4 ★ FINANCIAL TIMES Monday23 March 2020Risk ManagementFinancial Institutions
When Barclays took a controlling stake
in its African venture in 2005, the British
lender saw a bright future for banking on
the continent. Twelve years later, “Bar-
clays Africa” was no more, as the bank
slashed its holdings and wound down a
near century-long presence in Africa.
As part of the divorce, Barclayspaid
almost $1bn o its African partner tot
cover costs related to the separation.
The attraction of frontier markets
such as fast-growing African economies
is clear. “These are often young, growing
populations; countries where incomes
are rising. Nigeria’s population is set to
overtake the US by 2050,” says Gavin
Serkin, author ofFrontier: Exploring the
Top Ten Emerging Markets of Tomorrow.
The return on equity — a key measure
of financial performance — for banks in
Latin America was more than 20 per
cent in 2017, compared with 6 per cent in
developed markets, according to McKin-
sey, the consultancy. Banks in Africa, the
Middle East and emerging Asian econo-
mies posted return on equity f about 15o
per cent in the same year.
“Given slowing economies in Europe
and low and decreasing interest rates in
Europe and the US, markets [such as
these] have a much higher yield,” says
Olivier Panis, senior credit officer at
Moody’s Investors Service.
Nonetheless Barclays, along with
peers in Europe and the US, chose to
retrench to its main markets after judg-
ing that frontier markets — for all their
promise — were not worth the costs.
The pullback accelerated in the years
after he financial crisis of 2008, ast
tighter regulation made breaking
ground in new markets more arduous.
“In frontier markets, large multina-
tional banks have not, as a general rule,
been very successful,” says Peter Leger,
head of the global frontier markets team
at Coronation Fund Managers, a South
African investment group. “That goes
back to the global financial crisis and
some of the changes that happened in
terms of how you managed capital,
which disadvantaged big global banks.”
Regulations introduced after the cri-
sis oblige banks to keep more capital onlocal balance sheets to cover all their
assets in a country, even if they are only
partners in a joint venture.
“In Kenya, Barclays had to carry 100
per cent of capital, for 60 per cent own-
ership. They were giving away a lot of
the upside to the risk,” says Mr Leger.
Forced to carry more capital, with
margins cut by low interest in developed
economies, “banks significantly reduced
their balance sheet exposure... shed-
ding businesses away from their home
markets,” says Ronit Ghose, global head
of banks research at Citigroup.
The retreat was hastened by high-
profile candals that laid bare the risks.s
They includethe “tuna bonds” scandal
that continues to embroil Credit Suisse.
With Russian lender VTB, it helped
arrange about $2bn in loans to Mozam-
bique’s government in 2013 and 2014,
earmarked for maritime security and
investment in a state fishery.
US prosecutors say $200m was looted
from the loans, and the security projects
failed, triggering a financial crisis in one
of the world’s poorest countries. Three
ex-Credit Suisse bankers pleaded guilty
to US charges of handling kickbacks on
the loans. The bank claims it was not
responsible for the actions of its former
employees, who could face years in jail.
“[Frontier markets] are countries
where you do need to be careful of issuesaround transparency, corruption or
government incentives,” says Mr Serkin.
“The situation around that bond — the
tuna fishing fleet, the multiple billions
being borrowed — it always looked like a
farfetched scenario.”
“In [frontier markets], the oversight
and accountability on institutions are
extremely weak, and without any
engagement from citizens monitoring
governance, banks have been facilitating
the flow of illicit resources from Mozam-
bique and other countries,” says Denise
Namburete of the Mozambique Budget
Monitoring Forum. Foreign aid to
Mozambique dried up, hitting funding
for health, education and social care.
One bank that has been successful in
Africa is Société Générale. The French
lender has a presence in 19 countries,
giving it “significant scale to absorb the
volatility in asset risks that are typical in
frontier markets”, says Mr Panis. Com-
petition now is stiffer than when SocGen
built its presence. US and European
institutions dominated a retail banking
landscape of branches and cards, but
local competitors have pulled ahead in a
number of areas, says Mr Ghose.
In Africa, the likes of Barclays are not
just competing with other banks, but
with mobile-phone banking services
such as M-Pesa, with 37m active cust-
omers, according to Vodafone, which
established the service in 2007. In Asia,
homegrown fintechssuch asGrab and
Go-Jek ffer a suite of services — fromo
food delivery to payments and business
loans — on a single “super-app”.
As a result, today’s frontier markets
look harder to reach and better
defended than when SocGen first
opened a branch in Africa, back in 1911.High risk and high scandal prompt
banks to cut back frontier exploration
Frontier Markets
Tighter regulation and local
competition make breaking
ground more challenging,
writesGeorge Hammond‘You need to be careful
around transparency,corruption and
government incentives’Scandal: Maputo in Mozambique, scene of the ‘tuna bonds’ scandal —ReutersO
n December 31 last year,
just as people put the fin-
ishing touches to their
New Year’s eve celebra-
tions, a group of hackers
was poised to set off its own kind of fire-
works.
