engagement Engine’, ZDNet, 2 August,
accessed March 2021, https://www.zdnet.com/article/how-commbank-is-training-its-machine-learning-customer-
engagement-engine/.
Bates, M 2020, ‘AI, machine learning behind new Ellie Mae credit evaluation automation’, Mortgage Orb, accessed October 2020,
https://mortgageorb.com/ai-machine-learning-behind-new-ellie-mae-credit-evaluation-automation/.
Blue Prism n.d., ‘Coca-Cola extends business services capacity and improves performance with RPA’, October 2020, https://www.
blueprism.com/uploads/resources/case-studies/blue-prism-cola-case-study.pdf
Brodsky, L, et. al. 2018, ‘Open banking’s next wave: Perspectives from three fintech CEOs’, McKinsey, accessed October 2020,
https://www.mckinsey.com/industries/financial-services/our-insights/open-bankings-next-wave-perspectives-from-three-fintech-
ceos/.
Chan, R 2020, ‘The Cambridge Analytica whistleblower explains how the firm used Facebook data to sway elections’, Business
Insider, accessed October 2020, https://www.businessinsider.com/cambridge-analytica-whistleblower-christopher-wylie-
facebook-data-2019-10.
Cheng, A 2019, ‘Why Amazon Go may soon change the way we shop’, Forbes, accessed October 2020, https://www.forbes.com/
sites/andriacheng/2019/01/13/why-amazon-go-may-soon-change-the-way-we-want-to-shop/.
Crowe, D 2020, ‘Simpler lending rules for home loans and credit to free up the economy’, Sydney Morning Herald, 24 September,
accessed October 2020, https://www.smh.com.au/politics/federal/simpler-lending-rules-for-home-loans-and-credit-to-free-up-
the-economy-20200924-p55yz9.html/.
Davenport, TH & Ronanki, R 2018, ‘Artificial intelligence for the real world’, Harvard Business Review Magazine, January–
February, accessed March 2021, https://hbr.org/2018/01/artificial-intelligence-for-the-real-world.
Dilmegani, C 2020, ‘15 RPA benefits compiled from top sources [2020 update]’, accessed October 2020, https://research.
aimultiple.com/top-robotic-process-automation-rpa-benefits/#maintaining-an-audit-trail.
Downes, L & Nunes, P 2013, ‘Big bang disruption’, Harvard Business Review Magazine, March, pp. 44–56.
DTA (Digital Transformation Agency) 2018, ‘Digital transformation strategy’, accessed October 2020, https://www.dta.gov.au/
digital-transformation-strategy.
Faggella, D 2020 ‘AI in the accounting Big Four — Comparing Deloitte, PwC, KPMG, and EY’, accessed October 2020,
https://emerj.com/ai-sector-overviews/ai-in-the-accounting-big-four-comparing-deloitte-pwc-kpmg-and-ey/.
Fisher, C 2020, ‘Adobe previews AI-powered “Sky Replacement” tool for Photoshop’, Engadget, accessed October 2020,
https://www.engadget.com/adobe-sensei-ai-sky-replacement-preview-155256593.html/.
Goh, C, Pan, G, Poh Sun, S, Lee, B & Yong, M 2019, Charting the future of accountancy with AI, Research Collection School Of
Accountancy, accessed September 2020, https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=2833&context=soa_
research.
Gusher, T 2018, ‘Learning to manage machine learning’, KPMG, accessed March 2021, https://assets.kpmg/content/dam/kpmg/br/
pdf/2018/12/br-learning-to-manage-machine-learning.pdf.
Pdf_Folio:239

MODULE 3 Technology and its use in Finance 239

Heilpern, W 2016, ‘Taco Bell is using a chat bot to completely change how you order food’, Business Insider, accessed October
2020, https://www.businessinsider.com.au/taco-bells-tacobot-orders-food-for-you-2016-4?r=US&IR=T/.
Hood, D 2018, ‘The profession’s biggest challenges’, Accounting Today, accessed October 2020, https://www.accountingtoday.
com/news/the-accounting-professions-biggest-challenges/.
IDC 2021, ‘Lead digital transformation (DX) with new IT capabilities’, accessed October 2020, https://www.idcdxawards.com/
lead-digital-transformation-dx-with-new-it-capabilities/.
Internet of Business n.d., ‘Eight examples of how IoT is improving retail banking’, accessed October 2020,
https://internetofbusiness.com/eight-examples-iot-retail-banking/.
IoT for All 2017, ‘4 ways IoT changes the financial services industry’, accessed October 2020, https://www.iotforall.com/
4-changes-iot-in-financial-services-industry/.
Johnston, M 2019, ‘CSIRO bets the farm on new AI platform for agriculture analytics’, ITNews, accessed August 2020,
https://www.itnews.com.au/news/csiro-bets-the-farm-on-new-ai-platform-for-agriculture-analytics-518068/.
Kelly, L 2019, ‘How to build a successful RPA strategy’, IT Brief, accessed October 2020, https://itbrief.com.au/story/how-to-
build-a-successful-rpa-strategy.
Kinetic Consulting Services 2016, ‘The case for robotic process automation’, accessed October 2020,
https://www.kineticconsulting.com.au/wp-content/uploads/2016/02/The-Business-Case-for-RPA_Kinetic-Consulting-
Services.pdf/.
Kosasih, E 2019, ‘[Theory of AI for Manufacturing] Part 1: Definition’, accessed August 2020, https://towardsdatascience.com/
ai-a-modern-approach-part-1-introduction-90788998f575/.
KPMG 2020, ‘COVID-19: Impact on the banking sector’, accessed October 2020, https://home.kpmg/xx/en/home/insights/2020/
07/covid-19-impact-on-banking-m-and-a-2020.html/.
Loh, M & Ashton, D 2019, ‘Using intelligent automation to transform the finance function’, C Gohand Pan, G, et. al. ‘Charting the
future of accountancy with AI’,CPA Australia, accessed October 2020, https://www.cpaaustralia.com.au/~/media/corporate/
allfiles/document/professional-resources/business/charting-the-future-of-accountancy-ai.pdf.
Mason, M 2017, ‘SEEK is using artificial intelligence to find your next job’, Australian Financial Review, 12 January,
https://www.afr.com/companies/media-and-marketing/seek-is-using-artificial-intelligence-to-find-your-next-job-20170112-
gtpy47/.
Matt, C, Hess, T & Benlian, A 2015, ‘Digital transformation strategies’, Business & Information Systems Engineering, vol. 57,
no. 5, pp. 339–343.
McGuire, A 2017, ‘Robotic process automation’s place in process improvement’, accessed October 2020, https://blog.leonardo.
com.au/robotic-process-automations-place-in-process-improvement/.
McKinsey 2018, ‘Value and resilience through better risk management’, accessed October 2020, https://www.mckinsey.com/
business-functions/risk/our-insights/value-and-resilience-through-better-risk-management#.
Müller, VC 2020, ‘Ethics of artificial intelligence and robotics’, accessed October 2020, https://plato.stanford.edu/entries/
ethics-ai/.
PwC 2017, ‘No longer science fiction, AI and robotics are transforming healthcare’, accessed August 2020, pwc.com/gx/en/
industries/healthcare/publications/ai-robotics-new-health/transforming-healthcare.html/.
Rapidmation n.d., ‘DKG automates to survive and thrive’, accessed March 2021, https://www.rapidmation.com/wp-content/
uploads/2021/02/DKG-Case-Study.pdf.
Rapidmation 2021, ‘Intelligent automation case studies: Accounts payable’, accessed March 2021, https://www.rapidmation.com/
intelligent-automation-case-studies.
Raza, M 2019, ‘How machine learning benefits businesses’, BMC, accessed September 2020, https://www.bmc.com/blogs/
machine-learning-can-benefit-business.
Sennaar, K 2019, ‘How the 4 largest airlines use artificial intelligence’, accessed August 2020, https://emerj.com/ai-sector-overvie
ws/airlines-use-artificial-intelligence/.
Serokell 2020, Artificial intelligence vs. machine learning vs. deep learning: what’s the difference, accessed September 2020,
https://medium.com/ai-in-plain-english/artificial-intelligence-vs-machine-learning-vs-deep-learning-whats-the-difference-
dccce18efe7f.
Shao, G 2019, ‘What “deepfakes” are and how they may be dangerous’, CNBC, accessed October 2020, https://www.cnbc.com/
2019/10/14/what-is-deepfake-and-how-it-might-be-dangerous.html/.
Sighila, P, et al. 2016, IoT based RFID gate automation system’, accessed October 2020, https://www.ijettjournal.org/2016/
volume-36/number-9/IJETT-V36P285.pdf/.
Simudyne 2020 ‘How Barclays is predicting the future. Barclays Bank case study’, accessed October 2020, https://simudyne.com/
wp-content/uploads/2019/11/Barclays-case-study-1.pdf/.
Singh, R & Ng, L 2019, ‘Technology trends in accounting and finance’, In Goh, C. and Pan, G., et. al. ‘Charting the future of
accountancy with AI’, CPA Australia, accessed October 2020, https://www.cpaaustralia.com.au/~/media/corporate/allfiles/
document/professional-resources/business/charting-the-future-of-accountancy-ai.pdf.
SoftBank Robotics n.d., ‘Pepper’, accessed October 2020, https://www.softbankrobotics.com/emea/en/pepper/.
Sremack, J 2018, ‘An introduction to robotic process automation for nonprofits’, BDO, accessed October 2020, https://www.bdo.
com/blogs/nonprofit-standard/july-2018/an-introduction-to-robotic-process-automation.
Stanislav 2019, ‘Use cases for blockchain in finance functions’, accessed October 2020, https://blockchain.intellectsoft.net/blog/
use-cases-for-blockchain-in-finance-functions/.
Thales Group n.d., ‘Know your customer in banking’, accessed August 2020, https://www.thalesgroup.com/en/markets/digital-
identity-and-security/banking-payment/issuance/id-verification/know-your-customer/.
The Unbelievable Machine 2017, ‘Artificial intelligence as a Service — AI off the shelf’, accessed August 2020, https://blog.
unbelievable-machine.com/en/artificial-intelligence-as-a-service/.
Tucci, L 2020, ‘Ultimate guide to RPA (robotic process automation)’, accessed October 2020, https://searchcio.techtarget.com/
Ultimate-guide-to-RPA-robotic-process-automation/.
Pdf_Folio:240

240 Digital Finance

UiPath n.d., ‘How Australian Unity regained 22 493 of manual labor hours in 8 months’, accessed October 2020, https://www.
uipath.com/solutions/customer-success-stories/australian-unity/.
Unsworth, G 2019, ‘Internal audit function of the future. Seizing the artificial intelligence opportunity’, In C Goh et al. (eds.),
Charting the future of accountancy with AI, Research Collection School Of Accountancy, accessed October 2020, https://ink.
library.smu.edu.sg/cgi/viewcontent.cgi?article=2833&context=soa_research.
Woodcock, M 2020, ‘APRA Regulation CPS 234 – What is it and how does it apply to your organisation?’, BDO, accessed
October 2020, https://www.bdo.com.au/en-au/insights/cyber-security/articles/apra-regulation-cps-234-what-is-it-and-how-
does-it-apply-to-your-organisation/.
Woodie A 2018, ‘Do Amazon’s biased algorithms spell the end of AI in hiring?’, accessed October 2020, https://www.datanami.
com/2018/10/16/do-amazons-biased-algorithms-spell-the-end-of-ai-in-hiring/.
World Economic Forum 2020, ‘Transforming paradigms: A global AI in financial services survey’, accessed October 2020,
http://www3.weforum.org/docs/WEF_AI_in_Financial_Services_Survey.pdf.

Pdf_Folio:241

MODULE 3 Technology and its use in Finance 241

Pdf_Folio:242
MODULE 4

DATA ANALYTICS,
INTERPRETATION AND
VISUALISATION
LEARNING OBJECTIVES

After completing this module, you should be able to:

4.1 evaluate the effectiveness of integrating big data and data analytics to create efficiencies and valuable
insights in solving complex business problems
4.2 appraise the impact of big data and data analytics on the work of accounting and finance professionals to
determine the organisation’s resource needs
4.3 design the requirements for a robust data strategy including a plan for managing the complexity of
practical implementation
4.4 evaluate the effectiveness of various data visualisation tools in presenting complex data to convey desired
messages to a range of audiences
4.5 recommend innovative digital tools as an effective solution to complex business data issues
4.6 analyse data analytics results to assess the ongoing suitability of models used and improve business plans
and processes.

PREVIEW
In module 1, we described how advances in technology had led to a massive increase in the creation,
capture, processing and sharing of data. This explosive growth in data is a fundamental enabler of the
digital finance ecosystem we described in module 1, the emerging forms of digital currency we described
in module 2 and many of the finance and other business applications of automation, artificial intelligence
and machine learning technologies we described in module 3.
Module 3, in particular, described the use of technology to interact with data in ways that create value for
the organisation and its stakeholders. All of those approaches involved the analysis of data and application
of the findings. In module 3, the focus was on how technology could analyse data and, in many cases,
automatically respond through applications such as chatbots and robo-advisors. In this module we will
examine how data can be analysed to generate insights that can be presented to decision makers to help
them achieve the business’s operational, tactical or strategic goals.
Accounting and finance professionals are experienced data owners, analysts, information creators and
information providers, but the recent massive expansion of data availability and analytical abilities has
created the need for an expanded skill set.
The field of analytics formalises the role of data for decision making in organisations. As such, account-
ing and finance professionals need to attain and encourage data literacy throughout the organisation,
make meaningful input to the organisation’s data strategy, be able to prompt, shape and work with the
output of analytics processes, interpret the meaning of analytics outputs and use appropriate visualisation
and communication tools to ensure others, particularly decision makers, gain actionable insights arising
from analytics.
Part A of the module establishes the concept of data-informed decision making and the need for
accounting and finance professionals to develop data literacy skills. Part B explores how to develop and
implement a robust data strategy to capture, store and process the data required by the organisation’s
analytics applications. Part C steps through the process of analysing big data, including the application of
artificial intelligence technologies. Part D examines the process of interpreting the outputs of analytics
to derive insights and make recommendations to decision makers about possible courses of action.
Pdf_Folio:243

Part E concludes the module by exploring visualisations and other techniques that can be used to effectively
communicate the actionable insights and recommendations that have been developed.
PART A: DATA LITERACY
INTRODUCTION
Data is ubiquitous and cheap to acquire. It is being generated by organisations and individuals at high
velocity and in large volumes. A business that is able to extract relevant insights from data to inform
strategy and operations can obtain a competitive edge over those that do not. Extracting and using these
insights requires the organisation to develop or acquire analytics expertise (e.g. to employ data scientists
or outsource analytics to a specialist provider). Moreover, however, to translate insights into value-adding
actions requires the organisation to adopt a data-informed approach to decision making. This, in turn,
requires data literacy skills throughout the organisation.

4.1 INTRODUCTION TO DATA AND DATA LITERACY

As explained in earlier modules, many businesses now have access to big data and an array of technologies
to analyse it. Gartner experts (White 2019) predict that in 2022:
• ninety per cent of corporate strategies will refer to analytics as an essential capability and information
as a critical resource
• the majority of new business systems will use real-time data to provide continuous business intelligence
to support decision making
• data delivery time will reduce by 30 per cent (compared to 2019)
and yet
• only 1 in 5 analytics insights will convert to business outcomes.
A business needs people with the ability to understand and leverage analytics insights. That requires an
organisation-wide commitment to data-informed decision making, which in turn requires the organisation’s
people to develop data literacy skills.

DATA-INFORMED DECISION MAKING

Data-informed decision making is the practice of making decisions based on the actionable and verified
knowledge created through analytics. It does not mean that decisions are made purely on the output of data
analysis (Provost et al. 2013). Rather, the decision maker combines the knowledge from data analysis with
their own knowledge, experience and intuition in order to make decisions. Although analysis of data can
provide powerful insights, other important factors should often be considered in a decision. It is important
to recognise that data-informed decisions are not data-dictated decisions.
BI Survey found that 58 per cent of the companies it surveyed made decisions in which the basis
was weighted towards ‘gut feeling’ more than 50 per cent of the time. The research also revealed that
‘significantly fewer best-in-class companies than laggards base the majority of their business decisions
on gut feel or experience (40 per cent vs 70 per cent)’ (BI Survey 2020). This demonstrates that although
the majority of companies rely on a mix of data and intuition to make decisions, the companies that lean
towards data-informed decision making tend to have a competitive edge.
Research by Brynjolfsson et al. (2011) showed a positive relationship between data-informed decision
making and productivity. Additionally, there was some evidence to support a causative link between data-
informed decision making and higher return on assets, return on equity, asset utilisation and market value
(Brynjolfsson et al. 2011).

ANALYTICS
As explained above, the basis of data-informed decision making is knowledge created through analytics.
The earlier modules in this study guide frequently referred to the value of data. Data is simply a fact or
observation, of little use in its raw state. It is what the organisation is able to do with its data that creates
value. Analytics refers to the use of skills, processes and technologies to derive information from data.
Information has meaning and purpose relevant to an individual’s or organisation’s needs. Knowledge is
created by integrating information with prior experience, skills and opinions. Finally, wisdom is the ability
to use knowledge to make decisions and act on them. Analytics, therefore, is a crucial step in deriving value
from data.
Pdf_Folio:244

244 Digital Finance

 There are four basic forms of business analytics. These are:
• descriptive analytics
• diagnostic analytics
• predictive analytics
• prescriptive analytics.
Each of these forms of business analytics has its own unique set of attributes and corresponding purpose,
summarised in table 4.1.

TABLE 4.1 Descriptive, diagnostic, predictive and prescriptive analytics

Descriptive Diagnostic Prescriptive

analytics analytics Predictive analytics analytics

Questions What has Why did it happen? What is likely to How can we make it
answered happened? What happen? happen?
is happening?

Purpose Summarise results Determine cause Forecast or estimate Determine a course

of past or current and effect future performance of action
performance

Data sources Surveys, interviews, Internal and external Historical and real- Historical and real-
financial data data (e.g. weather, time data including time data including
location) transactional data, transactional data,
customer service data feeds and
data and big data big data
(e.g. social media)

Analysis tools/ Metrics reports, data Principal component Data mining, Rules, simulation
techniques mining, aggregation, analysis (PCA), quantitative analysis, analysis,
used clustering and sensitivity analysis, predictive modelling, recommendation
summary statistics data discovery, machine learning engines, artificial
regression analysis algorithms and intelligence and
and data mining artificial intelligence neural networks

Outputs Data visualisations Correlations, Predictive models Probability-weighted

(e.g. graphs, causation and used for forecasting projections, rules and
charts, frequency interactive data recommendations for
tables, reports and visualisation tools the next steps to
dashboards) (e.g. analytic be taken
dashboard)

Limitations Descriptive analytics Human analysts Since predictive Prescriptive analytics

are only summations need to be analysis is based require large data
about the sample careful not to on probabilities, sets to produce
actually measured. misinterpret patterns it cannot be useful results.
They focus on the (correlations) as completely accurate Machine learning
past. explanations and it may be algorithms cannot
(causation) of a difficult to show a always account for all
business problem. causal relationship external variables.
Instead, output between the
should be used to predictors and
support decision output variable.
making.

Source: CPA Australia 2021.

.......................................................................................................................................................................................
CONSIDER THIS
Study table 4.1 carefully. Do you understand all of the terms and concepts and their relevance to your work?

Many years ago, companies would use teams of analysts and statisticians to manually work with data
sets to derive insights, which could then be used to drive business decisions. Over time, advancements in
computing power and analytical techniques, combined with the massive growth in data availability, have
led to the growing application of data science in the business world.

Pdf_Folio:245

MODULE 4 Data Analytics, Interpretation and Visualisation 245

Data Science
Data science is a set of fundamental principles that guide the creation of knowledge from data. The
fundamental principles are numerous, and a detailed study is outside the scope of this module, however,
key relevant principles include the following:
1. using mathematics, statistics and probabilities to extract knowledge from data
2. using a systematic process to extract that knowledge
3. fitting models to data
4. avoiding finding patterns that do not generalise beyond the data set.

Data Mining
In business, most analytics now are produced through data mining rather than manual analysis. Data
mining is the use of technologies that incorporate data science principles to produce information from
data (Provost & Fawcett 2013). This information includes meaningful patterns, correlations and trends.
Technologies used in data mining include data management technologies, artificial intelligence (AI),
machine learning (ML) and data visualisation tools. These concepts will be discussed in detail throughout
this module.
Table 4.2 summarises some of the applications of data mining in business and example 4.1 examines
the extensive used of analytics and strong commitment to data-informed decision making at Amazon.

TABLE 4.2 Data mining applications in business

Business function Applications

Finance • Financial performance forecasting

• Risk assessment of investment portfolios and projects
• Investment portfolio optimisation
• Capital budgeting optimisation
• Financial instruments creation (e.g. derivatives)
• Credit scoring and risk management
• Fraud detection

Sales and marketing • Target marketing and advertising

• Cross-selling recommendations
• Expected customer value maximisation
• Campaign return evaluation

Retail • Customer preference and behaviour analysis (what products should be targeted
at what customers and at what prices)
• Customer relationship management (CRM) and churn (attrition to competitors)
• Workforce management
• Supply chain management

Health care • Patient, staff and facility scheduling

• Patient flow
• Purchasing and inventory control
• Prescriptive analytics for diagnosis and treatment

Source: CPA Australia 2021.

EXAMPLE 4.1

Data-Informed Decision Making at Amazon

Amazon continuously collects data from the many sources available to it, including its online infrastructure
and product databases, and its finance, human resources (HR) and operations processes. The company
relies on a few guiding principles for management.
• Being able to measure outcomes with data is critical for improvement. The company constantly monitors
key performance indicators (KPIs) to measure its performance. For example, metrics are derived from
data on routine operational tasks and activities and used in analytics for staff performance improvement.

Pdf_Folio:246

246 Digital Finance

 • Data provides insights for innovation and business opportunities. For example, anomalies in patterns
of customer preference or behaviour might indicate a potential new market or area of expansion
(Selinger 2014).
• It must be easy for employees at every level (not just executives) to access data related to their
roles. When it comes to making decisions, data provides clarity. Amazon’s culture prioritises data and
evidence over seniority and personal influence (Smartsheet 2020).

.......................................................................................................................................................................................
CONSIDER THIS
Do you agree with Amazon’s principles? To what extent are these principles evident in your own organisation?

4.2 THE NEED FOR DATA LITERACY

The ready availability of data and data mining technologies has the potential to ‘democratise’ analytics.
The availability of information is no longer confined to those decision-makers in the organisation who can
command the preparation of special-purpose reports by analysts.
However, recent research found that 75 per cent of employees felt they lacked the skills and confidence
to use data effectively in their current roles (Accenture 2020). To maximise the benefits of data resources
and analytics, an organisation must have members at all levels who are willing and able to use data to
inform their work.

DEFINING DATA LITERACY

Data literacy is defined as ‘the ability to read, work with, analyse and argue with data’ (Bhargava &
D’Ignazio 2015). Let’s consider the definition in detail.
• Read.The ability to look at and comprehend data. Examples include understanding the different forms of
data, and examining a chart and knowing what the data actually represents. This skill includes building
a vocabulary in the language of data; for example, being able to use terms such as ‘correlation’ and
‘causation’.
• Work with. Depending on the role of the individual, this can include knowing how to create data, acquire
it, clean it and manage it.
• Analyse. The ability to draw insights from the data by leveraging a knowledge of statistics, filtering,
sorting, comparing and performing other analytical techniques. This also includes having critical
thinking and general analysis skills, such as an ability to break down a complex problem into its
components or processes.
• Argue. The ability to use data to support a position, idea, action or theory, or communicate a message
to a particular audience. This includes the ability to communicate effectively by applying appropriate
visualisation techniques or using the data to tell a story.
A simple way to think of data literacy is the ability to collect, evaluate and understand data to get
insights and then communicate the insights effectively.

WHY IS DATA LITERACY IMPORTANT?

The financial sector is probably the most data-intensive sector of an economy. Organisations invest many
resources into data collection and processing and data is a very important asset for them. Data literacy is a
fundamental business need in the financial sector. Data literacy skills help organisations to maximise the
value from their data assets and to improve the efficiency and effectiveness of their products and services.
For employees in the financial sector, such as accountants, financial analysts and business consultants,
most of their job is about processing and evaluating data. Investing in data literacy will enable them to
become more productive in their daily tasks. For example, it may take days to manually consolidate all
sales data from different stores, but with the right skills and tools it can be done in just a few minutes.
Data literacy skills enable managers to make decisions based on insights from data rather than just gut
feel or information of questionable quality. For example, if a bank is considering opening a new branch,
customer data can show where customers live, where they shop and how they spend their money. This is
valuable information when deciding the size and location of the new branch and the services it will offer.
Pdf_Folio:247

MODULE 4 Data Analytics, Interpretation and Visualisation 247

 Analysing sales changes in data may give more insights about customer behaviour and uncover their
needs. This can be useful and help organisations to deliver new products and services to customers. This
will generate more revenue for the company and also enhance customer loyalty.
This does not mean that all members of the organisation require advanced data science knowledge to
be data literate; however, data literacy does require understanding some basic maths, statistics and the
fundamental properties of data (Provost & Fawcett 2013).
Data literacy enables someone to communicate data-derived insights honestly to those who are less data
literate, through visualisation for instance. It also empowers individuals to make data-informed decisions.
This could range from building and maintaining a measurement framework based on KPIs, to an executive
developing business strategy from insights on trends (Hanegan 2019).

IMPLEMENTING DATA LITERACY AT LEADING COMPANIES

A recent survey by Accenture (2020) suggests most leading companies are using strategies to promote
data literacy within their organisations. The initiatives include:
• using analytics to reduce operational and reporting costs
• encouraging the use of data to inform decision making at all levels of the organisation
• promoting the ‘democratisation of analytics’ by providing employees with access to data sets and
analytics tools; then training them in data literacy, how to apply these to their roles and suggesting
ideas for innovating work improvements from the data
• sharing data and insights with external stakeholders — for example, their customers, business partners
and vendors.
Overall, the data strategies of these leading organisations were focused on business priorities and goals
(Vasal et al. 2019). Online marketplace eBay’s data literacy initiatives are described in example 4.2.

EXAMPLE 4.2

Data Literacy in eBay

Online retail giant eBay has embedded data analytics into its organisational culture. eBay gives its
employees access to a vast collection of data, including consumer information and behaviour, product
listings, financial transaction information, product shipping and delivery data.
To enable staff to gain insights from the data, the company uses the Tableau software platform, which
has been rolled out across workstations to provide tools for data analytics and visualisation. Employees
are also able to directly conduct queries on the company’s enterprise data warehouse system using
structured query language (SQL). With these tools, the company’s staff can identify patterns and trends
relating to business areas such as customer sentiment and the performance of the website, and
produce timely operational insights. This strategy has created and reinforced a data analytics culture
(Lampitt 2012).

.......................................................................................................................................................................................
CONSIDER THIS
Ready access to analytics tools is an important part of developing an analytics culture. What else is required?

It is essential for to understand how data literacy is vital for an organisation that wants to succeed in the
digital economy. As someone who will deal with data and analytics as a core part of their work, the role
of the accounting and finance professional requires developing that literacy as an individual and helping
to drive a data literacy culture in the organisation. This is the next topic we will explore.

QUESTION 4.1

Suggest what the most important driver of a data-literate organisational culture would be and
explain your rationale.

Pdf_Folio:248

248 Digital Finance

4.3 DATA LITERACY CULTURE AND THE ROLE OF
THE FINANCE PROFESSIONAL
In this section, we will provide an overview of data literacy culture, and the role of the accounting and
finance professional in that culture. Part of that role is to develop data literacy, including an ability
to understand and communicate analytics insights, information and visualisations, and, in the case of
leaders, to promote the use of analytics and data-informed decision making in an organisation.

WHAT IS DATA LITERACY CULTURE?

Organisational behaviour refers to the shared goals, beliefs, values, expectations and the environment
in which the members of that organisation work. A data literacy culture is an organisational culture
that embraces the use of data-informed decision making and fosters the growth of data literacy within
an organisation.
Data literacy culture hinges on permeation throughout the organisation, starting with adoption from the
organisation’s leaders and a top-down approach. The culture should be built on top of the existing company
culture and should not be promoted as a profound transformation, according to Jordan Morrow, Global
Head of Data Literacy, at the business intelligence company Qlik (Morrow 2018). Morrow describes how
an organisation can implement a strategy to establish a data literacy culture. The framework requires an
assessment of the organisation’s workforce, and then classification of its members using a taxonomy called
‘data personas’. Each persona has a role in creating, promoting or adopting the data literacy culture.

Data Personas
Members of an organisation will typically fall into one of the four types of data literacy personas: Data
Aristocrat, Data Knight, Data Dreamer and Data Doubter (Morrow 2018). The personas are ranked from
the most data literate to the least. The role of each persona will include learning, and for the more advanced
categories, will also include mentoring or leadership. Mentoring is essential to creating a data literacy
culture. Those with skills teach others to help them grow, and subsequently they pass on their skills to
others. The role of each data literacy persona in data literacy culture is summarised in table 4.3.

THE ROLE OF THE PROFESSIONAL IN DATA

LITERACY CULTURE
Those in leadership or management positions can have a great deal of influence on the adoption of a data
literacy culture. Senior leaders should drive the strategy, by advocating and promoting the benefits of data
literacy for the business and argue the return on investment (ROI).
The leaders should develop a strategy that builds on existing culture, as well as celebrating and
communicating successes and growth that occurs due to data-informed decision making. The successes are
not just about money; they also include using resources or helping people do their jobs more efficiently.
Those at a managerial level need to push for insights through analytics. Leaders at all levels should ask
for more data usage in day-to-day work, and promote communication using a data vocabulary.

Ideas for Developing Data Literacy

Some examples of how those in leadership or management positions can develop their data literacy and
set an example for others are as follows.
• Use data to answer simple questions. Consider questions like ‘How much do the durations of the
weekly management meeting vary compared to the allotted time?’ or conduct a survey of staff to gauge
satisfaction with an internal process. Make changes based on areas highlighted by question responses.
• Read books on data literacy. Start with books that focus on business experiences and case studies, then
move on to more applied, rigorous or technical books when ready.
• Take additional online courses and professional development activities. Courses like this one introduce
new concepts, provide insights into a range of applications and provide work-relevant skills.
• Practice skills. Access some data (being mindful of privacy and security considerations) and experiment
with basic analytics (e.g. calculating a standard deviation) and visualisations using Excel or other
available tools.

Pdf_Folio:249

MODULE 4 Data Analytics, Interpretation and Visualisation 249

 The role of the finance professional in promoting data literacy will depend on their level of leadership
within the organisation, as well as their data persona.

TABLE 4.3 Data persona roles

Most data Data Aristocrat

literate The Data Aristocrat has a high level of skill and experience in data analytics. They would typically
be data scientists or similar specialist whose use of data is central to their work. However,
any member of an organisation could reach this category with the appropriate professional
development.
As with all the data personas, the individual should continue to learn and develop their skills. In
the case of Data Aristocrats, this would include learning new analytics algorithms, methodologies,
and tools, and developing their skills in leadership and mentoring so they can promote and
improve data literacy within their organisation.
Data Knight
The Data Knight has some degree of data literacy. They are in the process of building their data
science skills and knowledge. Data Knights are typically in roles that involve dealing with some

develop their use of data in their work, and their skills in data science with the aim of progressing
towards the Data Aristocrat category.
Like Data Aristocrats, these individuals may have varying levels of leadership and mentoring
abilities. Part of their role is to act as data literacy ‘champions’, which means vigorously
supporting the data literacy culture in the organisation and acting as mentors where possible.
Data Dreamer
The Data Dreamer has basic awareness of data and a desire to learn and improve their data
science skill set.
Similar to the other data personas, the individual should continue to learn and develop their skills.
In the case of Data Dreamers, this would include learning fundamental concepts in statistics and
data analysis.
Data Dreamers might be found in roles that are typically less technical, as in human resources
management, where there is some, but not a high level of exposure to data.
Data Doubter
The Data Doubter often has roles that carry responsibilities. These individuals require the support
of the other data personas. Attention to the Data Doubter is crucial to developing a data literacy
culture, as they can hinder the adoption of a data literacy strategy or even derail the process.
The Data Doubter is often sceptical of the value of data and data-informed decision making.

on their extensive experience, or it is a vast change from the work culture they are familiar with.
This data persona may also fear the complexity of the data analytics or decision-making process
or may find the amount of information overwhwlming.

data and analytical approaches to support intuition, experience and organisational memory
Least data in decision making. By doing this, the Data Doubter can potentially be transformed to a Data
literate Dreamer (Morrow 2018).

Source: CPA Australia 2021.

Data Literacy Leaders and Champions

Those in senior leadership positions with Data Aristocrat personas will bear the responsibility of
developing and driving a data literacy culture strategy. They need to cultivate data sharing within the
organisation to promote transparency, encourage staff to utilise data and support their decisions with
analytics. Leadership needs to promote the value that analytics can bring to the organisation and support
relevant initiatives.
Data Aristocrats and Data Knight personas in management roles should act as ‘data literacy champions’.
Generally, these champions need to lead by example, continue learning and pass on their skills to others in
the organisation. They need to set the learning expectations and pace for their teams and show an example
by undertaking training and development in data literacy themselves.
Finance leaders and data literacy champions should adopt a vocabulary of data in their day-to-day work.
For the finance professional, learning and vocabulary will include topics and terms relating to statistical
techniques and types of data analytics. Another important area of learning is data visualisation, which is
the focus of a later section.
Pdf_Folio:250

250 Digital Finance

Training Employees versus External Recruitment
Traditional employee development at an organisation includes improving existing occupational skills, as
well as industry-dependent mandatory safety and compliance training. When a company needs completely
new skills, it usually hires externally.
Challenges with hiring externally for in-demand roles can include high recruitment costs, needing to
offer competitive salaries and uncertainty about the new recruit’s organisational fit.
Many organisations are creating internal training academies to build employee skill sets in order to
fill these roles rather than hire externally. Existing employees have knowledge of various aspects of the
organisation and its requirements that can be built upon. Equally, the company already has knowledge of
those employees’ strengths and weaknesses and proven cultural fit.
Example 4.3 examines some issues that should be considered when deciding whether to develop skills
in the current team or recruit externally.

EXAMPLE 4.3

Upskilling vs External Recruitment

A large multinational insurance services company has set a strategic goal of becoming a data-driven
organisation. It has started on this journey and is currently seeing the benefits of this approach. However,
the company is facing some challenges to build big data analytics expertise in the organisation. There
has been a high turnover of a number of specialist roles including data scientists due to the competitive
nature of the job market.
The company is prepared to offer highly competitive salaries to external candidates. Through recruit-
ment research, the company has identified some candidates with the appropriate skills, although they do
not have the exact industry experience required.
Technology-wise, the company has an enterprise data warehouse and a data analytics and visualisation
platform. It consists of some common commercially available tools; however, much of it has been
developed in-house to meet the company’s specific needs and problem areas.
There is a pool of talent that the organisation could upskill from the IT and marketing departments, and
their actuaries. The company is weighing up the advantages of investing in internal development versus
hiring externally.
Internal recruitment would be better placed than external recruitment to address the following areas
of concern.
• Domain-specific knowledge. In this scenario, the company does not have an abundance of external
candidates with insurance-sector knowledge, whereas an internal recruit would more likely have a
degree of domain-specific knowledge that the company can build upon.
• Developing solutions adapted to the organisation’s technologies. An internal recruit may already have a
high degree of familiarity with the organisation’s technologies. An internal training program developed
to upskill employees could be tailored to be specific to the company’s existing technologies.
• Employee engagement and loyalty. By providing employees with development opportunities, potentially
higher pay and qualifications, the organisation can boost employee engagement and loyalty, which may
help to address staff turnover.

.......................................................................................................................................................................................
CONSIDER THIS
Bloomberg uses data and analytics to drive innovative product development and to automate processes within the
organisation. It maintains a continuously updated ‘employee of the future’ profile, defining what skills are valuable
and necessary to meet the company’s business objectives. This profile is used to guide internal training and external
recruitment. For internal training, Bloomberg has developed a curriculum that is tailored to its specific needs. The
training program consists of 60 hours of face-to-face learning time, conducted over 10 weeks, supplemented by
self-paced study and assignments. The learners undertake a project involving data analytics related to their everyday
work, facilitating application of their new skills and knowledge. Consider what a data literacy curriculum for your
organisation or a client’s organisation might look like.

QUESTION 4.2

In most organisations the conversion of data analytics into business outcomes is not yet reaching
its potential. Explain why this may be the case.

Pdf_Folio:251

MODULE 4 Data Analytics, Interpretation and Visualisation 251

4.4 BASIC DATA SCIENCE CONCEPTS
This section covers some fundamental concepts related to analytics processes and tools. Basic data science
theory requires some knowledge of statistics and mathematics.
Statistics is the discipline that concerns the collection, organisation, analysis, interpretation and
presentation of data. Statistics is a powerful tool in data science. It is the use of mathematics to perform
technical analysis of data.
A basic visualisation such as a bar chart might give us some high-level information about the data, but
with statistics we are able to operate on the data in a much more information-driven and targeted way. It
helps us form concrete conclusions about the data rather than just ‘guesstimating’.
The following sections provide a review of data types and probability, which are used in describing and
understanding analytics results.

DATA CATEGORIES
As we learned in module 3, data can be categorised with respect to its structure.
• Structured data adheres to a pre-defined model and aligns to the table structure of relational database.
Structured data can be easily sorted, manipulated and analysed. Examples of structured data include
records contained in spreadsheets and SQL databases.
• Semi-structured data contains tags (e.g. XML) or other markers (e.g. commas in a CSV file) to separate
elements and enforce hierarchies of records within the data. This enables a degree of analysis, but semi-
structured data would require mapping and processing before it could fit into a conventional database.
• Unstructured data has no predefined structure or organisational scheme. It is difficult to process or
analyse using conventional software, though advanced analytics technologies can work with it. An
example would be a photograph, voice recording or magazine article.
Understanding the structure of data is important as it significantly influences how it can be stored,
processed and analysed.
In conventional statistics, data is often described as either:
• qualitative data — data distinguished by non-numeric characteristics, such as eye colour or blood
type
• quantitative data — numerical data distinguished by numeric characters that represent counts or
measurements, such as age or shoe size.
These can be further categorised as shown in figure 4.1 and described in more detail below.

FIGURE 4.1 Types of data

Data

Qualitative Quantitative
(categorical) (numerical)

Interval Ratio
Nominal Ordinal

Discrete Continuous Discrete Continuous

Source: CPA Australia 2021.

Pdf_Folio:252

252 Digital Finance

Qualitative Data
In statistics, qualitative data can be described as nominal data and ordinal data.
• Nominal data is data that can be named, labelled or categorised but cannot be ordered. For example,
nominal data cannot measure from low to high, for example, eye colour, dog breed or blood type.
• Ordinal data is data with named categories that have a ranking system, and can be ordered. There is no
measurable or objective distance between the categories. For instance, there is no objective measurement
of the difference between ‘poor’, ‘fair’ and ‘good’ on a satisfaction scale for a customer service survey.

Quantitative Data
Quantitative data can be categorised into two sub-types that differentiate between the meanings of the
numerical range of values: interval data and ratio data.
• Interval data is similar to ordinal data, but with the additional property that the difference between any
two data values is measurable. There is, however, no natural zero starting point, that is, a situation where
none of the quantity is present. For example, measuring the number of years from 500 CE to 2020 CE
has a start and end point, but neither point is truly a zero point as years exist both prior and after the
selected range of intervals.
• Ratio data is interval data that includes a natural zero starting point. Zero indicates that none of the
quantity is present. For values of this type, differences and ratios are meaningful. For example, textbooks
will be sold for a range of prices, however, a textbook cannot sensibly be offered for less than $0 (i.e.
free), making $0 a logical zero point.
Quantitative data can further be described as discrete data and continuous data.
• Discrete data has a distinct set of values, which can be counted and belong to a whole numbers set
(integers). A good test to use is asking whether a fraction makes sense for a quantity of the type. For
instance, it does not make sense to record the number of cars in a parking lot as 1.52 cars, so the number
of cars in a parking lot is a discrete data type.
• Continuous data has infinite possible values. The values correspond to some continuous scale that
does not have gaps. In other words, a value belongs to a set of real numbers within a given interval. We
can have decimal places or fractions when recording measurements — for example, 1.344 metres of
wire cable.
Note that some quantities can be described by discrete or continuous data. For instance, if a person’s
age is 24 years and 1 month, this can be treated as:
• Discrete: 24 years
• Continuous: 24.083 years.

PROBABILITY
Knowledge of probability helps us to assess and communicate the degree of uncertainty in forecasting an
outcome or event.
Probability is defined as the chance or likelihood that a particular event will occur. This can be expressed
as a number ranging from 0 to 1, or as a percentage ranging from 0 to 100. When we say that an event has
a probability of 0, this means there is no chance of it occurring. When we say that an event has a 0.5 (or 50
per cent) chance of occurring, this means that there are 50 chances out of 100 of the event occurring. This
probability could also be expressed as a ‘1 in 2’ chance of occurring, or an equal likelihood of the event
occurring compared to not occurring.
The notation for ‘the probability of event A’ is P(A).
Understanding probability is an essential part of data literacy. Probability theory underpins many
important concepts in analytics. Uncertainty and randomness occur in many aspects of financial analysis.
Probability provides a way to measure this uncertainty and randomness. Various analytics, including
inferential, predictive and prescriptive analytics produce results that describe the probability of an event
occurring.
Probability, for example, allows inferences to be made regarding the risk or volatility of a particular
asset or cost, which can help to inform decision making or planning. Probability calculations can be used
in different contexts, such as:
• calculating the probability that a customer will default on a loan
• calculating the probability that a gross profit margin of 54 per cent will be reached in the next month
• calculating the probability that 15 litres of machine oil will be used by factory machinery in a day
• calculating the probability that a sales lead will result in a conversion.
Pdf_Folio:253

MODULE 4 Data Analytics, Interpretation and Visualisation 253

Probability Theory Terms and Concepts
In this section, we discuss concepts that are foundational to understanding probability theory.
Objective and Subjective Probability
Objective probability is a probability value calculated empirically (based on historical data or measure-
ments) or a priori (based on formal logic, reasoning and the known characteristics of events).
Subjective probability is a probability value derived from intuition and experience.
While intuition and experience are important, analysis of data should form the basis of decision making
in business.
Outcomes and Events
An outcome is a single possible result of an experiment. An event is a set of one or more outcomes. An
event that consists of a set of one sole outcome is called an elementary event.
Dependent and Independent Events
The probability of a dependent event is affected by previous events. The probability of an independent
event is not affected by previous events.
The notation P(A|B) means the probability of event A given event B.
If the probability of A given B is the same as the probability of A on its own, event A is independent of
event B. This is expressed as P(A|B) = P(A).
Mutually Exclusive Outcomes or Events
Mutually exclusive means that a given set of outcomes or events cannot occur at the same time. Outcomes
are always mutually exclusive, whereas events may or may not be mutually exclusive.
Collectively Exhaustive
A collectively exhaustive set of events means that an event outside that set cannot possibly occur.
Partition
Partition refers to a collection of outcome sets where:
• the union (joining) of those outcome sets is collectively exhaustive (combining them covers all possible
outcomes)
• each of the outcome sets is mutually exclusive (non-overlapping).
Table 4.4 demonstrates partitioning.

TABLE 4.4 Partitions

Description of outcomes (sample space) Examples of partition for the sample space

Interest rates for a savings account • Rate less than 1%

• Rate greater than or equal to 1% but less than 3%
• Rate greater than or equal to 3%
Any random interest rate can be represented by one of
these events.

All wholesale orders for yesterday • Orders in ‘submitted’ state

• Orders in ‘processing’ state
• Orders in ‘dispatched’ state
Orders must be in one of these three states.

Source: CPA Australia 2021.

Unconditional Probability
Unconditional probability or ‘marginal probability’ is a probability calculation that ignores information
regarding any historical or external events.
Conditional Probability
Conditional probability is the likelihood of an event occurring based on the occurrence of another event.
The probability of event A occurring given event B occurs is expressed as P(A|B).
Total Probability
Total probability is a calculation of the probability of an event from a set of conditional probabilities.
Figure 4.2 shows a step-by-step breakdown of how to calculate total probability using conditional
probabilities.
Pdf_Folio:254

254 Digital Finance

 FIGURE 4.2 Calculating total probability from a set of conditional probabilities

There are four events: A, B, C and D.

We can calculate the probability of Event A based on the conditional probabilities of Events B, C and D.
The calculation to find the probability of Event A is:

P(A) = (P(A|B) × P(B)) + (P(A|C) × P(C)) + (P(A|D) × P(D))

We want to find P(A), where:

• Event A is a dividend yield more than 1.5 per cent.
• P(B) is the probability of a favourable budget variance, which is 0.6.
• P(C) is the probability of an unfavourable budget variance, which is 0.1.
• P(D) is the probability of a neutral budget variance, which is 0.3.
This is partitioned for the sample space of budget variance.
The three events B, C and D are collectively exhaustive and mutually exclusive for this sample space.
We know the following information:
• P(A|B) — the probability that the dividend yield will be more than 1.5 per cent given a favourable budget
variance, which is 0.7
• P(A|C) — the probability that the dividend yield will be more than 1.5 per cent given an unfavourable
budget variance, which is 0.3
• P(A|D) — the probability that the dividend yield will be more than 1.5 per cent given a neutral budget
variance, which is 0.5.
To calculate P(A) (i.e. that dividend yield will be more than 1.5 per cent):

P(A) = (P(A|B) × P(B)) + (P(A|C) × P(C)) + (P(A|D) × P(D))

= (0.7 × 0.6) + (0.3 × 0.1) + (0.5 × 0.3)

= 0.6
Source: CPA Australia 2021.

Total probability allows us to calculate the probability of an event based on the probabilities of
individual events that are related to it. This can allow us to make more accurate predictions based on com-
bining bits of information. Total probability is used in Bayes’ Theorem, which is a useful predictive method
in analytics.
Bayes’ Theorem
Bayes’ Theorem involves inferring information from probability calculations and is used in many data
analytics techniques. Bayes’ Theorem can be applied in different financial analysis contexts:
• classifying whether a transaction is fraudulent
• predicting whether a customer will default on a loan
• predicting the impact of a systematic interest rate change on the value of an asset
• predicting the impact certain events will have on a company’s net income.
To understand the underlying concept of Bayes’ Theorem, consider the following example.
• There are two tubs containing blue and orange plastic balls. In tub A the probability of picking an
orange ball at random is 3/10 = 0.3. In tub B, the probability that a randomly picked ball is orange is
6/40 = 0.15.
• If we combined the balls from both tubs and a random pick from the pool produced an orange ball, what
is the greater probability: that the ball originally came from tub A or tub B?
• There is a higher probability the orange ball came from tub B even though the probability of picking an
orange ball from tub B is less (0.15) than picking an orange ball from tub A (0.3). Six of the orange balls
were originally from tub B and only 3 from tub A, so if an orange ball is selected from the combined
tub it is more likely to be one of the original tub B balls.
• If we dumped another 1000 blue balls into tub B, the probability of picking a random orange ball from
tub B would drop to about 0.006 or 0.6 per cent. There would, however, still be a higher probability that
a randomly picked orange ball, out of the total population of balls, originally came from tub B — there
were still more orange balls in tub B than tub A.
Bayes’ Theorem uses this principle to make inferences from information. It allows us to use a number
of known conditional and unconditional probabilities (prior information) to calculate new probabilities.
Pdf_Folio:255

MODULE 4 Data Analytics, Interpretation and Visualisation 255

 As we learn more information, we can update our probability calculations. For example, if we now
learn that:
• there are orange balls in the population that have black speckles
• the probabilities for picking black-speckled balls from tub A and tub B are 1/3 and 6/6 respectively, and
• our original randomly picked orange ball had black speckles then
• the probability that the orange ball came from tub B is increased.
The following is a more practical example of how this might be used in business analytics.
• If we pick a random customer that has a loan with a lender, without any additional information, we know
the probability of loan default is 0.01.
• If we now incorporate information that the size of the customer’s loan is greater than $50 000, using
the associated conditional probability with Bayes’ Theorem calculations, the probability of loan default
increases to 0.02.
• If the customer then has a late repayment at some stage, the new information is used and the probability
of a loan default is calculated to be 0.04. A second late repayment increases the probability to 0.18,
and so on.
Ideally, we want to add more and more information so that the probability gets closer to 1 or 0, which
allows us to make more accurate predictions of an event occurring.
This process is implemented in predictive analytics as the Naive Bayes classification technique. A real
implementation of a credit scoring process could use Naive Bayes or logistic regression, which is a related
technique.
The concepts we have reviewed are used in analytics to calculate probabilities. The probability value is
a measure of uncertainty or randomness. It can measure risk when it comes to making decisions based on
data. The following section looks at how risk or opportunity might be evaluated using probabilities.

Probability in Decision Making

Probability is an essential component of various risk metrics for decision making. It measures the amount
of uncertainty of the risk. The other component is exposure, which measures exactly what is at stake. For
example, we might be faced with a decision where there is a 0.36 probability (uncertainty) of losing at
least $500 000 (exposure) in an investment. Interpreting probabilities as they relate to degrees of uncer-
tainty, however, can carry some individual subjectivity.
.......................................................................................................................................................................................
CONSIDER THIS
The result of predictive analytics has determined there is a 0.64 (64 per cent) probability of achieving an annual return
on a security that is less than the target of 2.73 per cent. Which one or more of the following terms could be used
to evaluate and best describe the risk of not reaching the target return if you had to communicate this verbally in a
report or a presentation?
Possible Probable Likely Reasonably possible Reasonably assured Reasonably certain Highly probable Substan-
tially all Virtually certain

There is no ‘correct’ answer to the question we posed above. Different people have different interpretations
of ‘likelihood’.
Joint research between the Korean Accounting Standards Board (KASB) and Australian Accounting
Standards Board (AASB) was conducted to determine the consistency (or inconsistency) of interpreting
‘terms of likelihood’ in International Financial Reporting Standards (IFRS) between accounting profes-
sionals in the two countries. These are verbal terms that attempt to verbally describe or interpret a numerical
probability, for example in a written report (AASB 2016).
The research found interesting interpretation differences between the two countries, as well as between
professionals in the same country. Although the research mapped the most common verbal terms to a range
of numeric values, this activity demonstrates how interpretation can work in reverse: how each person tends
to subjectively evaluate the degree of uncertainty given a numeric probability.
Accounting professionals were asked to provide a range of numeric probabilities that they would assign
to each term of likelihood. The means of the minimum and maximum values of each range were calculated
and are shown in table 4.5.

Pdf_Folio:256

256 Digital Finance

 TABLE 4.5 Terms of likelihood

Australian accounting professionals surveyed

Terms of likelihood Minimum Maximum

Virtually certain 91.2 98.3

Substantially all 86.8 97.4

Highly probable 79.6 93.6

Reasonably certain 76.0 91.0

Reasonably assured 75.5 90.7

Probable 60.3 84.5

Likely 60.0 83.6

Reasonably possible 49.7 72.7

Possible 35.3 64.5

Unlikely 9.6 33.3

Highly unlikely 8.9 21.1

Extremely unlikely 4.6 12.0

Remote 3.2 12.1

Korean accounting professionals surveyed

Terms of likelihood Minimum Maximum

Virtually certain 90.3 98.1

Substantially all 75.0 91.1

Highly probable 84.7 95.8

Reasonably certain 90.3 98.1

Reasonably assured 75.4 90.2

Probable 68.8 88.1

Likely 68.8 88.1

Reasonably possible 57.5 79.0

Possible 25.7 45.7

Unlikely 12.4 30.9

Highly unlikely 5.5 15.4

Extremely unlikely 5.5 15.4

Remote 4.7 14.1

Source: CPA Australia 2021.

.......................................................................................................................................................................................
CONSIDER THIS
Compare your chosen term of likelihood with these survey results.

Figure 4.3 visualises the difference in interpretation of terms of likelihood between the professionals of
each country, and the variances within each country (Australian results are in gold, Korean in dark blue).
The research concluded that the inconsistencies could result in material differences in the evaluation of
financial statements. The key recommendation was to establish international standards that define a set
of acceptable terms of likelihood and their corresponding probability values to avoid any ambiguity in
reporting. Similar studies have also found the same issues of inconsistency.
Pdf_Folio:257

MODULE 4 Data Analytics, Interpretation and Visualisation 257

 The key consideration here though is that there tends to be a degree of individual subjectivity
when interpreting the uncertainty represented by a numeric probability. For example, among Australian
accounting professionals a probability of 0.11 might be interpreted by some as unlikely and others as
‘extremely unlikely’, and a probability between 33.3 and 35.3 might fall in an unlabelled gap between
‘unlikely’ and ‘possible’.

FIGURE 4.3 Terms of likelihood — Australia and Korea

Virtually certain
Substantially all
Highly probable
Reasonably certain
Reasonably assured
Probable Korea

Likely Australia
Reasonably possible
Possible
Unlikely
Highly unlikely
Extremely unlikely
Remote
0 10 20 30 40 50 60 70 80 90 100 (%)
Source: CPA Australia 2021.

Probability in Practice
There are many financial applications for probability in decision making, such as scenario analysis,
including profitability and investment return analysis. These analytics would use a large amount of
historical data to create probability distributions. Examples 4.4 and 4.5 present simplified examples.

EXAMPLE 4.4

Probability in Risk Analysis

Risk analysis forms an important part of business planning. By predicting potential risks, you will be in the
best possible position to manage, or even avoid, its impact on your organisation.
In this example, we will take you through a step-by-step risk analysis to show how simple it can be to
manage risk in your organisation.
A commercial bakery sells cakes to cafes. The production cost of one cake is $10. The baker sells the
cake for a price of $20, for a gross profit of $10. The cakes must sell on the day they are baked, or they
become stale and must be thrown out.
An analysis of sales data, shown in table 4.6, helps the bakery owner calculate the distribution of product
demand.

TABLE 4.6 Analysis of sales data

Demand (number of cakes sold in a day) Probability

0 0.1

50 0.3

100 0.4

150 0.2

Source: CPA Australia 2021.

Pdf_Folio:258

258 Digital Finance

 A simplified model of the various scenarios based on how many cakes are baked and what the profit/loss
depending on the actual demand is shown in table 4.7.

TABLE 4.7 Scenario model

Goods ordered (number of cakes at $10 each)

(number of cakes at $20 each) 0 50 100 150

0 0 0 − 500 0 − 1000 0 − 1500

(500) = (1000) = (1500)
Actual demand

50 0 1000 − 500 1000 − 1000 1000 − 1500

= 500 =0 = (500)

0 1000 − 500 2000 − 1000 2000 − 1500

100 = 500 = 1000 = 500

0 1000 − 500 2000 − 1000 3000 − 1500

150 = 500 = 1000 = 1500

Gross profit = Sales – Cost of goods ordered

Source: CPA Australia 2021.

If baking 150 cakes, there is a:

• 0.1 probability that no cakes are sold, resulting in a loss of $1500
• 0.3 probability that only 50 cakes are sold, resulting in a loss of $500
• 0.4 probability that only 100 cakes are sold, resulting in a $500 profit
• 0.2 probability that all 150 cakes are sold, resulting in a $1500 profit.
If baking 100 cakes, there is a:
• 0.6 probability of making a profit of at least $1000
• 0.1 probability of making a loss of $1000
• 0.3 probability of making $0.
Comparing the decisions of baking 100 cakes to baking 150, we can compare the risks and potential
profit (see table 4.8).

TABLE 4.8 Probability of profit and probability of loss

Probability of more
Number of cakes ordered than $1000 profit Probability of making a loss

100 0.6 0.1

150 0.2 0.4

Source: CPA Australia 2021.

The analysis can also use probability to calculate an expected outcome, typically referred to as
‘expected value’. Expected value is the estimated value of an investment at some point in the future.
It is calculated by:
• taking the probability of each outcome and multiplying it by its corresponding return, then
• summing the products to give the expected return.
For example, we can calculate the expected value for baking 50 cakes. First, we take the probability of
each outcome and multiply by its corresponding return.

(0.1 × − $500), (0.3 × $500), (0.4 × $500), (0.2 × $500)

Then, sum all of the products.

(0.1 × − $500) + (0.3 × $500) + (0.4 × $500) + (0.2 × $500) = $400

We now know the expected return from baking 50 cakes is $400.

Pdf_Folio:259

MODULE 4 Data Analytics, Interpretation and Visualisation 259

 EXAMPLE 4.5

Stage Weighted vs Individual Weighted Probabilities

A weighted sales pipeline is a technique that can be used to forecast sales revenue. The analysis
technique calculates an expected value for revenue using probabilities and the estimated value of
sales opportunities. Many CRM software packages include a weighted sales pipeline feature to assist
forecasting by using data. There are two commonly used types of probability calculations for the analysis:
• stage weighted probabilities
• individual weighted probabilities.
We will illustrate the difference between the two approaches.
State Weighted
A sales pipeline has multiple stages, as shown in table 4.9.

TABLE 4.9 Sales pipeline stages

Stage Description

New A newly received lead, which may include a contact form submission from
the website or an email inquiry.

Contacted A sales team member has contacted the customer, discussed their
requirements and provided some possible solutions.

Demo The customer has been booked in for a product demonstration.

Negotiations Price negotiations are in progress.

Won The deal has been closed.

Source: CPA Australia 2021.

Each stage is given a ‘weight’, which is a probability that the deal will close as shown in table 4.10.

TABLE 4.10 Stage weighted probabilities

New Contacted Demo Negotiations Won

0.05 0.10 0.30 0.60 1.0

Source: CPA Australia 2021.

The idea is that as the opportunity progresses through the various stages of the pipeline, the probability
of closing the deal increases. For example, it is more likely that a deal will be closed if the customer has
already reached price negotiations with the company, than if they have just submitted a website enquiry.
The forecasting concept is similar to expected value, which we considered earlier, as it involves
multiplying the opportunity value with the probability that the deal will close (depending on what stage
it is at). The individual opportunity forecasts are aggregated to form a total.
The probabilities for the stages would typically be created using historical data. Table 4.11 is an example
of a weighted sales pipeline with stage probabilities.

TABLE 4.11 Weighted sales pipeline with stage probabilities

Opportunity value Sales pipeline stage Probability to close Forecast

$100 000 Contacted 0.1 $10 000

$ 50 000 Contacted 0.1 $ 5 000

$ 70 000 Demo 0.3 $21 000

$ 30 000 Demo 0.3 $ 9 000

$ 40 000 Negotiations 0.6 $24 000

$ 30 000 Negotiations 0.6 $18 000

Source: CPA Australia 2021.

Pdf_Folio:260

260 Digital Finance

 Using this method, the forecast relating to the upcoming period for this pipeline is as follows.
(0.1 × $100 000) + (0.1 × $50 000) + (0.3 × $70 000) + (0.3 × $30 000) + (0.6 × $40 000) + (0.6 × $30 000)
= $87 000

Individual Weighted
Instead of assigning fixed probabilities based on the stages of the pipeline, each individual opportunity
can be given its own probability. This probability could be calculated objectively (based on historical data)
or subjectively (based on gut-feel). Table 4.12 shows a sales pipeline with individual probabilities.

TABLE 4.12 Weighted sales pipeline with individual probabilities

Opportunity value Probability to close Forecast

$25 000 0.8 $20 000

$80 000 0.6 $48 000

$40 000 0.5 $20 000

$50 000 0.3 $15 000

$10 000 0.1 $ 1 000

Source: CPA Australia 2021.

Using this method, the forecast relating to the upcoming period for this pipeline is as follows.
(0.8 × $25 000) + (0.6 × $80 000) + (0.5 × $40 000) + (0.3 × $50 000) + (0.1 × $10 000) = $104 000

One important consideration for calculating event probabilities based on historical data is whether the
events are independent or not. If we have a data set that shows 100 out of 1000 new leads resulted in a
closed deal, a probability of 0.1 is valid if those 1000 leads were all independent events.
This might be accurate in a high–sales volume retail business where most transactions are one-off, but
if those 100 deals came from only 10 different clients who are providing repeat business, the 100 deals are
not independent. The data set may have to be reduced, for example, including a returning customer’s first
sale only, which would be safer to assume is an independent event.

SUMMARY
Research suggests businesses that adopt data-informed decision making perform better than businesses
that do not. The basis of data-informed decision making is knowledge created through analytics, which is
the use of skills, processes and technologies to derive information from data.
Data-informed decision making requires, not just high-quality data, but a data literate organisation with
members at all levels who are willing and able to use data to inform their work. Data literacy is the ability to
collect, evaluate and understand data to obtain insights and then to effectively communicate those insights.
Most large companies are encouraging data literacy through the use of analytics to reduce operational
and reporting costs, the use of data to inform decision making throughout the organisation, training in the
applied use of analytics and sharing data and insights with external stakeholders.
Every professional needs to develop data literacy to be able to maximise the value of the organisation’s
data and more effectively contribute to the organisation’s objectives.

Pdf_Folio:261

MODULE 4 Data Analytics, Interpretation and Visualisation 261

 The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

4.1 Evaluate the effectiveness of integrating big data and data analytics to create efficiencies and
valuable insights in solving complex business problems.
• Organisations that adopt data-informed decision making outperform those that do not.
• Descriptive, diagnostic, predictive and prescriptive analytics have numerous applications in busi-
ness, including optimising processes to create efficiencies and providing insight into complex
problems to enable informed decision making.
4.2 Appraise the impact of big data and data analytics on the work of accounting and finance
professionals to determine the organisation’s resource needs.
• Accounting and finance professionals can use analytics to understand many aspects of a
business’s operations as the basis for solving problems and identifying efficiencies by optimising
resource use.
• Accounting and finance professionals, like other members of an organisation, need to build data
literacy through internal and external development activities.
• With data literacy established, the accounting and finance professional can identify the tools and
other resources needed to produce the required analytics outputs.

Pdf_Folio:262

262 Digital Finance

PART B: EXTRACTION, CONSOLIDATION
AND DESIGN OF DATA STRATEGY
INTRODUCTION
As described in modules 1 and 3, business today has ready access to a variety and volume of data that
far exceeds the data sets used in conventional business analytics. Big data, combined with advanced
data analytics, offers seemingly endless potential to understand the business, its customers, its micro and
macro environments and the relationships between them. It is crucial to ensure this potential is efficiently
and effectively translated into business intelligence that supports data-informed decision making and
ultimately business actions that support the business’s overall strategy.
A data strategy is an effective method to guide how the business will access and analyse data in a
way that will maximise the ROI in big data and analytics. The strategy will lead to informed decisions
and actions that will improve performance against the business’s strategic objectives and by supporting
efficient management of operations.

4.5 DATA STRATEGY: WHY A BUSINESS NEEDS A

DATA STRATEGY
While there is enormous discussion around the potential and importance of harnessing big data and
analytics — and research to show data-informed decision making improves performance — the business
reality to date is mixed. Most corporate strategies acknowledge the importance of analytics and there is a
strong shift towards the use of cloud platforms and real-time data, but conversion of analytics into business
outcomes remains weak in most organisations.
The vast majority of analytics projects that use AI (some of which we discussed in module 3), are run by
data and technology experts and do not scale up to serve the organisation. Only 20 per cent of the insights
generated by analytics are converted to successful business outcomes (White 2019).
While Amazon, Google and other technology giants have extraordinary resources to analyse and explore
massive amounts of data, most businesses, especially SMEs, need to work out the information they need
to make high-quality operational and strategic decisions and then take a focused approach to data and
analytics built around obtaining that information.
It is of course also important to recognise how data is used for other benefits across the organisation.
Many of these uses, such as automation and cognitive engagement with customers, were described in
module 3. A comprehensive data strategy needs to address all the organisation’s uses of data. Example 4.6
explores the value of an integrated data strategy.

EXAMPLE 4.6

An Integrated Data Strategy

Like any investment, the investment in data and analytics should focus on business needs and be made
with a full understanding of the benefits and costs. It is, therefore, crucial that a business designs and
implements an effective data strategy. The aim is for the business to achieve the promised benefits of
data and analytics, that is, create value and fulfil the business’s strategic objectives.
Orica is the world’s biggest explosives company. As the mining sector boomed, so did Orica’s business.
The company recognises that during that boom it lost a degree of discipline. One consequence is that
little attention was paid to the role of technology in how the company is run.
Each Orica facility around the world operated differently because it had no connection to any other
facility. This led to different parts of the company essentially producing similar competing products and
thus significantly wasting resources.
Orica’s decision to address some of these problems began with the mining downturn. Orica undertook
a benchmarking exercise and found its practices put it in the third quartile of manufacturers.
Orica’s approach was somewhat informed by the implementation of a single operating mode at BHP a
decade earlier, where SAP was used to replace legacy platforms and technologies, and ensure integration
and standardisation of all its systems company-wide. BHP called the project 1SAP (Woodhead 2008).

Pdf_Folio:263

MODULE 4 Data Analytics, Interpretation and Visualisation 263

 As Orica transformed to a data-driven organisation, with a data strategy intended to integrate systems
across all of its facilities, it examined a wide variety of potential applications. For example, it has already
driverless vehicles and fully automated blast loading machinery, but the value of its blasting services is
expected to increase dramatically as a new cloud-based system is rolled out. Orica’s BlastIQ platform
receives and analyses blast data in real time. It is being enhanced so that it can also receive real-
time fragmentation readings taken by drones and thus enable the platform to build real-time geological
models of mines. The system is expected to reduce blast efficiency planning from a month to a few
hours. It will enable the automated blast loading machinery to place explosives in a way that optimises
fragmentation, based on factors such as the varying hardness of rock throughout the blast site. Because
the system is based on ML, its performance is expected to improve over time, enabling blast efficiency to
steadily improve.
Orica’s data strategy thus looks at all the applications of data and analytics across the organisation
and ensures the overall approach is consistent and integrated, from giving managers a view of what each
facility around the world is doing, through to feeding real-time data to ML algorithms that can intelligently
automate and optimise blasting operations.

.......................................................................................................................................................................................
CONSIDER THIS
Analytics can generate information to be used by decision-makers and information that is automatically actioned by
intelligent automation technologies applied in the business. How integrated would you expect these uses to be?

A data strategy needs to comprehensively reflect the organisation’s data needs. Here we focus on
the aspects most relevant to analytics, though many of these are also common to other applications
involving data.

DEVELOPING A DATA STRATEGY FOR ANALYTICS

An overview of the elements of a data strategy is provided in figure 4.4 and each element is briefly
explained below.

FIGURE 4.4 Elements of a data strategy

Business strategy
– Strategic priorities
– Information needs
– Use cases

Interpretation and Data requirements

application – Determined by
– Decision making information needs
– Action – How to source?

Implementation
– Data governance
– Systems
– Change management

Communication Analytics requirements

– Clear communication – Choose options
of outputs and – Ensure investment
insights to decision in analytics provides
makers the required information

Source: CPA Australia 2021.

Pdf_Folio:264

264 Digital Finance

Business Strategy
The business strategy is designed to achieve the business’s mission and vision. It establishes the strategic
priorities and key information needs, which in turn establish the ‘use cases’ for the data strategy. The use
cases show what data and analysis is needed. The data strategy must be driven by the business strategy.

Data Requirements
The data needed is determined by the information needs that have been identified. Once the data needed
is known, the business can determine how to source it. This may involve structured, semi-structured or
unstructured data; internal or external data; existing data or data that must be created. The acquisition
and use of data should be cost effective and efficient, aligned to the information needs that support the
business strategy.
.......................................................................................................................................................................................
CONSIDER THIS
Do you have access to all the data you need to do your work optimally? If not, is it because the organisation does
not have it or is it because you cannot access it efficiently?

Analytics Requirements
Data is only useful in relation to how it can be analysed. There are numerous analytics options, and a
methodical approach should be adopted to ensure the investment in analytics provides the information
needed to support the business strategy.

Implementation: Data Governance

The data strategy implementation must ensure data quality, security, ethics and manage issues around
organisational politics. A data strategy can only succeed if those responsible for data and analytics and
those who are meant to use its outputs believe in its value.

Implementation: Systems
Technology and infrastructure are required to manage the organisation’s data. This can include database
architecture and software, analytics tools ranging from simple spreadsheet tools through to advanced ML
solutions, and visualisation and reporting platforms.

Implementation: Change Management

The introduction of a data strategy should be accompanied by a change management program designed to
create data literacy, transforming the organisation into one that values data, analytics and evidence-based
decision making.

Communication
Decision-makers are often inundated with information. It is crucial the data strategy provides for clear
communication of the outputs and insights to decision makers.

Interpretation and Application

Data and analytics are only useful if they support decision making and decision making is only useful if it
is translated into actions that apply those decisions.
Beginning from the perspective of the business strategy enables an organisation to focus its data strategy
on its strategic information needs. One approach to identifying these needs is to use a framework or
methodology, such as the SMART strategy board, described in the next section.

Pdf_Folio:265

MODULE 4 Data Analytics, Interpretation and Visualisation 265

4.6 A FRAMEWORK FOR DESIGNING AN EFFECTIVE
DATA STRATEGY
An effective data strategy ensures the business’s investments in data and analysis align with the overall
business strategy. Various frameworks exist that describe the components of an effective data strategy and
can be used to guide an organisation through the process of designing the strategy.

DATA STRATEGY FRAMEWORKS

Table 4.13 summarises five data strategy frameworks that are designed to help organisations discover
trends in their data and use that information to make effective business decisions.

TABLE 4.13 Data strategy frameworks

Framework Description

SMART strategy board A business-focused templated approach to identify the information a

(Marr 2015) business needs to achieve its objectives

Defence–offence framework A business-focused approach involving trade-offs between:

(DalleMule & Davenport 2017) • defensive uses of data (risk mitigation) and offensive uses of data
(increasing profits, revenue and customer satisfaction)
• control (data uniformity and compliance) and flexibility (data variety and
greater range of analytic possibilities).

Tableau framework Tableau emphasises the integration of business and IT strategy so that key
(Tableau 2020a, b) data and analytics initiatives are linked with business goals, objectives and
the company’s mission. The framework identifies three critical steps:
• Define clear business objectives.
• Capture the right data to support these objectives.
• Modernise the data architecture to support data volume, variety
and velocity.
Tableau also provides a ‘Blueprint’ designed to help organisations
transform into data-driven organisations in terms of agility, proficiency and
community.

SAS data strategy framework SAS data strategy framework focuses on data management, identifying five
(SAS 2018) core components.
• Identify: Know what data exists and what it can be used for.
• Store: Hold data in a way that enables easy, fast and flexible access
for analysis.
• Provision: Enable data sharing within a set of rules and guidelines.
• Process: Bring data into a format ready for analysis.
• Govern: Establish, communicate and manage data and information policies.

Gartner approach The Gartner approach focuses on how data and analytics technical profes-
(Gartner 2019) sionals can create a data strategy that addresses technology, organisation,
processes and policies. There are eight steps:
1. Preliminary analysis of strategy and preliminary gap analysis.
2. Develop tentative set of data projects.
3. Develop data policies.
4. Develop data processes.
5. Choose appropriate technology.
6. Articulate human and organisational resource and capability requirements.
7. Prioritise projects to create an implementation roadmap.
8. Follow up.

It is evident then that there are commonalities running through most data strategy frameworks, while
some place a greater emphasis on business needs and others on the process and technologies of data
management. We will examine one particular framework — the SMART strategy board — in detail, but it
is important a business adopt (and then adapt) a framework suitable to its unique circumstances and needs,
driven by the objective of obtaining the information needed to make decisions that support the overall
business strategy.
Pdf_Folio:266

266 Digital Finance

THE SMART STRATEGY BOARD
The SMART strategy board is a business-focused framework that can be used to design a data strategy that
aligns with the business’s strategic objectives. In this framework, SMART stands for:
• Strategy
• Measure metrics and data
• Apply analytics
• Report results
• Transform your business.
Figure 4.5 presents the SMART strategy board with question prompts. The questions are designed to
help businesses think about their strategic information needs.

FIGURE 4.5 The SMART strategy board

Purpose panel
Purpose: What is our purpose? (mission statement)

Ambition: What is our ambition? (vision statement)

Customer panel Finance panel Competition

and risk panel
Target market: What customer do we target? (Segment, Finance objectives: How will
market, region, niche, channels, etc.) we deliver financial results? Competition
(Revenue, profit and cash factors and
Value proposition: What do we offer our customers? generation, shareholder risks: What is
(Quality, price, innovation relationship, service, etc.) value, cost, productivity, threatening our
efficiency) success?
Operations panel (Market,
competition
Partners: Who are our key partners we need to maintain a and customer
relationship with? (Suppliers, distributors, communities, etc.) risks,
Core competencies: What internal processes to we have to operations
excel at? (Develop products and services, generate risks, financial
demand, fulfil demand, regulatory and social, etc.) risks, IT risks,
people risks)

Resource panel

IT systems and data: Infrastructure: What People and talent: Culture, values,
What are the key IT are the key What are the key leadership: What are
systems and data infrastructure people and talent the key culture and
deliverables? deliverables? deliverables? leadership
(Systems, networks, (Property, machinery, (Recruit, develop, deliverables? (Values,
data sources, etc.) land, etc.) retain, engage, etc.) behaviours, etc.)

Source: CPA Australia 2021.

The Purpose panel relates to the organisation’s strategy and is therefore determined by the organisation’s
leadership.
The business strategy prompts the questions a business needs to answer. For example, if part of a
business’s strategy is to increase its customer base, it might need information that answers: Who are our
customers? What are the demographics of our most valuable customers?’ Stating the questions facing the
business enables it to identify the data it needs to answer those questions.
For each of the lower panels, the business should:
• engage key personnel from each area to facilitate buy-in
• identify and focus on the key questions
• refine the questions to be as clear and concise as possible
• use the key questions to guide decisions about the data needed to deliver relevant and meaningful
information.
Accounting and finance professionals are the ‘information providers’ in an organisation and are likely to
make a meaningful contribution to most panels. They are familiar with the organisation’s key information
and understand how each part of the business works together to deliver the organisation’s value proposition
and pursue its strategic objectives.
Pdf_Folio:267

MODULE 4 Data Analytics, Interpretation and Visualisation 267

IDENTIFYING DATA NEEDS
The aim of the SMART strategy board is to help organisations identify their data needs, which will inform
the goals and priorities of their data strategy. In this section, we will discuss each of the six panels from
the SMART strategy board.

Purpose
The purpose panel reflects the corporate strategy. It clearly establishes that the business strategy is what
sets the overall context and direction for the data strategy. The purpose panel details the business’s:
• Mission statement. Why the business exists. A mission statement is a clear, concise statement of purpose
setting out why the organisation exists. It should communicate the business’s intentions powerfully,
providing a road map to guide action and decision making as the organisation strives toward the strategic
goal or objective. It is primarily an internal document designed to motivate stakeholders and define the
key measures of organisational success. As such, it should include the target market, what products or
services the organisation provides to its customers and what makes those products or services valuable
to its customers.
• Vision statement. What the business aims to achieve. A vision statement also defines purpose, but
from the perspective of the business’s objectives, that is, what the business intends to be in the future.
The vision statement gives direction to internal and external stakeholders. Employees can be inspired
to action by a strong and meaningful vision statement; customers may choose a business over its
competition based on its vision statement; and shareholders can be encouraged to invest. The vision
statement gives direction about the business’s values and therefore establishes the behaviours it adheres
to and expects from its stakeholders.

Customer
The customer panel prompts the organisation to consider how much it knows about its target customers and
what it may need to find out in order to achieve its strategic objectives. There are two aspects to consider:
target market and value proposition.
In terms of target market, consider the business’s strategy (including its mission and vision).
• What is its target market?
• Does the business plan to appeal to a particular segment? If so, why and what does the organisation
know about that segment?
• Is the business targeting a particular geographic region or specific demographic? If so, what does it need
to know about those potential customers?
In terms of the business’s value proposition from the customer’s perspective, again consider the
business’s strategy.
• Why are the target customers going to engage with this business?
• Is it quality, price, innovation, service, or something else that the target customers will value?
• What will contribute to customer satisfaction and loyalty?
Consideration of the organisation’s customers in relation to its strategy will trigger questions related to
customers. These questions in turn reveal what data the organisation will need to understand its customers.
There are many customer data source options of varying quality, complexity and expense. For example:
• Sales and transaction data have numerous multifaceted uses. They are a good measure of past sales but
will often need to be combine with other data sets to explain what is observed.
• Survey research data, whether conducted in-house or through an external specialist usually yields
trustworthy data. Often the data is experimental in nature and can include research design, normative
data, mathematical modelling, stimulus controls, statistical controls, historical experience and quality-
assurance standards. Survey research is also relatively inexpensive.
• Eyeball tracking data is one of various technological advances capable of measuring what is attracting
a customer’s attention and what is not. Eyeball tracking is commonly used to understand website
engagement, but also finds use in window displays and institutions such as museums.
There are many others, including search engine data, social media data, experimental data, geospatial
data, sensor data/biometric data, video data and voice data. Example 4.7 explains one retailer’s need to
collect data to solve a business problem.

Pdf_Folio:268

268 Digital Finance

 EXAMPLE 4.7

Using Retail Data Analysis to Improve Sales

A small fashion retailer had the simply stated objective of increasing sales. Its data set included only
traditional sales data. The retailer considered the questions the data set needed to answer in order to
better understand the actual and potential customers, and in turn, work out how to increase sales. The
questions generated included the following.
• How many people actually pass the shops?
• How many people stop to look in the window and for how long?
• How many people then come into the shop?
• How many make a purchase?
From these questions, a plan could be devised to collect the necessary data. The retailer installed cheap,
discreet devices in its shop windows that registered mobile phone signals as people walked past the shop.
Given the high penetration of mobile phones, this data can effectively represent the total population of
people passing the shops. The sensors could count how many people stopped to look at the window and
for how long, and how many people then walked into the store. Ongoing collection of sales data would
record who actually made a purchase.
With the data collected, analysis becomes possible. It is in these situations that accounting and finance
professionals provide value through analysis, benchmarking, interpretation, reporting, advice and ongoing
evaluation. By combining the data from the sensors in the windows with transaction data, it is possible to
calculate a conversion ratio and, further, to experiment with various different window displays and offers
to assess how they influenced conversion rate.
The fashion retailer increased sales by shifting to those displays and offers that resulted in higher
conversion rates. Analysis of the sensor data also showed the retailer that one of their stores had too
little passing foot traffic to justify keeping the store open. No matter what conversion rate it achieved, the
store was not viable.

.......................................................................................................................................................................................
CONSIDER THIS
Does your organisation generate or collect all the data it needs as an integrated part of its business processes or
could it need to source other data?

It is of course crucial to get the value proposition right in terms of appealing to customers, as explored
in the customer panel, but being able to deliver that value proposition relies on numerous factors, many of
which are explored in the remaining panels of the strategy board.

Finance
The finance panel prompts the organisation to consider how much it knows about the financial implications
of its strategy and what it may still need to learn.
The finance panel prompts questions such as the following.
• How does the business strategy generate money?
• What is the business model?
• What assumptions have been made about the revenue, profit and growth of the business as it implements
the strategy — and are they reasonable?
• How much will it cost to deliver the value proposition to customers — to produce and deliver the product
and services?
It is evident that all these considerations relate to the value proposition identified in the customer
panel — asking the right questions in the customer panel is crucial to asking the right questions in the
finance panel to support revenue growth, profit and shareholder returns.
Many of the sources of finance data will be second nature to accounting and finance professionals. It
is often the way that finance data is combined with other relevant data that transforms the accounting
and finance role in the era of big data and advanced analytics. The increasingly real-time nature of data
collection and analysis also has important consequences for the accounting and finance function. Finance
data includes the following.

Pdf_Folio:269

MODULE 4 Data Analytics, Interpretation and Visualisation 269

• Transaction data such as the time and date of the transaction, a description of the event and a numerical
value. For example, orders, invoices, payments, deliveries, travel records or storage records are all
financial transaction data.
• Stock market data such as share price information, price movements and trends as well as numerous
popular metrics used to measure performance in the stock market.
• Cash flow data that allows the business to monitor its incomings and outgoings so as to maintain a cash
flow positive position.
Other finance data may include financial transaction, credit score, profitability and financial market data.
Example 4.8 steps through a data analytics approach focused on accounts receivable.

EXAMPLE 4.8

Using Analytics to Improve ROI

InfoSys and CIMA (2014) collaborated to examine how data analytics can improve ROI through the
management of accounts receivable. They identified the following accounts receivable management
questions to shape the analysis of accounts receivable.
• Who should we follow up with?
• When should we follow up?
• How often should we follow up?
• What is the best way to follow up?
• What is the best message for the customer?
• At what point should the matter be escalated?
• How should the matter be escalated?
They suggested segmenting accounts receivable based on factors such as:
• customer/industry exposure
• customer contact behaviours
• customer payment behaviours
• payment versus accounts receivable ageing
• reasons for non-payment.
An analytics-based collections strategy would then use analytics to:
• design the contact strategy by drawing on information about contacts per hour, best time to call and
response rates
• design and implement automated processes where this can effectively manage accounts receivable
without human intervention
• anticipate disputes and guide dispute management.
Metrics that indicate the effectiveness of the accounts receivable management process include, for
example:
• cost as a percentage of revenue
• cost as a percentage of overdue
• labour hours per X dollars of revenue
• gross overdue as a percentage of revenue.

.......................................................................................................................................................................................
CONSIDER THIS
Do have access to the data you would need to conduct the analytics project described in example 4.8 for your
organisation?

Operations
The operations panel prompts consideration of what the organisation needs to do internally to deliver its
strategy and what it needs to know in order to do so. There are two components of the operations panel:
partners and core competencies.
All organisations rely on partners to deliver on their value proposition. These include suppliers,
distributors and other intermediaries. Important questions related to the organisation’s partners include
the following.
• Are the current partners the best ones?
• How healthy are the organisation’s relationships with its partners?
• How do current partners compare to other potential partners in contributing to the organisation’s strategic
objectives?
• Could other potential partners bring something new to the organisation?
Pdf_Folio:270

270 Digital Finance

 The organisation’s strategy requires a set of core competencies. These can be thought of as the
organisation’s strategic capabilities. Questions to be considered around these strategic capabilities include
the following.
• Are there any capability gaps?
• What is required to fill any gaps in capabilities?
• What assumptions underlie the assessment of capabilities? Are they reasonable?
• What capabilities need to be developed, acquired or improved to deliver the organisation’s value
proposition to the market?
Every organisation’s operational processes and procedures generate a huge amount of data that can
help make better decisions and improve efficiency. Not all organisations capture this data. Those that do
not should determine whether any uncaptured data can help answer their operations questions. If so, they
should begin capturing it. Operations data may be captured from the following.
• RFID (radio frequency identification) sensors. Where data is routinely used in consumer products, some
countries’ passports, shipping packages, and credit and debit cards that employ ‘touchless’ transactions.
RFID relies on microchips that emit radio waves enabling communication between devices about, for
example, a product or person.
• Supply chain data. Data arising from the business’s tracking of its products through the supply chain.
• Biometric data. Such as galvanic skin response, eye pupil dilation, heart rate, EEG (brainwave)
measurements and facial emotion recognition. These are all measurable and present an exciting area
of exploration, but biometric data is an emerging area and particularly prone to ethical issues that must
be managed.
Additional data sources include: machine sensor data (e.g. faults, vibration, temperature), GPS tracking
data from vehicles, experimental data, geospatial data, sensor data, and video data. Example 4.9 explores
data-based supply chain management.

EXAMPLE 4.9

Using Data to Enhance the Supply Chain

Careful management of an organisation’s supply chain is crucial to the ability of the organisation to
deliver its value proposition and achieve its strategic goals. Over the past decade and especially in the
past few years, supply chain management for many organisations has become increasingly complex as
stakeholders, including regulators and customers, have emphasised the need to ensure the entire supply
chain operates ethically on issues of environmental and social impacts including labour conditions. The
development of supply chains to include far more partners, often spread around the world, has also
complicated the task.
In response, various specialists have introduced automated due diligence platforms that enable
businesses to understand the activities and networks that exist throughout their supply chain. For
example, KPMG’s supply chain intelligence platform interrogates a huge number of public databases to
understand an organisation’s structure, who receives benefits from the organisation, how those individuals
are connected to political groups or other businesses and so on. The platform also examines social media
activity to identify whether a participant in the supply chain is subject to social media discussion relating
to unethical behaviour. Social media monitoring often enables a business to identify otherwise hidden
connections between different organisations (KPMG 2017a, b).
Supply chain data can also help with management of risk. A company selling into the Australian market
manufactures most of its product in Thailand. It is common knowledge that Thailand suffers regular severe
weather events and political instability. Using a big data and analytics approach to monitoring weather
patterns and political news can provide the company with early warning of a potential disruption to
manufacturing. With sound risk management and projections, most likely generated by the accounting
and finance department, the company is positioned to understand and mitigate the consequences of
these disruptions.

Once the individual elements highlighted in the customer, finance and operations panels are clear,
the organisation must consider how they interact and influence each other. The customer, finance and
operations form the core of the business and they need to work together. Accounting and finance personnel
are often best positioned to understand, analyse and communicate how the organisation’s components work
together and how one might be affected by a change in another part of the organisation. It is crucial therefore
that accounting and finance personnel are engaged with other departments and business units, regularly
interacting and communicating with business and operational personnel. This helps build a culture with
organisational processes and routines that support the business’s objectives.
Pdf_Folio:271

MODULE 4 Data Analytics, Interpretation and Visualisation 271

Resources
The resource panel prompts consideration of the resources needed to achieve the organisation’s strategic
objectives and what information may be required to identify the required resources.
In a typical organisation there may, for example, be four components of the resources panel.
• IT systems:
– What IT systems are required to deliver the organisation’s strategy?
• Infrastructure:
– What infrastructure – property, machinery or plant is required?
• Human resources:
– What are the organisation’s people and talent requirements?
– Does the organisation have the right people and if not, can it recruit them?
– Will the organisation need to train and develop staff or recruit new people?
• Values and leadership:
– What are the key culture and leadership deliverables that will enable the organisation’s strategy?
Like operations data, an organisation generates huge volumes of resource data. The key to an effective
data strategy is capturing the right data to answer the organisation’s resource questions.
• Interview data can be collected in quantitative and qualitative formats. Quantitative involves the
collection of data involving numbers and structured ranked responses. Qualitative is the collection
of data that is not in numeric formats such as written feedback, open-ended question responses,
observations or recordings. Interview data is a common way to collect feedback from the people in
the business.
• Self-assessment performance data provides answers to how someone sees their own performance or
how they like a product.
• Recruitment data is held by the HR department and can help to tell the organisation how successful
or otherwise their recruitment is. What is the absenteeism in the business? What about staff turnover,
training costs, sick days?
• Sensor and machine data arises from sensors and data collection capabilities built into machines and
IT systems. These generate large volumes of often real-time data on performance, fault detection,
capacity utilisation and many other areas.

Competition and Risk

The competition and risk panel prompts consideration of the organisation’s competitors and the risks the
organisation must manage. Competition and risk are the perspectives most often missing from strategy
maps and this poses a serious threat to successful strategic execution.
In terms of competition:
• Who is the organisation’s main competition and why?
In terms of risk:
• Are there specific market, customer, competition or regulatory risks that could derail the organisation’s
strategy?
• What are the operational, financial and resources risks the organisation faces?
Competition and risk data that can help an organisation deliver its strategy include the following.
• Fraud data. Many companies are building up data repositories on fraud activities. For example,
insurance companies are collecting increasingly sophisticated data on fraudulent claims and how to
predict them. Credit card companies and banks also focus on better predicting and detecting fraud
through data.
• Search engine data. What people search for and how they frame their search queries indicates what
they are interested in and may provide customer insights and help understand how the company’s value
proposition compares with competitors from the customer’s perspective.
• Social media data. If monitored properly, social media can act as an early-warning system. If customers
are unhappy about a product or service they will usually vent on social media and this can alert the
business to failings or areas to improve. It also enables the company to manage the situation to control
reputational damage.

