Issue 003: The Mangrove Newsletter
News & Expert Views, Reports, Insights, Thoughts, and Perspectives on Global Resilience and Business Continuity.
Welcome to Issue 003 of the Mangrove Newsletter! We hope you enjoy reading this as much as we enjoyed putting it together for you.
1. Resilience Updates (What we are reading):
Regulation:Â
APAC:
Australia: The Australian Prudential Regulation Authority (APRA) issued several prudential standards on operational resilience, encompassing business continuity, cyber security, and technology outsourcing.
The APRA is currently consulting on revisions to its framework, emphasising scenario testing and self-assessment practices (CPS230).
ASIC has developed the CONSULTATION PAPER 314 Market integrity rules for technological and operational resilience.Â
Singapore: The Monetary Authority of Singapore (MAS) incorporated the BCBS principles into its supervisory framework.
These guidelines address business continuity, technology governance, incident management, and outsourcing arrangements.
Hong Kong: The Hong Kong Monetary Authority (HKMA) adopted the BCBS principles and issued its "Guidance on Operational Resilience for Authorized Institutions."
The HKMA focuses on business continuity management, cyber security, outsourcing, and incident response.
Japan: The Financial Services Agency (FSA) is developing its operational resilience framework, emphasising cyber security and business continuity planning.
Other APAC countries:
Countries like Malaysia, Thailand, the Philippines, India, and New Zealand are also actively considering or developing operational resilience regulations, often drawing inspiration from the BCBS principles and adapting them to their specific contexts.
APAC Regional Initiatives:
Asian Development Bank (ADB): The ADB launched the "Operational Resilience for Financial Institutions in Asia" initiative, providing technical assistance and guidance to APAC countries in developing their frameworks.
Financial Stability Board (FSB): The FSB published its "Good Practices for Outsourcing in Financial Services" and "Third-Party Risk Management Toolkit," providing valuable resources for APAC regulators and firms.
Resilience Spotlight:
James Balzer - Resilience Thinking
Catch our latest issue of Resilience Spotlight featuring sustainable development practitioner James Balzer! James shares valuable insights on resilience, his experience in the field, and his current work in sustainable development and resilience thinking. Dive into James’ thoughts here:
Resilience Spotlight: James Balzer — Resilience Thinking
Sustainable development practitioner James Balzer shares insights on resilience, his experience in the field and his current pursuits around sustainability and resilience thinking! 1. Overview of who I am I am currently a public servant exploring ways to enable a low-carbon, low-waste infrastructure sector across the Australian state of New South Wales. …
Resilience Failures:
In Australia, MacDonald’s recently had an outage that caused widespread problems. Unsure of the cause, technology systems were shut down, and staff were forced to rely on manual methods to take orders and payments. The food giant quickly realised that this was not a localised issue. It was global, affecting Japan, the United Kingdom, etc
Here's a breakdown of what happened:
Date: Friday, March 15, 2024 (around 4 pm AEDT)
Cause: A configuration change by a third-party provider, not a cyberattack.
Impact: Disrupted ordering systems and EFTPOS machines in many Australian McDonald's restaurants. Similar issues occurred in Japan, China, the United Kingdom, and other parts of the world.
Resolution: Thankfully, McDonald's identified the cause and resolved the issue. All Australian restaurants were back online the following morning.
This McDonald's IT outage caused by a third-party configuration change highlights some key operational resilience challenges:
Concentration risk: The outage exposes McDonald's dependence on a single third-party provider for a critical service. This creates a single point of failure, meaning any issue with that provider can significantly disrupt operations. Exactly like we saw globally.
Limited Manual Processes: While McDonald's staff were able to adapt by taking orders manually, it clearly highlights limitations in their ability to function effectively during an outage, as many stores had to cease operations without technology enablement. This could be due to a lack of training on manual processes or limitations in manual systems themselves.
Inventory Management:Â Disruptions to ordering systems might have impacted real-time inventory visibility. This could lead to situations where staff are unaware of stock shortages, potentially frustrating customers and leading to lost sales.
Here are some ways McDonald's could improve their operational resilience:
Implementing redundant systems and backups can help mitigate the impact of outages caused by third-party issues. Something as simple as supplier diversification could have changed the scale and impacts significantly.Â
Investing in training staff on robust manual ordering and payment processing procedures can minimise disruption during outages.
Exploring real-time inventory tracking systems, even for use during outages, can help maintain operational efficiency.
Developing clear communication protocols for outage situations can ensure staff and customers are kept informed, and disruptions are minimised.
Resilience Successes:
Mynt (formerly Globe Fintech Innovations) - A leading Philippine digital payments company. Who faced increasing challenges in managing explosive growth in cashless transactions during the COVID-19 pandemic. The rapid shift to online payments placed a huge strain on Mynt's existing infrastructure.
To adapt to this rapid growth, Mynt prioritised scalability. They invested in cloud-based infrastructure that could elastically adapt to meet fluctuating demand. This allowed them to handle the surge in transactions without compromising service quality.
The scalable infrastructure ensured Mynt's systems could withstand the increased load, preventing outages and disruptions during a critical time. By maintaining smooth operations, Mynt continued to deliver a seamless payment experience for its growing customer base. Mynt's scalable infrastructure allowed them to capitalise on the increased adoption of cashless transactions. They were able to expand their services and acquire new customers during a period of significant economic change.