The hackershad targetedTravelex, a
UK-based currency exchange business,
with a ransomware attack. They
demanded payment to stop them pub-
lishing customer data.
The attack had adevastating impact.
Some of the company’s core systems
were down for weeks, affecting not just
its own business but also other compa-
nies, including J Sainsbury, the super-
market, andVirgin Money, which use
Travelex’s foreign exchange services.
Travelex will not say whether it paid a
ransom, but in a statement in March its
parent company,Finablr, said that the
combination of the ransomware attack
and coronavirus wouldwipe £25m ffo
its first-quarter earnings.
The type of ransomware used to tar-
get Travelex wasSodinokibi, which has
become increasingly prominent in
recent months. But ransomware
attacks of all kinds are becoming more
common.
“Over the past two years ransomware
has become far and away the most fre-
quent attack that bad actors are initiat-
ing,” says Rob Rosenzweig, cyber prac-
tice leader at insurance broker Risk
Strategies.
The reason, he adds, is that the theft of
personal data — which has long been the
main target — is nowless lucrative
because lots is already available to buy
as so many companies have already
been hacked. The hackers have sought
new ways to make money.
Ransomware is an easy choice. Some
versions can be bought off the shelf on
the dark web. It can then be used to
encrypt the target company’s data. Thetarget receivesa demand to pay a ran-
som, usually in bitcoin. If the ransom is
paid, the hackers promise to senda
decryption key to pen up the systemso
again and allow the company to get back
to normal.
Mr Rosenzweig says the cost of
restoring and re-creating the data tends
to be significantly higher than the
extortion demand.
“Attackers feel emboldened — the
demands are going up and the fre-
quency of attacks is going up,” says
Oliver Brew, head of client services at
CyberCube,which analyses cyber risks.
“There are more types of ransomware
available, which has led to a shift in tar-
gets from small businesses to large
enterprises. In the hacking communitythis has become known as ‘big game
hunting’.”
Travelex is not the only financial
institution to be targeted. A number of
banks in South Africa were hit by hack-
ers in October last year with awave of
ransom-driven attacks.
“We’ve seen financial institutions
being targeted more frequently,” says
Mr Brew. “They are perceived to have
deep pockets so there is a more brazen
approach to the size of the ransoms that
are being asked for.”
Sarah Stephens, head of cyber, inter-
national, at insurance broker Marsh
JLT Specialty, says that ransom
demands across the board are rising.
“A few years ago, we rarely saw
demands of more than a few hundredthousand pounds. Now we’re seeing
demands up to £10m,” she says.
But hackers targeting financial insti-
tutions are not necessarily in for an easy
ride. “On the whole, financial institu-
tions are more mature in being able to
detect an attack early and being able to
remediate it without paying a ransom,”
says Ms Stephens.
She adds that the industry is also wary
of the potential that paying a ransom
could be seen as funding terrorist organ-
isations. “Financial institutions are
more likely to tell us that they would not
pay a ransom because there would be
scrutiny from regulators. If they paid a
ransom, there would be more reputa-
tional risk for them.”
For financial institutions that do sufferattacks, there are ways to mitigate the
impact regardless of whethera ransom
is paid. Cyber insurancemaycover the
cost of the ransom and can also provide
other services, such as investigating the
causes and consequences of the attack
and dealing with the practical issues
around how the ransom is paid.
There have been some concerns in the
insurance world that the availability of
cover is itself fuelling ransom attacks, as
the criminals know that money is there
to pay their demands.
Ms Stephens maintains that this is not
the case. “The availability of kidnap and
ransom insurance has not fuelled a
worldwide increase in kidnappings,” she
says. “The existence of cyber insurance
means that firms that have bought it are
likely to have the defences in place to
stop an attack if it does happen.”
Cyber insurance is not the only
defence against ransomware attacks. It“
is becoming increasingly important to
focus on employee training,” says Mr
Rosenzweig. “In the vast majority of
attacks, the point of entry is an
employee mistake.”
Keeping reliable back-up data is also
important, he adds. “Two or three years
ago, most companies were thinking
about backups in the cloud. But you
want backups that aren’t connected to
the internet. It’s something I have seen
help companies that we are working
with.”Hackers target ‘big game’ in ransomware attacks
Cyber security
Malware purchased on
the dark web is being
used to demand
increasingly large sums,
saysOliver Ralph
Devastating:
some core
Travelex
systems were
down for weeks
ReutersTheft of
personaldata is less
lucrativebecause lots
is availableto buy from
previoushacking
attacksBig hit: Sarah Stephens at Marsh JLT
Specialty says ransoms reach £10mMARCH 23 2020 Section:Reports Time: 3/202019/ - 17:17 User:jerry.andrews Page Name:RMX4, Part,Page,Edition:RMX, 4, 1