Pdf_Folio:272

272 Digital Finance

PRIORITISING DATA NEEDS AND OBTAINING DATA
It is easy to be intimidated and even overwhelmed by the scope and importance of a data strategy, but
that is precisely why using a framework to focus attention on the priority issues is an effective approach.
Every business can use a data strategy framework to identify what it needs to know and then prioritise
obtaining the corresponding data (from the overall sea of big data), performing the appropriate analytics
and generating the information required to provide insights that support decision making and action. Of
course, some businesses are fortunate enough to be able to explore endless analytics and this process will
generate useful information. Still other businesses, including many in the financial sector, by their nature
will benefit from a comprehensive approach to big data and analytics.
The information needs identified inform what metrics and data are needed. There is a logical hierarchy
to seeking and obtaining data. This hierarchy reflects ease of access, ease of analysis and costs (see
figure 4.6).
In general terms, it is easier and less expensive to source internal data than external data, and to source
structured data than unstructured data (see section 4.4). Internal data is data the organisation has already
captured and stored through its existing processes. External data is data the organisation must obtain from
outside, whether by purchasing access or setting up systems to harvest the data.
Technology can often help transform semi-structured data and even unstructured data into structured
data by intelligently processing the data source. It is evident then that internal structured data will be
easiest to access and analyse, while external unstructured data will most likely involve the most cost and
difficulty. Some of the analysis may involve automation as explained in module 3, but it may also require
human intervention and judgement.
The high profile of big data and complex analytics over the past few years has led some people in
business to focus too much attention on external data and unstructured data. These can of course be highly
valuable for some needs, but if the business can effectively and confidently answer its questions from
internal structured data it should not waste resources seeking the answers elsewhere.
As with most business decisions, a cost–benefit analysis is a useful approach to deciding what data
should be sought and analysed and what should not. Ultimately the business needs to prioritise its
investment in data and analyse in alignment with how they will contribute to its strategic objectives.

How is Data Generated?

There are seven main ways data are generated. These are described below. Figure 4.6 summarises them
and indicates their relative costs and ease of collection.

FIGURE 4.6 Data generation — ease and cost

Easy/low cost User-

Transaction Created Provoked Compiled Experimental Captured generated
data data data data data data data
Internal
structured data

Internal semi-
structured
Internal
unstructured

External
structured

External
Difficult/high cost unstructured

Source: CPA Australia 2021.

Transaction Data
Transaction data is generated every time a customer buys something. This is true online and off and it
provides a powerful insight into what was bought, where it was bought and when. The value of transaction
data can be increased by combining with other data. For example, Walmart cross-referenced transaction
data with weather data and found that when a hurricane warning was issued not only did sales for expected
Pdf_Folio:273

MODULE 4 Data Analytics, Interpretation and Visualisation 273

items like flashlights increase, but so too did comfort foods and treats. Transaction data is usually internal
structured data.
Created Data
Created data is ‘created’ when people are asked questions and a mechanism is in place to capture their
answers. Examples include data created by market research surveys, focus groups or employee surveys.
People registering online for clubs or loyalty programs are also examples of created data as the person is
voluntarily providing information about themselves. Created data is usually structured or semi-structured
by the questions asked and can be internal or external.
Provoked Data
Provoked data is ‘provoked’ when people are invited to express their views. Examples of provoked data are
asking customers to rate and review a product or service. When customers purchase online, for example,
they are routinely ‘provoked’ to rate the product, the seller and the delivery using a five-star system.
Provoked data is usually structured or semi-structured by the nature of the rating system and can be internal
or external.
Compiled Data
Compiled data comes from the giant databases built by research and analysis companies such as
Experian and Acxiom. These companies compile vast amounts of data from different sources that build
detailed profiles of individuals. They provide a wealth of information including credit scores, addresses,
purchase histories, car ownership, insurance renewal dates, and so on. Compiled data is usually external
structured data.
Experimental Data
Experimental data is a hybrid of created and transaction data. This involves designing experiments in
which the subjects (often customers) receive different treatments (e.g. marketing messages) and observing
the results (e.g. whether a transaction occurs and the nature of the transaction). Experimental data is usually
structured or semi-structured and can be internal or external.
Captured Data
Captured data refer to information gathered passively from an individual’s behaviour, such as search
terms entered into Google or the location data generated by a mobile phone via GPS. Captured data have
exploded in volume, velocity and variety because of the Internet of Things (IoT).
Most people are unaware of the extent of data that is captured about them. Captured data are usually
unstructured and can be internal or external.
User-Generated Data
User-generated data is the data that individuals and companies produce consciously, or at least knowingly.
The data includes social media content. User-generated data is usually unstructured and can be internal or
external.
Example 4.10 examines how the Commonwealth Bank of Australia (CBA) hopes the introduction of
open banking (discussed in module 1) through the Consumer Data Right will enable it to provide an
enhanced customer experience. The consumer data right entitles customers to direct certain organisations
to share their data with other organisations (Hendry 2021).

EXAMPLE 4.10

Open Banking and Customer Experience

CBA Applies to Become Data Recipient Under CDR
The Commonwealth Bank has become … the first of the big four to apply to ingest data under the federal
government’s consumer data right (CDR) scheme, as it looks to boost its digital offerings in the wake of
the pandemic.
The bank revealed plans to become an accredited data recipient under the consumer data right on
Thursday in a bid to boost control for its customers, though it gave no timeline for when accreditation
might come through.
It comes as CBA’s annual tech spend continues to increase, with total investment now likely to come
in at $6 billion over five years, instead of the $5 billion over five years outlined back in October 2019.
Pdf_Folio:274

274 Digital Finance

 ‘We’re in the process of applying for accreditation to be able to ingest data,’ CEO Matt Comyn said at
a media briefing hosted at the bank’s new tech hub, dubbed the ‘Foundry’, in Sydney‘s Technology Park.
As an accredited data recipient, CBA will be able to receive a consumer’s data from an accredited data
holder and use it to provide an enhanced product or service, as long as they can adequately protect the
data from misuse.
There are currently only a handful of data recipients accredited by the Australian Competition and
Consumer Commission (ACCC) under the CDR scheme, the first phase of which went live for banking
last July after a series of setbacks.
Comyn said the move to become an accredited data recipient was central to CBA’s ambition to ‘make
sure that we’re serving up the most personalised and relevant and differentiated banking experiences to
our customers’.
‘We think it’s going to be really important, as data and access is being made more available to
customers, to leverage some of the capabilities that are going to available more broadly in the market,’
he said.
CBA has progressively been introducing new services into its CommBank app over the last two years,
including its digital ‘benefits finder’ which helped customer access more than $153 million in unclaimed
benefits and subsidies since it was introduced in September 2018.
Other new services introduced in recent months include the ‘Coronavirus money plan’ and ‘bill sense’,
both of which are budgeting tools to help CBA customers predict their cash flows and avoid bill shock.
At the briefing on Thursday, Comyn told iTnews that having looked to other markets such as the UK, the
initial services that CBA would offer as a result of the CDR data recipient accreditation could be around
‘aggregation and convenience’.
‘I think it’s the ability to bring together meaningful insights across a range of different data sources to
serve up compelling customer experiences,’ he said.
‘We certainly don’t feel that we’ve got a comprehensive handle on exactly how that might evolve, but
it’s an area that we think there’s large opportunities for us and potentially threats.
‘The design of the legislation, is to continue to deliver great customer benefits across a range of different
sectors over time.’
Everyday banking executive general manager Kate Crous said that as part of the open banking
push, CBA had developed a hub within its app called ‘For you’ to deliver ‘personalised offers, specific
experiences and relevant connected services’.
‘At its simplest, For you is a personalised content feed for customers, helping them to understand
exactly what is unique and what they need in that moment,’ she said.
‘It also helps us showcase and connect external products and services for our customers, so they can
start shopping straightaway with Klarna, or we can guide them and introduce them to Home-in — one of
X15’s ventures — that will guide them through the journey of purchasing a home.’
Digitally active CBA customers now number 7.5 million, up from 7.4 million in August, with more than
6.3 million customers now regularly using the CommBank app and about $1 billion in value is transmitted
each day.
Tech Spend on the Up Amid Pandemic
Ahead of its half yearly results next month, Comyn said CBA’s ‘bold ambition’ for technology would mean
that further investment is need to keep up with domestic and international trends.
‘We think we come with some very strong capabilities, but there’s a lot happening in the broader context,
both domestically and internationally,’ he said.
‘And we certainly intend to increase our investment in technology and in digital, particularly.’
He said that while tech spending was estimated at $5 billion over five years in 2019, that figure was now
closer to $6 billion.
‘A couple of years ago we said we expected to spend at least $5 billion over the next five years, and you
would have seen even in our full year results from last year that number has been continuing to increase,’
Comyn said.
One major area of investment is the customer engagement engine behind CBA’s personalised services,
which is ‘running about 400 ML models’ and ‘ingesting 157 billion data points in real-time’.
‘That customer engagement engine, in terms of throughput, is delivering about 35 million decisions per
day, and it’s done in ... about less than 300 milliseconds for each of those decisions,’ Comyn added.
Source: Hendry 2021.

.......................................................................................................................................................................................
CONSIDER THIS
If customer data becomes more open and thus shared among competing businesses, how will an organisation create
a data-based competitive advantage?

Pdf_Folio:275

MODULE 4 Data Analytics, Interpretation and Visualisation 275

 QUESTION 4.3

Differentiate structured from unstructured data, and internal from external data. Using these
classifications, identify which type of data is easiest and least expensive for an organisation to
collect and provide an example.

ANALYSING DATA
The choice of analytical approaches, development and validation of models and the various issues that
need to be considered in the data analytics process are discussed in detail in part C. An organisation’s data
strategy must of course be constructed so that it supports the types of analyses an organisation will perform
to obtain the information it requires. As explained in table 4.1:
• descriptive analytics summarise past or current performance
• diagnostic analytics determine cause and effect
• predictive analytics forecast future performance
• prescriptive analytics determine a course of action.
Descriptive and diagnostic analytics often draw on conventional statistical methods while predictive and
prescriptive analytics often require the application of AI, including ML. The cost of the technology and
other resources to support various types of analysis should be assessed against the value expected to be
generated. As is evident from CBA’s investment in data analytics technologies, described in example 4.10,
the resources required can be enormous — and so can the value created.

COMMUNICATING TO SUPPORT DECISION MAKING

Big data and analytics have the potential to lead to innovation, greater customer understanding and real
time monitoring of what’s happening in a business. Only when the results are presented to the right people
in a meaningful way is the value of the data and investment in analysis valuable. Parts E of the module
describes in detail how to visualise data and communicate insights to decision makers.
Business leaders often struggle to digest all the information they receive in the course of a normal week.
They receive floods of emails and countless reports they only skim read, if at all, so the idea of adding to
that data explosion is not welcome news for most executives. Too often crucial strategic information is lost
within a 50-page report.
It is important that information, analysis and advice are reported in a way that ensures the relevant
people get the right information, in the right format, so they can make the right decisions more often. The
data strategy needs to include mechanisms and tools for timely and effective communication to the right
people. It also needs to consider how to reinforce the role of data and analytics in decision making. This
may involve a cultural shift in the organisation. Again, this should be part of the data strategy.

4.7 DATA STRATEGY IMPLEMENTATION

To obtain the greatest value from analytics, technology, finance and other business leaders need to work
together to create a data program that ensures the data strategy actually produces the required business
intelligence. This will typically involve (Ladley 2016):
1. clearly articulating business strategies
2. deconstructing the business strategies into a set of specific goals and objectives — the targets
3. identifying the KPIs that will be used to measure progress towards each target
4. prioritising the KPIs
5. creating a plan to achieve goals and objectives based on the priorities
6. estimating the costs needed to implement the business intelligence plan
7. assessing and updating the priorities based on business results and changes in business strategy.
This process links the business strategy to observable and measurable business intelligence outcomes
and provides a roadmap for implementing the data strategy. As with any strategy, a detailed implementation
plan must be formulated and put into action if a business is to successfully introduce and benefit from a
data strategy.
Pdf_Folio:276

276 Digital Finance

 This section examines key steps in implementation that should be covered as part of an implementation
plan, including issues around data ownership, organisational politics and culture, data management
systems, projects and the crucial process of change management to create an organisational culture that
values data and analytics and prioritises data-informed decision making.

DATA ‘OWNERSHIP’, ORGANISATIONAL POLITICS

AND CULTURE
Chief executive officers (CEOs), chief financial officers (CFOs) and other decision makers benefit from
high-quality information, analysis and advice. Data and analytics, and the business intelligence they
provide, are high priorities on the agendas of senior leadership and management in most successful
organisations. Sound data practices also underpin compliance with privacy and security laws and reporting
regulations.
Decisions around data and analytics are often challenging and complex because of the technical
considerations and requirements. This challenge is compounded by a potentially much larger and more
difficult issue: organisational politics and data ownership. In other words, who owns or is responsible for
the data and how do they approach this responsibility?
Data ownership problems exist when there are no policies defining responsibility and accountability for
managing data. These are exacerbated when those who manage the data are not the same as those who
rely on it and when those responsible for data management have not ‘bought in’ to the value of data to the
organisation.
Inconsistent data formats of various departments create an additional set of problems as organisations
try to combine individual applications into integrated enterprise systems.
The tendency to delegate data-quality responsibilities to technical teams is another common pitfall that
stands in the way of accumulating high-quality data and achieving high-quality analysis. The technical
teams have no control over data quality and do not rely on the analysis it supports. Business users do have
such control and are the users of analytics. Business users should, therefore, have (or at least substantially
share) responsibility for data quality.
Those who manage a business or part of a business are tasked with trying to improve business
performance and retain customers. Compensation is tied to improving profitability, driving revenue
growth, and improving the quality of customer service. These KPIs are monitored closely by senior
managers who want to find and eliminate defects that harm performance. It is strange then that so few
managers take the time to understand how performance is affected by poor-quality data. Guidelines for
business leaders include the following.
• Build a data culture. Senior leaders and managers establish the expectation that decisions will be based
on data and sound analysis.
• Connect data to performance. Establish KPIs for staff and departments that build in reliance on data
and analytics.
• Make data and analysis pervasive and accessible. Ensure data scientists, analysts (including accounting
and finance personnel) are integrated throughout the business units.
• Make it work. Technology-based systems sometimes break or fail to support desired functions. To ensure
people want to use them, fix any problems quickly.
• Acknowledge uncertainty. Require analysts and decision makers to assess the degree of uncertainty in
their decisions and how it has arisen.
• Model the process and celebrate victories. Showcase positive business results that have arisen from use
of data and analytics, and demonstrate how it was done.
• Help everyone benefit. It is natural to focus analytics on customers and financial data, but buy-in can be
improved by using analytics to improve the experience of internal stakeholders such as employees.
• Insist on consistency. Promote the need for data to be an organisational asset, not a siloed
departmental one.

Pdf_Folio:277

MODULE 4 Data Analytics, Interpretation and Visualisation 277

 Example 4.11 describes some of the problems arising from siloed data.

EXAMPLE 4.11

Big Data in Risk Management

Risk management is perhaps the priority issue for retail bank executives. Disregard for risk was a
major reason behind the global financial crisis and getting the risk–return balance wrong has direct
consequences for any financial services institution. Despite risk management strategies, many banks still
incur huge losses. Part of the problem is that some banks’ information systems enable them to monitor
risk only at the product level, for example, mortgages, loans or credit cards.
Product-level risk management information systems monitor a customer’s risk exposure for mort-
gages, loans or credit cards, and so on — but not for a customer for all products. With product-
level information systems, a bank cannot see the full risk exposure of a customer. The limitations of
these siloed product-level risks have serious implications for business performance because bad-risk
customers cannot be identified easily, and customer data in the various information systems may differ.
However, banks are increasingly using big data to analyse risk more effectively. Cheaper and faster
computing power allows them to keep better and more inclusive records of customer data. Portfolio
monitoring offers earlier detection and predictive analytics for potential customers, and more advanced
risk models show otherwise undetectable intricate patterns in large data sets. Also, more fact-based
inputs and standardised organisational methods are being implemented to reduce loan and credit officer
bias to take risks on undesirable customers.
Consider what happens when each product-level risk management information system feeds data to
marketing information systems. Marketing may offer bad-risk customers incentives to take out another
credit card or loan that they cannot repay. And since the bank cannot identify its best customers either,
they may be ignored and enticed away by better deals offered by competitors.
This scenario illustrates how data ownership and data-quality management are critical to risk manage-
ment and indeed to the creation of value for the business and its customers. An effective data strategy
must therefore maximise integration of data across the organisation.
Data defects and incomplete data can quickly trigger inaccurate marketing and mounting losses. Banks’
increasing dependence on business modelling requires that risk managers understand and manage risk
models better. Although losses often go unreported, the consequences of errors in the model can be
extreme. For instance, a large Asia–Pacific bank lost USD4 billion when it applied interest-rate models
that contained incorrect assumptions and data-entry errors. Risk mitigation will entail rigorous guidelines
and processes for developing and validating models, as well as the constant monitoring and improvement
of them (Harle, Havas & Samandari 2016).

.......................................................................................................................................................................................
CONSIDER THIS
Has your work been affected by issues around data ownership or the siloing of data with your organisation? Why
has this occurred?

Understanding the impact mismanaged data can have on business performance highlights the need to
make data ownership and data accuracy a high priority. These are part of the concept of data governance.
The other important aspect of data governance relates to complying with legal and ethical obligations.
Most countries have implemented laws and regulations that affect what data an organisation can collect
and what it can do with that data. Laws also impose obligations on organisations to ensure data is secure —
there are substantial penalties for breaching confidentiality around customer data.
As part of their data culture, organisations should also embed ethical standards of conduct. A key ethical
issue is transparency around how the organisation will use the data it collects from customers. Companies
and applications often present extensive terms and conditions to users and customers, but most people do
not read them — and even if they do read them, they do not understand them or understand the implications
of what they are agreeing to. However, establishing a (potential) legal right to use a customer’s data is
insufficient. The organisation must also act ethically and consider the reputational impacts of how it uses
data. For example, some users of Google’s free Gmail service have launched lawsuits to try to prevent
Google from analysing the content of their emails. Google’s terms and conditions give it the right to read
and analyse the content of all emails sent or received by a Gmail account. It appears to use this data mainly
to better target advertising.
Transparency around how an organisation uses data can be coupled with including that usage as part
of the value proposition offered to customers. In this way, the organisation can win customer support for
their data collection and use.
Pdf_Folio:278

278 Digital Finance

DATA MANAGEMENT SYSTEMS
Data management is the process that oversees the data life cycle from creation and initial storage to the
time when it becomes obsolete and is deleted. The phases of the data life cycle most relevant to analytics
are shown in figure 4.7.

FIGURE 4.7 The data life cycle

Business
Data Results applications
sources and Data storage Data analysis
databases Data SCM
visualisation
Internal
data OLAP, CRM
Data marts Queries,
EIS, DDS
External Data Decision E-commerce
data warehouse support

Data marts Data mining Strategy

Personal
Knowledge
expertise
Deletion of and its
and Business analytics Others
obsolete data management
judgement

Source: CPA Australia 2021.

The objectives of data management include:

1. mitigating the risks and costs of complying with regulations
2. ensuring legal requirements are met
3. safeguarding data security
4. maintaining accuracy of data and availability
5. certifying consistency in data that come from or go to multiple locations
6. ensuring that data conform to organisational best practices for access, storage, backup and disposal.
Most companies use the systems development life cycle (SDLC) to guide them through the process of
designing and implementing new systems. The SDLC is a multiple-stage approach to developing high-
quality systems from planning and analysis through support and maintenance. The SDLC provides a
framework for a number of different systems development methodologies.
Typical SDLC activities include gathering the user requirements, determining budgets, creating a logical
systems design, creating physical systems, building and testing the system, writing detailed user and
developer documentation, training users and maintaining the system. The activities performed during
systems development vary depending on the size and complexity of the system.

System Development Life Cycle

The SDLC is triggered by a systems request, which arises from the formulation of the data strategy. It
describes the requirements of the system. The SDLC then consists of five stages.
• Planning. This stage establishes what will be required to deliver the system, resulting in a project plan.
• Analysis. This stage creates a systems proposal that will meet the requirements, including budget.
• Design. This stage converts the systems proposal into a systems design specification.
• Implementation and testing. This stage builds the system, checks that it works and makes adjustments
as necessary, resulting in a system that functions as requested.
• Support and maintenance. This stage ensures users can properly use the system and seeks to maintain
and enhance the system over time. When undertaken by a responsible department or external provider,
a service level agreement will often be in place to detail responsibilities and expectations.
The SDLC is summarised in figure 4.8. The SDLC is an iterative process, not a linear one. This means
that when results from one stage are assessed, they can be revised, if needed, and a previous stage can be
revisited before continuing on to the next stage.

Pdf_Folio:279

MODULE 4 Data Analytics, Interpretation and Visualisation 279

 FIGURE 4.8 System development life cycle

System request

Service level
agreement Planning Project plan

Support and
Analysis
maintenance Systems
development

Working Systems
system proposal

Implementation
Design
and testing

Systems
design
specification
Source: CPA Australia 2021.

Database Management Systems

Database management systems (DBMSs) integrate with data collection systems such as transaction
processing systems and business applications, store the data in an organised way, and provide facilities
for accessing and managing that data. DBMS functions include the following.
• Data filtering and profiling. Process and store data efficiently. Inspect data for errors, inconsistencies,
redundancies and incomplete information.
• Data integrity and maintenance. Correct, standardise and verify the consistency and integrity of
the data.
• Data synchronisation. Integrate, match or link data from disparate sources.
• Data security. Check and control data integrity over time.
• Data access. Provide authorised access to data in both planned and ad hoc ways within an
acceptable time.
Regardless of how data are collected, they need to be validated so users know they can trust them. The
expression ‘garbage in, garbage out’ (GIGO) highlights that analysis based on poor quality data will be
counterproductive.
Data quality is undermined by being:
• incomplete, such as missing data
• outdated or invalid, for example, too old to validly measure current practices
• incorrect, for example, too many errors
• duplicated or in conflict, for example, too many copies or versions of the same data and the versions are
inconsistent or in conflict with each other
• non-standardised, for example, data is stored in incompatible formats and cannot be compared
or summarised
• unusable, for example, data is not in context to be understood or interpreted correctly at the time
of access.
The cost of poor-quality data may be expressed as a formula:

Cost of poor-quality data = Lost business + Cost to prevent errors + Cost to correct errors

Pdf_Folio:280

280 Digital Finance

 QUESTION 4.4

What is the key advantage of iterative systems development approaches over linear approaches?

DATA MIGRATION
An organisation adopting a data strategy will almost certainly introduce new systems that have been
designed specifically for the organisation’s big data and advanced data analytics requirements. The
introduction of the new system will require the organisation’s existing data to be migrated from its legacy
systems to the new systems.
Data migration is a complex process. Successful data migration establishes a robust and high-quality
data set that will be the foundation for the organisation’s future data and analysis needs. On the other
hand, a poorly executed data migration program can compromise the quality of the organisation’s data
before its new strategy even begins.
Data migration will usually occur using a project methodology to ensure all required steps are planned
for and occur in a timely and cost-effective way. People within the organisation should be closely involved
in the planning for the migration to ensure disruption is minimised. A well-planned data strategy and
implementation plan will have used consultation to consider the impacts on the personnel and their needs
of the new system will have been integrated into the new system’s design.
People within the organisation will experience data migration directly as the systems and interfaces they
use to access and work with data will change. A change management program should include training and
support to help personnel realise the benefits offered by new systems.
Data migration is summarised in figure 4.9.

FIGURE 4.9 Data migration

Test
migration

Data Final
cleaning migration

Maintenance

Security
Data
Data migration Validation New systems
mapping
Flexibility

Future proofing

Legacy Change
systems management

Consultation

Source: CPA Australia 2021.

The new system will use a different structure to existing systems. In some cases, it may be set up to
hold raw data so no details are lost, whereas in other cases there may be defined variables for each record,
though most big data systems can work with incomplete records where each record may include entries
only for some variables. It is important to ensure information from the old system is data mapped to the
new system.
Pdf_Folio:281

MODULE 4 Data Analytics, Interpretation and Visualisation 281

 As part of data migration, a data cleaning process should be implemented. This is designed to improve
the quality of the data sets by:
• removing errors, outdated data and duplicates
• completing missing records
• resolving inconsistencies.
The new system should include robust security measures to ensure compliance with legal and ethical
obligations. When the new system is hosted on a cloud platform, security may be outsourced to the cloud
provider, but the organisation is still ultimately responsible for the security of its data.
Once the migration — the actual transfer of data from one system to another — is complete, an integrity
check/validation process should be performed. This process compares the data in the two systems to ensure
nothing was lost or corrupted during the migration.

QUESTION 4.5

When data migration, from old to new systems, is taking place what can organisations do to improve
the quality of the data so that high-quality analyses can be produced?

CHANGE MANAGEMENT
An organisational culture represents shared underlying beliefs, norms, values, assumptions and expecta-
tions, which influence the typical patterns of behaviour and performance characterising an organisation.
The organisational culture strongly influences the way that things get done in an organisation. For an
organisation to create the most value from its data strategy, it needs to have a culture that values data and
analytics and relies on them for data-informed decision making.
In any major organisational transformation effort, achieving cultural change is probably the most
difficult. Change management, then, should be a major focus in the implementation of a data strategy.

Kotter’s Eight-Step Framework for Successful Change Management

Kotter (1995) proposed an eight-step framework to lead successful change management. All eight steps
need to be performed well if the organisation is to be transformed.
1. Establish a sense of urgency. Communicate the deficiencies in the current situation and ensure senior
leaders and managers clearly, consistently and immediately model the new culture and behaviours.
2. Create a guiding coalition. Engage key people from every part of the organisation to form a team to
collectively design an approach to creating change and to individually act as agents of change throughout
the organisation.
3. Develop a vision and strategy. A clear picture of what the future organisation should look like helps
the organisation to align, concentrate and coordinate everyone’s efforts towards attaining that goal. The
vision should be inspiring, but tangible enough to implement.
4. Communicate the vision. The required change should be embedded in all channels of communication
from policies, formal communication and informal communication, at all levels of the organisation.
Managers in particular can emphasise the vision through their daily decisions and actions.
5. Empower others to implement the change. The organisation must ensure the change managers have the
power to change structure and processes and empower individual team members to change their own
approaches accordingly.
6. Generate short-term wins. Organisational transformation is a long-term process, even when urgent.
Celebrating small achievements establishes the rewards available for success and helps motivate further
efforts. The change team should design several short-term targets, which can be achieved quickly and
reward people who made the wins possible. Wins make it more difficult to resist or dissent.
7. Consolidate gains and produce more change. The change program is likely to require continuous
improvement and new aspects over time to ensure the organisation is truly transformed and the new
culture becomes embedded. Concluding the program too soon can result in fast reversal.
8. Anchor new approaches in the culture. Anchor new approaches in the culture. Make sure the change
has been implemented and embedded clearly in behaviours, shared values and the daily operations of
the organisation.

Pdf_Folio:282

282 Digital Finance

Data Champions
Data champions are people with strong data and communication skills who actively promote the benefits
data can provide and support the use of data analytics in decision making within an organisation. They
will usually be the people we described in table 4.3 as Data Aristocrats. Example 4.12 looks at the role of
data champions and presents a summary data strategy for a large and complex government department.

EXAMPLE 4.12

Data Champions and Data Strategy

The Australian Government Department of Education, Skills and Employment (DESE) collects extensive
data about Australian businesses, workplaces, employees, students, trainees and jobseekers. It has
implemented a data strategy designed to support each department staff member to ‘enhance [their] work
and deliver on business goals’.
To promote best practice, use of data and analytics in the department, it has appointed a data champion
who works to instil the organisation’s people with good data management and data governance, reliance
on data to inform research, policy and programs, and leadership and management based on knowledge.
The data champion outlines a vision for the department and then works to embed it within the department’s
culture and actions (DESE 2020):

With the Data Strategy, we are building on our current capability and enhancing how we use data
now and into the future. We work hard to make the best use of our data, and we want to improve on
our current position, to be forward thinking, agile and proactive to deliver on our departmental vision.

The data strategy is summarised in figure 4.10, along with its alignment to other strategies.

FIGURE 4.10 DESE data strategy

Harness our data Grow our capability

We harness our data to develop meaningful We grow our data and technological
and compelling arguments and improve our capability to gain insights from our data.
services.
We will:
We will: • ensure staff strengthen their capability to
• adopt a holistic approach in our acquisition use our data well
of data • use emerging forms of data-driven
• ensure our data is high quality with technology.
well-developed supporting
documentation Grow
• use appropriate tools to gain
insights from our data.

Harness Share

Communicate data insights

We interpret and communicate the Communicate Protect our data
insights gained from our valuable data We share our data to empower
to improve our business. our stakeholders and so that we
can benefit from the insights
We will: others can draw out via analysis,
• communicate and apply insights evaluation and research.
we gain from data to improve our work
We will:
• bridge the gap between data skills and
• improve how we share our data internally
policy skills
and externally
• bridge the gap between data skills and
• release our open data and safely share
program delivery.
our public-value data.

Data strategy on a page

Pdf_Folio:283

MODULE 4 Data Analytics, Interpretation and Visualisation 283

 Data literacy, workforce Digital literacy, data
planning, software learning development, analytical
and development software access and
support

People IT

Our strategic plan Storage, re-use and

overall, how data disposal standards
enables it

Plan IMT
Data strategy

Alignment with other strategies

2019 2020 2021

Metadata
Project scoping Data asset design protocol Collecting and storing metadata

Data sharing
Data sharing and release policy Data sharing agreement Capitalise on sharing
protocol opportunities

Capability Assess staff capability Learning and development program

Assess analytical Specialist skill learning Pilot emerging

platforms pathways technology
Collaboration
Scope communities of practice Develop communities of practice

Data hub
Stocktake existing assets Data hub Improve access

Promotion
Use existing forums Technology showcases Data showcases
Towards implementation: the roadmap

Source: Department of Education 2021.

AGILITY, RESPONSIVENESS AND CRISIS MANAGEMENT

The previous section outlined a detailed approach to achieving organisational transformation using a
change management methodology. The aim is to instil an organisational culture that values data and
analytics, in which decisions are made based on insights gained from interpreting the output of analytics.
One of the consequences of such an approach is that the organisation is better positioned to respond
quickly to changes evident from their data collection. Ultimately this may result in an organisation built
on agile principles. These principles can be described as a stable core around the organisation’s basic
functions while the organisation adds and removes resources and capabilities as necessary to respond to
strategic and operational opportunities identified through its big data and analytics initiatives. After all,
the point of the investment in big data and analytics is to enable the organisation to better achieve its
strategic goals, that is, taking action based on its insights and decisions.
Crises by their very nature have substantial impacts, are challenging and sometimes impossible to predict
and require well-informed and decisive management. Organisations can prepare themselves by having
robust risk assessment and management approaches. This, for instance, means that if a natural disaster,
terrorist attack, market crash, or cybersecurity breach occurs, the organisation is already knowledgeable
about the threat, its impacts and potential remedies. The ability to access and analyse real-time data in such
situations greatly improves the quality of decision making.
The global financial crisis in 2008–09 prompted greater investment in financial data and this coincided
with the rapid expansion of big data. The Bank for International Settlements (BIS) (2018) noted that there
Pdf_Folio:284

284 Digital Finance

were often clear warning signs in the lead up to each major financial crisis, but that these warnings were
generally ignored. The BIS suggests that the ability to predict, possibly ward off and at least respond better
to financial crises requires policymakers to better engage with financial market data, focus more on risks
and find new and better ways data can be used to provide insights to financial stability (and instability).
BIS suggests rough aggregates can be sufficient to signal the emergence of financial instability. Once a
crisis hits, however, more granular and real-time data is needed to inform decisions. As investment bank
Lehman headed towards bankruptcy in 2008, the major banks were unable to measure their exposures to
Lehman. This led to greater market panic which in turn undermined the ability of regulators to mitigate the
crisis. Today, however, the extent of interconnection between the world’s largest banks (those that are most
crucial to the stability of the global financial system) is much better reported, as is the trade in derivatives.
BIS also acknowledges the potential of big data and ML to provide early insight into impending financial
crises, but warns focus is needed to identify which data and metrics are useful in this regard.

IMPLEMENTING DATA STRATEGIES IN SMALL BUSINESSES

In the past, smaller organisations’ data strategies were limited by the availability of resources and
sometimes by a lack of available data. That has changed. Advances in technology have given even small
organisations access to affordable tools with advanced features, even some that have ML or artificial
intelligence (AI) capabilities. The ability for smaller organisations to do advanced analysis with limited
resources means their strategy can be more forward thinking and advanced. Another enabler has been the
greater availability of data. There is a lot more open and low-cost data available. A relatively simple, but
valuable use of analytics is described in example 4.13.

EXAMPLE 4.13

Validating Allowances
An organisation that provides weather allowances to its staff paid $90 to access current and historical
Bureau of Meteorology data for all the locations employees work in. That data was then used to build some
simple models that correlated allowance claims to the weather that actually existed in those locations
when those claims were made. This provided a layer of insight into those claims that would not have been
possible just a decade ago.

Small organisations often have an advantage over larger organisations when it comes to awareness of
what data exists in the organisation and awareness of the quality of that data. For example, banks and
insurance companies often have massive data volume and variety of data, but they often struggle to actually
understand how to access and use it. Smaller organisations often better understand the data they have and
how they can draw insights from it.
.......................................................................................................................................................................................
CONSIDER THIS
How would you describe and justify your data needs if you were contributing to formulation of a data strategy for
your organisation?

QUESTION 4.6

What types of assistance or advice could an accountant provide to improve data collection in
an organisation?

SUMMARY
Big data and analytics tools offer great potential to generate insights into almost every aspect of a business,
but businesses often fail to convert this potential into organisational performance. A data strategy is an
effective method to guide how the business will access, analyse and use data in a way that is aligned to
business objectives and so will maximise the ROI in data and analytics.
Pdf_Folio:285

MODULE 4 Data Analytics, Interpretation and Visualisation 285

 Some organisations are able or compelled to invest enormous resources into building analytics capabil-
ities that can explore big data, while others with more limited resources need to work out the information
they need to make high-quality decisions and then focus the investment in data and analytics on generating
that information. A comprehensive data strategy should incorporate all valuable uses of data across the
organisation. Analytics is a crucial part of this, but not the only aspect.
A data strategy should include a detailed implementation plan. If the organisation is transitioning to
data-informed decision making it will need to establish data literacy across the organisation and embed a
culture that values the role of data and information in making decisions.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

4.1 Evaluate the effectiveness of integrating big data and data analytics to create efficiencies and
valuable insights in solving complex business problems.
• Big data and analytics provide almost endless potential to generate insights, but where resources
are constrained the investment should be guided by the information needed to create efficiencies
and generate the insights that are most valuable in the organisation’s decision-making.
• A data strategy guides the way data and analytics will be implemented into the organisation, with
a focus on creating efficiencies and valuable insights relevant to the organisation’s objectives.
4.3 Design the requirements for a robust data strategy including a plan for managing the
complexity of practical implementation.
• A data strategy should align with the business strategy and cover data requirements; analytics
requirements; implementation requirements including data governance, systems and change
management; communication; and interpretation and application.
• Various frameworks are available to focus a data strategy on the business’s information needs.
• Implementing a data strategy often requires significant changes to the organisation’s culture to
embed reliance on data for decision making, and to overcome data siloing and other effects of
organisational politics.
• A data strategy implementation plan should include detailed plans to develop or acquire the
necessary technology and to migrate data where necessary.

Pdf_Folio:286

286 Digital Finance

PART C: DATA ANALYTICS
INTRODUCTION
Data analytics is a critical function in modern business. It brings together data from the business, market
and economy to provide managers with actionable information and insights. The purpose of this part is
to provide accounting and finance professionals with the knowledge they need to initiate, manage and
evaluate data analytics projects within their organisation. The intention is not to turn accounting and finance
professionals into data scientists, but to ensure they have the knowledge required to leverage data analytics
successfully.

4.8 WHAT IS BIG DATA AND ANALYTICS?

Every minute, people (and increasingly AI tools) in businesses around the world make decisions that
determine whether the business will profit and grow, or stagnate or die. In high-performing organisations,
most of these decisions involve data.
‘Data’ are part of a business’s information system, but, as we have discussed, data alone are not
information. Rather, to be useful, data must be gathered, processed, stored, manipulated, analysed
and tested using valid statistical methods. Only through this process do data reveal information that
management can use in formulating a business strategy and making business decisions.
This section will explain the relationship between data, big data and analytics.

BIG DATA
Big data refers to very large and complex data sets that cannot be stored or processed by traditional data
tools and methods. Big data can be generated by:
• businesses (e.g. consumer generated, financial statements, sales guidance)
• government agencies (e.g. fiscal data, economic conditions)
• financial markets (e.g. stock prices, bond yields)
• sensors (e.g. satellite imagery)
• IoT.
As we described in module 1, big data is often described in terms of the four Vs:
• volume — the large size of the data sets created by collecting and storing the data generated by devices,
transactions and interactions
• variety — the breadth and depth of data sets that arise from diverse sources
• velocity — the speed at which new data is generated and accumulated within data sets
• veracity — the variable quality of data sets given the diverse source of data collected.
The economics of data is based on the idea that value can be extracted through analytics. We should
therefore add value as a fifth ‘V’ to any description of big data. Companies that are able to use big data
astutely are able to derive better insights, improve decision-making, and potentially gain a significant
competitive advantage.
The enterprise needs to conduct the cost–benefit analysis of collecting and analysing data to determine
whether there will be sufficient ROI before undertaking a big data project initiative. Cost‐effective
mobilisation of massive‐scale data is one of the characteristics of big data. Ultimately, the value of big
data arises from the actions the business takes based on its analysis. In earlier modules, we have already
examined some of the applications that financial institutions are building based on big data to optimise
customer experience.

Conventional Analytics
Conventional data generation and capture is pre-determined and pre-designed. Specific data is required to
inform specific analyses and thus support certain types of decisions. Conventional statistical analysis often
involves using a sample of data to reach conclusions about the population from which the sample is drawn.
This process is known as statistical inference because it infers with varying degrees of confidence that
the patterns observed in the data (sample) are present in the wider population from which the data were
collected. The inference is based on a probability model and requires the sample to be selected according
to statistical principles.
Pdf_Folio:287

MODULE 4 Data Analytics, Interpretation and Visualisation 287

 Statistical analysis uses methods such as regression models to:
• describe and quantify ‘on average’ relationships (e.g. between advertising and sales)
• to predict new behaviours (e.g. whether a patient will react positively to a medication)
• to forecast future values (e.g. next week’s web traffic).
The statistician must analyse each business or statistical problem to determine the most appropriate
statistical methods.

Big Data Analytics

Analytics using big data takes a different approach. Big data analytics combines several disciplines,
including computing, database management and data science. Collecting, storing, retrieving, updating
and analysing the vast and complex data sets that characterise big data presents special challenges. For
example, a lot of the data are unstructured. How do we search for patterns and trends in such data? How
do we filter out irrelevant information and focus on the key aspects of interest? How do we know whether
each piece of data we hold is valid or true?
In part A we described data mining as the use of technologies that incorporate data science principles.
Increasingly often, data mining is performed using ML, which we described in module 3 as one of the key
technologies transforming finance.
The main outcomes of data mining are:
• discovering similarities or shared characteristics in the data, thus identifying groups
• finding relationships between variables
• modelling relationships between variables (regression)
• classifying data into types
• detecting anomalies and outliers
• presenting findings.
It can be tempting to think of data mining as ‘bigger’ or ‘faster’ statistical analysis. However, the type
of insights that can potentially be found from data mining were simply never possible with conventional
statistical approaches, regardless of the resources available. Data mining based on ML and other AI
technologies is able to intelligently and iteratively explore and analyse extensive data sets in order to
identify information and patterns, and to predict behaviours in ways that are not feasible using conven-
tional statistical approaches. For example, Woolworths’ data mining initiative discovered a correlation
between buying lots of milk and having fewer car crashes (Black 2019). Would anyone have hypothesised
that link? Online travel booking site Orbitz discovered that it could successfully price hotel rooms higher
for Mac users than for Windows users. Another application is detailed in example 4.14.

EXAMPLE 4.14

Prescriptive Analytics: Creating Smart Fixed-Income Portfolios

BondIT (IBM 2020) is a fixed-income advisory services provider located in Israel. BondIT provides a
platform that investment advisors use to construct efficient smart fixed-income portfolios tailored for
individual customers. BondIT’s software uses ML capabilities to produce custom portfolios quickly
regardless of the investor’s unique requirements.
BondIT tested various algorithms to determine which model reliably produced the best results. The
algorithms take into consideration numerous interconnected variables and constraints to determine the
best course of action that will enable investors to make better-informed investment decisions and achieve
their goals (i.e. optimise returns versus risks).
The chosen solution was IBM’s ILOG CPLEX Optimisation Studio, which is a prescriptive analytics
solution. It uses mathematical and constraint programming that enables rapid development and deploy-
ment of recommendations around optimal actions for investment advisors to use when creating smart
fixed-income portfolios based on investor specifications.

HOW IS BUSINESS USING BIG DATA?

The value of big data for the enterprise is to combine structured, semi-structured and unstructured
data to generate insights regarding customer experience, future trends, product preferences, supply chain
operations and numerous other aspects relevant to the business’s value proposition. Big data provides
significant potential to enhance the operational efficiency and infuse innovation within an enterprise at a
Pdf_Folio:288

288 Digital Finance

time of economic constraints, digital transformation and steep competition. Some of the reasons businesses
are adopting big data include the following.
• Consolidation. The ability to integrate data from all sources and types into one consolidated data store,
but in various formats and structures, enabling faster and seamless integration of external data with
internal data.
• Data‐driven insights. The ability to provide insights from analysis of a combination of structured, semi-
structured, and unstructured data, maintained at the granular level, that enables valuable insights that
are not possible with summary‐level data.
• Analytical workforce. Better utilisation of team members in analysing and interpreting rather than just
collecting data.
• Visualisation. Transformation of raw data into a meaningful, visually interactive, appealing, and iterative
form so that it is easier for the users to interpret and draw insights.
• Operational efficiency. Cost-effective and efficient automated processing of high‐volume data with low
latency so that the users can conduct real‐time analysis and decision making for operational efficiency
and growth.
• Enhanced productivity. Increased employee productivity due to efficient data integration and manage-
ment, transparency in data sharing and real‐time or near real‐time responses to customer queries.
• Cost reduction. Open data systems and cloud technology for cost-effective data management.
• Competitive advantage. Transforming a business to take advantage of big data insights can create an
important source of competitive advantage.
Companies are gaining insights from big data in a variety of different ways. For example:
• Analysing business activity data helps organisations understand market conditions, identify trends in
consumer credit and defaults, and even predict threats of infectious disease. Business activity data is
usually structured and may include banking records, insurance purchases, e‐commerce trade, credit
card transactions and medical records.
• Business operations data can be analysed to predict daily sales, forecast new subscriptions, and match
customers to suitable products. The manufacturing industry can also use business operations data to
identify potential problems before they happen, through preventative maintenance triggers. Business
operations data is generally semi-structured and can include accounting, operational and transactional
reports, HR, payroll and industry-specific information, and website files, pages and feeds.
• Analysing social media data can help businesses understand their customers’ views, estimate users’
voting intentions, and even forecast the stock market index. Social media data is usually unstructured,
and can include social networking such as LinkedIn, Facebook and Twitter, uploading photos on
Instagram, uploading videos on YouTube and blogs.
• Analysing data from the IoT can determine real‐time arrival and departure information for flights and
trains; the location of a mobile phone via GPS tracking; and real-time alerts from video data. It can
even predict customer inflow by counting the cars in a car park. IoT data is generally semi-structured or
unstructured, and can include traffic, weather and location data; and security, surveillance and satellite
videos and images.

BIG DATA IMPLEMENTATION

Data platforms are not ‘one size fits all’. The most effective big data tools will complement business
strengths and the existing technology footprint. Often, this will entail a combination of legacy and new
technology, and off-the shelf and open-source software. For example, a business may have a large data
set, with half relevant to running transaction-based applications that could be managed within the existing
enterprise data warehouse, and the other half co-located on low-latency, low-cost hardware. Establishing
this type of information may result in significant cost savings for the implementation of big data tools.

Initial Steps of Implementation Process

Putting the following three elements in place prior to big data implementation will increase the likelihood
of successful transformation.
• Assess and strategise. Evaluate the current situation and determine a suitable business strategy, possibly
with external support.
• Stakeholder involvement. Explain a clear vision and mission to stakeholders. Engaging with those who
will benefit from data insights will secure buy-in from users, and lead to a plan that is more clearly
thought-out.
Pdf_Folio:289

MODULE 4 Data Analytics, Interpretation and Visualisation 289

• Create a clear plan. Create a strategic plan that demarks the key steps and outcomes. For instance,
a two-year roadmap provides an opportunity to review progress every quarter and adapt to evolving
business needs.
In creating a plan, businesses need to take an end-to-end perspective, and consider five aspects of data:
1. ingestion — the process of obtaining and importing data for use or storage in a database
2. harmonisation — the process of combining data of different types, and from different sources, into a
single cohesive data set
3. analysis — the process of cleaning, transforming, and modelling data to discover useful decision-
making information
4. visualisation — the graphical representation of data to allow the user to quickly see patterns and trends
5. democratisation — making digital information accessible to a non-technical user of information
systems.
Considering whether the existing data framework covers all, or part, of the five aspects, businesses can
determine strengths and weaknesses before progressing with implementations. This also helps to ensure
that there is no overlap with existing systems and limits the creation of data that does not add value.

Implementation Challenges
The enterprise’s infrastructure, technology, and data management practices need to be transformed and
changed to accommodate the rapid shift in gathering data. The number of devices generating and
transmitting data such as sensors, tablets and smartphones continues to increase at a very fast pace,
and such information‐sharing options represent a tremendous challenge to enterprises that want to reap
the benefits of harnessing the data by using traditional data processing methods. Some of the challenges
in implementing big data include the following.
• The existing relational database approach does not work best when dealing with unstructured data that
needs to be processed faster at scale.
• The cost of implementing big data might be outside the budget for many enterprises, but special-
ist service providers are making big data and advanced analytics increasingly available even to
smaller businesses.
• The laws related to data privacy issues and compliance are not yet firmly established. Many enterprises
will maintain a conservative approach to big data adoption until there is clarity and confidence around
the intellectual property rights governing the data, ownership title, consequences and liability due to
data inaccuracy.
• Traditional data visualisation and analytics resources are not able to present the data and its insights in
a format so that it is simple and efficient for the users to realise value from big data.
• Existing information governance and management practices cannot cope with the new features of big
data. Adopting big data requires changes such as moving to the cloud and new security measures.
• Getting the right analytics skills and talent to manage and maintain big data and produce actionable
insights remains the biggest challenge for the enterprise. Accountants are accustomed to working with
structured data. One of the challenges for accountants is to extend their work to the use of semi-
structured and unstructured data.
• Many enterprises do not have the IT infrastructure to implement big data, which requires capital
investment. The maturity of the enterprise to deploy new technologies to support big data infrastructure
plays an important role in the success of the big data project.
• A shift to big data can only be effective if it is accompanied by a cultural shift to value and rely on
the insights analytics can provide. Transforming organisational culture can be a difficult and time-
consuming activity, but it is crucial to successful big data implementation.

SKILLS REQUIRED BY FINANCE PROFESSIONALS

As businesses adopt big data, the configuration of the finance function will change as data scientists
become part of multi-disciplinary teams. There will be an increasing demand for those with the ability to
act as interpreter between data scientist and decision-maker. Finance professionals will require the skills
to manage the complex data (both financial and non-financial) to provide insights to the wider business.
At management level, it will be important to understand what big data tools can be used for, the limitations
of the tool and the limitations of the data.

Pdf_Folio:290

290 Digital Finance

New Skills for the Digital Era
In the era of big data, the finance function can increasingly add value through greater accuracy, efficiency
and strategic insight. Recruitment will place a premium on finance professionals who are problem-solvers
and possess strong skills in quantitative analysis to support their in-depth financial knowledge.
While finance professionals won’t necessarily have to master programming, it will be useful to have
a basic understanding of the common programming languages to be able to ask pertinent questions. In
addition, working in multi-disciplinary teams means that people skills and the ability to communicate
complex ideas in simple, engaging terms (‘storytelling’) will remain important. To enable businesses
to take full advantage of this new era, recruitment strategies are attempting to address a ‘digital
knowledge gap’.
The first step in filling the digital knowledge gap is for the finance function to create an overarching
‘digital vision’ so that teams can be assembled with the ability to:
• build strong awareness and understanding of the impact of digital tech on finance
• articulate the value of digital processes and systems throughout the organisation
• develop a strong foundation of digital fluency to support transformational change
• inspire and reward curiosity about digital applications and related opportunities.
Alongside adding robust digital skills to their existing expertise, finance teams will have to become
more diverse, creative, flexible and collaborative. Finance specialists will work hand in hand with business
analysts and data scientists to interpret data, address challenges, solve problems, and identify business risks
and opportunities.

Core Skills for the Digital Future

The key data science skills for finance professionals will include data intuition and data communication,
together with an elementary understanding of statistical methods and programming.
Data intuition skills concern identifying and understanding what information is significant from the
various outputs. This skillset includes the ability to interpret and apply data to draw insights, together with
relevant subject expertise to enable critical thinking and an element of scepticism when interpreting data.
Data communication and visualisation skills are essential in supporting and making data-driven
decisions. The finance function must be able to bridge the digital divide in describing their conclusions
to technical and non-technical colleagues. Familiarity with data visualisation tools, such as Power BI and
Tableau, will be useful.
Knowledge of statistical methods (and when to use them) is a requirement for sensible data interpre-
tation. At a minimum, finance professionals should know the basics of hypothesis testing, sampling, and
the difference between descriptive and inferential statistics. Beyond a basic level of knowledge, a deeper
understanding of mathematics (e.g. linear algebra and calculus) will enable a greater appreciation of the
statistical methods used in big data and an understanding of ML concepts.
Programming tools and languages allow users to access, retrieve, query and present data. Spreadsheet
tools such as Excel and SQL are at the most basic end of the skill set, while some knowledge of
programming languages, such as Python, is becoming increasingly important.
For organisations at the early stages of digital transformation, faced with unstructured data from multiple
sources, another useful skill is data wrangling. This involves cleaning, blending, and transforming data
using tools such as Python or relational databases such as SQL.
Longer term, finance professionals may benefit from a greater knowledge of ML and other software
skills. For example, code testing, debugging, version control (Git) and languages that allow the user to
work with big data (e.g. Spark) will enable a greater contribution to team discussions, and an understanding
as to when particular tools are most applicable.

Developing Skills
Working with constantly changing topics, data sizes and data complexity forces deeper consideration of
analysis and aids development of additional skills. Within the finance function, analysts develop necessary
skills through practice, diligence, and dedication. The following approaches can help develop the skills
required to work with big data.
• Grasp unfamiliar data. Create a systematic approach to exploring the data in order to understand what
information it could reveal.
• Invest sufficient time. Speeding through the analysis will lead to mistakes and incorrect conclusions.
Allow enough time to thoroughly understand the data. Ensure the statements included in reports and
visualisations are supported by the data.
Pdf_Folio:291

MODULE 4 Data Analytics, Interpretation and Visualisation 291

 • Develop insights. An understanding of the data helps develop insights relevant to the audience — the
decision makers. Being able to educate decision makers is the difference between being a good data
analyst and a great data analyst.
• Build context through additional research. Many data sets warrant additional research to investigate
and validate findings. Set time aside for further research to support the data analysis, visualisation
and report.
• Communicate clearly. A great analysis is only valuable if it is communicated clearly and persuasively,
and enables better informed decision making. It is crucial to develop solid communication skills.
• Ask questions. Big data is an emerging field. Ask questions. The more questions asked, the more answers
provided, and the better future questions will become. The better questions become, the better the
analysis will be. Do not settle for reporting a single number; dig deeper to provide context.
.......................................................................................................................................................................................
CONSIDER THIS
What are your own digital knowledge gaps? How will you address them?

4.9 THE DATA ANALYSIS PROCESS

The data analysis process we describe here has ten steps.
1. Define the purpose.
2. Obtain the data.
3. Explore and clean the data.
4. Reduce the data dimension (if necessary).
5. Determine the analysis task.
6. Partition the data (for supervised tasks).
7. Choose the analysis techniques.
8. Use algorithms to perform the task.
9. Interpret the results.
10. Deploy the model.
Each business should adapt the process to its particular needs. Some businesses may combine steps and
others may require additional steps or a less linear approach.

STEP 1: DEFINE THE PURPOSE

How will the stakeholder use the results? Who will be affected by the results? Will the analysis be a
once-only effort or an ongoing procedure? The objective of applying analytics needs to be unambiguously
defined. Examples include customer segmentation of a mortgage portfolio; retention modelling for a post-
paid Telco subscription; or fraud detection for credit cards.
Defining the perimeter of the analytical modelling exercise requires a close collaboration between the
data scientists and business experts, including finance professionals. All parties need to agree on a set
of key concepts; these may include the definitions of a customer, transaction, churn or fraud. While this
may seem self-evident, it is a crucial success factor. Some of the most serious errors in analytics projects
result from a poor understanding of the problem.

STEP 2: OBTAIN THE DATA

Obtaining data for analysis often involves pulling together data from different databases or sources, both
internal and external to the organisation. It may also involve generating data. Part of the organisation’s data
strategy involves understanding what data the organisation needs.
The selection of data will have a deterministic impact on the analytical models that will be built in a
subsequent step so data should not be narrowly restricted at this point. The analytical model itself will
later decide which data are relevant and which are not for the task at hand. All data will then be gathered
and consolidated in a staging area such as a data warehouse or data mart. Some basic exploratory data
analysis can then be considered. The main considerations around data include data types, data sources and
data ethics.

Pdf_Folio:292

292 Digital Finance

Data Types
Big data, data science and business analytics work with structured, semi-structured and unstructured data.
Value is created when we combine existing structured data sets with unstructured or semi-structured data
from both internal and external sources to produce new insights.
The format in which data is found and stored affects the ease with which it can be analysed.
Figure 4.6, earlier in the module, presented the relationship between various types of data, the ease and
cost of acquiring them and the various formats they are likely to be in.
To briefly recap, structured data is already in an organised format and ready for analysis. Structured
data complies with a predefined data model. A data model is a model of the types of business data that
a business will record and how that data will be stored, processed, and accessed. Within that data model
the fields of data to be captured need to be defined and any conventions set around how that data will be
stored. Until relatively recently, technology was incapable of storing, let alone analysing, anything other
than structured data.
The lack of predefined structure evident in unstructured and semi-structured data make it difficult
to analyse using conventional analytics approaches. To do so may require extensive preparation and
rearranging into a structured format. Today, however, various types of AI-based analytics technologies
can work with unstructured data.

Data Sources
The next key consideration is the data source, which may be internal or external. Internal data is the data
that the business currently holds. This includes private or proprietary data that is collected and owned or
controlled by the business. In addition to the internal data an organisation already holds, the organisation
can capture data not currently captured or generate new data to meet the data needs that it identifies.
External data refers to the information that exists outside a business. External data are either public or
private. Public data are data that anyone can obtain by collecting it for free, paying a third party for it or
getting a third party to collect it. Private data would usually be sourced from another business or third-party
data supplier.

Data Ethics and Regulation

The emergence of big data and data mining has been accompanied by growing wariness about protecting
personal data and the imposition of laws and regulations restricting what an organisation can do with the
personal data it holds. This is discussed further in module 5. Some of the key issues are obtaining informed
consent, anonymising data and avoiding bias in analysis.
Informed Consent
Many organisations collecting data first present the respondent or customer with a statement outlining
what the organisation will and will not do with the data. This measure is designed to inform the respondent
and give them a choice of whether to participate. It is often a requirement of engaging with a particular
service that the respondent provide certain details and accept the organisation’s terms for how the data will
be handled.
Anonymising Data
One of the main privacy and ethical concerns is that individuals may be identified against findings in ways
that would not normally occur in classical statistical analysis. A basic principle of data privacy is to only
collect personal information (in particular, personal identifiers such as name or contact details) if necessary
and with the individual’s informed consent.
In some applications, the business intends to use data to customise a value proposition for each customer.
In such instances, maintaining the identity of the individual with the data is fundamental to creating value
from the data. In such cases, the use of the data must comply with the terms and conditions on which the
data was supplied and security of the data must of course be ensured.
If data is shared or sold, it is usually anonymised as the supplier cannot ensure that the eventual user will
comply with any conditions set when the data was collected. However, when using large data sets, or even
small data sets from a small well-defined population, anonymised data can still reveal more information
about individuals.
Given enough data points, anonymised data can be used to identify specific people or match with
other anonymised data to create the information required to allow identification. Unfortunately identifying
individuals is more likely when that person is a member of a minority group, as they will have
Pdf_Folio:293

MODULE 4 Data Analytics, Interpretation and Visualisation 293

characteristics that make them more likely to stand out from the crowd. This, in turn, creates a huge problem
if the data is misused to discriminate against minority groups.
Biased Data and Biased Analysis
A problem can arise when biased data is used to train ML and AI models. At the simplest level, data is
biased when it does not represent the variation present in the population. It is also important to recognise
that data can also be biased because of the way it was collected and coded by biased people, even when
the bias is subconscious, which may involve, for example, incorporating gender or racial stereotypes.
One of the main examples of biased data is the predominant use of white male faces to train facial
recognition software, which results in systems having lower success rates for women and non-white people.
Any system designed to help people should be designed to minimise any such bias, or the prevalence of
systematic bias will increase.

QUESTION 4.7

Explain why organisations may choose to anonymise customer data. Provide an example of a
business application where anonymising data is not viable.

STEP 3: EXPLORE AND CLEAN THE DATA

Big data can have a dramatic impact on the success of any enterprise, or it can be a low-contributing major
expense. However, success is not achieved with technology alone. Many companies are collecting and
capturing huge amounts of data but spending very little effort to ensure the veracity and value of data
captured at the transactional stage or point of origin. Emphasis in this direction will not only increase
confidence in the data sets, but also significantly reduce the efforts for analytics and enhance the quality
of decision making.
This step involves verifying that the data are in reasonable condition. It addresses issues such as
the following.
• How should missing data be handled?
• Are the values in a reasonable range, given what you would expect for each variable?
• Are there obvious outliers?
The data are reviewed graphically — for example, a matrix of scatter plots showing the relationship of
each variable with every other variable. Analysts also need to ensure or at least consider consistency in the
definitions of fields, units of measurement, time periods, and so on.
In this step, new variables are also typically created from existing ones. Data cleaning will get rid of
all inconsistencies such as missing values, outliers and duplicate data. Additional transformations may
also be considered such as binning, alphanumeric to numeric coding, geographical aggregation, as well as
deriving additional characteristics from the raw data. For example, ‘duration’ can be computed from start
and end dates.
Methods for exploring data include looking at various data aggregations and summaries, both numeri-
cally and graphically. This includes looking at each variable separately as well as looking at relationships
between variables. The purpose is to discover patterns and exceptions.
Exploration by creating charts and dashboards is called data visualisation or visual analytics. For
numerical variables, histograms and box plots are used to learn about the distribution of their values, to
detect outliers (extreme observations), and to find other information that is relevant to the analysis task.
Similarly, for categorical variables bar charts are used. Analysts can also look at scatter plots of pairs
of numerical variables to learn about possible relationships, the type of relationship, and again, to detect
outliers. Visualisation can be greatly enhanced by adding features such as colour and interactive navigation.

STEP 4: REDUCE THE DATA DIMENSION (IF NECESSARY)

Dimension reduction can involve operations such as eliminating unneeded variables, transforming vari-
ables (e.g. turning ‘money spent’ into ‘spent > $100’ vs ‘spent ≤ $100’), and creating new variables (e.g. a
variable that records whether at least one of several products was purchased). An analyst must know what
each variable means and whether it is sensible to include it in the model.
Pdf_Folio:294

294 Digital Finance

STEP 5: DETERMINE THE ANALYSIS TASK
Step 5 involves translating the general question or problem of step 1 into a more specific data
analysis question.
Analysis should always tie back to the organisational goals — for example, increasing sales volume,
reducing operating costs or improving customer satisfaction. With the business goals in mind, initial
analysis questions can be defined. The analysis task could involve classification, prediction, clustering,
and so on.

STEP 6: PARTITION THE DATA (FOR SUPERVISED TASKS)

For supervised tasks, randomly partition the data set into three parts:
• training
• validation
• test data sets.
The training partition data are used by the classification or prediction algorithm to ‘learn’ or ‘train’ about
the relationship between the predictor variables and the outcome variable.
During this process, the model ‘learns’ the logic for making the prediction or classification. For example,
a classification model that seeks to identify customers who are likely to respond to a promotion must be
trained by analysing the characteristics of many customers who have either responded or not responded to
a past promotion.
The validation set is used to evaluate each trained model’s performance. The model with the best
validation set performance would be chosen as the model.
A third partition can be used for testing the model. Applying the final model to test data helps to
determine whether the model is generalisable to other data and it provides an unbiased evaluation of the
final model fit on the training data set. This helps to avoid overfitting which can happen when the logic
of the model fits the training data too well but has little predictive power when applied to other data that
is collected in the future.

STEP 7: CHOOSE THE ANALYSIS TECHNIQUES

There are numerous analysis techniques, ranging from conventional statistical methods to advanced
AI-driven methods. When selecting an analytical model, it is important to understand how the use of
the model affects its specification, and the strengths and weaknesses of the main types of analysis. Model
testing and evaluation is particularly important when modern analytical approaches, such as ML and AI,
are used as they often take a ‘black-box’ approach where the model’s inner working is not predetermined
and may be unclear.
In section 4.11, we provide an overview of various advanced analytics concepts and techniques. In
practice, it is important to understand what these techniques and tools can do so it becomes possible to
collaborate with data scientists who will actually build the models based on the organisation’s needs.
It is also important to develop an appreciation of the relative merits of different techniques in order to
be able to interpret their outputs.

STEP 8: USE ALGORITHMS TO PERFORM THE TASK

Algorithms are developed and programmed by engineers, computer scientists and mathematicians. What
makes these algorithms efficient is the data they manipulate and, for some, the results that they remember
(linked to the objective to be reached), which renders them self-learning and thus creates a form of AI.
Using algorithms is typically an iterative process that tries multiple variants of the algorithm and/or using
the same algorithm with different variables or settings. Where appropriate, feedback from the algorithm’s
performance on validation data is used to refine the settings.

STEP 9: INTERPRET THE RESULTS

Success also depends on avoiding invalid assumptions. This can be done by testing the assumptions during
analysis and applying human expertise and judgement to assess whether assumptions and findings are
reasonable. Data are worthless if the organisation cannot analyse, interpret, understand and apply the
results in context.
Pdf_Folio:295

MODULE 4 Data Analytics, Interpretation and Visualisation 295

 Interpreting the results involves making a choice as to the best model to deploy and, where possible,
testing the final choice on the test data to get an idea as to how well it will perform. (Each algorithm
may also be tested on the validation data for tuning purposes; in this way the validation data become a
part of the fitting process and are likely to underestimate the error in the deployment of the model that is
finally chosen.)
Before adopting an analytical model and making operational decisions based on the obtained clusters,
rules, patterns, relations, or predictions, the model needs to be thoroughly evaluated. Depending on the
exact type of output, the setting or business environment, and the particular use characteristics, different
aspects may need to be assessed during evaluation to ensure the model is acceptable for implementation. It
is important to note that this evaluation process actually continues throughout the life of the analytical
model. The business’s needs, the external environment and what the data represents all continually change,
so it is not appropriate to think an analytical model is ever ‘finished’.
A basic purpose of building a model is to represent relationships among variables in such a way that
this representation will do a good job of predicting future outcome values based on future predictor values.
The model should do a good job of describing existing data, but of greater interest is its performance with
future data.

Testing and Evaluating Models

The more variables included in a model, the greater the risk of overfitting the initial data used for modelling.
Overfitting produces a mathematical model which fits the existing data very well but performs very poorly
when used to predict other values.
We can add predictors to a model to sharpen its performance with the data at hand. Consider a database
of 100 individuals, 50 of whom have contributed to a charitable cause. Information about income, family
size, and postcode might do a fair job of predicting whether someone is a contributor. Adding additional
predictors can improve the performance of the model with the data at hand and reduce the misclassification
error to a negligible level. However, this low error rate is misleading because it probably includes spurious
effects that are specific to the 100 individuals but are not relevant beyond that sample.
For example, one of the variables might be height. There is no basis in theory to suppose that tall people
might contribute more or less to charity, but if there are several tall people in the sample and they just
happened to contribute heavily to charity, the model might include a term for height — the taller a person
is, the more they will contribute. Of course, when the model is applied to additional data, it is unlikely this
will turn out to be a good predictor.
If the data set is not much larger than the number of predictor variables, it is very likely that a spurious
relationship like this will creep into the model. Continuing with the charity example, with a small sample
just a few of whom are tall, whatever the contribution level of tall people may be, the algorithm is tempted
to attribute it to their being tall. If the data set is very large relative to the number of predictors, this is less
likely to occur. In such a case, each predictor must help predict the outcome for a large number of cases,
so the job it does is much less dependent on just a few cases that might be flukes.
Somewhat surprisingly, even if we know for a fact that a more complex curve is the appropriate model, if
the model-fitting data set is not large enough, a less complex function is likely to perform better. Overfitting
can also result from estimating many different models, from which the best performing model is selected.

Caveats and Other Principles

Several other issues around data mining and predictive analytics should be considered including
the following.
• Symmetry. Incorporating symmetry into models reduces both over-fitting and complexity. Additionally,
when symmetry is incorporated into the model, it requires less training data and takes less time and
resources to train.
• Occam’s razor. Occam’s razor refers to seeking the simplest explanation for the data available. By
seeking models with fewer variables, a better model may be discovered.
• No free lunch theorem. No one model works best for every problem. It is common in ML to try multiple
models and find one that works best for a particular problem.
• Ensembles. Averaging scores from a mix of models can improve accuracy.

Pdf_Folio:296

296 Digital Finance

 QUESTION 4.8

Explain why overfitting data leads to poor predictive performance from a statistical model.

STEP 10: DEPLOY THE MODEL

The deployment step involves integrating the model into operational systems and running it on real records
to produce decisions or actions. For example, the model might be applied to a purchased list of possible
customers, and the action might be ‘include in the mailing if the predicted amount of purchase is > $10’.
A key step here is ‘scoring’ the new records or using the chosen model to predict the target value for each
new record.
.......................................................................................................................................................................................
CONSIDER THIS
How do you see your role in your organisation’s analytics initiatives? Would you be an initiator of a project or program,
or have input to the initiatives of others?

4.10 RISK, WARNINGS AND CHALLENGES IN

DATA ANALYTICS
The field of business analytics is growing rapidly, both in terms of the breadth of applications and in the
number of organisations using advanced analytics. It is important to realistically assess value against costs.
Successful use of analytics and other statistical approaches requires both an understanding of the
business context where value is to be captured and an understanding of exactly what the methods do.
A lot can go wrong in data analytics. Specific issues that deserve attention are data quality, outliers,
missing values, data normalisation, rare event models and risk associated with environmental changes.

DATA QUALITY
The quality of a supervised learning model depends on the accuracy of the classifications used in the raw
data. In some cases, the value of the target variable is known because it is an inherent component of the
data. Web logs will show whether a person clicked on a link or didn’t click. Bank records will show whether
a loan was paid on time or not. However, in other cases, the value of the known target must be supplied by
a human labelling process to accumulate enough data to train a model.
Email must be labelled as spam or legitimate, documents in legal discovery must be labelled as relevant
or irrelevant. In either case, the data mining algorithm can be led astray if classifications have been
inconsistently applied.

OUTLIERS
The greater the volume of data, the greater the chance of encountering erroneous values resulting from
measurement error, data-entry error, or the like. If the erroneous value is in the same range as the rest of
the data, it may be harmless. If it is well outside the range of the rest of the data (e.g. a misplaced decimal),
it may have a substantial effect on some data mining procedures.
The term ‘far away’ is deliberately left vague because what is or is not called an outlier is basically
an arbitrary decision. Analysts use rules of thumb such as ‘anything over three standard deviations away
from the mean is an outlier’, but no statistical rule can determine whether such an outlier is the result of
an error. In this sense, an outlier is not necessarily an invalid data point, it is just a distant one.
The purpose of identifying outliers is usually to call attention to values that need further review.
Examining the data may reveal an explanation for the outlier data. In the case of a misplaced decimal,
this is likely. Alternatively, there might be no obvious explanation but the value is clearly wrong; or the
value may be within the realm of possibility and should be left alone. All these are judgements best made by
someone with domain knowledge, that is, knowledge of the issue being considered. Statistical procedures
can do little beyond identifying the record as something that needs review.

Pdf_Folio:297

MODULE 4 Data Analytics, Interpretation and Visualisation 297

 If manual review is feasible, some outliers may be identified and corrected. In any case, if the number
of records with outliers is very small, they might be removed and treated as missing data. How is data
inspected for outliers? One technique in Excel is to sort the records by the first column, then review the
data for very large or very small values in that column. Then repeat for each successive column. Another
option is to examine the minimum and maximum values of each column using Excel’s min and max
functions. For a more automated approach that considers each record as a unit, clustering techniques could
be used to identify clusters of one or a few records that are distant from others. Those records could then
be examined.

MISSING VALUES
Typically, some records will contain missing values. If the number of records with missing values is small,
those records might be omitted. However, if there is a large number of variables even a small proportion
of missing values can affect a lot of records. Even with only 30 variables, if only 5 per cent of the values
are missing (spread randomly and independently among cases and variables), almost 80 per cent of the
records would have to be omitted from the analysis, assuming all the variables are used in the model. (The
chance that a given record would escape having a missing value is 0.9530 = 0.215.)
An alternative to omitting records with missing values is to replace the missing value with an imputed
value, based on the other values for that variable across all records. For example, if among 30 variables,
household income is missing for a particular record, one option is to substitute the mean household income
across all records. Doing so does not, of course, add any information about how household income affects
the outcome variable. It merely allows the analysis to proceed without losing the information contained in
this record for the other 29 variables.
Some data sets contain variables that have a very large number of missing values. In other words, a
measurement is missing for a large number of records. In that case, dropping records with missing values
will lead to a large loss of data. Imputing the missing values might also be useless, as the imputations are
based on a small number of existing records. An alternative is to examine the importance of the predictor. If
it is not very crucial, it can be dropped. If it is important, perhaps a proxy variable with fewer missing values
can be used instead. When such a predictor is deemed central, the best solution is to invest in obtaining
the missing data from another source.
Significant time may be required to deal with missing data, as not all situations are susceptible to
automated solutions. In a messy data set, for example, a ‘0’ might mean two things: (1) the value is missing,
or (2) the value is actually zero. In the credit industry, a ‘0’ in the ‘past due’ variable might mean a customer
who is fully paid up, or a customer with no credit history at all — two very different situations. Human
judgement may be required for individual cases or to determine a special rule to deal with the situation.

NORMALISING (STANDARDISING) AND RESCALING DATA

Some algorithms require that the data be normalised before the algorithm can be implemented effectively.
To normalise a variable, we subtract the mean from each value and then divide by the standard deviation.
This operation is also sometimes called standardising (Shmueli et al. 2020).
Normalising is one way to bring all variables to the same scale. Another popular approach is rescaling
each variable to a 0 to 1 scale. This is done by subtracting the minimum value and then dividing by the
range. Subtracting the minimum shifts the variable origin to zero. Dividing by the range shrinks or expands
the data to the range 0 to 1 (Shmueli et al. 2020).

OVERSAMPLING RARE EVENTS IN CLASSIFICATION TASKS

If an event to be classified is rare, such as customers purchasing a product in response to a mailing,
or fraudulent credit card transactions, sampling a random subset of records may yield so few events
that little information on them is obtained. There would be lots of data on non-purchasers and non-
fraudulent transactions but little on which to base a model that distinguishes purchasers from non-
purchasers or fraudulent from non-fraudulent. In such cases, a sampling procedure to overweight the rare
class (purchasers or frauds) relative to the majority class (non-purchasers, non-frauds) would be used so
that the sample would end up with a usable complement of purchasers or frauds (Shmueli et al. 2020).

Pdf_Folio:298

298 Digital Finance

Costs of Misclassification
More important than assuring an adequate number of responder or ‘success’ cases to train the model is the
costs of misclassification. Whenever the response rate is extremely low, the analyst is likely to attach more
importance to identifying a responder than to identifying a non-responder. In direct-response advertising,
there may be only one or two responders for every hundred records — the value of finding such a customer
far outweighs the costs of reaching him or her. In trying to identify fraudulent transactions, or customers
unlikely to repay debt, the costs of failing to find the fraud or the non-paying customer are likely to exceed
the cost of a more detailed review of a legitimate transaction or customer (Shmueli et al. 2020).

Failure to Locate Responders

If the costs of failing to locate responders are comparable to the costs of misidentifying responders as
non-responders, models would usually achieve highest overall accuracy if they identified everyone (or
almost everyone, if it is easy to identify a few responders without catching many non-responders) as a
non-responder. In such a case, the misclassification rate is very low — equal to the rate of responders —
but the model is of no value (Shmueli et al. 2020).
More generally, the model should be trained with asymmetric costs in mind so that the algorithm will
catch the more valuable responders, probably at the cost of ‘catching’ and misclassifying more non-
responders as responders than would be the case if equal costs were assumed (Shmueli et al. 2020).

RISK ASSOCIATED WITH ENVIRONMENTAL CHANGES

The natural environment is changing, influenced by both human impacts and natural ecological processes.
Big data and analytics work hand-in-hand to help organisations understand and manage their effects on the
natural environment. For example, big data may offer an insight into an organisation’s carbon footprint,
while analytics can monitor the environment and climate change risks.
The capacity to collect and analyse big data is also transforming research in the natural and social
sciences. The risks of climate change are complex; however, the careful analysis and application of clear,
verifiable, timely and comparable data could revolutionise how organisations manage such risks.
Businesses can now access a growing number of analytics and tools to determine how their operations
may be affected by climate risks, such as extreme weather events. Such events can lead to financial and
economic losses for businesses, consumers and governments.
By integrating climate risk into their overall risk management models, businesses are better equipped
to plan for disasters and adapt their operations to the changing climate.

4.11 APPLYING AI TO ANALYTICS: BENEFITS, RISKS

AND EXAMPLES
As described in module 3, AI encompasses multiple areas including ML, natural language processing
(NLP) and deep learning. ML has many applications in finance. In particular, ML can:
• analyse big data sets that would be inefficient, difficult or impossible to analyse using conventional
analytics
• generate predictive and prescriptive analytics with self-learning algorithms for predictions and
forecasting.
This generates a range of benefits, including:
• reducing operational costs by automating processes
• improving compliance and security
• reducing the need for manual data wrangling
• automating or supporting decision making in portfolio management and trading.
Applying AI to analytics also carries some risks, such as creating a biased output that could affect
decision making or inaccurate predictions that could result in financial loss.
This section will provide an overview of how AI, ML and data analytics are related, describe the benefits
and risks of applying AI to analytics and present a range of use cases.

Pdf_Folio:299

MODULE 4 Data Analytics, Interpretation and Visualisation 299

BENEFITS
In this section, we describe various benefits of applying AI to analytics.

Data Wrangling
Data wrangling is the process of putting data and data sets into a useable format, ensuring that missing,
inconsistent or anomalous values are detected and rectified to prevent corruption of the analytics results.
Research has shown that data wrangling can take up to 80 per cent of a data analyst’s time.
ML techniques can potentially be applied to data wrangling to:
• automate tasks such as detecting and removing outliers that skew the results
• remove duplicate records
• standardise value formats
• validate the accuracy of data
• generate new data from the existing clean data.

Analysing Unstructured Data

Information in unstructured formats, such as free text, video, images and audio, make up a vast amount
of big data sources, for example, from online media and communications channels. These formats are
challenging to analyse using traditional analytics tools that are designed for structured data.
AI techniques such as NLP can extract data from these media formats and wrangle it into a format that
allows processing with analytics tools.
These AI techniques can also be applied to semi-structured data, for example, emails, invoices
and reports, providing the opportunity for this information to be extracted and ingested into analytics
processes.

Finding Unknown Patterns

Unsupervised ML allows the discovery of patterns, trends, collections and correlations in the data that
otherwise would not have been seen by an analyst.
Clustering can be used to identify features of the data, such as types of financial ratios, that can identify
companies that have similar operating characteristics. This may be useful for detecting financial statement
fraud, comparing firms’ operating performance, assessing credit risk or predicting takeovers.
Ding et al. (n.d.) found that clustering techniques outperformed traditional, non-AI classification
schemes for grouping similar companies. Financial ratios they found to be useful for categorisation
included:
• profit/total assets
• long term debt/book equity
• capitalisation ratio
• sales/invested capital.

Real-Time Monitoring
Due to the volume and velocity of big data, analytic techniques such as business dashboards are used to
create KPIs and metrics that provide an overview of performance. These dashboards lack granular detail
that might be important to detect and alert on significant events.
Using AI, continuous, real-time monitoring of events can occur. For example, there may be a pricing
glitch for a short time that causes a product in an online store to be sold for $5 instead of $500. If
word quickly spread online and a short spike in sales occurred, this may be missed by a sales dashboard
showing summarised metrics for the store over the period of a day. AI can quickly detect and highlight
anomalous events such as these and alert stakeholders in a timely manner.

Automating Action
AI can automate actions based on the results of analytic processes. This could include generating
notifications or a report that highlights key insights to assist human decision making.

Natural Language Analytics

Natural language analytics leverages NLP to allow users to conduct queries in intuitive language. The
system then returns results in natural language that is easy for the team member to understand. This makes
analytics more accessible, as users without specialist knowledge can conduct queries.
Pdf_Folio:300

300 Digital Finance

 For example, Australian financial services company Suncorp reports that its implementation of natural
language analytics has encouraged more usage of insights from data by its business units. One particular
benefit has been to improve the efficiency of claims processing by using queries to quickly identify claims
that have been closed but are still being worked on (Crozier 2019).
Example 4.15 describes how NLP can be used to obtain information from a bank’s customer
service data.

EXAMPLE 4.15

Applying NLP to Extract Insights from Customer Complaints

The Business Problem
A financial institution’s success ultimately relies on creating value for its customers. It therefore needs
information on issues such as customer engagement, delinquency risk, staff performance or skills gaps.
The Data
There are numerous potential internal sources of relevant data, including data extracted from customer
service calls, customer transaction history or website activity to identify trends and insights and create
a more detailed understanding of customer behaviour. This can then be used to create new services,
improve service quality or undertake targeted marketing.
The Existing Solution
Historically, the customer service team would process customer call transcripts using keyword filtering,
followed by manual review and validation. This process was used to derive insights on sales practice
issues from the 500 000-plus customer complaints the institution received annually.
The Challenge
The existing analysis process was time-consuming and required a large team. How could the effectiveness
and efficiency of the bank’s customer complaints analytics be improved?
The Improved Solution
An AI-driven approach was introduced.
• NLP techniques were used to transcribe recorded customer calls.
• AI was used to pre-process the transcriptions to prepare them for analysis.
• Further NLP techniques were used to identify elements of a call indicative of sales practice issues.
• Those elements were used to develop ML models to predict sales practice risks.
The Outcome
The application of AI to the customer complaints analytics process:
• captured more than 90 per cent of sales practice issues
• enabled faster responses to potential regulatory matters
• false positives were reduced by more than 30 per cent
• the need for manual reviews was reduced by more than 80 per cent (Keipper 2019).

RISKS
The use of ML to automate and optimise analytics processes carries various risks that must be considered
when evaluating the suitability of the solution for any particular business problem.
The key risk is the generation of inaccurate or biased predictions that may cause financial loss or
reputation damage to an organisation. Issues around data quality and model transparency tend to be the
underlying causes of these risks.

Poor Data Quality

AI techniques depend on high-quality data. The more data that is used to train the algorithms, the better
their performance. The assumption is that the data is of high quality. If this is not the case, because of
inaccuracies or bias in the data, then the results will reflect these flaws.
Avoiding this issue requires the data set to be unbiased and representative of the population. AI-driven
data wrangling is a useful way to identify and manage data quality issues.

Pdf_Folio:301

MODULE 4 Data Analytics, Interpretation and Visualisation 301

A Lack of Algorithmic Transparency
The details of the inner workings of analytics tools based on ML or deep learning can be described as a
‘black box’, because the process and ‘rationale’ for their outputs is invisible, even to the developers and
data scientists that created them.
Hidden workings of the AI-derived model mean that any biases introduced by the data are unclear and
the rationale for the output cannot be examined and validated. This creates the risk that biased or flawed
data may produce analytics results that will lead to incorrect or unfair decisions.
Where AI-based analytics are used for decision-making in areas that affect individual or group
opportunity, such as credit scoring, the provision of services, or hiring for employment, transparency is
important to ensure public trust in the system. In addition, data ethics and some regulations, such as the
European Union General Data Protection Regulation, require transparency when decisions are made based
on personal data using automated data analytics.
This concept can be described as a ‘right to explanation’. It provides individuals with the right to demand
information that explains how decisions by algorithms are made when they involve their personal data.
This includes recommendation systems that predict users’ interests and recommend product items, credit
scoring, insurance risk or targeted advertising.
Approaches to transparent AI are the focus of ongoing development. One approach involves feeding
pieces of information into the model one at a time and assessing the output, thus, enabling us to understand
each step in the AI algorithm.
Another approach uses a second ML process to analyse and report on what factors have influenced the
model’s output.

QUESTION 4.9

Assess the pros and cons of black-box artificial intelligence and machine learning models.

MACHINE LEARNING
Module 3 introduced basic ML concepts and we have touched on some more of these concepts and
applications earlier in this module. In essence, the ML process involves employing algorithms to
automatically identify patterns in data, then refining the algorithms with more and more data to improve
their accuracy. ML algorithms used in data analytics include:
• supervised learning
• unsupervised learning
• semi-supervised learning.
Supervised learning can be thought of as finding known patterns in unknown data. We must have data
that has been ‘labelled’. The labelled data are examples, where the desired answer or outcome of interest
(e.g. purchase or no purchase) is attached to the input data. This labelling is considered the supervision.
The labels have been derived from human recognition. Training data are the data from which the
classification or prediction algorithm ‘learns’, or is ‘trained’, about the relationship between predictor
variables and the outcome variable.
Once the algorithm has learned from the training data, it is then applied to another sample of data (the
validation data) where the outcome is known, to see how well it does in comparison to other models. If
many different models are being tested, it is prudent to save a third sample, which also includes known
outcomes (the test data) to use with the model finally selected to predict how well it will do. The model
can then be used to classify or predict the outcome of interest in new cases where the outcome is unknown.
Supervised learning is conceptualised in figure 4.11.
In predictive analytics, the aim is to build an analytical model predicting a target measure of interest
(Hastie, Tibshirani & Friedman 2011). The target is then typically used to steer the learning process during
an optimisation procedure. Two types of predictive analytics can be distinguished.
• Regression. In linear regression, the target variable is continuous, Common examples are predicting
customer lifetime value, sales, stock prices, or loss given default.
• Classification. In classification, the target is categorical. Common examples are predicting churn,
response, fraud and credit default.
Pdf_Folio:302

302 Digital Finance

 Simple linear regression is an example of a supervised learning model. The y variable is the (known)
outcome variable and the x variable is a predictor variable. A regression line is drawn to minimise the
deviations between the actual y values and the values predicted by this line. The regression line can now
be used to predict y values for new values of x for which the y value is unknown.
Semi-supervised learning uses a large data set that has some labelled data but consists mainly of
unlabelled data. The labelled data is used to partially train the algorithm, then some of the unlabelled
data is fed to the partially trained model and the predicted output is used to label its own input. This self-
labelled data is called pseudo-labelled. It is combined with the human-labelled data to increase the amount
of labelled training data. The combined data is used to re-train the algorithm. This technique is useful
because labelled data can be costly to acquire. For example, a human has to spend time tagging the data
with the correct answer and this is time-consuming for a large data set. A risk of this technique is that
if predictions by the model are inaccurate, they may corrupt the data when re-training occurs using the
incorrect pseudo-labels.

FIGURE 4.11 Supervised learning

Model
learning data

Algorithm Verification
Data learning
outcome

Output
Source: CPA Australia 2021.

Unsupervised learning can be thought of as finding unknown patterns in known data. It does not use
labelled data. It attempts to find unknown structure or patterns in the data on its own. The process can look
for similarities or anomalies in the data. This approach is useful for finding features in the data that can be
used to perform categorisation of new data. Unsupervised learning holds perhaps the greatest promise for
AI. Unlike supervised learning, the unsupervised learning algorithm has no information about the data it
needs to process. It proceeds by grouping together (clustering) and gathering similar information. This is
a very effective technique when the analyst has no (or little) idea of what is contained in the information
(contrary to supervised learning, where the analyst has an idea of the expected result), which can reveal
something that would not naturally come to mind.
Supervised, unsupervised and semi-supervised learning approaches are used by several ML techniques.
Supervised and unsupervised methods are sometimes used in conjunction. For example, unsupervised
clustering methods are used to separate loan applicants into several risk-level groups. Then supervised
algorithms are applied separately to each risk-level group for predicting loan default propensity.
We will discuss supervised and unsupervised ML techniques in the following sections. We will also
cover two useful algorithms of ML: decision trees and support vector machines (SVMs).

Supervised Learning Techniques

Two supervised learning techniques are:
• classification
• regression.
Classification is the process of determining what category or class a particular data item should be
labelled. It is a frequently used ML algorithm that employs a supervised learning approach. The output of
classification is a variable that is of the categorical (nominal or ordinal) data type.
For example, in money lending predictive analytics, classification algorithms can assist a lender to
decide whether a loan application should be approved or not.
Pdf_Folio:303

MODULE 4 Data Analytics, Interpretation and Visualisation 303

 The algorithm might examine data provided in the application (e.g. age, income, occupation, current
debt) and other data sources (e.g. social media or credit history) that can be linked to the applicant, against
the same historical data for other customers. The historical data would contain information about whether
each customer ultimately defaulted on the loan or not. The group or category that is output from the process
may identify the application as ‘high risk’ or ‘low risk’.
The output can be used in the decision-making process for loan approvals.
Regression is another predictive modelling technique that uses a supervised learning approach. The
output of regression is a numerical (quantitative) variable versus the output of classification, which is a
categorical output variable.
Regression identifies what variables have an impact on a particular phenomenon or outcome of interest.
It allows us to determine what factors are important, which ones we can ignore and how the factors
influence each other.
Once a regression model has been developed, it can be used for predicting or forecasting the behaviour
of dependent variables against changes in independent variables.
Figure 4.12 depicts classification and regression supervised learning techniques.

FIGURE 4.12 Classification and regression

Classification Regression

Source: CPA Australia 2021.

Unsupervised Learning Techniques

In descriptive analytics, the aim is to describe patterns of customer behaviour. Contrary to predictive
analytics, there is no real target variable (e.g. churn, response or fraud indicator) available. Descriptive
analytics is often referred to as unsupervised learning, since there is no target variable to steer the learning
process.
Some unsupervised learning techniques are:
• clustering
• association rule mining
• collaborative filtering.
Clustering is an unsupervised learning technique that is used for automatic identification of natural
groupings of items in a data set. It is the task of grouping a set of items so that the items in a given
group (cluster) are more similar to each other in some way, than to items in another cluster. Simply stated,
it is segregating the data into groups with similar features. Clustering applications in business include
identifying natural groupings of customers or outliers in transactions to detect fraud. Some of the metrics
used to determine clusters include the density or distance between items in the data space or statistical
distributions.
Association rule mining is a popular ML technique used in business. It finds interesting relationships
between variables (items or events), for example, frequently occurring patterns in data sets. It employs
unsupervised learning.
The process derives rules from the data, for example, a data set of sales transactions. The rule derived
might be: If a customer purchases a mobile phone and protective case, they are also likely to purchase a
screen protector. In data-mining terms, the phone and protective case are called a ‘basket’. These baskets
relate to a single session at a point in time. This knowledge can be used to put certain items on sale, place
them in a strategic location within the store’s aisles, or in the case of an e-commerce website, show product
recommendations to the customer.
Pdf_Folio:304

304 Digital Finance

 Applications of association rule mining in business include:
• cross-marketing (customers who bought X also bought Y)
• store design
• catalogue design
• e-commerce site design
• optimisation of online advertising
• product pricing
• sales promotion design.
Figure 4.13 depicts association rule mining.

FIGURE 4.13 Association rule mining

Basket 1

Basket 2

Basket 3

Basket 4

People who buy apples also tend to buy bananas.

Source: CPA Australia 2021.

Collaborative filtering is an unsupervised learning technique used in recommendation systems, which

aim to predict users’ interests and recommend items that would appeal to them.
There are two common approaches to this technique.
• The first approach is based around properties of an item. If a user likes an item in a catalogue, the
algorithm analyses properties of that item and finds items with similar properties. These similar items
may be advertised to the user, as they are likely to be of interest to them.
• The second approach involves similarities in preferences between users. If a user likes a set of items, the
algorithm finds other users that like a similar set of items. By looking at items that other similar users
like, that the target user doesn’t already like, recommendations can be made to the targeted user.
Most websites use collaborative filtering as a part of their sophisticated recommendation systems. These
well-known websites produce high-quality recommendations:
• Amazon (products)
• YouTube (videos)
• Netflix (TV shows or movies).
The similarity between items or users needs to be measured in order to make comparisons.
These ‘distances’ relating to similarity are calculated using various algorithms. Collaborative filtering
is similar to association rule mining. The differences lie in the scope of comparisons between items.
Figure 4.14 depicts collaborative filtering.
Association rule mining compares items in a single session that are commonly seen together. For
example, shoppers for an e-commerce store might usually purchase a phone, charger and protective case
together in their shopping basket for one order.
Collaborative filtering can make comparisons across multiple sessions. If shoppers did not purchase
phones, chargers and protective cases together in one session, but they did on separate occasions,
collaborative filtering would identify this, whereas association rule mining would not.

Pdf_Folio:305

MODULE 4 Data Analytics, Interpretation and Visualisation 305

 FIGURE 4.14 Collaborative filtering

User-based collaborative filtering

User 1 User 2 User 3

Solid lines represent items

explicitly liked by users.
This item will be
recommended to
user 1, based on
their similar taste
to user 2 and 3.
Source: CPA Australia 2021.

Dimensionality Reduction for ML

Dimensionality reduction is concerned with reducing the number of input features in a data set.
A dimension is a feature of the data set. Features are columns or variables that describe an item in
the data set.
For example, in a data set representing bank customers, dimensions could include:
• age
• country of residence
• account balance
• time since account opened
• name
• email address
• phone number.
When a high number of dimensions are present in a data set, the complexity of ML algorithms
increases, requiring higher computing power. This can reduce the efficiency and speed of the process.
Dimensionality reduction is a general field of study concerned with reducing the number of input features.
Data sets typically contain many redundant or irrelevant features that can be ignored while still
preserving relevant information. In the example of bank customers, the email address and phone number
may not have any influence when analysing what factors affect customer savings habits.
For this reason, it is desirable to reduce the number of dimensions, with dimensionality reduction
algorithms used to achieve this goal. Several ML algorithms exist to implement each of the techniques
that have been previously described.

Two Useful ML Algorithms

We will discuss two algorithm types that are frequently used: decision trees and support vector machines.
Decision Trees
Decision trees can be used for both supervised and unsupervised learning tasks. Decision trees are non-
linear and used for categorical or discrete values (target variables from ML classification techniques),
whereas regression trees are used for continuous data (target variables from ML regression techniques).
Both linear regression and regression trees produce numeric output. However, regression trees are more
suitable where the regression model is non-linear.
The technique employs a ‘divide and conquer’ method, by recursively dividing a training set until each
division consists of examples from one class.
The basic approach is as shown in figure 4.15.
Support Vector Machines
Support vector machine (SVM) is a type of algorithm used in ML for both classification and regression
(supervised learning approaches). They are most commonly used for classification.
The data points in a data set can be visualised and plotted in n-dimensional space (where n is one or
more dimensions). A plane is fitted through this space so that it divides the data points into classes, which
lie on either side of the plane. This plane is called a hyperplane. The data points that define the plane, and
Pdf_Folio:306

306 Digital Finance

the margin between themselves and the plane are called support vectors. The goal of the algorithm is to
find a hyperplane that achieves the largest possible margins between the support vectors (see figure 4.16).
If the data points cannot be cleanly divided by a hyperplane, another dimension needs to be added. The
dimension must be one that allows a hyperplane to be fitted to cleanly separate the data points.
Example 4.16 examines the application of ML to credit scoring in the absence of a credit history.
A more complex example will then be presented in the next section.

FIGURE 4.15 Simplified ML loan approval decision tree

Income

> $40k < $12k

$12k–40k

Credit Credit High

history history risk
rating rating

Good Bad Unknown Good Unknown

Bad

Low Medium Low Medium High Debt

risk risk risk risk risk Level

Low High

Medium High
risk risk

Source: CPA Australia 2021.

FIGURE 4.16 Support vector machine

Class 2
Support
vector

Support
vector

Maximum margin

Class 1

Source: CPA Australia 2021.

Pdf_Folio:307

MODULE 4 Data Analytics, Interpretation and Visualisation 307

 EXAMPLE 4.16

Credit Scoring and Loan Default Prediction

The Problem
Credit scoring is the systematic process of evaluating the risk of an applicant defaulting on a financial
obligation. The applicants are typically classed as either high or low risk of default. This may be expressed
as a quantitative score, which can be compared to a defined threshold. This comparison can inform a
decision about whether the credit is approved or not. The financial institution seeks to manage the risk of
its loan portfolio to maximise returns. This can be improved by increasing the accuracy of the outputs of
credit scoring and loan default prediction processes. It of course wants to offer loans to people who will
not default and avoid lending money to people who will.
The Data
The data used in credit scoring is a mix of internal data the institution already holds (for existing
customers), data provided by the customer as part of the application and external data (e.g. from other
financial institutions, credit rating agencies). Relevant data includes age, property ownership status,
occupation, income, stability of employment, number of dependants, assets, debts and, in particular,
credit history.
The Existing Solution
Data analytics have been applied to this process for years. The data described above are fed into
conventional statistical models to generate a credit score and predict the likelihood of default. Loans
officers then bring a degree of judgement to the decision (once the threshold credit score has been
exceeded).
The Challenge
Existing analytics processes depend heavily on the applicant’s credit history as this tends to be a clear
indicator of the risk of default. However, there are potential loan customers who do not have a credit history
but are otherwise good candidates to repay a loan with an acceptable level of risk. Without a credit history,
they do not have access to loans, and they are potentially a lost business opportunity for the institution.
The institution will be able to improve revenues if it can successfully predict default risk without needing
a credit history as part of the data.
The Improved Solution
The general approach to ML in credit scoring relies on classification algorithms to examine data provided
in the application and other data sources that can be linked to the applicant, against the same historical
data for other customers. The historical data would contain information about whether each customer
ultimately defaulted on the loan or not. The group or category that is output from the process may identify
the application as ‘high risk’, ‘medium risk’ or ‘low risk’ and that output is then factored into the loan
approval decision.
In studying historical data, ML can determine the relative influence of a very wide range of data points
on the risk of loan default (Kennedy 2013) and thus produce an accurate outcome in the absence of credit
history data. It would in essence replace the ‘Credit history rating’ step in an approval decision with a
range of other data points.
Building such a model, particularly one that gathers unstructured data from external sources, would
involve extensive development and the benefits and costs would need to be assessed to determine
whether it would produce a net benefit. Alternatively, the capability could be acquired or accessed from
a specialist service provider.
For example, US FinTech Zest Finance specialises in AI-driven solutions for credit scoring and
underwriting for financial institutions around the world. Its ZAML solution can integrate a lender’s
existing data including customer support and payment histories (Hurley & Adebayo 2017) and then use
ML and NLP to access and evaluate thousands of other data points that its ML has found to be relevant
to creditworthiness. Some of the more unconventional predictors include whether an applicant types their
name in upper case or lower case, how fast they scroll through the terms and conditions, or whether they
have a pre-paid or post-paid phone. In the absence of conventional credit history data, these alternative
data points can be used to create an accurate picture of individual behaviour and, ultimately, the risk for
a lender (Carney 2013).

.......................................................................................................................................................................................
CONSIDER THIS
Can you think of applications for ML analytics that would provide valuable information to you that you cannot
currently obtain?

Pdf_Folio:308

308 Digital Finance

4.12 CASE STUDY: DETECTING
MONEY LAUNDERING
Compliance is a complex business problem that all financial institutions face. Compliance refers to the
activities and outcomes involved in following laws, regulations and business rules. A key compliance
obligation for financial institutions is to monitor and report money-laundering activities and high-risk
customers. This obligation arises from legislation that has been introduced in many jurisdictions to combat
organised crime and terrorism.
Complying with anti-money laundering laws thus constitutes a complex business problem and the
solution to the problem clearly will be based on analysis of the institution’s customer and transaction data.
As such, anti-money laundering compliance needs will inform the organisation’s data strategy, including
what data needs to be collected, how to ensure that data is high quality and how it can be analysed to
provide the information required.
Example 4.17 examines how some financial institutions have chosen, developed and implemented
technologies to monitor and analyse their data to identify high-risk customers and suspicious transactions.

EXAMPLE 4.17

ML in Detecting Money Laundering

Money laundering is the process of disguising or converting the proceeds of illegal activity into funds that
appear to come from a legitimate source. The source of illegal proceeds has traditionally been organised
crime activity, such as drug trafficking, bribery and corruption, or tax evasion. Recently the definition and
scope have been extended to include terrorism financing.
There are three conventional phases of money laundering.
1. Placement. The transfer of illicit funds into the banking system. This often involves an intermediate
step to legitimise the source of the funds. For example, illegal proceeds are used to buy an asset, such
as a car, which is then sold. The proceeds of the sale of the car are then deposited into the account,
appearing to be from a legitimate source.
2. Layering. Further steps to disguise the illicit source of the funds within the banking system. This can
include moving the money through a number of accounts, often involving several companies in different
jurisdictions. This is designed to complicate the trail of transactions, making tracing their source more
difficult.
3. Integration. Returning the money to the launderer for their use.
The monitoring undertaken by financial institutions is targeted at financial activity in all three of the
money laundering phases (placement, layering and integration).
The Current Solution
Common approaches to identifying high-risk customers include examining an individual customer’s data
such as their occupation, salary and the banking products they use. Often this information is only collected
and analysed when a customer first opens an account. The bank does not update these aspects of the
customer’s records over time and so they do not capture changes. Unsurprisingly, analytics to detect high-
risk customers often fail to identify high-risk customers and also often produce false positives (identifying
customers as high risk when they are not).
These shortcomings result in the need to manually review many cases, which is costly in terms
of investigation time and represents a waste of resources — the cost of investigating false-positive
alerts relating to suspicious transactions for financial institutions can be billions of dollars per year
(St. Jeor 2019).
The Improved Solution
To address the challenges, both the regulatory bodies and the financial institutions themselves are
developing best practices for analytics applications in money laundering detection. This includes the use
of data science and ML algorithms to improve the accuracy and thereby the effectiveness and efficiency
of the process.
For example, central banks in Latin America have pushed financial institutions to adopt best practice
to improve the effectiveness of their money laundering detection activities.
Accessing the capabilities and resources to successfully develop and implement AI-enabled analytics
is, however, a significant obstacle for these financial institutions. In response, Dr Miguel Agustín Villalobos
and Dr Eliud Silva of Mexico’s Anahuac University developed a solution that could be integrated with
relative ease into the existing IT systems and money laundering detection approaches of the region’s

Pdf_Folio:309

MODULE 4 Data Analytics, Interpretation and Visualisation 309

 medium-sized banks. The solution involves a predictive model using ML techniques and is intended to
complement the banks’ existing rule-based systems.
The increasing ability of small and medium institutions to adopt AI solutions and ML is changing the
world of fraud detection. Below, we discuss the techniques used to build these predictive models and
implement more effective systems at these financial institutions.
Classify Customer Risk Level
The initial aspect of money laundering detection is to classify customers into different risk levels.
AI and ML processes use customer file data, transaction data and existing anti-money laundering
(AML) system data.
A number of algorithms were evaluated for classification. The most accurate achieved 98.41 per cent
accuracy when using the test data set to predict customer risk based on static factors (Villalobos &
Silva 2017).
The exact static factors were not published in the research, to avoid disclosing operational methods
(the ‘red flags’ that indicate a high-risk customer) to potential money launderers. Other publications have
provided some idea though, of some of the factors used. For example, the customer category (retail,
corporate, government, non-profit), country of domicile or residence, source of wealth, main industry that
income is derived from and length of the customer’s relationship with the financial institution have all been
cited as having an influence in risk ratings (Dasgupta 2020). Figure 4.17 represents the use static factors
to predict customer risk levels.

FIGURE 4.17 Static factors to predict customer risk levels

Customer risk rating

Customer category

Very high

Country of domicile
High

Machine Medium
Main source of wealth
learning
classification

Low

Industry

Very low

Years as customer

Source: CPA Australia 2021.

Decision Tree Analysis

We described earlier that conventional analytics for detection of money laundering and high-risk cus-
tomers achieved a relatively low success rate. ML-enabled analytics provide a direct way to more
successfully identify high-risk customers, but they also help indirectly by providing information that can
be used to improve manual processes.
Recall that a decision tree is a flow-chart-like structure. Each internal (non-leaf) node of the tree specifies
a test on an attribute of the data. Each branch represents the outcome of a test. The decision trees
generated by ML systems are transparent — we can see the splits and rules that are generated by the
algorithm. Taking advantage of this, the rules generated by the decision tree were used to update the
institutions’ manual business rules for categorising customers as high risk. The transparent results of

Pdf_Folio:310

310 Digital Finance

 the decision tree also show the relative importance of the predictive factors used. This ranking was then
also taken into account for the manual business rules.
Figure 4.18 shows the ranking of (undisclosed) static factors used by Villalobos and Silva to predict
customer risk for money laundering.

FIGURE 4.18 Importance of predictors

Ranking of undisclosed static factors used to predict customer risk

0 0.05 0.1 0.15 0.2 0.25 0.3

Factor 1

Factor 2

Factor 3

Factor 4

Factor 5

Factor 6

Factor 7

Factor 8

Source: CPA Australia 2021.

Classify Suspicious Transactions

The second aspect of money laundering detection is to detect suspicious transactions for investigation
after they occur.
To achieve this, descriptive analytics are conducted on customers’ transaction data to create a profile
of all historic transactions for a customer, or a profile of their monthly transactions. The analytics include:
the mean, median, standard deviation, quartiles, maximum and minimum transaction values.
The historical transaction data set already had transactions labelled with those that had been flagged
for investigation. With labelled data, a supervised learning approach was taken, dividing the data set in
half, to use as training and test data.
Because suspicious transactions made up a very small (0.4 per cent) proportion of all historical
transactions, the training data required ‘balancing’ (Villalobos & Silva 2017).
This issue presents itself when dealing with any classification problems that involve detecting anomalies
in large data sets.
Most ML algorithms assume the data set is balanced between the different classes. When they are
trained with data sets that are heavily weighted towards one particular class, the algorithm can become
biased in terms of its accuracy at classifying the majority class at the expense of accuracy for the
minority class.
For example, if the data set was composed of 99 per cent non-fraud cases and 1 per cent fraudulent
cases, and the accuracy of the ML model was 98 per cent, this could mean that the 2 per cent of
incorrectly classified cases included all of the fraudulent cases. It classifies 0 per cent of the fraudulent
cases correctly even though the overall accuracy of the predictions was 98 per cent. An even more extreme
case is if the algorithm simply and blindly classifies all samples as non-fraudulent. The algorithm will still
have 99 per cent accuracy.
To mitigate this issue, there are a number of techniques that can balance the data before it is used for
training the algorithm. Two approaches include oversampling and undersampling of the data classes.

Use Oversampling and Undersampling to Create Balanced Data sets

The proportion of data samples belonging to the minority class can be increased or ‘boosted’ by
oversampling. Oversampling involves randomly duplicating the samples in the minority class to increase
their proportion relative to the majority.
The proportion of data samples belonging to the majority class can be reduced by undersampling.
Undersampling involves randomly selecting only a subset of the samples in the majority class for inclusion,
so that less of them are included and the majority class shrinks in number.
Figure 4.19 illustrates the effects of oversampling and undersampling.

Pdf_Folio:311

MODULE 4 Data Analytics, Interpretation and Visualisation 311

 FIGURE 4.19 Oversampling and undersampling

Oversampling

Grow

Undersampling

Shrink

Source: CPA Australia 2021.

Villalobos and Silva (2017) tested both oversampling and undersampling when training the classification
algorithms during their research.
Choosing the Best Algorithm
Each ML method — for example, regression, support vector machines, decision trees — has its strengths
and weaknesses. Not all methods perform equally for a specific problem. The approach that has been
found to be the most successful is comparing methods for a given problem to select a suitable one
(Kovalerchuk & Vityaev 2005). Villalobos and Silva (2017) used the above approach, trying several different
ML algorithms and comparing the results.
Table 4.14 shows the results of the different ML algorithms used to classify suspicious transactions.

TABLE 4.14 Results of different ML algorithms

Results of different ML algorithms

(Oversampling) (Undersampling)
% correct (Oversampling) % correct (Undersampling)
classification AUC classification AUC

CHAID 87.20% 0.981 90.27% 0.982

CHRT 90.03% 0.956 87.59% 0.900

C5.0 99.72% 0.991 96.74% 0.991

Neural network 88.70% 0.992 20.93% 0.547

SVM 89.80% 0.666 22.33% 0.552

Source: CPA Australia 2021.

Pdf_Folio:312

312 Digital Finance

 The CHAID, CART and C5.0 algorithms all produce decision trees.
Two metrics labelled ‘AUC’ and ‘% Correct Classification’ were used to assess the performance of each
ML algorithm on the training data. The metric known as Area under the ROC Curve (AUC) measures how
well the algorithm classifies both true positives and true negatives. Additionally, the metric Percent Correct
Classification conveys the accuracy of the algorithm, or how many of the samples from the total data set
were classified correctly. As mentioned earlier, accuracy does not necessarily convey whether there is a
bias towards true positives at the expense of true negatives, which is captured by AUC.
The C5.0 classification tree algorithm (in bold) was assessed to have the best performance of the ML
algorithms, in terms of accuracy and balancing true positives and true negatives (AUC). The chosen ML
solution achieved a 99.6 per cent correct classification rate (accuracy) on the test data.
Outcome
Using traditional monitoring and suspicious transaction rules, 30 per cent of transactions were alerted
for investigation. Only 0.4 per cent of these transactions were actually reported as suspicious after
investigation.
The use of ML led to a reduction in the number of alerted transactions from 30 per cent to around
0.35 per cent (Villalobos & Silva 2017). This resulted in a reduction in investigation time and improved
resource efficiency for financial institutions, while preserving their ability to comply with anti-money
laundering regulations.

QUESTION 4.10

How could detecting fraudulent transactions be improved by combining digital technologies with
human judgement?

SUMMARY
The value of data arises from the actions the business takes based on its analysis. Analytics brings together
data from diverse, but relevant sources, and analyses it to generate insights that decision-makers can use
to solve business problems and achieve the business’s objectives.
Accounting and finance professionals need to develop sufficient skills in big data, analytics and data
mining to enable them to work with data scientists to plan and implement analytics technologies and
models that will produce valuable information for the organisation. They also need to be able to assess the
quality of data to be used in analytics and understand how the data and the techniques used may influence
the output. Data interpretation, discussed in the next part, must always been done with knowledge of the
context in which the analysis was performed.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

4.1 Evaluate the effectiveness of integrating big data and data analytics to create efficiencies and
valuable insights in solving complex business problems.
• The economics of data is based on the idea that value can be extracted through analytics.
• Companies that are able to use big data astutely are able to derive better insights, improve decision-
making, and potentially gain a significant competitive advantage.
• The enterprise needs to conduct the cost–benefit analysis of collecting and analysing data.
Ultimately, the value of big data arises from the actions the business takes based on its analysis.
4.2 Appraise the impact of big data and data analytics on the work of accounting and finance
professionals to determine the organisation’s resource needs.
• As businesses adopt big data, there will be increasing demand for professionals who can act as
interpreter between data scientist and decision maker.
• Finance professionals will require the skills to manage the complex data (both financial and non-
financial) to provide insights to the wider business.

Pdf_Folio:313

MODULE 4 Data Analytics, Interpretation and Visualisation 313

 4.5 Recommend innovative digital tools as an effective solution to complex business data issues.
• Awareness of ML analytics methods and technologies and their common applications in business
enables the professional to identify when such tools could be valuable solutions and communicate
the benefits to stakeholders.
4.6 Analyse data analytics results to assess the ongoing suitability of models used and improve
business plans and processes.
• The adoption of new analytics technologies and methods may require the organisation to recon-
sider the model it uses for data collection and management, particularly if big data, including
unstructured data, is to be used.
• Ongoing monitoring and testing of analytics outputs is necessary to ensure the models being used
in analytical techniques remain valid and optimal.

Pdf_Folio:314

314 Digital Finance

PART D: DATA INTERPRETATION
INTRODUCTION
Analysis and interpretation tasks within the overall analytics process often work together. As outputs are
generated, their meaning is interpreted and their value in answering the business’s information needs is
assessed. This feeds back to further analysis, whether through a different statistical technique, a modified
model, new datapoints or refinement of some other aspects of the approach.
Earlier in the module, we have examined how analytics can benefit the work of accounting and finance
professionals, and how they need to be involved in the evaluation of potential analytics technologies and
in the formulation and implementation of the organisation’s data strategy. In this part of the module, we
focus on the analytical and decision-making skills that accounting and finance professionals bring to the
analytics process.
We look at how the outputs of the analytics process are transformed into actionable insights that can be
presented to decision makers as recommendations that will help achieve efficiencies and solve complex
business problems. This involves understanding what analytics outputs actually mean in terms of achieving
the business’s objectives.
This aspect of data interpretation therefore creates the information necessary to make sound, data-
informed decisions.
We will first describe data literacy skills relevant to data interpretation, such as understanding basic
statistics, charts, and correlation versus causation. We will then examine issues and skills that influence
decision making, including the importance of domain-specific knowledge, the awareness and avoidance of
cognitive bias, and the role of personal experience. Data literacy skills and decision-making skills must be
combined and applied to efficiently and effectively transform data analysis results into actionable insights
and, in turn, solutions to complex business problems.

4.13 DATA INTERPRETATION: INTRODUCTION

AND CONSIDERATIONS
Interpreting data analytics results is the cognitive process of assigning meaning to what is seen in the
analyses. This can include identifying the presence or absence of patterns, trends or anomalies; and
assessing the significance of, or drawing conclusions from, those things in order to make predictions or
develop recommendations related to business objectives.
The cognitive process requires combining domain knowledge and personal experience with data literacy
skills, to synthesise new knowledge that can be used to inform decisions.
This section describes data literacy skills related to interpreting analytics results.

EXTRACTING KNOWLEDGE FROM DATA

The data analytics process involves transforming raw data into actionable insights that can be used to
inform decisions. Interpreting data analyses is a part of that process. The transformation process for data
can be understood using the theoretical concept of the DIKW pyramid.

The DIKW Pyramid

Section 4.1 explored how data in its raw state has little value and thus requires refinement or processing to
provide that value. A conceptual model that encompasses the concept of raw data and its transformation
into a refined product is the DIKW pyramid (Fricke 2018). The model presents a hierarchical relationship
between data, information, knowledge and wisdom.
• Data. Discrete, objective facts and observations, or descriptions of things, events, activities or transac-
tions. It is unprocessed and unorganised. Due to the lack of context, data does not convey any meaning
and possesses low value.
• Information. Data that has been processed for a purpose, giving it meaning and thus making it useful.
It facilitates human understanding. Information is data with added context.
• Knowledge. The synthesis of information in the human mind, combined with accumulated skills, opinion
and experience. It provides an individual with the capability to take effective action.
Pdf_Folio:315

MODULE 4 Data Analytics, Interpretation and Visualisation 315

• Wisdom. The ability to act, enabled by accumulated knowledge and an understanding of how to apply
concepts from one domain to a new problem or situation (Fricke 2018; Rowley 2007).
The relationships between the components are structural and functional. The DIKW pyramid is shown
in figure 4.20.

FIGURE 4.20 The DIKW pyramid

Wisdom

Knowledge

Information

Data

Source: CPA Australia 2021.

The DIKW pyramid provides us with a conceptual model to show how data must be processed and
synthesised with existing knowledge to provide real value to decision makers.
Conceptually, analytics can be viewed as the means to transform data to information, and arguably
transforming the information most of the way to knowledge in the model of the DIKW pyramid.
Interpretation is what happens for us to arrive at knowledge. It is the synthesis of facts and ideas in the
human mind to form new ideas.

DOMAIN KNOWLEDGE
Domain knowledge is theoretical and practical knowledge that is specific to a business field, industry,
or discipline. It may be contrasted with general knowledge that can be applied to different domains. An
example would be a software developer (general knowledge) who has experience in the banking sector
and expertise in developing electronic payment systems infrastructure (domain knowledge).
It would seem desirable, or even crucial, for data scientists to possess domain-specific knowledge in
order to create useful and accurate analytics to address complex business problems. Although having
individuals with both data science and business domain expertise is the ideal, academics and practitioners
have accepted this is challenging and unrealistic to expect.
Data scientists typically do not have the domain knowledge, or a tendency to appreciate the business
problems they are expected to solve. Often it is easier for someone with existing domain knowledge and
expertise to develop their data literacy to a high enough level that they can act as a ‘data translator’ between
data scientists and decision makers. This role is important at all stages of the analytics process, including
the interpretation of data analytics results. It is the application of the domain-specific knowledge of the
analysts and decision-makers who consume the results that creates and leverages the insights.
.......................................................................................................................................................................................
CONSIDER THIS
Assume your organisation plans to invest in more analytics capabilities to help solve the complex business problems
it faces. Think of some specific business problems that would require your domain knowledge and thus your
involvement in designing and interpreting the analytics approach. What problems might arise if you (or others with
your domain knowledge) are not involved?
Do you have sufficient data literacy skills to collaborate effectively with data scientists? Identify the skills you need
to develop further.

QUESTION 4.11

Assess the potential implications of separating management of data from those who use the data.

Pdf_Folio:316

316 Digital Finance

QUANTITATIVE AND QUALITATIVE ANALYSIS
Quantitative analysis describes the use of mathematical and statistical techniques to analyse numerical
data. Quantitative analysis will usually occur through definition of the problem, collection and processing
of data, the analysis and then interpretation of the outputs. Accounting and finance professionals are likely
to be involved in most stages for analyses relevant to their work, but the analysis stage itself for complex
analysis or big data analysis will likely involve data scientists.
Qualitative analysis relies on critical thinking and the subjective interpretation of data. It is required
when unstructured, qualitative data is collected and needs to be analysed manually to determine complex
information, such as the motivations or reasoning by individuals for certain behaviour. The type of raw
data that is analysed using qualitative analysis includes interview responses or transcripts, video and
audio recordings, reports, documents or other free text. Qualitative analysis is used primarily in academic
research in areas such as health or social sciences and sometimes in market research. Qualitative analysis
is often exploratory and can help inform the design of follow-up quantitative analyses. The three general
steps involved in qualitative analysis are as follows.
1. Coding. The process of identifying themes and concepts within the unstructured data and assigning
symbols to represent these ideas. For example, research in relation to market entry strategy, using data
that consisted of numerous case studies, could code the different strategies using the keywords such as
licensing, franchising, joint venture, partnering, exporting. Coding can be aided by technology such as
NLP to reduce some of the manual work in the process.
2. Analysis. The use of critical thinking and subjective interpretation of data. For example, the researcher
may look for common themes or patterns that might be found in frequent related words and phrases,
associate these with certain emotions, or compare the findings to existing theories or previous research.
3. Summarising. Outlining a conclusion based on evaluation of the results against the original hypotheses
or research goals.

DATA VISUALISATION
Data visualisation plays two key roles in analytics:
• it aids interpretation of the data and analytics outputs during and after the analysis process
• it aids communication of findings and recommendations during the reporting process.
Below, we will briefly outline the role of visualisation in data interpretation. Its use in reporting will be
described in the final part of this module.
In addition to statistical results, such as probability values, analytical techniques often use data
visualisation to assist exploring the data during the analysis process. Charts, such as histograms, probability
distributions, boxplots, scatterplots, and decision trees, are some of the visualisations that are typically
produced by analytics tools.
An understanding of the different types of data visualisations is a key component of data literacy, as it
relates to the abilities to read and analyse data. Some of the simple, but useful, visualisation approaches to
aid interpretation include visualisations to show the following.
• Magnitude comparison. Comparing the size or other measures of data, of items within a data set
or between different data sets. The differences might be relative or absolute. The data points are a
snapshot, a picture at a moment in time or of an aggregation of time, such as over a year. Special
cases of comparison include deviation (the amount of variation from a fixed reference point), part-to-
whole composition relationships, or distributions (where there are areas of greater compared to lower
magnitude).
• Change over time. Presenting trends or how measurements of the data vary over a defined time period,
the differences can be relative or absolute.
• Correlation. Showing relationships or an association between different variables, data points or
data sets.

OVERCOMING COGNITIVE BIAS

Bias is defined as an inclination or prejudice for or against someone or something. Cognitive bias is
when prejudice influences our decisions or thinking. It prevents us from making clear, objective judgement
and can result in poor decision making. In the context of data interpretation and decision making, this
cognitive bias could result in some of the following outcomes:
• selecting certain data for analysis or to support a position but ignoring other relevant data
• being pressured into a certain decision by executives or peers
• following previous experience that is not relevant to the current situation.
Pdf_Folio:317

MODULE 4 Data Analytics, Interpretation and Visualisation 317

 Figure 4.21 describes common types of cognitive bias.

FIGURE 4.21 Common types of cognitive bias

Confirmation Bias
A tendency to seek out information that confirms the beliefs you already have and ignore the information
that contradicts those beliefs
Example
An investor hears a rumour that a company is about to declare bankruptcy and considers selling their
shares. They tend to believe news that supports this and ignore news that contradicts it.
Anchoring
A tendency to stick to a psychological benchmark, which could be the first value, figure, solution, theory
or argument that comes to mind
Example
A seller of a property frames all price negotiations against the psychological benchmark of their purchase
price for the property.
Herd Behaviour
A tendency to follow the actions of a larger group (those actions could be rational or irrational) even though
most would not make the same choice individually
Example
Although analysis indicates an asset is above its intrinsic value, a trader buys into a speculative bubble
through fear of missing out on quick gains.
Optimism Bias
A tendency to overestimate the likelihood of positive events, thinking that you are at a lower risk of a
negative event than others
Example
Due to the positive outlook of the national economy, a business expands its operations into another state
despite analysis indicating significant financial risk.
Extrapolation Bias
A tendency to assume that recent experience or trends will continue into the future based on simplistic
analysis, although many variables are involved
Example
A company that grew its earnings by 6 per cent per year over four years projected their growth based on
these numbers far into the future, but the effect of other variables made this forecast inaccurate.
Availability Bias
A tendency to rely on the most recent or easy to recall information because it is readily available, rather
than collecting new data
Example
There was a market crash during the middle of a year, causing lingering negative memories of the event
on a massive scale. Even though the market recovered, and the annual return was still 12 per cent for that
year, a few years later the perception was that the market was flat or down in that year. This was due to
availability bias of more recent negative news than positive news.
Source: CPA Australia 2021.

Strategies to Overcome Cognitive Bias

Realistically, cognitive bias occurs unconsciously and affects many of the decisions we make in our
everyday lives. Therefore, cognitive bias is something that is necessary to recognise and avoid in data
interpretation and decision-making. Some strategies for overcoming cognitive bias are as follows.
• Awareness. We cannot completely eliminate cognitive bias from our thinking. Being aware of cognitive
bias when we make important decisions can help limit its impact.
• Collaboration. Working with or consulting others provides an external viewpoint or sanity check, as it
is easier to see bias in others than it is within ourselves.
• Alternative viewpoints. Creating processes that force participants to view the situation through someone
else’s eyes or test alternative hypotheses. This encourages seeking out opposing information or viewing
the existing evidence from a different angle. Role-playing or conducting ‘war games’ can provide this
opportunity.
Pdf_Folio:318

318 Digital Finance

 By managing bias, we can achieve better outcomes when interpreting data and making decisions. During
analysis, we can see the data more clearly. This creates more opportunity for discovery and allows us to gain
deeper insights through all the available data. In decision making, we can then leverage the full potential
of the data to make clear and objective choices.
To illustrate this, a study conducted by US management consulting firm McKinsey & Company showed
organisations that implemented strategies to counter the effect of bias in their decision-making, achieved
an ROI that was 6.9 per cent better than the lowest quartile performers (McKinsey 2010).
Managing cognitive bias can help us to make clear, objective decisions. It is important to recognise bias
during data interpretation and decision-making processes.

CORRELATION
Correlation is the degree of relationship between two variables. A positive correlation exists when the
value of one variable moves in a particular direction and the value of the other variable moves in the same
direction. A negative correlation exists when the value of one variable moves in a particular direction and
the value of the other variable moves in the opposite direction.
The strength of correlation is measured by a value known as the correlation coefficient, r. This is also
known as Pearson’s correlation coefficient.
The correlation coefficient r has the following range:
• r = 1.0 indicates a perfect positive correlation between two variables
• r = –1.0 indicates a perfect negative correlation between two variables
• r = 0 indicates that no correlation exists between the variables, either positive or negative.
The correlation is said to be high or strong where r is closer to its extremes at plus or minus one. The
correlation is said to be low or weak if r is closer or equal to zero. Figure 4.22 plots data sets that exhibit
a variety of correlations.

FIGURE 4.22 Scatterplots, demonstrating correlations

Perfect High Low Low High Perfect

positive positive positive No negative negative negative
correlation correlation correlation correlation correlation correlation correlation

1 0.9 0.5 0 –0.5 –0.9 –1

Source: CPA Australia 2021.

Figure 4.23 describes how to calculate the correlation coefficient, r, for the variables x and y.

FIGURE 4.23 Calculating the correlation coefficient

1. Find the mean of x and the mean of y.

2. Subtract the mean of x from every x value (call that new set of values ‘a’). Subtract the mean of y from
every y value (call that new set of values ‘b’).
3. For each value (data point) calculate three new sets of data, consisting of:

a × b (call it ‘ab’)
a squared (call it ‘a2’)
b squared (call it ‘b2’)

4. Sum up ab, sum up a2 and sum up b2.

5. Divide the sum of ab by the square root of ((sum of a2) × (sum of b2)) to give the correlation
coefficient.
Source: CPA Australia 2021.

Pdf_Folio:319

MODULE 4 Data Analytics, Interpretation and Visualisation 319

 In practice, spreadsheet software such as Microsoft Excel would be used to calculate the correlation
coefficient. Example 4.18 applies this to determine the strength of correlation between professional
experience and income for a particular profession.

EXAMPLE 4.18

Spreadsheet Correlation Function

Figure 4.24 presents a worksheet with the x and y variables in columns A and B, respectively. (For
demonstration purposes, a, b, ab, a2 and b2, which would be used to calculate the correlation coefficient
using the manual process shown in figure 4.23 are also shown.) The function used to produce the
correlation coefficient is shown in cell A22 and the output is shown in cell A23.

FIGURE 4.24 Professional experience and income correlation using a spreadsheet

Source: CPA Australia 2021.

The calculated correlation value is 0.916 rounded to three decimal places. Our result of r = 0.916
demonstrates a high positive correlation between professional experience and income for this particular
data set. This is also evident from the shape of the scatterplot of the data shown in figure 4.25.

Pdf_Folio:320

320 Digital Finance

 FIGURE 4.25 Scatterplot of professional experience and income data

140 000

120 000

100 000
Income ($)

80 000

60 000

40 000

20 000

0
0 2 4 6 8 10 12 14
Experience (years)
Source: CPA Australia 2021.

CAUSATION
Causation is a cause-and-effect relationship between two variables. One variable is causing changes in
another. A correlation between two variables does not necessarily mean that a change in one is causing
the change in the other; there may be no causation relationship between them.
An example is shown in figure 4.26, examining the relationship between ice cream sales and shark
attacks in a fictional seaside region. Although there appears to be a high correlation between the two
variables, is it plausible that ice cream sales cause shark attacks?

FIGURE 4.26 Shark attacks and ice cream sales

30

25

20

15 Shark attacks
Ice cream sales

10

0
Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May
Source: CPA Australia 2021.

Pdf_Folio:321

MODULE 4 Data Analytics, Interpretation and Visualisation 321

 It is crucial to understand the difference between correlation and causation.
• Correlation exists when a relationship exists between two variables.
• Causation exists when a relationship exists between two variables and one variable causes an effect in
the other.
When there is a correlation between two variables, but no causation exists, there is said to be a spurious
association between the two. Spurious association can lead to flawed business or investment decisions.
.......................................................................................................................................................................................
CONSIDER THIS
A US analytics company, Prattle, used AI predictive analytics on stock market data and data from transcripts of
conversations between executives and analysts that had been obtained from NLP. The AI algorithm found a correlation
between share price performance and executives that said ‘please’, ‘thank you’ and ‘you’re welcome’ more often
during conversations after earnings were released (Wigglesworth 2018). Would you expect this to be causation? How
could you know for sure?

Proving Causation
Proving causation can be a time-consuming, complicated and expensive process involving a great deal
of research and experimentation, so an evaluation should be made as to whether proving causation is
important or not.
It might be significant if the causal relationship is integral to decision-making. But, with big data
predictive analytics and ML, it may be the case that all an organisation is interested in is the fact that
a correlation exists and they can predict an outcome (they may not have any interest in ‘why’ that
outcome occurs).
An instance where it might not be important to prove causation could be in a home insurance predictive
model, where a correlation between the average rainfall in a city and the average claim per dwelling per
year exists. Just knowing the correlation exists allows the company to predict risk, even if causality cannot
be proven.
An example where it might be important to prove causation could be an online retailer’s coupon discount
percentage correlating with sales volumes for a product range. Decision-makers would likely want to know
if there were other variables that led to the sales volume patterns in order to develop promotional strategies.
Numerous patterns exist that explain causal relationships between variables. The relationship between
causes and effects can vary in complexity. Figure 4.27 summarises patterns of causation that are commonly
used in business analytics.
A causal relationship may be non-existent. As with proving the existence of a causal relationship,
proving the non-existence of a causal relationship with 100 per cent certainty is logically impossible,
as there could always be numerous unknown or hidden confounding factors.
Proving causation involves isolating the causal relationships or factors through conducting experiments
and asserting that the results meet certain criteria.
Various approaches that can be used to assess the existence of causal relationships between variables
are described below.
Random Experiments
Random experiments, or randomised controlled trials, are often difficult to conduct and do not occur often
outside academic research. They rely on the researcher’s ability to control (randomise) the independent
variable or treatment, which is often not possible in business where variables can involve financial markets,
consumer behaviour and other complex, external factors.
Random experiments involve assigning a test subject randomly to either a treatment group (affected by
the hypothesised causal factor) or a control group (not affected by the hypothesised causal factor).
Where treatments can be controlled by the researcher, such as presenting different options or features
to visitors for an online e-commerce store, A/B testing can be used.
A/B Testing
In A/B testing, each experiment subject is randomly assigned to one of the variant groups to compare
which is more effective. Although it is called A/B testing, more than two variants can be used.
For example, a company may want to test a new design for the landing page of its website. It could do so
by conducting an A/B test. A website visitor may be randomly assigned to group A (the existing landing
page) or group B (the new landing page). The experiment could be conducted to determine whether the
new design results in more clicks (higher click-through rate) on the ‘contact us now’ button.
Pdf_Folio:322

322 Digital Finance

 FIGURE 4.27 Common patterns of causation

Direct causation Reverse causation

(A causes B) (B causes A)

A B A B

Reciprocal/cyclic causation Confounders

(A causes B, which in turn causes A (C causes A and C causes B, where A
in a positive feedback cycle.) and B are independent of each other.)

A B
A B

Mediators
(A causes M, which then causes B.)

A M B

Source: CPA Australia 2021.

Observational Studies
When it is not possible to control the independent variable or randomly assign subjects to treatment groups,
an observational study can be conducted. In an observational study, the subjects are only observed
passively. There is no interference or attempt to influence outcomes by the researcher. The aim of the
study is to measure variables of interest and identify patterns or relationships between them.
For example, in research to study a correlation between a certain set of professional qualifications and
income, it would not be possible to randomly assign subjects or control the qualifications, so observational
study techniques would have to be used.
Because there are numerous characteristics or possible confounding variables that, like the main
variables of interest, are not controllable, they must be accounted for in the study. To try and isolate these
potential confounding variables, two common methods exist: matching and multiple regression.
Matching involves selecting subjects with similar characteristics other than the independent variable.
In the qualifications versus income example, the study might match pairs of subjects with the same gender,
residential location, occupation, ethnicity, years of professional experience and so on.
Of each pair selected, one would have the professional qualification and the other would not. This,
however, relies on selecting appropriate characteristics to match and it is not realistic to account for all
possibilities.
Multiple regression is used to account for the effect of confounding variables on the dependent variable
of interest. The effect of confounders must be modelled and taken into account in the outcome.
In the example, we could model how years of professional experience affects income and account for
the effect on each subject. This would be done in a similar manner for the other characteristics.

Pdf_Folio:323

MODULE 4 Data Analytics, Interpretation and Visualisation 323

Criteria for Assessing Causal Relationships
Based on the results of experiments or observational studies, a researcher may assert that a causal
relationship exists between variables. Various frameworks are used for assessing the strength of the
evidence. The Bradford Hill Criteria, developed by English epidemiologist and statistician Sir Austin
Bradford Hill, is one of the most common frameworks for inferring a causal relationship between two
variables. There are nine criteria in the original framework, but only six are relevant to business analytics.
These six criteria can be applied to the hypothesis that the independent variable A causes changes in
variable B.
1. Strength of association. The stronger the correlation between A and B the greater likelihood that the
relationship is causal.
2. Consistency. The findings should be reproducible by different researchers at different times, in different
places using different samples. If this is possible, it increases the likelihood of causation.
3. Specificity. If there are no other likely explanations for the effects on B, other than the hypothesised
causal factor A, the greater the likelihood of a causal relationship.
4. Temporality. The effect, B, must come after the cause, A, with respect to time, which may often involve
a time delay.
5. Gradient. Higher exposure of B to A, should lead to a higher effect on B. There may be cases where B
only needs a limited exposure to A or even an inverse exposure relationship, where more exposure to A
leads to less of an effect on B.
6. Plausibility. The mechanism of causation should build upon or be consistent with current knowledge.
In summary, proving causation is complex and time-consuming. It involves isolating the causal
relationships or factors by conducting experiments or observational studies, and evaluating the results
against certain criteria. It is not possible to determine causal relationships with 100 per cent certainty.
Realistically, it requires obtaining enough evidence to support the likelihood that a relationship exists.

QUESTION 4.12

Differentiate causation and correlation. Which can be demonstrated visually through a scatterplot?

COMMON MISTAKES IN DATA INTERPRETATION

Data interpretation requires strong data literacy, often combined with appropriate domain knowledge. Even
then, there are some commonly made mistakes, including the following.
• Not cleaning the data prior to analysis. Source data that is inaccurate, incomplete, or has duplicates will
result in misleading outputs. If during the interpretation stage, outputs appear to not make sense or in
some other way prompt doubt, it is worthwhile checking and ensuring that appropriate data preparation
was performed to eliminate data quality issues as a cause of the outputs observed.
• Not separating interaction effects. Interaction effects arise when multiple variables influence an
outcome. To understand the effect of any one variable it is necessary to separate out the effects of each
variable. For example, sales time series data is combined of three elements: (a) long term trend, which
is decided by the product life cycle; (b) seasonal factors; and (c) short and irregular movement, which
may arise from marketing campaigns or policy changes. To observe and understand the long-term trend,
it is necessary to remove the impact of the short and irregular movements and smooth the impact of the
seasonal factors.
• Unequal comparison. Comparisons of one entity with another must be made on the same grounds. Often
financial data is evaluated by comparison of one company with another. These two companies should
be in the same industry, have similar asset size, and apply the same accounting standards; otherwise
techniques such as common size ratio or other measures must be used to make the comparison valid.
• Relying on summary data. Summary data can hide or misrepresent details present in the more
comprehensive analysis. For example, financial statements show a summary of business performance
and financial position. Let’s say the total sales amount in a financial statement has increased compared
to last year. This may be interpreted as good performance, but if we drill down into the detail, we may
find that the increased sales were mostly of products with low profit margins, while the sales from high
profit margin products actually decreased. This would be a poor result.
Pdf_Folio:324

324 Digital Finance

• Creating data overload. A failure to present a concise and focused report can create data overload
for decision makers. There are endless ratios, metrics and visualisations — a report, presentation or
dashboard that includes too much data or too many issues can confuse or distract a decision maker.
They may then fail to successfully engage with the purpose of the report.

4.14 DATA-INFORMED DECISION MAKING

Section 4.1 introduced the concept of data-informed decision making and noted that businesses that
prioritise data-informed decision making outperform companies that rely more often on intuition or ‘gut
feel’ to make decisions. The use of a data-informed decision-making framework within an organisation
therefore may be seen to create a competitive advantage.
This section provides an overview of the strengths, limitations and risks of data and analytics in the
context of decision making. The use of a data-informed decision-making framework to mitigate some of
the risks and facilitate quality decision making is also described. The knowledge gained from this section
will help you to think critically when interpreting and evaluating analytics reports and the processes that
generated them. In turn, that evaluation enables insights and recommendations to be developed or might
prompt a need to undertake more work in the data or analysis phases.

DATA-INFORMED DECISION-MAKING FRAMEWORKS

The vast quantity of data that is now available to an organisation can create a state of ‘information
overload’, which can paralyse decision-making and action. Access to more data does not necessarily result
in better decision making (Bumblauskas et al. 2016). It follows from these insights that an organisation
requires a framework to facilitate data-informed decision making in a timely and efficient manner, without
overwhelming the decision makers through ‘analysis paralysis’.
Data-informed decision-making frameworks help ensure the process is directed and efficient. They do
so through:
• problem definition and framing
• decision-making methodologies
• using evaluation and feedback to drive an iterative or cyclic approach to the entire process.
Numerous data-informed decision-making frameworks exist. For example, figure 4.28 presents one
such framework.

FIGURE 4.28 A decision-making framework

Evaluate explanatory
ry
dec nicate anato

Act upon the decision

and evaluate the
As k a s ues
the
l

bu

outcome.
ke
exp

As ess q
sin

xp ecific on.
n.
Co icate

isio

lan
p
u

ato
mm
un

ry
mm

ti
Co
Int make

ta. -qu ct
and

ty
exp ret t deci

y
rel dent plan lect
De ato

da ood olle
an a ator

ali
erp
lan he re sion
cid ry ults

c
ex Col

t, g nd
e

ev ify
a

Analyse
s

explanatory
I

Conduct an analysis
.

of the data to answer

the question.

Source: CPA Australia 2021.

Pdf_Folio:325

MODULE 4 Data Analytics, Interpretation and Visualisation 325

 Another example is the observe-orient-decide-act (OODA) loop, illustrated in figure 4.29.

FIGURE 4.29 The OODA Loop

e
erv
bs

Or
ien
t
Ac
t
ide
Dec

Source: CPA Australia 2021.

The OODA loop is a military decision-making framework that has been adapted for use in the business
world. The OODA loop was developed by the United States Air Force to train its pilots to decide and act
more rapidly than their adversaries, giving them the advantage in air-to-air combat.
The emphasis on the speed of the cycle enables agility. When applied to business, the model provides an
organisation with a competitive advantage if it can execute the loop faster than its competitors. Execution
requires the transformation of data, to knowledge, to action in a timely manner (Bumblauskas et al. 2016).
.......................................................................................................................................................................................
CONSIDER THIS
Do you use a formal decision-making framework to ensure you approach decision-making consistently? If not, what
might be the risks of not using a framework?

ITERATIVE APPROACHES
Regardless of the specific data-informed decision-making framework used, an iterative approach should
be taken. Information that is valid now will not necessarily be valid in future, whether that is tomorrow
or in a year. It is important to monitor data inputs as well as outputs and make adjustments as necessary.
For example, changes in the internal or external environment may affect the relevance of KPIs over time
(Bumblauskas et al. 2016).
Another factor that requires the iterative approach, is that often the questions that we seek to answer
through analysis need to be refined over time. Renowned mathematician John Tukey in his paper ‘The
Future of Data Analysis’ noted that while precise answers to oversimplified problems can provide insight
and guidance, they are not necessarily the best answer to a particular data analysis problem (Tukey 1962).
Although we think we start with the right question, most often that isn’t the case. An iterative approach is
required, where we try different processes and along the way we form an idea of what the data can tell us,
but also what other questions we can ask and what questions we want answered (Peng 2019).

4.15 EXAMPLE OF A DECISION-MAKING

FRAMEWORK
Numerous data-informed decision-making frameworks exist. An organisation should, as part of its data
strategy, develop or adapt a framework suitable to its particular needs and circumstances. The framework
should emphasise data-informed decision making.
As explained in parts B and C, effective analytics begins by identifying what the business needs to know
in order to solve its problems and achieve its objectives. This step provides focus to the entire analytics
process. It ensures effective use of resources and reduces the risk of ‘analysis paralysis’ — the stifling
of decision-making from an overwhelming number of insights; generated from data that does not directly
answer the key business questions (Thomson 2018).
An important part of decision-making is assessing whether the analytics outputs allow us to confidently
answer the questions that we began with.

Pdf_Folio:326

326 Digital Finance

ASSESSING THE ADEQUACY OF THE INSIGHTS
An important consideration of this step in the decision-making process, is whether we have the knowledge
to proceed to decision-making or need to loop back and improve what we have.
Exceptional data-informed decision-making processes usually generate more questions than answers.
As we interpret the results of our analysis, we can ask ourselves these key questions.
• Does the data answer the original question? If so, how? If not, is it because we don’t have the right data
or we haven’t got enough data?
• Does the data allow us to defend against any criticisms or objections? If so, how?
• Are there any limitations on our conclusions, any angles we haven’t considered?
If we cannot answer these questions positively, with confidence, then we need to adjust our original
business questions or collect more data.
This requires iterating or looping back through the analytics process. The question of how much
information is enough to make a decision is a choice that has to be made at an organisational level
(Amazon’s approach is shown in example 4.19).

EXAMPLE 4.19

Amazon
Amazon is a company that drives the use of data-informed decision-making within its organisation. The
company’s founding CEO, Jeff Bezos, classified decisions as ‘Type 1’, which are non-reversible decisions,
or ‘Type 2’, which are reversible decisions.
Type 1 decisions are given more resourcing than Type 2.
The company has a principle of commencing decision making once there is a ‘preponderance of
evidence’, which is about 70 per cent. This is because there can be a course correction later on.

.......................................................................................................................................................................................
CONSIDER THIS
What do you think about Amazon’s decision-making principles?

Once we establish that we have enough knowledge to inform a decision, we can form a conclusion. The
conclusions drawn from our analysis will feed into the next step, hopefully facilitating informed decisions
and driving business strategy forward.
We need to realise that these findings may not be understood or may even be ignored if they are
not presented effectively to the decision makers. Data analysts must become skilled in the art of data
storytelling and visualisation in order to communicate their findings with key stakeholders as effectively
as possible. Part E looks at this aspect in detail.

MAKING A DECISION BASED ON THE INFORMATION

The amount of knowledge we have at this point in the process can be extensive or even overwhelming. For
this reason, using a decision-making model can help to guide us through the process systematically.
Decision making involves three types of activities that deal with:
• identifying, defining and diagnosing problems
• generating alternative solutions
• evaluating and choosing among alternative solutions.

Decision Types
According to decision-making theory, not all decisions are weighted equally in importance. Some can
be considered routine and low impact, and at the opposite end of the spectrum, others are one-off and
potentially high impact. The latter types of decisions can influence hundreds or thousands of stakeholders’
lives, or affect the fate of the company itself. Table 4.15 illustrates the spectrum of decision weights.
A typical approach to programmed decision making involves establishing guidelines or policies that
allow managers to make streamlined, timely and consistent decisions. The routine nature of these decisions
provides accumulated data on past outcomes. The rules are developed based on those successful outcomes.
Examples may include disciplinary matters or technical support issues.
Pdf_Folio:327

MODULE 4 Data Analytics, Interpretation and Visualisation 327

 TABLE 4.15 Decision types

Decision type

Strategic Tactical Operational

• Significant and/or wide • Decisions affecting one • Decisions with small
reaching decisions or more subgroups group or limited impact
affecting many • Example: Procedural at task level, but may
stakeholders decisions made by have more impact when
• Example: Policy middle to senior viewed as a aggregate
decisions made by managers • Example: Day-to-day
the CEO, CFO and/or decisions, made by
Board of Directors employees or line
managers

Programmed Reviewing the Arranging maintenance Rostering warehouse

• Decisions that are organisation’s annual on the sales teams fleet staff for the scheduled
routine and anticipated budget and sales targets of vehicles monthly stocktake
• Usually scheduled and
recurring

Non-programmed Opening a new interstate Purchasing a new Urgently creating

• Decisions that are not office software package for additional stock of an
routine or expected the marketing team unexpectedly popular
• Might only occur once product

Source: CPA Australia 2021.

A non-programmed decision making scenario involves a novel situation, where no prior experience or
developed strategy exists. A unique solution must be developed, taking into account multiple variables and
possibly unknown information. An example of this scenario could be: what should the marketing strategy
for our new product be?
Many decision-making models take these concepts into account, balancing efficiency and collaboration
against decision quality and importance.
Data-informed decision making may be employed to guide decisions over the entire spectrum.

Decision-Making Strategies
We will briefly look at some steps to assist non-programmed decision making. All decisions come with
a certain degree of risk. This means that, when making decisions, the aim is to select the best possible
choice available, though it may not be the perfect choice. Hence, it is important that we have strategies and
processes to assist with evaluating and mitigating the risks of the decision.
The process guides the decision maker through the steps of setting objectives, exploring and prioritising
alternative choices, assessing the strengths and weaknesses of the top alternatives, and choosing the ‘best’
alternative. It assists the decision maker to come up with mitigations for foreseeable consequences of the
decision.
The detailed problem and risk analysis is designed to remove cognitive bias from the decision-
making process.
The decision-making strategies consists of four steps.
1. Evaluate the situation. Identify the concerns, outline priorities and plan involvement.
2. Analyse the problem. Describe the exact problem or issue by identifying and evaluating the causes.
3. Analyse the decision. Identify and evaluate alternatives by performing a risk analysis for each and then
make a final decision.
4. Analyse potential problem. Evaluate the final decision for risk and identify the contingencies and
preventive actions necessary to minimise that risk.
Once a decision has been made, communicated to the organisation and implemented, monitoring and
evaluation can take place. The data-informed decision-making model is iterative, creating a continuous
loop of decision-making, evaluation and refinement. Improvements can be made to chosen strategies as
new data comes in or as the organisation grows in analytical maturity. Our existing analysis questions may
also require adjustment, or the existing hypotheses may have to be re-written.

Pdf_Folio:328

328 Digital Finance

 As the analytical capabilities of the company mature, this can help to shorten the decision cycle and
allow an organisation to have a competitive advantage in the marketplace.

QUESTION 4.13

Outline the digital skills professional accountants will need to work in a multi-disciplinary team
using big data to provide business insights to organisations.

SUMMARY
Data interpretation refers to the process of extracting insights from analytics outputs. The DIKW pyramid
is a useful way to conceptualise the difference between data, information, knowledge and wisdom and thus
how analytics takes us from data to decision-making.
Data interpretation requires domain knowledge. This refers to specialist knowledge in a specific field.
While data scientists will usually perform analytical procedures, they will usually not have sufficient
knowledge of the business problems or questions to be addressed. Thus, the accounting and finance
professional brings their domain knowledge to the process.
In interpreting data, it is important to remember key statistical and decision-making concepts such as
overcoming cognitive bias and not confusing correlation with causation.
The use of a decision-making framework helps create a structured and consistent approach to decision-
making. Each organisation should adopt a framework that suits its needs. One of the key decisions to be
made in formulating a framework is how much information a decision process needs.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

4.2 Appraise the impact of big data and data analytics on the work of accounting and finance
professionals to determine the organisation’s resource needs.
• Accounting and finance professionals have domain knowledge in some of the most important
aspects of business and thus should collaborate with data scientists and others in related analytics
work.
4.6 Analyse data analytics results to assess the ongoing suitability of models used and improve
business plans and processes.
• Part of data interpretation is to assess whether the insights gained are adequate to resolve the
business problem. Analytics is an iterative process — data and models should be refined to ensure
outputs meet the business’s needs.

Pdf_Folio:329

MODULE 4 Data Analytics, Interpretation and Visualisation 329

PART E: DATA VISUALISATION
INTRODUCTION
Data visualisation is the science and art of using visual representations to explore, make sense of and
communicate data.
Humans have powerful visual cognitive processes that can be leveraged to facilitate faster, clearer
communication of complex information compared to text, which uses verbal cognitive processes. The data
visualisation process involves understanding the context of the analysis, choosing the appropriate visual
to use, applying cognitive principles to increase effectiveness and being able to tell a story with data.

4.16 THE ROLE OF VISUALISATION

Visualisation is a tool that assists data analysis, allowing the analyst to uncover hidden information and
patterns within the data. Once insights have been extracted from analysis, data visualisation enables us to
communicate those findings effectively to the audience.
Research in physiology shows that humans use their vision far more than any of their other senses
(touch, hearing, smell and taste) to gather information from the world around them.
Our sense of vision is used for processing both text and images. Research indicates that for many
purposes we find it easier and faster to derive meaning from images than from text.
Raw text and values interact with our verbal cognitive processes, whereas charts and graphs interact
with our visual cognitive processes, which are faster at processing information. In addition, it takes
significantly longer to process, mentally combine and derive meaning from a series of pieces of information
(known as sequential processing) than to process the interrelated parts of a visualisation. Visualisations
enable simultaneous processing and help individuals to identify patterns in information using visual or
spatial cues.
Data visualisation thus leverages the advantages of visual communication to help analyse and present
data more effectively.

EXPLORATORY AND EXPLANATORY VISUALISATIONS

Data visualisation in analytics can be categorised as either exploratory or explanatory.

Exploratory Analysis: Finding Patterns

Exploratory analysis is about finding patterns through breadth and depth of analysis. Exploratory analysis
is often deeply interweaved with the analysis and interpretation stages of the overall analytics process (see
parts C and D of the module, respectively).
During data analysis, visualisation helps us to uncover the hidden information and patterns within the
data. Example 4.20 illustrates this using a demonstration developed by statistician Frank Anscombe.

EXAMPLE 4.20

Anscombe’s Quartet
The four data sets in table 4.16 have the same variance in x, variance in y, mean of x, mean of y and linear
regression.

TABLE 4.16 Anscombe’s Quartet Data Sets

I II III IV

X Y X Y X Y X Y

10 8.04 10 9.14 10 7.46 8 6.58

8 6.95 8 8.14 8 6.77 8 5.76

Pdf_Folio:330

330 Digital Finance

 13 7.58 13 8.74 13 12.74 8 7.71

9 8.81 9 8.77 9 7.11 8 8.84

11 8.33 11 9.26 11 7.81 8 8.47

14 9.96 14 8.1 14 8.84 8 7.04

6 7.24 6 6.13 6 6.08 8 5.25

4 4.26 4 3.1 4 5.39 19 12.5

12 10.84 12 9.13 12 8.15 8 5.56

7 4.82 7 7.26 7 6.42 8 7.91

5 5.68 5 4.74 5 5.73 8 6.89

SUM 99.00 82.51 99.00 82.51 99.00 82.50 99.00 82.51

AVG 9.00 7.50 9.00 7.50 9.00 7.50 9.00 7.50

STDEV 3.32 2.03 3.32 2.03 3.32 2.03 3.32 2.03

Source: CPA Australia 2021.

If we plot the linear regression for each data set, we obtain figure 4.30.

FIGURE 4.30 Linear regression for the four data sets

I II
12.5

10.0

7.5

5.0

III IV
y

12.5

10.0

7.5

5.0

5 10 15 5 10 15
x
Source: CPA Australia 2021.

Pdf_Folio:331

MODULE 4 Data Analytics, Interpretation and Visualisation 331

 However, when the data points themselves are plotted (figure 4.31), we can see a stark difference.

FIGURE 4.31 Data points and linear regression for the four data sets

I II
12.5

10.0

7.5

5.0

III IV
y

12.5

10.0

7.5

5.0

5 10 15 5 10 15
x
Source: CPA Australia 2021.

We could not identify these patterns by pure statistical analysis.

The different relationships in the four data sets can be explained as follows.
I. The statistics and charts show data points with a moderate strength of positive correlation. However,
there are random influences in the relationship between the two variables.
II. There is a non-linear relationship between the data points, which is more predictable than the
first example.
III. There is a linear relationship between the data points, without the random influences of the first set.
However, an outlier has affected the line of best fit.
IV. There appears to be no variation in the x-values of the data, except for one outlier (which may be
erroneous or result from an anomaly and should be investigated).

It was impossible to identify patterns in the data sets in example 4.20. These data sets had only 11 rows.
Consider big data sets with billions of rows of potentially unstructured data. Visualisations are a crucial
part of interpreting the outputs and will often be used during the analysis process to shape the analytical
procedures undertaken, both with conventional analytics and AI-enabled analytics.

Explanatory Analysis: Communicating Findings

Explanatory analysis is about effectively communicating the findings to decision makers.
Once knowledge has been extracted from data, creating visuals enables the effective communication of
those findings to the decision makers.
Some of the benefits of using data visualisation as a tool for reporting are to:
• provide descriptive information
• provide the results of an analysis
• persuade others to act
• create an organisational memory (record keeping).
Pdf_Folio:332

332 Digital Finance

 The next section looks at how to use visualisations as a key element in storytelling to present the
information obtained from the data.

QUESTION 4.14

Differentiate exploratory and explanatory visualisations.

4.17 TELLING A STORY WITH DATA

As described above, the purpose of explanatory analysis is to communicate findings. In this section, we
will describe a four-step process that supports the creation and presentation of effective visualisations for
explanatory analysis.
• Step 1: Use storytelling to make the message persuasive
• Step 2: Understand the context of the task
• Step 3: Choose the most effective visual display to use
• Step 4: Paint a clear picture of the data using cognitive principles
Note that some of the methods are also relevant to exploratory analysis.

STEP 1: STORYTELLING
Storytelling is a powerful communication technique because our brains are wired to receive, understand
and store information in that particular form. People remember stories, not statistics. Storytelling leverages
cognitive processes that result in a higher level of engagement and increased recall.
As organisations are adopting data-informed decision making, not all their members are able to
comprehend the analysis results or grasp the complexities of the techniques involved. There may be a
lack of confidence or even scepticism regarding the insights that are derived. This can create barriers to
developing a culture of data usage and data-driven transparency or may mean that members are not inspired
to act on the knowledge that analytics uncovers.
Storytelling using data can provoke conversations and encourage deeper analysis of the insights. It
transforms the results into a format that is accessible, allowing the storyteller to reach a wider audience of
both internal and external stakeholders. Weaving the data into a narrative helps the professional persuade
others to act on the insights.

How to Create a Story with Data

Creating the story involves:
1. defining the goal
2. setting the stage
3. developing the story
4. closing the story.
Step 1: Defining the Goal
To help define the goal, we can ask: Why are we telling this story? We can break that question down further
into: Who is the target audience? and What do we want them to do?
Typically, we will:
• present insights to inform a decision made by the stakeholders (audience)
• seek to inspire action, either by influencing a decision or motivating others to conduct a deeper analysis
of an issue
• justify or explain a decision that has been made or results that have been achieved.
After we define the goal, we need to keep it in mind as we develop the story.
Step 2: Setting the Stage
To set the stage for the story, we must first know exactly who the audience is. We need to avoid being
general (all stakeholders) and be as specific as possible (e.g. CFO and CEO).
After the audience has been identified, we have to assess their level of domain knowledge and their
level of data literacy, especially their familiarity with the visualisations or analytics we plan to use. This
influences how we write the stories we want to share. We need to ask: How much background information
Pdf_Folio:333

MODULE 4 Data Analytics, Interpretation and Visualisation 333

does the target audience need? What is the context the audience needs to understand the visualisations?
We can then use the answer to guide exactly what to include in the story.
Step 3: Developing the Story
The story is a framework that ties together all the relevant information, providing a way for the audience
to follow. Knaflic (2015) discusses starting the plot by framing it in terms of an imbalance, conflict or
problem. Another way of looking at it is the difference between what the situation is, and what it could
ideally be.
After we have introduced the imbalance or tension, depending on what the goal is, we can move on to
exploring how we could, or how we did solve the problem.
This could involve:
• showing external context or comparison points
• showing examples or data that illustrate the problem
• talking about what could happen if the problem is not addressed
• talking about possible solutions
• talking about the benefits of potential solutions.
Keeping the audience in mind, we should be thinking about what we can present that will motivate them:
• generating more revenue
• gaining an edge over the competition
• growing market share
• saving resources,
• innovating and so on.
Once we have done this, we can close the story.
Step 4: Closing the Story
The key part of this phase is defining what our call to action is. What do we want the audience to do with
the knowledge or insights we have given them?
If we have started the story with the call to action, we need to reiterate and reinforce it. We should leave
the audience with a lasting impression by emphasising how the story is relevant to them, and what the wider
implications are. Aaker (2014) suggests we ask ourselves: Why should the audience care? and Why should
they share this story? Some general advice for influencing change is (Knaflic 2015) to communicate the
benefits of the new compared to the old, or to provide multiple options and get feedback from the audience
(let people choose).

STEP 2: UNDERSTANDING THE CONTEXT

Understanding the context of data visualisation is key to appropriate and effective communication.

Identifying the Audience of the Presentation

Knowing your audience is an important first step in the process of creating a presentation. By identifying
and analysing the audience, we can decide on the appropriate content and how much detail to include.
Be specific when defining the target audience. Avoid generalisations like ‘all stakeholders’ and narrow
it down. We could focus on the decision-makers, for example, we would instead say ‘the Chief Financial
Officer and Chief Operations Officer’. This may then require us to create different communications for
more than one audience.
Another key consideration is: do we first have to establish credibility or not with the audience? The
answer will determine whether we should have a call to action or establish credibility with the audience
by presenting the research as the first step.

What Do We Need to Present to the Audience?

After identifying the audience, consider whether it is appropriate to make a call to action in the presentation.
If prompting action is not appropriate, the goal would be to generate discussion or leave the decision-
makers with enough knowledge to determine the course of action.
In cases where a call to action is appropriate, there is often reluctance from the presenter to take a
decisive position. This is necessary and requires the confidence to be accepted as a subject matter expert.
In explanatory analysis, people often fall into the trap of presenting all of the data and analysis, instead
of presenting the key findings. This can be motivated by a desire to demonstrate how thorough the work
was, but it should be avoided (Knaflic 2015).
Pdf_Folio:334

334 Digital Finance

Determine How to Present the Communication
We need to determine the method of delivery: are we conducting a live presentation or producing a
document for the audience to read?
For a live presentation, such as a slideshow, it is advisable to avoid too much detail in the visuals, as
they can be distracting for the audience. There is a tendency for the audience to read everything on the
slides, taking their attention away from what you are saying. The audience can ask questions if they need
clarification during the slideshow.
We would include more detail in a document that is disseminated to the audience (for example, by email
before or after the presentation).
An example of more detail (static document) versus less detail (a live presentation slideshow) is shown
in figure 4.32.
Understanding the context of explanatory data visualisation requires us to consider what information
we present to the audience. The next step is to determine how to present it.

STEP 3: CHOOSING THE MOST EFFECTIVE VISUAL DISPLAY

Visualisation provides us with a choice of numerous chart and graph types. The most effective visual
display method depends on what aspect of the data we want to highlight.
We can generally categorise the aspects of data that we want to highlight as the following.
• Raw value. Presenting the data as is; displaying it as the raw statistic or as tables of statistics
• Comparison of magnitude. Comparing the size or other measures of data, of items within a data set
or between different data sets. The differences might be relative or absolute. The data points are a
snapshot, a picture at a moment in time or of an aggregation of time (for example, the total over a
year). Special cases of comparison include deviation (variation from a fixed reference point), part-to-
whole composition relationships, or heat maps (highlighting hotspots of greater magnitude), including
geographical presentation on a map.
• Changes over time. Presenting trends or how measurements of the data vary over a defined time period;
the differences can be relative or absolute.
• Correlation. Showing relationships or an association between different data points, or data sets.
The following sections briefly outline the common types of visual displays that can be used for
highlighting each of these aspects.

Displaying Raw Values

Sometimes, it is appropriate to display only the raw value of a statistic. Table 4.17 outlines some key
approaches.

TABLE 4.17 Displaying raw values

Technique Applications

Single statistic Use when:

• a single statistic is relevant
• the audience should focus on a key statistic.

Tables Use when:

• comparing or looking up individual values is crucial
• displaying precise values is essential
• the data set does not have many values
• the values involve multiple units of measure
• communicating quantitative information is more important than trends.

Charts Use when:

• the shape of the data easily conveys the information and makes it easier to interpret
• the relationship between many values or trends are important.

Source: CPA Australia 2021.

Pdf_Folio:335

MODULE 4 Data Analytics, Interpretation and Visualisation 335

 FIGURE 4.32 More detail vs less detail

Operating profit margin vs revenue growth (YTD)

Indexed growth of operating profit margin compared to revenue

year-to-date
Index January = 100
135

130
Revenue
125
Indexed growth (%)

120

115 Operating profit margin

It has recovered over the last four months; however,
110 growth has been overall slower than revenue YTD.
105

100

95 The sharp drop in profit margin was due to the large

materials price hike from our supplier.
90
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

Operating profit margin vs revenue growth (YTD)

135

130

125

120
Indexed growth (%)

115

110

105

100

95

90
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Operating profit margin

Revenue
Source: CPA Australia 2021.

Comparing Magnitudes
A comparison of magnitude could be the difference between items within a single data set or the differences
between several sets of data. Many common charts types are useful for comparing magnitudes. There is
often no one correct choice, as there are multiple visuals that can work effectively.

Pdf_Folio:336

336 Digital Finance

 Useful charts for comparing magnitudes are summarised briefly in table 4.18.

TABLE 4.18 Comparing magnitudes

Technique Applications Example

Bar charts Use to show 10 000

a comparison
between any 9000
quantitative
measure. 8000

7000

6000

5000

4000

3000

2000

1000

0
Apples Oranges Pears Bananas Grapes

Histograms Use to show 80

a frequency
distribution.
70

60

50

40

30

20

10

0
0–20 21–40 41–60 61–80 81–100

(continued)

Pdf_Folio:337

MODULE 4 Data Analytics, Interpretation and Visualisation 337

 TABLE 4.18 (continued)

Technique Applications Example

Stacked bar Use to show a Total sales (annual)

8 00 000
charts comparison of
a quantitative
measure and the 7 00 000

components within
each measure. 6 00 000

5 00 000

4 00 000

3 00 000

2 00 000

1 00 000

0
Central East South West
Furniture Office supplies Technology

Grouped bar Use to show Sales by region

1 60 000
charts information about
subcategories 1 40 000
of the main
1 20 000
components.
1 00 000
Whitegoods
80 000 Audio visual
Phones
60 000 Camera

40 000

20 000

0
North West South East

Part-to-whole Use to show how

(or composition) different categories
charts contribute to a
total value, or how
components add up
to a whole.

Waterfall chart Use to visualise 400

how a series of
measurements 350
–120
contribute to a
whole; e.g. how 300 30
a gross quantity
becomes a net 250
quantity after
various losses 200 400
and gains; or
how quantities of 150 310
various categories
add up to a total
100
quantity across an
enterprise.
50

0
Units in stock Damaged Refurbished Saleable units

Pdf_Folio:338

338 Digital Finance

 Pareto chart Use to show a Profit by product category
100%
quantity from the 25 000
97.4% 99.3% 100%
largest quantity 89.1% 98.5% 99.7%
95%
to the smallest 83.2%
and thus focus 20 000 80%
attention on the 75.4%
largest contributing 63.7%

categories. 15 000 60%

10 000 39.2% 40%

5 000 20%

0 0%

rs

ry

es

r
re

ea

ea

e
ie

ag

ic
ag

ke

le

th
nc
pa

or

et
w

el
db

gg

O
ic

m
ra
ot

ss

er
Ap

w
St
an

Lu

os
ag
nd
Fo

Je
ce

C
Fr
U
Ac
Profit Cumulative total

Funnel chart Use to show

how a quantity Revenue 1.253874M
is diminished or
eroded sequentially;
e.g. revenue Gross profit 0.983781M
diminished by
various costs and
expenses before
Operating profit 185.399k
it results in a net
profit.

Net profit 128.473k

Area comparison Use when there

chart is only a few
categories and
differences in
magnitude are
substantial. (Note:
Differences in area
are more difficult
to perceive than
differences in length
or width.)

Proportional area Use to enable

Whitegoods
chart quick recognition
50.5%
of the relative
proportions of
components, where Audio visual 25.2%
a measurement Phones
scale for assessing 18.1%
the absolute value
of a quantity is not Cameras
needed. 6.1%

(continued)

Pdf_Folio:339

MODULE 4 Data Analytics, Interpretation and Visualisation 339

 TABLE 4.18 (continued)

Technique Applications Example

Pictorial chart Use to enable OPEX Q3

(grid plot, square quick recognition
plot or waffle of the relative Breakdown of total operating expenses for Q3 (percentage of total)
chart) proportions of
components, where
a measurement
scale for assessing
the absolute value
of a quantity
is not needed
and rounding
of quantities is
tolerable.

Salaries Rent Insurance Utilities Stationery

Tree map Use when there Total sales (annual)

are many different Texas Illinois
values, or to show
the breakdown
to several levels
of categories and
subcategories.

Wisconsin Nebraska Iowa

Kansas

Pdf_Folio:340

340 Digital Finance

 Sankey diagram Use to show IT costs breakdown
(multilevel pie category and Last financial year
chart or flow subcategory
Maintenance
chart) composition.
Depreciation

Applications

Operations Software

Infra-structure

Networking Costs
Hardware
Support
Services

Voice Personnel
Operations
Operations

Administration
Development
Development Operations

Density and Use to show

distribution charts concentration of
values.

Heat maps Use to highlight the Sales volume across stores

relative magnitude
of data points with M200 1012 3294 4892 6536 1405

respect to a certain
measure. M100 5346 1785 9707 5476 2664
Product model

DL80A 3428 6884 8088 303 6418

DL9200H 3116 8661 6228 6523 5426

DL9200 2071 1637 6308 5153 77

A B C D E
Store
0 9737

Box and whisker Use to show and 25

plot compare the
distribution of 20
samples.
15

10

–5
Sample 1 Sample 2 Sample 3

(continued)

Pdf_Folio:341

MODULE 4 Data Analytics, Interpretation and Visualisation 341

 TABLE 4.18 (continued)

Technique Applications Example

One-dimensional Use to show and 16 000

scatter plot compare the
distribution of 14 000
samples.
12 000

10 000

8 000

6 000

4 000

2 000

Geographical Use to show

information charts information relating
to geographic
qualitative data.

Choropleth map Use to indicate

the relative
measurements of 800
each region.
600

400

200

Source: CPA Australia 2021.

All of the charts in table 4.18 have useful applications. There are, however, some other visual displays
that are best avoided as they are confusing or otherwise difficult to interpret. These include pyramid charts,
circular charts and charts with three-dimensional effects.

Showing Changes Over Time

We may be interested in showing how data changes over a certain time period. Some relevant
examples are:
• the monthly sales trend for the last 12 months
• bank interest rates over the last five years
• monthly selling price variance over the last two quarters
• company annual revenue for each of the last 10 years
• daily share price data over the last six weeks.
A few of the visual displays we have already looked at can be adapted to show change over time. For
example, bar charts, heat maps, waterfall charts, Sankey diagrams and box plots can be used, if time is
assigned to the independent variable axis.
Additional useful charts for showing change over time are summarised briefly in table 4.19.

Pdf_Folio:342

342 Digital Finance

 TABLE 4.19 Change over time

Technique Applications Example

Line chart Use to present 20 000

multiple data series
18 000
over a timespan.
16 000

14 000

12 000

10 000

8 000

6 000

4 000

2 000

0
2011 2012 2013 2014 2015 2016

North America Asia Europe South America

Candlestick chart Use to display 3.0

variations in 2.8
the price of 2.6
commodities or
2.4
securities (opening
price, high price, 2.2

low price and 2.0

closing price) over a 1.8
chosen time period. 1.6

1.4
1.2
1.0

0.8
0.6
0.4
0.2
Jun 03 Jun 10 Jun 17

Slope graph Use to show a 2018 2019

comparison when
only two points in
time are required.
Printing 2395

2160 Printing

1825 Software

Software 1504
1406 Couriers
Stationery 1285
Couriers 1254
Hardware 1152 1105 Stationery
956 Packaging
Packaging 804 820 Hardware
725 Postage
Postage 672

(continued)
Pdf_Folio:343

MODULE 4 Data Analytics, Interpretation and Visualisation 343

 TABLE 4.19 (continued)

Technique Applications Example

Layered area Use to show 5000

chart multiple data series
over time. 4500
4000
3500
3000
2500
2000
1500
1000
500
0
1975 1980 1985 1990 1995 2000 2005 2010 2015 2020
North America South America Europe Asia

Stacked area Use to show 280

chart multiple data series 260
over time where the 240
relative proportions
220
of the components
200
are more significant
$ 1000’s (USD)

than the absolute 180

values. 160
140
120
100
80
60
40
20
0
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
FCF CAPEX

Stream chart Use to show 11

the relative
10
contributions of
components to the 9
aggregate total. 8
Total value $M (USD)

7
6
5
4
3
2
1
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
Time (months)
Fixed income Property Other Shares

Pdf_Folio:344

344 Digital Finance

 Gantt chart Use to show
progression of
Planning
a project with
separate phases.
Research

Design

Development

Review

8
8
8
8
8
8
8
8
8
8

1 8
1- 8
18
-0 01
-0 01
-0 01
-0 01
-0 01
-0 01
-0 01
-0 01
-0 01
-0 01
-0 01
-0 01
20
07 1-2
09 1-2
11 1-2
13 1-2
15 1-2
17 1-2
19 1-2
21 1-2
23 1-2
25 1-2
27 1-2
29 -2
-0
05
Source: CPA Australia 2021.

Highlighting Correlation or Relationships

As explained earlier, correlation is a measure of how strongly two variables are related to each other. The
visualisation most commonly used to show correlation in a data set is the scatter plot. Scatter plots display
individual data points, measured against two variables. By plotting the data points in two-dimensional
space, patterns such as clusters, linear slopes or non-linear curves may be seen, indicating a degree of
correlation between the variables.
Scatterplots are used in predictive analytics for linear regression, which involves calculating a line of
best-fit through the data points, generating a predictive model where correlation exists.
Figure 4.33 shows data points from an insurance company’s data set, representing the relationship
between insurance costs paid for customers who smoke, and their body mass index (BMI). A weak positive
correlation exists (higher BMI is correlated with higher insurance costs paid), and there appear to be two
clusters (those less than 30, and those with BMI over 30).

Visualising More Than Two Variables

The visual displays discussed above have generally shown at most two variables (usually an independent
variable such as time and a dependent variable such as price). This is because the charts must be displayed
in two-dimensional space, typically on a screen or printed paper.
Many data sets are multidimensional, consisting of data with multiple variables. For example, we may be
conducting an analysis of data to identify correlations based on three variables: account balance, interest
rate and average deposit amount. When visualising data with more than two variables, we need to be
creative in order to overcome the limitations of two-dimensional space and find ways of representing
additional dimensions.
To achieve this we can leverage other visual cues:
• animation
• hue (colour)
• intensity (shade)
• size.
For example, a bubble chart is an extension of a scatter plot, using size and colour for each data point in
addition to the x and y coordinates. By doing so, we can convey up to two more quantitative or qualitative
measures for each point. For example, figure 4.34 shows a bubble chart in which the size of the circle
represents the number of stores (a bigger circle indicates a higher number of stores), and colour represents
geographical region.

Pdf_Folio:345

MODULE 4 Data Analytics, Interpretation and Visualisation 345

 FIGURE 4.33 Scatterplot

Smokers’ BMI vs insurance costs

65K

60K

55K

50K

45K
Charges

40K

35K

30K

25K

20K

15K

10K
16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54
BMI
Source: CPA Australia 2021.

FIGURE 4.34 Bubble chart

60 000

50 000

40 000
Total costs

30 000

20 000

10 000

0
0 10 000 20 000 30 000 40 000 50 000 60 000
Total revenue

America Asia Europe

Source: CPA Australia 2021.

While scatter plots and bubble charts are appropriate for visualising correlation between individual data
points, we need a different visual display for showing magnitude comparison or change-over-time with
more than two variables. This is because we need to show the ‘in-between’ or interpolated data. This can
involve 3D charts or 2D contour charts, but both are challenging to read.

Pdf_Folio:346

346 Digital Finance

.......................................................................................................................................................................................
CONSIDER THIS
Which of these visualisations do you use? Are there any that you don’t use that might prove valuable when trying to
communicate with others?

This section has covered a variety of charts that can be used to present data based on the aspects
of interest, for example, relative measurements or changes over time. Although visualisations can
communicate information effectively, there are certain considerations that can impact the delivery. These
considerations involve visual perception theory, which is explored in more detail in the following section.

STEP 4: USING COGNITIVE PRINCIPLES TO GIVE A CLEAR

PICTURE OF THE DATA
Applying cognitive principles to visualisations helps us avoid confusing the audience or creating visu-
alisations that require so much work to mentally process that they reduce the effectiveness of our
communication.
Two useful approaches are:
• eliminate unnecessary detail — by applying Gestalt principles
• draw attention to important information — by using pre-attentive attributes.

Eliminate Unnecessary Detail

Data visualisation expert Edward Tufte’s (1983) data-to-ink ratio concept can help us focus on eliminating
unnecessary detail. Data-ink is essential, non-erasable, non-redundant information; removing this ink
would cause information to be lost. Redundant ink can be removed from the visual, without reducing
the effectiveness of the communication or message.

Total ink = Data ink + Redundant ink

The data-to-ink ratio can be expressed as:

Data-to-ink ratio = (Data ink) / (Total ink)

The goal is to make the data-to-ink ratio as close to 1.0 as possible. To achieve this, we need to remove
unnecessary ink in the visualisations. If erasing something in the graphic does not change the information
conveyed, then it should be erased (Knaflic 2015). Details that are necessary but are not part of the main
message should be put in the background (e.g. using light grey, as opposed to black text and lines).
Gestalt Principles
Gestalt principles deal with the psychology of visual perception — how humans assess what they see
as a whole from many individual parts (such as shapes, colours or spacing). Gestalt principles help us to
understand how the audience is likely to perceive the elements of a visualisation. They help us maximise
the data-to-ink ratio, but avoid removing too much ink from the chart. The Gestalt principles relevant to
eliminating unnecessary detail in data visualisations are described in table 4.20.

Draw Attention to Important Information

The second goal of reducing cognitive load on the audience is to draw attention to what information is
important, by using pre-attentive attributes. These decide what the audience notices first in visualisations.
We can point the audience’s attention towards the most important information in the visualisations, helping
them find it faster, using a low level of mental workload.
Pre-attentive attributes also enable us to create a visual hierarchy of information, focusing the audiences’
attention more quickly on the most important to the least important details.

Pdf_Folio:347

MODULE 4 Data Analytics, Interpretation and Visualisation 347

 The most commonly used pre-attentive attributes are:
• length and width
• orientation
• size
• shape
• enclosure
• position
• hue
• intensity.

TABLE 4.20 Gestalt principles

Increasing power Connection • We perceive visually connected objects as grouped. For example, we
to eliminate can show relationships between objects by visually connecting them, for
unnecessary detail example, using a straight line.

Closure • We are able to imagine missing details in a picture when we recognise

familiar shapes or objects.

Continuity • Our eyes tend to follow lines and curves.

• For example, we can break lines when they cross and they will still be
interpreted as a continuous line.

Enclosure • We mentally group objects if another object encloses them.

• A simple example is a shaded area. We can use shading instead of drawing
borders to separate various sections in a chart or dashboard. Subtle shading
is effective; strong contrasts are not required.

Proximity • We associate objects as a group when they are close together.

• We can therefore group visual elements together without drawing borders,
arrows or enclosing them with boxes.
• We can imply a horizontal or vertical relationship, for example, linking a text
label to a trend line or another object without having to draw a line or grid.

Similarity • We perceive objects with similar properties (e.g. colour, shape, size or
orientation) as a group.

Source: CPA Australia 2021.

Adding Text and Annotations for Relevant Information

In addition to using pre-attentive attributes to highlight key information in charts, text can also be used
to convey explanations that might not be immediately obvious. We can use text descriptions and labels in
visualisations to serve a number of purposes:
• introducing the chart or any details within it
• explaining interesting data points or trends
• reinforcing or highlighting important features
• making suggestions or recommendations.
Example 4.21 presents a ‘before’ and ‘after’ chart to illustrate the use of cognitive principles for
visualisation.

EXAMPLE 4.21

Applying Gestalt Principles and Pre-Attentive Attributes

The chart tells a story of how fictional company SuperClix outsourced its R&D operations to gain a
competitive advantage and outpace the revenue growth of its competitors over the previous four years.
The ‘before’ chart in figure 4.35 is typical of a lower data-to-ink ratio visual.

Pdf_Folio:348

348 Digital Finance

 FIGURE 4.35 The ‘before’ chart

Revenue growth since R&D outsourcing

Outsourcing our R&D operations to Lambda
Group enabled us to overtake our competitors in revenue growth.
160
SuperClix has grown revenue by
68% since partnering with Lambda
150 Group, outpacing our competitors.

140
Indexed growth (%)

130 After losing market share, we

outsourced our R&D operations to
Lambda Group three years ago
120 as a strategy to drive innovation
and competitive advantage.

110

100

90

80
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4

Gratec Mionico WPI Global SuperClix

Source: CPA Australia 2021.

Applying cognitive principles, we would:

• remove the background image watermark, as it does not add any useful information to the chart
• identify that the only important time information we want to convey is that SuperClix began outsourcing
R&D three years ago
• identify that the important growth information we need to convey is that revenue grew by 68 per cent
since out-sourcing
• rely on the text annotations for the time and growth information and therefore remove the redundant
grid lines
• remove the top and right edges of the chart box, as per the Gestalt principle of closure — the audience
will still perceive the box enclosing the chart
• consider removing the bottom and left edges but leaving the tick marks along the axes, as the audience
could still judge the time and growth scales (however, we will leave them in for the example)
• employ pre-attentive, strategic use of contrast by choosing colours for the data series, highlighting
SuperClix and sending the other companies to the background with lighter, subdued colours
• remove the markers from the data points, as they distract attention and are redundant as the
approximate values can be determined by the trend lines and axes scales
• employ pre-attentive, strategic use of contrast by choosing lighter intensity colours for the axes, legend
and chart subheading, sending them to the background and lower in the visual hierarchy — we want to
keep audience attention focused on the green trendline and narrative annotations
• apply similarity via colour (green) of the narrative text, grouping them with the SuperClix green trendline
• change the left text annotation’s connecting line to a green dotted line using the same principle above
and reducing unnecessary contrast
• remove the need for the right text annotation’s connecting line, by using the Gestalt continuity and
proximity principles (our eyes follow the trendline after reading the first annotation and arrive at the end
of the line and the first line of the text).

Pdf_Folio:349

MODULE 4 Data Analytics, Interpretation and Visualisation 349

 The improved chart is shown in figure 4.36.

FIGURE 4.36 The ‘after’ chart

Revenue Growth Since R&D Outsourcing

Outsourcing our R&D operations to Lambda
Group enabled us to overtake our competitors in revenue growth.
160

SuperClix has grown revenue by 68%

150 since partnering with Lambda Group,
outpacing our competitors.

140
Indexed growth (%)

130
After losing market share, we outsourced our R&D
operations to Lambda Group three years ago as a strategy
120 to drive innovation and competitive advantage.

110

100

90

80
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4

Gratec Mionico WPI global SuperClix

Source: CPA Australia 2021.

Comparing the ‘before’ and ‘after’ charts, we can see how the data-to-ink ratio has been improved and
attention is easily drawn to the key parts of the story. This reduces the level of mental workload required
by the audience to understand the information contained in the visualisations, making our communication
more effective.

VISUALISATION TOOLS
Often visualisations are created in Excel, which enables various types of conventional charts. However,
when working with more complex data or real-time data, more sophisticated options are worth exploring.
Once the preserve of data scientists and business intelligence specialists, visualisation tools are being
made increasingly available to others in organisations. Figure 4.37 provides a brief overview of some of
the leading visualisation tools.

FIGURE 4.37 Visualisation tools

Microsoft Power BI
Power BI is an all-in-one business intelligence and analytics platform provided as-a-service or as a
desktop client, but it is particularly highly rated for its visualisation capabilities. Visualisations are created
directly from reports and can be shared with users throughout an organisation. As well as a large number
of inbuilt visualisation styles, new ones are constantly being created by the AppSource community or if
you want to get your hands dirty with coding, they can be created from scratch using the developer tools

Pdf_Folio:350

350 Digital Finance

 and shared with other users. It also includes a natural language interface allowing visualisations of varying
complexity to be built from simple search terms. It is consistently rated as one of the easiest to use tools
for visual data exploration.
Tableau
Tableau is often considered the gold standard of data visualisation tools and as such it enjoys wide
deployment with a reported 57 000 active user accounts. Much of its appeal stems from its flexibility
and while it may not be as beginner friendly as some packages, a vast support network exists in the form
of its global community of users, spread across many industries.
In particular, its power means it is well suited to big data operations involving fast, constantly changing
data sets, and as such it is designed to easily plug into a large range of industry-standard databases such
as MySQL, Amazon AWS, Hadoop, SAP and Teradata. Three basic distributions are available — desktop,
server and cloud based. New additions to the service this year include the hyper in-memory capabilities
designed to greatly speed up analysis of large data sets.
QlikView
QlikView is another very popular option for building and sharing visualisations based on any data used by
an organisation. Qlik has worked hard in recent years to make its product more accessible and easy to use
regardless of technical ability when it comes to working with data. This does not mean it sacrifices power
or features, however, insightful visualisations are achievable in minutes, which can be shared instantly with
anyone thanks to its device-agnostic infrastructure. Often it is used alongside the provider’s QlikSense
platform to provide end-to-end analytics and reporting. It also has advanced security features that allows
different levels of access to data to be set according to the needs of individual users.
Sisense
Sisense is another end-to-end analytics solution with a powerful suite of visualisation tools. It features
an intuitive drag-and-drop method of building any sort of visualisation from simple charts to complex,
interactive infographics and dashboards. It has added ML components that simplify the process of
crunching through big data to unearth the most relevant insights, and making connections that would
go unnoticed by even the most highly trained human eyes. Its aim is to make data understandable to
anyone in your organisation through fully customisable, interactive visual environments.
FusionCharts
FusionCharts enables the creation of richly interactive JavaScript-based charts, with the advantage that
they can be easily and quickly embedded anywhere where JavaScript can be run. A key advantage here
is that as they run in native JavaScript they will look and function identically across whatever devices
they are displayed on. It offers a large number of templates that users can simply feed their own data
sources into, with the company claiming that a complete beginner will be able to create their first charts
and graphics within 15 minutes of sitting down with the software. Ninety chart types are available from
the start, from simple line and pie charts to more sophisticated heat map, zoom line and treemap charts.
Plot.ly
Plot.ly is another visualisation-focused analytics tool which is widely popular across a large number of
commercial and industrial uses. Plot.ly is known for its ability to create more technical and complex
interactive charts and visualisations due to its plug-and-play relationship with analytical programming
languages including R, Matlab and Python. Plot.ly’s foundation are the open source D3.js Javascript
visualisation libraries but it adds an advanced and intuitive graphical user interface as well as connectivity
with a number of proprietary CRM systems including the ubiquitous Salesforce. Visualisations can be
created through the online interface or with any of the supported programming languages by accessing
its libraries directly. Anything you create from simple charts to fully interactive visualisations based on
real-time Big Data can be simply embedded into websites or reports through HTML or iFrames.
Carto
Carto is specifically focused on creating graphics that take the form of maps, and as such has a number
of features that make it a great choice for data visualisation. It uses a wizard-driven interface, which
means it doesn’t take long to start mapping your data thanks to a graphical, web-based drag-and-
drop environment. Its software-as-a-service (SaaS) model means that it is both affordable for small
organizations but also scales as your needs for graphical reporting of location-based intelligence grows.
Source: Marr 2018.

DASHBOARDS
Dashboards allow for easier comparisons between metrics, which facilitates stakeholder decision making.
Dashboards are a visualisation tool that combine multiple related visuals that update as the data changes.
Pdf_Folio:351

MODULE 4 Data Analytics, Interpretation and Visualisation 351

 A well-designed dashboard provides actionable information related to business objectives to decision-
makers. These individuals can view, compare and analyse important analytics and information without
having to go to many different data sources and systems, which can be time-consuming.
The information in a dashboard often consists of various metrics and KPIs. A dashboard often provides
interactive capabilities that enable the user to investigate a particular metric in more detail. A dashboard
should be carefully designed, with user roles, responsibilities and decision-making timelines taken
into consideration, as different levels of management require different information. Dashboards can be
described using the following three levels: strategic, tactical and operational (Rasmussen et al. 2009).

Strategic Dashboards (For Executives)

Strategic goals are broad, long-term, organisation-wide objectives. This level of dashboard addresses these
objectives and their associated KPIs. These KPIs trickle down to dashboards at tactical and operational
levels. Metrics are not frequently updated compared to the tactical and operational levels and can include
external and internal trends or growth. Figure 4.38 is an example of a strategic level dashboard that might
be used by an executive. It includes metrics relating to revenue, profitability and sales performance by
regional divisions.

FIGURE 4.38 A strategic dashboard

Region
Revenue (YTD) Sales category breakdown Revenue monthly trend Central
100% East
South
100K West
80%
% of total sales

Category
60% Sales Furniture
Office su..
40% 50K Technolo..
Net profit margin

20%

0%
February May August November
0K
Month of order date (2014) February April June August October
Month of order date (2014)
Top sub categories (units sold)
Sub-category Sales by region
2000 Region

1500 200K
Quantity

150K
1000
Sales

100K
500
50K

0 0K
Binders Paper Furnishings Art Phones Accessories Storage Central East South West

Source: CPA Australia 2021.

Tactical Dashboards (for Middle Management)

A strategic objective is broken down into smaller, more actionable goals called tactical objectives. These
objectives usually take the form of initiatives or projects. A tactical level dashboard often allows the
manager to drill down into more detail for a given metric to understand any problems, for example, why a
given target is not being met. Figure 4.39 depicts a tactical level dashboard, with metrics relating to cash
management.

Operational Dashboards (for Departmental Managers)

Operational dashboards relate to the routine activities and processes at a day-to-day level, which help
to achieve tactical objectives. Operational dashboards usually display data that is updated at a weekly,
daily or even real-time rate. The metrics at this level are narrower in scope than at a strategic level, and
provide more detailed information to analyse the cause of performance, including problems, in relation to
objectives. Figure 4.40 shows a dashboard with departmental management level metrics — in this case,
for a sales manager.
Pdf_Folio:352

352 Digital Finance

 Pdf_Folio:353
FIGURE 4.39 A tactical dashboard

Cash management dashboard

Quick ratio Cash balance Cash

at end of month
€20k

IN € 352 760.44 €10k

Current ratio
OUT € 120 353.56 €0k
16 16 16 16 16 16 16 16 16 16 16 16
20 20 r 20 r 20 20 20 l 20 20 20 t 20 20 20
n b a y n u g p c v c
Ja Fe M Ap Ma Ju J Au Se O No De

Working capital
Days sales outstanding Days inventory outstanding Days payable outstanding

AR turnover vs AP turnover Inventory Accounts payable by payment target

5 2.5K
37k
2.5 2K 29k

0 1.5K 18k
16 16 16 16 16 16 16 16 16 16 16 16 7k 5k
1K

Cash conversion
20 20 r 20 r 20 20 20 l 20 20 20 t 20 20 20
n b a y n u g p c v c 16 16 16 16 16 16 16 16 16 16 16 16
Ja Fe M Ap Ma Ju J Au Se O No De
n
20 20 r 20 r 20 20 20 l 20 20 20 t 20 20 20
b a y n u g p c v c Net due < 30 days < 60 days
Ja Fe M Ap Ma Ju J Au Se O No De
Accounts receivable Accounts
< 90 days > 90 days
turnover payable turnover

Source: CPA Australia 2021.

MODULE 4 Data Analytics, Interpretation and Visualisation 353

 Pdf_Folio:354
FIGURE 4.40 An operational dashboard

354 Digital Finance

Top 10 won opportunities Won opportunities by account manager Opps by lead source

Opportunity name-1132 $74 580 600 000

Opportunity name-1785 $72 298 500 000 $549 603
Opportunity name-1623 $71 005
Opportunity name-1280 $69 854 400 000 $426 139 $421 747
$398 471
Opportunity name-2343 $68 697 Not entered Email
300 000
Opportunity name-1844 $65 833 $288 992 $587 912 $544 397
Opportunity name-2337 $64 992 200 000 23.6% 21.9%
Opportunity name-1253 $63 145
Opportunity name-2154 100 000
$63 083
Opportunity name-1910 $61 764 0
Molly Jane Mark Jones Fred Bear Casey
Burkhart McClenneghan Kenneth

Trend of won opportunities Average length of sale by account manager Google

$291 534
500 000 11.7%

400 000 Tradeshow Web

$482 446 $331 800
300 000 19.4% 13.3%
200 000
Call
100 000 $249 089
10.0%
0
19 20 20 0 0 0 Molly Burkhart
c- n- b- -2 r-2 -2
ar Ap ay
De Ja Fe M M

Source: CPA Australia 2021.

Dashboard-Specific Visualisations
The way dashboards are used and their interactive capabilities mean they often feature visualisations that
differ from those used in written reports and conventional presentations. Some of the most common of
these are summarised in figure 4.41.

FIGURE 4.41 Dashboard-specific visualisations

Bullet Charts
A bullet chart is typically used to display a measured value against a target value. As such, they are often
used to display information about KPIs. The user can quickly see the actual versus target value of the KPI
and evaluate progress or compliance with an objective.

Measured value Target value

Revenue

$0k $10k $20k $30k $40k $50k $60k $70k $80k $90k $100k

Background colours can be qualitative, arbitrary ranges

Gauges
A gauge is similar to a bullet chart, as it also displays an actual value against a target value. The appearance
of a gauge can vary, from a simple vertical or horizontal bar to an arc (similar to a gauge on a physical
vehicle or machinery dashboard). The gauge may allow the values to have text labels or may just use
markings along an axis.

Return on assets

100%

30%
– 14%
0%

Progress Bar
A progress bar is normally used to indicate progress towards a certain goal by showing a percentage out
of 100 per cent. It is appropriate when the absolute value is not important. The progress bar is typically a
horizontal bar; however, it can be a vertical bar or arc.

60%

Directional Indicators
Directional indicators use a triangle or arrow, oriented with the point in an upward or downward direction
to indicate whether a metric has increased or decreased relative to a previous point in time (a day, week,
month, year etc.). Directional indicators are most often combined with a raw text value for the metric (the
green, upward facing indicator implying that clothing sales increased from the day before).

Clothing sales today

$11 726

versus $8437 in sales yesterday

Source: CPA Australia 2021.

Pdf_Folio:355

MODULE 4 Data Analytics, Interpretation and Visualisation 355

Designing a Dashboard
The process of designing a dashboard — for your own use or for others — can be divided into the
following steps.
1. Choose appropriate metrics.
2. Select the visualisations.
3. Choose the layout.
4. Final considerations.
Input from stakeholders should be sought to inform each step (Bumblauskas et al. 2016).
Step 1: Choose Appropriate Metrics
The chosen metrics should be those that are essential to generate actionable knowledge. This means
providing valid and timely information that allows decision makers to make informed choices. The
metrics should also allow the stakeholder to monitor the validity of inputs and the outcome of decisions
(Bumblauskas et al. 2016).
The specific metrics to include will be guided by the needs of the user of the dashboard in relation to their
strategic, tactical or operational objectives. Table 4.21 describes how an accounts receivable dashboard
might differ in metrics at various levels of management.

TABLE 4.21 Accounts receivable dashboard levels, goals and metrics

Goals Metrics

Strategic • Reduce average accounts receivable days • Average accounts receivable days
to 32, down from 41 last year • Turnover ratio
• Collection effectiveness index

Tactical • Reduce average invoicing time by 25% • Average revised invoices

• Ensure collections follow up activity for 20 • Average invoicing time
worst offenders is at least 80% • Collections activity for worst 20 customers
• Introduce new digital payments methods • Payment method composition and trends
and promote usage

Operational • To meet performance targets, monitor • Accounts receivable total

and action: • Accounts receivable days
– invoicing • Amount due (top 20)
– collections follow up activity • Average days delinquent
– credit per customer • Invoicing times
– accounts receivable days • Revised invoices
– payment methods. • Upcoming due dates
• Collections activity by staff

Source: CPA Australia 2021.

The types of metrics and KPIs to be chosen, can be broken down to the following categories (Rasmussen
et al. 2009).
• Input. Input metrics are a measure of the resources that have been used to produce, develop or maintain
an output. The output could include delivering a service, manufacturing a product or conducting an
activity.
• Output. Output metrics are a measure of the quantity of something that was produced, provided,
conducted or delivered.
• Efficiency. Efficiency metrics are a measure of how much input was required to produce an output. This
is typically a ratio of the resources used to the amount produced. It can be a measure of cost efficiency
or productivity.
• Quality. Quality metrics are a measure of how well something has been produced or delivered. The
metric can be quantitative or qualitative. It can include concepts of satisfaction, timeliness, accuracy or
some other measure of meeting internal or external expectations or requirements.
• Outcome. Outcome metrics are a measure of progress towards an organisational goal, benefit to
customers, or the extent that an activity, product or service has impacted the target.

Pdf_Folio:356

356 Digital Finance

Step 2: Select the Visualisations
Consideration should be given to whether a particular visualisation will fit or be able to display the requisite
level of detail given the limited space available on a dashboard. For example, a scatter plot showing
correlation between two metrics may not be able to convey useful information if it must fit in a narrow
column within the dashboard.
For most metrics, there will typically be more than one appropriate visual display, and the choice will be
influenced by what will fit within the particular dashboard layout. We will discuss layout considerations
in more detail in the following subsection.
Step 3: Choose the Layout
The objective when designing the dashboard layout is to fit the information within the visible area of
the screen, to avoid having to scroll up and down the page. In some cases, the dashboard might lack an
input device to scroll the screen, but in all cases having to scroll the screen reduces the effectiveness of
the dashboard as a tool to quickly view vital information. To make efficient use of the screen real estate
available.
• Use components that can be expanded or collapsed so that more detail can be seen if desired.
• Consider breaking the metrics up into multiple dashboards, and creating links to access them from
one another.
• Use components that allow adjustment of time scales.
• Order the visual elements to reflect their relative importance.
• Order the visual elements to reflect workflow and comparisons.
• Use appropriately sized fonts.
As with individual visualisations, we need to apply cognitive principles to make the dashboard as
effective as possible. The data-to-ink ratio also applies to the dashboard as a whole.
Step 4: Final Considerations
Prototyping is a process of creating a sample, model or early release of a project. Its purpose is to capture
user or stakeholder feedback and make adjustments to the design. We should use prototyping as the
dashboard design may require several iterations and improvements for maximum user satisfaction.
One key requirement for creating a dashboard is ensuring the users know how to interpret the data. This
may require training the users, for example, on how to identify high versus low risk for a metric, and what
action to take if the dashboard alerts users of an issue or event.
Example 4.22 steps through the design considerations and decisions for a dashboard for a retail
company CFO.

EXAMPLE 4.22

Designing a Dashboard
We have been asked to create a dashboard for the Chief Financial Officer of a retail company.
The CFO has requested a simple strategic dashboard, with basic metrics to monitor one strategic
objective: to increase the company’s net profit by 10 per cent from last year.
The dashboard will be displayed on a large screen on the office wall, so we need to make the
visualisations easy to read, and avoid using small text.
Step 1: Metrics
After consulting the CFO, we have a list of metrics for a basic net profit analysis dashboard:
• Net profit (year to date)
• Revenue (year to date)
• Gross profit margin (against a target)
• Operating profit margin (against a target)
• Net profit margin (against a target)
• Net profit by region
• COGS (cost of goods sold) breakdown (materials, returns, production, shipping)
• Expenses breakdown (rent, utilities, salaries, travel, support services, insurance, marketing, other).

Step 2: Visualisations
Our process for selecting appropriate visualisations is as follows.
The CFO has told us that the KPIs they consider most important are net profit and revenue for the year
to date. They would just like the raw figure, and do not require the target to be shown. Rather than create
a bullet chart, we can use the raw values displayed in a large font, so they stand out.
Pdf_Folio:357

MODULE 4 Data Analytics, Interpretation and Visualisation 357

 We can reduce the intensity of the headings to push them to the background and use black for the
values, so they stand out (pre-attentive use of intensity).

Net profit
$841 744

Revenue
$7 235 987

Step 3: Layout
We have been told the profitability indicators are the next most important metrics.
We decide to use bullet charts, so the CFO can see the profit metrics against their targets. As they are
related, we can group them together as a vertical stack. Due to the typical relative proportions, we can
place them in a descending order, forming a sort of funnel chart appearance.
We also make sure the choice of colours does not create too much contrast with the rest of the chart.
As the absolute values of the target marks are difficult to measure against the x-axis, we put small text
labels against them.

Profitability
Metric F
Gross profit margin 81.75
85
Operating profit margin 16.62
20
Net profit margin 11.63
14
0 10 20 30 40 50 60 70 80
Actual (%)

As each individual has their own preferences for visualisations, it is recommended to consult with
the user when making the various decisions. An alternative to the bullet charts could have been a set
of gauges.

Profit margins

0 82 85 0 17 20 0 12 14

3.3 3.4 2.4

Gross Operating Net

After we consulted the CFO for their preferences, they indicated they wanted to use the bullet charts.
The last set of metrics required enable the CFO to have a quick view of the composition or part-to-whole
breakdown of net profit by geographic region, COGS and expenses.
For composition visualisation, our options include bar charts, pie charts, proportional area charts, tree
maps, Sankey diagrams, waterfall charts, pictorial charts or Pareto charts. Given the limited screen real
estate, we avoid most of these (as they require a large area to present the detail) and consider bar charts,
pie charts and proportional area charts.
Pie charts should be avoided where there are more than two or three categories and the proportions
are similar, which leaves us with either proportional area charts or bar charts. Bar charts lose some of the
part-to-whole impression that proportional area charts convey and can be difficult to label the categories
when restricted to a small space.
As a compromise, we have chosen a stacked bar chart with a wide column width, and assigned text
labels to each category. One disadvantage of using the text labels is that the smaller components will
not show their labels. This is a rule imposed by the software. The CFO was happy with just the top
categories showing.
Pdf_Folio:358

358 Digital Finance

 Expenses breakdown Net profit by region COGS breakdown

800K 1200K
4M
Europe 1000K
600K Materials
Salaries
Total ($) 3M

Total ($)

Total ($)
800K
400K 600K
2M Asia
Other 400K Production
1M 200K
Australia 200K
0M 0K North America 0K Shipping

Step 4: Final considerations

Upon reflection, we could have used bar charts with thin rows, which would have allowed more (or even
all) categories to be visible, but the CFO was happy with the way it looked.
Finally, we can put the visuals together in a layout, based on the importance of the metrics, and to make
efficient use of the available screen area. The final dashboard layout incorporates all of the metrics and
their corresponding visual displays that we created above.

Net profit Profitability

Metric F
Gross profit margin 81.75
85
Revenue
Operating profit margin 16.62
20
Net profit margin 11.63
14
0 10 20 30 40 50 60 70 80
Actual (%)

Expenses breakdown Net profit by region COGS breakdown

800K
1200K
4M
Europe
1000K Materials
Salaries 600K
3M
800K
Total ($)

Total ($)

Total ($)

400K 600K
2M Asia
Other 400K Production
1M 200K
Australia
200K
North America Shipping
0M 0K 0K

Source: CPA Australia 2021.

.......................................................................................................................................................................................
CONSIDER THIS
Do you use a dashboard? If not, would one be helpful? What would you include and how would you present each
piece of information?

QUESTION 4.15

Briefly outline the main benefits and challenges in using data visualisation dashboards.

To conclude, we will look at an example that draws together all of the topics we have studied in
this module.

Pdf_Folio:359

MODULE 4 Data Analytics, Interpretation and Visualisation 359

 EXAMPLE 4.23

Data Analysis — the Future of Lending

Financial institutions are essentially financial intermediaries, sitting between deficit and surplus units in the
economy and facilitating the flow of funds between them in as efficient and effective a means as possible.
While the sector has been subject to much change and disruption in recent years, when one examines
the largest financial institutions in Australia, this is largely what they remain. The biggest company (at
the time of writing) on the Australian Securities Exchange was the Commonwealth Bank Australia Ltd,
which represents around 10 per cent of the ASX 50. Their 2020 annual report shows loans, bills and
other receivables represent 76 per cent of the bank’s AUD1.014 trillion in assets, and deposits and other
public borrowings (the primary source of this loan capital) represents 74.5 per cent of liabilities — that
is classic financial intermediation (see the financial statements below). Furthermore, net interest income
derived from those assets and liabilities is AUD18.6 billion and 78.8 per cent of net operating income. See
figure 4.42.

FIGURE 4.42 CBA — income statements and balance sheets

Income Statements
for the year ended 30 June 2020

Group1,2,3 Bank2,3

30 Jun 20 30 Jun 19 30 Jun 18 30 Jun 20 30 Jun 19

Note $M $M $M $M $M

Interest income:

Effective interest income 2.1 29 726 34 089 33 643 26 651 30 963

Other interest income 2.1 436 620 629 485 660

Interest expense 2.1 (11 552) (16 485) (15 807) (10 660) (15 434)

Net interest income 18 610 18 224 18 465 16 476 16 179

Other banking income4 2.3 5 002 4 877 5 299 9 154 5 919

Net banking operating 23 612 23 101 23 764 25 630 22 098

income

Net funds management 2.3 173 254 314 – –

operating income

Net insurance operating 2.3 141 150 241 – –

income

Total net operating income 23 926 23 505 24 319 25 630 22 098

before operating expenses
and impairment

Operating expenses 2.4 (10 929) (10 928) (10 687) (10 745) (10 633)

Loan impairment expense 3.2 (2 518) (1 201) (1 079) (2 155) (1 058)

Net profit before 10 479 11 376 12 553 12 730 10 407

income tax

Income tax expense 2.5 (3 020) (3 275) (3 811) (2 562) (2 624)

Net profit after income tax 7 459 8 101 8 742 10 168 7 783
from continuing operations

Pdf_Folio:360

360 Digital Finance

 Non-controlling interests in – (12) (13) – –
net profit after income tax
from continuing operations

Net profit attributable to 7 459 8 089 8 729 10 168 7 783

equity holders of the Bank
from continuing operations

Net profit after income tax 11.3 2 178 489 606 – –

from discontinued operations

Non-controlling interests in 11.3 (3) (7) (6) – –

net profit after income tax
from discontinued operations

Net profit attributable to 9 634 8 571 9 329 10 168 7 783

equity holders of the Bank

Balance Sheets
As at June 2020

Group1,2,3 Bank1,3

30 Jun 20 30 Jun 19 30 Jun 20 30 Jun 19

Note $M $M $M $M

Assets

Cash and liquid assets 5.1 44 165 29 387 40 300 26 912

Receivables from financial institutions 5.2 8 547 8 093 8 309 7 334

Assert at fair value through Income 5.3 46 545 33 677 46 284 33 128
Statement

Derivative assets 5.4 30 285 25 215 29 322 24 311

Investment securities:

At amortised cost 5.5 5 173 7 355 5 167 7 349

At fair value through Other 5.5 79 549 78 912 72 335 73 212

Comprehensive Income

Loans, bills discounted and other 3.1 771 547 755 173 – –
receivables

Shares in and loans to controlled entities 11.2 – – – –

Property, plant and equipment 6.1 5 602 2 383 4 051 1 389

Investments in associates and joint 11.1 3 034 3 001 1 082 1 017

ventures

Intangible assets 6.2 6 944 7 965 3 951 4 317

Deferred tax assets 2.5 2 060 1 675 1 968 1 570

Other assets 6.3 8 839 7 115 6 917 5 860

Assets held for sale 11.3 1 770 16 551 1 1

Total assets 1 014 060 976 502 963 747 910 851

Liabilities

Deposits and other public borrowings 4.1 701 999 636 040 631 301 573 851

Pdf_Folio:361

MODULE 4 Data Analytics, Interpretation and Visualisation 361

 Payables to financial institutions 5.2 16 429 23.370 15 350 22 618

Liabilities at fair value through Income 4.2 4 397 8 520 3 888 7 961
Statement

Derivative liabilities 5.4 31 347 22 777 36 248 26 654

Due to controlled entities – – 53 072 49 610

Current tax liabilities 795 326 716 129

Deferred tax liabilities 2.5 34 – 30 –

Provisions 7.1 3 408 2 968 2 914 2 554

Debt issues 4.3 142 503 164 022 113 323 131 094

Bills payable and other liabilities 7.2 13 188 10 068 11 866 8 687

Liabilities held for sale 11.3 594 15 796 – –

914 690 883 887 868 708 823 158

Loan capital 8.2 27 357 22 966 26 964 22 569

Total liabilities 942 047 906 853 895 672 845 727

Net assets 72 013 69 649 68 075 65 124

Shareholders’ Equity

Ordinary share capital 8.3 38 131 38 020 38 180 38 212

Reserves 8.3 2 666 3 092 2 444 3 813

Retained profits 8.3 31 211 28 482 27 451 23 099

Shareholders’ Equity attributable to 72 008 69 594 68 075 65 124

equity holders of the Bank

Non-controlling interests 5 55 – –

Total Shareholders’ Equity 72 013 69 649 68 075 65 124

Source: Commonwealth Bank of Australia 2020 pp. 106, 108.

The question is, will future disruption and new forms of competition impact on this, as shown by the
rapidly (by historical standards) growing number of authorised deposit-taking institutions in Australia that
are in the bank category?
Financial institutions, and in particular the large ADIs, have enjoyed a privileged position in the Australian
financial system. While they face high levels of regulatory oversight and compliance obligations, they are
also protected by these regimes as they also act as effective barriers to entry for competitors. This is
somewhat logical as the regulatory agencies have a primary purpose of protecting the efficacy of the
financial system and therefore the economy and prosperity of all in the community in so far as having
a stable and efficient financial system is a key ingredient for this. For participants in the Australian
financial system, they have also been largely rewarded with a stable financial system that has had few
significant institutional failures (notably including through the GFC), deposits have been protected and
thus consumers have confidently participated in the system.
One might argue, however, that there are storm clouds on the horizon. Central to this is the continued
lack of trust in these institutions. For example, the 2019 IPSOS Trust in Professions survey showed just
13 per cent of people believe bankers are trustworthy while 52 per cent believe they are untrustworthy
(see figure 4.43). This, together with increased competition, digitisation, changing trends in consumerism,
potentially lower transactions costs and effort for consumers make this an industry ripe for further
disruption.
Take a minute to reflect on this and your own interactions with your bank/financial institution. Have
you refinanced/switched in recent years to get a better deal? When was the last time you went into
a branch? What was your reaction to the 2017–19 Royal Commission into Misconduct in the Banking,
Superannuation and Financial Services Industry? How has the COVID-19 pandemic changed your views?

Pdf_Folio:362

362 Digital Finance

 FIGURE 4.43 Trust in professionals survey — Australia

Profession % Trustworthy (1–2) % Untrustworthy (4–5)

Doctors 69% 8%

Scientists 62% 8%

Teachers 60% 9%

Armed forces 58% 10%

The police 56% 15%

Judges 44% 17%

Ordinary men/women 42% 10%

Civil servants 24% 19%

Clergy/priests 23% 42%

Television news readers 22% 27%

Lawyers 22% 38%

Business leaders 17% 34%

Journalists 17% 41%

Bankers 13% 52%

Government ministers 12% 55%

Politicians generally 10% 64%

Polisters 9% 35%

Advertising executives 8% 55%

Base: 19,587 online adults aged 16–74 across 23 countries

Source: IPSOS 2019.

Identifying the Issue

Now, let’s go back to traditional financial intermediation and focus on lending. Lending was controversial
in the Royal Commission for a number of reasons, including:
• concerns in relation to predatory lending practices
• a lack of consumer best interest behaviour in some elements of mortgage broking
• high pressure sales tactics
• inappropriate fees.
It was, therefore, met with some surprise when under the guise of the COVID-19 economic recovery
package, the Commonwealth announced in September 2020 that it would repeal the responsible lending
conduct obligations in Chapter 3 of the National Consumer Credit Protection Act 2009 (National Credit
Act). This proposed approach aims to reduce ‘red tape’ around lending and increase the efficiency and
accessibility of credit, allowing capital to flow into the economy more quickly.
If approved, this is designed to impact on the credit assessment process and may have impacts on
both credit monitoring and other client interactions. The issue for the institutions is the degree to which
they would make changes to their credit process, which on one hand may streamline credit decisions,
reducing transactions costs, and potentially expand the credit portfolio, but on the other hand may
lead to a less rigorous credit process, which may expose the institution to credit default risk, client
satisfaction/reputation risk and thus the need for higher provisions and/or implications in terms of capital
adequacy and liquidity requirements. The issue is therefore understanding what this trade-off looks like,
and deciding how to proceed should these changes go ahead in the context of broader market forces.

How to Approach the Issue

As noted earlier in the module, credit score models have been used by financial institutions for some time.
If you have ever filled out a form for a loan you will likely recall the detailed information gathered to inform
this process. This data represents a repository of applicant information from which inferences and insights
can be drawn in relation to many things, including changing credit decision-making parameters.
It should be remembered that credit analysis, despite the level of automation, remains both an art
and a science, with human intervention and decision-making included in many elements of the process,
Pdf_Folio:363

MODULE 4 Data Analytics, Interpretation and Visualisation 363

 particularly in more complicated and/or high-value transactions. The traditional five Cs model of credit
analysis and a general lending process model are depicted in figures 4.44 and 4.45, respectively, and
illustrate these points.

FIGURE 4.44 The five Cs of credit

• Character — a measure of creditworthiness based on indicators such as credit score and credit history
• Capacity — a measure of ability to pay back the loan based on income and expenses
• Capital — a measure of how much of your own money you are investing (e.g. a down payment)
• Collateral — a measure of the asset used to secure the loan
• Conditions — a market analysis of trends of the business’s industry
Source: CPA Australia 2021.

FIGURE 4.45 A general lending process

Origination Negotiation Underwriting Documentation Closing, booking

• Contact between • loan amount • assessment of • Signing of and funding
bank and and interest application formal • Adding of loan to
borrower rate discussion documents financial
• Checking of
• Application by institution’s loan
loan by credit
borrower for book
analyst
loan • Receipt by
against risk
borrower of the
policies
loan
• Monitoring of
loan account by
credit analyst

Source: CPA Australia 2021.

In order to obtain insights into the impact of change lending obligations, the financial institution would
apply credit scoring models to historical loan application data and determine the extent to which revised
parameters (an example simple data file is shown in figure 4.46) — including less verification of client
information by analysts — lead to potentially different credit decisions.
• Were any previously funded loans not funded in the new model?
• Were any previously approved applications that became non-performing loans not funded in the
new model?
• Are any not-funded applications recommended to be funded in the new model?
• Examine applications that the credit scoring model recommended for funding that the credit analysts
did not recommend — would this outcome change?

FIGURE 4.46 Example data file for credit scoring models

Source: CPA Australia 2021.

Pdf_Folio:364

364 Digital Finance

Doing the Work
Credit models are built on the statistical associations between the lending parameters (the applicant, the
purpose of the funding/asset and the terms of the credit sought) and predictions of risk (primarily default
risk). Figure 4.47 provides a simple illustration of these relationships. Varying these variables changes the
fundamentals of the model and thus conducting sensitivity and outcomes analysis on historical data will
provide information to add in decision making in relation to the application of credit regulation reform. For
example, the institutions may further generalise loan applicant income variables, with loan serviceability
calculations not going into the detailed actual expenses of the applicant and apply a general ratio of expense
to income. Similar steps could be applied to credit card use, repayments of other loans, and so on. This
would simplify the data gathering and decision-making process, potentially significantly.

FIGURE 4.47 Credit model relationships

Debit Payment
history Work
history

Income Ratio of debts

to income Reliability

Age
Worth
Assets

Profession Future Credit

income worthiness

Source: CPA Australia 2021.

Once these parameters are adjusted and applied to the historical data, the credit model can be re-run
to determine the updated recommendation with a simple infographic used to present the differences from
the original decision. This can then be matched against actual outcomes in terms of loan performance for
those loans that were approved. This may also reduce the level of human intervention in the process, as data
validation will be less onerous, particularly in relation to client expenses and serviceability calculations.
Indeed, simplifying these parameters could allow for data to be drawn directly from client financial records
in relation to easily identifiable transactions such as income and debt payments.
Once the revised data sets and credit scoring outcomes are in place, data scientists will apply econometric
analysis to predict outcomes and determine the impact of the revisions to the data and decision-making
process by back testing the existing loan portfolio. The more difficult component will be assessing loans
that were historically rejected that become accepted with the revised process. A match pairs (matching
these loan characteristics to loans that were approved) approach, could for example be used to predict
loan performance outcomes in these cases. Iteratively, parameters can be adjusted and tests repeated to
determine both the elasticity of the parameters to both funding decisions and subsequent loan performance.
This will then provide a picture of the resultant loan portfolio and the characteristics of it (volume of loans,
credit risk exposure, default risk profile, and implied capital adequacy and liquidity requirements).

Coming to the Outcome

The outcome of the data modelling and analysis above is insights into the relative impact on both credit
decision recommendations and any revision to credit policy settings and process as a result of the analysis.
The modelling outcomes are presented using various infographics on the resultant relationships and
dependencies between the credit assessment variables and the credit decision and risk scores as per figure
4.48. This highlights the importance of gaining insight not just into the outcomes in terms of the volume of
credit approved and the predicted performance of those facilities, but also the relationship between these
outcomes and the variables in the credit score model and decision-making process.

Pdf_Folio:365

MODULE 4 Data Analytics, Interpretation and Visualisation 365

 FIGURE 4.48 Modelling outcomes

[ INPUT ] [ OUTPUT ]
Class 1
Class 2
Class 3
Class 4
[– 30)
[30 – 40)
[40 – 50)
[40 – 60) Risk score
[60 –)
[– 30K)
[30K – 40K)
[40K – 50K)
[50K – 60K)
[60K –)
Bias

Default risk

MEDIUM
HI
W GH
LO
Post
Pre

MAX
NO

Source: CPA Australia 2021.

Volume of lending

MEDIUM
HI
W GH
LO
Pre Post
MAX
NO

Default risk profile

Default risk

Historical risk
(based on existing risk
scorecards)
Source: CPA Australia 2021.

Pdf_Folio:366

366 Digital Finance

Further Analysis
Beyond the initial data analysis and insights to inform credit policy and procedure revisions, continued
analysis of the performance and outcomes from the revised credit process will be conducted. This is likely
to result in further recalibration of the credit scoring parameters. Once established, further application of
digital finance is possible in terms of integration with other data sources to further augment and streamline
the credit assessment process (e.g. data feeds from financial, investment and other related platforms to
provide household wealth information) and the potential further application of ML to further refine credit
performance relative to the credit decision-making process. The potential for digital wallets to contain
much more comprehensive personal finance information and be the basis of the data collection exercise
and decision-making process is a further significant opportunity. This is particularly important given the
moves to make credit more portable from a consumer perspective, which will also create opportunities for
more fluid credit structures and the need for the integration of behavioural elements to both the customer
acquisition and retention effort (e.g. sentiment analysis, nudges). Such things will continue to change the
landscape of personal finance.

SUMMARY
The way humans process information means visualisations are far more easily understood than text. Data
visualisation is the process of using visual representations to explore, interpret and communicate the
meaning of data and analytics outputs. The data visualisation process involves understanding the context of
the analysis, choosing the appropriate visual to use, applying cognitive principles to increase effectiveness
and being able to tell a story with data.
Various tools are available to help create appropriate visualisations. Whichever is chosen, fundamental
principles should be applied to each visualisation created to ensure it effectively communicates.
A storytelling approach is an effective way to communicate information and recommendations to stake-
holders. Storytelling engages the audience’s attention and memory more effectively than an information
that is not accompanied by a structured story narrative. A useful story structure involves establishing the
goal, setting the stage, developing the story and closing the story. The close will often involve a call to
action — the stage at which the potential value of data is realised through making data-informed decisions
and acting on them.
For real-time management, dashboards are a useful visualisation tool as they enable various real-time
metrics to be displayed in a single view. The dashboard can be designed to meet the user’s specific needs.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

4.4 Evaluate the effectiveness of various data visualisation tools in presenting complex data to
convey desired messages to a range of audiences.
• Visualisations should comply with cognitive principles to maximise their effectiveness.
• A range of software tools are available to produce visualisations from data. Each has its strengths
and weaknesses — and the choice of tool should be based on the individual’s visualisation needs.
• Dashboards combine multiple related visuals that update in response to data. They enable easy
comparison between metrics to facilitate stakeholder decision making.
• A well-designed dashboard provides actionable information related to business objectives to
decision makers. The content of the dashboard will depend on whether it is for strategic, tactical
or operational purposes.

Pdf_Folio:367

MODULE 4 Data Analytics, Interpretation and Visualisation 367

“m04DataAnalyticsInterpretationAndVisualisation_PrintPDF” — 2021/10/18 — 14:09 — page 368 — #126

REVIEW
Organisations that adopt data-informed decision-making generally outperform organisations that place less
reliance on data. With data and processing power now more available than ever before, many organisations
are expanding the use of analytics in order to derive insights to address business problems and create
efficiencies.
Becoming a data-driven organisation requires data literacy throughout all levels of the organisation.
Many accounting and finance professionals are experienced data owners, analysts, information creators and
information providers, but the increasing potential of data mining, particularly AI and ML technologies,
has created the need for an expanded set of data skills. In particular, understanding the applications of
big data and ML-based analytics is essential to evaluating their role in the organisation, promoting their
appropriate use and taking advantage of the insights they can provide.
Accounting and finance professionals need to attain and encourage data literacy throughout the
organisation, ensure the organisation’s data strategy captures and analyses the data needed for business-
critical decisions, and be able to work with data scientists and others in the analytics process.
Data literacy and awareness of fundamental principles in data interpretation are required so that analytics
outputs can be applied to solving business problems. Once outputs are interpreted and recommendations
are formed, the professional needs to develop effective ways to communicate their insights and recom-
mendations to stakeholders. Storytelling is an effective approach and enables the use of data visualisations
that will help stakeholders understand the meaning of the data. For real-time analytics, dashboards can be
designed with a focus on the metrics most relevant to the user’s needs.

REFERENCES
Aaker, J 2014, ‘How to use stories to win over others’, Lean In, video, viewed accessed April 2020, https://leanin.org/education/
harnessing-the-power-of-stories
AASB (Australian Accounting Standards Board) 2016, ‘AASB Research Report No.2: Accounting judgments on terms of
likelihood in IFRS: Korea and Australia’, accessed May 2020, https://www.aasb.gov.au/admin/file/content102/c3/July_2016_
(KASB-AASB)%20Accounting%20Judgments%20on%20Terms%20of%20Likelihood%20in%20IFRHellips.pdf
Accenture 2020, ‘The human impact of data literacy: A leader’s guide to democratizing data, boosting productivity and
empowering the workforce’, accessed May 2020, https://www.accenture.com/_acnmedia/PDF-115/Accenture-Human-
Impact-Data-Literacy-Latest.pdf
Bank for International Settlements 2018, ‘Financial instability: can big data help connect the dots’, Remarks by Luiz Awazu
Pereira da Silva and Goetz von Peter, 29 November, https://www.bis.org/speeches/sp181203.pdf.
Bhargava, R & D’Ignazio, C 2015, ‘Designing tools and activities for data literacy learners’, Workshop on Data Literacy,
Webscience.
BI Survey, 2016, ‘Global survey on data-driven decision-making in businesses’.
Black, K 2019, Business analytics and statistics, John Wiley & Sons, Milton Qld, p. 9.
Brynjolfsson, E, Hitt, L, Heekyung, HK 2011, ‘Strength in numbers: How does data-driven decision making affect firm
performance?’, SSRN Working Paper 1819486.
Bumblauskas, D, Nold, H, Bumblauskas, P, Igou, A, 2017, ‘Big data analytics: transforming data to action’, Business Process
Management Journal, vol. 23, no. 3, pp. 703–20, Emerald Publishing Limited.
Carney, M 2013, ‘Flush with $20M from Peter Thiel, ZestFinance is measuring credit risk through non-traditional big data’,
Pando, accessed May 2020, https://pando.com/2013/07/31/flush-with-20m-from-peter-thiel-zestfinance-is-measuring-credit-
risk-through-non-traditional-big-data/
Commonwealth Bank 2020, 2020 annual report, accessed 27 April 2021, https://www.commbank.com.au/content/dam/
commbank/about-us/shareholders/pdfs/results/fy20/cba-2020-annual-report-print.pdf
Crozier, R 2019, ‘Suncorp uses AI to drill into insurance claim data’, IT News, accessed May 2020, https://www.itnews.com.au/
news/suncorp-uses-ai-to-drill-into-insurance-claim-data-532517
DalleMule, L & Davenport, TH 2017, ‘What’s your data strategy’, Harvard Business Review, May–June, https://hbr.org/2017/05/
whats-your-data-strategy
Dasgupta, S 2020, ‘Improving anti-money laundering compliance with dynamic customer risk profiling’, Risk Management,
12 February, accessed May 2020, http://www.rmmagazine.com/2020/02/12/improving-anti-money-laundering-compliance-
with-dynamic-customer-risk-profiling/
DESE (Department of Education, Skills and Employment) 2020, ‘Our data strategy’, Australian Government, https://www.
employment.gov.au/our-data-strategy
Ding, K, Hoogduin, L, Peng, X, Vasarhelyi, MA, Wang Y n.d., Clustering based peer selection with financial ratios’, Rutgers
University, accessed May 2020, http://raw.rutgers.edu/docs/wcars/40wcars/Presentations/KexingXuanYunsen.pdf.
Frické, M 2018, ‘Data-Information-Knowledge-Wisdom (DIKW) pyramid, framework, continuum’, in L Schintler L &
C McNeely (eds), Encyclopedia of Big Data. Springer, Cham.

368 Digital Finance

“m04DataAnalyticsInterpretationAndVisualisation_PrintPDF” — 2021/10/18 — 14:09 — page 369 — #127

Gartner 2020, ‘Creating a data strategy’, Joe Maguire, Gartner Research, 26 November, https://www.gartner.com/en/documents/
3975595/creating-a-data-strategy
Hanegan, K 2019, ‘Do you have what it takes to make data informed decisions’, Qlik, accessed April 2020.
Harle, P, Havas, A & Samandari, H 2016, ‘The future of bank risk management’, McKinsey & Company, 22 July, https://www.
mckinsey.com/business-functions/risk/our-insights/the-future-of-bank-risk-management
Hastie, T, Tibshirani, R & Friedman, J 2011, The elements of statistical learning: data mining, inference, and prediction,
2nd edn, Springer Series in Statistics, Springer, New York cited in Verbeke, W, Baesens, B & Bravo, C 2017, Profit driven
business analytics: a practitioner’s guide to transforming Big Data into added value, John Wiley & Sons, Hoboken, New
Jersey.
Hendry, J 2021, ‘CBA applies to become data recipient under CDR’, ITNews, 28 January, accessed March 2021, https://www.
itnews.com.au/news/cba-applies-to-become-data-recipient-under-cdr-560346
Hurley, M, Adebayo, J 2017, ‘Credit scoring in the era of big data’, Yale Journal of Law and Technology, vol. 18, no. 1, article 5,
pp. 149–215.
IBM 2020, ‘BondIT’, accessed July 2020, https://www.ibm.com/case-studies/bondit
InfoSys & CIMA 2014, ‘Using analytics to reduce days sales outstanding (DSO)’, InfoSys, CIMA, https://www.cimaglobal.com/
Documents/Thought_leadership_docs/Management%20and%20financial%20accounting/using-analytics-to-reduce-dso.pdf
Ipsos 2019, ’It’s a fact... scientists are the most trusted people in the world’, accessed 27 April 2021, https://www.ipsos.com/en-au/
its-fact-scientists-are-most-trusted-people-world
Keipper, S 2019, ‘How NLP and machine learning harnesses insights from unstructured data’, EY North America Financial
Services, accessed May 2020, https://www.ey.com/en_au/financial-services/how-nlp-and-machine-learning-harnesses-
insights-from-unstructured-data
Kennedy, K 2013, ‘Credit scoring using machine learning’, Doctoral thesis, Technological University Dublin.
Knaflic, CN 2015, Storytelling With Data, John Wiley & Sons Inc., New York.
Kotter, JP 1995, ‘Leading change: Why transformation efforts fail’, Harvard Business Review, vol. 73, no. 2, March–April, p. 61.
Kovalerchuk, B & Vityaev, E 2005, ‘Data mining for financial applications’, in Chapter 57, O Maimon & L Rokach (eds), Data
Mining and Knowledge Discovery Handbook, pp. 1204–41, Springer, Boston, MA.
KPMG 2017a, ‘Supply chain risk — a global perspective’, 21 March, https://home.kpmg/au/en/home/insights/2017/03/supply-
chain-risk-global-perspective.html
KPMG 2017b, ‘Ethical supply chains — investigation and risk prevention’, 21 March, https://home.kpmg/au/en/home/insights/
2017/03/ethical-supply-chains-investigation-risk-prevention.html
Ladley, J 2016, ‘Business alignment techniques for successful and sustainable analytics’, CIO, 13 May, https://www.cio.com/
article/3068642/business-alignment-techniques-for-successful-and-sustainable-analytics.html
Lampitt, A 2012, ‘Big data visualization: A big deal for eBay’, infoWorld, accessed May 2020, https://www.infoworld.com/
article/2616353/big-data-visualization--a-big-deal-for-ebay.html.
Marr, B 2015, Big data: using smart big data analytics and metrics to make better decisions and improve performance, John Wiley
& Sons, Hoboken, NJ, USA.
McKinsey, 2010, ‘The case for behavioral strategy’, McKinsey & Company, accessed April 2020, https://www.mckinsey.com/
business-functions/strategy-and-corporate-finance/our-insights/the-case-for-behavioral-strategy
Morrow, J 2018, ‘Developing a data literate workforce’, Qlik, accessed April 2020, https://www.qlik.com/us/-/media/files/training/
global-us/qlik-education-data-literacy-program-strategy-and-framework.pdf
Peng, R 2019, ‘Tukey, design thinking, and better questions’, Simply Stats, accessed April 2020, https://simplystatistics.org/2019/
04/17/tukey-design-thinking-and-better-questions/
Provost, F & Fawcett, T 2013, Data Science for Business: What You Need to Know about Data Mining and Data- Analytic
Thinking, O’Reilly Media Incorporated.
Rasmussen, NH, Bansal, M & Chen, CY 2009, Business dashboards: a visual catalog for design and deployment, John Wiley &
Sons Inc., New York.
Rowley, J 2007, ‘The wisdom hierarchy: representations of the DIKW hierarchy’, Journal of Information Science, April 2007,
vol. 33, no. 2, pp. 163–80.
SAS 2018, ‘The 5 essential components of a data strategy’, SAS, white paper, https://www.sas.com/content/dam/SAS/en_us/doc/
whitepaper1/5-essential-components-of-data-strategy-108109.pdf
Shmueli, G, Bruce, P & Patel, N 2016, Data mining for business analytics: concepts, techniques, and applications with xlminer,
3rd edn, John Wiley & Sons Inc., New York.
Smartsheet 2020, ‘Your quick-start guide to data-driven decision making’, accessed April 2020, https://www.smartsheet.com/
data-driven-decision-making-management.
St. Jeor, C 2019, ‘Reducing false positives for AML: Part II – building a model in SAS Viya’, Zencos, accessed May 2020,
https://www.zencos.com/blog/aml-analytics-how-to-predict-productive-alerts/
Tableau 2020a, ‘A data strategy framework: How to implement and scale for success’, Tableau, https://www.tableau.com/learn/
articles/data-strategy-framework
Tableau 2020b, ‘Meet Tableau Blueprint’, Tableau, https://www.tableau.com/learn/blueprint
Thomson, J 2018, ‘Leveraging data analytics in decision making: The new opportunity for finance’, Forbes, accessed April 2020,
https://www.forbes.com/sites/jeffthomson/2018/09/27/leveraging-data-analytics-in-decision-making-the-new-opportunity-
for-finance/?sh=2bf786d13acc.
Tufte, E 1983, The Visual Display of Quantitative Information, Graphics Press, Cheshire CT.
Tukey, J 1962, ‘The future of data analysis’, Annals of Mathematical Statistics, vol. 33, no. 1, pp. 1–67.
Vasal, A, Vohra, S, Payan, E, & Seedat, Y 2019, Closing the data value gap: How to become data-driven and pivot to the new’,
Accenture, accessed May 2020, https://www.accenture.com/_acnmedia/pdf-108/accenture-closing-data-value-gap-fixed.pdf.
Villalobos, MA & Silva, E 2017, ‘A statistical and machine learning model to detect money laundering: An application’, Anahuac
University.

MODULE 4 Data Analytics, Interpretation and Visualisation 369

“m04DataAnalyticsInterpretationAndVisualisation_PrintPDF” — 2021/5/27 — 15:18 — page 370 — #128

White, A 2019, ‘Our top data and analytics predicts for 2019’, blog, Gartner Blog Network, 3 January, https://blogs.gartner.com/
andrew_white/2019/01/03/our-top-data-and-analytics-predicts-for-2019/
Wigglesworth, R 2018, ‘Spurious correlations are kryptonite of Wall St’s AI rush’, Financial Times, accessed June 2020,
https://www.ft.com/content/f14db820-26cd-11e8-b27e-cc62a39d57a0
Woodhead, B 2008, ‘Accenture wins BHP outsourcing deal’, Financial Review, 30 June, accessed March 2021, https://www.afr.
com/technology/accenture-wins-bhp-outsourcing-deal-20080630-jaoli.

370 Digital Finance

MODULE 5

RISK MANAGEMENT,
GOVERNANCE AND
REGULATION
LEARNING OBJECTIVES

After completing this module, you should be able to:

5.1 assess risks and design mitigation strategies to ensure data security for organisational outputs
5.2 evaluate the relevant regulations and tools to provide advice to the organisation on achieving regulatory
compliance
5.3 analyse the requirements for an effective risk governance framework to support the development of risk
management policies including security and privacy policies
5.4 evaluate existing risk governance frameworks and risk management policies to ensure the ongoing
improvement of the policies and frameworks
5.5 design an effective action plan to deal with compliance and potential compliance breaches.

PREVIEW
The digital transformation of accounting and finance, the technologies enabling it, and the integration
of data into most key business activities, are creating a new and rapidly changing risk environment.
Accounting and finance professionals need to be able to advise on and participate in strong risk governance
to ensure the organisation has robust processes and structures to identify and manage risks that threaten the
business’s ability to achieve its objectives. Likewise, compliance has become a more complex challenge in
the context of digital finance. Innovative financial technologies (FinTech) have challenged regulators who
seek to protect the interests of the community while not stifling innovation. Approaches to compliance
with regulation are themselves being disrupted by regulatory technologies (RegTech).
Part A of this module presents a comprehensive risk management process based on ISO 31000 Risk
management. Working through this process identifies, analyses and responds to risks that can threaten the
business’s ability to achieve its objectives. Adopting the best practices in ISO 31000 includes monitoring
and evaluation of both the risk environment and the performance of the organisation’s risk frameworks and
policies. This, along with awareness of emerging risk management innovations, provides the knowledge
and skills to ensure ongoing improvement in the organisation’s management of risk.
Part B introduces the concept of risk governance, which refers to how decisions are made and authority
is exercised in relation to the organisation’s management of risk. We describe good governance and the
ideal composition of a governance Board. We then describe a range of poor practices and emerging threats
to good practice in order to establish a comprehensive understanding of the requirements of good risk
governance. This part of the module concludes with a discussion of data governance, which sets the scene
for the in-depth discussion of data security and privacy obligations and risks in part C.
Part C introduces the industry standards and best practices for ensuring the security of data held and used
by an organisation. We explore cybersecurity and other threats to data, including the potential severity of
the consequences of a security breach. We conclude with a discussion of data ethics and the need to protect
data to ensure the privacy of individuals. Application of the material in parts A and B to the risks detailed
in part C enables the development of mitigation strategies for cybersecurity threats.

Pdf_Folio:371
 Part D explains and applies a compliance framework to enable the creation of an action plan to achieve
compliance and manage potential compliance breaches. This part includes a discussion of emerging
compliance issues.
Part E examines how regulators have responded to FinTech by seeking to balance community protection
with an environment that enables innovation. It explores how organisations can comply with regulations
while developing or taking advantage of FinTech innovations.
Part F concludes the module with a discussion of RegTech — the application of technology to help an
organisation comply with its regulatory obligations.

Pdf_Folio:372

372 Digital Finance

PART A: RISK MANAGEMENT
INTRODUCTION
Risks are the effect that uncertainty can have on business objectives. Risk is measured in terms of the
likelihood and impact of an event. Risk management supports organisations to maximise value from
processes by helping maintain balance between resource use, risk exposure and realising benefits.
Accounting and finance professionals are involved in most aspects of risk management. In this part,
we explain and apply concepts, processes and best practice to enable effective risk management within a
robust approach to risk governance.

5.1 INTRODUCTION TO RISK AND

RISK MANAGEMENT
Risk is defined as ‘the effect of uncertainty on objectives’. Risk has both adverse effects (i.e. ‘downsides’)
and positive effects (i.e. ‘upsides’) (Tranchard 2018). Risk management is the set of processes through
which management identifies and responds to risks that may negatively impact on the organisation from a
strategic perspective.

RISK GOVERNANCE
Risk management is a component of an organisation’s governance, risk management and compliance
(GRC) framework. Governance sets the overall management approach through which executives and
senior managers direct, control, and align the organisation to the business goals. Compliance is the way
the organisation complies with its stated internal and external risk requirements (Open Compliance and
Ethics Group 2020; CIO Australia 2017).
There are many tools and applications that can support the different components of GRC, but it is
the GRC framework itself that provides the structure and approach that management may use to achieve
their business goals. Within the framework are strategy, process, policy, technology and people. A unified
approach between these factors increases consistency and reduces duplication of remediation efforts. Risk
governance is discussed in detail in part B of the module.
Example 5.1 examines how the Australian banking sector’s risk governance failings led to increased
regulatory oversight.

EXAMPLE 5.1

National Australia Bank

The 2018–19 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services
Industry highlighted significant issues in the Australian banking industry, including poor risk culture,
governance, and lack of accountability (APRA 2019).
A key outcome of this review was that the Australian Prudential Regulation Authority (APRA) would
strengthen and focus their approach to overseeing governance, remuneration, culture and accountability.
A key element was strengthening the regulatory framework to clarify expectations of management and
Boards, and to work with the industry to encourage institutions to embed risk self-assessments.
One specific example associated with risk management in the banking industry relates to the National
Australia Bank (NAB). In 2015, an audit report on operational risk management practices at NAB
concluded that its practices were inconsistent and ineffective. The audit report rating was a three-star
audit, which is the lowest possible rating at NAB (Ferguson 2016).
Following the Royal Commission, NAB completed a critical self-assessment that highlighted that:
• the organisation was failing to be customer-centric
• problem solving took too long
• employees were not held to account for poor behaviour.
Outcomes from this self-assessment included the establishment of new committees, creation of a new
chief compliance officer role, and an overhaul of the approach to remuneration.
Impacts to NAB, as well as others in the banking industry, include loss of consumer trust, changes
to the financial advice industry (including narrowing of advice practices), increased regulatory action

Pdf_Folio:373

MODULE 5 Risk Management, Governance and Regulation 373

 and potential impacts to future growth. The highly publicised nature of the regulatory changes and
individual banks’ responses is in part an attempt to demonstrate to stakeholders that the shortcomings
are being addressed, and thus to improve stakeholder confidence in the individual businesses and the
sector generally.

RISK AND ORGANISATIONAL STRATEGY

Risk is a key input to most strategy-forming processes. Some risks are so important that they can affect the
organisation’s strategy. A good example is cyber risk. Prior to data breaches becoming commonplace, these
risks were typically managed by IT departments. However, cyber risk is now an executive management
issue and regularly features as a ‘Top 10’ risk in most risk profiles. Figure 5.1 lists a range of technology-
related risks that can impact on organisational strategy.

FIGURE 5.1 Top technology-related risks in finance

• Cyber security and incident response risk

• IT resiliency and continuity risk
• Regulatory changes and scrutiny risk
• Technology vendor and third-party risk
• Data management risk
• Technology operations risk
• Rapid speed of disruptive innovations
• Unexpected changes in the current interest rate environment
Source: CPA Australia 2021.

Board or executive management discussions are not just focused on execution questions such as ‘How
are we managing technology risks?’ The discussions and focus are also placed on how technology-related
risks endanger an organisation’s strategy.
For example, companies that utilise or interact with the Internet of Things (IoT), such as car and smart
device manufacturers and designers, know that their strategy to succeed requires a clear understanding of
cyber-related threats (e.g. hackers gaining access to networks via in-car navigation systems, or to smart
fridges that are linked wirelessly to the user/owner’s internet network). The organisation must keep track
of these risks and close loopholes that could be exploited wherever possible.

RISK MANAGEMENT OBJECTIVES

Risk management is not about creating a risk-free environment. Instead, it is about identifying risks,
understanding the probability of them occurring, understanding the consequences should they occur, and
balancing the management of the risk with the costs of doing so.
The objectives of risk management are to:
1. protect assets — to safeguard the organisation’s assets — people, financial sustainability, environment,
property, reputation and information
2. improve quality — to use risk management principles as a tool for improving the reliability, effectiveness
and efficiency of services and infrastructure to a consistently high standard
3. increase success — to strengthen financial and non-financial outcomes by using risk assessments to
make better informed decisions and clearly articulate what is achievable
4. minimise adverse impacts — to undertake good and proper management of risks in order to prevent
loss and damage, and minimise harm from the organisation’s services and infrastructure on the
community, visitors and the environment
5. capitalise on opportunity and innovation — to capitalise on opportunities identified, foster creativity
and facilitate innovation for future success within a sound environment.
Pdf_Folio:374

374 Digital Finance

THE RISK MANAGEMENT FRAMEWORK AND PROCESS
Effective risk governance will include a risk management framework and process. Section 5.3 describes a
comprehensive approach to risk management that includes a process to:
• understand how risk may affect an organisation’s ability to achieve its objectives
• conduct a risk assessment to identify, analyse and evaluate risks
• design and implement appropriate risk treatments
• communicate risk responsibilities and undertake ongoing monitoring and evaluation of the effectiveness
of the risk management process.
It is important to understand that it is often not possible to avoid or eliminate risks, so a balance must be
achieved. For example, to reduce cybersecurity risks an organisation would establish a firewall to control
what data from the internet can enter the organisation’s systems, but within that approach it might need to
allow the marketing team to use Facebook, while the finance team would be blocked from doing so by a
combination of policies and technology.
Risk treatments thus fall into four categories:
• accept the risk
• mitigate/manage the risk to reduce its likelihood and/or impacts to an acceptable level
• transfer the risk to another party
• avoid the risk.
The choice between treatments is based on the nature of the risk, its potential effect on the business’s
ability to meet its objectives and the organisation’s risk appetite — the level of risk an organisation is
willing and able to accept as it pursues its objectives.
Risk treatments often involve the use of controls to help manage and minimise the potential impacts of
a risk event, as illustrated in figure 5.2.

FIGURE 5.2 The use of controls to mitigate risk

Controls modify the risk

Control C
Control B
Control A

Event with
large potential Residual
exposure risk

Source: CPA Australia 2021.

THE RISK MANAGEMENT VALUE CHAIN

Effective risk management reduces the impact or frequency of significant unplanned events. This will then
assist the organisation to achieve objectives, improve cash flow predictability, lower cost of capital, and
the cost of their licence to operate, as well as increasing the organisation’s overall competitive advantage.
The identification and management of risk is central to delivering key organisational objectives to add
value to the organisation. Effective risk management can:
• provide additional information and confidence to key stakeholders, both internal and external, across
the organisation’s areas of operation
• provide commercial and competitive advantage over competitors
• encourage further innovation across the organisation in order to optimise value across operations,
projects, and potential new business opportunities
• support existing critical business activities and processes to improve tactical and strategic
decision making
• ensure that controls can be designed efficiently and effectively to support organisation objectives
• provide oversight and confidence to senior management, and the Board, that good governance is being
maintained (this will be covered in greater detail in a later section).
Pdf_Folio:375

MODULE 5 Risk Management, Governance and Regulation 375

RISK MANAGEMENT RESPONSIBILITIES
Risk management and organisational culture should create an environment where the Board, management
and staff accept direct responsibility for risk management, through development, implementation and
maintenance of effective risk management practices. Risk management should be treated as an important
part of the culture, policies and processes, and is a shared responsibility of all staff. Some individuals,
groups and parts of the organisation have specific risk management responsibilities.
• Chief executive officer (CEO). The CEO is generally responsible for determining roles and responsi-
bilities in the risk management framework. These are normally documented in the risk framework and
standard documents.
• Employees. Risk management is everyone’s responsibility. Employees are responsible for managing
risk, within their relevant areas of work, per the risk documentation.
• Audit and Risk Committee. The committee is typically set up per the terms of reference that pro-
vide the background, objectives and purpose of the committee. The role is to monitor and receive
reports concerning risk management activities to support the organisation in fulfilling its governance
and risk management oversight responsibilities.
• Executive leadership and management team. The team helps foster a positive risk culture with shared
understanding and contribution to the risk processes. This team remains integrated with planning of
operational processes.
• Business areas. Each business area will be accountable for risks within their applicable area, per the
risk documentation.
• Risk management function and framework. The risk management function will assist the organisation to
implement the risk management framework and facilitate and support a risk aware culture. In addition,
the risk management function will drive integrated risk management activities, ensure the organisation
prepares and maintains evidence of its risk management activities, and support the organisation with the
most current and effective risk management practices and insights.

Risk Owners
A risk owner is a person or group who is assigned the responsibility for a particular risk within the risk
management framework. An organisation will thus have many risk owners, each with responsibility for a
specific risk or set of risks. The risk owner is generally accountable for:
• the completion of risk analysis and the accuracy of associated data
• performing the risk assessment to rate the risk
• ensuring the risk is maintained in a ‘well-controlled’ state
• ensuring remediation tasks are implemented to rectify any identified issues.
.......................................................................................................................................................................................
CONSIDER THIS
Are you a risk owner in your organisation?

Risk Management Function

The risk management function plays a key role to assist the organisation to deliver efficient and effective
risk management. It:
• provides confidence that the organisation’s risk profile is accurate and reliable
• bridges organisational silos
• challenges risk and control measures to achieve simplicity and effectiveness
• enhances speed of risk management maturity
• tests risk management periodically to ensure adherence to the process and quality control
• coaches risk and control owners on risk identification, risk analysis and control design
• drives consistency and simplicity across the organisation
• develops and enables a path to risk management maturity from a ‘periodic profile’ to a ‘continuous
profile’, in which the organisation reviews and revises its risk profile continuously.

QUESTION 5.1

What role does an Audit and Risk Committee play in an organisation’s risk management strategy?

Pdf_Folio:376

376 Digital Finance

BEST PRACTICE RISK MANAGEMENT
A best practice approach requires risk management to be:
• integrated into all management planning and operational processes undertaken or overseen by the
organisation
• a structured and comprehensive approach that is applied to ensure risk management processes are
systematic and timely
• customised to fit seamlessly within the organisation’s diverse strategic, operational and project-based
activities and in proportion to the external and internal context in which the organisation operates
• inclusive of internal and external stakeholders’ knowledge, views and perceptions for transparency and
better informed decision making
• dynamic, current and responsive to anticipate and manage change in a meaningful and timely manner
• using the best available information considering historical, current and future expectations as would be
reasonably foreseeable
• the responsibility of all, from Board to the CEO to every employee, forming an essential element in the
organisation’s culture
• continually improved.

QUESTION 5.2

Outline four responsibilities a ‘risk owner’ has and why an organisation will typically have many
risk owners.

5.2 RISK MANAGEMENT STANDARDS

Risk management standards help guide an organisation through the risk management process and support
an effective risk culture. They can be used to plan the implementation of a new risk management strategy
or to review an existing strategy.

ISO 31000
The key standards framework for risk management is the ISO 31000 framework. It includes principles
and guidelines on implementation, risk assessment techniques and a guide to risk management vocabulary.
This standard looks at risks from a strategic perspective. It aims to help an organisation develop a risk
management culture to increase the awareness of monitoring and managing risk (Hutchins 2019). The
standard includes a risk management framework and process. We will work through a process based on
ISO 31000 in section 5.3.

ISO 27001
The ISO 27001 standard relates specifically to information security management. ISO 27001 details the
specifications for an information security management system (ISMS). The standard looks at people,
process and technology as part of an ISMS. It provides the security controls that can be implemented to
mitigate risk.

ISO 27005
The ISO 27005 standard also relates specifically to information security risk management. This standard
sets guidelines for conducting an information security risk assessment with ISO 27001 and presents
information security risk management best practice. In contrast to ISO 31000, it considers best practices
in the context of information security, rather than the business as a whole.

QUESTION 5.3

Compare and contrast the risks covered by the ISO 27001 and ISO 31000 frameworks.
Pdf_Folio:377

MODULE 5 Risk Management, Governance and Regulation 377

5.3 RISK MANAGEMENT PROCESS
As described above, the key standard for risk management is ISO 31000. It should be the first reference for
general risk management strategies. It provides principles of risk management to be followed and outlines
a proven risk management process with sufficient flexibility to be used across diverse organisations.
The ISO 31000 process involves defining the scope, context and criteria; performing a risk assessment;
implementing risk treatments; ongoing requirements to monitor and review, communicate and consult,
and record and report. Figure 5.3 represents this process.

FIGURE 5.3 A risk management process based on ISO 31000

Communicate and consult

Record and report

Scope Risk Risk Risk
context identification analysis evaluation
criteria and
treatment

Monitor

Source: CPA Australia 2021.

An organisation first needs to establish the scope, context and criteria of its risk management process.
This relates to:
• how the risk management process interacts with the organisation as a whole
• the internal and external environment and thus the sources of risk and the conditions in which the process
will be applied
• the criteria against which risks will be evaluated in terms of their impact on the business’s objectives.
The inclusion of communication and consultation in the process recognises that:
• risk management must be informed by consultation with each function across the organisation
• risk management processes and culture need to be communicated throughout the organisation so
that compliance and audits can be shared, creating a more effective risk management program (PwC
Australia 2019).
Recording and reporting involves the documentation and reporting of risk management processes and
outcomes to facilitate communication and decision making.
Monitoring and review encompasses all aspects of the risk management process to:
• analyse risk information including trends, updates and changes
• understand where risks have changed through both internal and external lenses
• ensure that controls to manage risk are designed and implemented effectively
• identify emerging risks.
We will discuss monitoring and review in more detail after we step through the assessment and
treatment stages.

RISK PROFILES
Organisations face different types of risk. An organisation’s risk will vary in nature, scale and complexity
depending on:
• the types of products or services they offer
• the diversity of their location and outsourcing of their tasks
• the volume and size of their transactions
• the balance of their retail and wholesale clients
• whether they give financial advice
• how many people are in the organisation.
Pdf_Folio:378

378 Digital Finance

 Risk management efforts can be focused by identifying which risks are relevant for the organisation’s
particular circumstances and determining a risk profile. A risk profile is a written description of the
organisation’s risks.
In the context of digital finance, many of the key risks centre on the organisation’s information assets.
In the next section, we will briefly explain the nature of information assets, and we will focus mainly on
information- or data-related risks throughout the module. It is important to remember, however, that sound
risk governance will manage all of the risks that could impact on the business’s objectives.

Information Assets
Information assets are essentially any valuable information that the organisation owns or controls. To
incorporate risks to information- and data-related assets into the risk profile, it is necessary to understand
the nature and value of these assets.
Information assets may be broadly categorised as follows.
• Data. Data is possibly the business’s largest asset. Depending on the nature of the business, data
could include patient health records, details of customer spending habits or personally identifiable
information (PII). Consider what the data is worth to the business; what it is worth to a competitor or
a cyber attacker; and what it would cost to replace.
• Intellectual property. A business might have intellectual property such as research, designs, copyright,
patents, trademarks or even trade secrets. Consider what these are worth to the business and what they
are worth to a cyber attacker or a foreign intelligence service.
• Funds. All businesses need funds to survive. Consider the impacts if a cyber attacker drained the
business’s bank accounts or found a way to siphon small amounts over a long period of time without
being detected.
• System availability. Other items of value within a business include hardware and software, including
web servers, file storage, general applications and how they contribute to the business’s systems being
available. Consider what it would cost the business in lost time and productivity if a cyber-attack disabled
part of the network. If the business provides online services, consider the impact on users who are unable
to access their accounts or services.
Organisations’ information asset listings are often spread across departments. It is good practice to
collate and incorporate these into a central inventory. The inventory must then be maintained to reflect
purchases, disposals, deletions, destruction or other changes to the assets. This process should involve
consultation with managers or team leads across the organisation as well as the use of IT tools to determine
how information assets are accessed and used, both internally and externally.
Like any business asset, the measures taken to protect an information asset are based on its value and
the costs of protecting it. It is not possible to protect everything— it would be too expensive — so the
business needs to prioritise its assets based on value and other relevant considerations. The value of an asset
should consider:
• original cost of acquisition
• cost of acquiring a replacement
• implementation or development costs to support a replacement
• current or expected cost of controls to maintain or protect the asset
• cost of impact to production and productivity if an asset is compromised.

Analysis for Determining a Risk Profile

A risk profile can be built by assessing the external and internal factors that could influence the
organisation’s risks. The PESTLE (political, economic, social, technological, legal and environmental)
analysis tool is one approach to examine external factors (see table 5.1).

TABLE 5.1 PESTLE analysis

Risk profile
asset/process Low Medium High

Political No impact Moderately affected by Business operations are

regional government significantly affected
policies by government policy,
competition for grants,
funding and initiatives.
Pdf_Folio:379

(continued)

MODULE 5 Risk Management, Governance and Regulation 379

 TABLE 5.1 (continued)

Risk profile
asset/process Low Medium High

Economic Company is likely affected Moderate impact of interest Growth rate is significantly
by interest rates. rates. affected by seasonal
factors, inflation and
interest rates.

Social Social attitudes do not Social attitudes have Stakeholders and staff
greatly influence our some influence on market have high social attitudes
position in the market. position with variable and shared beliefs
shared beliefs. around health, work,
demographics.

Technological Consumers are not Technology changes are Consumer access and
influenced or likely to be unlikely to influence our use of technology has
affected by changes to business model. a significant impact on
technology. company objectives.
Emerging technologies
have, or are likely to,
influence our business
model.

Legal The business is regulated The business is regulated The business is sig-
by regional or national by regional or national nificantly regulated by
laws. Moderate or lesser laws. global laws concerning
obligations are imposed consumers, intellectual
due to company size. property, data protection
and tax.

Environmental No impact Moderate impact at a Operations are significantly

single location affected by global weather,
Stakeholders and client climate change.
choices are not influenced Stakeholder decisions are
by our environment heavily influenced by our
policies. ability to reduce our carbon
footprint, recycling and
waste management.

Source: CPA Australia 2021.

A similar table can be constructed to examine internal factors (see table 5.2).

TABLE 5.2 Internal analysis

Risk profile Overview relating

asset/process to risk Low Medium High

Location Exposure to Single location National Global

regional regulations,
statutory obligations
and industry
standards

Number of Amount/coverage Small business with Medium business Enterprise with

personnel of governance, x staff with x > y staff x staff
continual
awareness, potential
for errors

Personal Consideration for Financial, minimal Must comply with Must comply
information data protection and PII, not required the Privacy Act with global data
privacy regulations to comply to the protection/privacy
Privacy Act 1988 obligations
(GDPR and other
requirements)

Pdf_Folio:380

380 Digital Finance

 Data volume/ • Larger stores of Minimal data Moderate quantity Large quantity
transactions data are a target stores/transactions of data storage of transactions
for hackers/infor- Data resides with but limited and data sharing
mation has value clients transactions/data externally
• Increased volume sharing externally
changes the
regulatory
obligations

Subject-matter Single person Multiple internal Moderate to high Highly technical

experts (SMEs) risk (loss of IP, SMEs or low level of technical business business with
knowledge, rare SME technical skills with low to medium limited SMEs
skill sets) required number of SMEs

Products/ • Regulatory • General advice on • Mix of general • Personal financial

services obligation financial products and personal advice
based on type • Narrow range of advice to both • Broad range of
of financial advice simple products business and products
• Complexity • Financial advice is individuals • Financial advice is
• Regulatory a minor business • Medium range of the core business
obligation based function products function
on core business • Financial advice is
a complementary
or moderate
business function

Inhouse Risk associated Significant Mixture of Majority of activities

resourcing with activities being outsourcing outsourcing are managed
heavily dependent arrangements, arrangements internally, minimal
upon internal minimal activities use of outsource
resources managed internally providers to support
business functions

Dependency on Dependency risk Majority of activities Mixture of Significant

outsource is associated are managed outsourced and outsourcing
with activities internally, minimal insourced activities arrangements,
being heavily use of outsourced minimal activities
dependent on providers to support managed internally
external resources business functions

Source: CPA Australia 2021.

Assigning Risk Levels and Compliance Obligations

A risk level is assigned to each factor to build a risk profile. Low-risk factors will need relatively basic
compliance obligations, while high-risk factors will require a more comprehensive approach. Table 5.3
presents an extract of a compliance for each level of cybersecurity risk.

TABLE 5.3 Compliance by risk level

Complexity in cybersecurity
Risk profile Compliance requirements

Low Checklists Antivirus software

Medium Checklists, manuals and programs Antivirus software and IT support

High Checklists, manuals, programs and Antivirus software, IT support and

dedicated compliance staff highly skilled information security
specialists

Source: CPA Australia 2021.

Pdf_Folio:381

MODULE 5 Risk Management, Governance and Regulation 381

RISK IDENTIFICATION
A strategy can only be created to manage a potential risk once the risk has been identified. The key steps
in the risk identification phase include identifying the risk, identifying controls and including these risks
in a risk register.

Identify Risk
Business objectives are set and agreed upon during the planning cycle and are available in the organisation’s
long-term plans. The analysis of the operating environment enables the identification of the risks that
could impact on the delivery of business plans. The identification of risk can be done in many ways:
through clean sheet reviews, regular management reviews or ad hoc reviews when there is a change to the
business environment.
Once a risk event has been identified and articulated, an assessment of the risk is conducted to determine
whether further analysis is required, a risk owner is identified, and the risk is entered into a risk register.

Identify Causes, Impacts and Controls

The bowtie tool is an effective tool to capture risk information during the risk identification phase. A bowtie
tool sets out the process for establishing the causes and impacts for a risk event and the linkage to controls.
In figure 5.4, the six areas of the bowtie have been populated with information about a cybersecurity risk.

FIGURE 5.4 Bowtie tool

Preventative control Mitigating control

Firewall monitoring Disaster recovery plan

Risk issues
Unauthorised activity/

Secure assess to

Business interruption
insider sabotage

database/server or
digital workplaces

Impact
Cause

Risk event
Cybersecurity attack

Source: CPA Australia 2021.

Generally, a bowtie is developed in a workshop with the relevant SMEs, risk owners and potential control
owners present.
When the risk event, causes and impacts have been agreed upon, the controls are identified. A critical
control is a control that significantly reduces the impact or likelihood of a risk. The number of critical
controls must be appropriate to the risk event and must play a key role in achieving the business objective.
The control documentation is developed by the control owners of each control to identify and describe
the components that must be in place and working effectively for the control to be effective. The control
documentation generally comprises the:
• design standard — what needs to be in place or provided for the critical control to be effective (based
on organisation or industry standards, established systems, processes, documents)
• operating standard — the activities or tasks that occur to ensure that the control operates as designed
• verification approach — the method and strategy to obtain assurance on the control health, using
various methods as evidence.

Risk Register
A risk register is a risk management tool to record details for identified risk, including risk ratings, nature
of the risk, owner, manager and mitigation measures.
A risk register is the key document used throughout the risk management process from identification
through reporting. When risks are identified, they can be added to the register, with supporting information
added as the risk assessment proceeds (e.g. risk treatment, improvement actions).

Pdf_Folio:382

382 Digital Finance

RISK ANALYSIS
Risk analysis, and the risk criteria against which all risks are measured and evaluated, are included within
the risk management framework. The risk criteria are primarily used in the risk analysis and risk treatment
steps of the risk management process. However, it is important to be aware of the risk criteria when
identifying risks as well as referring back to the risk criteria when monitoring and reviewing risks.
The risk is generally analysed during a risk workshop or meeting, where a risk bowtie (see figure 5.4)
is populated to determine causes, existing preventative controls, impacts, existing mitigating controls and
likelihood. The inherent risk impact is also determined, and the residual risk impact calculated based on
the impacts and likelihood factors selected.
Generally, risk analysis is qualitative in nature, which combines opinions with the use of a rating system,
applied to different scenarios. A common approach in qualitative risk analysis, is applying the scenario to
a likelihood and impact matrix. Using the risk matrix, you assign values to both the likelihood of a risk
occurring and the consequence if that risk were to occur. These values will be specific to your organisation.

Risk Calculation — Likelihood

Likelihood is the chance (or probability) of something happening. A typical set of likelihood rankings
could range from 1 to 5, increasing in certainty from rare to almost certain. Such an example is shown in
table 5.4.

TABLE 5.4 Likelihood table

Rating Description Likelihood/probability of occurrence

1 Rare The event may only occur in exceptional Less than once in 15 years
circumstances.

2 Unlikely The event could occur at some time. At least once in 10 years

3 Possible The event will possibly occur at some time. At least once in three years

4 Likely The event is expected to occur. 1–2 times per year

5 Almost certain The event will occur in most circumstances. More than three times per year

Source: CPA Australia 2021.

Risk Calculation — Impact

Impact is the consequence of a risk event either in financial terms or in the context of other factors that
affect both business and society. This might include adverse effects on health, safety, the law or on the
environment for which an entity may be accountable.
A typical set of impact rankings could range from 1 to 5, increasing in severity from insignificant to
catastrophic. Such an example is shown in table 5.5.

TABLE 5.5 Impact/consequence table

Insignificant Minor Moderate Major Catastrophic

1 2 3 4 5

Health Near miss Minor injuries Lost time injury Lost time injury Death/fatality
Minor first requiring medical < 30 days > 30 days or permanent
aid injuries, treatment but not disability
not requiring hospitalisation
further medical
treatment

Financial Less than $50 001– $100 001– $500 001– More than
impact $50 000 $100 000 $500 000 $3 000 000 $3 000 000

(continued)

Pdf_Folio:383

MODULE 5 Risk Management, Governance and Regulation 383

 TABLE 5.5 (continued)

Insignificant Minor Moderate Major Catastrophic

1 2 3 4 5

Service Minimal Short-term, Medium-term, Prolonged Substantial

interrup- material service temporary temporary interruption interruption of
tion interruption interruption — interruption — of services services with
backlog cleared backlog cleared — additional non-performance
< 1 day by additional resources; > 1 month
resources performance
< 1 week affected
< 1 month

Compli- Minimal Some temporary Short-term non- Non-compliance Non-compliance

ance regulatory or non-compliances compliance but results in results in
statutory impact with significant termination litigation,
regulatory of services criminal charges
requirements or imposed or significant
imposed penalties damages or
penalties

External Low or little Substantiated, Substantiated, Substantiated, Significant

reputation reputation low impact, low public public and sufficient
impact/news news item embarrassment, embarrassment, organisation
stories moderate high impact, reputation
impact, high news impacts,
moderate news profile, third- multiple very
profile party actions high impacts,
multiple high
and widespread
news profile,
third-party
actions

Source: CPA Australia 2021.

This table can be used to assess any risk event against its impacts. A single risk will have multiple
impacts of different degrees; therefore, assessing each risk against each impact type will provide a
complete assessment. Digital risks will mostly have service interruption, financial, reputation and com-
pliance impacts, rather than health or safety impacts. Using a consistent table allows comparison of all
risks within the organisation.

Risk Calculation — Risk Rating

After the rankings for likelihood/probability and impact are determined, the matrix identifies the total risk
by combining the two inputs:

Risk rating = Likelihood × Impact

This results in a final risk rating for each risk. Figure 5.5 is a risk rating chart.

RISK EVALUATION AND RISK TREATMENT

Following risk identification and risk analysis, the next steps involve completing a risk evaluation. A risk
evaluation involves the comparison of risk analysis outputs against risk criteria to understand where risk
is tolerable.
Completing the risk evaluation process typically involves the following.
• Conducting periodic risk assessments — generally performed annually at a minimum.
• Assessing risks against a ratings scheme — for example, assessed as ‘Well controlled’, ‘Requires some
improvement’, ‘Requires significant improvement’ or ‘Uncontrolled’.
• Justifying the risk rating — results will normally draw on:
– control assessment results (risk owner will consider all relevant controls as part of the overall
risk assessment)
– actual control failure or a control failure that resulted in a similar risk
– internal audit findings
Pdf_Folio:384

384 Digital Finance

 – external audit findings
– management reviews.
• Assessing risks against risk tolerance — tolerability is a measure of acceptance of the risk level
remaining after taking account of the effectiveness of controls and mitigating actions. Risk tolerability
is typically included within the risk management framework, with a relevant tangible example of what
a tolerable risk may constitute for the organisation. For example, the framework may say: For a risk to
be tolerable it has to be rated ‘Well controlled’ or have a residual risk rating of less than ‘High’. Where
the risk is not tolerable, the risk owner must raise a ‘risk rectification issue’ and implement remediation
tasks to reduce the residual risk.

FIGURE 5.5 Organisation risk rating chart

Likelihood rating × Impact rating = Risk rating

Insignificant Minor Moderate Major Catastrophic

1 2 3 4 5

Almost certain
5 10 15 20 25
5 Medium High High Extreme Extreme

Likely
4 8 12 16 20
Low Medium High High Extreme
4
Possible
3 6 9 12 15
Low Medium Medium High High
3
Unlikely
2 4 6 8 10
2 Negligible Low Medium Medium High

Rare
1 2 3 4 5
Negligible Negligible Low Low Medium
1
Likelihood

Impact

Source: CPA Australia 2021.

Reducing Risk
Risk treatment is the action taken to modify the identified risk to a level the organisation considers
acceptable.
The ways an organisation can treat risk are as follows.
• Transfer. An organisation may choose to transfer the risk to a third party, usually in the form of
insurance or outsourcing.
• Mitigate. An organisation may choose to mitigate a risk by taking action to reduce the likelihood of an
event occurring, but not avoiding the risk.
• Avoid. An organisation may choose to avoid the actions that would lead to the risk.
Alternatively, the organisation can choose to accept a risk. An organisation will need to take on
some risks, as without some risk it is difficult to achieve a profit. Choosing to accept a risk is called
risk retention.
There are thus four risk management options: transfer, mitigate, avoid and accept.
A risk treatment chart can help define accountability, response urgency, minimum treatment required
and the review frequency for the risks. An example organisation risk treatment chart/matrix is shown in
figure 5.6.

Pdf_Folio:385

MODULE 5 Risk Management, Governance and Regulation 385

 FIGURE 5.6 Organisation risk management chart

Minimum
Risk level Accountability Response treatment Description Review
required

Immediate
action required
in consultation
with executive
leadership
Reject and
team to either
Extreme Board or CEO Urgent avoid, transfer Immediately
avoid the risk
or mitigate
entirely, transfer
it or to reduce
the risk to a low,
medium or
high rating.

Managers are
to be assigned
CEO or to these risks
executive Accept and and treatments
High Important to modify, Monthly
leadership mitigate
team reduce,
transfer or
eliminate the
risk is required.

Treatment strategies must be applied to risks assessed as ‘high’ level or above.

Manage by
specific
Executive Operational controls, Monthly/
Medium Accept
manager/manager process monitoring or quarterly
response
procedures.

Manager/ Manage by
coordinator/ Capture in risk Quarterly/
Low Accept routine
team leader register annually
procedures.

Manage
Manager/
through
coordinator/team Refer to
Negligible Accept compliance Annually
leader/supervisor compliance
checks and
processes.

Source: CPA Australia 2021.

Controls to Treat Risk

A hierarchy of controls can be used to minimise or eliminate exposure to hazards or risks. It provides a
step-by-step approach and a scale to rate risk controls from the highest level of protection/effectiveness
to the lowest. Figure 5.7 shows an example for a risk relating to a data entry error corrupting a database.
Table 5.6 offers further explanation of the same example.

Pdf_Folio:386

386 Digital Finance

 FIGURE 5.7 Hierarchy of controls

Most Hierarchy of controls

effective
Is this step critical? If not, remove this step
Elimination
from task.

If we must process the data, can we replace

Replace humans with bots to minimise error?

Engineering Implement a system control validation data

controls entry to stop date corruption.

Establish policies and procedures including

Admin. assigning access control to reduce exposure.
controls Provide training to staff that have access to
the database.

Least
effective
Source: CPA Australia 2021.

TABLE 5.6 Hierarchy of controls

Hierarchy of controls Example

Eliminate the hazard Remove this data entry step in the process.
It may not be practical to completely remove data entry
as this is a core part of the business. While elimination is
the best type of risk control, it is not always practical and
other options need to be considered.

Substitute the hazard with a safer alternative Replace human operators with automated bots.
This option might be reasonable, but it may not always
be practical due to technology, capital or productivity
constraints. Replacing the human operators might be
expensive and could have flow-on consequences that
would be more significant and costly.

Engineer the control to reduce the risk Implement a system of control validation to the data entry
to stop data corruption.
While this is another good idea, engineering controls can
be subject to failure if the solution created is bespoke,
and the design is not proved and tested in the industry.

Administrative control to reduce risk Establish policies and procedures, including assigning
access control to reduce exposure. Provide training to
staff that have access to the database.
This control would be very effective, but it is heavily
reliant on employee training and constantly enforcing
the procedures that have been put in place.

Source: CPA Australia 2021.

Key Controls
Key controls either alone, or in conjunction with other controls, significantly reduce the likelihood and/or
impact of risks. There may be more than one key control for a risk. Elements to be considered when
determining a key control should include the following.
• Is the key control the only barrier/layer of protection available for the occurrence of the event or the
impact exposure (e.g. a firewall barrier to stop external cyber threats)?
• Can the key control be used to prevent or mitigate multiple risk causes/impacts? Is this key control
independent from other controls?
Pdf_Folio:387

MODULE 5 Risk Management, Governance and Regulation 387

• Is this key control a single activity (rather than a combination of separate or disparate activities)? Is the
control further along the hierarchy of controls than other controls under consideration?
• Is the key control used to detect or prevent escalation of the event?
To identify effective key controls in a business for each risk, complete the following.
1. Identify causes, then controls which link to the causes. When all causes have been covered, critical
controls are determined based on criteria in the risk management policy.
2. Document the control design standard, operating standard and verification approach. Obtain approval
by risk owner.
3. Assess the key controls for effectiveness through the test plans. Use feedback to circle back and review
if necessary.
Best practice guidance, other company examples, industry incidents and past audit results help identify
effective key controls.
Control Effectiveness Ratings
Control effectiveness ratings are used to calculate the control design and implementation effectiveness for
managing the risks. An example controls rating matrix is presented in table 5.7.

TABLE 5.7 Controls rating matrix

Existing control rates

Rating Foreseeable Description

Effective There is little scope for improvement. • Processes (controls) operating as intended
and aligned to policies/procedures
• Subject to ongoing monitoring
• Reviewed and tested regularly

Adequate There is some scope for improvement. • Processes (controls) generally operating as
intended yet inadequacies exist
• Limited monitoring
• Reviewed and tested, but not regularly

Inadequate There is a need for improvement or action. • Processes (controls) not operating as
intended
• Processes (controls) do not exist or are not
being complied with
• Have not been reviewed or tested for
some time

Source: CPA Australia 2021.

Business Continuity Plans and Disaster Recovery Plans

A business continuity plan (BCP) generally encompasses mitigating controls for significant risks that
upon occurrence could interrupt the business for an extended period of time. The risk owner’s responsibility
is to decide whether a BCP is required. Risk owners develop, implement, test and maintain BCPs for
their identified significant risks to ensure the appropriate level of resources (plans, procedures, facilities,
equipment and trained personnel) are available in case of an incident or disruption to operations.
To assist with technology/supply chain risks, a disaster recovery plan (DRP) is a key component of
a business continuity plan (BCP). A DRP is a deliberate and documented approach that details how an
organisation can return to work after an unplanned outage or incident. To generate a plan, an organisation
often performs a business impact assessment (BIA) to establish key objectives for recovery. DRPs can
be tailored for specific environments, for example:
• network disaster recovery plan
• cloud disaster recovery plan
• virtual disaster recovery plan
• data centre disaster recovery plan.

Pdf_Folio:388

388 Digital Finance

 QUESTION 5.4

Differentiate risk evaluation and risk treatment. Provide an example of a typical task from each
process.

RISK MONITORING AND ACTION

With risk evaluation and risk treatment in place, there must be a system of ongoing review that is capable
of responding promptly to new/emerging risks and changes to existing risks. The objectives of risk
monitoring and action are to:
• provide a system of ongoing review of risk to management
• deliver the status of the organisation’s risk profile to leadership teams
• report to executive management and the Risk and Audit Committee.
To assist risk monitoring and action, all risk activities are to be documented and maintained in the
organisation’s risk register. This assists the organisation because:
• the information and data developed may be referred to, or relied upon, in future risk management
activities
• it provides evidence of the organisation’s risk management activities, and provides background informa-
tion to support the reasons decisions were made. This information may assist with any insurance and/or
legal claims and may protect the organisation and its employees should the organisation experience an
adverse event.
At a minimum, reports should be generated in accordance with the organisation’s risk reporting
framework. An example of a risk monitoring and reporting requirement plan is shown in table 5.8.

TABLE 5.8 Risk monitoring and reporting requirement plan

Deliverable Content Timing

Organisation risk profile Reporting to Risk and Audit Committee an outline of Six-monthly
the organisation’s risks.
The risk management report to the Committee is
prepared half yearly and follows a consultation and
review process with risk owners, and endorsement by
accountable Vice President and CEO.

Risk register Reporting to internal audit and governance teams on Six-monthly

key risks.

Risk input into two- and five- A risk review is conducted and incorporated into the Annually
year plan business planning and budgeting process.

Executive management reporting Reporting to executive leadership and management Monthly

team on a monthly basis on risks. Deep dive risk
reviews are then used in monthly sessions with the
CEO.

Leadership team meetings Individual sessions with key business units across the Monthly
(VP and Head of Functions) organisation to ensure risk management and process Quarterly
health indicators reside on each agenda. Bi-annual
Planning session to review content for the Risk and
Audit Committee and plot a way forward. This includes
identification of new risks, analysis or review of
existing risks and control assessment, consideration of
any other inputs.

Head of Functions meetings Individual Head of Functions sessions to provide Monthly

overview of changes to the risk profile, discuss any Quarterly
emerging risks and track progress of current projects.

Source: CPA Australia 2021.

Pdf_Folio:389

MODULE 5 Risk Management, Governance and Regulation 389

ISO 31000 Monitoring and Review Processes
ISO 31000 expects organisations to plan monitoring and review processes into all of the risk management
process stages. The standard requires that planning, gathering and analysing information should be used
to inform an organisation’s performance management, measurement and reporting. The different types of
monitoring and review are control validation, audit and key risk indicators (KRIs).
Control validation
Risk controls can be implemented to prevent, detect, or correct risk. Controls can occur at all levels of an
organisation and may be physical, logical, managerial, or involve process or policy controls. An important
step to managing risk is validating the controls put in place. This needs to be done periodically to make
sure that controls are working. An organisation will need to make a controls validation plan, and then carry
out an audit.
The plan should include any required documents resulting from validating the controls, the resources
and personnel required, a timeline for completion and the criteria by which the controls will be validated,
including any compliance requirements.
Audit
Organisations use audits to identify risks and check that the intentions of a risk management strategy are
being carried out. An audit might look at whether controls or policies have been implemented correctly.
Although an audit’s main function is to monitor the present situation, it can also help identify how the
organisation might better manage risk in future.
Key Risk Indicators
KRIs are reviewed periodically and are used as a guide to the ongoing state of an organisation’s risk
management. They are used to tell how likely it is a risk will occur, and the consequences associated
with that risk. They are indicators that are translated into metrics for easier consideration. They provide
information on how likely future adverse impacts will be. KRIs may be:
• leading KRIs — with a focus on predicting future outcomes, leading KRIs consider future impacts that
could change an organisation’s risks or activities
• lagging KRIs — with a focus on previous outcomes, lagging KRIs take a retrospective look at data to
shape an idea of any trends, or patterns, in risks or activities.
When an organisation identifies KRIs, they define at what point a risk needs attention or intervention.
KRIs can inform better risk assessments and detect early warnings of emerging risks. By tracking KRIs
over time, an organisation can identify trends for areas of the organisation that need attention or that are
presenting opportunities.
Effective KRIs focus on potential risks to an organisation’s objectives and are most effective when the
risks are measurable, trackable, predictable and informative.
Establishing KRIs requires determining the threshold at which action to mitigate risk is triggered. By
providing a point at which action should be taken, KRIs serve as a proactive approach to risk management.

Monitoring of Risk Using Risk Triggers

Risk changes over time and this change can affect compliance. Risk triggers are a way of staying on top
of changes and staying compliant.
A good risk management strategy is responsive to risk. A response requires knowing that there is a
risk in the first place. Risk triggers help an organisation to monitor for any unknown risks and re-evaluate
their risk management accordingly. When defining risk triggers, an organisation will include what methods
should be taken to monitor the risk.
Types of Risk Triggers
Key types of risk triggers include the following.
• Incident/near miss event. May indicate that controls are failing or that the risk is not being managed
well. The incident or near miss might be an identified risk or might have links to identified risks.
For example:
– IT equipment was stacked in a disorderly pile that collapsed, almost hitting employees.
– Employees in an organisation received a phishing email with a link that when clicked exposes the
company database/server to a cyber-attack.
• Audit findings. Can highlight issues with the control environment or identify when risks aren’t being
well managed from an independent source. For example:
Pdf_Folio:390

390 Digital Finance

 – Internal audit finds cash register staff are not regularly banking funds from the cash register to the
store’s safe.
• Stakeholder/business impact analysis. Can provide feedback on new risk areas to the business or where
‘reputation/social license to operate risk profile’ changes within the risk profile. For example:
– A bank wants to close several rural branches across Australia. This may impact staff morale, the way
the bank can serve rural customers and its reputation/social license to operate.
– Banks and lending providers choose to use artificial intelligence (AI) tools to profile potential
customers to help make decisions on lending applications or targeting potential new customers. This
may lead to biased results and damage to reputation.
• Operational risks/organisational change. May affect other risk profiles (e.g. strategic/project risk), and
organisational change may affect key processes or the underlying control environment. For example:
– A multinational organisation is dependent on outsourced operations centres overseas. They may
experience risk should something happen to their offshore stakeholders.
– An organisation is in the process of implementing an IT project to move information from server to
the cloud, which impacts a number of operational and strategic organisation risks.
• IT change management. Can have large impact on systems and business processes throughout the entire
supply chain. For example:
– A large department store wants to overhaul its manual purchasing system so it is fully automated.
This is a massive project, and introduces a wide range of risks associated with change.
• Privacy impact analysis (PIA). Can provide insights into the impact of risks relating to security and
privacy of data. For example:
– A health insurance company wants to collect health data from various sources such as general
practitioners and public records. They need to know if what they intend to do is in accordance with
privacy best practices and regulations.
• Changes to the risk profile (PESTLE analysis). Should be obtained and analysed by the organisation.
For example:
– An aviation company has to adapt to changes in safety regulations and standards applicable to
aeroplanes in multiple jurisdictions.
– A lending company is required to understand and conform to the buy-now-pay-later legislation and
changes in competitive landscape.

5.4 FUTURE INNOVATION IN RISK MANAGEMENT

The future of risk management requires great attention and will require significant innovation in order
to keep up with ever-changing risks. A well-designed and well-communicated approach will lay the
foundations for effective risk management, including responding to emerging risk issues.
As we have seen throughout this study guide, organisations are increasingly dependent on data —
to optimise their business processes, provide insights that support the business’s objectives and create
personalised experiences for customers. The deep integration of data into most facets of business means
that data-related risks will be a focus for almost all organisations. The aim is to ensure confidentiality,
integrity and availability of data (and information systems).
Cyber threats to data are increasing. Cyber-attacks are constantly changing and attackers are using more
sophisticated tactics. Financial services are an especially attractive target for cybercriminals. In addition,
laws and regulations around data are still developing, so regulatory change must be expected.
Best practice risk management for data-related risks will include processes and controls relating to:
• information security policies
• organisation of information security
• human resource security
• asset management
• access control
• cryptography
• physical and environmental security
• operations security
• communications security
• system acquisition, development and maintenance
• supplier relationships
Pdf_Folio:391

MODULE 5 Risk Management, Governance and Regulation 391

 • information security incident management
• information security aspects of business continuity management
• compliance.
In particular, security controls are required across an organisation to form a comprehensive security
strategy, and include devices, software, policies, procedures and plans.
A variety of innovative solutions are emerging that help an organisation manage risk. These include:
• cloud-based risk management tools — to secure data in the cloud
• Risk-as-a-Service — risk management services provided from a cloud platform
• privacy-focused security tools, developed in part in response to the European Union’s General Data
Protection Regulation (GDPR) — these security tools relate to data discovery, classification and
cataloguing (e.g. BigID, DataGuise and Integris Software) and consent management (e.g. Osano,
Transcend.io and DataGrail.io)
• RegTech solutions — to perform compliance reporting and audits (see part F of this module)
• the use of AI, and in particular machine learning (ML), to monitor data assets and network activity in
real-time to identify and respond to cyber-attacks.
Some of these are discussed in more detail later in the module.
.......................................................................................................................................................................................
CONSIDER THIS
Consider your company’s or clients’ risk management strategy. How could it be improved? What circumstances
would challenge the current strategy?

SUMMARY
In this part, we have established the need for effective risk management and explored a comprehensive
risk management process based on best practice guidelines from ISO 31000. We noted that in the context
of data-related risks, the information security standards ISO 27001 and ISO 27005 are also important.
Effective risk management requires identification, analysis and evaluation of risks, development and
implementation of risk treatments and ongoing monitoring. This ensure the business’s risk profile matches
its risk appetite — how much risk it is willing to accept to achieve its objectives. Effective risk management
relies on strong governance, which will be discussed in part B.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

5.1 Assess risks and design mitigation strategies to ensure data security for organisational
outputs.
• A risk management process based on ISO 31000 is best practice for the assessment and
treatment of risks.
• Data security practices are further informed by ISO 27001 and ISO 27005.
• A business continuity plan and disaster recovery plan, based on a business impact assessment,
are important aspects of ensuring the business can continue to achieve its objectives.
• A number of innovative technologies are available to help an organisation manage data-
related risks.

Pdf_Folio:392

392 Digital Finance

PART B: GOVERNANCE
INTRODUCTION
Good governance is a cornerstone of effective business practice. It increases transparency, encourages
positive practices, enhances accountability, facilitates decision making and implements an appropriate
level of authority.
In this part, we will outline what risk governance is and what it comprises. The role of a risk governance
framework will be explored, including developing a framework that matches the needs of the organisation.
Risk management is reliant on organisational culture — we will explore how to develop risk governance
via a positive risk culture and an appropriate mix of Board members. We will also consider future threats
to governance and how they may be resolved.
We will conclude the part by looking at the goals and tools of data governance.

5.5 WHAT IS RISK GOVERNANCE?

Better risk governance can give an organisation the ability to benefit from change while minimising the
potential impacts from associated risks.

GOOD GOVERNANCE
We introduced the concept of governance in section 1.1. The actions, processes and traditions (which are
put in place to support risk governance) focus on the identification, assessment, evaluation, communication
and management of risks.
Good governance creates appropriate systems and controls within the organisation to ensure a balance
between appropriate risk-based decisions and commercial decisions intended to develop, grow and evolve
the business.
Different organisations require different governance strategies. While the importance of good gover-
nance becomes more significant as an organisation grows, small organisations benefit greatly from good
governance as well.

THE ELEMENTS OF GOVERNANCE

Canada’s Institute of Governance sums up the three main elements of governance as accountability,
authority and decision making (McMenemy 2019), as represented by figure 5.8.

FIGURE 5.8 Governance — accountability, authority and decision making

Accountability

Authority

Decision making

Governance
Source: CPA Australia 2021.
Pdf_Folio:393

MODULE 5 Risk Management, Governance and Regulation 393

Accountability
Accountability refers to responsibility for one’s actions. Answerability (justifying and providing infor-
mation to support actions) and enforcement (implementing and accepting consequences of expectation
failures) are key components of accountability.
Key questions that relate to accountability include the following.
• Who is accountable for decisions?
• Does everyone understand the organisation accountabilities?
Generally, in organisations, boards and executive management have the authority and accountability for
supporting activities and performance.

Authority
Authority is the ability or power (typically through authorisation) to direct, command and monitor
activities. Authority should have set limits and escalation protocols within an organisation.
Ensuring there is clear understanding and authority for responsibilities includes balancing:
• functional versus operational decision making
• global strategies versus regional strategies.
The organisation should establish appropriate authority for key governance functions such as audit, risk,
compliance and legal.
Key organisation questions that relate to authority include the following.
• Who has a voice in making decisions?
• Is the right level of authority set at the right level within the organisation?
• Do people with authority have the correct skills and support from the organisation?

Decision Making
It should be clear who is responsible for making decisions within the organisation. The decision-making
process should involve data gathering, option optimisation and clear criteria for making optimum decisions.
Internal and external stakeholders should be able to understand the organisation’s decision-making
process.
Key organisation questions that relate to decision making include the following.
• How are decisions made?
• Are decision makers clear on the processes involved in arriving at a decision?
• Are there delegated authorities for Board and management in the organisation?
.......................................................................................................................................................................................
CONSIDER THIS
Are accountability, authority and decision-making responsibilities clear in your organisation? If not, what problems
have arisen?

CREATING GOOD GOVERNANCE

The Board is responsible for setting up the governance of an organisation, including establishing a sound
system of risk oversight. To effectively implement good governance, the risk management strategy needs
to be embedded within the business process, rather than being something that stands alone or apart.

Risk Management Strategy — Critical Elements

Strategies will differ across organisations but should share the following critical elements.
Set a Vision
The Board is responsible for setting a clear vision and mission statements. This is usually done through
the process of strategic planning where the Board aims to understand the state of the organisation, develop
a vision of where the organisation is heading in the short and long term, and consider exactly how they
plan to get there. Strategic planning must be clear and comprehensive. This typically includes analysis
that supports achievable action plans, risk management strategy, budgets, monitoring, reporting and other
issues.
The vision should describe how risk management protects and enables value in the organisation.
• Base the risk management strategy on the organisational strategy and align it with business goals.
• Communicate risk management issues in simple business language.
The strategic plan holds Board members accountable for their decisions and for monitoring their goals.
Pdf_Folio:394

394 Digital Finance

Provide Tone from the Top
Good governance requires the Board to act with utmost integrity, ethically and honestly. Transparency is
key to demonstrating and modelling these characteristics.
A strong governance strategy is part of the organisation’s core message and should be defined and
implemented by senior executives. Processes and records should be transparent, truthful, not inflated
and should be made available to shareholders and stakeholders. A strong governance culture and risk
management strategy should always be driven from the top.
The Earlier, the Better
Crisis can hit an organisation without warning for a wide variety of reasons. Organisations that practice
good governance are better equipped to respond effectively when dealing with crisis.
It is always easier to implement a governance framework with risk management earlier rather than later,
and ensure that it is embedded in every business activity. This enables the organisation to be proactive in
the face of crisis, rather than reactive. Organisations should check that their framework adequately covers
all business activities before a crisis occurs.
Build the Right Team
Best practice for good governance is to carefully select the mix of Board members. The Board should be
composed of members with a variety of talents, skills, abilities, experiences and perspectives.
Likewise, the governance and risk management teams need an appropriate mix of skill sets. This might
include organisational change management, crisis management, third-party risk management and strategic
communications.
Assemble a Steering Committee
As overseers, the Board would typically appoint and assemble a steering committee for each focus
area. Where practicable, organisations should establish a risk management steering committee. Assigning
Board members or senior executives as risk management trustees, or sponsors, helps implement the
risk management strategy as part of the organisation’s culture. These advocates help spread the risk
management vision across the enterprise.
Share Responsibilities
A Board that values shared responsibilities, derived from broad consensus, will typically make decisions
that have the best interests of the organisation at heart. Each member of the Board should be respected,
have equal weight in decision making, and be able to freely express their opinions and experiences to
enhance and broaden discussions.

QUESTION 5.5

‘It is always easier to implement a governance framework with risk management earlier rather than
later, and ensure that it is embedded in every business activity.’ Discuss this statement.

PRINCIPLES OF GOOD GOVERNANCE

Good governance sees each component in a risk management system – people, processes and technology –
come together. Risk management should factor into all business decisions.
The Australian Stock Exchange (ASX) Corporate Governance Council (‘Council’) develops the
Corporate Governance Principles and Recommendations to set out corporate governance practices for
ASX-listed entities that, in the Council’s view, are likely to achieve good governance outcomes and meet
the reasonable expectations of most investors in most situations.
Adherence to the principles and recommendations is not mandatory, but in practice the recommenda-
tions are generally adopted and incorporated by the ASX, and by listed companies where at all practicable.
It is widely recognised that although these principles and recommendations are targeted at listed
companies, non-listed entities may still benefit from implementing them. Most organisations can legiti-
mately adopt different governance practices, based on a range of factors, including their size, complexity,
history and corporate culture. The principles and recommendations are what the Council advocates
as contemporary practices to achieve good governance — amended as necessary for each individual
organisation’s complexity and size. Figure 5.9 summarises the ASX’s recommended principles for
good governance.
Pdf_Folio:395

MODULE 5 Risk Management, Governance and Regulation 395

 FIGURE 5.9 Eight principles for good governance

Principle 1
Lay solid foundations for management and oversight.
Roles and responsibilities should be clearly defined, and delineated between the Board and manage-
ment. Performance should be reviewed regularly by the Board and management.
Principle 2
Structure the Board to be effective and add value.
To discharge its duty effectively and add value, the Board should be an appropriate size for the business
and comprise committed people with appropriate skillsets and experience for the organisation’s industry.
Principle 3
Instil a culture of acting lawfully, ethically and responsibly.
Create a positive culture from the top down, and continually reinforce the ideals of acting lawfully,
ethically and responsibly across the organisation.
Principle 4
Safeguard the integrity of corporate reports.
Put appropriate processes in place to make sure the integrity of corporate reports is maintained.
Principle 5
Make timely and balanced disclosure.
Make timely disclosures of any information that would cause a reasonable person to expect the share
price, or value of the company, to be significantly affected.
Principle 6
Respect the rights of security holders.
Provide shareholders with appropriate information and give them the ability to exercise their
shareholder rights.
Principle 7
Recognise and manage risk.
Establish a risk framework that is sound and ensure that an effectiveness review is completed
periodically.
Principle 8
Remunerate fairly and responsibly.
Compensate directors and executives with sufficient remuneration to ensure the organisation can attract
and retain high quality personnel that are also motivated to create value for shareholders while remaining
aligned to the organisation’s values and risk appetite.
Source: CPA Australia 2021.

GOVERNANCE ROLES AND RESPONSIBILITIES

Having the right people involved, and a common understanding of the roles and responsibilities each actor
plays in a risk management strategy, is key to implementing and maintaining good governance. We discuss
key roles below. Depending on the size of an organisation, some roles may be combined.

Board
The Board is responsible for defining the risk appetite to meet the strategy of the organisation.
Their responsibilities include:
• defining the risks (nature and extent) allowed to meet the organisation’s strategic objective
• understanding and reviewing the appetite, framework and strategy for managing risk that will be
maintained by management
• monitoring management to ensure the risk management framework is sound and operates within the
risk appetite definition that has been established.

Senior Management (CEO and Leadership Team)

Senior management are responsible for:
• defining the scope, objectives and priorities of an organisation’s risk strategy
• approving policy statements and approving funding.
They are also responsible for:
Pdf_Folio:396

396 Digital Finance

• approving company risk management policies and top enterprise risks
• ensuring the development of the risk management program
• allocating resources to implement risk management programs and activities
• ensuring that, where practicable, employees receive risk-management training.
Senior management are accountable to the Board and have ultimate operational responsibility for
achieving the organisation’s goals.

Chief Information Security Officer

A chief information security officer (CISO) is responsible for developing and implementing the organi-
sation’s information security policy. They are security professionals, not business decision makers. Their
responsibilities include:
• enforcing information security policy
• benchmarking peer organisations
• assembling experienced staff and developing the security architecture
• defining and ratifying the classification structure of information assets.
As part of the organisation’s security program, the CISO will be involved in the organisation’s risk
management strategy. They play a leading role in introducing an appropriate methodology to identify,
evaluate and minimise risks to the IT systems that support the organisation’s mission. They also act as
major consultants in support of senior management to ensure that this activity is ongoing.

Chief Information Officer

The chief information officer (CIO) is responsible for IT-related:
• planning (including information security)
• budgeting
• performance (benchmarking).
Their decisions should be based on an effective risk management program.

Data Owner
The data owner may be an executive or manager. Being a data owner is not usually their main role. A
data owner:
• delegates responsibility for data protection to the appropriate custodian(s)
• has the final corporate responsibility for data protection
• determines data classification levels and security requirements for data protection.

Data Custodian
The data custodian is generally a member of the IT team and will be delegated data maintenance tasks by
the data owner. For example, a security administrator may be responsible for enforcing access rights to
data. This would include:
• running backups and restores
• maintaining security controls
• defining user rights.

Systems Owners and IT Security Practitioners

System and information owners are responsible for ensuring that proper controls are in place to address
the confidentiality, integrity and availability of the IT systems and data they own, and approving and
signing off on changes to their IT system such as system enhancements and major changes to the hardware
or software.
• Confidentiality means that data and information is private and secure with restricted view access.
• Integrity means that data is reliable, correct and restricts edit access.
• Availability is the correct access to authorised users.
Systems owners work with IT security practitioners, who are responsible for properly installing security
requirements in their IT systems.

Pdf_Folio:397

MODULE 5 Risk Management, Governance and Regulation 397

 IT security practitioners include:
• network and system administrators
• security administrators, analysts and consultants
• database administrators
• development operations security experts.

Security Awareness Trainers

Security awareness trainers must understand the risk management process so they can incorporate risk
assessment into their training programs.
They are responsible for training the organisation’s personnel — users of the IT systems — in security
awareness. Using the IT systems and data in accordance with the organisation’s policies, procedures and
guidelines will help mitigate risks and protect these systems and data.

Auditors
Internal and/or external auditors provide independent assurance that the organisation maintains appropriate
security objectives and compliance.

QUESTION 5.6

How can the CIO and CISO complement each other to ensure ongoing improvement in risk
management?

INCREASED ACCOUNTABILITY — BEAR AND FAR

The Banking Executive Accountability Regime (BEAR), introduced in 2018, was an attempt to restore
balance to ethical responsibility and commercial targets, in part by requiring accountability maps to be
drawn up so that each executive in an organisation would be clear on who is accountable for each decision
made. BEAR was an example of the regulator forcing banks to implement good governance programs
(Deloitte 2019).
At the end of 2020, the phased replacement of BEAR with the APRA’s Financial Accountability Regime
(FAR) began. FAR is administered by APRA and ASIC, and will eventually cover all APRA-regulated
entities. FAR has expanded the scope and responsibilities of accountable persons, increasing maximum
penalties (including civil penalties) and classifying entities as either ‘core compliance’ or ‘enhanced
compliance’ entities depending on their total asset size.
Directors and senior executives of these institutions are subject to stricter accountability in a move by
the regulator to create a culture of compliance. APRA has attempted to shift the culture of these institutions
so that there is an expectation that they serve existing customers, rather than endlessly pushing new
products to gain new customers.

5.6 POOR/INAPPROPRIATE RISK GOVERNANCE

Poor governance can expose an organisation to adverse outcomes. An organisation must comply with legal
and ethical obligations, or the consequences can be severe.

COMMUNICATION OF RISK
Communicating organisational risk management is a challenge when implementing and maintaining
good organisational governance. Poor communication leads to poor understanding, which can cause an
organisation’s risk strategy to become lost and/or become ineffective.
Some consequences of poor communication around risk governance include the following.
• Complacency can arise from a lack of understanding, caused by poor communication, and lead to over-
confidence and insufficient appreciation of risks.
• The organisation could become exposed to lawsuits due to impropriety, investigation by regulators, and
the reputational damage that could follow. Lawsuits, whether they are won or lost, result in unfavourable
outcomes that include lost time and money.
• Poor communication can make it unclear which risk management practices need to be implemented.
This can lead to mishandling of intellectual property and data, resulting in lost or stolen assets.
Pdf_Folio:398

398 Digital Finance

Management of Risk Communication
Key elements that can help an organisation avoid poor governance due to poor communication include
the following.
• Documentation. Only supply documentation to the Board that contains relevant and reliable information
to make informed decisions.
• Strategy. Have a clear three- to five-year strategy. The strategy will guide the entire organisation in
decision-making and make sure everyone is following the same path.
• Policies and procedures. Maintain a suite of updated policies and procedures that covers the adminis-
trative, financial and human resources aspects of the organisation to guide daily practices.

WHEN GOVERNANCE IS LACKING

Before we learn more about implementing good governance and a risk management framework, it is
useful to examine what can happen when governance is lacking. Example 5.2 explores the experience of
Wirecard, a FinTech company. Wirecard was founded in 1999 and began offering online payment services
for websites. They expanded to offer electronic payment transaction services and risk management. Over
the years, the company’s accounting came into question. In 2019, the Financial Times published a series
of articles on Wirecard’s operations.
Wirecard’s operational failures included accounting irregularities, manipulation of corporate structure
and acquisitions to hide asset value, artificial inflation of profit, avoiding compliance by use of third-party
acquirers and auditing oversights.
In 2020 Wirecard filed for insolvency and revealed that €1.9 billion was missing.

EXAMPLE 5.2

Wirecard
A lack of governance contributed to Wirecard’s demise as follows.
• 1999. Wirecard is founded and begins offering online payment services for websites. Later, they expand
to offer electronic payment transaction services and risk management.
• 2005. Wirecard avoids the usual scrutiny required to list on the German stock exchange when it takes
over the listing of a defunct call centre. Wirecard acquires the online bank X.com and renames it
Wirecard Bank. With the purchase of the bank comes a bank licence and licensing for Visa and
Mastercard, meaning Wirecard can issue credit cards and handle money for merchants.
• 2011–14. Wirecard makes a series of obscure acquisitions after raising €500 million from shareholders.
Wirecard claims the rapid growth is organic and that they have also acquired superior technology.
• 2015. Questions are raised about inconsistencies in Wirecard’s accounting. Wirecard is accused
anonymously of money laundering. Wirecard denies it and the German financial regulator launches
an investigation into the accuser.
• 2017. Wirecard’s auditor reports a clean audit and share prices rise.
• 2018. A series of investigations sparked by whistle-blowers become public. Wirecard announces it will
sue the Financial Times and Singapore authorities who have launched a criminal investigation after
raiding Wirecard offices. Meanwhile, Wirecard’s auditor approves the 2018 accounts with only minor
qualifications.
• 2019. Under pressure from its own investors, after more whistle-blower stories are published, Wirecard
conducts a special audit, using new auditors.
What went wrong?
Wirecard seemed destined for failure near the end, but governance must have been lacking for things to
get as bad as they did.
Wirecard seemingly suffered from both questionable business dealings, which were potentially deli-
berate, and poor governance decisions in terms of authority, decision making and effective business
practices (particularly with accounting practices).
How could good governance have mitigated some of Wirecard’s problems?
• Strategy review. When Wirecard made a series of obscure acquisitions there was an opportunity for the
Board to question the organisational strategy.
• Accountability and transparency. Fundamental governance principles of recorded minutes at executive
meetings was lacking. Minutes not only promote accountability and transparency; they also facilitate
effective audit and regulatory reviews.
• Financial oversight. When questions were raised about inconsistencies in Wirecard’s accounting, the
organisation had the opportunity to revise oversight of their accounting practices.
Pdf_Folio:399

MODULE 5 Risk Management, Governance and Regulation 399

 • Audit. There were a number of opportunities for internal and external audit to complete audit techniques
to uncover issues in accounting practices, contract, fraud, and management decisions.
• Escalation controls. Wirecard sued when investigations sparked by whistle-blowers became public.
They could have put a better whistle-blower policy in place to make sure people could report
effectively internally.

5.7 DEVELOPING RISK GOVERNANCE

THROUGH CULTURE
No matter the size of an organisation, a positive governance culture will help risk to be managed across
all levels. The culture of an organisation will make sure that people are informed of risk appetites, aware
of policy and follow the appropriate processes, specific to that organisation.

POSITIVE GOVERNANCE CULTURE

The Board should make sure that systems are in place to guarantee that risk is managed according to the risk
appetites and tolerances they set. Leading by example is key to establishing the culture in the organisation.
The Board must be well-informed and able to challenge senior management.
A positive governance culture is the outcome of good governance strategies and supporting processes
for organisations of any size or situation. Specifically, a positive risk culture arises from the following.
• Clear accountability. Positive risk culture requires clear definition of responsibility and accountability.
Everyone should know clearly who is responsible for risk.
• Good risk monitoring. Risk treatments need to be monitored, with an emphasis on a pre-emptive
approach to managing risk. Everyone needs to be looking for new potential risks and to have the ability
to re-assess.
• Learn from mistakes. Not only do organisations need to look at how they can learn from their own
mistakes, but how they can learn from others’. Mistakes happen and can be powerful examples for
improvement.

FIT-FOR-PURPOSE
A key factor in good governance for an organisation of any size is creating a risk appetite statement. An
organisation can have good risk management policies in place, but if there is weakness in risk culture, the
implementation of these policies can break down.
A risk appetite should define what types of risks are acceptable to pursue and thus what new products,
customers, and markets should be targeted. A risk appetite statement needs to be used to help embed
systematic risk management into every part of the business. This will make sure that the tolerances
and limits of risk, which have been determined in the risk appetite statement, can be used consistently
throughout the organisation to make informed decisions.
Risk tolerance is the amount of risk a business will assume in order to achieve its financial goals. This
should be aligned to the risk culture and should be considered when the risk profile is understood. All
businesses have a certain level of risk appetite; otherwise there would be no growth.
Risk tolerance is the tactical component of risk appetite and is a measure of the maximum amount of
risk the business can manage (Department of Finance 2020). The organisation will define what levels of
risk are acceptable for a specific risk or category of risk.
Considerations for managing risk include:
• what risks need to be escalated
• what re-allocation of resources are required
• what current controls are in place
• what potential new treatments would be required.
Tolerability is a measure of acceptance of the risk level remaining after taking account of the
effectiveness of controls and mitigating actions. Risk tolerability is typically included within the risk
management framework, with a relevant example of risk tolerability in order to provide clarity.

Pdf_Folio:400

400 Digital Finance

 For example:
• For a risk to be tolerable it has to be rated ‘Well controlled’ or have a residual risk rating of less
than ‘High’.
• Where the risk is not tolerable, the risk owner must raise a ‘risk rectification issue’ and implement
remediation tasks to reduce the residual risk.
A risk treatment chart (see figure 5.6 earlier in the module) can help define correct accountability,
response urgency, minimum treatment required and the review frequency for the risks.

An Agile Approach
Many technology companies and other smaller businesses now operate using Agile work practices. This
typically involves flattening the traditional hierarchies in organisations and creating smaller self-led teams
to tackle issues in two-week ‘sprints’. Due to the smaller team size and responsiveness required, Agile is
an approach which lends itself to smaller, more dynamic organisations rather than larger or more heavily
regulated businesses such as banks.
Agile can work in opposition to traditional corporate governance — especially at the project level where
Agile involves an iterative and incremental approach which is harder to monitor. For example, a team
working in rapid two-week sprints could miss compliance issues that the Board needs to address as there
could be two or more sprints between each Board meeting.
However, Agile and governance do not have to be mutually exclusive. Compliance checks can be worked
into the Agile cycle as ‘gates’ that teams must go through before advancing to the next stage of the project.
For example:
1. Checkpoint at review of the scope and schedule.
2. Checkpoint after preliminary design decisions.
3. Checkpoint before customer testing.
4. Checkpoint when product/service ready for launch.
5. Checkpoint for ‘lessons learned’ or post implementation reviews to build in learnings to future projects.

QUESTION 5.7

Assess the pros and cons of Agile work practices from a governance perspective.

GOVERNING ORGANISATIONAL CULTURE

Governance culture is one of the many important aspects of an organisation’s culture when considering
governance and risk management. Recent events in the Australian banking sector have called into question
the behaviour and norms of executive and independent directors. It was evident that some Boards thought
more about what they could do instead of what they should do. As the Board is the highest level of
leadership, it sets the norms and expectations for a company, and therefore it is their role to create a
positive culture that influences behaviour at both the management and employee level. Companies that have
a positive culture may even have lower general risk levels due to employee engagement and satisfaction.
The Australian Institute of Company Directors (2016) posits that the role of the governance Board has
three parts:
• setting clear cultural and behavioural expectations
• putting in place policies and process that align the expectations with the desired behaviours
• measuring the alignment through informal and formal metrics.
They identify four areas for setting organisational culture in practice.
• Processes/agenda — formal systems of the boardroom. The processes of the Board – including its
governing policies and recruitment process – set a tone for the culture. Priorities in the Board’s agenda
identify its expectations.
• Dynamics — informal systems of the boardroom. The individuals and interactions at a Board level are
characterised by their questioning style, emotional intelligence and critical thinking ability.
• Sensing — informal systems in the organisation. What is the perception of employees? Do they see
directors at organisation events and sites? Do they have opportunities to meet with Board members
informally?
• Reporting — formal systems in the organisation. What reporting is shared with the Board, including
metrics, policy and process reviews?
Pdf_Folio:401

MODULE 5 Risk Management, Governance and Regulation 401

 Figure 5.10 outlines how a Board can align its vision to govern a practical organisational culture.

FIGURE 5.10 Developing organisational culture

The
organisation’s
values, strategy
and vision

Formal Informal

Demonstrate formal culture in the boardroom Demonstrate informal culture in the boardroom
through processes and an agenda. through board dynamics.
• Recruit members and directors who represent • Recruit a dynamic Board who have a range of
organisational values. relevant experience and diverse opinions.
• Evaluate the Board and governance policies • Align decision making to the organisation’s
against organisational strategy and vision. culture.
• Form agendas that prioritise the organisation’s • Encourage dynamic direction using critical
culture. thinking skills and emotional intelligence.

Develop formal culture within the organisation through Develop informal culture within the organisation
reporting to the Board. from top down through sensing and send the
• Report to the Board in line with organisational right message.
culture. • Provide the opportunity for staff to network with
• Develop reports, review processes and measure the Board and spread an organisational culture
performance in line with the organisational culture. organically.
• Feed compliance information to the Board through • Use walk-around management techniques to
formal channels. hear and acknowledge employees’ cultural
suggestions and hear concerns.
• Employees and management take the pulse of
other organisations’ cultures and make internal
suggestions for cultural improvement.

Source: Adapted from MacCormick 2019.

These approaches were largely reflected in the Banking Royal Commission findings (Allens 2019).

5.8 WHAT IS THE RIGHT MIX FOR A

GOVERNANCE BOARD?
The composition of members on a governance Board can have adverse or positive effects on the
Board culture.
The Australian Institute of Cultural Directors (2016) has recommended that Boards be diverse in
terms of gender, age, culture, and life experiences, and this is supported from a commercial perspective
too. Research has indicated that diversity of gender, age and experience on a Board may increase the
organisation’s profits.
Board composition is also important in terms of ensuring there is a good mix of executive directors (those
that have senior roles in the company) and non-executive directors. A subsection of the non-executive
directors, known as independent members, should be Board members that do not have any involvement
with the shareholders or any business of the company. There is some indication that Boards that have more
independent members may have increased profit (Creary et al. 2019). Employee representation can also
provide a vital role in encouraging a diversity of opinions and interests in the decision-making process
(Staples & Linden 2019).
Pdf_Folio:402

402 Digital Finance

 Diversity in experience can also include a diversity of skills that may prove helpful for Boards tackling
the current speed of technology change. Deloitte has found that Boards that focus on innovation and
technology are more likely to perform financially, and it is clear that having Board members with
experience and skills in cybersecurity, digital payments and using AI in financial modelling can help the
organisation manage technology risk (Deloitte 2018; Harris 2017).
Regardless of their background or allegiances, all directors of ASX-listed companies must comply with
ASX Principles which promote a culture of acting lawfully, ethically and responsibly (Australian Institute
of Cultural Directors 2016).

5.9 FUTURE THREATS TO GOVERNANCE

In Australia, changes to corporate governance have been in the making for a while, with many consultants
and oversight committees making recommendations about the types of people on Boards, their roles and
the overall culture of the Board. Investors, employees and customers are not only interested in profits, pay
and products, they are also becoming increasingly interested in values such as social responsibility and
sustainability (McPherson 2018).
No time has this been more evident than in 2020 when Australia was affected by bushfires and
COVID-19. The global pandemic prompted a number of changes: Boards are having to reconsider business
contingency plans, employee safety, uncertainty over profit due to lockdowns, forced retail closures and
less disposable income. Companies are being forced to adopt new ways of reaching their markets and
providing safe delivery of their products.
Changes in the way people work using technology may also change the way that the Board communi-
cates internally, with the company managers, shareholders and external stakeholders. Additional virtual
meetings may be required to ensure this communication remains frequent and effective. As site visits are
often no longer possible, virtual opportunities for Board members to check operations and interact with
employees are also critical.
Climate change regulations have also increased in recent years, so environmental issues are not only
ethical and environmental but also must be considered as financial risks, according to a member of APRA’s
executive Board (Pocock & Hicks 2019).
Social responsibility means that financial institutions have to balance their own need to make a
profit with maintaining their fiduciary duty of care to customers who are struggling to pay mortgages.
For superannuation companies in particular, APRA is working to provide advice on formulating and
implementing an environmental, social and governance (ESG) strategy (APRA 2020).

IMPACT OF TECHNOLOGY ON CORPORATE GOVERNANCE

The use of technology can provide a large number of additional tools for an organisation to run their
business and to contribute to good governance (Fenwick & Vermeulen 2020). Emerging technologies need
to consider both the impacts on corporate governance and also the governance of technology such as AI
and ML.
Some key positive impacts can include:
• increasing security to improve cybersecurity management
• improving reliability, accuracy, transparency of information
• delivering process efficiencies within the supply chain
• improved communication flows to decision makers.
While technology requires investment of time and resources, innovation and internal expertise are key
elements to ensure success. For areas such as ML, the correct implementation needs to consider areas such
as human versus ML cycles for various decisions (e.g. complex, complicated or chaotic) (Hilb 2020).
Technologies such as distributed ledger technology (DLT) and blockchain can ensure verifiable data
which can remove the requirement from a number of intermediary entities and processes. Corporate
governance processes such as shareholder voting, can benefit from blockchain technology to assist with
shareholder and Board engagement through common discussion platforms and decision-making processes.
While there are a lot of positive impacts of technology, areas such as AI can have negative impacts
including third party impacts, data and privacy breaches, fraud and discriminatory practices from processes
such as AI profiling (Hickman & Petrin 2020). Ethics and governance are a key consideration in this fast-
paced transition to implement AI technology. The European Union (EU) has published a guideline in
Pdf_Folio:403

MODULE 5 Risk Management, Governance and Regulation 403

2019 ‘Ethics Guidelines for Trustworthy AI’. To ensure trustworthiness of AI, three components must be
satisfied including AI being lawful, ethical and robust (European Union 2019).
The guideline also includes seven key requirements to ensure trustworthiness:
1. human agency and oversight
2. technical robustness and safety
3. privacy and data governance
4. transparency
5. diversity, non-discrimination and fairness
6. societal and environmental wellbeing
7. accountability.

ETHICS AND GOVERNANCE WITH AUTOMATION AND AI

Weighing the benefits of technologies against the negative aspects are key societal and business consider-
ations. Technologies such as AI are involved in frequent discussions around goals of human augmentation
and conversations about the ‘greater good’.
The benefits of technology include more efficient and effective processes through technologies such as
ML that can support business and society in an inordinate and pervasive number of areas. Automation and
AI should be designed to benefit society with various global initiatives and collaboration designed to build
and grow AI in a responsible and ethical way.
Adequate safeguards to ensure appropriate control, security, safety and privacy will help with the
successful adoption of emerging technologies within society. We, as a society, will also need to adapt and
adopt our current practices to embrace all the relevant opportunities that come with AI and automation.
Ensuring that we understand the trade-offs and use ethics and good judgement during development of
AI systems will be a fundamental element to ensuring AI supports the ‘greater good’.
There are governance frameworks in place for basic automated tasks within the financial services
industry. The nature of automation can lead to an Agile way of working, however the trade-off for
governance and controls needs to be considered. Some key risks with automation include risks relating
to cybersecurity, social licence to operate, workforce/change management and project management.
Going forward, automation governance frameworks will need to build on existing technology related
governance controls, including areas such as security standards and tools. Automation tools need to cover
code validation and output verifications on areas such as configuration, recovery and maintenance.
Automation of entire processes (or significant components of processes) needs to carefully consider the
interaction between humans and machines. This requires significant and well-considered IT strategies and
support to ensure effective automation within the organisation.
Some key questions when developing an automation approach should include the following.
• Do automation projects fit into your existing business strategy and supporting culture?
• What are the risks and opportunities in automation for your organisation?
• What supply chain processes will particularly benefit from automation?
• What are the regulatory considerations for automation processes, particularly data privacy and security?
Some practical governance considerations for organisations include ensuring appropriate skills exist
in both the Board and executive management. A recent example is BHP, who in 2020 supplemented the
current Board with Board members with global technology experience. The primary intention of this action
was to recruit Board members with sufficient experience in digital/technology transformation to better
align with the long-term technological goals of BHP.
As well as governance considerations, ethical and social considerations need to be addressed with
automation, e.g. concerns over robots taking human jobs, and whether automation will ultimately improve
the safety and production outcomes that it has promised. Ensuring that concerns about automation
are addressed during implementation will help maintain a positive culture and support employees to
understand their roles and responsibilities.
Ethics considerations in AI and ML need to consider aspects such as the prevention of harm, respect
for human autonomy (that is supported by appropriate human oversight), sufficient technical robustness,
privacy of information and contribution to societal wellbeing. There are always likely to be some
underlying tensions and nervousness with fast paced technology, however, ensuing there is sufficient
engagement and transparency within the organisation will assist with the understanding of the trade-
offs and solutions. Management and Boards will always need to take the risks arising from new and
emerging technologies into consideration when they develop or review their existing governance and risk
management strategies.
Pdf_Folio:404

404 Digital Finance

 QUESTION 5.8

List the governance and control issues that organisations should consider when planning an
implementation of AI for workplace automation.

5.10 DATA GOVERNANCE

Data governance is the oversight, authority, planning and development of policies, guidelines, procedures
and strategy for the access, protection and usage of data. It covers the entire lifecycle of data from collection
to disposal. Data governance aims to address the ethical, privacy, security and compliance goals of the
organisation. This is important, as the reputation and revenue of the organisation can be harmed by a
failure to achieve those goals.
It is important not to confuse data governance and data management. Data management directs the
daily operations, which include creating, collecting, using, maintaining, protecting, storing and controlling
data. Data management strategy is guided by data governance.
Figure 5.11 shows the relationship between data governance and data management in an organisation.

FIGURE 5.11 Relationship between data governance and data management

Step 1: Goals Determine the organisation’s data-related goals, aims or objectives.

Organisations commonly focus on quality, efficiency and
effectiveness, while maintaining security, ethics, privacy and
ensuring compliance with associated rules and regulations.

Step 2: Governance Governance involves authority, planning and the development of

policies, guidelines, procedures and oversight of the organisation’s
data governance strategy.

Step 3: Policies, procedures, Data governance establishes the policies, guidelines, procedures,
standards and oversight standards, roles, responsibilities and ownership of the data, within
the data management process.

Step 4: Management The policies and procedures established in the previous step
inform the data management tasks of creating, collecting, using,
maintaining, protecting, storing and controlling data.

Step 5: Data The data has now gone through a management process that is
aligned with the organisations goals, rules and procedures, and with
external compliance for how data needs to be managed.

Source: CPA Australia 2021.

Pdf_Folio:405

MODULE 5 Risk Management, Governance and Regulation 405

 As an integral part of their business operations, financial services and technology companies face
especially high risks associated with data governance.
The role of data governance directly relates to broader corporate governance to assist the Board and
management in performing their overarching Board responsibilities. The system of corporate governance,
that provides the direction and control of an organisation, is directly relevant to the control that effective
data governance provides.
Data governance helps organisations to achieve goals and implement strategy to ensure that information
needs (from Board to operational stakeholders) are adequate, controlled and monitored. A key foundation
of effective governance is accurate, timely and reliable information flow to make decisions. If information
isn’t accurate, timely or reliable, key decisions will be severely impaired. When there is a lack of effective
information, there is increased risk of regulation breaches that require the organisation to have a sufficient
level of control.
Data governance needs to ensure appropriate control exists over information, and therefore plays a
fundamental element in the corporate governance of an organisation. The corporate governance vision
and strategy will also inform specific data/information objectives and therefore needs to have appropriate
alignment with overall strategy.
In this domain, good governance acknowledges the difference between data privacy and data security,
and addresses the requirements of each accordingly.
• Data security refers to how organisations protect their data, including technical safeguards that help
ensure data confidentiality, integrity and availability.
• Data privacy refers to the use and governance of personal data, including PII and financial information.
PII is information that is able to identify an individual. The information can be used in isolation or with
other data to identify individuals. Examples of PII can be broad and include:
– driver’s licence, bank statements, medical records, tax file number, email address, passport numbers,
credit card numbers, log-in details, telephone numbers, IP addresses and device (e.g. computer,
phone) IDs.
Satisfying both data privacy and data security concerns is a delicate but important balancing act. Data
security and privacy are discussed in detail in part C of the module.

DATA GOVERNANCE GOALS

The interrelated goals or ideals that influence data governance are ethics, privacy, cybersecurity, data
security and compliance. We will discuss each of these in turn.

Ethics
Considering ethics, in the context of data, requires us to define what is morally acceptable in terms of
creating, collecting, using, maintaining, storing or controlling data. The consequences of failing to uphold
ethical standards can include a negative impact to an organisation’s reputation.
Data ethics principles generally include:
• informed consent
• transparency
• ownership and control
• fairness and equality
• preserving privacy.

Privacy
Privacy can be defined as freedom from being monitored or disturbed by others. In the case of data,
this applies to the individuals or organisations that the information relates to — an organisation has an
obligation to protect the privacy of individuals by protecting data that is identifiable with those individuals.
The consequences of failing to respect the privacy of individuals or organisations can include harm to an
organisation’s reputation, as well as legal and financial costs.
Data ethics and data privacy will be discussed in more detail in section 5.17.

Pdf_Folio:406

406 Digital Finance

Cyber Security
Security is the state of being free from threats or danger. In the context of data, security relates to cyber-
threats. A cyberthreat is defined by the US National Institute of Standards and Technology (2011) as:
a circumstance or event that can potentially cause an adverse impact to operations or IT assets through
unauthorised access, destruction, disclosure or modification of information or impairment of a service.

This can include intentional and accidental acts or omissions, which can arise both internally and
externally for an organisation.
The goal of cybersecurity is to protect an organisation’s operations or IT assets against cyberthreats.

Data Security
Data security is practically synonymous with cybersecurity. They both consist of the same infrastructure,
principles, threats, controls and mitigations. Technically, cybersecurity might include protecting against
a few non-data-related threats like making a smart car crash or an industrial control system malfunction.
However, the same security practices that help prevent these issues are also used in data security.
Like privacy, the consequences of failing to secure information and technology assets can include:
• damage to the organisation’s reputation
• legal sanctions
• other financial costs, such as compensation for those affected by a security breach.
The main objectives of cybersecurity and data security are confidentiality, integrity and availability of
data. Data security will be discussed in more detail in section 5.11.

Compliance
Compliance refers to obeying laws or regulations. In the context of data governance, this means complying
with laws or regulations related to privacy or data security. The consequences of failing to comply with
these rules can include the imposition of sanctions or financial penalties on an organisation. This is
discussed further in part D.

DATA GOVERNANCE TOOLS

Data governance aims to achieve data security through:
• policies — guidelines for what should be done
• procedures — guidelines for how things should be done
• standards — measures of what is aimed for and what is done
• ownership or stewardship — definition of who controls or is accountable for what.
Good governance requires an organisation to define its own data security and privacy policies, which
typically include:
• what data will be collected
• how that data will be collected and used who will have access to the data
• if, how and when data can be shared with third parties
• if data can be legally collected or stored
• how long data will be stored
• what to do when there is a data breach.
Organisations also need to detail which regulatory restrictions they must comply with.
Having data governance plans in place, including data breach response plans, is becoming increasingly
important as the digital economy grows.

DATA GOVERNANCE MATURITY MODEL

A data governance maturity model can help an organisation to assess and measure the data governance
program. Typically, it covers off a range of maturity phases that gives descriptions of the components and
goals of each phase. A typical data governance maturity model will look at the organisation information
management with goals including information flow, data management, master data domains and unification
of components.

Pdf_Folio:407

MODULE 5 Risk Management, Governance and Regulation 407

 While organisations will tend to create their own maturity models, an example of a generic data
governance model is shown in figure 5.12 for reference.

FIGURE 5.12 Data governance maturity model

Optimising
Continuous
Managed improvement
Measured, focus
Defined monitored
Organisation and controlled
Repeatable based,
Project based, proactive
Initial manageable
Unpredictable, but informal
reactive, poor
controls

Source: CPA Australia 2021.

A maturity model is a tool that is used to develop, assess, and refine an expansive program. As measuring
performance based on return on investment (ROI) or reduction of cost is inappropriate for data governance
programs, another method must be constructed to assess effectiveness.

DATA GOVERNANCE AND AI

We looked at governance challenges in relation to AI in the previous section. Ensuring a good level of data
governance is a key platform for having reliable and trustworthy AI implementation (Janssen et. al 2020).
With the complexities of data, systems, calculations and processes involved with ML, neural networks
and other AI, these technologies require significant focus on good data governance. A key element of data
governance in AI is to ensure that system decisions that have significant potential impacts to society and
individuals are not subject to catastrophic failure.
To ensure best-practice data governance processes, a focus on roles and responsibilities of processes,
data (including algorithms), inter-organisational sharing, system controls and governance will assist the
organisation with successfully navigating the AI landscape.
.......................................................................................................................................................................................
CONSIDER THIS
How is good data governance communicated and implemented in your organisation?

SUMMARY
In this part, we have defined risk governance, examined the elements of risk governance and what standards
apply to good governance, described governance roles and responsibilities, and discussed data governance.
Risk governance requires the culture of the organisation to be shaped so that people are aware of and
engaged with the appropriate risk management processes of the organisation. A positive governance culture
arises from clear accountability, good risk monitoring and the willingness to learn from mistakes.
The future challenges for governance relate mainly to new technologies which fundamentally change
business processes and introduce a range of new risks, thus prompting a need for increased emphasis on
data governance. Governance is also influenced by changing expectations that organisations will address
corporate social responsibility.

Pdf_Folio:408

408 Digital Finance

 The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

5.1 Assess risks and design mitigation strategies to ensure data security for organisational outputs
• Data governance aims to create strategies and implement policies and procedures that address
the ethical, privacy, security and compliance goals of the organisation.
5.3 Analyse the requirements for an effective risk governance framework to support the
development of risk management policies including security and privacy policies.
• An effective risk governance approach addresses accountability, authority and decision making.
• A culture of risk management should be created in the organisation, led from the top.
• Data governance aims to create strategies and implement policies and procedures that address
the ethical, privacy, security and compliance goals of the organisation.
5.4 Evaluate existing risk governance frameworks and risk management policies to ensure the
ongoing improvement of the policies and frameworks.
• The elements of good governance provide a foundation from which to evaluate risk management
performance.

Pdf_Folio:409

MODULE 5 Risk Management, Governance and Regulation 409

PART C: SECURITY AND PRIVACY
INTRODUCTION
Digital security, including cybersecurity, is a critical consideration for any modern business. As technology
and business become increasingly intermeshed and networks grow to incorporate an incredibly large
number of mobile devices, the risk of cyber breach and cyber-attack also becomes far more significant.
Capable hackers are constantly concocting new ways to exploit weaknesses to gain access to data and
valuable personal information. No business is too large or too small to be immune from these rapidly
developing threats, and governments and private organisations must strive to keep up with technological
developments and changes in cybersecurity, to keep their business safe from costly events. Additionally, in
the modern technologically enabled world, personal and business privacy has become a key issue. Privacy
regulation and standards are always changing and businesses must ensure they understand these regulations
and comply.

5.11 WHAT IS DATA/INFORMATION SECURITY

AND CYBERSECURITY?
Data security (or information security) is concerned with protecting data from unauthorised access,
destruction or modification, regardless of whether these activities occur accidentally or purposefully. Some
key measures of data security include encryption, masking (obscuring the data’s purpose for the sake of
privacy), erasure (data wiping and destruction), and regular backup of data and systems.
Cybersecurity is concerned with both protecting vulnerable information through information and
communication technology (ICT) and responding to attacks. Data security focuses on data, whereas
cybersecurity focuses on data and the systems within the large cyberspace arena.
Cybersecurity includes both physical and digital information, as well as ‘non-information’ that can be
accessed within cyberspace (e.g. IoT items such as fridges, motor vehicles). The non-information items
that are vulnerable through ICT include non-information data (data which has no meaning or context), data
storage and associated technologies. Cybersecurity is about securing things that are vulnerable through
ICT. It is also concerned with where data is stored, and the technologies used to secure data. A significant
purpose for cybersecurity is the protection of ICT. These relationships are depicted in figure 5.13.

FIGURE 5.13 Data/information security, cybersecurity security and ICT security

Things that are

Information
vulnerable through ICT

Other
Analog Digital
things than
information information
information

ICT security
Information security Cyber security
CPS 234 security
ISO/IEC 27001 NIST
standard – APRA

Source: Adapted from CISO 2016; Sussman 2019.

Pdf_Folio:410

410 Digital Finance

THE EVOLVING THREAT OF CYBERSECURITY
Every organisation would like to be completely cyber-secure, but no organisation is. Cybersecurity there-
fore is a question of risk management appropriate to the organisation’s needs. One of the distinguishing fea-
tures or cybersecurity risk management is that the pervasive nature of technology in most organisations —
and certainly financial businesses — makes everyone in the organisation directly connected to this risk.
Cybersecurity strategy is a set of capabilities, a roadmap, and implementation of a suite of controls,
processes and tools that manage risk to an acceptable level. While it is tempting to think of cybersecurity
as mainly a technology issue, in reality it is a complex mix of people, process and technology.
There are two key approaches to cybersecurity strategy:
• reduce the ‘attack’ surface to minimise the ways the network can be entered
• deploy prevention controls for every known threat.
As technology changes, cybersecurity risk management needs to include monitoring of the external
threat landscape, the internal business environment, future business opportunities, and emerging technolo-
gies, such as cloud, mobility and IoT, which will entail new risks.
Cyber threats are increasing. Forms of attacks are constantly evolving and attackers are using more
sophisticated tactics, including:
• targeting core systems (not just data)
• destroying or corrupting data (not just copying data)
• encrypting data and holding companies to ransom with ransomware
• concentrating their efforts at the human layer, one of the weakest links in cyber defence.
Cybercriminals are exploiting the changes that new technology has brought to the ‘attack surface’ of
an organisation. The attack surface is the total number of points within a business that are exposed to
any form of exploitation. Networks and servers are highly interconnected. The number of devices on each
network has grown significantly. More connected devices provide more potential access points for cyber-
attackers to exploit. Figure 5.14 compares how the attack surface of a typical organisation has changed
over the years.

FIGURE 5.14 Attack surface

Attack surface in 2010 Attack surface in 2021

Attack surface before Attack surface now

IoT-connected
Email devices
Cloud Employee
services PCs

Employee Employee
intranet intranet
Safe zone Employee Mobile Safe zone Email
PCs devices

Physical Physical
records records
Servers
Public Wi-Fi

Servers SaaS products

Source: CPA Australia 2021.

Cyber threats usually occur as one of the following four types.

1. Attacks on computer systems or devices.
– A denial of service (DoS) attack is meant to shut down systems, servers or networks, making
it inaccessible to its intended users or, or prevent it from processing legitimate requests. This
occurs when malicious devices overload a website or access point (usually via a code exploit, or
by overwhelming the access point with requests), rendering it consistently unavailable. These are
typically distributed and thus may be referred to as a DDoS attack.
Pdf_Folio:411

MODULE 5 Risk Management, Governance and Regulation 411

 – Malware, short for ‘malicious software’, is a file or code, typically delivered over a network, that
infects, explores, steals, or conducts any other activities that an attacker may want. This can even be
done by ‘clickjacking’ where victims are tricked into clicking on a link or button (usually hidden on
a seemingly legitimate webpage on the internet) that then typically executes malicious code. There
are several different types of malware.
• Ransomware that prevents you from accessing your files. The attacker then may offer to sell you
a password to unlock the files, that may or may not actually work.
• Rootkits that allow cybercriminals to remotely access your computer to explore your network for
valuable information. Access is often gained by the hacking of a device on the attack surface that
does not have strong security, such as IoT devices (e.g. an internet-enabled fridge that is company
Wi-Fi connected and compromised with a poor password).
• Spyware that captures your keystrokes to harvest your data (logins, or inputted financial data) that
can then be either sold, or used to access your organisation’s network at a later time.
– A ‘computer virus’ is often a specific type of malware used to describe malicious code including
‘trojans’ and ‘worms’.
2. Cyber fraud.
– Phishing, which is a fraudulent communication (e.g. email, SMS or instant message) disguised as
a legitimate communication. Phishing tricks the recipient by enticing them to click a link, open
an attachment or provide sensitive information to obtain sensitive data (e.g. credit card or log-in
information), or install malware on the victim’s machine.
– Social engineering is a more complex deception than phishing and involves manipulating a victim
into doing something they shouldn’t. Examples may include a receptionist providing building access
to an unauthorised uniformed technician, or a staff member providing sensitive information, such as
a password, to a ‘new IT team member’ who calls them while they are busy and distracted. Often
the victim will be unaware they have done anything wrong.
– Deep faking is where an image, audio or video clip is edited to seem real enough to deceive a
victim. Usually deep fake technology is the product of AI. In 2019 a UK energy firm was scammed
out of USD243 000 after an attacker used deep fake technology to mimic the voice of a director
(Stupp 2019).
3. Credential based.
– Attackers trying to gain credentials, such as login passwords, either by compromising a service or
by purchasing lists on the black market.
4. Data breaches.
– When personal or sensitive information is accessed or disclosed in an unauthorised manner.
– When data is lost.

5.12 INDUSTRY STANDARDS

Cybersecurity standards are published techniques or guidelines that guide the information security and
cybersecurity approach, and the processes needed to prevent or mitigate cyber threats. Some guidelines
outlined in cybersecurity standards are optional; others will be required for compliance with other
industry standards.
Cybersecurity standards are based on proven strategies and help:
• safeguard personal data and intellectual property
• protect information technology systems and devices
• implement processes to mitigate risk of cyber threat.

APRA CPS 234 SECURITY STANDARD

APRA-regulated entities must follow the CPS 234 security standard and take measures to counter
information security threats and protect vulnerabilities, especially any impact resulting in access to
information assets by cyber criminals. The measures must be ongoing, across the organisation and include
information assets managed by third parties.

Pdf_Folio:412

412 Digital Finance

PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a guide to maintaining a secure
environment for all organisations that accept, process, store or transmit credit card information. Essentially,
it aims to improve security throughout the transaction process.

NIST
The NIST Cybersecurity Framework (NIST CSF) provides voluntary guidance around cybersecurity
risk. It is a regarded as the industry standard and best practice in cybersecurity. Utilising the NIST
cybersecurity framework, along with appropriate cybersecurity controls will complement and support an
effective ISMS.
The NIST CSF Core is a set of desired cybersecurity activities and outcomes, arranged using simple,
non-technical language to facilitate communication between stakeholders. The Core comprises three parts:
1. functions
2. categories
3. subcategories.
Functions are the backbone of the Core and are the five main elements of a successful cyber-
security strategy. The five functions included in the Core are identify, protect, detect, respond and
recover. Think of them as the basic incident management tasks. They apply not only to cybersecurity
risk management, but to risk management in general. Each function of the Core contains categories
used to identify specific tasks or challenges. The categories help define the cybersecurity objectives.
Table 5.9 shows the categories within each function in the NIST framework.

TABLE 5.9 NIST CSF functions and categories

Function Category

Identify • Asset management

• Business environment
• Governance
• Risk assessment
• Risk management strategy
• Supply chain risk management

Protect • Identity management and access control

• Awareness and training
• Data security
• Information protection processes and procedures
• Maintenance
• Protective technology

Detect • Anomalies and events

• Security continuous monitoring
• Detection processes

Respond • Response planning

• Communications
• Analysis
• Mitigation
• Improvements

Recover • Recovery planning

• Improvements
• Communications

Source: NIST 2018.

Pdf_Folio:413

MODULE 5 Risk Management, Governance and Regulation 413

 Each category then contains subcategories, which are objectives that spell out the required state of the
organisation’s risk management at that given stage, if the NIST framework standard has been followed.
Each subcategory has a set of references to materials, called informative references, that support the user
to reach the objective of each subcategory.

THE ISO/IEC 27001 STANDARD

The International Organization for Standardization (ISO) and the International Electrotechnical
Commission (IEC) have published a suite of information security standards that provide best practice
recommendations on information security management. These standards include ISO/IEC 27000
(Overview of ISMS), ISO/IEC 27001 (ISMS requirements) and ISO/IEC 27002 (Information security
controls code of practice). ISO/IEC 27001 is part of the ISO 27000 family of standards (which also
includes a significant number of supporting guidance documents).
The key element of ISO/IEC 27001 is the design and implementation of an ISMS. The standard consists
of policies, procedures and additional controls involving people, processes and technology. It provides the
security controls that can be implemented to mitigate risk and thus protect the confidentiality, integrity and
availability of the organisation’s information.
Following ISO/IEC 27001 is a best practice approach, and helps businesses address information
security, cybersecurity, and privacy protection within their organisation. It provides a framework to
help organisation to establish, implement, operate, monitor, review, maintain and continually improve
an ISMS.

ISMS
An ISMS is a combination of processes that together help an organisation to manage its information
security by assessing risks and reducing them through proactive action. An ISMS will assist in protecting
information and will incorporate a number of controls and supporting activities within the framework.
The controls are a combination of people/process/technology controls which protect, detect, and respond
to information and security threats. Figure 5.15 describes some of the key characteristics of an ISMS.

FIGURE 5.15 ISMS key features

Key enablers are

‘tone from the top’
An ISMS manages It protects data and
and leadership,
information security information, including
together with bottom-up
for an organisation. personal information.
support from the
organisation.

ISO/IEC 27001 is the

Risk management international standard
ISMS secures both online
is a key component that details the
and paper-based data.
to an ISMS. requirements for
ISMS implementation.

Control optimisation
will be tailored to your Contiuous improvement
ISMS assists with
organisation, with processes will assist
optimum decision making
ISO/IEC 27001 including with maintaining a
for your organisation.
114 optional controls strong control environment.
to manage risk.

Source: CPA Australia 2021.

Pdf_Folio:414

414 Digital Finance

 The main elements of an ISMS are as follows.
• An information security policy. What are the rules on keeping things secure?
• Objectives. What are you trying to achieve?
• Risk assessment and treatment. What could go wrong and how could that be prevented?
• Roles and responsibilities. Who does what in your ISMS?
• Competence. Do employees have the skills they need?
• Awareness training. Do key internal stakeholders know about information security?
• Monitoring and measuring. How is the organisation assessing what’s going on?
• Internal audit. Are independent checks ensuring that it’s all happening as required?
• Management review. Are managers keeping everything under control?
Independently accredited certification to the standard is recognised globally to confirm that an ISMS is
aligned with information security best practice.

ISO/IEC 27001 Structure and Requirements

The structure of ISO/IEC 27001 is shown in figure 5.16. Clauses 4 to 10 are mandatory for certification
against the standard.

FIGURE 5.16 ISO/IEC 27001 components for an ISMS

1, 2 and 3. Scope, normative references and terms and definitions

Provision of relevant context and references

4. Context of the organisation

Internal and external factors to consider in achieving objectives

5. Leadership

Management support, including roles and responsibilities and monitoring processes

6. Planning and risk management

Development of risk management plans including risk treatment plans

7. Support

The right resources, right people and right infrastructure

8. Operations

Execution of plans and processes

9. Performance evaluation

Monitor, measure, analyse and evaluate the ISMS

10. Improvement

Continous improvement and action implementation

Source: Adapted from IT Governance (2021a)

ISO/IEC 27001 Risk Assessment

A risk assessment (see section 5.3) should be completed to identify the controls that have been included
in, or specifically omitted from, the ISMS. A list of 14 control sets included within ISO/IEC 27001 are:
1. A.5 Information security policies (2 controls)
2. A.6 Organisation of information security (7 controls)
3. A.7 Human resource security (6 controls)
4. A.8 Asset management (10 controls)
Pdf_Folio:415

MODULE 5 Risk Management, Governance and Regulation 415

5. A.9 Access control (14 controls)
6. A.10 Cryptography (2 controls)
7. A.11 Physical and environmental security (15 controls)
8. A.12 Operations security (14 controls)
9. A.13 Communications security (7 controls)
10. A.14 System acquisition, development and maintenance (13 controls)
11. A.15 Supplier relationships (5 controls)
12. A.16 Information security incident management (7 controls)
13. A.17 Information security aspects of business continuity management (4 controls)
14. A.18 Compliance (8 controls).
A.9 Access control includes, for example:
• A.9.1.1 Access control policy. This policy establishes, documents and monitors based on the
organisation’s included rules, rights and restrictions.
• A.9.1.2 Access to network and network services. Users have ability to access to information and
network resources required for completion of their role.

5.13 IMPLEMENTING BEST PRACTICE

INFORMATION SECURITY
The implementation of an effective ISMS based on ISO/IEC 27001, including the completion of risk
assessment and controls, will help an organisation manage key information risks and meet its strategic
and operational objectives.
The requirements in ISO/IEC 27001, together with best practice guidelines in ISO 27002 are key
sources of information to successfully implement an ISMS.

ISMS PROJECT IMPLEMENTATION METHOD

The ISMS project implementation follows a number of steps, described below.

Project Mandate
Establishing a project mandate helps initiate the project prior to the project commencing. Project mandates
will help provide a defining document to ensure clarity of purpose, responsibilities, communication
methods, background, scope, interfaces and a business case.
Key information/cybersecurity considerations are as follows.
• The project mandate will include all of the information security and cybersecurity objectives, the
organisation’s current perceived maturity and existing initiatives.
• This will ensure each area of the organisation has clear communication and all interfaces defined.
• The ISMS implementation project needs to be communicated across the organisation, which will ensure
a shared understanding and a more effective risk management program.

Asset Identification and Valuation

The identification of the organisation’s ICT assets that are required to be protected, together with their
value will be completed using a risk-based approach.
The ICT assets will be risk-rated based on confidentiality, integrity and availability using a statement of
sensitivity (SOS).
Key information/cybersecurity considerations are as follows.
• A listing of critical ICT assets will be created based on existing asset lists, and other asset related
documentation. The SOS listing, which will rate the assets should include all business-critical assets,
including devices, data and infrastructure.
• The rating of the assets using the confidentiality, integrity and availability criteria, will help understand
trade-offs (e.g. the asset’s necessary security versus accessibility to the assets in order for employees to
do their jobs).

Risk Assessment – Establishing the Context

This step establishes the context of the organisation and how you will measure the risk. This
defines the conditions to be taken into account when managing risk and criteria-setting for the risk
management process.
Pdf_Folio:416

416 Digital Finance

 Key information/cybersecurity considerations are as follows.
• Following completion of the SOS, the context setting enables the implementation of an ISMS.
• The risk assessment context should leverage and utilise existing risk management methodology and
tools where possible.

Risk Assessment – Risk Identification

This step identifies all of the potential sources of risk, including threats and vulnerabilities. The difference
between a risk and a threat is as follows.
• A threat is anything that might cause some sort of harm, typically through a vulnerability that can cause
damage (e.g. virus attacks, data damages).
• A risk is the chance or level of consequence (e.g. high, medium or low) that a threat could cause harm.
Once threats are identified, vulnerabilities are documented which measure the potential for exposure
including how vulnerable each asset is perceived to be.
This allows a complete list of risks, including threats and vulnerabilities, based on a population of threat
events that may affect the achievement of the organisation objectives.
Key information/cybersecurity considerations are as follows.
• Threat event. What could happen?
• Threat impact. If it happened, how bad could it be?
• Threat frequency. How often could it happen?
• Probability. How certain are the answers to the first three questions?
The identification exercise will document risks/threats to all ICT assets that could cause damage (e.g.
virus attacks, trojans, worms, piggybacking, phishing and identity theft).
The vulnerability identification documentation will include the differentiation of asset types to potential
exposures (e.g. a hack attack threat impact on servers, mobile phone or laptops) or use (e.g. mobile phones
being used remotely versus being connected to in-house ICT infrastructure).

Risk Assessment – Risk Analysis

This step identifies the potential consequences of risk. Risk analysis will involve completing causal path
analysis, reviewing the impacts, and the likelihood of the risk occurring.
The controls to manage risk will be identified and considered in the processes. This will utilise a
statement of accountability (SOA), which is a key component of an ISMS within ISO/IEC 27001.
Key information/cybersecurity considerations are as follows.
• The risk analysis on the risks, threats and vulnerabilities will include the likelihood and consequence of
all of the identified breach and attack scenarios.
• Utilising industry sources (e.g. news stories, published journals) and internal information (e.g. near
misses, breach statistics) on attacks and breaches can be a good indicator of how likely the event may
be and the potential for consequence.
• The SOA details the ISO/IEC 27001 controls, which benchmarks against Annex A in ISO/IEC 27001.
The SOA will detail established security controls, justifications, implementation status and any exclusion
reasoning against Annex A.
• The three areas where security controls can be implemented include management security, operational
security and physical security.

Risk Evaluation (Impact and Likelihood)

This step compares the potential risk against the consequences and decides if the risk needs treatment.
The purpose of risk evaluation is to improve decision making, based on risk analysis, and will help
determine which risks are unacceptable and require treatment. Evaluation also provides information on
how to prioritise implementing treatments.
Key information/cybersecurity considerations are as follows.
• The evaluation of risk treatment actions using a cost benefit analysis will help the organisation focus on
the most significant breaches to ensure adoption of appropriate security and control measures.

Risk Treatment (Mitigation)

This step treats potential sources of risk, either by elimination or mitigation. Treatments will be prioritised
to improve unacceptable risks.
Risk treatment options include accepting the consequences of a risk, taking action to avoid it, mitigating
against it (the likelihood or consequences), or third-party transfer of risk.
Pdf_Folio:417

MODULE 5 Risk Management, Governance and Regulation 417

 Key information/cybersecurity considerations are as follows.
• The methods of risk treatments for managing threats, vulnerabilities and impacts will consider the
hierarchy of controls, which you learned about in part A of this module. These can include transfer,
avoid, accept and manage/mitigate.
• The ISMS framework, particularly the supporting procedure, shall detail the methods of risk manage-
ment and supporting controls.

ISMS Establishment
Following the completion of the steps 1–8, including the asset identification and risk assessment activities,
the outputs above will be incorporated in the policies and procedures that constitute the ISMS.
The requirements in ISO/IEC 27001, together with best practice guidelines in ISO 27002, will be key
sources of information to successfully implement an ISMS.
Key information/cybersecurity considerations are as follows.
• The ISMS framework documentation, using the ISO/IEC 27001 structure and principles, will help with
ensuring sufficient information for a best practice information security system.
• The ISMS documentation will include consideration of the ISO/IEC 27001 clauses (per ISO 270001
section above).
– 1, 2 and 3. Scope, normative references, and terms and definitions (provision of relevant context and
references)
– Context of the organisation (internal and external factors to consider in achieving objectives)
– Leadership (management support, including roles and responsibilities, and monitoring processes)
– Planning and risk management (development of risk management plans including risk treatment
plans)
– Support (right resources, right people, right infrastructure)
– Operations (execution of plans and processes)
– Performance evaluation (monitor, measure, analyse and evaluate the ISMS)
– Improvement (continuous improvement and action implementation)

ISMS Monitoring and Review

This step should encompass all aspects of the risk, threat and vulnerability management process to analyse
current risk information, understand changes, monitor controls and ensure emerging themes are identified.
Key information/cybersecurity considerations are as follows.
• Ensuring there are appropriate monitoring and review processes across your organisation from a
number of stakeholders (e.g. ICT, audit, management, compliance and governance) should include
processes to:
– analyse risk information including trends, updates and changes
– understand where risks have changed through both internal and external lenses
– ensure that controls to manage risk are designed and implemented effectively
– ensure that emerging risks are identified.

5.14 SELECTING SECURITY CONTROLS

Security controls are required across an organisation to form a comprehensive security strategy to protect
data. The types of security controls that should be implemented will depend on whether the organisation
is seeking to protect physical assets (e.g. infrastructure, devices) or information assets (e.g. digital
documents, databases, encryption keys), or both.

PHYSICAL ASSETS
Physical asset controls focus on securing areas and equipment to deter, detect or prevent unauthorised or
unintentional access.
ISO/IEC 27001 provides guidance for controls to manage physical access to physical assets. Example
control types include:
• implementing perimeter security
• having entry controls
• designating secure areas
• limiting public access
• conducting equipment maintenance
Pdf_Folio:418

418 Digital Finance

• implementing asset disposal processes
• having clear desk/clear screen policies.

INFORMATION ASSETS
Security controls for information assets will need to ensure confidentiality (only the authorised persons
have the right to access information), integrity (only the authorised persons can change the information)
and availability (the information must be accessible to authorised persons whenever it is needed).
Example control types for information assets include:
• backups
• data encryption
• firewalls
• access control lists
• subnetting.

TYPES OF CONTROLS
Controls can be implemented by three primary areas of an organisation.
• Management security. Think about management security as the overarching design that provides
guidance for the rest of the organisation. They are the rules and procedures that need to be followed
to implement the security environment.
• Operational security. After the network has been installed, operational security refers to how effective
the controls are. Think of things like who has access, how access is authenticated, and the general
security of the network.
• Physical security. Physical controls protect the physical domain of an organisation. Think of things like
hardware, data, and protection from people – such as restricting access to buildings.

CATEGORIES OF SECURITY CONTROLS

Security controls can be categorised by the intended response to the controls and the objective they will
achieve when implemented. There are three categories of security controls.
• Preventative controls. Preventative controls are put in place to stop cybersecurity incidents happening
in the first place. An example is restricting physical and system access (certain staff members only have
access to server drives that are relevant to their work) and implementing the need for certain types of
authentication (requiring administrative permission to install any new software on a work computer).
• Detective controls. Detective controls are designed to pick up when a cybersecurity breach is attempted
or, if successful, is underway so that a cybersecurity response can be made. An example is having anti-
virus software installed that can provide reports to IT staff, who can assess the attempt and mitigate
where required.
• Corrective controls. Corrective controls are implemented after a breach to minimise damage and restore
normal operation as soon as possible. An example is having prepared an incident response plan. For this
plan to be successful, organisations require fastidious data backups and restoration regimes that occur
very regularly. These controls will salvage the organisations date in the case of any event where data is
locked (e.g. a ransomware breach), damaged or lost.
Standards help define controls to implement. Standards offer controls for a given cybersecurity
objective. For example, ISO/IEC 27001 has 14 annex groups under which the controls can be found.
Within these groups there are 35 listed control objectives and 114 comprehensive controls to follow. You
don’t need to know the detail of all these controls, just that the structure and key components are mostly
the same across the standards, with similar groups or categories that lead to elements of cybersecurity and
to controls which can be put in place when appropriate.

MAPPING CONTROLS TO RISK AND BUILDING A STATEMENT

OF APPLICABILITY
A statement of applicability (SOA) will help map controls to risk. It is used to implement an information
security management system (ISMS) and should be continuously updated.
The SOA is a core element of ISO/IEC 27001 which includes the controls applied to an organisation.
It is completed after a risk assessment. It is a document, commonly in spreadsheet format, that sets
Pdf_Folio:419

MODULE 5 Risk Management, Governance and Regulation 419

out the controls chosen in response to the risks identified. It provides a link between the risk assess-
ment and risk treatment stages of risk management. It is used to implement an ISMS and should be
continuously updated.
The following information is required in an SOA.
• List of controls. All the security controls identified to include in an ISMS. For example, include a list of
the 14 control sets, including 114 Annex A controls including protection from malware.
• Justification. A note of why you chose each control. Also provide justification for excluding any
controls. For example, ‘The controls for protection from malware (12.2) is included within standard
documentation and included due to the criticality of the processes to support the organisation’s
activities’.
• References. A reference to any policy, procedural or systems documentation you plan to follow to
implement the controls. For example, ‘The reference for protection from malware (12.2) is included
within the organisation ISMS standard and supporting procedure (malware protocol procedure)’.
• Status. A note on whether each control has been implemented as yet. For example, ‘The controls for
protection from malware (12.2) are implemented, however, have areas of improvement including:
– Control removable storage media and connected devices. Block unapproved CD/DVD/USB stor-
age media. Block connectivity with unapproved smartphones, tablets and bluetooth/Wi-Fi/3G/4G
devices.
– Antivirus software with up-to-date signatures to identify malware, from a vendor that rapidly adds
signatures for new malware’.
The SOA is a roadmap to build the ISMS. ISO/IEC 27001 requires an organisation’s ISMS to include
details of all legal, regulatory, statutory and contractual information security requirements faced by that
organisation and the approach used to satisfy those requirements. The SOA meets these needs.
Example 5.3 describes a data breach at the fictional company Hayes-Mueller Group LLC.

EXAMPLE 5.3

A Complex Attack
Hayes-Mueller Group LLC was a large corporation that owned hundreds of retail stores across North
America. The company used the services of many external contractors for transportation, infrastructure,
and maintenance for its physical stores around the continent.
The company created a web-portal that its contractors and business partners could log into to
submit contract bids, invoices, and integrate with Hayes-Mueller Group operational IT systems for
workflow efficiency.
Temio Security Industries was a vendor that provides physical security monitoring such as alarms and
closed-circuit television (CCTV) within stores. It had access to the company’s contractor web-portal.
Cyber attackers sent a phishing email to an employee from Temio Security Industries. The employee was
tricked into downloading and executing a malicious attachment that installed malware on their computer.
The antivirus software on the workstation failed to detect the malware.
The malware monitored activity on the compromised workstation and recorded keystrokes typed by
the user (a technique known as keylogging). During this period the employee logged into the Hayes-
Mueller Group web-portal using their username and password. This enabled the attackers to steal their
credentials. A short time later the attackers logged into the web-portal using the stolen credentials and
began looking around the portal application, gathering information about the application, the server, and
the company’s IT infrastructure.
Hayes-Mueller Group required two-factor authentication (2FA) for some vendors who accessed highly
confidential data. Vendors that were not in this group did not require 2FA, as there was a belief that
the low-security vendor access was segmented from the high security ones. This belief turned out to
be mistaken.
The vendor web-portal software (which was developed in-house) had several technical vulnerabilities
that the attackers found and exploited, allowing them to take control of the server. The web server was
directly connected to the Hayes-Mueller Group corporate network, which also hosted the company’s other
main servers, databases, and staff workstations.
With control of the server, the attackers were able to communicate with other computers on the
corporate network. They installed their own hacking software on the server and conducted network
scanning to gather information on the other connected computers and their technical vulnerabilities.
This allowed the attackers to move laterally within the corporate network by compromising other servers
through various technical exploitation techniques. Some of the technical exploitation was possible due to
out-of-date software on the machines.
Pdf_Folio:420

420 Digital Finance

 Hayes-Mueller Group used an outsourced network security monitoring provider. The provider,
HawkEyeSec, monitored the intrusion detection system in the Hayes-Mueller Group corporate network
and alerted the company’s small internal cyber security team if suspicious activity was detected. During
this phase of the cyber-attack, some alerts were generated by the IDS, which were communicated from
HawkEyeSec to the company’s security team; however, they were not properly investigated and the attack
continued undetected.
As the intrusion progressed, the attackers were able to guess the credentials for a pre-configured user
account on an administrative server with high privileges. The compromise of this administrator account
allowed the attackers to install malware on point of sale (POS) terminals in hundreds of retail stores to
steal credit card data from customers as they shopped.
The compromise of POS terminals was possible because they were running custom software
that had been insecurely designed and because the terminals were on the same network as the other
compromised servers.
Over a period of a few weeks the attackers were able to steal credit card details from millions of
customers. The stolen details were transferred from the POS terminals to a compromised server within the
Hayes-Mueller Group corporate network and then sent externally to other compromised servers located
in countries such as China, Brazil and Iceland. From those locations, the attackers were able to download
the stolen data without being traced.
The breach was only discovered by the company after they were notified by credit card issuers who had
investigated the source of the stolen card data. The card issuers were tipped off by a law enforcement
agency that found the card data for sale on several underground cybercrime marketplaces.
Over the ensuing years, the breach cost Hayes-Mueller Group over USD200 million in costs and
penalties due to negligent security practices.
The steps in the attack are summarised in figure 5.17.

FIGURE 5.17 A complex cyber-attack

Temio
Security
Industries 7
1 Attackers
Attacker’s
2
external server

Vendor
web portal 6

3
Internal
corporate
network
5

POS
terminals

Key:
1. Compromise of Temio Security Industries credentials for
vendor web portal.
2. Exploitation and compromise of vendor web portal.
3. Lateral movement in Haynes-Mueller Group internal
corporate network.
4. Installation of malware on POS Terminals.
5. Moving stolen credit card data to a compromised
internal server.
6. Moving stolen card data to external servers.
7. Retrieval of stolen card data by attackers.
Source: CPA Australia 2021.
Pdf_Folio:421

MODULE 5 Risk Management, Governance and Regulation 421

5.15 IMPLICATIONS OF AN IMMATURE APPROACH
TO CYBERSECURITY
A risk-based approach for managing cybersecurity will assist management and Boards to understand cyber
risk management in their organisation (McKinsey 2019). The risk-based approach will build on an existing
cybersecurity focus and will focus effort on the most significant risk areas for cyber security related risks
and threats.
A risk-based approach is particularly useful for resource-constrained organisations or organisations that
are less mature in cybersecurity.

A ‘LIGHT TOUCH’ APPROACH

An immature approach to cybersecurity can lead to insufficient information about an organisation’s level
of protection. When awareness of cyber risks at different levels of the organisation is not clear, it can
cause blind spots in decision making. Leadership may have trouble getting insight into the effectiveness
of cybersecurity policies, and whether compliance is being tracked and fixed correctly.
Cybersecurity awareness training supports the first line of defence. If the computer-use policy of
an organisation does not include simple recommendations such as strong passwords, and informing
employees of email risks, the comprehensive cybersecurity management system is lacking and it can
restrict business continuity. It may even lead to criminal negligence by employees.
A mature approach to cybersecurity will protect the organisation against cyber threats and will support
teams to work with agility while still following the cybersecurity measures in place. Three key elements
of a mature approach to cybersecurity are as follows.
• Consistency. There is a consistent approach to cybersecurity across the organisation. The business has
clear messaging to all staff about expectations and responsibilities.
• Adaptability. The organisation has the ability to adapt to changes in the risk environment, and
communicate them effectively to affected stakeholders.
• Accountability. Everyone knows the policies and procedures and there are clear accountabilities.

ENGAGING CYBERSECURITY PROFESSIONALS

If an organisation lacks the resources to design and implement their own comprehensive cybersecurity
program, they can engage external professionals. Although it is not recommended to outsource all
cybersecurity management, cybersecurity professionals can enhance a management program with better
informed decisions around cybersecurity risks.

Advantages
Advantages to outsourcing cybersecurity management to external professionals include the following.
• Supplement internal knowledge. Using the right tools, technology and approach, the organisation can
supplement its cyber security incident response through tools such as a secure monitoring system.
• Cost savings. Due to the distribution of security applications and facilities across the organisation,
significant fees can be incurred. Using a team of external experts through a subscription service can
cost a fraction of the amount that would be required to build internal team capability.
• Security expertise. IT security professionals for in-house teams can be difficult to identify, recruit, and
retain in today’s environment, and due to in-house ICT responsibilities can often struggle to find time
to keep up. External professionals, or consultants, sometimes have the additional capability (and the
incentive) to keep up with the latest security trends.
• 24/7 support. Outsourcing to security providers generally enables the organisation to provide real-time
cyber security reporting 24/7, 365 days a year. This is critical because of the uncertainty of cyber-attacks
and the unpredictability of cyber criminals.
• Compliance management. Cyber security plans that ensure the organisation adheres to specific regula-
tory measures can be difficult to implement. Regulations are constantly changing and if security plans
don’t change with them, there is a risk of being non-compliant. External professionals are sometimes
better placed to keep on top of changes in the industry, and ensure the company meets industry
regulations. The external professional will need to have experience in both compliance and completing
specific audits.
Pdf_Folio:422

422 Digital Finance

Disadvantages
Disadvantages to outsourcing cybersecurity management to external professionals include the following.
• Sensitive data. Using and trusting outside parties with sensitive data or intellectual property can
potentially open the organisation to additional exposures beyond what would-be hackers could inflict.
The third party must be trustworthy.
• Additional software/hardware requirements. External providers may require the organisation to use
specific security software or suggest additional hardware requirements as part of the terms and
conditions of service. This can be an added cost, can (in some cases) bloat and slow down ICT systems,
or provide services that the organisation does not actually need.
• Service-level agreements. Ensuring that the service-level agreements and support matches the organisa-
tion’s specific requirements can sometimes be difficult. Some key questions include the following.
– How will the vendor respond to incidents and what is their promised turnaround time?
– What type of protections do they have in place, and how frequently are these provisions updated?
• Lack of control. Sacrificing and relinquishing key cybersecurity responsibilities to eternal providers can
be daunting, so ensuring a strategy and monitoring program are key.

Outsourcing Options
Outsourcing options include the following.
• Virtual CISO. Using a virtual chief information security officer (CISO) is a good option for organisations
that may not have the budget for a fulltime CISO, but want robust cybersecurity leadership for their
organisation.
• Consultants. If the organisation only wants to outsource some of its cybersecurity, it could bring in
cybersecurity professionals to assist with different components such as the cyber strategy.
• Cybersecurity-as-a-service (CSaaS). CSaaS is typically a subscription model where part of the organ-
isation’s cybersecurity management is outsourced (Stickman 2018; IT Governance 2021b). CSaaS
companies typically offer services such as:
– consultation
– anti-virus updates
– penetration testing
– cybersecurity health checks
– compliance with laws and industry standards
– business continuity planning
– network vulnerability scan
– training
– cybersecurity incident plans.
The most important part of cybersecurity management is the strategy. External consultants can help
develop a strategy, but the strategy and the strategy communication architecture should always be retained
and maintained inside the organisation.
.......................................................................................................................................................................................
CONSIDER THIS
What circumstances would challenge your company’s current cybersecurity strategy?

QUESTION 5.9

Explain the importance of the three key elements of a mature cybersecurity approach.

QUESTION 5.10

What are the key advantages and disadvantages of outsourcing cybersecurity management?

Pdf_Folio:423

MODULE 5 Risk Management, Governance and Regulation 423

5.16 CYBER BREACH
In 2013, Target US experienced a cyber-attack during ‘Black Friday’, the busiest shopping day of the year.
The attack resulted in a data breach of the personal and financial information of 110 million customers
who had used their credit or debit cards in Target stores. The success of this cyber-attack illustrates that
the attackers had planned well, but Target had (inadvertently) made it easy for them.
Example 5.4 describes the elements that contributed to the scale and effectiveness of the cyber breach
and how Target could have managed the risk more effectively.

EXAMPLE 5.4

Target US Black Friday Cyber Breach

Public Availability of Sensitive Information
A simple Google search would have led the attackers to a case study on Microsoft’s website that detailed
Target’s cybersecurity infrastructure and technical infrastructure. All the information potential attackers
needed to know was readily available to them.
A Google search would have also brought up information for Target’s suppliers and vendors on how to
interact with Target, giving the attackers information they would need to accurately impersonate Target.
Non-Stringent Access and Inconsistent Software Security
The attackers then used this information to trick a Target vendor with a phishing email. The email allowed
the attackers to install malware on the vendor’s computer and steal the vendor’s login credentials.
The vendor used a free version of anti-malware software that did not protect against the malware the
attackers used. All major paid anti-malware software would have detected the malware.
Monitoring Issues
With the vendor’s credentials, the attackers had access to Target’s internal network. When the attackers
gained entry, a malware detection tool registered the activity, but the alarm was ignored.
Infrastructure Weakness
The attackers then placed malware in Target’s POS systems. The malware was designed to take credit
and debit card information from customers as they used their cards at checkout. The attackers then sold
the credit card information on the dark web.
What Could Target Have Done to Prevent or Limit the Damage of the Cyber-Attack?
• Kept details of its cybersecurity strategy confidential. Access to the strategy allowed attackers to find
weaknesses and plan their attack.
• Limited vendor access to their network. Target should have required vendors who had access to
their systems to use adequate anti-malware software. They could have taken extra precautions by
using additional controls between their own systems, and their vendor’s systems, such as two-factor
authentication for logins.
• Improve the monitoring of system activity. Target should have had better POS management and
monitoring tools. Better policies and training around security may have meant picking up the breach
sooner.

.......................................................................................................................................................................................
CONSIDER THIS
With the benefit of hindsight, Target’s cybersecurity failings seem obvious. Are you aware of any cybersecurity failings
in your own organisation? Do people take basic cybersecurity measures such as using strong passwords and locking
screens seriously?

PREPAREDNESS FOR A BREACH

Cybersecurity risk management cannot eliminate the risk of a breach. It is important, therefore, to have
a plan in place to respond if/when a breach occurs. This should be designed to bring the breach under
control, minimise its effects and meet legal requirements. Executives in the organisation should have
walked through the plan in real time so everyone understands what will need to occur.

Pdf_Folio:424

424 Digital Finance

 In addition to the technology and access measures that need to be taken to remove the threat and
restore system and data integrity, a major issue for the organisation is disclosure. Where the privacy of
personal data has been compromised, the affected parties must be informed so they can take necessary
steps to control the impacts. Disclosing is also very important from a public relations and reputational
perspective. Being able to communicate openly with affected parties and individuals is very important,
and public disclosure must be part of the organisation’s disaster response strategy. This issue is covered in
section 5.17.
Example 5.5 shows some of the risks and associated consequences of a cyber-attack.

EXAMPLE 5.5

Equifax
In 2017 government hackers gained unauthorised access to a website belonging to the US credit bureau
Equifax. The initial compromise of the website was achieved by the hackers exploiting an unpatched
security vulnerability in the software that was running the site.
Once the attackers gained access to the website, they were able to use the same vulnerability to access
other internal Equifax information systems. The intrusion allowed the hackers to access and steal the
company’s data over 76 days, until their activities were detected and stopped.
The stolen data included full names, dates of birth, home addresses, social security numbers and other
personal data for approximately 148 million US residents, 15 million UK residents and 20 000 Canadian
residents. Additionally, over 200 000 credit card numbers were also stolen from some of these individuals.
The ensuing investigation revealed that in addition to the outdated software, Equifax had poor security
practices including:
• not encrypting sensitive information
• a lack of network and database segmentation (isolation)
• insufficient security monitoring.
If these security controls had been better, the company may have thwarted the breach or detected
it earlier.
In July 2019 Equifax reached a settlement with the US Federal Trade Commission (FTC), Consumer
Financial Protection Bureau (CFPB) and US states and territories in relation to damages caused by
the breach. The settlement was intended to compensate individuals and require Equifax to undergo
organisational changes to avoid future data breaches. The settlement included victim compensation of
USD300 million, USD175 million to US states and territories involved, plus fines of USD100 million (Federal
Trade Commission 2019).

5.17 DATA PROTECTION, ETHICS AND PRIVACY

In section 5.10, we discussed data governance and its areas of concern: ethics, privacy, cybersecurity, data
security and compliance. In this section we will look in more depth at data protection in relation to ethics
and privacy.

IMPORTANCE OF ETHICAL CONDUCT IN THE

DIGITAL ECONOMY
For a company to succeed in the digital economy, they require digital trust, which is a belief by
consumers and other organisations that their digital practices are transparent, honest, safe and reliable
(Accenture 2016).
Digital trust is important for growth and collaboration. The digital economy often sees businesses
partnering to create value. Once partnered, sharing customer data between companies could allow targeted
selling of products and services by identifying an individual’s hobbies, employment, health, age and so on.
This approach is increasingly commonplace in financial services, where for instance banks and FinTechs
are collaborating to create new services. Even in the absence of data sharing with external parties, most
financial institutions hold massive collections of detailed data about their customers. While most customers
are willing to share some extent of data with organisations in order to receive high-quality customer
experiences in return, fundamental ethical principles and privacy laws constrain what the organisation
can do with the data it holds.
Pdf_Folio:425

MODULE 5 Risk Management, Governance and Regulation 425

PRINCIPLES OF DATA ETHICS
Data ethics principles tend to involve informed consent, transparency, ownership and control, fairness and
equality, and preserving privacy.

Informed Consent
Consent refers to the permission granted by the creator or owner of data, for it to be collected and used
by an entity for a particular purpose. Informed consent means consent given by a person armed with
sufficient knowledge of the risks and benefits that arise from granting that permission. This knowledge
should describe how their data is collected, stored, used, shared and retained. Ethics requires that consent
be respected by the data collector or user. An example of a policy implementation for this principle is to
maintain an audit trail of where data has come from and what consent has been given for its user.

Transparency
Transparency refers to ‘openness’ about the methods used for analysis and use of the data, both to
the creators and to other practitioners. When transparency allows other data professionals to understand
methods, scrutiny can help to ensure the highest quality practices. Transparency relates closely to informed
consent. It involves making people aware that their data has been collected; of how they disclosed it and
how it was generated or collected from them. It should also disclose how the data will be used and retained,
and communicate the risks and social consequences that arise from its collection and use.

Ownership and Control

The principle of ownership requires us to consider how data creators should be given access to, and control
of, their data. This enables the creator to control the data by managing it, inspecting it, and choosing how
it is used, shared or retained.

Fairness and Equality

When insights cause harm to people, for example, through discrimination or stigmatisation, we need to
consider this impact and ensure that fairness and equality is upheld in data-informed decision making.
An example of policy that could be implemented to address this, is conducting a review to identify any
possible biases that are introduced during data analytics.

Preserving Privacy
Privacy requires that safeguards are applied to ensure private or sensitive information is not shared
without the creator’s consent. Often legal compliance requirements for privacy have a low threshold, so an
organisation should strive to go above and beyond the minimum (Accenture 2016). We will now discuss
privacy in more depth.

DATA PRIVACY
Data privacy is concerned with the proper handling of personal data, principally consent, notice and
regulatory obligations. More specifically, practical data privacy concerns revolve around:
• how data is legally collected and stored
• whether, or how, data is used, disclosed or shared with third parties
• the integrity of personal information and the ability to correct errors to this integrity
• regulatory restrictions pertaining to the rights of individuals to be left alone from interference or to
access their personal information.

Relationship Between Privacy and Security

Earlier in this module we discussed data security. Privacy is a related concept, but not the same. The
relationship between privacy and security can be summarised as follows.
• Privacy requires data security to prevent unintentional disclosure of personal data.
• There can be cases where data is securely stored but an organisation has violated regulations by
collecting it.
Organisations must protect data and be compliant with the Privacy Act, as shown in figure 5.18.

Pdf_Folio:426

426 Digital Finance

 FIGURE 5.18 Relationship between data privacy and security

Insecure
Privacy non-compliant Privacy compliant

Secure
Source: CPA Australia 2021.

The Relevance of Data Privacy

Data is at the heart of value creation for most organisations, especially those in the financial sector. It is the
medium of exchange that powers the entire digital finance ecosystem. Businesses need to be aware of data
privacy and their obligations under it in order to meet ethical and legal obligations, and to maintain the
consumer confidence and trust. Larger organisations, recognising this, now often have specialist positions
such as ‘chief data officer’ or sometimes ‘chief privacy officer’.
OAIC suggests organisations ask the following questions to ensure they are actively safeguarding data.
• Do you avoid sending certain types of personal information via unsecured email (e.g. sensitive
information)?
• Do you use secure methods for communicating information, such as a secure website or a secure
online mailbox?
• Do you use secure messaging applications where appropriate and available?
• Do you obtain a recipient’s consent to send their own personal information to them via email?
• Do you validate email addresses with recipients before sending unencrypted emails to reduce the chance
of unauthorised disclosure to a party who is not the intended recipient?
• Do you ensure that accurate records are kept regarding when external emails are sent and received?
• Do you only send sensitive information or large amounts of non-sensitive personal information by email
as an encrypted or password protected attachment?
.......................................................................................................................................................................................
CONSIDER THIS
What mechanisms does your organisation have in place to ensure the safe and secure handling of personal data?

Personal Data and Sensitive Data

Personal data or personally identifiable information (PII) is information that can identify a person, such as
name, date of birth and address. Sensitive personal data includes information relating to racial or ethnic
origin, or religious or political beliefs. Other examples of sensitive personal data include data related to an
individual’s health, social relationships, employment, financial situation, sexual orientation, beliefs, and
hobbies and interests. Sensitive data may also relate to a company. Examples of sensitive company data
include trade secrets, acquisition plans, financial data, and supplier and customer information.
If we combine multiple data sources (e.g. a customer’s financial transactions with a bank, the transaction
records of all the businesses a person deals with in a day, the internet activity on the person’s phone and
public transport electronic records), we would then have a very detailed picture of the person’s life from
just a single day’s worth of data. Consider how much more detail a month or a year of data combined from
multiple sources would give us. This creates what is often referred to as a ‘digital identity’ or an online
shadow of our lives.

Pdf_Folio:427

MODULE 5 Risk Management, Governance and Regulation 427

Data Privacy Laws and Regulations
Laws and regulations that apply to the rights of consumers and businesses tend to favour idealistic
principles and suggest best practices rather than offer precise definitions.
In Australia, organisations are obliged to collect, use, store and disclose an individual’s personal
information in compliance with the Privacy Act. The Australian Federal Government announced changes
to the Privacy Act to provide greater protection and increase penalties after the EU introduced its GDPR
in May 2018. The GDPR is the most stringent international law and has become a benchmark for
organisations that have international dealings.
GDPR
The GDPR oversees the handling of personal data in the EU. It is meant to protect individuals by restricting
the amount of data that can be collected and the way in which it can be used by organisations. It includes
any organisation that handles data of people residing in the EU and any organisation that moves data from
the EU to another territory to store or process that data.
The GDPR covers all data collected by an organisation, including data collected on visits to websites. If
an organisation uses a third party to manage their data, then the organisation still remains the ‘controller’
of the data and will be responsible for any breaches. The service provider will also share responsibility as
the ‘processor’ of the data. However, the GDPR requires that it’s the ‘controller’ who must seek consent
for the use of personal data, and who holds the ‘burden of explicit consent’.
The GDPR upholds seven personal data rights (ICO n.d.).
• The right to be informed. Individuals have the right to be informed about what information is collected
and how it is used. The company must provide the privacy information at the time that the information
is collected, unless they already have access to it. Cookie consent on a website is an example of the right
to be informed.
• The right of access. Individuals can request access to the data that an organisation holds and that access
must be delivered within 40 days of the request. As a precaution some companies will ask for individuals
to confirm their identity before they disclose any additional personal information.
• The right to rectification. An individual can request rectification of data if it is inaccurate or incomplete.
Examples of this might be incomplete transcripts and incorrect financial information. Any request is
subject to investigation to ensure that the individual’s claim is accurate.
• The right to erasure. An individual can request the full deletion of any information about them that is
held by an organisation.
• The right to restrict processing. An individual can limit the way an organisation uses their data. The
organisation can still hold the data but not use it for processing. The organisation also has to inform any
third party they have passed the data to, and state that it can’t be used.
• The right to data portability. An individual can request that the data an organisation holds about them
can be transferred in a commonly used, machine-readable format to make it easier to use.
• The right to object. Individuals have the right to object to their data being used for direct marketing and
any profiling of data.
How does the GDPR affect Australian organisations? The Privacy Act conditions will go a long
way to making sure organisations also meet GDPR conditions, and many companies globally are
adopting GDPR guidelines. The GDPR requires that an organisation to include third-party service
providers in their assessment of compliance; for example, cloud services are an area that needs to be
compliant. Under GDPR laws, the organisation is ultimately responsible, even if they are using third-
party suppliers.
Organisations expanding into global markets need to consider the following.
• Privacy Impact Assessment (PIA). A PIA is an assessment of how a project or proposal might impact the
privacy of individuals. It describes how data is processed in a project to identify how to avoid, minimise,
and mitigate negative impacts (Office of the Australian Information Commissioner 2020). Once the risks
are identified they can be managed appropriately using risk management methodologies.
• Evaluate context and regional laws. Some countries will require you to pass national security reviews.
Even within the United States, different states will have different privacy laws, for example, the
California Consumer Privacy Act (Wright 2018).
• When to engage an SME to evaluate. There will be times it will be necessary to get local knowledge
about the jurisdiction that you want to expand into. For example, in some countries, banking regulations
for the know-your-customer (KYC) requirements need to be completed by customers being physically
present and cannot be submitted online. The outcome of the PIA can be used to communicate with any
local contacts or agents to understand how to implement the project.
Pdf_Folio:428

428 Digital Finance

• Using RegTech services. RegTech is the use of technology to improve your regulatory processes. In
addition to helping you report any compliance, it can also provide updates when regulations change so
you can ensure that you are complying with any change in data protection laws. Some RegTech apps
will even automate your PIAs.

Australian Notifiable Data Breach

A data breach happens when personal information is accessed or disclosed without authorisation, or is lost,
resulting in ‘serious harm’ to an individual whose personal information is compromised.
When a data breach occurs, there is an existing – and critical – obligation under the Privacy Act
as covered under the Notifiable Data Breach (NDB) Scheme. The scheme stipulates that affected
individuals, as well as the Data Commissioner, must be notified by way of a prepared statement. The
potential for significant financial penalties enforced, by the OAIC, are in place for data breaches.
Regulators emphasise that a rapid response to a data breach, based on an up-to-date data breach response
plan, is critical to effectively managing the situation. A data breach response plan should outline a strategy
for containing, assessing, and managing the incident from start to finish.
The OAIC considers an eligible data breach to have arisen when three criteria are all satisfied.
• There is unauthorised access to, or unauthorised disclosure of, personal information, or a loss of personal
information, that an entity holds.
• This is likely to result in serious harm to one or more individuals.
• The entity has not been able to prevent the likely risk of serious harm with remedial action.
If the incident satisfies each criterion, then the incident is considered an ‘eligible data breach’ that will
be notifiable under the scheme, unless an exception applies (e.g. should disclosure be deemed to interfere
with enforcement, or secrecy-related activities). An organisation must then carry out a formal assessment.
.......................................................................................................................................................................................
CONSIDER THIS
How would your organisation notify individuals and other parties if their data was compromised by a cyber breach at
your organisation?

QUESTION 5.11

Differentiate cybersecurity ‘attack’ surface and prevention controls and discuss how they relate to
increased use of IoT technology.

QUESTION 5.12

List seven data rights that helps provide a good framework for ethical data practices.

SUMMARY
An awareness of the wide-ranging threats to an organisation’s data provides the digital finance professional
with an appreciation of the need for robust data risk management and cybersecurity practices.
NIST and ISO/IEC 27001 provide the guidance required to implement best practice cybersecurity using
an information security management system. An important of the cybersecurity strategy is the selection of
controls to protect physical and information assets. Controls will provide management security, operational
security and physical security. They will include preventative controls to stop cybersecurity incidents
happening, detective controls to identify when a cybersecurity breach is attempted, and corrective controls
to minimise damage and restore normal operations.
In addition to data security, organisations are ethically and legally obliged to ensure the privacy of
personal data that they hold. The EU’s GDPR regulation is the most stringent international data privacy
regulation and has become a data privacy benchmark for organisations.
The key points covered in this part, and the learning objective they align to, are as follows.

Pdf_Folio:429

MODULE 5 Risk Management, Governance and Regulation 429

 KEY POINTS

5.1 Assess risks and design mitigation strategies to ensure data security for organisational
outputs.
• ISO/IEC 27001 includes a set of implementation steps to assess and treat data security risks.
• NIST includes an extensive set of controls.
5.3 Analyse the requirements for an effective risk governance framework to support the
development of risk management policies including security and privacy policies.
• NIST and ISO/IEC 27001 establish best practice for cybersecurity and information security
management systems.
• The types of security controls that should be implemented depend on whether the organisation is
seeking to protect physical assets or information assets, or both.
• A SOA maps controls to risks and is used in the implementation of an ISMS. The SOA links the risk
assessment and risk treatment stages of risk management.
5.4 Evaluate existing risk governance frameworks and risk management policies to ensure the
ongoing improvement of the policies and frameworks
• NIST and ISO/IEC 27001 establish best practice for cybersecurity and information security man-
agement systems. Ongoing monitoring and review are needed to analyse current risk information,
understand changes, monitor controls, and ensure emerging themes are identified.

Pdf_Folio:430

430 Digital Finance

PART D: COMPLIANCE
INTRODUCTION
Compliance involves organisational management identifying requirements that are relevant to the business,
that are then documented in procedures for staff to follow.
Businesses are required to comply with many internal and external requirements. These requirements
may be the result of internal governance, the law, industry regulations, standards or internal policies.
Organisations are required to ensure they are compliant for the good of their customers, their staff and
society. This part discusses various aspects of compliance, including a framework that moves compliance
from being simply a requirement to being a way of introducing continuous improvement into the
organisation.

5.18 WHAT IS COMPLIANCE?

Compliance is simply defined as meeting, or according with, the requirements of rules or standards. The
requirements of rules or standards will often be industry or sector-specific and therefore compliance relates
to ‘laws, regulations, codes, policies and procedures with which the organisation is required to comply’.
The ISO refers to compliance as ‘principles of good governance and accepted community and ethical
standards’ (ISO n.d. -a).
While compliance does involve following the rules (OOCEG 2020; Pearson 2020), it is not just about
keeping the regulators happy; it requires continual monitoring and improvement of the risk management
process.
When comparing risk management with compliance requirements, it may be easiest to think of both
as strategies, however compliance is complementary and subsidiary to risk management. Compliance
generally focuses more on following processes and procedures rather than on the analysis, planning and
prediction that characterises risk management (riskonnect 2020; Parker Poe Adams & Bernstein LLP 2013;
Barlow 2017).
Compliance requires an organisation’s management to identify requirements which are relevant to the
business, and that are then documented in procedures for staff to follow. These requirements may originate
from laws, regulations, contracts, industry standards, or internal policies. The need to comply with legal
requirements is easy to understand due to the risks of fines, reputational impact, or the potentiality of
criminal charges. However, complying with industry standards and internal policies — although not
always a legal requirement — may still be critical to prevent or reduce financial and reputational risk to
the organisation.

A COMPLIANCE INDUSTRY STANDARD

ISO 19600:2014 Compliance management systems — Guidelines (2014) is an industry standard introduced
by the ISO to provide guidance on compliance management systems. An identical Australian Standard,
(AS) ISO 19600:2015, was issued in 2015.
Some of the key features of a compliance management system based on ISO 19600:2014 include an
understanding of the context in which the organisation operates, clear articulation of the values, objectives
and strategy of the organisation, and procedures for when non-compliance occurs.
One of the most critical aspects of a compliance management system is what to do when non-
compliance occurs, as the prompt remediation of non-compliance is essential to ensure that an organisation
is appropriately managing its risks.
Using the standard can provide an organisation with guidance on implementing an effective compliance
management system, as well as benchmarking their framework against the standard. It provides compre-
hensive guidance, as well as examples, to help organisations use it as a practical tool.
An example of practical application is to adapt the requirements into a checklist which can be completed
through a self-assessment process, to ensure that each component is covered as part of the compliance
system. ISO Certification, using a conformity assessment against the standard, demonstrates that the
organisation meets the requirements of the standard (ISO n.d. -b). This can provide both internal and
external stakeholders with additional confidence that can potentially create competitive advantages.
The key elements of ISO 19600:2014 are as follows.
Pdf_Folio:431

MODULE 5 Risk Management, Governance and Regulation 431

Context of the Organisation
Context relates to the organisation itself, the sector, the size, organisational values and the objectives of
the organisation.
Ensuring there are sufficient insights into the internal and external factors and conditions will allow
the organisation to identify its compliance obligations and risk exposure, based on the context of where
the organisation fits into the compliance, and the greater finance landscape. Some particular activity
areas to consider for financial services organisations include customer agreements, advertising, client
assets/money, breaches and customer understanding/suitability.
Sectors can vary from traditional banking services through to online banking and finance/lending
products (e.g. Apple, Facebook, Google). Size can vary significantly too, from the top global banks through
to boutique lending services with objectives ranging from planned collaboration with traditional services
firms, becoming planned acquisition targets, or becoming a mainstream alternative to traditional banking.
The complexities and changing environment of FinTech firms, when compared to traditional banking,
include areas such as:
• traditional services requiring fixed assets and physical operations (versus virtual operations)
• changing customer expectations for banking services using technology
• broad services by bank (versus one service done well)
• international border and jurisdiction complexities
• legacy systems (versus advanced technology by FinTech firms).

Leadership
The standard describes the need for commitment to the compliance management system by the senior man-
agement team. There should be a comprehensive compliance policy and this should outline organisational
roles, responsibilities and authorities.
FinTech companies that tend to focus on innovation, and potentially operate with a less mature
compliance culture, need to ensure there is an appropriate focus on senior management leadership.

Planning
The planning for compliance objectives should align with the compliance policy and outline what actions
should be taken to address compliance risks. The objectives need to be measurable and monitored.
Ensuring the right level of skill and appropriate resourcing in up-and-coming FinTech firms (that
sometimes can fail to adequately resource compliance) will help with compliance execution.

Support
Support for the compliance objective should ensure that adequate resources are provided, that staff receive
sufficient training and skills, and that all relevant stakeholders hold an awareness of the compliance
management system.
Consistent and sustained communication about the management system and its objectives should
be undertaken at governance, management, and employee level. Keeping documentation about the
management system is important to ensure that the policies of the organisation are consistent with
the system.

Operation
The operation element describes the establishment of controls and procedures, and discusses implications
for outsourced processes. The key implications in FinTech are monitoring:
• controls (ensuring the establishment of correct internal versus external roles and responsibilities)
• communication protocols (managing appropriate and timely communications, particularly around the
follow-up of issues)
• intellectual property (ensuring correct legal and commercial processes for protection of
IT/digital assets).

Performance Evaluation
The performance evaluation element describes the processes that compliance owners employ to ensure
effective internal controls are in place to monitor regulatory compliance. Supporting processes include the
monitoring, measurement, analysis and evaluation of the compliance management system, what audits are
undertaken, and the management review of the system.

Pdf_Folio:432

432 Digital Finance

 FinTechs need to ensure that both monitoring and testing are completed (rather than just monitoring),
particularly when working in a fast-paced environment.

Improvement
Improvement describes corrective action that needs to be taken for non-conformity and non- compliance
in the management system and raises issues to be considered for continual improvement.
FinTechs, with their short and rapid innovation cycles, need to ensure improvement cycles are optimised
to maintain a competitive advantage.

KEY COMPONENTS OF AN EFFECTIVE

COMPLIANCE FRAMEWORK
An effective compliance framework sets out an organisation’s approach to managing its compliance
obligations and mitigating compliance risk, in order to achieve its compliance objectives.
This compliance objective is one of the key objectives of the organisation’s risk management strategy,
which interfaces with all other organisational strategies, and it is supported by a suite of policies
and procedures.
While policies set the boundaries for the organisation’s decisions and actions, procedures and work
instructions are the specific methods used to enact or implement specific policies in the organisation’s
day-to-day operations.
In addition to requirements and work practices, the correct ‘tone from the top’, and a culture that
understands key compliance requirements and is willing to apply them are key enablers to ensuring an
effective compliance framework.

Looking Forward
An Accenture survey (Shorten 2020) found that compliance professionals were struggling to keep pace
with the compliance changes in the financial sector. The survey also found that there were three things a
compliance function needed in order to meet today’s — and tomorrow’s — compliance challenges.
• New type of chief compliance officer (CCO). CCOs need to be proactive and lead from within. CCOs
are integral to all elements of ISO 19600:2014. The chief compliance role will typically be responsible
for monitoring the organisation’s compliance program, reporting back to the governance Board and
ensuring improvement of the compliance program. The CCO should be digitally fluent and have good
analytical skills.
• New roles and responsibilities. With changes to operating models, employee roles should be reviewed
to ensure they remain suitable. Responsibility should be assigned to best promote and encourage good
and effective risk management.
• New technology. New technology will be deployed on an industrial scale to identify risk earlier and
detect potential compliance issues. Technology can also drive automation of controls.

5.19 DEVELOPING A COMPLIANCE FRAMEWORK

A core component of a compliance management strategy is to establish a compliance management
framework that has levels of responsibilities and reporting. The development of a compliance framework
will often involve both top-down and bottom-up techniques — using principles of effective compliance
programs (e.g. Deloitte Building World-Class Ethics and Compliance Programs or the KPMG Compliance
Framework) as well as collaborative consultation between management and staff responsible for applica-
tion of controls and processes (Deloitte 2015; KPMG 2016).
The five factors identified by Deloitte (2015) to ensure high-performing ethics and compliance programs
are as follows.
1. Tone from the top. Ensure that the Board and senior management support and empower the organisation
and that there is more than ‘lip service’ applied to ethics and compliance
2. Corporate culture. Focus the organisation on initiatives and processes that enhance an ethical and
compliance-centric culture, rather than allowing compliance to be seen as an area that does not
add value.
3. Risk assessments. Complete risk assessments on significant risks to the organisations to help implement
appropriate risk strategies.
4. CCO. Ensure there is a suitably skilled CCO for monitoring the compliance program.
Pdf_Folio:433

MODULE 5 Risk Management, Governance and Regulation 433

5. Testing and monitoring. Implement a robust testing and monitoring regime based on controls to manage
compliance risk.
The amount of collaboration between all stakeholders can vary depending on organisation size,
complexity, the industry and the organisation’s culture. Ensuring there is adequate buy-in, avoiding
compliance fatigue, and having all relevant people contribute to a compliance program, will help support
a compliance program that is understood, applied and sustainable.
Strong collaboration can sometimes be easier in smaller organisations with flatter hierarchical structures
that foster genuine relationships between management and staff. In bigger organisations (all those with a
deeper hierarchical structure), effective consultation with staff ‘at the coalface’ is rare because this often
requires significant time and resources both to ensure coverage and for decision making. As an example,
group discussions can sometimes end up falling into a disorganised babble of voices (whether face to face
or online) with contributors competing for management’s attention.
Typically, the development of a compliance framework will specify at least three levels of responsibility,
as shown in figure 5.19.

FIGURE 5.19 Compliance framework levels of responsibility

1st line 2nd line 3rd line

of defence of defence of defence

• The risk owner is responsible • Provides expertise, advice • Provides highest level of
for compliance management. and case input to 1st line of objectivity within organisation.
• Designs, maintains and defence on compliance and • Provides assurance on
performs effective day-to-day implementing compliance performance of 1st and
compliance control measures. control measures. 2nd lines of defence.
• Supervises correct execution • Sets compliance minimum • Performs audits, where
of compliance control requirements. necessary and requested
measures. • Stays abreast of compliance by the audit committee or
• Identifies compliance risks developments and alerts the Board.
in existing procedures by management to emerging • Typically internal audit
performing risk self- risks. performs these roles.
assessments in cooperation • Monitors adequancy and
with 2nd line of defence. effectiveness of compliance
• Typically, operations and management, controls
management perform and reports.
these roles. • Facilitates risk self-
assessments.
• Typically risk management
and other internal functions
(e.g. HSE, engineering
assurance) perform these roles.

At the first level is the

At the third level, which is
management and operational At the second level are those
the operational level, are those
management of compliance that need to monitor compliance:
individuals that generate
within the organisation: individuals individuals such as the chief
reports and check
executing controls in the compliance officer (CCO) and
compliance documentation
compliance area (e.g. accounts chief operations officer (COO).
(e.g. internal audit).
payable, commercial team).

Source: CPA Australia 2021.

Pdf_Folio:434

434 Digital Finance

 All three lines support the Board and executive management, who take a more strategic role and need
to be apprised of compliance obligations, controls and reporting.
Overall, the whole of the organisation is responsible for compliance by ensuring that any regulatory
requirements are met through the standards, policies and processes of the organisation.

KPMG’S COMPLIANCE FRAMEWORK

The KPMG compliance framework covers both management systems and organisation components.
KPMG’s framework is designed to defend organisations from the risk of non-compliance. It outlines the
areas of compliance an organisation will face, the potential risks within each area of compliance and a
suggested approach to manage the potential compliance risk. Figure 5.20 presents a summary of KPMG’s
compliance framework.

FIGURE 5.20 Outline of KPMG’s compliance framework and recommended responses to compliance risks

Third Parties
Risk: Money laundering and terrorism financing risks and supplier fraud
KPMG’s suggested approach: Conduct KYC and know-your-supplier (KYS) programs. These programs
include applying customer identification procedures to all customers and suppliers. Both programs have
the goal of ensuring there is sufficient information to mitigate risks in third-party relationships that can
affect the organisation.
Corporate Ethics
Risk: Employee misbehaviour or a lack of ethical culture
KPMG’s suggested approach:
• Review the organisation’s code of conduct. Implement a targeted communication program.
• Run a risk management program for the organisation’s people. Provide compliance training.
HR, Competition and Data Protection
Risk: Non-compliance with regulation and compliance risks including competition laws, employee mobility,
overtime and bonuses
KPMG’s suggested approach:
• Evaluate existing programs to ensure they align with regulations.
• Set up a competition law program.
• Assess liabilities.
• Set up digital solutions.
• Run training and communication programs.
• Conduct a gap analysis of existing data retention and protection processes.
• Implement technology-based solutions.
Anti-Bribery, Corruption and Fraud
Risk: Anti-corruption legislation and fraud
KPMG’s suggested approach:
• Run an anti-bribery and corruption program.
• Implement a fraud prevention management system.
Compliance Organisation
Risk: Gaps in program design and the effectiveness of the compliance program
KPMG’s suggested approach:
• Conduct a compliance maturity assessment and a compliance program transformation.
• Set up an industry-specific best practice compliance management system.
Risk: Inadequate controls
KPMG’s suggested approach:
• Ensure there are adequate compliance policies and procedures.
• Integrate compliance controls within existing control systems.
• Create reporting lines for whistle-blowing.
Compliance Investigation
Risk: Incomplete or non-existent investigations
KPMG’s suggested approach: Conduct internal training on investigations.
Source: CPA Australia 2021.

Pdf_Folio:435

MODULE 5 Risk Management, Governance and Regulation 435

Compliance Reviews
KPMG recommends organisations complete an annual self-assessment of their compliance and have an
external review of their compliance function every three years. Reviews should be based on three pillars
of compliance:
1. architecture
2. implementation
3. effectiveness.
Compliance in these three areas should be reviewed to assess:
• organisation
• programs
• objectives
• risks
• identification
• regulatory monitoring
• communication
• training
• corporate culture.

CHALLENGES AND COMMON MISTAKES WHEN DEVELOPING

AN EFFECTIVE FRAMEWORK
Examples of challenges and common mistakes when developing an effective framework include
the following.
• Failure to identify/quantify all material compliance risks. The organisation must ensure that the
framework is complete, and contains all significant risks with realistic ratings (Hosch n.d.).
• Failure to secure commitment. Senior management must commit to the framework, including alignment
of goals.
• Failure to integrate the framework. The program needs to be integrated throughout the organisation
including in both functions (e.g. accounting, legal, commercial) as well as operations (e.g. production).
• Failure to incentivise staff. Incentives that reward good compliance behaviour must be implemented,
including whistle-blower protections, anonymity policies and performance review processes.
• Lack of education barriers. The organisation must ensure that everyone is on Board, and that messaging
around the framework is clear and succinct.
• Unclear understanding of regulatory environment or instruments. The organisation must ensure that
there is a clear understanding of the regulatory objectives, instruments and the regulatory context to build
an effective compliance program (Organisation for Economic Co-operation and Development 2000).

5.20 COMPLIANCE IN ACTION

The risk of non-compliance with many regulations is very high in terms of fines — and the associated
reputational damage can be irreparable.
Banks and other financial institutions are some of the most highly regulated institutions in the world.
The requirements for anti-money laundering and counter-terrorism financing (AML/CTF) compliance,
including KYC procedures, are quite rigorous. In recent years, some high-profile banks have faced some
major fines as a consequence of their non-compliance with these regulations. Example 5.6 explores some
of these issues.

EXAMPLE 5.6

Bank Sector Compliance

Wei works in the IT department of a bank and has been asked to meet with the CCO to update system
requirements for the bank’s AML/CTF compliance applications and reporting. The CCO explains the high-
level compliance requirements to Wei.
• AUSTRAC. The Australian Transaction Reports and Analysis Centre (AUSTRAC) is an Australian agency
that works to prevent money laundering and terrorism financing. It works with the global Financial

Pdf_Folio:436

436 Digital Finance

 Action Task Force (FATF), the inter-governmental body setting AML/CTF standards. AUSTRAC can
investigate a bank’s transaction activity and impose fines for breaches of the AML/CTF regulations. In
Australia, Suspicious Matter Reports (SMRs) need to be submitted. Any compliance reporting will need
to consider the AML/CTF standards. Wei will have to make sure that reports can be easily generated in
case of an investigation.
• Broad reach. The primary AML legislation in Australia is the Anti-Money Laundering and Counter-
Terrorism Financing Act 2006 (AML/CTF Act). The AML/CTF Act includes a list of designated services,
such as deposit taking, remittance, payroll, or currency exchange services. Firms that provide any of
those services must register with AUSTRAC and comply with the AML/CTF regulations. This means
that the AML/CTF Act has a broad reach beyond just banks and even financial institutions. Wei’s bank
is looking to invest in a FinTech company, and it is important for her to note that the compliance
requirements will be similar for the FinTech company as they currently are for the bank.
• KYC and onboarding. AML compliance policy in Australia requires that firms conduct KYC checks when
onboarding new customers and continue to monitor them on an ongoing basis. This is also known
as customer due diligence (CDD). The onboarding checks should accurately confirm the customer’s
identity and establish their risk profile. Increased risk profiles would include any news media reports
of risk of being a politically exposed person (PEP) (AUSTRAC 2019). A PEP is someone who holds a
prominent public position/role in government, either in Australia or in the global community. Wei has
investigated a number of AI solutions that can be integrated into the new system to assist with KYC
compliance, as this is a common business need and there are some off-the-shelf solutions available.
• Transaction monitoring. Australia’s AML/CTF Act means that firms have a requirement to monitor
customer accounts for suspicious activity that might be linked to money laundering. The monitoring
should include:
– transactions involving large amounts of money
– transactions that appear not to have a legitimate purpose
– changes in savings behaviour
– transactions that go in and out of countries that have a high risk of money laundering.
The reports that Wei sets up will need to monitor transactions and alert managers if there is any
unusual behaviour according to the above guidelines.
• Sanctions screening. Financial institutions in Australia must ensure they do not deal with countries,
people or entities that are sanctioned by the Australian government or the United Nations Security
Council (UNSC). That means that firms must screen payments against a list of names and entities
provided by the Department of Foreign Affairs and Trade (DFAT) (2020). The DFAT list consolidates both
Australia’s autonomous sanctions and UNSC sanctions. These sanctions apply to overseas entities as
well. Wei’s new system will need to cross-check transactions against the DFAT list and send alerts if
any inappropriate transactions are noted.
• Data privacy. Financial institutions must treat data privacy as a priority since it is regulated at Australia’s
territorial, state, and federal levels of government. The main articles of data privacy legislation are the
Privacy Act and the Australian Privacy Principles. This extends to data handled for KYC purposes.
Australia’s Consumer Data Right (CDR) was introduced in 2020 and is being applied progressively
across all sectors, starting with the banking sector. The CDR will affect banks significantly since it
gives customers greater control over their personal data by allowing them to choose who it is shared
with and for what purpose. Any new system will need to adhere to data privacy regulations. Wei will
need to consult with a cybersecurity specialist to ensure that adequate data privacy measures are in
place, and set up training to ensure that employees follow best practice.
• Ethics and governance. As well as AML/CTF regulations, there still remains personal and company
ethical issues to consider. Ethical considerations embedded in the bank’s operating framework
include providing information honestly, confidentially and in a timely manner. Ethical principles at the
bank include reliability, care and accuracy, personal integrity, loyalty, fairness and respect. Ethical
considerations specific to AML include not ‘tipping off’ clients on whether the institution has reported
them, or intends to report them, for potential money laundering.
• Upcoming regulations. Australia is currently in the process of refining its AML/CTF regulations in
an attempt to simplify them and to cover new technologies and payment systems used by FinTech
companies. PayPal, the only non-bank that has a registered banking licence, will undergo an external
audit for potential AML breaches. The CCO will keep Wei up-to-date with any changes to regulations
that might require changes to Wei’s compliance practices.

Pdf_Folio:437

MODULE 5 Risk Management, Governance and Regulation 437

KEY LEARNINGS FROM COMPLIANCE FAILURE
Although Westpac is not the only Australian bank to have encountered problems with AML/CTF
compliance (Grugan 2020), example 5.7 highlights what can happen when an organisation’s compliance
framework and processes fail.

EXAMPLE 5.7

Westpac AML/CTF Compliance Problems

Westpac’s problems occurred due to both technology issues and human error (Patrick 2019). One of their
main reasons for non-compliance was that they did not have adequately trained employees when trying
to implement a new reporting system. AUSTRAC made a Statement of Claim against Westpac due to
systemic compliance failures related to Westpac’s processing of transactions with financial institutions in
other countries (Reuters 2020).
The failures related to the scale of the international funds transfer instructions (IFTIs) as well as a
failure to do due diligence on customers alleged to be involved with child exploitation, and dealings with
correspondent banks who were not maintaining proper AML/CTF controls. Westpac admitted to failing to
report over 19.6 million international transfers amounting to over AUD11 billion.
Westpac agreed that it had not reported a number of IFTIs and had not performed adequate
due diligence on correspondent banks and customers. Westpac agreed to a AUD1.3 billion fine with
AUSTRAC in September 2020, which formed the largest civil penalty ever issued in Australia
(Grieve 2020).
So, what can Westpac learn from this incident that might be applied in the future?
Apparently, the payments that occurred were low-value recurring transfers and Westpac received them
from foreign government pension funds and corporations. For that reason, they were deemed low risk.
The onboarding of a new reporting system during this period, as well as high staff turnover, compounded
the problem. The due diligence issues stemmed from a failure to keep a compliance register that aligned
with AUSTRAC guidelines.
Westpac launched a program to address the issues with their compliance program, including:
• technology issues
• employee training
• an overview of process and policies
• clearer lines of reporting for compliance breaches.

5.21 MOVING FORWARD WITH COMPLIANCE

In a globally connected world, it pays to prepare for current and future impacts of digital transformation
on the financial industry.

STAYING CURRENT WITH COMPLIANCE

Assigning a compliance officer, or someone on the team to check for updates to compliance regulations,
is the first step. Compliance officers will already be involved with compliance practices, and should
already be following industry websites to keep up with changes to regulations and standards. Industry
organisations, newsletters and conferences are other sources of information and the compliance officer
should ideally subscribe to, and attend, these and disseminate information to the relevant parties within
the organisation regularly. In the near future, organisations may also come to rely on RegTech that will
assist compliance officers to stay current with new regulations and requirements. Engaging subject-matter
experts may also be necessary. However, even with these measures in place, one of the key tools for
ensuring currency will be the emerging technology designed to help with compliance, which we will
discuss in more detail in the next part of the module.
Accenture’s Australia and New Zealand managing director of financial services, San Retna (2018),
suggests that financial services are facing a challenging time because they are trying to rebuild trust with
public authorities and the public. A series of scandals has left many people mistrustful of financial services,
and regulators are also intensifying their scrutiny of the sector.
Retna highlights the introduction of BEAR as one example of regulators placing more accountability on
financial organisations to get their risk culture and governance correct. The phased replacement of BEAR
by FAR will extend the current BEAR to all APRA regulated entities and will be administered by APRA
and ASIC.
Pdf_Folio:438

438 Digital Finance

 The extra compliance requirements will increase the cost of compliance over the coming years for
financial organisations. Retna argues that financial services organisations will need to restructure their
compliance from a reactive to a proactive approach.

RESOURCES FOR REIMAGINING COMPLIANCE

The world is changing at a rapid pace and professionals need to stay up to date to stay current and
compliant. The COVID-19 pandemic hastened the digitisation of many tasks, including the online
verification of identification, which is a key area of compliance (FATF 2020). Open banking (CapGemini
2018), the first application of the CDR, will make it easier to share customer information between
banks and neo-banks in a secure way through the use of API channels between applications. Using this
technology, banks and financial institutions can onboard customers more easily and remain in compliance
with regulations.
Open banking streamlines the identity verification process so that when customers wish to open
an account or obtain a service from an accredited FinTech, or incumbent, the scheme allows those
organisations to share that information, cutting down on manual transition processes.
A crucial aspect of open banking that relates to compliance is that a customer’s consent must always
be obtained before their personal and/or identity data are shared between organisations. In addition,
emerging technologies such as DLT and blockchain are already beginning to have a significant impact
on the nature of work carried out by financial professionals.
One initiative is using blockchain for regulatory compliance. IBM is trialling a blockchain solution to
satisfy KYC requirements (IBM n.d). The process uses a decentralised approach to identity management
that prevents tampering with the record of the transaction. This use case that has been promoted recently
as a more secure process than existing methods.
Blockchain fits with a wider approach to technology innovation that will assist organisations with
their compliance requirements. Specifically, RegTech will combine aspects of AI to not only assist with
reporting requirements but help compliance officers stay current with new regulations and requirements.

QUESTION 5.13

Justify why an organisation should appoint a specialist compliance officer.

.......................................................................................................................................................................................
CONSIDER THIS
What circumstances might result in the risk of non-compliance in your organisation?

SUMMARY
In this part, we have provided an overview of compliance and regulations, and how these concepts intercon-
nect with governance and risk management. The compliance industry standard, ISO 19600:2014, provides
guidance for compliance best practice. Developing a compliance framework helps the organisation achieve
compliance. Compliance is a fast-changing area that requires ongoing awareness and review.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

5.2 Evaluate the relevant regulations and tools to provide advice to the organisation on achieving
regulatory compliance.
• ISO 19600:2014 provides guidance for best practice.
• A compliance framework provides a structure to guide compliance.
• Awareness of regulation is a key to achieving compliance. Numerous regulations exist, many of
which relate to AML/CTF and KYC procedures and data privacy.
• RegTech can help an organisation achieve compliance.
5.5 Design an effective action plan to deal with compliance and potential compliance breaches.
• A compliance framework provides a structure in which to ensure responsibilities and reporting.

Pdf_Folio:439

MODULE 5 Risk Management, Governance and Regulation 439

PART E: FINTECH REGULATION
INTRODUCTION
The FinTech industry is broad and diverse. FinTechs have championed the use of technology to replace
human-intensive tasks and processes in order to provide frictionless and streamlined financial services
for their customers. This engagement with technology has opened many businesses up to incredible
opportunities, but also to significant new and evolving risks. FinTech businesses have begun to challenge
the global status quo, and many new ways of conducting worldwide financial activities have developed in
recent years.
As a result, it is necessary for regulation to keep up with the evolution in the sector, in order to ensure
that customers and businesses are protected without stifling innovation in the industry.

5.22 WHY DOES REGULATION OCCUR?

The community expects that FinTech providers will protect their finances. However, when innovation
drives an industry into untried or uncharted territory, it is a government’s responsibility to step in and
provide regulatory oversight.

REGULATING THE OLD AND THE NEW

FinTechs combine technologies and financial products as their service offering. It is not always clear
whether FinTechs should be classified as technology companies, financial services companies or a hybrid
of the two.
The financial industry is subject to well-established regulation in areas such as consumer lending,
deposit-taking and financial advice. Technology in finance has seen rapid development in recent years
and regulators face some unique challenges combining the old with the new.
At the core of the growth of the FinTech industry is the role of technology itself. Technology allows
FinTech companies to strip out human functions and automate them, mitigating and removing the potential
for introduced human errors and biases. Instead, products and investment strategies can be created for every
client, based on sophisticated algorithms using cutting-edge technologies.
In general, business communities and governments have welcomed the advancements of innovative
technologies, especially in the financial sector that has resulted in the rapid growth of the FinTech industry.
However, laws and regulations are still catching up with these fast-moving technological advancements.
One of the most notable FinTech failures in recent times relates to the fake cryptocurrency, OneCoin,
which was described by The Times as one of the biggest scams in history (Bartlett 2019). The OneCoin
cryptocurrency scheme is being investigated in the US court system for its involvement in international
money-laundering. The primary business of OneCoin was selling educational packages for trading,
however their recruiting was primarily based around cryptocurrency investment. The scam is estimated
to have swindled USD7.2 billion from investors around the world including victims from Australia,
Africa and Europe. During the global hype generated by Bitcoin and other cryptocurrencies, OneCoin was
marketed to investors as a new virtual coin, with the promise that its value would skyrocket, ultimately
surpassing the value of Apple, Facebook and Google. Many investors bought into the scheme and later
realised that they were unable to cash out.
Consumers and investors need to be aware of these emerging risks and take their own precautions.
However, regulators also have a significant role to play in regulating the FinTech sector and protecting
consumers from these risks. In response to a range of varied scams like OneCoin, regulators have identified
a broad range of FinTech-related risks that are faced by consumers, investors and regulated financial
services firms themselves.

RISKS TO CONSUMERS AND INVESTORS

A range of risks to consumers and investors are described below.

Technological Change
With so much business moving online, new privacy issues are created and with increased access to data
there are a lot of new opportunities for criminals. Biometrics are a major issue for FinTech regulators.
Pdf_Folio:440

440 Digital Finance

 Who is responsible for, and allowed to hold, biometric data and what can they then do with it? These
questions are still being worked out.
There are genuine concerns that the cybersecurity and privacy aspects of FinTech regulation are
not keeping up with the evolving technology. For example, many FinTech organisations identify their
customers by scanning their face and matching it against a copy of their driver’s licence or passport. This
process would be made quicker and easier if a national (or international) database containing photographic
IDs, that could be securely accessed to directly check biometric facial recognition data, was permissible
by law. Laws to permit this type of database have been in discussion by the Australian government for
many years, but these have not been progressed due to privacy and cybersecurity concerns.

Lack of Awareness
Consumers (including businesses) may not fully comprehend all of the risks associated with the FinTech
products and services being promoted to them. The implementation of new FinTech solutions may
also offer manufacturers and distributors an opportunity, whether inadvertent or deliberate, to mislead
consumers in a variety of ways, and to potentially expose them to fraud or significant production or
monetary loss. This begs the question of who is responsible for ensuring customers are fairly and properly
informed (whether it is the vendor, or if the customer must bear at least some onus for understanding what
they are signing up for).
In the event of misconduct, products and services with complex value chains tend to complicate the
responsibilities and accountabilities in the resolution and compensation process. As a result, customers
can become embroiled in lengthy and costly disputes. The paternalistic approach (outlined below) is a
form of response to the challenges associated with this issue.

Too Much Information

Disclosure laws in recent years have meant that customers may need to read many thousands of words
before entering into an agreement with a provider. Not many people read every word of what they agree
to these days. Have you ever wondered how much time it would take to read every ‘fine print’ such as
privacy policy and disclaimers that you came across over the course of a year? Aleecia McDonald and
Lorries Faith, two researchers from Ohio State University, looked into just that question in their paper The
Cost of Reading Privacy Policies. They discovered that it would take the average person 76 working days
to complete the task.

The Paternalistic Approach

Governments know there are problems with the overabundance of information provided to customers of
financial services. Simply put, customers will not read everything before they agree. This leaves consumers
open to mistreatment by industry, so governments are increasingly adopting a paternalistic approach to
regulation. A paternalistic approach shifts the responsibility from the customer to the industry, to ensure
that organisations take steps to look after their customers, as opposed to providing pages and pages of
disclosure documents and policies. A good example is the unfair contract terms regulations, which require
industry to ensure their standard form contracts do not contain unfair terms rather than providing pages
upon pages of disclosure.
Another example is responsible lending regulations which require lenders to assess whether a consumer
can repay their loan by looking at their income and expenses, instead of relying on the consumer to make
up their own mind about whether they can repay the debt.

RISKS TO REGULATED FINANCIAL SERVICES FIRMS

The growing popularity of FinTech has provided great benefits and brought significant opportunities to the
financial services sector. However, along with these benefits, the quick evolution of companies, products
and services has introduced a range of risks that regulators, and the industry, must consider and respond
to. Some of these are discussed briefly below.

Technology and Operational Risks

With dependence on technology and outsourcing to third-party technology and data providers continuing
to grow, as well as other forms of interconnectedness increasing, risks around operational failures,
cybersecurity, and risks associated with dubious third-party providers are also sharply on the rise.
Financial institutions are increasingly susceptible to external and internal attacks, especially cyber-
attacks. Vulnerability to operational failures may result from insufficient business continuity planning
Pdf_Folio:441

MODULE 5 Risk Management, Governance and Regulation 441

for IT systems and processes, and sub-par processes for IT change management. This is especially a
significant risk for firms that use legacy IT systems that have not been patched and upgraded sufficiently
to ensure that the software cannot be exploited.
Although the value of customer data also continues to increase, with this comes the potential for its
misuse, raising valid concerns about data mishandling, privacy and protection (see section 5.17). The
practical limitations of data may make it difficult for firms to arrive at consistent or meaningful outcomes,
particularly where AI has been used to analyse data sets and generate solutions. In many cases consumers
are required to trust FinTech companies with their data and hope that it will be properly secured and
maintained.

Governance Risks
The senior management and Boards of firms may lack the crucial awareness and understanding of FinTech
and its inherent risks, which are needed to enable them to identify, control, measure and manage those risks
effectively when adopting new FinTech.
The accountabilities and responsibilities for FinTech and risk management may also be poorly commu-
nicated, or simply lack clarity.
Audit and risk committees, who have the appropriate skills and composition on technology, can provide
Boards and delegated executive committees with the right advice about:
• financial management and sustainability
• controls to prevent and detect fraud and errors
• external financial reporting requirements including audits, risk management, and mitigation
and compliance.

Legal Risk
New FinTech continues to raise challenging, yet-to-be-resolved legal questions, particularly where cross-
border operations must engage appropriately with national legal and regulatory frameworks.
In adopting FinTech, companies may find themselves necessarily changing how they operate — and at
times struggling to meet the conduct-of-business, market-dealing and anti-money laundering requirements.
Regulatory sandboxes allow FinTech companies to test and experiment with a range of regulatory and
compliance techniques free from costly or damaging legal consequence. Sandboxes will be discussed
in more detail later in this module. Some of the other legal risks to FinTech are outlined below in
greater detail.
Financial Reporting
Emerging technologies can substantially impact and affect the financial reporting within organisations.
As FinTech evolves, ensuring the key stakeholders for financial reporting (auditors, audit committees and
management) have a strong grasp of roles and responsibilities is key. As the use of emerging technology
increases, audit techniques are evolving to ensure that management’s internal controls over financial
reporting remains current and sufficient.
Self-Regulation
Many of those in the FinTech industry have taken a pre-emptive and cautious approach through self-
regulation such as ePayments Code and the Code of Banking Practice. While these are both voluntary and
optional codes, there is potential that they will form part of future regulatory focus. These self-regulatory
practices restrict the provision of certain services — even to financially capable customers who are willing
to take on risk, and even if it is legally permissible.
One example is the refusal of products or services to certain customers who a FinTech company may
deem to be unsuitable. A specific example is that the FinTech may determine who should be able to access
reduced interest balance transfers of credit card balances. While this service is of considerable benefit to
customers who are able to responsibly take advantage of this, offering this service may encourage some
customers to avoid confronting their mounting debt problem, and if allowed to engage with the service
this would increase their potential for indebtedness (Khoury 2017). These practices are often motivated
by the industry taking a pre-emptive approach to self-regulation to avoid the imposition of stringent and
complex regulation, which may impede the ever-changing FinTech landscape.
Example 5.8 revisits the example or Wirecard to explore whether stronger regulation could have
prevented its failings.

Pdf_Folio:442

442 Digital Finance

 EXAMPLE 5.8

When Regulation is Lacking

Recall the example of Wirecard, the German FinTech company that reported, in mid 2020, that it was
missing €1.9 billion.
Some of the failures that contributed to Wirecard’s demise included accounting irregularities, manipu-
lation of corporate structure and acquisitions that were intended to hide asset value, artificial inflation of
profit, avoiding compliance by use of third-party acquirers, and auditing oversights.
Following the scandal, German regulators were accused of failing to adequately supervise Wirecard,
which had been audited by EY for over 10 years. The Financial Reporting Enforcement Panel (FREP), is a
private sector body, that monitors the financial reporting of listed companies on behalf of the government.
Jörg Kukies, Germany’s Deputy Finance Minister, told the Financial Times that the Wirecard case is a
clear example of self-reporting by auditors failing to work.
EY did not request bank account information for three years (a routine audit procedure) from a Singapore
Bank where Wirecard claimed to have deposited cash. Seeking this information could have help uncovered
the fraud at a much earlier stage.
Kukies indicated that the treatment of Wirecard as a technology group, rather than a payment service
provider (that would have needed to be directly overseen by financial regulators), was a contributing cause.
Kukies also noted the pressing need for a European supervisory regime for payment service providers,
and that Germany has been seeking to implement this for a long time. The Wirecard case is likely to
emphasise the need for additional regulatory supervision and may lead to supervision being expedited
(Storbeck 2020).
The Wirecard case is a clear example of when tougher regulation, the requirement for adequate
governance, firm oversight, and the ability to investigate companies in a prompt and timely manner, could
have potentially prevented some of the failures that led to the firm’s insolvency.

We can expect FinTech-related risks to continue to evolve and increase over time as the adoption of
FinTech solutions, and the industry itself, grows, and regulators will have to work quickly to keep up.

5.23 FINTECH REGULATION AUTHORITIES —

AUSTRALIAN AND GLOBAL REGULATIONS
Regulators around the world are racing to amend and widen the existing regulatory perimeter to effectively
capture the changing landscape of the financial services industry, as a result of growth in the FinTech
sector and emerging technologies. In this section we will discuss some of the key regulators and their
responsibilities.

KEY REGULATORS IN AUSTRALIA

A range of key regulators in Australia monitor and regulate Australian business across the breadth of the
banking and financial services sector.

ASIC
The Australian Securities and Investments Commission (ASIC) regulates corporations, markets,
financial services and consumer credit in Australia. ASIC oversees the financial system, promotes
informed participation, and makes information about Australian companies available to the public.
Laws and Licensing Requirements
ASIC administers the Corporations Act 2001, Insurance Contracts Act 1984, Australian Securities
and Investments Commission Act 2001 and National Consumer Credit Protection Act 2009 (National
Credit Act).
ASIC licensing requirements include the following.
• Australian financial services licence (AFSL) for financial services/products (e.g. non-cash payment
products and foreign exchange contracts). Companies with an AFSL must submit to ASIC financial
reports including profit and loss statements, balance sheets, note disclosures, an audit report, and an
auditor’s report.
• Australian credit licence for consumer lending.
Pdf_Folio:443

MODULE 5 Risk Management, Governance and Regulation 443

APRA
The Australian Prudential Regulation Authority (APRA) is an independent statutory authority that
supervises banking, insurance and superannuation institutions. APRA oversees banks, building societies,
credit unions, insurers and superannuation funds.
APRA collects financial data from licensed financial institutions to include in its annual report. This
includes executive remunerations and contracts over $100 000.
Laws and Licensing Requirements
APRA administers the Banking Act 1959 and Superannuation Industry (Supervision) Act 1993.
APRA licensing requirements include the restricted authorised deposit-taking institution (ADI)
licence for neobanks.

AUSTRAC
The Australian Transaction Reports and Analysis Centre (AUSTRAC) monitors the financial system
for potential criminal activity, including serious crime and organised crime. AUSTRAC collects financial
information to analyse for financial intelligence.
Companies must submit to AUSTRAC a compliance report that details how they met their AML and
CTF obligations.
Laws and Licensing Requirements
AUSTRAC administers the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
AUSTRAC licensing requirements include registration for AML/CTF compliance and lodgement of
suspicious matter reports.

RBA
The Reserve Bank of Australia (RBA) regulates and supervises the financial system, along with three
other bodies which make up the Council of Financial Regulators (CFR). RBA’s Payments System Board
is responsible for the safety and stability of the payments system.
Laws and Licensing Requirements
The RBA administers the Payment Systems (Regulation) Act 1998. Payment systems are arrangements
that allow consumers, businesses and other organisations to transfer funds usually held in an account
at a financial institution to one another. It includes the payment instruments —cash, cards, cheques and
electronic funds transfers which customers use to make payments.

KEY REGULATION AND LAW IN AUSTRALIA

Australia’s corporate law framework is largely set out in the Corporations Act, which ASIC administers
to regulate business entities at the federal and interstate level.
Other vital pieces of legislation in Australia include:
• Banking Act 1959 (Cth)
• Banking Regulations Act 1966 (Cth)
• Reserve Bank Act 1959 (Cth)
• Australian Securities and Investments Commission Act 2001 (Cth)
• Australian Prudential Regulation Authority Act 1998 (Cth)
• Financial Sector (Shareholdings) Act 1998 (Cth)
• Financial Services Reform Act 2001 (Cth)
• National Consumer Credit Protection Act 2010 (Cth)
• Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
State-based fair trading and consumer protection acts also regulate business entities.
ASIC and APRA also release regulatory and policy statements, along with information sheets to offer
guidance to regulated entities on the interpretation of legislation and how it applies to them. ASIC focuses
on the Corporations Act and administers frequent updates, providing practical guidance on the Act’s
expectations and objectives to assist regulated entities to comply with the law.

REGULATION AND LAW — ACTIVITIES

The types of licensing and regulatory authorities that providers will encounter will depend on the activities
they conduct.
Pdf_Folio:444

444 Digital Finance

 Services considered to be financial services and services considered to be banking services are held to be
distinct under Australian law. Although overlap occurs in services provided by regulated entities, legally
distinguishing between the two is necessary to determine the nature and scope of licenses or authorisations
that may be required.

Banking Activities
To conduct a banking business within Australia, an entity is required by APRA to be an ADI. As described
in s. 5(1) of the Banking Act, a banking business must both take money on deposit (other than as part-
payment for identified goods and services) and make advances of money, or carry out other financial
activities prescribed by the regulations. Receiving deposits and making advances, or at least the intention
to provide both of these services to customers, are required to set up a banking business (APRA n.d.). The
Banking Act allows only corporations to carry on banking business in Australia. This means APRA cannot
consider applications from associations, partnerships or unincorporated entities.
The Banking Regulations 1966 built on this definition, in certain circumstances, to allow for purchased
payment facilities, and credit card acquiring and issuing. In addition to practices such as retail lending
and deposit taking for individuals, banking activities also consist of acceptance and discounting of local
bills of exchange (such as promissory notes and bank cheques) as well as foreign exchange activities
(converting funds from foreign to local currency or accepting foreign deposits). Primarily, however, lending
and acceptance of funds are the core activities of a banking business.

Financial Activities
Any individual or entity conducting a financial services business in Australia must hold an AFSL to
permit the delivery of those services, unless an exemption applies. ASIC issues AFSLs and supervises the
conduct of its licence holders. Under the Corporations Act, financial services include making a market
for financial products, providing financial product advice, operating a registered managed investment
scheme (i.e. collective investment vehicles), providing traditional trustee company services, and providing
a custodial or depository service. Under the Corporations Act, a financial product is also a facility through
which a person makes a financial investment, manages financial risk or makes non-cash payments. For the
purposes of the Corporations Act, financial products would include securities, debentures, derivatives,
bonds, and so on.

Credit Activities
Any individual or entity conducting activities that relate to a form of credit contract or consumer lease to
which the National Credit Code applies, if that activity is also specified in the National Consumer Credit
Protection Act 2010 (Cth) must obtain an ACL. However, the National Credit Code applies only if the
debtor is a strata corporation or natural person.

FINTECH INDUSTRY REGULATION IN AUSTRALIA

The burgeoning introduction of FinTech services requires existing providers to adopt FinTech to keep up
with ongoing market innovation and trends. FinTech is a major disrupting force in the financial services
industry and significantly affects the way the financial services sector does business. The largest FinTech
sectors in Australia are payments and lending. Areas such as blockchain, capital markets and RegTech
(which we will discuss later in the module) are growing.
FinTech businesses must comply with all existing laws and regulations for financial services and
consumer credit activities in Australia. FinTech businesses that carry on a financial services business in
Australia (as defined under the Corporations Act) must hold an AFSL or hold an exemption. Businesses
that engage in consumer credit activities (e.g. providing credit under a contract or consumer lease) are
covered under the ACL regime.
However, with regulations striving to keep up with an emerging industry, some FinTech services are
not subject to same levels of regulation as traditional service providers. As an example, some buy-
now-pay-later (BNPL) providers (e.g. Afterpay, Zip, OpenPay) offer credit-like products, but are not
licensed ‘credit providers’ under Australian law, and therefore the services are not covered by the National
Credit Act.
There has been a number of recent and relevant legislative changes in Australia, including the Treasury
Laws Amendment (Design and Distribution Obligations and Product Intervention Powers) Act 2019. This
legislation introduced a design and distribution obligation for financial services firms, as well as a product
intervention power for ASIC.
Pdf_Folio:445

MODULE 5 Risk Management, Governance and Regulation 445

 FinTech companies operating in the digital banking space in the financial services sector are required to
meet the minimum requirements of ADI authorisation; however, a restricted ADI licence can provide
neobanks and digital banks with an earlier opportunity to conduct limited banking activities in their
development cycle. These include:
• operational risk
• governance
• data protection and privacy
• compliance
• auditing obligations.

Inside or Outside?
Regulation for FinTech organisations can be split into two informal categories.
• Internally facing. Internally facing regulation is concerned with how an organisation regulates itself,
such as risk management and governance. APRA prudential standards are examples of how FinTechs
must uphold standards that manage their liquidity and financial risk.
• Customer facing. Customer-facing regulations are laws designed to protect consumers. These regula-
tions are especially relevant for FinTechs because they can significantly impact on customer experience.
For example, customers must be appropriately identified based on the KYC system in order to comply
with AML laws. This means FinTechs must ask more questions and gather more information than other
technology companies that do not have to comply with such laws.
Human resourcing, and external advice, must be correctly set up to comply with regulatory requirements
and licensing requirements, which can sometimes be extensive.

GLOBAL REGULATION
Where an organisation does business affects how many regulations apply. With online financial products
the jurisdictional boundaries can be less defined.
Different countries have different regulations. While no regulation is truly global, some regulations have
far-reaching impact beyond national boundaries. There are some international regulations that Australian
providers need to know about.

FATF and AML/CTF

The Financial Action Task Force (FATF) was set up as a watchdog for global money laundering and terrorist
financing. More than 200 countries have signed up to implement the international standards the FATF
has created to prevent these illegal activities. Australia’s Anti-Money Laundering and Counter-Terrorism
Financing Act 2006 (AML/CTF Act) is based on the guiding principles circulated by the FATF. Several
other countries have laws very similar to the AML/CTF Act.
The AML/CTF Act regulates AUSTRAC’s functions and imposes a number of obligations on the
financial sector, gambling sector, remittance (money transfer) services, bullion dealers, and other profes-
sionals or businesses (known as ‘reporting entities’) that provide particular services (known as ‘designated
services’). These obligations include collecting and verifying certain KYC information about a customer’s
identity when providing those services.
The AMF/CTF laws can apply to any FinTech dealing with money for others. With the emergence of
FinTech, more people are doing things online. This has created more opportunity for bad actors to engage in
illicit activity. FinTech providers must be aware of the risks. Luckily, emerging technology allows providers
to get on top of these risks through things like biometric facial ID (e.g. check and verify ID), blockchain
(e.g. clearing and settlement processes for intra-bank transactions), AI (e.g. completing small transactions,
explaining products or advice to customers) and ML algorithms that can learn to pick up on suspicious
transactions.

GDPR
The GDPR is a regulation on data protection and privacy in the EU. The GDPR has extra-territorial effect
if an entity processes personal data of an EU data subject. So, if a FinTech business targets a client in
Europe from outside of Europe, the FinTech will be responsible for GDPR compliance. The penalties for
non-compliance are high. If personal data is handled in Europe, or personal data is processed for European
data subjects, compliance with the GDPR is required.

Pdf_Folio:446

446 Digital Finance

 GDPR is generally considered the highest standard on privacy regulation. In most cases, compliance
with all aspects of GDPR will achieve compliance with other less stringent privacy regulations around the
world. Many FinTech businesses thus choose to comply with the GDPR globally for operational efficiency
rather than create separate procedures for each jurisdiction the FinTech operates in.

CRS
The Organisation for Economic Co-operation and Development (OECD) developed the Common
Reporting Standard (CRS) in 2014. It is an information standard for the automatic exchange of
information (AEOI) regarding financial accounts on a global level, between tax authorities, whose purpose
is to combat tax evasion. It is very similar to the Foreign Account Tax Compliance Act 2010 (FATCA),
the original US regulations. Many FinTechs that operate payments or bank accounts often have to comply
with FATCA/CRS obligations globally.
.......................................................................................................................................................................................
CONSIDER THIS
To what extent is global regulation relevant to the activities of your organisation or your client’s organisation?
Australian financial services businesses must report financial transactions and suspicious matters to
AUSTRAC. AUSTRAC uses the reports to analyse the data and create intelligence reports. These reports
are shared to government agencies to uncover financial crimes. This reporting helps put responsibility on the
banks to find out who is benefiting from transactions. The onus is on them to monitor the transactions.
Example 5.9 examines what can happen when an organisation turns a blind eye to FinTech regulatory
requirements.

EXAMPLE 5.9

CBA Money Laundering Scandal

When Commonwealth Bank of Australia (CBA) introduced intelligent deposit machines (IDMs) it was
to provide a machine that could do tasks that usually required a human teller, including depositing or
transferring large amounts of money. Upon rollout in May 2012, a software error in the ATMs caused the
failure to report more than 50 000 transactions to AUSTRAC, which is required to be notified within 10
business days for transactions over $10 000 or more.
AUSTRAC alleged that CBA did not limit the number of transactions a customer could make, allowed
anonymous cash deposits and that the IDMs allowed customers to deposit up to 200 notes, which could
tally up to $20 000, per transaction. Upon rollout, a person did not even need a Commonwealth Bank
account card to access the system. The IDMs also allowed money to be transferred immediately to
another bank account, including offshore accounts. Because of the lack of controls, a person making
many transactions could theoretically pass millions of dollars through an IDM — anonymously — in a
single day.
Banks must report all transactions of $10 000 or more under the AML/CTF laws to AUSTRAC. They are
also required to monitor transactions and report any suspicious activity.
Two men were arrested in 2015 for laundering $1.8 million through CBA’s IDMs. They had made many
transactions of just under $10 000, so as not to trigger the transaction being reported.
After police investigated further, they discovered four more criminal syndicates using CBA to launder
money. The syndicates were importing and trafficking narcotics throughout Australia. CBA’s IDMs had
facilitated their criminal activity.
Between 2012 and 2015, CBA had failed to deliver reports of thousands of IDM transactions to
AUSTRAC, either on time or at all, with the total amount of the transactions adding up to AUD625 million.
CBA also filed to monitor more than 750 000 accounts, which they are required to do by AUSTRAC under
AML/CTF laws to identify any suspicious transactions.
Outcome
CBA was fined AUD700 million by AUSTRAC and was required to:
• keep aside $1 billion until CBA can prove to regulators it can avoid and prevent future violations
• keep aside $200 million to implement outcomes from the Banking Services Royal Commission
• spend $100 million to improve AML/CTF systems.
Since the CBA scandal, an amendment to the AML/CTF regulations was introduced which increased
the powers of AUSTRAC and increased regulation on digital currencies.
Reputational Damage
CBA’s failures not only cause financial penalty from regulators; they also tarnished the CBA brand. In the
eyes of the public, CBA had been facilitating the activities of criminals. A failure to comply with regulation
saw crime syndicates finance distribution of illicit drugs and firearms around Australia.
Pdf_Folio:447

MODULE 5 Risk Management, Governance and Regulation 447

5.24 WHAT HAS CHANGED AND HAVE THE
REGULATIONS KEPT UP?
With the emergence of FinTech, more people are doing things online, which creates specific challenges
to overcome. In particular, cybersecurity concerns are impacting on FinTech because almost everything
a technology company does is done online. Keeping online information safe is a key concern for all
FinTech businesses.
Specific issues facing regulators include the following.
• Biometrics. There is increased risk with technology that allows providers to validate biometrics, such
as facial ID that can check ID and match it to data already held by an institution. Regulators are
encountering issues with privacy and need to reassess existing privacy and cybersecurity regulation,
which hasn’t caught up with the technology. With the example of facial recognition, regulators need to
answer the question of where that information goes.
• Screen scraping. Screen scraping a customer gives a FinTech authorisation to login to internet banking
and scrape their details to assess for lending. This ability brings up many issues around cybersecurity
and privacy. Questions regulators need to answer include the following.
– Is it safe to give account credentials to a party to login for you?
– Can you allow the company to initiate payment to the bank?
• Criminal opportunity. The new technology of FinTech has provided more opportunity for bad actors to
engage in illicit activity online as well as creating ‘honey pots’ of financial information that need to be
protected. With more data held by providers, their responsibilities grow. Regulators need to answer the
question of how all this data should be handled to protect from criminals.
• Transparency on fees. Some payment companies have started disclosing fees, particularly on exchange
rates. These companies began to disclose fees as a competitive advantage, however, now the ACCC is
considering if it may be deceptive to not disclose fees, particularly those relating to foreign exchange
conversion rates. By unbundling fees, providers are exposing a potential area that needs regulation.
Regulators will need to decide if they must step in and force other providers, particularly the big banks,
to do the same.

THE REGULATORY RESPONSE

The changing landscape is a challenge for regulators. One strategy to keep pace is to monitor regulatory
approaches around the world. The Australian government established the Select Committee on Financial
Technology and Regulatory Technology to investigate how the Australian FinTech industry could benefit
from measures other countries have taken in the FinTech space. It will review the barriers to new technology
being used in the finance industry and potential improvement on current practices.
Regulators’ responses include the following.
• Open banking. Australia has implemented the first phase of the Consumer Data Right (see module 2),
which gives consumers the right to go their bank and say they want to transfer all their details to a new
bank. It will improve consumers’ ability to compare and switch between products and services, and will
encourage competition between service providers, leading not only to better prices for customers but
also more innovative products and services.
• New Payments Platform (NPP). The NPP (see module 2) is a payments infrastructure that enables
Australian consumers, businesses and government agencies to make real-time, data-rich payments
between accounts at participating financial institutions. It supports real-time clearing and settlement
for simple or complex payments and has the potential to deliver significant back-office efficiencies. The
consumer-facing elements are called OSKO and PayID. With the introduction of these new technologies,
consumers will find it easier to move from their traditional bank to another bank or a FinTech, which
will increase competition in the sector.
• Cryptocurrency. Cryptocurrency has (see module 2) been a notoriously difficult technology to regulate
as it operates across borders, can be used by those who are anonymous and is a quasi-currency that
is sometimes treated as currency and other times as a property. To better regulate cryptocurrencies,
AUSTRAC introduced a register for cryptocurrency companies as part of the digital currency exchange
providers regime. The regime aims to reduce fraud and other illicit activities. It requires entities that
exchange ‘cryptos’ to be regulated and identify their customers. While these additional requirements
help keep the financial system safe, they create additional barriers to those wanting to enter the market.
Pdf_Folio:448

448 Digital Finance

Sandbox
Three key authorities regulate Australia’s financial services sector: ASIC, APRA and RBA. ASIC has
specifically committed to collaborating with innovative FinTech companies, guiding them through the
regulatory system and streamlining the licensing process when possible to foster innovation.
ASIC launched a ‘sandbox’ in 2016, permitting unregulated testing for up to one year for start-ups
providing specific products or services. This was extended to two years by the Treasury Laws Amendment
Act 2020. The range of eligible companies and scope of activities permitted within the sandbox was
also increased.
The goal is to give FinTech companies a chance to develop and take a minimum viable product to market
knowing it has value for users. It also provides the government with the opportunity to maintain oversight
and gain visibility of cutting-edge innovations in FinTech, so they will have a strong awareness of potential
regulatory and technological advances in the industry before they come to fruition. Moreover, the sandbox
approach protects consumers without hindering innovation, allowing new players in the FinTech industry
to test in a safe environment.
Example 5.10 explores the issue of self-regulation.

EXAMPLE 5.10

Self-Regulation: BNPL
Between exponential growth and consumer uptake in the FinTech sector lies the gap where regulators
struggle to catch up. To build consumer trust in their products and quiet their critics, FinTech companies
may need to self-regulate. This is particularly true in the case of Afterpay and other BNPL products and
services, including Klarna, Zip, OpenPay, Latitude, humm and Brighte. The Australian Financial Industry
Association (AFIA) BNPL Code of Practice came into effect on 1 March 2021, having been developed
in response to a Senate inquiry and ASIC’s calls for stronger protections due to increasing numbers of
consumers using BNPL products while BNPL companies continued to operate outside traditional credit
laws. The Consumers’ Federation of Australia submitted to AFIA that BNPL arrangements should be
controlled under the National Credit Act.
BNPL companies are contentious on two major fronts. These companies issue contracts that
prevent merchants passing on surcharges to customers, and they also feature a perceived lack of
consumer safeguards.
Contracts that Prevent Merchants Passing on Surcharges to Customers
In February 2020, following word that RBA intended to review its ‘no surcharge’ rule and possibly take
policy action, Afterpay argued in a submission to RBA that BNPL companies should have the right
to prevent retailers passing on their fees to customers. For instance, where a retailer may add a 0.6–
1.5 per cent surcharge for payment by debit or credit card at checkout or POS, thereby covering the
actual cost of the transaction for the retailer, Afterpay would continue to have the right to prevent the
retailer adding a similar surcharge each time a customer pays by Afterpay.
Afterpay’s fixed transaction fee of 30 cents plus a 3–7 per cent commission on the sales value translates
to a much higher cost to the retailer than that of a credit card company.
Afterpay’s argument is that BNPL represents an innovative, growing sector worthy of self-regulation,
and that it should neither constitute a payment system nor have regulated fees due to its small size,
uniqueness and value proposition to both consumers and merchants.
Although not all retailers necessarily want to surcharge — just as not all retailers allowing customers
to purchase by debit or credit card opt to pass on the debit or credit card surcharge now — the option
to do so would empower retailers to negotiate for fairer fees. Afterpay argues that the enforcement of
surcharges could do more than reduce revenue or damage business models — it could curtail innovation.
Yet by being able to prevent merchants from passing on their fees to consumers, BNPL companies gain
an unwarranted advantage by being able to market themselves as free to all customers who pay on time.
Lack of Consumer Safeguards
Another factor setting BNPL apart from other payment options is its window into the Gen Z and Millennial
demographics, often regarded as the most difficult to reach consumer market in the world. Yet the second
major criticism levelled at BNPL relates to its lack of consumer safeguards, largely in the form of credit
checks that would prevent vulnerable consumers from purchasing beyond their means.
While the Code of Practice includes commitments to ‘only provide our BNPL Products or Services
to customers aged 18 and over’, and to ensure that late fees are ‘fair, reasonable, and capped’, ASIC
criticised it as insufficiently vague and lacking in consumer protections, while consumer groups also raised
concerns. For instance, what constitutes a ‘fair, reasonable and capped’ late fee?

Pdf_Folio:449

MODULE 5 Risk Management, Governance and Regulation 449

 Under the Code of Practice, BNPL providers that are AFIA members agree to offer accessible hardship
programs, become members of the Australian Financial Complaints Authority and ensure that customers
are not able to spend more if they miss a payment — unlike bank-issued credit cards that enable customers
to live with revolving debt if they continue to make minimum payments. Responsible lending checks would
not be required.
The appeal of Afterpay and BNPL at large to the consumer is clear: immediacy without credit checks.
The freedom to purchase without providing proof of ability to clear the debt is precisely the lure, yet
this remains the concern of ASIC and consumer groups. Afterpay’s total spending limit is $2000, the
maximum limit per transaction is $1500, and new users are typically capped at a single order of up
to $500. Customers are limited to a maximum of three open orders, with each to be paid off in four
even instalments. Even so, customers, especially those susceptible to chronic financial hardship, could
potentially accumulate a great deal of debt simply by creating multiple accounts using different BNPL
services. Consumer groups have expressed concern that BNPL is being used to pay not for one-off
purchases but for day-to-day living expenses.
Although a clear definition of a fair, reasonable and capped late fee might be up for grabs, along with
‘upfront assessments of suitability’, it is unlikely that BNPL providers will bend to the demands of ASIC
consumer groups to require full income and expense verification for customers seeking to borrow small
amounts, which slow the application process and could potentially inhibit sales. The industry may have to
bend to offer more prescriptive rules for providers offering larger amounts, such as humm, the rebranded
Flexigroup whose ‘big things’ offering allows for borrowing of up to $60 000.
In fact, it was Flexigroup’s offering of BNPL finance for solar panel installers that acted as the trigger
for ASIC’s stinging public rebuke of the draft code. In the Australian Competition Tribunal, Flexigroup,
which had financed around 9 per cent of all Australian solar systems, challenged the ACCC’s request for
installers to only offer BNPL finance if the financier has signed an industry code of conduct requiring a
responsible lending assessment equivalent to the National Consumer Credit Protection Act. The criticism
dealt a blow to the draft code, pushing it back six months.
Barring further delays or challenges from ASIC or RBA, the Code of Practice’s terms would be
embedded into the terms and conditions of BNPL contracts so they could be enforced and customers
could complain to the AFCA if needed.
While Afterpay CEO Anthony Eisen does not see traditional credit laws as a solution for customer
protection, preferring his company’s own systems, customer-centric approach and burgeoning BNPL
industry-wide code, just how much authority a Code of Practice for BNPL companies can hold without
the ASIC and RBA stamps of approval remains in question. For many, self-regulation in a profit-motivated
industry remains a difficult concept to accept.

.......................................................................................................................................................................................
CONSIDER THIS
What are the pros and cons of self-regulation from an industry perspective, a regulator’s perspective and a
customer perspective?

5.25 WHAT DOES IT MEAN FOR A FINTECH

COMPANY OPERATING IN A GLOBAL
ENVIRONMENT?
How do you get the customer onboard, so that they use the product regularly? At each customer touch
point, in a global environment there’s a focus on different regulation.

THE CUSTOMER JOURNEY

Regulations apply at each stage of the customer journey.

Marketing
ASIC ensures financial products (including credit products) are not sold in a misleading way to consumers.
ASIC’s Regulatory Guide 234 Advertising financial products and services (including credit): Good
practice guidance gives industry guidance on what can and cannot be said when selling financial products
(ASIC 2012).
The following advice is included in the guide.
• To say financial products are ‘free’ will be subject to scrutiny from ASIC.
• If an organisation or person is selling a financial product, they will need to make sure they are
appropriately licensed with an AFSL to permit them to give financial product advice.
Pdf_Folio:450

450 Digital Finance

 Financial product advice includes:
• general advice (which is, in short, general sales information)
• personal advice (which is more involved advice that takes into consideration the consumers particular
needs and objectives).
Financial product advice is heavily regulated by ASIC to help protect consumers from misleading
advertising and unscrupulous sales tactics.

Onboarding
This involves collecting and verifying at least the full name and address, or date or birth or three years of
transaction history of the customer.
Generally, KYC information collection requires either face-to-face verification or, in the case of
FinTechs which almost exclusively operate online, electronic verification against independent and reliable
electronic databases.
The KYC process can be complicated, and the collection of the right information that may be verified
instantaneously using third party vendors is particularly important.

Transactions
A FinTech allowing transactions to be performed across borders will have to consider not only regulations
in Australia but also the jurisdiction that the payment is being made to. This includes ensuring services
are not provided to those that involve transactions that may be subject to sanctions, including United
Nations sanctions.
Sanctions include regulations on individual countries (six countries in the world have active United
States Sanctions as of 2020) or individual persons, such as terrorists, in some countries. In Australia,
DFAT offers a publicly available consolidated list of individuals and entities that have sanctions against
them (DFAT 2020).
FinTech businesses must take steps to ensure they do not breach sanctions laws by having appropriate
screening procedures in place.

Reporting of Issues
Each transaction is subject to transaction monitoring under AML/CTF regulations. This requires FinTech
providers to spot suspicious transactions and report them, within prescribed time limits, to AUSTRAC.

Disputes
Disputes arise from time to time with consumers. Generally, all AFSL holders will have to be members of
an external dispute resolution provider.
The Australian Financial Complaints Authority (AFCA) is the external dispute resolution scheme for
consumers who are unable to resolve complaints with member financial services organisations. When
members sign up to AFCA, they effectively allow AFCA to decide on disputes so that consumers do not
have to take FinTechs and other organisations to court for relatively small matters (AFCA 2020).
FinTechs must therefore have an internal dispute resolution process as well as a process for dealing with
external disputes raised to AFCA.

SOME THINGS TO LOOK OUT FOR

Providers should monitor regulations that may change or that may become more relevant as their
business grows.

Card Scheme Rules

Scheme rules are put in place to give the customer confidence that they will get their money back if, for
some reason, they do not receive the product or service they have purchased. Providers need to follow
scheme rules to protect themselves when handling payments.
Scheme rules can be thousands of pages long, and they specify how a payments company must comply
with the card scheme process. If a provider in Australia is accepting credit cards, they must comply with
the scheme rules in Australia. If providers want to use a card in a foreign jurisdiction, they must comply
with the scheme rules of that jurisdiction.

Pdf_Folio:451

MODULE 5 Risk Management, Governance and Regulation 451

 If a product or service purchased through a credit card is cancelled, or a company providing a product
or service collapses, people will want their money back. This is called chargeback. Chargeback is a big
risk to FinTechs and it is critical to know and follow the scheme rules for a particular jurisdiction.
The merchant acquirer, who provides the facility to accept payments, is liable to provide chargeback. It
is regulated by the scheme rules of the jurisdiction, not by regulators.

Scalability
AML/CTF laws are likely to impact on a provider’s reporting requirements, with mandatory breach
reporting. Practical scalability may become an issue requiring RegTech to assist with moving from a
handful of customers to hundreds of thousands, or millions.

THE FUTURE OF FINTECH FIRMS AND THEIR REGULATORS

While Australia’s FinTech regulatory framework is yet to be established, the United States and Europe are
further advanced. Consider the example of San Francisco-based FinTech company Varo Money. Having
received approval to obtain deposit insurance, Varo Money is on its way to becoming a bona fide bank in
the near future, with the approval taking them a step closer to an application for a national bank charter.
Varo Money’s progress and that of similar FinTech companies could trigger a greater shift in banking
and financial services towards tech-driven experiences, renewing regulatory interest in and commitment
to genuine financial inclusion.
While a number of Australian Government departments and regulators are working to embrace evolving
FinTech technologies, transitioning from the regulatory sandbox to the reality will help create a supportive
environment for new FinTech sector entrants and encourage competition in Australia.
.......................................................................................................................................................................................
CONSIDER THIS
FinTech regulation is a developing area and ongoing change can be expected. How does your organisation manage
the risks associated with future regulatory change?

QUESTION 5.14

Assess the implications of allowing FinTech companies to operate in a regulatory ‘sandbox’.

SUMMARY
FinTech providers operate in substantially different ways to conventional financial services providers
and institutions. Regulation is essential to balance the interests of consumers and the industry (both
new entrants and established players). Regulation focuses on consumer protection while enabling and
encouraging innovation and competition in the industry. Some parts of the FinTech industry have sought
to develop self-regulatory approaches to avoid the imposition of external regulation.
The increasingly global nature of finance requires many organisations to be aware of international
regulations, as these have effect when data and transactions cross national boundaries. As an evolving
area, it is crucial for FinTech and other financial industry organisations to be aware and prepare for
regulatory change.

Pdf_Folio:452

452 Digital Finance

 The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

5.2 Evaluate the relevant regulations and tools to provide advice to the organisation on achieving
regulatory compliance.
• FinTech regulation is not yet well established in Australia. FinTechs have been provided with
regulatory sandboxes to enable them to innovate. However, more formal regulation is likely to
develop over time, and will seek to balance the interests of stakeholders.
• Some parts of the FinTech sector have begun to develop self-regulatory approaches.
• Transactions and data that cross borders or involve parties in other jurisdictions may be subject
to international laws. Compliance with GDPR will usually achieve compliance with most other
international laws relating to data protection and privacy.

Pdf_Folio:453

MODULE 5 Risk Management, Governance and Regulation 453

PART F: REGULATORY TECHNOLOGY
INTRODUCTION
Regulatory Technology (RegTech) is the use of technology to improve regulatory processes including
regulatory monitoring, compliance and reporting. RegTech integrates a variety of technologies, but is a
developing field. As such, it is important to be aware of RegTech, maintain an ongoing watch and prepare
for its implementation.

5.26 THE BASICS OF REGTECH

Regulation requirements have reached a point where human-powered compliance cannot keep up. RegTech
offers an alternative solution.

WHAT IS REGTECH?
RegTech is the use of technology to improve regulatory processes. For example, onerous compliance
obligations such as record keeping and reporting could be solved by using DLT, where transparent audit
trails of transactions could be provided to regulators on demand.
RegTech is developing in parallel with — and partly in response to — FinTech. It is becoming an
increasingly important facet of the financial services industry. There are two main drivers for RegTech:
• increased regulatory compliance
• technology innovations.
RegTech is used to improve regulatory processes including regulatory monitoring, compliance
and reporting.
Initially introduced in many organisations to improve internal processes (in order to reduce compliance
costs), RegTech became increasingly important as a way to monitor risk in order to comply with increasing
regulatory requirements following the global financial crisis (GFC). The GFC was triggered by the practice
of financial lending companies packaging risky loans into high credit rating securities (RBA n.d.). Many
of these lenders were not subject to the same regulations as banks and when the residential market in the
United States experienced a downturn, borrowers defaulted on their loans. In addition to the lax regulations,
there were cases of fraud including overstating of borrowers’ incomes and overstating the safety of
the securities.
The GFC prompted new regulations intended to prevent high-risk loans being packaged together and
offered as securities, and to prevent fraud. This included ringfencing investment and retail banking, plans
for recovery of loans, and resolutions, revisions and reforms to the more recent prudential standards by
APRA (RBA 2019).
Following these initial regulatory developments, jurisdictions around the world have continued post-
GFC to implement growing numbers of regulatory requirements of financial institutions, in order to
protect consumers. Regulators are also trying to align their capacity to effectively monitor and analyse
the increasingly digitised nature, and the sheer volumes of data generated by the post-GFC reporting
obligations of the financial market.
The other main driver of RegTech is technological innovation, both in terms of FinTech-related
technology advances which require technological oversight, and also in terms of the technology which
makes RegTech possible. With the advancement of technologies, RegTech has the potential to help build
a better financial system by reconceptualising finance and regulation.
Traditional paper-based, human-powered compliance processes are simply not capable of keeping up
with the depth and breadth of FinTech developments. Many of the same technologies that fuel FinTech
can also be employed to assist with compliance oversight.

TECHNOLOGIES AND THEIR CAPABILITIES THAT

SUPPORT REGTECH
RegTech uses a variety of technologies as follows.
• Cloud computing enables RegTech software to access and process the large amounts of data required
for successful compliance oversight.
• Blockchain is being used by some RegTech companies for real-time record checks, digital signature
security and safeguarding the security of data (Ruby Garage 2020).
Pdf_Folio:454

454 Digital Finance

• AI, in particular ML, is being used for predictive analytics in RegTech to reduce the risk for banks and
lending companies. For example, ML can make predictions about whether or not someone is a low risk
for loans or credit cards, enabling a bank to make better judgements about loan and credit approvals for
individual customers and the customer base overall.
• Biometrics, such as facial and voice recognition, and fingerprint and iris scanning, are being explored
as potential components of KYC processes when onboarding new customers for banking, loan or credit
purposes. Biometrics are typically more secure than using passwords to protect access to systems and
data. In conjunction with AI, biometrics can be used to improve identification of customers and monitor
suspicious activity (Ruby Garage 2020).
• Big data analysis using ML algorithms is being used to assess risks and monitor suspicious financial
transactions.

THE BENEFITS OF REGTECH

Compliance requirements can be conceptualised as a funnel, as shown in figure 5.21. RegTech can distil
these requirements into reports that staff can analyse.

FIGURE 5.21 RegTech reporting for compliance requirements

Agility
To declutter big data

Analytics
To mine big data

Speed
To process and generate
reports quickly

Reports are produced for human workers

to investigate actual threats.
Source: CPA Australia 2021.

RegTech holds great promise for financial institutions by easing compliance reporting, providing
insights into possible risks and helping them keep up to date with constantly changing financial
industry regulations.
RegTech can enable progressive organisations to design faster and more robust business processes to
manage their responsibilities around regulation and compliance. RegTech uses analytic tools to mine and
declutter intertwined big data sets, which enable large amounts of data to be processed and analysed in a
shorter period of time. Using ML algorithms, RegTech systems are also capable of reducing the number of
false positives, that human resources would ordinarily have to assess on a case-by-case basis. This enables
the organisation to make better use of its human resources — they can focus on investigating actual threats,
dealing with actual non-compliance and work on other value-adding business activities.
The benefits organisations can expect from implementing RegTech include the following.
• Increased revenue. RegTech may increase an organisation’s competitiveness and in turn, revenue, by
increasing customer satisfaction, especially in the onboarding of new customers.
• Reduced costs. Increased efficiency means that fewer people will be required to manage risk and
compliance. Therefore, this function will have reduced costs.
Pdf_Folio:455

MODULE 5 Risk Management, Governance and Regulation 455

• Efficiency gains. Those staff that are involved with risk management and compliance will be able to
focus on investigating non-compliance, instead of processing information and seeking the anomalies.
• Reduced risk. Improved compliance with AML, KYC and other requirements means less risk of
reputational damage, fines and penalties.
• Greater consistency. RegTech reporting tools allow for more consistency in regulatory reporting and
compliance requirements.
These RegTech benefits to organisations should also form part of selection criteria when organisations
are defining and evaluating RegTech options. These benefits should be maximised as they will enhance
existing processes and systems, to increase both efficiency and effectiveness.
Although RegTech has developed in response to the regulations and technologies of the finance industry,
there are many possible applications in other industries which also have mandatory oversight requirements.
For example, RegTech could be used to monitor the maintenance history and flight data of every aircraft
in the world, or could be used within insurance through the use of blockchain technology and underlying
smart contracts (e.g. a smart contract could manage insurance pay-outs for crop damage based on
weather data).

MATCHING REGTECH TO THE NEED

Given that there are many technologies which may assist in fulfilling compliance requirements, RegTech
is not a ‘one-size-fits-all’ solution. Instead, there are a multitude of RegTech providers and solutions in the
market, each of which offers different capabilities. Some of the solutions offered include:
• data management
• reporting
• tax management
• risk management
• KYC/AML
• regulatory change management.
These solutions can be deployed for a single need or across processes throughout the organisation,
providing an end-to-end compliance management solution. Organisations may also elect to create their
own RegTech solution in-house, subject to capability and budget.
Regardless of the solution(s) chosen, RegTech can offer the greatest benefits when applied to key
financial industry processes.
RegTech can benefit organisations in the financial industry in a number of ways (Trulioo 2018).
• Onboarding. Signing up new customers. RegTech can be used to satisfy AML/KYC regulations by
monitoring and standardising the signing of contracts and setting up of new accounts.
• Monitoring. Ongoing activities can be analysed for compliance. A number of activities can be monitored
including threshold compliance, new regulations, market trends and employee behaviour.
• Detection. Risk or fraud can be flagged. Financial institutions can reduce money laundering and
fraudulent behaviours and thus improve compliance, which avoids fines and reputational damage
(Chau 2020).
• Reporting. Data can be stored and retrieved easily. Reporting can be streamlined, making it easier to
provide regulatory information, data privacy requirements and other transaction activity.
• Process. Consistency can be improved across regulatory processes. RegTech provides tools and controls
to improve process consistency across the organisation.
Example 5.11 examines the use of RegTech in onboarding.

EXAMPLE 5.11

Onboarding with RegTech

The Problem
Banks — like other financial entities — need to safeguard against risk due to fraudulent financial
transactions. Banks use a KYC process to validate the identity of customers when they open an account,
and periodically after that. The bank faces fines if the KYC process breaks down.

Pdf_Folio:456

456 Digital Finance

 The Impacts
The bank suffers doubly if they get it wrong.
• They receive a fine (globally banks lose billions of dollars due to compliance fines each year).
• Their reputation is damaged (which means a loss of trust with customers).
The Business Goals
The bank needed to ensure it complied fully and effectively with government KYC regulations. The
business goals required AI to:
• reduce the time required to check the customer identity documents
• ensure compliance with relevant KYC regulations
• safeguard against further damage to the bank’s reputation.
The Solution
AI cognitive technologies were used to ensure customer identity. AI technologies were implemented to
quickly scan identity documents, which improved data entry efficiency. The AI solution could also access
external sources for additional information if necessary.
The Outcome
By implementing RegTech in their onboarding process, the bank’s business goals were achieved.
• The bank had fewer instances of non-compliance.
• There was no further damage to the bank’s reputation.
• Less time was required to run periodic KYC identity checks as the information was already managed
electronically.
• Customers found the onboarding process seamless.

.......................................................................................................................................................................................
CONSIDER THIS
Does RegTech have application in your organisation or a client’s organisation? Would this likely be based on big data
analysis, blockchain, real-time monitoring or some other application of technology?

TOP-DOWN REGTECH IMPLEMENTATION

In comparison with FinTech, which has developed as a bottom-up or provider-initiated approach to
developing new services and offerings in the finance industry, RegTech is both bottom up and top down.
Not only are organisations investing in RegTech innovations to improve their business performance, but
regulatory bodies are also investigating RegTech and beginning to endorse it as the optimal way forward
to enhance both regulatory compliance and the customer experience simultaneously.

Senate Select Committee

Following the Royal Commission into Banking, the Australian Government has looked at both FinTech
and RegTech options to improve competition, compliance and consumer experience.
To investigate these issues, the federal government launched a Senate Select Committee on Financial
Technology and Regulatory Technology in September 2019 (Parliament of Australia 2019). The remit of
their investigation was:
• the size and scope of the opportunity for Australian consumers and business arising from financial
technology (FinTech) and regulatory technology (RegTech)
• barriers to the uptake of new technologies in the financial sector
• the progress of FinTech facilitation reform and the benchmarking of comparable global regimes
• current RegTech practices and the opportunities for the RegTech industry to strengthen compliance but
also reduce costs
• the effectiveness of current initiatives in promoting a positive environment for FinTech and RegTech
start-ups
• any related matters.
Submissions concluded early in 2020 and in March 2021 the committee was renamed ‘Select Committee
on Australia as a Technology and Financial Centre’. The final report was due in October 2021.

Pdf_Folio:457

MODULE 5 Risk Management, Governance and Regulation 457

ASIC Perspective
Due to the incredible growth in financial data volumes, ASIC believes it is an imperative for the
financial services industry to implement RegTech to undertake risk management and compliance functions
(ASIC 2019a).
ASIC launched a series of initiatives and invited industry participants to have a say in how to encourage
RegTech adoption and related issues. From industry input, ASIC has identified key findings that need to
be considered in a move to greater financial industry use of RegTech.
• RegTech allows analysis of large volumes of data. Increasing the speed of data analysis is key to real-time
monitoring of risk and performance, allowing organisations to provide better advice to their customers
and enhanced monitoring and reporting to regulatory authorities.
• RegTech requires improved standards of data capture. Better standards for data capture and stor-
age would ensure greater consistency across the RegTech domain, allowing organisations to better
evaluate — and ultimately also combine — different RegTech solutions for the greatest benefit.
• Resourcing is a challenge. RegTech is still somewhat experimental and will require continued resources
for development. Early capital from investors has allowed RegTech to reach a critical stage of viability,
but further investment is required to continue developing new and improved solutions (to keep pace with
the speed of FinTech and other related developments).
• Regulators can play a larger role. ASIC’s role does not have to be limited to a consumer of RegTech;
instead, by also creating industry practices, it could improve current standards.
• RegTech could streamline other areas. There is great potential for RegTech to streamline risk manage-
ment and compliance in the finance, insurance and credit industries, but RegTech adoption is not limited
exclusively to those industries.
• RegTech may pose cyber and privacy risks. Cloud-based RegTech systems used for storing data increase
the risk of cyber-attacks and data privacy breaches, so organisations will need to implement mitigating
strategies to ensure data privacy and security.
• RegTech is not easy. Early RegTech adoption will continue to rely on subject-matter experts and software
developers until greater numbers of off-the-shelf or easily adopted applications are produced.

INDUSTRY BARRIERS TO IMPLEMENTATION

The finance industry has identified various barriers to developing and adopting RegTech.
• Accessibility. Cost of the technology, lack of skills and access to data are significant barriers to many
organisations implementing RegTech.
• Increasing compliance. As organisations find it easier to report to regulators, regulators in turn may
place greater compliance demands on those organisations.
• Risk. Organisations increase risk by partnering with third-party vendors especially as there might not be
the skills or knowledge in-house to recognise those risks.
• Biased technology. There may be some built-in bias in RegTech applications due to misinterpretation
of regulations.

5.27 KEEPING UP WITH REGULATIONS

Improvements and developments to RegTech could provide the opportunity for near-real time compliance
and regulatory solutions. This should lead to more consistent and repeatable outcomes.

KEEPING UP WITH REGULATIONS IN A BANK

There have been recent changes to APRA regulation, GDPR standards and the Privacy Act in Australia —
and there will no doubt be more regulatory updates in the finance industry over time.
For many companies it is difficult to keep up with all the regulations and standards they are required
to comply with. RegTech has the ability to automate regulatory change management, which is one of the
most onerous compliance processes. Using AI, ML and other technologies the system is able to analyse
the latest regulations and requirements to identify which obligations apply to the business. It can monitor
for changes in the regulatory environment to keep the organisation are of emerging issues.

Pdf_Folio:458

458 Digital Finance

 If RegTech is being considered for such an application, the solution should be evaluated on the basis of
the following.
• Data. What type and quality of data is needed, will the solution manage the data or will that need to be
done separately?
• Agility. How quickly can the solution identify and communicate regulatory changes, and how quickly
can systems be changed accordingly?
• Validation. What validations are included and can custom-built validations be easily made?
• Maturity. How much experience does the RegTech provider have and what is their track record with
similar clients?
• Timeliness. How much of the solution can be automated and how quickly can reports be completed,
from collection, through aggregation, validation and accuracy confirmation?
Cost reductions, improved reputation management and process improvement can all be benefits of
RegTech investment. You can easily see that each of the benefits results in lower cost; however, ensuring
you perform a proper evaluation process will help maximise and optimise the selection. AI/ML solutions
may save time, so the cost would be reduced but identifying the relevant regulations is perhaps the most
important benefit as it will result in fewer fines due to non-compliance. It may also prevent loss of revenue
due to reputational damage.
Asking the correct questions and factoring in all considerations including cost, quality control, maturity,
and accuracy will help ensure the chosen solution can support the business’s objectives and meet the fast
pace of regulatory change.

5.28 PREPARING FOR REGTECH

Preparation for RegTech requires organisations to consider their human resources and their process, not
just their technological capabilities.
Many banks and larger institutions have already considered putting RegTech into practice, and have
large IT divisions to implement automated solutions specific to their regulatory requirements. Smaller
firms need to rely more on quicker and cheaper off-the-shelf RegTech solutions.
RegTech is not just about the technology though. Companies can prepare themselves for RegTech by
evaluating their manual processes to optimise them and then automate where possible. They should prepare
to engage employees in more value-adding roles and processes that require judgement once RegTech takes
over a lot of the processing work.
Small steps along the way may both improve the process and help the company determine where it
would get the most benefit from RegTech (EY 2019).

STRATEGIES FOR REGTECH IMPLEMENTATION

KPMG identifies four different ways that an organisation can approach technology innovation. These
different strategies are equally true for RegTech as for other technologies, and so it is useful to consider
them here (KPMG 2019).
• Build. Many larger financial institutions will choose to build their own RegTech applications. The main
reasons for this are that they have employees with the technical expertise to build the applications and
they also want the applications to fit neatly within their existing suite of technology solutions.
• Partner. As RegTech is a relatively new sector of information technology there are a number of start-up
companies who specialise in financial regulations. Financial institutions will often partner with these
companies to provide them with seed money to grow. This approach tends to be favoured by traditional
organisations, such as banks, that cannot afford to be left behind by FinTech start-ups, but that do not
have the required internal talent to develop bespoke RegTech solutions.
• Buy. Some financial institutions will buy technology solutions and have their own internal teams provide
support and software updates.
• Managed service. A managed cloud computing service, known as ‘Software as a Service’ (SaaS), is
maintained and run from a central location hosted on a cloud server accessible via the internet. The
service agency is fully responsible for the computer hardware and software updates.

Pdf_Folio:459

MODULE 5 Risk Management, Governance and Regulation 459

RAAS
Many IT providers are now introducing RaaS, which in the regulatory world refers to ‘Risk as a Service’,
where ML algorithms perform risk analysis for market trends or loan provision. Other organisations may
refer to it as regulation ‘Reporting as a Service’, such as provider Moody Analytics in the United Kingdom
which provides regulatory reports for banks (Moody’s Analytics 2019). Still others call it ‘Regulation as
a Service’. Regardless, in this context RaaS refers to a comprehensive RegTech solution which aims to
outsource a company’s regulatory requirements in their entirety.
The CSIRO is working on a RegTech service that provides a platform for regulatory laws that anyone
can access, called Regulation-as-a-Platform (RaaP) that might be considered a RaaS solution (CSIRO n.d.).
In a similar vein, the Compliance Hub Quarter, an Australian-based consulting group that works with
Sony, Suzuki, Choice Hotels and large energy and construction companies, has built the Compliance Hub.
Compliance Hub is a dashboard-based all-in-one compliance service that monitors risks, alerts companies
of new regulations, and assists in managing risk by providing a register with controls.
There are non-regulatory uses for the term ‘RaaS’. You might have seen the acronym ‘RaaS’ before in
other fields, as RaaS can also refer to robots-as-a-service. RaaS can pertain to both physical and virtual
robots; physical robots might be on a manufacturing floor whereas virtual robots might be providing
RPA assistance.

5.29 WHAT’S NEXT FOR REGTECH?

A significant amount of capital has been invested in the RegTech sector and it has grown exponentially and
begun to mature over a mere five-year period. Some stakeholders within the risk and compliance industry
are concerned that RegTech is only a fad, and that the growth of RegTech is not sustainable. However, there
is evidence that RegTech is now moving from the exploration and innovation phase into a production and
application phase. Example 5.12 shows how RegTech is beginning to be applied in a real-world context.

EXAMPLE 5.12

India Stack
The India Stack is a platform established by the Indian Government to enable coordination and integration
of digital services. The approach to RegTech on the India Stack platform is intended to promote financial
services access. It involves four levels.
• Level 1: Biometric identification. A national system of biometric identification was created. Identity is
an important aspect of promoting financial sector access. For this, biometric identification cards were
created. More than 1.1. billion cards were issued over the first 6 years of the platform.
• Level 2: Establishment of bank accounts. This enabled the digitisation of transfers for national services
such as pension, health and other welfare. More than 300 million were created.
• Level 3: Common payment interface. The interface was created so individuals could make payments
through a common system supported by the Reserve Bank of India.
• Level 4: Electronic KYC initiative. This initiative enables individuals to keep digital copies of all the ID
documents they need to meet KYC requirements. It also means that individuals have control of which
financial institutions can access their data.

TRUST AND REGULATION

Like AI and other new technologies, RegTech must navigate a range of common obstacles in order to reach
its potential. Two key obstacles include gaining the trust of risk professionals, and gaining the support of
regulators.
Regulatory compliance is complex, and risk professionals understand that in most cases, there is no
room for error when dealing with regulation, risk and compliance. Organisations and risk professionals
cannot afford to unquestioningly accept the promises of RegTech, as the consequences of any technological
shortcomings can prove costly.

Pdf_Folio:460

460 Digital Finance

 Organisations and risk professionals can bridge the trust gap by implementing the right vetting
process when considering implementing a RegTech solution, and implementing sensible initial strategies,
including educating stakeholders within the organisation about the benefits of RegTech, and starting small
with a pilot implementation of a prospective RegTech solution.
Regulators are also under increasing pressure to adapt to the rapid growth of FinTech and the fragmented
financial market that now includes major traditional banks, established FinTech companies and FinTech
start-ups. Regulators need to support and embrace the continued development of RegTech and avoid
questioning its ability to process the large volumes of data that technology generates. Regulators must
invest heavily in the development of data driven regulation in order to effectively deal with technological
innovations without compromising their role as regulator.

THE FUTURE
Once the sector can overcome these obstacles, RegTech has the potential to be a transformative tool
that will revolutionise financial markets and regulations. A data-driven approach coupled with innovative
technology will enable the real-time monitoring of financial markets.
As markets are becoming more and more reliant on data, large corporations and technology providers
that have access to enormous quantities of data (such as Google, Alibaba and Apple), are more likely to be
able to accurately assess a customer’s credit risk and extend them credit (through a wide variety of services
and schemes), making them strong competitors to traditional financial institutions and banks.
As these non-traditional players enter the financial services marketplace, RegTech will need to continue
to evolve rapidly to provide regulatory oversight of these transformative organisations who primarily work
within the know-your-data paradigm, rather than the traditional KYC framework.
To conclude the module, example 5.13 brings together themes of risk, compliance and RegTech in
relation to a real-world business application.

EXAMPLE 5.13

AI-Enabled RegTech to Mitigate Non-Compliant Marketing Risk

Compliance can be one of the most challenging responsibilities of financial services professionals. This is
not so much due to the mere existence of rules and regulations in relation to how financial organisations
are required to operate, but rather the volume of rules and the frequency of changes. This is referred to
as the compliance burden — the sum of the administrative costs (time, capital and human resources) of
maintaining a compliant organisation.
The compliance burden is an ongoing political issue, with various governments and the business
sector regularly seeking to ‘cut red tape’ to reduce the cost of transacting across the economy. Various
taskforces and commissions have been set up over the years, such as the 2005 Taskforce on Reduction
the Regulatory Burden on Business. Reducing the compliance burden is also a standard feature of
many economic reform programs, including Australia’s various Corporate Law Economic Reform Program
(CLERP) Acts. In 2014, the government of the day created ‘Red Tape Repeal Days’ to reduce regulation.
Some reports have focused on particular sectors, such as CPA Australia’s Regulatory burden report:
The impact of complex regulatory frameworks’, which focused on financial advice. It, for example, made
five recommendations (CPA Australia 2019).
• Review the definition of key terms.
• Refine product advice and introduce strategic financial planning advice.
• Individual licensing or registration of financial advisers.
• Align codes of ethics and continuing professional development requirements.
• Consider changes to the tax registration system.
Somewhat of a loop of regulatory change has become established, cycling through a process of
issue identification, commission/inquiry report, regulatory adjustment, regulatory implementation (often
different from the original intent) and regulatory adjustment in response to post-implementation reviews
and lobbying, and then returning to identify new issues and thus start the cycle again.
The 2017–19 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services
Industry found significant breaches of compliance and other legal obligations by regulated financial entities
within financial services. Interestingly, the first volume of the final report contains a section on regulatory
change that includes the suggestion to make such changes carefully and simply (Hayne 2019, pp. 16–17):

Treasury, and many of the entities that made submissions, urged the need for caution before
recommending change. This is undeniably right.

Pdf_Folio:461

MODULE 5 Risk Management, Governance and Regulation 461

 As I said in the Interim Report, adding a new layer of regulation will not assist. It will add to what is
already a complex regulatory regime. No doubt the financial services industry is itself complicated.
That may be said to explain why the regulatory regime is as complicated as it is. But closer attention
will show that much of the complication comes from piling exception upon exception, from carving out
special rules for special interests. And, in almost every case, these special rules qualify the application
of a more general principle to entities or transactions that are not different in any material way from
those to which the general rule is applied.

History shows, as Treasury submitted, that legislative simplification can be a long and difficult task.
Programs to simplify the law relating to income taxation and to reform corporate law have extended
over many years — well beyond the life of a single Parliament. And I do not doubt that simplifying
the law that relates to the financial services industry would be a large task. But there are two parts of
that task that can inform, and I consider should inform, what is done in response to this Report.

First, it is time to start reducing the number and the area of operation of special rules, exceptions
and carve outs. Reducing their number and their area of operation is itself a large step towards
simplification. Not only that, it leaves less room for ‘gaming’ the system by forcing events or
transactions into exceptional boxes not intended to contain them.

Second, it is time to draw explicit connections in the legislation between the particular rules that are
made and the fundamental norms to which those rules give effect. Drawing that connection will have
three consequences. It will explain to the regulated community (and the regulator) why the rule is
there and, at the same time, reinforce the importance of the relevant fundamental norm of conduct.
Not only that, drawing this explicit connection will put beyond doubt the purpose that the relevant
rule is intended to achieve. And, the further consequence will be to highlight the fact that exceptions
and carve outs like grandfathered commissions constitute a departure from applying the relevant
fundamental norm. Emphasising the fact of departure may assist in reducing both the number and
the extent of these qualifications.

It is important to remember why compliance regimes exist:

• to prevent and detect breaches of the rules and regulations
• to protect the business and its employees from prosecution, fines and reputational damage
• to protect consumers and other stakeholders
• to protect the broader social contract of a business or other entity to operate.
Balancing these priorities is a challenge. Indeed, self-imposed red tape accounts for between 6 and
10 hours a week for most employees — this covers things such as approvals, procurement processes,
committee work, HR and IT processes. This is estimated to cost the economy AUD155 billion, in addition
to an estimated AUD95 billion cost of administering and complying with regulations.
In summary, the continually changing regulatory environment and the risk of not meeting obligations
represent a key issue for financial organisations. Enter RegTech. As described in part F of this module,
RegTech refers to the use of technology to improve regulatory processes across monitoring, reporting
and compliance — both from the regulator perspective and the regulated entity perspective. Applications
include surveillance, compliance data management, fraud prevention and audit, drawing from big data
sources such as transaction databases, website content and cloud storage. A Productivity Commission
(2020) report argued RegTech could be most beneficial where:
• regulatory environments are particularly complex to navigate and monitor
• there is scope to improve risk-based regulatory approaches, thereby targeting the compliance burden
and regulator efforts
• technology can enable better monitoring, including by overcoming constraints related to physical
presence
• technology can safely unlock more uses of data for regulatory compliance.
RegTech has a wide range of potential applications in financial services and this is likely to increase
significantly over time. KPMG (2021) suggests that by 2030 RegTech will have ‘enabled near-real-time
supervision and influenced a shift in enforcement’. The RegTech Association membership list (figure 5.22)
illustrates the significant breadth of participation and focus in the area.

Pdf_Folio:462

462 Digital Finance

 FIGURE 5.22 RegTech Association membership

Source: The RegTech Association 2021.

Identifying the Issue

There is a long list of current and potential applications for RegTech in financial services. One of these
relates to matters in RG234 ‘Advertising financial products and services (including credit): Good practice
guidance’. This document guides regulated entities in complying with legal obligations in relation to false
and misleading statements; misleading and deceptive conduct; prohibited activities such as hawking;
canvassing of credit at home; and disclosure provisions for particular financial products. The rationale for
these rules is that consumers can be influenced by advertising and use the information in these as part
of their process for making financial decisions.
In recent years, ASIC has taken steps to enforce these requirements. For example:
• In April 2020, ASIC commenced proceedings in the Federal Court against Mayfair 101 group in relation
to advertising statements that were alleged to be false, misleading and deceptive in terms of the
characteristics of the debenture products they had issued. In January 2021, ASIC announced that the
Federal Court had ordered the winding up of the issuer of the securities.
• In May 2020, ASIC warned consumers that investment advertising may not be ‘true to label’ and, in
doing so, put the industry on notice that products should not be ‘marketed as having features like low
risk of loss, regular returns or easy access to withdrawals unless the product issuer has reasonable
grounds to believe they have and will continue to have such features through the economic cycles’
(ASIC 2020). ASIC further warned that broad statements in product marketing and the fine print in any
offer document must reconcile.
• In June 2020, ASIC raised concerns with seven regulated entities about advertising practices related
to investment funds including unbalanced comparisons, safety and stability representations, and
withdrawal representations.
• In February 2021, ASIC announced it had laid criminal charges against Allianz and AWP for allegedly
making false statements regarding the sale of domestic and international travel insurance in information
published online.
• In March 2021, ASIC announced it had commenced proceedings against REST Superannuation for
false and misleading representations to members in relation to their ability to transfer their account to
other superannuation funds. These representations included information in general publications and
standard forms distributed to members.
• In a broader matter about information provided to clients, in March 2021 Dover Financial Advisers and
its sole director were ordered to pay AUD1.44 million in penalties for false and misleading conduct
in relation to a client protection policy that the Federal Court found to make false and misleading
statements. The Court found that the document did not protect clients, but instead purported to strip
clients of the rights and consumer protections to which they were entitled under the law.

Pdf_Folio:463

MODULE 5 Risk Management, Governance and Regulation 463

 How to Approach the Issue
Deloitte (2021) identified more than 400 RegTechs offering services across regulatory reporting, risk
management, identity management and control, compliance and transaction monitoring. Compliance
services are by far the largest niche. For example, Ai-XPRT, Red Marker and TIQK are solutions
providers using AI to automatically analyse clients’ marketing and advertising materials against regulatory
obligations. The systems vary in complexity and capabilities. Some are able to automatically identify
relevant regulations and monitor them in real-time for new rules or changes to existing rules, while others
require the relevant rules to be preconfigured in the system. Some require the solution to be fed documents
of interest, while others are able to scan online published content, such as websites, the original or draft
documentation (e.g. Word files) used to generate print published content and one-on-one communications
content such as the text of (draft) email messages and attachments from the client firm and its staff to
their customers and potential customers.
For example, Ai-XPRT was deployed by a global investment fund to automate its compliance review
of product marketing brochures. Ai-XPRT’s collateral verification and assurance (CVA) solution uses a
variety of technologies, ranging from a simple check for prohibited phrases and keywords in marketing
materials, through to natural language processing and ML technologies that assess the meaning of the
content against regulatory requirements pre-configured by the client organisation’s compliance team.
Red Marker’s product similarly identifies high-risk words, incorrect disclaimers, unclear language, mis-
leading phrases and other such risks. For example, Red Marker can identify instances where a statement
may constitute financial advice and check that it is accompanied by a standard disclaimer/warning that
the advice is general in nature and that the client should seek advice for their specific circumstances. Like
CVA XPRT, Red Marker’s product requires documents to be submitted for review and and websites to
be specified for continuous/regular scanning. In addition to the compliance issues mentioned above, Red
Marker can compare data presented in marketing materials against external sources to check for accuracy
and check calculations for errors. The analysis is supplied back to the client in the form of a ‘red-penned’
edit (similar to how a teacher might mark up and annotate a student assignment) to highlight concerns
with specific detection of risks (linked to the regulation or rule in question) in the reviewed documents.
A relative risk score is generated to indicate the attention/urgency the client should give to the flagged
issue, and in some cases a general approach to resolving the problem is outlined. For example, in relation
to a statement on a website ‘You can count on superior rates on all our personal loan products’, the
system would generate the warning ‘Your content appears to include an overstatement term within close
proximity of a reference to a financial product or service’, with a risk rating of 5/5 and advice that the
statement should be revised if it cannot be substantiated. Essentially, the system is warning that it is not
acceptable to make a sweeping statement that the interest rates on all of the organisation’s loans will beat
those on all competing products.
As Red Marker’s system learns, it becomes more adept at analysing complex conditions and relation-
ships within the content to enhance its risk detection performance. Red Marker claims its AI-powered
solution is up to 30 times faster than manually checking items.
TIQK Analytics similarly monitors the content of the financial advice provided by its client organisations
against the controls and disclosures the client has established. TIQK features a dashboard that displays
visualisations of risks and indicators for the statements of advice and records of advice issues by the
organisation. In addition to identifying specific problems with individual documents, the dashboard enables
management to easily identify recurring issues and thus become aware of specific areas in need of
improvement. The system also generates alerts, such as when a threshold average risk rating is exceeded.
The system allows management to drill down to the individual financial adviser level to examine an
individual’s details, such as number of files reviewed, the average risk rating of their clients, details of
the risk profile and an assessment against ASIC requirements.
RegTech solutions such as these offer potential for financial institutions to reduce risk and enhance
compliance by supplementing human manual review and also more efficiently targeting human effort.
Further Applications
Given the range of compliance requirements in financial services and the attached raft of product and
service documentation, systems, websites and other materials, the potential for AI-powered solutions
such as Ai-XPRT, Red Marker and TIQK to assist in both alleviating the burden and reducing risk are
significant. Further application of this technology to automatically monitor regulatory changes and deal
with increasingly complex documents, such as product disclosure and contracts, are just some examples
of how the future of compliance, regulation and regulatory supervision in financial services and other
industries is likely to evolve in the coming years.

Pdf_Folio:464

464 Digital Finance

 QUESTION 5.15

Outline the regulatory and compliance issues that FinTech companies should consider when
planning global operations.

SUMMARY
RegTech is the use of technology to improve regulatory processes including regulatory monitoring, com-
pliance and reporting. It is being driven by increased regulatory compliance and technology innovations,
such as cloud, blockchain, AI and big data.
The benefits of RegTech potentially include increased revenue, reduced costs, efficiency gains, reduced
risk and greater consistency in regulatory reporting and compliance requirements regulators are interested
in the use of RegTech to improve reporting and compliance as well as enhance customer experience.
RegTech is a new technology. The barriers to using it include the cost, lack of skills and lack of data, a
fear that it will lead to increasing compliance demands, risks associated with the new technology and the
organisations that supply it and the possibility of biases built into the technology.
Preparing for RegTech needs to look at not just the technology, but also the organisation’s processes and
how its people will be deployed into more value-adding activities.
The key points covered in this part, and the learning objective they align to, are as follows.

KEY POINTS

5.2 Evaluate the relevant regulations and tools to provide advice to the organisation on achieving
regulatory compliance.
• RegTech tools use technology for regulatory monitoring, compliance and reporting.
• The benefits of RegTech may include increased revenue, reduced costs, efficiency gains, reduced
risk and greater consistency in regulatory reporting and compliance requirements.
• Barriers to using RegTech may include cost, lack of skills, lack of data, the possibility it will lead to
increasing compliance demands, risks associated with the new technology and the organisations
that supply it, and the possibility of biases built into the technology.
• RegTech may be built in-house, built by a partner, purchased or accessed via a cloud
service provider.
5.5 Design an effective action plan to deal with compliance and potential compliance breaches.
• RegTech integrates technology into compliance solutions drawing on a range of approaches,
including advanced applications such as ML to automatically identify regulatory requirements, thus
facilitating compliance.

Pdf_Folio:465

MODULE 5 Risk Management, Governance and Regulation 465

REVIEW
Throughout the study guide, we have seen that pervasive interconnected technologies have enabled the
continuous generation and free exchange of data between individuals and organisations. Data is now the
most valuable asset of many organisations. Individuals are often willing to provide organisations with
access to their data in return for high-quality personalised products, services and experiences. Like any
business asset, the risks associated with data must be managed to ensure the business’s ability to achieve
its objectives is not compromised.
Accounting and finance professionals need to be able to advise on and participate in strong risk
governance, a positive risk culture and robust risk management processes to identify and manage risks
associated with digital finance.
In this module, we have explored a comprehensive risk management process based on ISO 31 000
and described the requirements of good risk governance. We also looked at industry standards (NIST
and ISO/IEC 27001) and best practices for cybersecurity and information security management systems,
including the selection of controls to protect physical and information assets.
Compliance was discussed in the context of ISO 19600. The evolving nature of the regulatory
environment for financial services, and in particular, FinTech was discussed, with an emphasis on how
regulators are attempting to balance the desire for stakeholder protection with the imperative to encourage
and facilitate innovation in the FinTech sector. The module concluded with a discussion of RegTech, the
emerging technologies that help an organisation identify and comply with their regulatory obligations.
With the information in this module, the accounting and finance professional should be able to play a
valuable role in risk governance, risk management, data security and compliance.

REFERENCES
ACCC (Australian Competition and Consumer Commission) n.d., ‘Consumer data right (CDR)’, accessed August 2020, https://
www.accc.gov.au/focus-areas/consumer-data-right-cdr-0
Accenture 2016, ’Building digital trust: The role of data ethics in the digital age’, accessed 27 April 2021, https://www.accenture.
com/_acnmedia/PDF-22/Accenture-Data-Ethics-POV-WEB.pdf
Australian Institute of Cultural Directors 2016, ‘Types of directors’, accessed October 2020, https://aicd.companydirectors.com.
au/-/media/cd2/resources/director-resources/director-tools/pdf/05446-1-10-mem-director-t-bc-types-of-directors_a4_
web.ashx/
Allens 2019, ‘What this means for governance and directors’ duties. Better governance for all: It’s not just lessons for the banks’,
accessed October 2020, https://www.allens.com.au/campaigns/financial-services-royal-commission/what-this-means-for-govern
ance-and-directors-duties/
APRA (Australian Prudential Regulation Authority) 2019, ‘Transforming governance, culture, remuneration and accountability:
APRA’s approach’, accessed October 2020, https://www.apra.gov.au/sites/default/files/Transforming%20governance%2C%20c
ulture%2C%20remuneration%20and%20accountability%20-%20APRA%E2%80%99s%20approach.pdf
APRA (Australian Prudential Regulation Authority) 2020, ‘Understanding and managing the financial risks of climate change’,
accessed October 2020, https://www.apra.gov.au/understanding-and-managing-financial-risks-of-climate-change/
ASIC (Australian Securities and Investments Commission) 2012, ‘RG 234 Advertising financial products and services (including
credit): Good practice guidance’, accessed October 2020, https://asic.gov.au/regulatory-resources/find-a-document/regulatory-
guides/rg-234-advertising-financial-products-and-services-including-credit-good-practice-guidance/
ASIC (Australian Securities and Investments Commission) 2019a, ‘ASIC RegTech Initiative Series 2018-2019 Results and
Primary Observations’, accessed September 2020, https://asic.gov.au/for-business/innovation-hub/asic-and-RegTech/asic-
RegTech-initiative-series-2018-19/results-and-primary-observations/
Barlow, J 2017, ‘Compliance and risk management: Interrelated, but not the same’, Board Effect, 15 March, accessed August
2020, https://www.boardeffect.com/blog/compliance-risk-management-interrelated-not/
Bartlett, J 2019, ‘The £4bn OneCoin scam: how crypto-queen Dr Ruja Ignatova duped ordinary people out of billions — then went
missing’, accessed October 2020, https://www.thetimes.co.uk/article/the-4bn-onecoin-scam-how-crypto-queen-dr-ruja-
ignatova-duped-ordinary-people-out-of-billions-then-went-missing-trqpr52pq/
CapGemini 2018, ‘Leveraging the opportunities of open banking: The KYC platform’, 29 October, accessed August 2020,
https://www.capgemini.com/nl-nl/2018/10/leveraging-the-opportunities-of-open-banking-the-kyc-platform/
Chau, D 2020, ‘Westpac expects $900 million penalty for breaching money laundering laws’, 14 April, accessed September 2020,
https://www.abc.net.au/news/2020-04-14/westpac-1.4-billion-hit-to-first-half-earnings/12146360
CIO Australia 2017, ‘What is GRC and why do you need it?’, CIO, 11 July, accessed September 2020, https://www.cio.com/
article/3206607/what-is-grc-and-why-do-you-need-it.html
CISO 2016, ‘Understanding difference between Cyber Security & Information Security’ CISO Platform’, accessed October 2020,
https://www.cisoplatform.com/profiles/blogs/understanding-difference-between-cyber-security-information
CPA Australia 2019, ‘Regulatory burden — The impact of regulatory complexity’, accessed March 2021, https://www.cpaaustralia
.com.au/public-practice/toolkit/regulatory-burden
Pdf_Folio:466

466 Digital Finance

Creary, S et al. 2019, ‘When and Why Diversity Improves Your Board’s Performance’, Harvard Business Review, accessed
October 2020, https://hbr.org/2019/03/when-and-why-diversity-improves-your-Boards-performance/
CSIRO n.d., ‘Regulation as a Platform’, accessed September 2020, https://data61.csiro.au/en/Our-Research/Our-Work/Future-
Cities/Optimising-service-delivery/RaaP
Deloitte 2015, ‘Building world-class ethics and compliance programs: Making a good program great: Five ingredients for your
program’, accessed October 2020, https://www2.deloitte.com/content/dam/Deloitte/no/Documents/risk/Building-world-class-
ethics-and-compliance-programs.pdf
Deloitte 2019, ‘Banking Executive Accountability Regime (BEAR). Preparing for accountability regimes in superannuation,
insurance and beyond’, accessed October 2019, https://www2.deloitte.com/au/en/pages/audit/articles/banking-executive-
accountability-regime.html/
Deloitte 2018, ‘What board members need to know — and do: Information technology risks in financial services’, accessed
October 2020, https://www2.deloitte.com/us/en/pages/center-for-board-effectiveness/articles/information-technology-risks-
financial-services.html
Department of Finance 2020, ‘Risk appetite and tolerance’, accessed October 2020, https://www.finance.gov.au/
government/comcover/education/risk-appetite-tolerance
DFAT (Department of Foreign Affairs and Trade) 2020, ‘Consolidated list’, accessed October 2020, https://www.dfat.gov.au/
international-relations/security/sanctions/Pages/consolidated-list
European Union 2019, ‘Ethics Guidelines for Trustworthy AI’, accessed October 2020, https://ec.europa.eu/futurium/en/ai-
alliance-consultation/
EY 2019, ‘Regulatory technology (RegTech): Navigating the right technology to manage the evolving regulatory environment’,
accessed September 2020, https://assets.ey.com/content/dam/ey-sites/ey-com/en_us/topics/financial-services/ey-regulatory-
technology-RegTech.pdf/
Fenwick, M & Vermeulen, EP 2019, ‘Technology and corporate governance: blockchain, crypto, and artificial intelligence’,
Tex. J. Bus. L., vol. 48, vol. 1.
Ferguson, A 2016, ‘Report slams National Australia Bank’s risk management’, Financial Review, 15 May, accessed October 2020,
https://www.afr.com/companies/financial-services/report-slams-national-australia-banks-risk-management-20160515-govh0z
Government Information Quarterly, vol. 37, iss. 3, accessed October 2020, https://www.sciencedirect.com/science/article/abs/pii/
S0740624X20302719/
Grieve, C 2020, ‘Westpac announces record-breaking $1.3b fine’, The Sydney Morning Herald, accessed October 2020, https://
www.smh.com.au/business/banking-and-finance/westpac-announces-record-breaking-1-3b-fine-20200924-p55yno.html
Grugan, T 2020, ‘Westpac’s alleged AML failures are back in the news’, JD Supra, 15 June, accessed October 2020, https://www.
jdsupra.com/legalnews/westpac-s-alleged-aml-failures-back-in-47007/
Harris, K 2017, ‘Embracing the disruptive future of AI’, Australian Institute of Company Directors, accessed October 2020,
https://aicd.companydirectors.com.au/membership/membership-update/embracing-the-disruptive-future-of-ai/
Haynes, KM 2019, ‘Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final
Report’, ‘The Haynes Report’, vol. 1, Commonwealth of Australia, accessed March 2021, https://cdn.treasury.gov.au/uploads/
sites/1/2019/02/fsrc-volume1.pdf
Hickman, E & Petrin, M 2020, ‘Trustworthy AI and Corporate Governance — The EU’s Ethics Guidelines For Trustworthy
Artificial Intelligence from a Company Law Perspective’, 21 May, SSRN: https://ssrn.com/abstract=3607225
Hilb, M 2020, ‘Toward artificial governance? The role of artificial intelligence in shaping the future of corporate governance’,
accessed October 2020, https://link.springer.com/article/10.1007/s10997-020-09519-9/
Hosch, C n.d., ‘Common mistakes, problems and concerns companies face during implementation and maintenance of corporate
compliance programs’, Martindale, accessed October 2020, https://www.martindale.com/matter/asr-2113742.Common.pdf
Hutchins, G n.d., ISO 31000 Principles of Risk Management, accessed October 2020, https://accendoreliability.com/iso-31000-
principles-risk-management/
ICO n.d., ‘Individual rights’, accessed October 2020, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-
general-data-protection-regulation-gdpr/individual-rights/
International Organization for Standardization (ISO) 2015, ‘Compliance management systems – guidelines, ISO.
International Organization for Standardization (ISO) n.d.-a. ISO 19600:2014, accessed October 2020, https://www.iso.org/obp/ui
/fr/#iso:std:iso:19600:ed-1:v1:en
International Organization for Standardization (ISO) n.d.-b. ‘Certification and conformity’, accessed October 2020, https://www.
iso.org/conformity-assessment.html
IT Governance 2021a, ‘What is ISO 27001?’ IT Governance.
IT Governance 2021b, ‘Cyber Security as a Service’, IT Governance, accessed April 2021, https://www.itgovernance.co.uk/
cyber-security-as-a-service/
Janssen, M et al. 2020, ‘Data governance: Organizing data for trustworthy Artificial Intelligence’, Government Information
Quarterly, vol. 37, iss. 3.
Khoury, P 2017, ‘Independent Review Code of Banking Practice’, accessed October 2020, http://cobpreview.crkhoury.com.au/
wp-content/uploads/sites/2/2017/02/Report-of-the-Independent-Review-of-the-Code-of-Banking-Practice-2017.pdf/
KPMG 2016, ‘Compliance framework’, accessed August 2020, https://assets.kpmg/content/dam/kpmg/ch/pdf/compliance-
framework-en.pdf
KPMG 2019, ‘RegTech beyond compliance’, accessed September 2020, https://home.kpmg/au/en/home/insights/2019/03/
beyond-compliance-fs.html
KPMG 2021, ’30 voices on 2030: The new reality for financial services’, accessed March 2021, https://assets.kpmg/content/
dam/kpmg/au/pdf/2021/30-voices-on-2030-new-reality-financial-services.pdf
MacCormick, J 2019, ‘Governing organisational culture’, Australian Institute of Company Directors, accessed October 2020,
https://aicd.companydirectors.com.au/-/media/cd2/resources/director-resources/director-tools/2019/pdf/governing-culture/
07236-3-mem-3-organisation-governing-organisational-culture-july-19-a4-web-v3.ashx
Pdf_Folio:467

MODULE 5 Risk Management, Governance and Regulation 467

McKinsey 2019, ‘The risk based approach to cybersecurity’, accessed October 2020, https://www.mckinsey.com/business-
functions/risk/our-insights/the-risk-based-approach-to-cybersecurity
McMenemy, L 2019, ‘What is a governance framework’, accessed October 2020, https://insights.diligent.com/entity-governance/
what-is-governance-framework/.
McPherson, S 2018, ‘Corporate responsibility: What to expect in 2019’, Forbes, 14 January, accessed October 2020, https://www.
forbes.com/sites/susanmcpherson/2019/01/14/corporate-responsibility-what-to-expect-in-2019/#7577c45a690f/
Moody’s Analytics 2019, ‘Moody’s Analytics launches regulatory Reporting-as-a-Service solution for banks’, accessed September
2020, https://www.moodysanalytics.com/about-us/press-releases/2019-10-31-moodys-analytics-launches-regulatory-raas-soluti
on-for-banks
National Institute of Standards and Technology 2018, ‘Framework for Improving Critical Infrastructure Cybersecurity.
Version 1.1’, accessed October 2020, https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf/
n.d., ‘IBM Verify Credentials: Transforming digital identity into decentralized identity’, accessed August 2020, https://www.ibm.c
om/blockchain/solutions/identity
NIST 2018, ’An introduction to the components of the framework’, accessed 27 April 2021, https://www.nist.gov/cyberframework
/online-learning/components-framework,
Office of the Australian Information Commissioner 2020, ‘Guide to undertaking privacy impact assessments’, accessed October
2020, https://www.oaic.gov.au/privacy/guidance-and-advice/guide-to-undertaking-privacy-impact-assessments/
Open Compliance and Ethics Group (OCEG) 2020, ‘What is GRC?’, accessed August 2020, https://www.oceg.org/about/what-
is-grc/
Organisation for Economic Co-operation and Development 2000, ‘Reducing the risk of policy failure: Challenges for regulatory
compliance’, accessed October 2020, https://www.oecd.org/gov/regulatory-policy/1910833.pdf
Parker Poe Adams & Bernstein LLP 2013, ‘The link between risk management and compliance.’ Lexology. 11 November,
accessed August 2020, https://www.lexology.com/library/detail.aspx?g=0f4cec83-ffdf-41c2-92ac-7567bd09401f
Parliament of Australia 2019, ‘Select Committee on Financial Technology and Regulatory Technology’, accessed September 2020,
https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Financial_Technology_and_Regulatory_Technology/
Patrick, A 2019, ‘Westpac unleashes the compliance hounds’, Financial Review, accessed October 2020, https://www.afr.com/com
panies/financial-services/westpac-unleashes-the-compliance-hounds-20191128-p53f1z
Pearson, S 2020, ‘What is compliance management & why it’s so important’, accessed August 2020, https://tallyfy.com/what-is-
compliance-management/
Pocock, L & Hicks, K 2019, ‘Climate change a growing focus for Boards’, Australian Institute of Company Directors, accessed
October 2020, https://aicd.companydirectors.com.au/advocacy/governance-leadership-centre/external-environment/climate-
change-a-growing-focus-for-Boards/
Productivity Commission 2020, ‘Regulatory technology’, information paper, accessed March 2021, https://www.pc.gov.au/
research/completed/regulatory-technology
PwC 2020, ‘Financial services technology 2020 and beyond: Embracing disruption’, accessed October 2020, https://www.pwc.
com/gx/en/industries/financial-services/publications/financial-services-technology-2020-and-beyond-embracing-
disruption.html
PwC Australia 2019, ‘Compliance on the forefront: Setting the pace for innovation’ accessed October 2020, https://www.pwc.
com.au/assurance/internal-audit/state-of-compliance-AU-2019.pdf
Reserve Bank of Australia 2019, ‘A decade of post-crisis G20 financial sector reforms’, accessed September 2020, https://www.
rba.gov.au/publications/bulletin/2019/jun/a-decade-of-post-crisis-g20-financial-sector-reforms.html/
Reserve Bank of Australia n.d., ‘The Global Financial Crisis’, accessed February 2021, https://www.rba.gov.au/education/
resources/explainers/the-global-financial-crisis.html
Retna, S 2018, ‘Why Australian financial services firms need to reimagine risk and compliance’ Accenture, 27 July, blog, accessed
August 2020, https://financeandriskblog.accenture.com/regulatory-insights/regulatory-compliance/why-australian-financial-
services-firms-need-to-reimagine-compliance-risk-management
Reuters 2020, ‘Australia’s Westpac reveals findings from compliance review’, accessed October 2020, https://www.reuters.com/
article/us-westpac-regulator-idUSKBN23A3HC
riskonnect 2020, ‘Compliance vs. risk management: What’s the big difference’, accessed August 2020, https://riskonnect.com/risk-
management-information-systems/compliance-vs-risk-management/
Ruby Garage 2020, ‘What is RegTech? A must-have guide for 2020’, blog, accessed September 2020, https://rubygarage.org/blog/
what-is-RegTech
Shorten, B 2020, ‘Stop tinkering. It’s time for Compliance 2.’, blog ,accessed August 2020, https://financeandriskblog.accenture.
com/regulatory-insights/regulatory-compliance/stop-tinkering-its-time-for-compliance-2-0
Staples, W & Linden, A 2019, ‘Reimagining the future of corporate governance in Australia’, Green Agenda, accessed October
2020, https://greenagenda.org.au/2019/05/reimagining-corporate-governance/
Stickman 2018, ‘What you need to know about CyberSecurity-as-a-Service (CSaaS)’, accessed October 2020, https://www.
stickman.com.au/need-know-cybersecurity-service-csaas/
Storbeck, O 2020, ‘Germany to overhaul accounting regulation after Wirecard collapse’, Financial Times, accessed October 2020,
https://www.ft.com/content/e037d830-cfd8-4bca-853d-d49f48e67f13/
Stupp, C 2019, ‘Fraudsters used AI to mimic CEO’s voice in unusual cybercrime case’, Wall Street Journal, accessed October
2020, https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402/
Sussman, B 2019, ‘Cybersecurity vs. data security’, accessed October 2020, https://www.secureworldexpo.com/industry-news/
cybersecurity-vs-data-security-definition
The RegTech Association 2021, ‘RegTech Members map’, accessed April 2021, https://regtech.org.au

Pdf_Folio:468

468 Digital Finance

Tranchard, S 2018, ‘The new ISO 31000 keeps risk management simple’, ISO, accessed October 2020, https://www.iso.org/news/
ref2263.html#:~:text=Risk%20is%20now%20defined%20as,on%20an%20organization’s%20decision%20making.&text=This%
20gives%20managers%20the%20flexibility,and%20objectives%20of%20their%20organization
Trulioo 2018, ‘RegTech: 5 steps to understand regulation technology’, blog, accessed September 2020, https://www.trulioo.com/
blog/RegTech/ (Accessed 24 September 2020).
Wright, A 2018, ‘Thinking of expanding your business overseas? Your cyber security compliance just got more complicated’,
accessed October 2020, https://riskandinsurance.com/cyber-security-compliance-overseas/

Pdf_Folio:469

MODULE 5 Risk Management, Governance and Regulation 469

Pdf_Folio:470
GLOSSARY
A/B testing An approach to proving causation in which each experiment subject is randomly assigned to
one of the variant groups to compare which is more effective.
accept In relation to risk, choosing to accept the risk rather than attempt to transfer, mitigate or avoid it.
accountability Responsibility for one’s actions.
algorithm A set of rules.
altcoins See alternative cryptocurrencies.
alternative cryptocurrencies Cryptocurrencies other than Bitcoin.
alternative finance Any form of financing through sources outside the conventional financial system.
analytics The use of skills, processes and technologies to derive information from data.
artificial intelligence (AI) A machine that uses algorithms to simulate human intelligence.
association rule mining An unsupervised learning technique used in business to find interesting
relationships between variables (items or events).
attack surface The total number of points within a business that are exposed to any form of exploitation.
attended RPA RPA in which the bot resides on a human user’s computer and is triggered by the user
as needed.
Australian credit licence An ASIC licence for organisations offering consumer lending.
Australian financial services licence (AFSL) An ASIC licence for organisations offering financial
services/products.
Australian Prudential Regulation Authority (APRA) An independent statutory authority that
supervises banking, insurance and superannuation institutions.
Australian Securities and Investments Commission (ASIC) The Australian regulator of corporations,
markets, financial services and consumer credit. It oversees the financial system, promotes informed
participation, and makes information about Australian companies available to the public.
Australian Transaction Reports and Analysis Centre (AUSTRAC) A regulatory body that monitors
the financial system for potential criminal activity, including serious crime and organised crime.
authority The ability or power to direct, command and monitor activities.
automation The use of technology to replace or complement human labour.
availability The quality of data and information that exists when access to data is correctly aligned to
authorised users.
avoid In relation to risk treatments, avoiding the actions that would lead to the risk.
balance sheet lending Provision of a loan directly to a consumer or business owner via an electronic
platform, which raises funds and assumes the risk of the loan.
balanced scorecard A strategic and operational planning and management tool that can be used as
framework to identify and assess a range of financial and non-financial benefits or performance
indicators.
banking-as-a-platform (BaaP) Provision of banking services by which banks integrate services from
other FinTechs to change the banks’ existing offerings.
banking-as-a-service (BaaS) Provision of banking services by which organisations with a banking
licence integrate their digital banking services directly into the products and services of other
non-bank businesses.
banking business A corporation that takes money on deposit (other than as part-payment for identified
goods and services) and makes advances of money, and is an APRA-approved authorised deposit-
taking institution.
bias An inclination or prejudice for or against someone or something.
big data The datasets that arise from the pervasive creation and generation of data in the Network Age,
characterised by volume (the large quantity of data), variety (the diversity of data), velocity (the speed
at which data is generated) and issues around veracity (the variable data quality).
blockchain A form of distributed ledger that uses cryptographic techniques to confirm data entries and
create an immutable ledger.
bots Software robots.
Bradford Hill Criteria A framework for inferring a causal relationship between two variables.
business continuity plan (BCP) A plan comprising mitigating controls for significant risks that upon
occurrence could interrupt the business for an extended period of time.

GLOSSARY 471
business impact assessment (BIA) A process that establishes key objectives for disaster recovery.
business process management (BPM) A holistic discipline to optimise business activity flows in
support of enterprise goals, spanning application systems, human resources, customer relationships
and external business entities.
card-based payments Payments that involve a physical card, such as a credit or debit card, and a POS
terminal, where users need to insert or swipe their card.
cashless society A society in which the use of physical money would be eliminated.
causation The presence of a cause-and-effect relationship between two variables.
Central Bank Digital Currency (CBDC) scheme A (proposed) digital form of a country’s fiat
currency, which would be backed, regulated and administered by governments and work on either a
national or a supranational level.
centralised virtual currencies A virtual currency controlled by a single administrator (usually the
developer of the platform) who acts as the intermediary in transactions.
classification The predictive analytics process of determining what category or class a particular data
item should be labelled, which the target variable is categorical.
classifying ML ML that focuses on segmenting and clustering data in large data sets.
clustering An unsupervised learning technique that is used for automatic identification of natural
groupings of items in a data set.
cognisability (of money) See recognisability.
cognitive automation An approach to automation that creates new insights through data discovery that
combines internal and external data and then uses those insights in autonomous decision making.
cognitive bias When prejudice influences decisions or thinking, preventing clear, objective judgement.
cognitive ML ML focused on recognising and understanding text, speech, photos, audio and video in a
way that aims to mimic human thoughts.
collaborative filtering An unsupervised learning technique used in recommendation systems, which
aim to predict users’ interests and recommend items that would appeal to them.
collaborative networks Networks in which participants are interdependent, thus requiring a mutual
commitment to working with other members of the network.
collectively exhaustive A set of all possible events, such that an event outside that set cannot
possibly occur.
Common Reporting Standard (CRS) An OECD information standard for the automatic exchange of
information regarding financial accounts on a global level, between tax authorities, whose purpose is
to combat tax evasion.
competitive advantage The ability of a business to achieve better performance than its competitors and
defend that advantage over the long term.
compliance The process of ensuring adherence to all business rules, policies and guidelines that are
established internally or externally.
compliance framework A framework that sets out an organisation’s approach to managing its
compliance obligations and mitigating compliance risk, in order to achieve its compliance objectives.
conditional probability The likelihood of an event occurring based on the occurrence of another event.
confidentiality The quality of data and information that exists when the data is private and secure with
restricted view access.
consent The permission granted by the creator or owner of data, for it to be collected and used by an
entity for a particular purpose.
consortium blockchains A hybrid blockchain that combines the single highly trusted entity model of
private blockchains with the low-trust environment of public blockchains by giving pre-selected nodes
control of the consensus process.
continuous data Data with infinite possible values, corresponding to some continuous scale that does
not have gaps.
control documentation The design standard, operating standard and verification approach relating to
a control.
cooperative networks Networks in which participants share information and expertise, while remaining
independent; they interact only when necessary to harmonise efforts.
correlation The degree of relationship between two variables.
correlation coefficient, r A measure of the strength of a correlation.
corrective controls Controls implemented after a breach to minimise damage and restore normal
operation as soon as possible.

472 GLOSSARY
CPS 234 security standard An APRA standard that requires APRA-regulated entities to protect
information against security threats.
critical control A control that significantly reduces the impact or likelihood of a risk.
crowdlending See peer-to-peer lending.
cryptocurrencies A form of decentralised, fungible and convertible virtual currency secured using
strong cryptography, based on blockchain technology.
currency coins Cryptocurrency coins that have their own blockchain within which they function as
a currency.
cybersecurity The protection of data and ICT systems, and the response to attacks.
cybersecurity standards Published techniques or guidelines that guide the information security and
cybersecurity approach, and the processes needed to prevent or mitigate cyber threats.
dashboards A visualisation tool that combines multiple related visuals that update as the data changes.
data A fact or observation.
database management systems (DBMSs) Systems that integrate with data collection systems and
business applications, store the data in an organised way, and provide facilities for accessing and
managing that data.
data governance The oversight, authority, planning and development of policies, guidelines, procedures
and strategy for the access, protection and usage of data.
data-informed decision-making The practice of making decisions based on the actionable and verified
knowledge created through analytics.
data life cycle The existence of data from creation and initial storage to the time when it becomes
obsolete and is deleted.
data literacy The ability to read, work with, analyse and argue with data.
data literacy culture An organisational culture that embraces the use of data-informed decision-making
and fosters the growth of data literacy within an organisation.
data management The processes involved in creating, collecting, using, maintaining, protecting,
storing and controlling data.
data migration Moving data from one system to another system, usually involving improving the
quality of the data.
data mining The use of technologies that incorporate data science principles to produce information
from data.
data-oriented ecosystems The aspect of a digital ecosystem that provides organisations with data that is
relied on to understand customers and to make better decisions.
data ownership Who owns or is responsible for data and how they approach that responsibility.
data privacy Proper handling of personal data, principally in relation to consent, notice and regulatory
obligations.
data science A set of fundamental principles that guide the creation of knowledge from data.
data security How organisations protect their data, including technical safeguards that help ensure data
confidentiality, integrity and availability.
data strategy A strategy that comprehensively reflects the organisation’s data needs, aligned with
business strategy, and incorporating data requirements, analytics requirements, implementation,
communication, interpretation and application.
data-to-ink ratio A measure of how much of the content of a visualisation contains relevant
information.
data wrangling The process of putting data and data sets into a useable format, ensuring that
missing, inconsistent or anomalous values are detected and rectified to prevent corruption of the
analytics results.
decentralised finance (DeFi) The use of a distributed trust mechanism (such as blockchain) to eliminate
the need for central intermediaries in a finance system.
decentralised virtual currencies A virtual currency that uses cryptography to establish trust between
participants and thus eliminates the need for an intermediary.
decision tree Non-linear ML algorithms used for categorical or discrete values. They recursively divide
a training set of data until each division consists of examples from one class.
deep learning An ML approach in which artificial neural networks are used to mimic the complexity of
analysis performed in a human brain’s neural networks. Neural networks process data through a
layered structure of algorithms or decision points and thus a deep learning machine has a greater
capacity to evaluate multifaceted data than standard ML.

GLOSSARY 473
dependent event An event the probability of which is affected by previous events.
descriptive analytics Data analytics that summarise the results of past or current performance.
design standard In relation to a control, what needs to be in place or provided for the critical control to
be effective.
detective controls Controls designed to pick up when a cybersecurity breach is attempted or, if
successful, is underway so that a cybersecurity response can be made.
diagnostic analytics Data analytics that determine cause and effect.
digital currencies A currency that exists only as balances or records stored within databases.
digital ecosystem A dynamic integration of organisational departments, suppliers, tools, systems,
customers and external partners, brought together to increase data flow throughout an organisation and
drive business performance.
digital financial services (DFS) ecosystem The digitalisation of the financial industry; the digital
ecosystem comprised of financial services users, providers, infrastructure and governmental policies,
laws and regulations.
Digital Finance Cube A framework for exploring and analysing digital finance concepts through
interrelationships of digital finance business functions, digital finance technologies and technological
concepts, and digital finance institutions.
digital financing The use of alternative technology-mediated sources of financing.
digital literacy Possessing sufficient knowing about the applications, benefits, costs and limitations
of technologies to be able to assess their value to the organisation and support their effective
implementation.
digital mindset An attitude and set of behaviours that support the adoption of new technologies where
they can add value to business.
digital payment An exchange in which value is transferred electronically from one party to another.
digital roadmap A plan that guides an organisation’s digital transformation by identifying which digital
technology components are the best fit for their ecosystem.
digital transformation The process of moving analogue or traditional ‘non-digital’ technologies fully
into the digital space.
digital transformation strategy A strategy to adopt technologies in a viable, value-adding and
sustainable way to support business continuity and protect productivity and functionality.
digital trust A belief by consumers and other organisations that their digital practices are transparent,
honest, safe and reliable.
digital wallets Device-specific, platform-based, app-based or cryptocurrency based devices, software
or online services that a party can use to electronically transact with another party by means of
digital currency.
disaster recovery plan (DRP) A deliberate and documented approach that details how an organisation
can return to work after an unplanned outage or incident.
discrete data Data that has a distinct set of values, which can be counted and belong to a whole numbers
set (integers).
distributed applications (DApps) Applications that provide a web interface built over the top of one or
more underlying smart contracts.
divisibility (of money) The ability to be divided into small units.
domain knowledge Theoretical and practical knowledge that is specific to a business field, industry
or discipline.
donation-based crowdfunding A form of fundraising typically utilised by individuals or not-for-profits
to pool funding from the crowd in order to finance a project with a social purpose or cause, without the
expectation of having the funds returned.
durability (of money) The quality that money endures long enough to be utilised in any future
transactions.
edge computing The use of technology to move data storage and processing away from central servers
towards the end user, resulting in more efficient, reliable and faster data exchange.
electronic fund transfer (EFT) Payments that involve direct credit and debit transfers.
elementary event An event that consists of a set of one sole outcome.
e-money A regulated digital currency.
EMV A global standard for payments that deals with the authentication and security of chip-card
transactions.

474 GLOSSARY
enabling skills The broad and adaptable behavioural, data analysis and finance skills that employers are
seeking from employees to be effective in technology-disrupted workplaces.
Ethereum A blockchain designed for general purposes, including enabling the creation of
smart contracts.
Ethereum 2.0 The revised Ethereum platform that features various measures to improve
its performance.
event A set of one or more outcomes.
explanatory analysis In data visualisation, the use of analysis techniques to effectively communicate
findings to decision makers.
exploratory analysis In data visualisation, the broad and deep data analysis intended to find patterns
in data.
external data Data the organisation must obtain from outside, whether by purchasing access or setting
up systems to harvest the data.
financial instruments Monetary contracts that take place between parties.
financial product A facility through which a person makes a financial investment, manages financial
risk or makes non-cash payments. For the purposes of the Corporations Act 2001, financial products
would include securities, debentures, derivatives, bonds, and so on.
financial services Making a market for financial products, providing financial product advice, operating
a registered managed investment scheme, providing traditional trustee company services, or providing
a custodial or depository service.
financial services business A business offering financial services, required to hold an AFSL unless an
exemption applies.
FinTech 1.0 The first wave of the financial technology industry from 2010 to 2014, during which
financial technology businesses targeted areas that banks underserved or overlooked.
FinTech 2.0 The second wave of the financial technology industry, beginning in 2014, during which
financial technology businesses increasingly collaborate and cooperate with banks and financial
structures become increasingly open.
FinTech payments niche Companies that facilitate and/or support the transfer of money, particularly
non‐cash transactions.
FinTech solutions niche Companies that provide technology solutions to assist businesses and financial
institutions with financial services.
FinTech technology niche Companies that provide software and services to different financial services
subsectors.
functional strategy The organisational plan for each function, such as finance or manufacturing.
fungibility (of money) The uniform quality of an object that makes the object interchangeable and
indistinguishable, so that any one dollar is equal to any other dollar.
gap analysis A comparison of the current state and the desired state, to identify what must be done to
arrive at the desired state.
General Data Protection Regulation (GDPR) An EU regulation on data protection and privacy that
has extra-territorial effect if an entity processes the data of an EU data subject. It has become a
benchmark for organisations operating internationally.
Gestalt principles A set of principles that explain how people perceive the elements of a visualisation
and thus can be applied to create effective visualisations.
governance The process of setting and implementing clear business objectives, policies and standards
across the entire organisation and ensuring they are properly executed.
governance, risk management and compliance (GRC) framework A framework of strategy, process,
policy, technology and people that provides the structure and approach that management may use to
achieve their business goals.
hybrid blockchains A blockchain that combines the concepts of private and public blockchains in order
to benefit from key aspects of both concepts.
hybrid payments Payments that combine multiple payments technologies.
hybrid RPA A combination of unattended and attended RPA.
ICT infrastructure ecosystems The hardware and software services that capture, store and organise
data in a digital ecosystem.
impact The consequence of a risk event either in financial terms or in the context of other factors that
affect both business and society.

GLOSSARY 475
independent event An event the probability of which is unaffected by previous events.
Industry 4.0 The use of Network Age technologies in industry; in particular the combination of
analytics, artificial intelligence and automation technologies.
information The output of data analytics that has meaning and purpose relevant to an individual’s or
organisation’s needs.
information assets Any valuable information that the organisation owns or controls.
information security See data security.
information security management system (ISMS) A comprehensive system of policies, procedures
and additional controls involving people, processes, and technology to mitigate risk and thus protect
the confidentiality, integrity and availability of the organisation’s information.
informed consent Consent given by a person armed with sufficient knowledge of the risks and benefits
that arise from granting that permission.
initial coin offering (ICO) The cryptocurrency equivalent of an initial public offering.
initial DEX offering (IDO) An experimental fundraising mechanism within the crypto-based funding
space, in which a decentralised cryptocurrency exchange replaces the role of the single exchange in
an IEO.
initial exchange offering (IEO) A variation on the ICO, in which a cryptocurrency exchange acts as an
intermediary, and conducts and underwrites the sale.
innovation A change in the way technology is used.
integrity The quality of data and information that exists when the data is reliable, correct and restricts
edit access.
intelligent process automation A combination of RPA and AI that extends RPA capabilities to handle
unstructured data and complex processes.
internal data Data the organisation has already captured and stored through its existing processes.
interval data Similar to ordinal data, but with the additional property that the difference between any
two data values is measurable.
invoice crowdlending See invoice trading.
invoice factoring A contractual agreement with a third-party provider, which is responsible for
managing the entire sales ledger.
invoice finance A collective term for invoice factoring and invoice trading.
invoice trading Financing in which a business sells individual outstanding invoices through electronic
platforms in order to obtain working capital.
ISO 19600:2014 The ISO standard on compliance management systems.
ISO 27001 The ISO information security management standard.
ISO 27005 The ISO information security risk assessment standard.
ISO 31000 The ISO risk management standard.
key goal indicators (KGIs) Metrics that indicate the extent of achievement of key goals.
knowledge Created by integrating information with prior experience, skills and opinions.
large-value payment systems Payment systems that process large volumes of high-value critical
payments, principally interbank/inter-financial institutional transactions.
likelihood The chance (or probability) of a risk eventuating.
machine learning (ML) A type of AI in which the machine is able to learn from data to develop its own
algorithms and thus make predictions.
marketplace lending See peer-to-peer lending.
matching In an observational study, selecting subjects with similar characteristics other than the
independent variable.
measure of value The function (of money) of measuring the market value of goods, services and any
other transaction.
medium of exchange The function (of money) of intermediating the exchange of goods and services.
miners Nodes in a blockchain network that specialise in adding new data to the blockchain.
mitigate In relation to risk treatments, taking action to reduce the likelihood of an event occurring, but
not avoiding the risk.
money An item or a verifiable record that is accepted for payments and repayment within a specific
socio-economic context.
money supply The total of all the available financial instruments within an economy.
multiple regression In an observational study, a statistical technique used to account for the effect of
confounding variables on the dependent variable of interest.

476 GLOSSARY
mutually exclusive The situation in which a given set of outcomes or events cannot occur at the same
time. Outcomes are always mutually exclusive, whereas events may or may not be mutually exclusive.
natural language processing (NLP) A type of AI that applies computational linguistic techniques to
text to enable a machine to communicate with a human through natural language.
negative correlation A correlation in which when the value of one variable moves in a particular
direction, the value of the other variable moves in the opposite direction.
neobank An emerging bank start-up.
neobanking The sector created by emerging bank start-ups.
Network Age The current period of time, characterised by interconnectivity, enabled by the internet,
smart devices, mobile communications, and the rapidly diminishing cost of technology.
network effects Positive returns to scale; as network participant numbers grow, the value of
participating also grows.
New Payment Platform (NPP) An open-access, industry-wide infrastructure that enables near-real time
data-rich payments between accounts held in different institutions.
NFC payments The use of near-field contactless technology and a mobile wallet to enable payments
between smartphones and payment readers.
NIST Cybersecurity Framework (NIST CSF) A cybersecurity framework that serves as an industry
standard and represents best practice around cybersecurity risk.
nominal data Data that can be named, labelled, or categorised, but cannot be ordered.
non-programmed decision making Decision making in a unique situation where there is no prior
experience or pre-developed strategy to apply.
Notifiable Data Breach (NDB) Scheme An obligation under the Privacy Act that stipulates that
affected individuals, as well as the Data Commissioner, must be notified by way of a prepared
statement if a breach affecting personal data occurs.
objective probability A probability value calculated empirically (based on historical data or
measurements) or a priori (based on formal logic, reasoning and the known characteristics of events).
observational study Passive observation of the subjects to measure variables of interest and identify
patterns or relationships between them.
open accounting The sharing of accounting data with relevant stakeholders to increase its value as
a resource.
open banking An open marketplace for banking services, created through connectivity enabled by data
sharing, apps, APIs and analytics.
operating standard In relation to a control, the activities or tasks that occur to ensure that the control
operates as designed.
operational strategy How the business achieves its objectives through resources and processes.
optimising ML ML that focuses on applying algorithms to find the most efficient and effective outcome
for a process.
oracle A live-feed of data from external systems that are continuously monitored, treated as a source of
truth and are used to trigger execution of a smart contract when the defined conditions are met.
ordinal data Data with named categories that have a ranking system, and can be ordered.
organisational behaviour The shared goals, beliefs, values, expectations and the environment in which
the members of that organisation work.
organisational strategy The coordinated use of resources to achieve a set of organisational goals.
overfitting The situation that arises in AI in which algorithms become excessively complex and specific
in order to explain all variations that exist in the data, and thus do not necessarily translate to effective
analysis of other data.
outcome A single possible result of an experiment.
outlier A data point that is far away from the rest of the data.
partition A collection of outcome sets where the union of those outcome sets is collectively exhaustive
and each of the outcome sets is mutually exclusive.
paternalistic approach A regulatory approach that shifts the responsibility from the customer to the
industry, to ensure that organisations take steps to look after their customers, as opposed to requiring
the customer to understand complex disclosure documents and policies.
payment A mutually agreed transfer of funds, assets or goods, or services, in exchange for another form
of funds, assets or goods, or services.
Payment Card Industry Data Security Standard (PCI DSS) A guide to maintaining a secure
environment for all organisations that accept, process, store or transmit credit card information.

GLOSSARY 477
payment gateways Services that enable digital payments by transmitting customer transaction
information to the business’s merchant account, where funds are held until the transaction is cleared.
Once the transaction is settled, the bank releases the funds to the business’s bank account.
payment service provider (PSP) A third-party payment processing company that provides merchants
with everything they need to access digital payments, including usually a merchant account and a
payment gateway.
peer-to-peer invoice finance See invoice trading.
peer-to-peer (P2P) lending The model of lending in which individual lenders provide loans to
individual borrowers such as consumers or businesses, often via an electronic platform.
permissioned blockchains Blockchains that have a control layer that grants access to accepted users.
permissioned ledger A distributed ledger with a defined set of owners.
permissionless blockchains Decentralised public blockchains that have no central authority.
permissionless ledger A distributed ledger without a specific owner.
personal data See personally identifiable information.
personally identifiable information (PII) Information that can be used to identify an individual, either
directly, such as name, or in combination with other data.
PESTLE An external analysis based on examination of political, economic, social, technological, legal
and environmental factors.
physical assets Infrastructure, devices and other hard assets used in an organisation’s data and
information system.
portability (of money) The ability to handle and deal in money in small quantities that can be
exchanged or transferred in value.
portfolio lending See balance sheet lending.
positive correlation A correlation in which when the value of one variable moves in a particular
direction, the value of the other variable moves in the same direction.
pre-attentive attributes The aspects of a visualisation that people notice first.
predictive analytics Data analytics that forecast or estimate future performance.
predictive ML ML that characterises and analyses historical and recent data to predict an accurate
future outcome.
prescriptive analytics Data analytics that determine a course of action.
preventative controls Controls intended to stop cybersecurity incidents happening in the first place.
privacy coins Altcoins that facilitate fully anonymous monetary or information transactions
between users.
private blockchains A blockchain in which participation is by invitation and is either validated by the
initiator of the network or by predefined rules.
private permissioned blockchain A permissioned blockchain in which the control layer governs
transactions performed by the participants of the network.
probability The chance or likelihood that a particular event will occur.
programmed decision-making The use of guidelines or policies that allow managers to make
streamlined, timely and consistent decisions.
proof of stake A consensus mechanism based on collaborating nodes used by some blockchains.
proof of work A consensus mechanism based on competing nodes used by some blockchains.
property-based crowdfunding An entrepreneur or a property developer (seeker of funding) pooling
together funds from investors (providers of funding who are not ordinarily large-scale investors in
these cases) to pay crowdfunding mortgages, which are secured on specific properties, or to finance
property development.
public blockchain A blockchain in which every user is allowed to interact with the network by
submitting transactions and hence adding entries to the ledger.
public permissioned blockchain A permissioned blockchain in which the control layer does not
interfere with the blockchain decentralisation or authority.
qualitative analysis The use of critical thinking and subjective interpretation of unstructured
qualitative data.
quantitative analysis The use of mathematical and statistical techniques to analyse numerical data.
qualitative data Data distinguished by non-numeric characteristics.
quantitative data Numerical data distinguished by numeric characters that represent counts or
measurements.

478 GLOSSARY
random experiments An approach to proving causation by assigning a test subject randomly to either a
treatment group (affected by the hypothesised causal factor) or a control group (not affected by the
hypothesised causal factor) and then conducting trials.
ratio data Interval data that includes a natural zero starting point.
real estate crowdfunding See property-based crowdfunding.
recognisability (of money) The quality that the value of money is easy to identify so all parties to a
transaction can verify and accept the authenticity and value of the money.
regression The predictive analytics process of determining a target variable which is continuous.
Regression identifies which variables have an impact on an outcome of interest.
regulatory technology (RegTech) The use of technology to improve regulatory processes including
regulatory monitoring, compliance and reporting.
Reserve Bank of Australia (RBA) Australia’s central bank and co-regulator of the financial system.
restricted authorised deposit-taking institution (ADI) licence An APRA licence for neobanks.
retail payment systems Payment systems that settle obligations involved in the routine purchasing and
selling of goods and services.
reward-based crowdfunding Entrepreneurs incentivise financial donations in return for a service
or product.
risk The effect of uncertainty on objectives.
risk appetite The types of risks that are acceptable to the organisation to pursue, thus determining what
new products, customers, and markets should be targeted.
risk appetite statement A documented record of the organisation’s risk appetite, used to inform risk
management throughout the organisation.
risk criteria The criteria against which all risks are measured and evaluated, primarily in the risk
analysis and risk treatment steps of the risk management process.
risk management The process of mitigating and managing business-related risks and uncertainty
through establishing control mechanisms throughout the organisational environment, and the
processes required to meet the business objectives and governance requirements.
risk management function The business function with responsibility for the delivery of efficient and
effective risk management.
risk owner A person or group who is assigned the responsibility for a particular risk within the risk
management framework.
risk profile A written description of the organisation’s risks.
risk register A risk management tool to record details for identified risk, including risk ratings, nature
of the risk, owner, manager, and mitigation measures.
risk retention The decision to accept a risk.
risk tolerance The amount of risk a business will assume in order to achieve its financial goals.
risk treatment The action taken to modify the identified risk to a level the organisation considers
acceptable.
risk triggers Defined events, changes or analysis outcomes that may affect a risk or indicate a potential
change in a risk and thus require re-evaluation of the risk management approach.
robotic process automation (RPA) Software robots that automate simple-to-medium complexity tasks
and processes by applying a set of rules known as an algorithm.
scarcity (of money) The supply of money in circulation cannot be unlimited.
security controls Controls focused on securing information assets and related physical assets in order to
protect the organisation’s data.
security token offering (STO) Similar to an ICO, but ownership of the token is tracked against a
real-world asset, such as shares, and thus STOs are perceived as security offerings.
security tokens Tokens that represent a stake in a real-world asset.
semi-structured data Data that does not conform to a tabular format like structured data, but does
contain tags, markers or metadata that facilitate processing.
semi-supervised learning An approach to ML in which the machine is provided with some labelled
data but mainly unlabelled data. The labelled data is used to partially train the algorithm, then some of
the unlabelled data is fed to the partially trained machine.
sensitive company data Information relating to a company’s trade secrets, acquisition plans, financial
data, and supplier and customer information.

GLOSSARY 479
sensitive personal data Information relating to a person’s racial or ethnic origin, religious or political
beliefs, health, social relationships, employment, financial situation, sexual orientation, gender, and
so on.
smart contracts Transactions that self-execute based on a set of programmed conditions, usually hosted
on the Ethereum blockchain.
software ecosystems The aspect of a digital ecosystem created by the interaction of businesses via a
common technological platform to produce software and services.
spurious association When there is a correlation between two variables, but no causation exists.
stability (of money) The ability to sustain value over time so as to be used for transactions and avoid
transaction costs.
stablecoin A cryptocurrency coin pegged to a ‘real-world’ asset or benchmark in order to achieve a
relatively stable value.
standard of deferred payment The function (of money) of operating as a standard of deferred payment.
statement of applicability (SOA) A document that sets out the controls chosen in response to the risks
identified. It provides a link between the risk assessment and risk treatment stages of risk management
and is a core element of ISO/IEC 27001.
statistical inference Using a sample of data to reach conclusions about the population from which the
sample is drawn.
statistics The discipline that concerns the collection, organisation, analysis, interpretation and
presentation of data.
store of value The function (of money) as an asset bearing a relatively stable sustaining value.
strategic management The process of formulating and implementing strategies to accomplish
long-term goals and sustain competitive advantage.
strong AI Any AI instance that can exhibit natural intelligence (does not yet exist).
structured data Data that adheres to a pre-defined model, which makes it straightforward to analyse. In
a database, it conforms to a tabular format with a clear relationship between the rows and columns.
subjective probability A probability value derived from intuition and experience.
supervised learning An approach to ML in which the machine is provided with input data and the
corresponding output data so it can learn the algorithm itself and, thereby, generate valid output data
for new input data.
support vector machine (SVM) A type of algorithm used in ML for both classification and regression.
systems development life cycle (SDLC) A multiple-stage approach to developing high-quality systems
from planning and analysis through support and maintenance.
technology Any process by which a company transforms information and data, human labour or
economic capital, into products or services of greater value.
tokens Representations on a blockchain network of a real-world asset or entitlement to products or
services associated with the token.
total probability A calculation of the probability of an event from a set of conditional probabilities.
transfer In relation to risk treatments, shifting a risk to a third party, usually in the form of insurance or
outsourcing.
transient advantage The ability of a business to temporarily achieve better performance than its
competitors, but the inability to sustain the advantage, as competitors can quickly copy or improve on
the source of the advantage.
transparency Openness about the methods used for analysis and use of the data, both to the creators and
to other practitioners.
transparent AI An approach to AI that enables humans to understand how the machine reached
its conclusions.
unattended RPA RPA in which the bot interacts directly with computer systems to perform a business
process from start to finish without human involvement.
unconditional probability A probability calculation that ignores information regarding any historical or
external events.
unit of account See measure of value.
unstructured data Data that does not conform to a predefined structure and is not organised in a
predictable manner.
unsupervised learning An approach to ML in which the machine is provided with a complex set of
input data with no corresponding output data; the machine identifies the relationships in the data to
provide valuable insights for decision makers.

480 GLOSSARY
utility tokens Tokens for accessing dedicated products and/or services associated with the token.
value driver Anything that can be done to increase value.
verification approach In relation to a control, the method and strategy to obtain assurance on the
control health, utilising various methods as evidence.
virtual currency An unregulated digital currency.
weak AI Any AI instance that can perform a single task effectively.
wisdom The ability to use knowledge to make decisions and act on them.

GLOSSARY 481
SUGGESTED ANSWERS
MODULE 1
QUESTION 1.1
Changes span both the digital ecosystem (hardware) and applications (software).
The digital ecosystem has changed with the introduction and development of the internet, mobile
communications and smart devices.
Things are changing with the use of automation, analytics, artificial intelligence and machine learning.
New applications are possible because of faster computers and networked access to huge quantities of data.
Where the digital ecosystem and new applications overlap, organisations can use new technologies
to re-shape the finance function, specifically to provide personalisation of services and better business
intelligence.
These technologies are changing the tasks finance teams are working on because data is increasingly
an asset they need to protect and ensure systems incorporate the necessary controls to protect the data’s
integrity. This covers both financial and non-financial data.
Accountants should no longer be performing tasks that can be automated; their role is no longer about
the collection or calculation of financial data, but interpretation of both financial and operational data to
form strategic insights. For this they need to develop a digital mindset (including digital literacy).

QUESTION 1.2
Digital payments (also known as electronic payments or e-payments) refer to any payments that are
initiated, processed or received electronically. Our ability to make digital payments depends on a suitable
digital ecosystem, comprising suitable internet connections, mobile communications and smart devices.
Digital payments are arguably the oldest form of FinTech. Well-established technologies such as
EFTPOS, credit cards and direct payments through online banking are now common practice. We also
have new forms of digital payments such as digital wallets on smart devices.
As fewer people carry cash, offering digital payments has become a fundamental requirement of doing
business. This has accelerated in the pandemic environment, which created the need to avoid physical
contact while exchanging money.
Using digital payments also provides better integration with data collection and analytics systems. This,
in turn, provides organisations with comparative advantages from their business intelligence systems.

QUESTION 1.3
Structure innovations focus on organising company resources in unique ways that create value and can
be difficult for other companies to replicate — for example, changing to a flat management structure to
shorten communication lines from workers to senior management. This is usually done to help identify
ways in which the organisation can cut costs or improve efficiency.
Process innovations involve the activities and operations that produce a business’s primary offer-
ings. During 2020 many organisations were forced to develop online products and services; although
few changes were unique they were necessary to allow the organisation to continue operating in a
pandemic environment.

QUESTION 1.4
Service Channel Brand Customer engagement

• Make a product easier • This is the ways a • Ensure that customers • Uses insights into
to try, use and enjoy. company’s offerings recognise, remember customer aspirations
• Reveal features and connect with and prefer a to develop meaningful
functionality customers customers and users. company’s offerings connections between
might otherwise over those of them and the
overlook. competitors. business.

(continued)
Pdf_Folio:483

SUGGESTED ANSWERS 483

 (continued)
Service Channel Brand Customer engagement

• Service innovations are • Both physical stores • Uses communications, • This is increasingly
increasingly delivered and online ecommerce advertising, service taking place in the
through electronic are channels. interactions, channel social media space.
interfaces, remote environments, and
communications and employee and
automated technologies. business partner
conduct.

QUESTION 1.5
FinTech 1.0 describes the first wave of FinTech developments. FinTech 1.0 start-ups fell into three
categories:
1. those that focused on payment processing
2. those that generated new lending models using peer-to-peer structures
3. those that helped banks through personal financial management and risk modelling tools.
FinTech 2.0 is characterised by:
• increasing collaboration and cooperation between banks and the FinTech companies
• a trend towards open financial structures.
In the context of FinTech 2.0, banks remain the cornerstone on which economies are built and are likely
to continue to play a central role, with much of their innovation driven by integrating FinTech companies’
technologies instead of competing with them.
Digital disruption no longer threatens traditional banks’ existence but is increasingly influencing how
banks do business. Banks must comply with open banking regulations, which will make it easier for
customers to change banks or selectively choose different institutions for specific financial services, but
banks still retain the advantages of their economies of scale and economies of scope.

QUESTION 1.6
When considering failure, it is important to separate causes from symptoms. With digital implementation,
the failure of projects is still possible even when they are running on time and within budget. Projects
can still fail because they do not provide the outcome the end user expects. This is a symptom of failure
and, although it is a problem, to reduce the risk of it occurring again we need to consider the cause of
this failure.
Inadequate resources, overly aggressive timelines, underestimated costs, overlooked requirements,
unanticipated complications, poor governance and human mistakes such as bad code can all lead
to project failure.
The main cause of failure in digital implementation is a lack of clearly defined and/or achievable
milestones and objectives to measure progress. The second most common cause is poor communi-
cation, followed by even a lack of communication by senior management, employee resistance and
insufficient funding.

QUESTION 1.7
Adoption of Airwallex services would remove the need for an organisation’s accountants to perform a
range of basic bookkeeping tasks and foreign currency translations. Integrated invoicing, payroll and
payments would automate transaction processing and accounting data collection. Forex translation across
all of those accounts would remove the need for separate calculations. The fees charged on forex
transactions would also be much lower than those charged by traditional providers.
The trade-off for all these benefits to the accountant, is that they would now need to provide oversight
and advice on integrating Airwallex into the organisation’s existing systems. This would include identify-
ing all the benefits and risks of the technology and ensuring sound controls were in place to prevent abuse of
the system. Once this is successfully implemented, however, accountants can focus on more value-adding
work such as interpreting data and identifying strategic insights.

Pdf_Folio:484

484 SUGGESTED ANSWERS

QUESTION 1.8
• Public relation value versus real results. Some organisations exhibit ‘innovation theatre’, when in reality
they are not internalising or acting on the innovation mindset.
• Hampered by heritage. Legacy infrastructure blocks change.
• No real sense of urgency. Successful businesses fail to perceive a need to change.
• Cannibalisation of existing revenue streams. Many organisations and their stakeholders resist innova-
tions that risk or harm established revenue. This results in a focus on short-term results rather than
long-term sustainable performance.
• A lack of experienced innovators. The hierarchical nature of many businesses tends prevent an innovation
culture from being established.
• A culture clash. Many companies have a culture that emphasises risk minimisation, which directly
conflicts with the pursuit of change.
• A lack of ownership and sponsorship. The leaders often resist engaging with technology they do not
understand. A lack of support at the top of the organisation makes it almost impossible to pursue
innovation.
• ‘Compartmentalised’ innovation. Innovation takes place around the periphery in departmental compart-
ments but is never internalised across the enterprise.
• Governance. Regulatory requirements tend to constrain innovation and thus discourage organisations
from exploring different ways of conducting their business.
• Who else is doing this? Many organisations prefer to adopt and maintain industry-wide approaches. In
essence, ‘If no one else is doing it, then we’re not either’.

QUESTION 1.9
The CFO is central to organisational change in allocating resources, providing access to financial data and
applying performance metrics across the organisation. Although accountants have traditionally been the
main data analysts in organisations, they need to be proactive in expanding their role beyond the collection
and management of financial data.
Management accountants are better placed to be involved in digital transformation implementation as
they traditionally work on performance evaluation and are more familiar with handling non-financial
information. They can provide leadership and establish clear measurable goals by which the success or
failure can be determined.
The risk, for the management accountant, is that although they already use some non-financial data, they
may make the mistake of thinking that is sufficient when the digital transformation will produce a great
deal more data.
Overall, there is a potential problem as the CFO has the most say in whether the transformation project
is funded and goes ahead, while the management accountant has the most to gain from involvement in the
project and use of the new data generated. Better alignment between influence and benefits would increase
the chance of the project being successful.

QUESTION 1.10
Accounting and finance professionals have four broad roles they can adopt in supporting digital
transformation.
1. Connector. They work on redesigning operating models around the digital transformation, ensure
connections are made between front- and back-office roles, and try to make user experience as seamless
as possible.
2. Digital transformation leader. They work on reducing friction between existing staff and departments
as the digital transformation changes the workplace, they ensure that new data generated is supplied to
all who need access, and assist staff in making the most use of that data in the creation of actionable
business intelligence.
3. Insights generator. They move from reporting on past events to using the rich data sources to create
predictive insights.
4. New talent nurturer. They may develop expertise in data science or use their collaboration and
communication skills to build teams who can make full use of the data.

Pdf_Folio:485

SUGGESTED ANSWERS 485

MODULE 2
QUESTION 2.1
Points-based rewards are unidirectional virtual currency, which can be spent on goods and services (such
as redemption as airline tickets).
As points collected do not have an attributed cash value, customers’ account balances can be potentially
devalued or eliminated by significant changes to the volume of outstanding points. This happens either
because the airline needs to devalue the points to keep the scheme profitable or because it becomes too
difficult for users to redeem the points for their preferred flights.
As reward flights become harder to book, or events such as a pandemic limit air travel, airlines need to
compensate by providing other ways to earn and use points, but must do so in a way that remains fair.
In contrast some airlines, such as Air New Zealand, do give their points an attributed cash value:
1 Airpoint = 1 NZD. They also allow limited opportunities for straight cash purchases in conventional
retail (Air New Zealand Airpoints can be used instead of cash at New Zealand’s Mitre 10 hardware stores,
with a minimum $75 spend). These initiatives would have to be discontinued if Air New Zealand tried to
devalue its Airpoints.

QUESTION 2.2
Advantages Disadvantages/Challenges

• Reduced crime as there is no physical money • As currency becomes data, cybersecurity becomes
to steal a threat
• Reduced money laundering as cashless • Privacy is compromised as cashless transactions
transactions are traceable and the parties are usually are traceable and the parties are usually identifiable
identifiable • Reliance on availability and scalability of technology
• More cost-effective, as there is no need to print, to enable transactions
handle or store physical money • Reliance on interoperability of systems (including
• Foreign exchange transactions will be seamless as establishment of standards)
they will not need to involve handling of cash • Fees charged by payment service providers,
particularly if one or a few become dominant
• Potential exclusion of those with limited access to
technology or skill with technology

Source: CPA Australia 2021.

While it may appear that the disadvantages outweigh the advantages, note that most of the disadvantages
are technical and in time should become much less of an issue as technical solutions are developed. The use
of contactless payments has been encouraged, and in some cases required, in the pandemic environment
as businesses try to minimise all physical contact between staff and customers.

QUESTION 2.3
Pros of going cashless for small retail businesses are as follows.
1. Save time and money. Reduce the time spent on cash management.
2. Increase checkout efficiency. Speed can attract more customers to make a purchase.
3. Decrease risk. There is less cash at the register.
4. Improve accounting. Track every transaction, lead to more accurate accounting.
Cons of going cashless for small retail businesses are as follows.
1. Credit card fees. May be a burden on their books since their profit margin may not be very high.
2. Loss of customers. Some customers either don’t know how to use digital payments or simply prefer
using cash.
3. Costly. The required technology might be expensive for a small retail business.
A small retail business needs to consider whether they really want to take the lead in making this change,
especially if society is not yet ready.
It would be easier and more cost-effective to wait for large retail to go cashless as they can drive social
changes more efficiently.
A counter-argument is that a small business may want to make a point of going cashless as a way of
signalling how they are forward thinking or concerned for their customers due to a pandemic, and want to
reduce physical contact and the risk of disease transfer through physical currency.
Pdf_Folio:486

486 SUGGESTED ANSWERS

QUESTION 2.4
Distributed ledger technology (DLT) involves the use of blockchains to store data. Once data has been
added to a blockchain it is very difficult to change, so is regarded as essentially unalterable.
Most well-known applications of DTL use permissionless ledgers, where anyone with access to
suitable technology can access and add to the blockchain. No single entity owns or has control over the
content added to the blockchain. Most cryptocurrencies follow this approach.
Permissioned ledgers are limited to set, authorised, owners who have access to the ledger and can add
to the blockchain. Permissioned ledgers may allow the general public to view the content, but no more
than that.
Permissioned ledgers tend to be smaller and therefore more scalable and operate faster. By design they
are more centralised than permissionless ledgers, which means it is much more important for full access
to be given only to trusted parties.
Permissioned ledgers are currently only suitable for large enterprises, most current use is with banks,
large retail chains, shipping and logistics companies and some telecommunications companies.

QUESTION 2.5
Smart contracts are transactions that self-execute based on a set of programmed conditions.
Two of the main advantages of smart contracts are speed and reduced risk. Traditional reliance on
physical documents leads to delays, inefficiencies and increased exposure to errors and fraud. For example,
for insurance, use of smart contracts can result in cost savings through automation and reduced processing
costs in claims handling.
Broadly speaking the potential advantages in the use of smart contracts in financial services are in three
key areas: risk reduction, cost savings and enhanced efficiencies.
The limitation of smart contracts is that they only work in situations where events have clearly occurred,
real contracts are often subject to disagreements about whether the contractual terms have been satisfied
and require independent judgement or arbitration.

QUESTION 2.6
As permissionless ledgers are immutable, errors such as a financial transaction to an incorrect account
cannot be revoked, modified or cancelled. This is fundamentally different to standard accounting practices
where incorrect transactions are easily reversed. With blockchain assets like cryptocurrencies there is no
way to force a reversal and there is no central authority to appeal to and request a reversal.
The closest to reversing a transaction on the blockchain is to create a side-chain from a point before the
offending transaction. Although very rare this has occurred in special cases, and even then some users of
the ledger decided to keep using the original chain, which is not deleted, because they did not believe the
justification for creating the new side-ledger was strong enough.
As long as the data stored is correct then the inability to change it is valuable, but when there are
problems with the data, the immutability removes any ability to correct it short of having every copy of the
blockchain deleted.

QUESTION 2.7
There is a misperception that cryptocurrencies are a black box, which makes them popular for illegal
activity and tax avoidance. However, most cryptocurrencies use public blockchains, so transaction histories
can still be traced. While there is certainly no KYC within the blockchain, whenever there is a transfer
between traditional currency and cryptocurrency there is a possibility of linking the KYC of a participating
bank or cryptocurrency exchange to the corresponding blockchain address. This depends on the bank or
exchange being KYC compliant and willing to work with government authorities on tracking activity
within the blockchain.
Cryptocurrency miners based in countries with active law enforcement tracking of cryptocurrencies have
even been reported as only including transactions in a mined block if connected to known, legitimate, users.
So even though many accounts remain anonymous it will become harder for those accounts to transact or
to transfer the funds into traditional currencies.
However, some cryptocurrencies are under development where it will not be possible to trace a chain of
transactions. With these any form of KYC will be difficult or impossible to impose.
Pdf_Folio:487

SUGGESTED ANSWERS 487

QUESTION 2.8
Stablecoins were designed as an alternative to the main cryptocurrencies, Bitcoin and Ether, as those had
highly volatile values and were not working well as currencies. Specifically, the volatility of Bitcoin and
Ether meant they were not suitable as a medium of exchange or store of value, even if some users were
still using it that way.
By being linked to reserve assets stablecoins should maintain a much more stable value and therefore be
more suitable as a medium of exchange or store of value. The problem, however, is that stablecoins have not
managed to gain widespread acceptance and use, which undermines their claim to have the characteristics
of a currency.
If the value of Bitcoin or Ether became less volatile, people holding it may be expected to start using it
for exchange, but for now that remains highly uncertain.

QUESTION 2.9
Decentralised finance (DeFi), removes intermediaries and enables both parties in a transaction to exercise
direct control over the source and use of funds.
Advantages are an increase in market efficiency, lower costs and privacy in transactions. Disadvantages
include the risk of cyber-attack, no real protection against harm, loss of funds or other malicious attacks.
DeFi remains in the early stages of development and adoption. This also means that the regulatory
response to DeFi is yet to be declared. One of the advantages of centralised financial systems is that
it provides clear targets for regulators. If DeFi lowers the barriers to entry in financial services, then
we should expect regulatory action to ensure new financial service providers offer reasonable protection
to customers.

QUESTION 2.10
Virtual currencies provide online payments, usually restricted to a specific application or platform.
Virtual currencies are common in online games and are used in reward schemes such as airline frequent
flyer points.
Cryptocurrencies are a much more complex form of virtual currency where distributed ledger technology
and cryptographic processes are used to control the creation and ownership of cryptocurrency tokens.
As no central authority can increase the number of cryptocurrency tokens beyond the rate set when the
blockchain was launched, inflation is limited. In contrast, if an airline decided to revalue its frequent flyer
points, or to cancel the system, there is little that the owners of those points could do to stop it.

QUESTION 2.11
The main reasons for a move away from traditional sources of finance (e.g. banks, stock market,
venture capital) to new alternative sources (e.g. equity crowdfunding, peer-to-peer lending, crypto) are
a combination of new enabling technology and regulatory changes.
The main enabling technology has been the development of more advanced internet-based systems
that allow two-way interaction between customer and platform. This allows financial firms to interact
with clients online and removes the barrier to entry of needing a branch network to contact and interact
with clients.
The technology would not have made anywhere as much of a difference if financial regulations had not
been relaxed to allow new financial business models to develop.

QUESTION 2.12
Traditional invoice finance models used factoring, where the financier took over collection of the selling
company’s accounts receivable. This is a model with significant economies of scale and specialisation, so
selling companies needed to be large and preferably have large individual accounts to sell.
With the advances in the internet, cloud-based accounting and platform financial models, it became
possible to apply crowdfunding principles to invoice finance and eliminate most of the economies of scale.
Risk was managed, either by spreading it over many investors (a form of crowdfunding) or providing
the financier with detailed access to the cloud-based accounting records. Costs were reduced by allowing
the selling firm to retain cash collection responsibilities.
Pdf_Folio:488

488 SUGGESTED ANSWERS

QUESTION 2.13
• A predetermined set of terms — how much equity will be sold, share price, voting rights, other rewards
for investors.
• Fees paid to the online platform.
• A range of potential investors; venture does not need to depend on only a few wealthier investors.
• Key information and accurate data readily available for investors to review, ideally along with relevant
marketing materials.
• Online platform will conduct the necessary due diligence, but potential investors also have the right to
conduct their own due diligence.
• Legal costs factored in, in order to manage and comply with all the associated legal aspects.

QUESTION 2.14
An initial coin offering (ICO) is the sale of crypto tokens to investors. ICOs enable firms to raise substantial
funds quickly and cost-effectively at a very early stage of the business’s development. Unlike other forms
of raising funds early in a firm’s life, these tokens can be utility or access tokens, so their sale does not
involve the sale of equity or taking on debt. They do not dilute ownership or control over the business.
Nevertheless, the tokens can have investment characteristics for the purchaser as many, but not all, of the
coins issued are tradable on cryptocurrency exchanges; therefore, it is possible for the investor to realise
gains through any increase in the token value.
Obstacles to using an ICO mainly relate to the fact that this is a new and largely unregulated market, so
many investors will not yet feel comfortable participating in the market or have the technological know-
how to store and trade tokens.
The relatively unregulated nature of the ICO, and crypto markets in general, also means that many
fraudulent ICOs have taken place with tokens quickly losing all value.

QUESTION 2.15
RegTech is more than just a subset of FinTech companies working on regulation problems. RegTech
promotes a fundamentally different approach to financial regulation, one based on a data-driven and data-
led mindset in the key areas of regulatory monitoring, reporting and compliance.
Instead of seeing FinTech companies as operating on the border of existing financial regulation, at times
in an apparently unregulated environment because regulation has yet to catch up with new developments
in FinTech. Changing to a data-driven regulatory system will make regulation central to all FinTech
companies. This is because data generation is a fundamental characteristic of all FinTech companies and
regulation just becomes another way in which the data can be used.

MODULE 3
QUESTION 3.1
Robotic process automation (RPA) is based on a series of predetermined steps (an algorithm). The
requirement for the steps to be predefined limits the scope of RPA applications, as does its reliance on
structured data.
Artificial intelligence (AI) mimics human thought through the use of algorithms developed by machine
and deep learning. Therefore, AI can be used to enhance RPA and extend RPA’s uses or the extent
of the process to which it can be applied. For example, AI can be used to examine unstructured data
(speech, handwritten or free text) and identify the structured data required by an RPA application. In this
application the addition of AI to RPA removes the need for manual data entry and therefore speeds up the
process. However, before this can happen there will need to be a time investment to develop the machine
learning algorithms.

Pdf_Folio:489

SUGGESTED ANSWERS 489

QUESTION 3.2
Visual tasks and linguistic tasks are both examples of using technology to analyse unstructured data. Both
are mainly used for concurrent data collection or classification work. Prediction tasks take the analysis a
step further by attempting to create a prediction of the future that can be used in current decision making.
Visual tasks involve the analysis of unstructured data from a saved image file or a live camera feed. For
example, using cameras to record movements in inventory items.
Linguistic tasks involve the analysis of unstructured data from saved text files, recordings or live voice
sources. Analysis follows identification of keywords or creation of a full transcript of a conversation. For
example, chatbots detecting vocal biomarkers to interpret a customer’s mood or emotional state, allowing
a more empathetic response to their query.
Prediction tasks make use of both structured and unstructured data to make a prediction that will affect a
choice being made. A common example is the use of recommendation engines in online shopping, where
future purchases are recommended based on a shopper’s recent purchase and search histories.

QUESTION 3.3
A balanced scorecard is a strategic and operational assessment tool that, in the case of automation, can be
used to assess both the applicability of automation and, once implemented, its performance. The balanced
score card approach uses a range of both financial and non-financial measures to assess performance
against organisational goals. For example, the organisational goal may be to improve customer satisfaction
and automation may have been selected as a means to achieve this. With a balanced scorecard approach,
measures will be selected to assess whether automation has contributed to this goal.
A small number of financial and non-financial measures (across categories including customer advocacy,
productivity, people, flexibility, scalability and controls) and their targets will be devised. Generally, targets
will be based on pre-automation performance. Assuming customer complaints are a proxy for customer
satisfaction, measures could include:
• cost of the customer complaints department
• number of complaints received
• average time taken to resolve a customer complaint
• ‘likes’ received by the customer complaints department
• average wait times for complaints calls to be answered
• staff turnover in the complaints department
• percentage of complaints that are escalated to a supervisor.
By comparing actual performance across the measures with the targets, the benefits of the automation
can be assessed.
With a change to any system, it is important to make sure that the benefits outweigh the costs and not
just in the short term or in the immediate area of the business where the automation was implemented.
Some costs and benefits may take time to appear, they may appear in another part of the business or for
stakeholders not originally considered. A balanced scorecard needs to be devised with these things in mind
so that a true and complete assessment of the automation’s contribution to the organisation is made.

QUESTION 3.4
Unattended RPA performs a business process from start to finish without human involvement while
attended RPA runs on the user’s computer and is triggered by the user as required.
The two main factors to consider when choosing between the two include:
• nature of the task
• type of data being processed.
Unattended RPA can be used for tasks that are triggered be events such as input of data, input from
another bot or a time-based schedule. Tasks that are ad hoc, require human activation or human intervention
are suited to attended RPA. Unattended RPA is suitable for tasks that are highly structured and reasonably
straightforward, while attended RPA is suitable for tasks that are complex or highly varied.
Unattended RPA requires high-quality structured data. Issues with missing or non-compliant data may
cause a bot to pause the process while it waits for input from a human.

Pdf_Folio:490

490 SUGGESTED ANSWERS

QUESTION 3.5
There are five common questions that can be used as a checklist to decide whether a process is suitable
for automation.
1. Check that appropriate algorithms, to perform the work, are available or can be developed. Generally,
a process needs to have complete and accurate documentation that can be converted into an agreed set
of steps and rules.
2. Check the quality and format of available data. Automated requires high-quality structured data.
3. Check the organisation has the necessary infrastructure to support the data and automation technologies.
4. Check that there is sufficient commitment to the project across the organisation.
5. Check that staff have the skills to plan and implement automation, and to work differently in the
transformed organisation, or that training and recruitment strategies can fill any shortcomings.

QUESTION 3.6
Both weak and strong AI are designed to replicate human decision making, but they differ in the range of
situations where they can do so.
Weak AI can manage a single simple task effectively and can mimic human behaviour within a
narrow context.
Strong AI displays natural intelligence — the ability to process and respond to information as a human
would respond. This remains a rare form of AI.
Due to the rarity of strong AI, most examples of AI found in Australian businesses are weak AI.

QUESTION 3.7
When adopting AI technology, organisations are likely to face the following risks:
• poor decisions being made based on the outputs of flawed models, including investment, recruitment,
lending and forecasting decisions
• legal repercussions from poor data security from discriminatory practices that result from flawed models
• inability to substantiate the output from black-box models
• reputational damage from any of the previously listed risks.

QUESTION 3.8
The key parts of an effective AI strategy are data, technologies and algorithms, infrastructure, organisation
and skills. Successful AI strategies are derived from and supportive of an organisation’s wider business
strategy. Therefore, an AI strategy should not be developed in isolation but rather enable and support the
wider business goals through the use of technology.
Each company’s AI strategy will be unique to its needs. The following process will ensure an AI strategy
that is fit for purpose is created and AI applications that add value are developed.

Step 1: Define the Organisational Purpose

An effective AI strategy is built around a clear vision and mission statement. Review these to get a clear
sense of the organisation’s purpose.

Step 2: Understand the Strategic Priorities

By understanding what drives business value and translating that into the business strategy, the AI strategy
can focus on solutions that deliver on key elements of that business strategy. Review the organisation’s
strategic priorities to get a clear sense of where the organisation’s priorities lie or what the activities that
the business is seeking to derive value from are.

Step 3: Identify the Opportunity

It is important to design and execute an AI strategy that is directly related to the key problems or
opportunities in the organisation. Look for areas where there are problems that AI can alleviate or
opportunities that AI can support.

Step 4: Define Success

Every use case will have a unique set of factors that will determine its success or failure. Ask the ultimate
users and owners of the application what they want the application to achieve and use their input to derive
Pdf_Folio:491

SUGGESTED ANSWERS 491

KPIs. These KPIs will be used as a benchmark when developing and testing the system and once the system
is implemented, in Step 7, to evaluate the effectiveness of the application.

Step 5: Create a Data Strategy

A good data strategy covers what data is being captured, in what way and for what purpose. Remember that
more data is not always better. Curating the right data to deliver the desired outcome is the most effective
way to fuel an AI strategy that delivers value at speed and scale.

Step 6: Define the Solution

In this step, the form of the solution is tested. Testing involves input data, feedback and human correction.
This is to ensure the AI machine works as intended to produce a useable model. Once the model is
performing to the level required, deployment can take place.

Step 7: Measure and Maintain AI’s Performance

AI solutions require regular assessment and review. There must be a method and appropriate resources in
place to maintain and monitor the AI model’s performance, and to make adjustments and improvements
as required.
Following the steps in this process will ensure that an AI strategy and resulting applications will be
supportive of an organisation’s business strategy by adding value through the use of technology.

QUESTION 3.9
Supervised machine learning and unsupervised machine learning differ in the types of models they
generate and the data they use to generate the models.
If labelled data is available in sufficient quantity supervised machine learning can be used to develop
classification or regression models. Classification models result in applications that can classify images for
medical diagnoses, classify loan applications into accept or reject categories and decide if an email is spam
or not. Regression models result in applications that produce numeric predictions, forecast temperature,
estimating life expectancy and forecast financial market activity. In all of these applications the models
are capable ‘converting’ input data into expected or predicted results. The conversion process or model
is created by exposing the machine generating the model to labelled data – that is, data that consists of
historical inputs and their associated results or outcomes. For example, the demographic and financial data
of a loan applicant and whether they repaid their loan or not. The data is split into two sets that mirror the
two phases of model development. The first set is the training set, which the machine learns from to create
the model. The second set is the test set, which is used to confirm the accuracy of the model before it is
put into use with new input data, from which necessary predictions are made.
If unlabelled data is available, unsupervised machine learning can be used to develop clustering and
other types of models that explore and find patterns or associations within the data. Clustering models
result in applications that segment a customer base, make recommendations based on previous purchases
or to target marketing. Associative models can be used to reduce the breadth and size of datasets so
that only the most salient of data is retained. This will help to minimise data collection, storage and
processing costs and facilitate the creation of less complex data visualisations. Models are created by
exposing the machine creating the model to unlabelled data – that is, data that has not been tagged with its
classifications, properties or identifying characteristics. The machine then works with this data to identify
the properties and characteristics of the data to uncover patterns or associations within the data that allow
models to be created.

QUESTION 3.10
The primary advantage AI systems have over human analysts is the ability to process large volumes of
data quickly without getting tired or bored by the repetitive work. Note that human analysts have an
advantage over AI systems in that they are better at creative thinking. The additional factor that gives AI
systems an overall advantage over their human counterparts in financial analysis is their ability to consider
a much wider range of possible models. In some respects, this can be seen as AI systems compensation
for their inability to use creative thinking by instead quickly reviewing all possible models irrespective of
whether there is any logic to the model at all. All they are looking for is a model that works, they are not
constrained by unconscious bias or preconceived notions of how the world of finance works.
Pdf_Folio:492

492 SUGGESTED ANSWERS

QUESTION 3.11
Natural language processing (NLP) uses AI so computers can understand and interpret human language.
NLP can be applied to written text or combined with speech recognition applications to provide a live data
feed from a phone call. NLP uses algorithms to convert unstructured verbal data into semi-structured data
the AI system can analyse to produce a suitable response.
Using NLP in robo-advising allows the robo-advisor to move beyond a simple chatbot form-based
approach to data inputs and generate richer denser data. This allows a more complete model of the customer
to be created and, in turn allows the robo-advisor to produce more customised advice.

QUESTION 3.12
Most data traditionally managed by accountants, such as quantitative accounting data, can be organised
as a table, and are classified as structured data. In contrast, accountants have made little use of qualitative
data that is unstructured. Examples of unstructured data include social media activity, surveillance imagery
and text. Because it is so vast and appears in unusual formats, this type of data is difficult to analyse using
traditional methods.
Machine learning applies algorithms to data, processing it to allow the practitioner to make sense of large
amounts of information, of various forms, procured from multiple sources. For instance, an accountant
could gain insights into the success of a new product line by monitoring social media activity or satellite
footage of delivery trucks leaving the distribution warehouse. Alternatively, accountants could analyse the
text found in the corporate press releases or interviews with corporate executives to discover potential
discrepancies with accounting information.

QUESTION 3.13
The outputs produced by RPA are the result of a clearly documented, pre-determined process, so the
organisational user knows how the output is generated and can easily review the supporting documentation
to explain it.
AI and ML, on the other hand, are often black-box solutions where the internal process that took the
input data to produce an output recommendation is a complete mystery. Often the underlying AI or ML
programs are based on methods developed externally to the organisation, so there are few, if any, within
the organisation that can explain the process, even in broad terms.
However, it does not need to be like this. Some modern AI and ML systems are being developed to also
provide information on the model used to produce the output, or information about the internal processes
that resulted in the final model. Nevertheless, more transparent systems are still subject to limitations
when the model is being updated dynamically every time new data is introduced as the model and/or the
processes used to select the model are frequently changing.

QUESTION 3.14
Corporate governance is the process of setting and implementing clear business objectives, policies and
standards across the organisation and ensuring they are properly executed.
Increased automation of business processes increases governance risks mainly because it reduces or
removes human involvement, meaning that awareness of procedures not working as intended is limited.
There is a risk that senior management will assume that governance tasks are being performed as expected,
without full oversight.
The FinTech subfield RegTech, or regulatory technology, is an area where automation can improve
the management of governance risks. Automation can benefit risk compliance, by ensuring processes are
followed reliably and consistently, provided the automation process is designed well (including suitable
control mechanisms), set up correctly and maintained properly.

Pdf_Folio:493

SUGGESTED ANSWERS 493

QUESTION 3.15
There are many potential benefits from using personal data in RPA, AI and ML. The main benefit is that it
allows more customised services, which benefits both the organisation and customer. Use of personalised
data also expands the set of available data as it opens the possibility of data matching across multiple
databases, which helps create a much deeper and detailed model of the individual.
However, the risks associated with personal data are also significant. Apart from legal privacy
considerations and concern for individual privacy rights, every organisation has a responsibility to protect
data from theft, unauthorised manipulation and misuse.
Data matching across datasets also creates extra risk. An organisation should not collect data on
personal variables such as race or gender identity, as allowing an AI or ML model to incorporate these
variables can result in illegal bias from a biased algorithm. However, the depth of information provided
by combining multiple databases with personal identifiers greatly increases the risk of the AI or ML model
independently creating and using proxy measures of race, gender identity or other factors it should not
be using.

MODULE 4
QUESTION 4.1
The key driver of a data-literate organisational culture is that decisions are made based on insights gained
from interpreting the output of analytics. For this to be achieved it is not necessary for all staff to become
statisticians; however, it is important that the majority understand enough basic maths and statistics to
have an appreciation of how the organisation is generating and using data. It is also important for all staff
using data to be competent communicators of the data-driven outputs of any analysis, so they can make
data-driven decisions and bring others onboard.
For example, a data-driven organisation needs to have a culture where staff provided with a dashboard
showing key operational or financial metrics are able to drill down into the detailed data relevant to
their role. They must have both the access and knowledge to use that information to improve decision
making. The management also needs to ensure such relevant knowledge, skills, experience and actions are
encouraged across the whole organisation.

QUESTION 4.2
Most organisations are far from reaching their potential due to a combination of technical and
human issues.
On the technical side, the use of AI and ML remains a complicated and specialised field, where the
majority of AI and ML analytics projects are run by data and technology experts and do not scale up to
serve the whole organisation.
On the human side, organisations need people with the ability to understand and leverage analytics
insights, who can push and convince others to follow the direction suggested by the data. This requires
an organisation-wide commitment to data-informed decision making, which in turn requires people to
develop data literacy skills.
To realise the full potential of data analytics in business we need to understand that it is not just about
what the technology can do, nor what the technology can do with the data available, but what the technology
and available data can do for the organisation and to what extent the people in the organisation can accept
and interpret data and then form insights.

QUESTION 4.3
Structured data has a standard format, is usually numerical or simple text, and is usually stored in a table.
Unstructured data has no standard format. Common forms are long-form text (full sentences and
paragraphs), audio recording or image data.

Pdf_Folio:494

494 SUGGESTED ANSWERS

 Structured data is much better suited to machine analysis and manipulation. Although technology is
getting better at managing unstructured data, the most common way to use it is still to break it down
into small slices that resemble structured data so it can be analysed. A lot of the details in the original
unstructured data is lost in this process.
Internal data is usually generated within the organisation while external data is usually generated
externally. The main issue is, however, not where it is generated but how much control the organisation has
over its generation. An organisation has very little, if any, influence on the content or structure of external
data. It has no control about whether the external producer continues to produce it and the format in which
it is produced.
Based on this analysis, structured internal data is the easiest and least expensive for an organisation to
collect. Common examples include accounting data and inventory data.

QUESTION 4.4
Due to the complexity of systems development, it is generally understood that a structured approach is
required. Development principles are often borrowed from project management practices. However, the
detail of the best structure for systems development is open to debate.
Early systems development models proposed a linear approach, working through a series of discrete
steps in a specific sequence. Under a linear approach any failure in the resulting system was considered to
be due to one of the steps being incorrectly completed and not a failure of the linear approach itself.
Problems with the linear approach were that it often produced systems that did not meet user
requirements and were delivered late.
The modern system development life cycle (SDLC) is an iterative process. This assumes that a single
pass through any step will not produce a good outcome. At each stage new information is developed
relevant to previous stages, so it is necessary to go back and modify the earlier stages in light of the new
information learned. There is a clear understanding that no amount of front-end planning will anticipate
every aspect of the eventual system.
Curiously the old linear model and modern iterative processes both have the same steps: planning,
analysis, design, implementation and testing, support and maintenance. They just have a different
understanding of how these relate to each other.

QUESTION 4.5

Test
migration

Data Final
cleaning migration

Maintenance

Security
Data
Data migration Validation New systems
mapping
Flexibility

Future proofing

Legacy Change
systems management

Consultation

Pdf_Folio:495

SUGGESTED ANSWERS 495

 Successful data migration involves careful change management to ensure data is fully and accurately
migrated to the new system, but if done correctly there is an opportunity to produce a dataset that is better
than the original.
The key point is to recognise that the original data almost certainly contains errors and the migration
process provides an opportunity to identify and remove or correct those errors.
The main process is data cleaning where errors, outdated data and duplicates are identified and removed.
Attempts should be made to complete missing records and to identify and resolve any inconsistencies in
the data.
Going through these processes also helps determine if there are problems with the source data, or if any
controls are to be built to reduce the risk of recreating similar errors in the new database again.

QUESTION 4.6
Accountants are very experienced in dealing with financial data and ensuring its quality, they need to bring
those skills to the management of non-financial data in an organisation.
Data, if used well, is a very important and valuable asset to the business. Just as accountants install
controls and perform audits to protect physical assets, they need to help develop controls and checks to
maintain the integrity of all data.
Organisations should use a data strategy framework to identify what they need to know, and then
prioritise obtaining the corresponding data. Accountants can help by, for example, performing a cost–
benefit analysis as it can be a useful approach to decide what further data should be collected and what
should not.
Ultimately the organisation needs to prioritise its investment in data and analysis with respect to how
the data will contribute to the organisation’s strategic objectives.

QUESTION 4.7
The two main reasons that an organisation may decide not to collect and store personal data, anonymising
it instead are as follows.
• Any customer data that includes personal identifiers will be subject to privacy legislation in the country
it is held. This imposes both financial costs and significant responsibility for maintaining the security
of that data.
• Collecting personal data requires collecting informed consent and allowing people to access their data.
Again, the costs of doing this may not justify the benefits of using personal data.
Organisations cannot, however, avoid collecting personal data when they intend to provide a customised
service, such as new product recommendations, which must be matched to a specific customer’s profile to
be meaningful.

QUESTION 4.8
Overfitting refers to the practice of fitting a complex mathematical model developed from an existing
set of data to a new set of data (e.g. a cubic model instead of a simple linear model). While either
could validly be used to describe the relationship between the variables, the complex model minimises
the statistical ‘error’ (the difference between the actual data used to produce the model and the values
predicted by the model). However, these ‘errors’ are not necessarily true errors in the model, they could
be due to measurement error or the seemingly random effects of an unobserved variable.
When the overfitted model is applied to new input data to generate new outputs, the outputs are poor
estimates of the true values. Therefore, overfitting produces a model that is less likely to represent the true
underlying relationship in the new data.
In summary, overfitted models do a good job of fitting the original data used to create the model, but
because the model is usually wrong it does a very poor job of fitting any new data applied to the model.

QUESTION 4.9
Black-box approaches are those where we cannot see the process that takes data inputs and creates an
output or recommendation. Hidden workings of the AI or ML model mean that any biases introduced by
the data are unclear and the rationale for the output cannot be examined and validated. This creates the
risk that biased or flawed data may produce analytics results that will lead to incorrect or unfair decisions.
Pdf_Folio:496

496 SUGGESTED ANSWERS

 The main problem with black-box AI and ML is that users are not able to independently assess the
process that produces the output. This, in turn, is a problem when outputs exhibit bias or discrimination.
It is also a problem when personal data has been used to generate recommendations and the individuals
whose data was used demand a right to explanation.
In particular, problems arise when the AI is used to select access to employment, service provision or
to estimate credit scores with results that are not favourable to the individual concerned.
The benefits of black-box AI and ML arise from the quality of output generated. If used correctly these
AI models produce better decisions, improve organisational performance and profitability. Arguably, this
would not be possible if users insisted on transparency from the beginning.

QUESTION 4.10
Supervised learning can be thought of as finding known patterns in unknown data. We must have data
that has been ‘labelled’. This labelling is considered the supervision. The labels have been derived from
human recognition. Training data are the data from which the classification or prediction algorithm
‘learns’, or is ‘trained’, about the relationship between predictor variables and the outcome variable.
When training an AI- or ML-based system to detect fraudulent activity, you first need a dataset of prior
fraud. This must be correctly coded so only genuine cases of fraud are classified as fraud, and vice versa.
However, data analytics is rarely perfect, so entrusting the AI or ML model without any human oversight is
not recommended.
Specifically, humans should be involved in checking data quality, ensuring classifications are applied
consistently, that data outliers are checked and managed consistently and any missing values are checked.
Human intervention in checking source data is critical to ensuring an AI or ML model works correctly.

QUESTION 4.11
The concept of data ownership refers to who owns or is responsible for the data. How they approach that
responsibility is important.
Data ownership problems exist where there are no clear policies defining responsibility and account-
ability for managing an organisation’s data. Such problems are exacerbated when those who manage the
data are not the same as those who use it. When those responsible for data management have not ‘bought
in’ to the value of data to the organisation they cannot be expected to allocate the necessary resources
to ensure quality data is collected and securely stored. Inconsistent data formats of various departments
create an additional set of problems as organisations try to combine individual applications into integrated
enterprise systems.
Technical teams have little control over data quality and do not rely on the analysis it supports while
business users do have control and are the users of analytics. Business users should therefore have
responsibility for data quality.

QUESTION 4.12
Correlation refers to the degree of relationship between two variables and is a pattern observable in the
data. For example, if ice-cream consumption increases in summer months then we should see a regular
pattern in measurements of temperature and ice-cream consumption volumes. This pattern could be
visualised by looking at numeric data in a table where one variable has been sorted by size and the
corresponding variable also shows some size ordering. Causation is a cause-and-effect relationship
between two variables and it often starts with an observed correlation. Causation takes it further by adding
an explanation as to why those variables move in an observed pattern. This is much harder than correlation
because a convincing cause needs to remove the possibility of alternative explanations. For example, is
the increase in ice-cream consumption in summer due to a belief that ice-cream will help us cool down on
a hot day or because of a habit followed since childhood? Usually we need to conduct more research to
narrow down to the most likely cause.
Only correlation could be demonstrated visually by a scatterplot because a scatterplot is a type of data
display that shows the relationship between two variables, which is the pattern in the data. A scatterplot
cannot show the cause of the pattern.

Pdf_Folio:497

SUGGESTED ANSWERS 497

QUESTION 4.13
Accounting and finance professionals will need to be problem solvers and to possess strong skills in
quantitative analysis to support their financial knowledge.
It will be useful to have a basic understanding of the common programming languages to be able to ask
informed questions.
Working in multi-disciplinary teams means that people skills and the ability to communicate complex
ideas in simple and engaging terms (‘storytelling’) are important. This can create an overarching ‘digital
vision’ so that teams can be assembled with the ability to:
• build strong awareness and sound understanding of the impact of digital technology on accounting
and finance
• articulate the value of digital processes and systems throughout the organisation
• develop a strong foundation of digital fluency to support any transformational changes
• inspire and reward curiosity about digital applications and the related opportunities.

QUESTION 4.14
Exploratory visualisations are used early in the data analysis process, and exploratory analysis is about
finding patterns through breadth and depth of analysis — for example, to determine which types of model
are likely to best fit the data. An analyst is likely to briefly use a range of visualisations before moving to
more formal analysis of the relationships between variables. These can be quickly produced and are often
‘rough and ready’ as there is no intention to keep them or let people outside the analysis team see them.
Explanatory visualisations are used on completion of the data analysis. They are used to more effectively
explain and communicate the results of the analysis to decision makers. As the data analysis results will
be seen by a range of users, it is important for them to be professionally presented using visualisation.

QUESTION 4.15
Benefits Challenges

• Dashboards can quickly communicate key • Important details might be omitted because of the
information. limited space in the dashboards.
• They are interactive. • Might not be easy to apply because they require the
• They are customisable (can be designed to meet matching the data to specific users’ needs.
the user’s specific needs). • May not effectively facilitate the user’s decision
• Allow live data feeds. making because not all users can interpret the data.
• Data overload could be avoided.

MODULE 5
QUESTION 5.1
An Audit and Risk Committee provides governance (oversight) over identified risks. It receives reports on
risk management within the organisation to monitor these activities.
As a governance committee it would be responsible for creating and reviewing risk management policies.
Policies should be reviewed on a regular basis to ensure they remain fit for purpose.

QUESTION 5.2
Risk ownership involves allocating each risk to a named group or individual to manage. For this reason,
an organisation will have multiple risk owners, each responsible for a risk or a set of risks.
As risks generally cannot be eliminated, risk management involves keeping track of the risk and taking
steps to ensure it does not become a serious problem.
Specifically risk owners should:
• analyse the risk and check all associated data
• rate the risk regularly
• take steps to keep the risk at reasonable levels
• fix identified issues arising from the risk.
Pdf_Folio:498

498 SUGGESTED ANSWERS

QUESTION 5.3
ISO 27001 ISO 31000

• Has a narrow framework, specific to information • Has a broad framework for risk management.
security risk management. • Takes a strategic perspective on risk management.
• Provides specifications for an information security • Provides guidelines for implementation and risk
management system. assessment.
• Considers the role of people, processes and • Aimed at helping organisations develop a risk
technology in risk management. management culture.

ISO 31000 is the key standards framework for risk management. Notably it is a framework including
principles and guidelines. In contrast, ISO 27001 is the specific for information security management and
sets out specifications and controls for this area.

QUESTION 5.4
Risk evaluation Risk treatment

• Involves comparing measured risk estimates against • Involves selecting the appropriate response to a
pre-determined risk standards. given risk.
• Should be performed periodically. • Four main treatments:
• Should produce an easily understood outcome. - Accept the risk.
• Must be backed by evidence. - Transfer the risk to a third party.
Example: A financial institution may estimate the - Mitigate the risk.
probability of losing $10 million due to the failure - Avoid the risk.
of a client business. It may then rate that loss by its • Treatment decisions need to be informed by risk
severity and use that information to review its lending evaluation measures.
practices. Example: Insurance is a common example of risk
transfer.

QUESTION 5.5
One of the key reasons a crisis can create problems is its unpredictability, not just about when it will
occur but also the nature of the crisis. To most people COVID-19 was unpredictable so planning for it
was impossible. Similarly, natural disasters are often things that occur somewhere else, until they happen
around you. Anticipating every possible thing that could go wrong and preparing for it just is not feasible.
Risk governance is instead about identifying broad types of risk and putting plans in place that provide
a framework for dealing with the problems the risk event creates. For example, both natural disasters and
pandemics can cut off access to a business’ physical premises. So, having access to business records online
would support business continuity. But a policy that ensures the records are online cannot be easily created
and adopted at the time the crisis arises or in the immediate aftermath.

QUESTION 5.6
The chief information security officer (CISO) is responsible for developing and implementing an
organisation’s information security policy. The CISO will be involved in the organisation’s risk
management strategy.
The chief information officer (CIO) is responsible for IT-related planning, budgeting and performance
evaluation. The CIO’s decisions should be based on an effective risk management program.
The CISO should take the primary responsibility of forming the organisation’s information security
plans and policy. The CIO then takes responsibility for making resources available to implement the plans.
Both should work on regularly reviewing the effectiveness of plans and their implementation, and advise
the other on where improvements are possible.

Pdf_Folio:499

SUGGESTED ANSWERS 499

QUESTION 5.7
Agile work practices typically involve flattening traditional organisational hierarchies and creating small
self-led teams to tackle issues in two-week ‘sprints’.
Due to the smaller team size and responsiveness required, Agile is an approach that lends itself to smaller
more dynamic organisations.
Including governance considerations in Agile processes can be difficult due to the differences in
timeframe — an Agile approach works on very short timeframes, governance tends to develop over much
longer periods.
Governance requirements can be built into Agile development by having governance as a ‘gate’ through
which the team must pass before continuing to the next stage. But expecting governance requirements to
change in response to an Agile team’s needs is very unlikely.

Pros Cons

• Can incorporate ‘gates’ between stages to meet • Compliance issues can be missed due to the short
governance requirements. timeframes of Agile work practices.
• Suits non-traditional hierarchies — for example, • Does not suit traditional hierarchies.
small self-led teams. • Does not provide the longer time period required for
governance to develop.

QUESTION 5.8
Key governance and control issues with automation include:
• risks relating to cybersecurity
• social licence to operate
• workforce/change management
• human resources needs
• project management
• fit with company culture
• integration with supply chain
• data privacy.

QUESTION 5.9
Three key elements of a mature approach to cybersecurity are:
• consistency
• adaptability
• accountability.
Consistency is important because an inconsistent approach will create weak points in the attack surface,
which hackers will identify and exploit to gain access to the system. For example, an organisation’s
computer-use policy must require strong passwords.
Adaptability is important because the risk environment is constantly changing. This should also be linked
to consistency to ensure all parts of an organisation can adapt together, or inconsistencies will develop.
Accountability is important to ensure everybody follows the required procedures because they know they
are individually responsible for their actions. A lack of accountability will lead to a lack of consistency in
applying cybersecurity protocols.

QUESTION 5.10
Advantages
• Supplement internal knowledge. By using the right outsourced tools, technology and approach, an
organisation can supplement its internal knowledge.
• Cost savings. Using a team of external experts through a subscription service can cost a fraction of the
amount that would be required to build internal team capability.
• Security expertise. IT security professionals for in-house teams can be difficult to identify, recruit and
retain. It can also be difficult to keep up to date with security trends and developments.
Pdf_Folio:500

500 SUGGESTED ANSWERS

• 24/7 support. Outsourcing to security providers generally enables the organisation to provide real-time
cybersecurity reporting 24/7, 365 days a year.
• Compliance management. External professionals are better placed to keep on top of changes in the
industry, and ensure the company meets industry regulations.

Disadvantages
• Sensitive data. Using and trusting outside parties with sensitive data or intellectual property can
potentially open the organisation to additional risks.
• Additional software/hardware requirements. External providers may mean the organisation must use
specific security software or they may suggest additional hardware requirements as part of the terms
and conditions of service. This can result in additional costs and potentially slow down ICT systems.
• Service-level agreements. Ensuring the service-level agreements and support matches the organisation’s
specific requirements can sometimes be difficult.
• Lack of control. Sacrificing and relinquishing key cybersecurity responsibilities to eternal providers
requires monitoring.

QUESTION 5.11
The attack surface relates to the points within a business that are exposed to any form of exploitation.
Networks and servers are highly interconnected so once the surface is breached access to extensive data
resources is gained by the attacker.
Prevention controls include firewalls, anti-virus software, encryption, risk analysis, job rotation and
account lock outs.
Prevention controls need to be deployed at every point on the attack surface to be effective.
With the development of the internet of things and edge computing, the number of devices on each
network has grown significantly. More connected devices means there are more potential access points for
attackers to exploit and results in the need for more prevention controls.

QUESTION 5.12
The General Data Protection Regulation (GDPR) provides a good framework for ethical data practices.
• The right to be informed. The company should have systems in place to inform individuals when
information is collected.
• The right of access. The company should have systems in place to allow individuals to request and
access all personal information the about them.
• The right to rectification. The company should have systems in place to correct information if provided
with evidence that it is incorrect.
• The right to erasure. The company should have systems in place to remove information if requested,
this should cover all backups as well as the main database.
• The right to restrict processing. The company should have systems in place to prevent data from being
used if requested by the individual who is the source of the data.
• The right to data portability. The company should have systems in place to convert data into commonly
used machine-readable formats.
• The right to object. The company should have systems in place to prevent data from being used for
marketing or profiling if requested by the individual who is the source of the data.

QUESTION 5.13
Having a specialist compliance officer ensures that there is at least one person focussed on compliance
issues. It is also more likely that this person will be in a position to maintain some level of independence
and objectivity as this is the sole focus of their role. Their KPIs will all be compliance related so there is
no danger of having to sacrifice compliance-related tasks in favour of other tasks.
Giving responsibility for compliance to someone with a broader job description creates the risk that that
individual will allocate insufficient time to compliance, especially as there is no-one with a greater role in
compliance to tell them otherwise.
A specialist compliance officer is also more likely to stay up-to-date with current best practices
in compliance.

Pdf_Folio:501

SUGGESTED ANSWERS 501

 In larger organisations it is also worth considering having a C-level chief compliance officer as working
at that level gives better access to the board of directors, where compliance and governance should
be discussed.

QUESTION 5.14
Regulatory sandboxes allow FinTech companies to test and experiment with new products and services
free from costly or damaging legal consequences. The goal is to give FinTech companies a chance to
develop and take a minimally viable product to market knowing it has value for users.
The main downside for FinTech companies is that as long as they stay in the sandbox they are not able
to fully test their products; nor will they know the full extent of the cost of their operations.
The main benefit for regulators is that it allows them to maintain oversight and knowledge of FinTech
innovations, giving them awareness of potential regulatory requirements so that they can plan for and
implement them before they are needed.
The sandbox approach protects consumers without hindering innovation, allowing new players in the
FinTech industry to test in a safe environment while giving regulators advance insights into potential
changes required in the regulatory environment.

QUESTION 5.15
The main issue for FinTech companies looking at international expansion are the regulatory and compli-
ance requirements they encounter (and must comply with) in each new jurisdiction.
They will also need to ensure compliance with rules imposed by multinational bodies such as the
United Nations.
There may also be additional compliance requirements in their home country, such as dealing with
AML/CTF rules if they were not previously dealing with international clients.
However, if they are already compliant in a heavily regulated jurisdiction like Australia, they should
meet many of the compliance requirements in other countries.

Pdf_Folio:502

502 SUGGESTED ANSWERS

 “BMIndex_PrintPDF” — 2021/9/15 — 13:30 — page 503 — #1

INDEX
A/B testing 322 bias 200 automation 3, 143, 158–70
accept 385 sensitivity 199 balanced scorecard to evaluate
access to devices 31 usability 199 166–7
account reconciliation 180 volume 199 basics of 158–62
accountability 394 in different industries 197 combining technologies 162
accounting/auditing 111 agriculture 198 key automation technologies
Afterpay 95 aviation 198 158–61
AGI see artificial general intelligence finance 197 building automation strategy 168–9
agility, responsiveness and crisis healthcare 197 data 168
management 284–5 marketing 198 infrastructure 169
AI see artificial intelligence recruitment 198 organisation 169
Airwallet 97 skills 169
retail 198
Airwallex 44 technologies and algorithms
enablers 195
Airwallex increasing integration 26–7 168–9
ethical considerations 231–2, 404
Airwallex payment solution 8–9 and employment 232
in finance and business 196–7
algorithm 159 evolving 162
managing risks and challenges when
alternative finance governance, risk and compliance
implementing
definition 125 challenges 227–30
appropriate data 200
importance 126–7 of governance, risk and compliance
regulating 127 costs 201
228–9
tools, taxonomy of 125 data preparation 200
planning for success 167–70
traditional vs alternative lender employee communication 201
purposes of using 158
funding process 126 skills 201
technologies 159
alternative funding 130–4 methodology for AI strategy 202–4
artificial intelligence 160–1
investment-based crowdfunding preparing for an automated future
machine learning 161
131–3 233–4
robotic process automation
non-investment-based crowdfunding risks 198–9
159–60
133–4 to individual 198–9
technology use cases 226–7
alternative lending 127–30 to organisation 199
value creation using 226–7
balance sheet lending 128–9 to society 199 value in finance 233
invoice finance 129–30 strategy and business strategy 202–4 value of 163–7
peer-to-peer lending 127–9 types of 195–6 autonomous systems 232
alternative viewpoints 318 artificial moral agents 232 availability 397
Amazon digital ecosystem 24–5 artificial narrow intelligence (ANI) availability bias 318
analyse 247 195 avoid 385
analytical workforce 289 assess and strategise 289 awareness 318
analytics 3, 64, 244–7 association rule mining 304, 305
requirements 265 attack surface 411
anchoring 318 balance sheet lending 128
attended RPA 172
ANI see artificial narrow intelligence vs peer-to-peer lending 128–9
audit control processing 181
anonymising data 293–4 balanced scorecard to evaluate
auditors 398 automation 166–7
Anscombe’s quartet 330–2 augmented reality (AR) 53, 143
Ant Technologies 145 bank sector compliance 436–7
Australia, FinTech regulation 445–6 bank, regulations 458–9
Anti-Money Laundering and
APRA 444 banking business 445
Counter-Terrorism Financing Act
ASIC 443 banking consumer archetypes 142
2006 (AML/CTF Act) 446
AUSTRAC 444 Banking Executive Accountability
API see application programming
banking activities 445 Regime (BEAR) 398
interface
credit activities 445 banking, future of 142–7
API platforms 143
Apple Pay’s digital payments ecosystem RBA 444 banking-as-a-platform 146
33–4 regulation 445–6 banking-as-a-service 146
application programming interface (API) regulation and law 444 banks’ strategic response to FinTechs
16, 47–8 Australian credit licence 443 145
appropriate data 200 Australian Prudential Regulation customer preferences 142
AR see augmented reality Authority (APRA) 444 enablers of change
argue 247 Australian Securities and Investments regulatory framework 143–4
artificial general intelligence (AGI) 196 Commission (ASIC) 443 technologies 143
artificial intelligence (AI) 3, 160, Australian Stock Exchange (ASX) 395 neobanks in Australia 146
193–205 Australian Transaction Reports and open banking regime 147
basics of 193–6 Analysis Centre (AUSTRAC) 444 operational effectiveness and
benefits of 196–8 authorised deposit-taking institution efficiencies 144–5
brief history of 194–5 (ADI) 444 trust 146
data challenges 199–200 authority 394 banking-as-a-platform (BaaP) 146
availability 199 automating action 300 banking-as-a-service (BaaS) 146

INDEX 503
 “BMIndex_PrintPDF” — 2021/9/15 — 13:30 — page 504 — #2

Bayes’ Theorem 255–6 causal relationships, criteria for performance evaluation 432–3
behaviour prediction 165 assessing 324 planning 432
bias 200, 317 causation 321–4 and risk management 213
in decision systems 232 causal relationships, criteria for support 432
biased analysis 294 assessing 324 compliance framework 433
biased data 294 common patterns of 323 development 433–6
bidirectional virtual currency 81–3 proving 322–3 effective framework 436
big data 2, 64, 244, 287–8 CBA ML strategy 218–9 KPMG 435–6
big data analytics 288 Central Bank Digital Currency (CBDC) looking forward 433
business using 288–9 scheme 79 conditional probability 254
conventional analytics 287–8 centralised databases 100 confidentiality 397
implementation 289–90 centralised virtual currencies 80 confirmation bias 318
challenges 290 change management 282–4 consensus algorithm 100
initial steps 289–90 Kotter’s eight-step framework for consent 426
in risk management 278 successful 282 consistency 324
skills required by finance changes over time 342–5 consolidation 289
professionals 290–2 channel innovations 13 consortium blockchains 106
core skills for digital future 291 chatbots and voice-based assistants Consumer Data Right (CDR)
developing skills 291–2 164–5 scheme 144
new skills for digital era 291 checkout-less stores 40 content categorisation 164
big data analytics 10 chief financial officers 61 context of data visualisation
Bigstone 45 chief information officer (CIO) 397 identifying the audience of
biometric data 271 chief information security officer presentation 334
bitcoin 8, 83–4 (CISO) 397 present the communication 335
BitDegree 136 classification 302–4 present to the audience 334
blockchain 8, 10, 103, 143, 233 classifying ML 212–3 contextual extraction 164
consensus mechanisms 103–4 closed loop systems 30 continuous data 253
in financial services 110–13 closed virtual currency 80–1 contract analysis 213
cloud computing 47, 64 control documentation 382
permissions and ownership 105–6
cloud-based payment systems 89–90 conventional vs smart contract 108–9
solution to double-spending problem
clustering 304 convertible virtual currency 81–3
104–5
Coca-Cola 178–9 cooperative networks 20
Board 396
coding 317 Corporations Act 2001 443–5
borrower and investor perspectives 139
cognisability 75 corrective controls 419
bots 159–60
cognitive automation 162 correlation 319–21
Bradford Hill Criteria 324
cognitive bias 317–9 correlation coefficient 319
brand innovations 13
common types of 318 cost reduction 289
breaches, cryptocurrency 122
strategies to overcome 318–9 costs 201
bubble chart 345
cognitive ML 212 costs of misclassification 299
business activity data 289
cognitive principles to visualisations COVID-19 229–30
business case for RPA 177–9
eliminate unnecessary detail 347 and alternative lending 126
business continuity plans (BCP) 388–9
coins 113–5 Boards 403
business functions
collaboration 318 cashless society response 79
human resources 183
collaborative filtering 305, 306 contactless payments 94
marketing and sales 183
collaborative networks 20 CPS 234 security standard 412
supply chain management 183
collectively exhaustive 254 created data 274
business impact assessment (BIA) 388
combatting financial fraud 181 credit model relationships 365
business operations data 289 commodity currency 77 critical control 382
business process management (BPM) commodity-backed currency 77 cross-border payments 40
172–3 Common Reporting Standard crowdfunded equity 46–7
business processes 184–5 (CRS) 447 crowdfunding 6–7
cybersecurity 185 Commonwealth Bank of Australia crowdlending 127
IT processing 184 (CBA) 447 crypto derivatives 118–19
product and service marketing 185 communication 265 crypto wallet 92
sales order processing 184 communication networks 29 crypto-based funding
business strategy 265 competition 32 initial coin offerings 135–6
business, benefits of digital payments and risk 272–3 initial DEX offerings 137
for 96 competitive advantage 5, 289 initial exchange offerings 136–7
buy-now-pay-later (BNPL) services compiled data 274 security token offerings 137–8
40, 95–6 compliance 213, 227, 309, 373 cryptocurrency 7, 78, 83–6, 448
regulatory response 448–50 action 436–8 applications 117–9
context of the organisation 432 benefits of 121–2
captured data 274 improvement 433 coins 113–15
card scheme rules 451–2 leadership 432 considerations and future outlook
card-based payments 88, 90–1 moving forward 123–4
cash flow data, finance 270 reimagining resources 439 defined 113
cash, and e-money decoupling 80 staying current 438–9 and finance professionals 121
cashless society 79–80, 97 operation 432 fraud risk 122–3

504 INDEX
 “BMIndex_PrintPDF” — 2021/9/15 — 13:30 — page 505 — #3

market risk 122 requirements 265 extracting knowledge from data

privacy 121 data access 280 315–6
raising capital 122 data analysis 360–4 introduction 315–25
regulatory risk 122 data analysis process 292–7 overcoming cognitive bias 317–9
risks of 122–3 choose the analysis techniques 295 quantitative and qualitative
cyber-attacks, breaches and failures define the purpose 292 analysis 317
122 DeFi DApps vs incumbents 120 data intuition skills 291
fraud risk 122–3 deploy the model 297 Data Knight personas 250
market risk 122 determine the analysis task 295 data life cycle 279
regulatory risk 122 explore and clean the data 294 data literacy
technology risk 122 interpret the results 295–7 analytics 244–7
security and transparency 121 caveats and other principles culture see data literacy culture
stablecoins 116–7 296–7 data-informed decision making 244
taxonomy of 114 testing and evaluating models 296 definition 247
technology risk 122 obtain the data 292–4 in eBay 248
tokens 115–6 anonymising data 293–4 ideas for developing 249–50
transactions 121 biased analysis 294 implementing at leading companies
cryptocurrency wallet 88, 91–2, 113, biased data 294 248
120 data ethics and regulation 293–4 importantance 247–8
currency data sources 293 introduction 244–7
traditional 76–8 data types 293 leaders and champions 250
types of 76 informed consent 293 need for 247–8
vs money 76 partition the data 295 data literacy culture
current and future bank processes 17 reduce the data dimension 294 definition 249
current finance system 140–1 use algorithms to perform the task role of professional in 249–51
customer complaints, resolving 204 295 data management systems 279–81
customer engagement 55 data analytics 287 data migration 281–2
innovations 14 applying artificial intelligence
data mining 246–7
customer journey benefits 300–1
applications in business 246
disputes 451 machine learning 302–8
data needs, identifying 268–72
marketing 450–1 risks 301–2
competition and risk 272
onboarding 451 risk, warnings and challenges in
customer 268–9
reporting of issues 451 297–9
finance 269–70
transactions 451 data quality 297
customer service 213 operations 270–1
environmental changes 299
customers’ marketing preferences, purpose 268
missing values 298
updating 183–4 resources 272
normalising and rescaling data 298
cyber breach 424–5 data owner 397
outliers 297–8
breach 424–5 data personas 249
oversampling rare events 298–9
cyber fraud 412 roles 250
Data Aristocrat 250
cyber-attacks, cryptocurrency 122 data champions 283–4 data preparation 200
cybersecurity 185, 410 data communication 291 data privacy 406, 426
advantages 422–3 data consistency 180 laws and regulations 428–9
disadvantages 423 data custodian 397 notifiable data breach 429
light touch approach 422 data ethics personal data 427
outsourcing options 423 fairness and equality 426 relevance 427
professionals 422–3 informed consent 426 and security 31
risks 230 ownership and control 426 sensitive data 427
standards 412 preserving privacy 426 vs security 426
threat of 411–12 transparency 426 data quality 297
cybersecurity/fraud protection 98 data ethics and regulation 293–4 data science 246
data filtering and profiling 280 data categories 252–3
DApps see distributed applications data governance 405 probability 253–62
dashboard-specific visualisations compliance 407 data security 192, 280, 406,
355 and data management 405 407, 410
dashboards 351–67 data security 407 data sources 293
designing 356–9 goals 406–7 data strategy 263–6
data 244, 315, 379 privacy 406 data champions and 283–4
analysing 276 tools 407 developing for analytics 264–6
categories 252–3 data in automation 158–9 elements of 264
generation 273–6 data integrity and maintenance 280 frameworks 266–76
captured data 274 data interpretation 61, 315–29 analysing data 276
compiled data 274 causation 321–4 communicating to support
created data 274 common mistakes in 324–5 decision making 276
experimental data 274 considerations 315–25 identifying data needs 268–73
provoked data 274 correlation 319–21 prioritising data needs and
transaction data 273–4 data visualisation 317 obtaining data 273–6
user-generated data 274–6 domain knowledge 316 SMART strategy board 267–8

INDEX 505
 “BMIndex_PrintPDF” — 2021/9/15 — 13:30 — page 506 — #4

implementation 276–86 dynamic 22 electronic fund transfer 91

agility, responsiveness and crisis components 20–2 hybrid forms of digital
management 284–5 data-oriented ecosystems 21–2 payments 93–6
change management 282–4 ICT infrastructure ecosystems 22 digital payments 8
data management systems 279–81 software ecosystems 20–1 digital payments ecosystems 32–5
data migration 281–2 create and deliver value 23–5 digital platforms 30
organisational politics and culture increasing ROI 23 digital roadmap 53
277–8 increasing sales 23 digital technologies 41
in small businesses 285–6 increasing speed of technology digital transformation 51, 223
data synchronisation 280 adoption 23–5 in action 55–7
data types 293 opening new revenue sources 23 at Evergreen Markets 65–9
data visualisation 164, 317 reducing risks 23 benefits of 58–9
role of 330–3 evaluating 25–6 companies struggle to innovate
exploratory and explanatory digital factory and incubation 233 59–60
visualisations 330–3 Digital Finance Cube 5, 18 creating value through 57–8
understanding the context of 334–5 business functions 6–9 definition 53
visual display 335–47 digital finance institutions 10–11 financial innovation in organisations
data wrangling 300 technologies and technological 65–9
data-driven insights 289 concepts 9–10 keeping pace in fast-moving world
data-informed decision making 244, digital finance institutions 10–11 63–4
246–7, 325–6 digital finance landscape methodology 53–5
adequacy of the insights 327 Digital Finance Cube 5 customer engagement 55
based on the information 327–9 impact of technology on 5–14 design 54–5
example 326–9 banking/financial markets 14–19 mobilisation 54
frameworks 325–6 innovation using ten types framework ongoing evaluation and
iterative approaches 326 11–14 improvement 55
strategies 328–9 technological evolution 2–4 opportunity assessment 53
data-oriented ecosystems 21–2 digital financial advice 9 test 55
data-to-ink ratio 347 digital financial services (DFS) to-be enterprise model 54
database management systems (DBMSs) ecosystem 26–32 transition 55
280–1 goals of 27 methods and practices 64
databases 100 issues and challenges in 30–2 organisational goals 58–69
debt 132 competition 32 organisational strategy 51–2
decentralised databases 100 data privacy and security 31 role of accounting and finance
decentralised finance (DeFi) 49, 119 digital divide 30–1 professionals in 60–3
advantages and disadvantages 120 quality of work 31–2 chief financial officers 61
DApps vs incumbents 120 requirements for 27–30 financial accountant 62
development phases 119–20 consumers, businesses and general employees 62–3
future outlook 120 governments 29 getting started 60–1
decentralised virtual currencies 80 enabling environment 29 management accountant 61–2
decision trees 306–7 infrastructure readiness 28–9 technologies and architectures 64
decision types 327–8 digital financing 6–7 value drivers 57–8
decision making, communicating to digital insurance 9 digital transformation strategy 223
support 276 digital investments 7 elements of 223–6
deep learning 208–10 digital literacy 3 common themes 224
comparing standard ML and 210 digital mindset 3 digital priorities and objectives
when to use 209 digital money 7–8 223–4
DeFi see decentralised finance digital payment 73, 86 key elements 224–6
democratisation 290 New Payments Platform 89 digital transformation strategy 223–6
dependent event 254 benefits of 96 digital trust 425
descriptive analytics 245 categories and instruments 90 digital wallet 8, 88, 91
DESE data strategy 283 cloud-based payment systems 89–90 business applications 91–2
design standard 382 EMV 89 types of 92–3
desktop automation 159 future of DIKW pyramid 315–16
detective controls 419 cashless society 97 direct vs indirect flow of funds 15
DFS ecosystem see digital financial changing context of 98–9 disaster recovery plans (DRP) 388–9
services (DFS) ecosystem cybersecurity/fraud protection 98 discrete data 253
diagnostic analytics 245 financial literacy 98 distributed applications (DApps) 107–8
digital banking technologies 143 frictionless payments 98 utility tokens 115
digital currencies 73, 78–83 personalisation 97–8 distributed databases 100
digital divide 30–1 NFC payments 89 distributed ledger technology
digital economy 425 payment gateways 88 (DLT) 100
digital ecosystem 20 payment service provider 88 advantages and disadvantages
Amazon 24–5 systems and methods 86–8 101–3
characteristics of 22–3 types of 88, 90–7 databases 100
automated 22 business considerations 96–7 distributed ledgers 101–3
customer centred 22 card-based payments 90–1 risks 101
data-driven 22 digital wallets 91–3 use cases 102–3

506 INDEX
 “BMIndex_PrintPDF” — 2021/9/15 — 13:30 — page 507 — #5

distributed ledgers 73, 101–3 financial markets 45–8 future finance talent 233
divisibility 76 APIs, cloud and open accounting future-ready finance function 4
document summarisation 164 47–8
domain knowledge 316 neobanking 48 gap analysis 225
donation-based crowdfunding 134 P2P lending 45–6
gap in digital skills 31
DoS (denial of service) 411 SME finance 46–7
gender gap 31
driving innovation 201–2 financial product 445
general AI 196
durability 75 financial return 133
General Data Protection Regulation
financial review preparation 179
(GDPR) 428–9, 446–7
e-money 78–9 financial services 445
general employees and digital
advantages and disadvantages 78 business 445
transformation 62–3
cashless society 79–80 governance risks 442
Gestalt principles 347–50
Central Bank Digital Currency 79 legal risk 442–3
global environment
decoupling e-money and cash 80 technology and operational
risks 441–2 card scheme rules 451–2
hardware-based products 79
FinTech 141 customer journey
software-based products 79
banks’ strategic response to 145 disputes 451
earnings before interest and taxes (EBIT)
23 in business 36–40 marketing 450–1
EBIT see earnings before interest and current solutions in business 37 onboarding 451
taxes current use by accounting and finance reporting of issues 451
edge computing 48–9 professionals 40–3 transactions 451
electronic fund transfer (EFT) 88, 91 decentralised finance 49 scalability 452
electronic invoicing 6 edge computing 48–9 global financial crisis (GFC) 454
electronic money see e-money emerging 48–9 global regulation
elementary event 254 innovation incentives in financial Common Reporting Standard
emerging digital currency platforms 16 services sector 42–3 447
emotion analytics 165 basic necessity 42 Financial Action Task Force 446
employee communication 201 equity 43 Anti-Money Laundering and
employee morale 187 evolving preferences 43 Counter-Terrorism Financing Act
enabling skills 3 legacy systems with hope of 444, 446
enhanced productivity 289 innovation 42 General Data Protection Regulation
environmental changes 299 profitability 42 (GDPR) 446–7
equity 43 regulation 42 good governance 393
equity-based property crowdfunding innovation opportunities 49–50 principles of 395–6
132 innovation roadblocks 49 risk management strategy 394–5
ethereum 8, 107 innovation thinking in 43–8 governance
ethereum 2.0 107 financial markets 45–8 accountability 394
Europay, Mastercard, Visa (EMV) 89 payments 44–5 auditors 398
event 254 wealth management 43–4 authority 394
experimental data 274 innovations in retail 40–2
automation and AI 404–5
explanatory analysis 332–3 scope of 36–7
Board 396
exploratory analysis 330–2 strategic issues in 39–40
chief information officer 397
exploratory and explanatory vs traditional financial services
chief information security officer
visualisations 330–3 37–9
397
external data 273 FinTech 1.0 16
culture
extracting knowledge from data FinTech 2.0 16, 38
315–16 fit-for-purpose 400–1
FinTech companies 11
DIKW pyramid 315–16 FinTech mix 38–9 organisational culture 401–2
extrapolation bias 318 FinTech payments niche 37 positive governance culture
FinTech regulation 400
consumers and investors 440–1 data custodian 397
facial recognition 163
financial services firms 441–3 data owner 397
failure to locate responders 299
failures, cryptocurrency 122 firms 452 elements of 393–4
fiat currency 77–8 global regulation 446–7 future threats 403–5
fictional currencies see closed virtual key regulators in Australia 443–4 increased accountability 398
currency lack of awareness 441 IT security practitioners 397–8
fiduciary currency 78 paternalistic approach 441 lacking 399–400
finance 269–70 technological change 440–1 roles and responsibilities
finance innovation lab 4 too much information 441 396–8
Financial Accountability Regime FinTech solutions niche 37 security awareness trainers 398
(FAR) 398 FinTech technology niche 37 senior management 396–7
Financial Action Task Force Five Cs of credit 364 systems owners 397–8
(FATF) 446 fraud data 272 technology impact 403–4
financial inclusion 15 fraud risk 122 governance, risk management and
financial information analysis frictionless payments 98 compliance (GRC) framework
180–1 functional strategy 223 373
financial instruments 75 funds 379 government
financial literacy 98 fungibility 75 RPA in 185

INDEX 507
 “BMIndex_PrintPDF” — 2021/9/15 — 13:30 — page 508 — #6

gradient 324 instant payments 143 key automation technologies 158–61

graphic and web design 164 institutional players 117–18 automation technologies 159–61
insurance 185 data in automation 158–9
harmonisation 290 integration 309 key goal indicators (KGIs) 224
healthcare integrity 397 road map and 224
RPA in 185 intellectual property 379 key performance indicators (KPIs) 188
herd behaviour 318 intelligent automation 163 key risk indicators (KRIs) 390
human resources 183 linguistic tasks 164–5 KGIs see key goal indicators
human–robot interaction 232 prediction tasks 165–6 knowledge 224, 315–6
hybrid blockchains 105–6 visual tasks 163–4 Kotter’s eight-step framework for
hybrid cloud 143 intelligent finance 233 successful 282
hybrid forms, of digital payments intelligent predictive analytics 165–6 KPIs see key performance indicators
buy-now-pay-later 95–6 interconnectedness 16 KYC verification and compliance
mobile 93–4 internal audit’s role in ANZ’s digital 110–11
smart and contactless payments transformation 60
94–5 internal data 273 lack of algorithmic transparency 302
stablecoins and payments 96 International Electrotechnical large-value payment systems 86
hybrid payments 88 Commission (IEC) 414 layering 309
hybrid RPA 172 International Monetary Fund (IMF) 80 leadership team 396–7
International Organization for lease-financing 6
ICT infrastructure ecosystems 22 Standardization (ISO) 414 lending process 364
identifying alternatives 225 internet access and affordability 31 lending-based property crowdfunding
identity systems 29 Internet of Things (IoT) 64, 234 132
implementation interpretation and application 265 lessons for accountants 40–2
change management 265 interval data 253 Liberty Reserve (LRs) 82
data governance 265 investment 210 likelihood 383
systems 265 investment-based crowdfunding Linden Dollar 82, 85, 118
improve quality 374 131–3 LINE Pay 94
independent event 254 equity crowdfunding 131 linguistic tasks 164–5
industries 185–6 property-based crowdfunding
government 185 132–3 machine ethics 232
healthcare 185 invoice crowdlending 129 machine learning (ML) 161
insurance 185 invoice factoring 6, 129 algorithms 306–8
not-for-profits 185–6 vs invoice trading 129–30 decision trees 306
telecommunications 185 invoice finance support vector machines 306–7
Industry 4.0 2 invoice factoring 129–30 basics of 206–11
industry standards invoice trading 129–30 benefits of 213–15
CPS 234 security standard 412 invoice financing 6, 46 customer/user interaction risks 217
NIST Cybersecurity Framework invoice trading 129 data-related risks 216
413–14 as an investment vehicle for P2P deep learning 208–9
Payment Card Industry Data Security investors 130 in detecting money laundering
Standard 413 vs invoice factoring 129–30 309–13
information 244, 315 IoT see Internet of Things dimensionality reduction for 306
information and communication ISMS project implementation method ethical considerations 231–2
technology (ICT) 410 asset identification and valuation in finance and business 213–5
information assets 379, 419 416 algorithmic trading 214
information security 410 establishment 418 automated journal processing
information security management system monitoring and review 418 214–5
(ISMS) 377 project mandate 416 fraud detection 213–4
project implementation method risk assessment robo-advice 214
416–18 risk analysis 417 underwriting 214
informed consent 293, 426 risk identification 417 Google Maps 207
infrastructure readiness 28–9 risk evaluation, likelihood 417 incorporating into AI strategy
communication networks 29 risk treatment, mitigation 417–18 217–18
identity systems 26 ISO 27001 377 natural language processing 160
payments systems 28 ISO 27005 377 output interpretation risks 216
sufficient energy 29 ISO 31000 377, 390 preparing for an automated future
ingestion 290 ISO/IEC 27001 standard 233–4
initial coin offerings (ICOs) 135–6 ISMS 414–16 semi-supervised learning 303
initial DEX offerings (IDOs) 137 risk assessment 416–17 strategy for scalability 218–19
initial exchange offerings (IEOs) structure and requirements 415 supervised and unsupervised learning
136–7 IT processing 184 302–5
innovation 11 IT security practitioners 397–8 types of 212–13
innovation thinking in FinTech 43–50 item recognition 163 machine translation 165
financial markets 45–8 magnitudes, comparing 336–42
payments 44–5 JP Morgan Chase-led Interbank malicious software see malware
wealth management 43–4 Information Network 118 malware 412, 420–1
innovative profit models 12 JPM Coin 118 Target US 424

508 INDEX
 “BMIndex_PrintPDF” — 2021/9/15 — 13:30 — page 509 — #7

management security 419 open virtual currencies see convertible planning for success 167–9
manipulation of behaviour 231 virtual currency platform/online-based 92
marketing and sales 183 open-loop systems 30 plausibility 324
Marketlend 45 operating standard 382 PledgeMe 47
marketplace lending operational dashboard 352–4 point-of-sale (POS) 40–1
127–8 operational efficiency 57, 289 poor data quality 301
matching 323 operational strategy 223 poor/inappropriate risk governance
measure of value/unit of account 75 operations 270–1 communication of risk 398–9
medium of exchange 75 opportunity assessment 53 governance is lacking 399–400
miners 103 optimising ML 212 portability 75
missing values 298 optimism bias 318 portal queries 180
mission statement 268 oracle 108 portfolio management 214
mitigate 385 ordinal data 253 POS see point-of-sale
ML see machine learning organisation positive correlation 319
mobile payments 8, 30, 44 blending mainstream and alternative pre-attentive attributes 347–50
mobilisation 54 financing 139 prediction tasks 163–6
modelling outcomes 365–6 borrower and investor perspectives predictive analytics 165–6, 245
money 139 predictive ML 207, 212
and currency 75–8 financing needs 138–9 predictors, importance of 311
functions of 75 funding sources 139 prescriptive analytics 245, 288
properties of 75–6 impact on current finance system prescriptive security 143
vs currency 76 140–1 preventative controls 419
money laundering organisational behaviour 249 privacy 406
detecting 309–13 organisational implementation model Privacy Act 1988 230, 380, 426, 428,
phases of 309 188 429, 437, 458
money supply 75 organisational politics and culture privacy and surveillance 231
MoneyPlace 45 277–8 private blockchains 105–6
MUFG Coin 117 organisational strategy 51–2, 374 private permissioned blockchain 105
multiple regression 323 strategic management 52 probability 253–61
mutually exclusive 254 environments and goals 52 in decision making 256–8
processes 52 in practice 258–61
narrow AI 195 outcome 254 in risk analysis 258–9
National Australia Bank 373–4 outliers 297–8 stage weighted vs individual weighted
natural language analytics 300–1 oversampling 311–3 260–1
natural language processing (NLP) 160 rare events 298–9 terms and concepts 254–6
negative correlation 319 process innovations 12–13
neobanking 48 process selection 179, 187, 193
neobanks 146 P2P lending see peer-to-peer (P2P) processing power 195
Network Age 2 lending product and service marketing 185
network effects 2 P2P payments see peer-to-peer payments product crowdfunding 46–7
network innovations 12 P2P technology 10 product innovation 58
New Payments Platform (NPP) 89, 448 partition 254, 295 product performance innovations 13
NFC payments 89 paternalistic approach 441 product system innovations 13
NFC see near-field communication payment 86 profit-sharing crowdfunding 133
NIST Cybersecurity Framework (NIST Payment Card Industry Data Security profitability 42
CSF) 413–14 Standard (PCI DSS) 413 programmed decision-making 327
NLP see natural language processing payment gateways 88 programming tools and languages
nominal data 253 payment service provider (PSP) 88 291
non-investment-based crowdfunding payments 44–5 project mandate 416
133–4 payments ecosystem 32–4 proof of concept (POC) for RPA 190
normalising and rescaling data 298 payments systems 28 proof of stake 103–4
not-for-profits PayPal 8, 88, 93–4, 437 proof of work 103
RPA in 185–6 peer-to-peer (P2P) payments 8 property-based crowdfunding
Notifiable Data Breach (NDB) Scheme peer-to-peer invoice finance 129 132–3
429 peer-to-peer (P2P) lending 45–6, protect assets 374
127–8 provoked data 274
objective probability 254 vs balance sheet lending 128–9 public blockchain 105
observational study 323 permissioned blockchains 105 public permissioned blockchain 105
onboarding 159–60, 451, 456–7 permissioned ledger 101
ongoing evaluation and improvement permissionless blockchains 105 qualitative analysis 317
55 permissionless ledgers 101 qualitative data 252–3
observe-orient-decide-act (OODA) loop personal data 427 quality 58
326 personalisation 97–8 quality of work 31–2
opacity of AI systems 231 PESTLE (political, economic, social, quantitative analysis 317
open accounting 48 technological, legal and quantitative data 252–3
open banking 16, 40, 144, 274–5, 439, environmental) 379–80 quick response (QR) code payments
448 physical assets 418–19 92, 93
open marketplaces 16 placement 309 quick wins — efficiency 190

INDEX 509
 “BMIndex_PrintPDF” — 2021/9/15 — 13:30 — page 510 — #8

random experiments 322 ISO 27005 377 scatter plot 345, 346
RateSetter 45 ISO 31000 377 SDLC see systems development life
ratio data 253 minimise adverse impacts 374 cycle
raw values 335–6 objectives 374 search engine data 272
read 247 risk evaluation and risk treatment Second Life 82
readiness to adopt 195 384–9 security awareness trainers 398
real estate crowdfunding 132 risk identification 382 security controls 418
real-time monitoring 300 risk monitoring and action categories of 419
recognisability 75 389–91 information assets 419
recommendation engines 165 risk profiles 378–81 physical assets 418–19
regression 302, 304 responsibilities 376 statement of applicability 419–21
RegTech see regulatory technology risk governance 373–4 types of controls 419
regulatory compliance 180 value chain 375 security token offering (STO) 137–8
regulatory framework 143–4 risk monitoring and action semi-structured data 158, 252
regulatory response 448–50 audit 390 semi-supervised learning 303
regulatory risk 122 control validation 390 Senate Select Committee 457
regulatory sandboxes 144 ISO 31000 monitoring 390 senior management 396–7
regulatory technology (RegTech) key risk indicators 390 sensitive data 427
143–4, 454 risk triggers 390–1 service innovations 13
ASIC perspective 458 risk owners 376 singularity and superintelligence
Association membership 462–3 risk profiles 232
benefits of 455–6 analysis for 379–81 skills 201
future 461–4 information assets 379 smart contract technology
industry barriers to implementation risk levels 381 advantages and limitations of 110
458 risk rating 384 distributed applications 107–8
matching 456–7 risk register 382 ethereum 107
mitigate non-compliant marketing risk risk retention 385 oracle 108
461–4 risk tolerance 400 vs conventional contract 108–9
RAAS 460 risk treatment 385 smart contracts 107
Senate Select Committee 457 risk triggers 390–1 smart devices 143
strategies for 459 robo-advice 49, 214 smart regulation and compliance
top-down implementation 457–8 robo-advisors 9, 49, 214 143–4
trust and regulation 460–1 robotic process automation (RPA) SMART strategy board 267
remittances 111 159, 171 SME finance 46–7
representative currency 78 balanced scorecard 177–9 invoice financing 46
Reserve Bank of Australia (RBA) 444 basics of 171–6 product crowdfunding and
resources 272 benefits 176–86 crowdfunded equity 46–7
retail industry 118 building an effective strategy 188–92 Snowball Effect 47
retail payment systems 86–8 in business 182–6 social media data 272, 289
reward-based crowdfunding 133–4 business processes 184–5 social networks 10, 15
RFID (radio-frequency identification) industries 185–6 soft skills 61
sensors 271 business process management 172–3 software ecosystems 20–1
risk and organisational strategy 374 capability — effectiveness 191–2 specificity 324
risk analysis categories 173 speech-to-text and text-to-speech
impact 383–4 characteristics 171 conversion 164
likelihood 383 creating business case for 177–9 spreadsheet correlation function 320–1
risk rating 384 developing a solution 189 stability 75
risk appetite 375, 400 experimenting with 189 stablecoin 96, 116–17
risk appetite statement 400 in finance function 179–82 stage weighted vs individual weighted
risk communication management 399 implementation 190–2 probabilities 260–1
risk criteria 383 maturity model 190 stakeholder involvement 289
risk evaluation 384–9 risks and challenges for using 186–7 standard journal entries 180
business continuity plans 388–9 data security 186 standard of deferred payment 75
disaster recovery plans 388–9 employee morale 187 statement of applicability (SOA)
reducing risk 385–6 process selection 187 419–21
treat risk, controls 386–8 system change 187 statistical inference 287
risk governance 373–4 technical issues 186–7 statistical methods 291
good governance 393 success factors 188–9 statistics 252
risk identification unattended, attended and stock market data, finance 270
causes, impacts and controls 382 hybrid 172 store of value 75
identify risk 382 vs traditional automation 174 storytelling 333–4
risk register 382 RPA see robotic process automation strategic dashboards 352
risk management 227, 373 strategic management 52
best practice 377 sales and inventory reconciliation environments and goals 52
framework and process 375 181–2 processes 52
function 376 sales optimisation 161 strength of association 324
future innovation 391–2 sales order processing 184 strong AI 196
ISO 27001 377 scarcity 76 structure innovations 12

510 INDEX
 “BMIndex_PrintPDF” — 2021/9/15 — 13:30 — page 511 — #9

structured data 158, 252 customer engagement 14 unattended RPA 172

subjective probability 254 network 12 unconditional probability 254
sufficient energy 29 process 12–13 undersampling 311–12
supervised learning 206–8, 302–4 product performance 13 unidirectional virtual currency 81
techniques 303–4 product system 13 unified payments interface (UPI) 91
supply chain data 271 profit model 12 unknown patterns 300
supply chain management 183 service 13 unstructured data 158, 252, 300
support vector machines (SVM) structure 12 unsupervised learning 206–8, 303–4
306–8 terms of likelihood 256–8 techniques 304–6
suspicious transactions 311 ThinCats 45 upskilling vs external recruitment 251
SVM see support vector machines time to market 58 use cases 195
system availability 379 to-be enterprise model 54 user-generated data 274–6
system change 187 tokenisation 108
system compatibility, enhancing 180
tokens 115–6 value creation using automation 226–7
systems development life cycle (SDLC)
total probability 254–5 value drivers 57–8
279, 280
trade finance 111–12 value of technology 234–7
systems owners 397–8
traditional currency 76–8 virtual currency 78, 80–3
traditional service providers 11 advantages and disadvantages 80
tactical dashboard 352–3 traffic flow 163 closed 80–1
technical issues, RPA 186–7 convertible (bidirectional) 81–3
training employees vs external
technological evolution 2–4 unidirectional 81
recruitment 251
creating future-ready finance vision statement 268
transaction data 273–4
function 4 visual display 335–47
transaction data, finance 270
Network Age 2
transactional benefits, of cryptocurrency comparing magnitudes 336–42
transformation of accounting and
121 displaying raw values 335–6
finance 3
transfer 385 highlighting correlation or
technology 11
transformation of accounting and relationships 345
choosing best 221–2
finance 3 showing changes over time 342–5
impact on banking/financial markets
transient advantage 5 visualising more than two variables
14–18
transition 55 345–7
changing landscape 15–16
transition stage — evolution 190 visual tasks 163–4
new model of innovation 16
transition stage — maturity 191 visualisation 289, 290, 330–2
open banking and open
transition to strategic roles 233 visualisation skills 291
marketplaces 16–18
transparency 426 visualisation tools 350–1
selection 221–2
transparent AI 302 vocal biomarkers 165
value of 221, 234–7
telecommunications 185 treat risk, controls 386–8
Telstra’s chatbot 211 control effectiveness ratings weak AI 195
temporality 324 388 wealth management 43–4
Ten Types of Innovation framework hierarchy of 387 WeChat Pay 94
11–14 key controls 387–8 WhatsApp 94
brand 13–14 TruePillars 45 Wirecard 399–400, 443
channel 13 trust 146 wisdom 244, 316

INDEX 511