Prioritising scalability can be a key driver of operational resilience. By adopting a flexible and adaptable infrastructure, companies can effectively manage disruptions, maintain customer satisfaction, and seize growth opportunities.
2. Case Study
The Resilience Revolution: Securing Payments in a Distributed World
The way we pay is evolving rapidly. We've gone from swiping cards in stores to the ease of online shopping, and now, marketplaces and social shopping, all of which are fragmenting the payments landscape. This shift towards distributed channels offers benefits like convenience, competition, and potentially lower fees, but it also introduces new challenges, especially when it comes to resilience.
Traditionally, banks, acquirers, and Payment Service Providers (PSPs) shouldered the responsibility for secure payments. In a brick-and-mortar world, resilience focuses on maintaining in-store infrastructure, secure connections, and backup power. Today, with payments happening across websites, apps, and social platforms, the picture is far more complex.
Metrics for the New Landscape:
System uptime isn't just about open stores anymore. It's about ensuring websites and apps are constantly operational, APIs function flawlessly, and data is always secure. Key metrics now include:
System Uptime: This measures the platform's ability to stay operational and process payments consistently. Downtime can lead to lost sales and customer frustration.
Fraud Prevention and Detection Rate: Robust fraud detection and prevention systems are crucial to protect merchants and consumers from financial losses. Metrics like fraud detection rate and chargeback ratio can be used here.
Data Security: Safeguarding sensitive financial information is paramount. Metrics like Mean Time to Detect (MTTD) and Mean Time to Recover (MTTR) from security breaches are important.
Scalability: The platform should be able to handle fluctuations in transaction volume without compromising performance. Metrics like transactions per second (TPS) can help assess this.
Recovery Time Objective (RTO) and Recovery Point Objective (RPO): These metrics define the acceptable timeframe to restore functionality and data loss tolerance in case of disruptions.
Shared Responsibility:
Resilience is no longer a one-man show. With marketplaces, payment processors, and social platforms involved, collaboration and clear communication are paramount.Â
A Wider Attack Surface:
The convenience of distributed channels comes at a cost – a wider attack surface for cybercriminals. Resilience strategies need to be comprehensive, accounting for vulnerabilities across the entire ecosystem.
The Regulatory Maze:
Operating globally adds another layer of complexity. Financial compliance, data privacy and security regulations differ by region. Resilience needs to adapt to comply with diverse regulatory landscapes.
Shifting Power Dynamics and Potential Harm:
The transition from in-store to e-commerce, marketplaces, and social shopping significantly impacts how we view resilience:
In-store: Here, physical infrastructure plays a major role. Resilience focuses on maintaining store operations, secure connections, and backup power systems.
Distributed Channels: Resilience now encompasses a broader landscape. It includes website/app uptime, secure cloud infrastructure, and robust APIs for seamless integration with marketplaces and social platforms.
The move away from traditional payment monopolies has a double-edged sword effect:
Reduced Harm: Increased competition can lead to lower fees for merchants and potentially lower prices for consumers. It can also foster innovation in payment methods and fraud prevention.
Potential Harm: Fragmented systems can make it harder to maintain consistent security standards, raising concerns about data privacy and leaving consumers exposed to new risks associated with emerging technologies like cryptocurrencies and social commerce.
This platform shift alters traditional views on resilience in a few ways:
Complexity: Distributed channels involve multiple players – marketplaces, payment processors, and social platforms. Ensuring resilience requires collaboration and robust communication between all parties.
Attack Surface: With more entry points, the platform becomes more vulnerable to cyberattacks. Resilience strategies need to account for these expanded vulnerabilities.
Regulatory Compliance: Regulations around data privacy and security become more diverse with global operations. Resilience needs to adapt to comply with various regional regulations.
The distributed payments landscape is here to stay. To thrive, we need a revolution in resilience. By focusing on robust metrics, fostering collaboration, and continuously adapting to evolving threats and regulations, we can ensure a secure and frictionless payment experience for everyone involved – merchants, consumers, and the entire payments ecosystem.
3. What We’re Working On
We are launching White Space - we want to educate everyone on resilience for startups and SMBs. We want resilience to be in the tool belt of every entrepreneur and venture capitalist. Why? Building businesses that last should be the new normal everywhere.
Are you curious about sentiment analysis and how it can contribute to building business resilience? We have something for you!
What’s sentiment analysis?
Sentiment analysis is a powerful technique that involves analysing text data to determine the sentiment or emotional tone expressed within it. By using natural language processing and machine learning algorithms, sentiment analysis can identify whether a piece of text conveys positive, negative, or neutral sentiment.
How can it help build resilience?
By analysing sentiments expressed in customer reviews, social media posts, world news and other forms of communication, businesses can identify potential risks and detect early warning signs. This empowers them to proactively address issues, make informed decisions, and adapt their strategies to changing market conditions.
How Mangrove powers resilience with sentiment analysis
Our solution analyses online data and market sentiments to inform the impacts of your critical breakpoints, gaps, and vulnerabilities in the regional products and services you offer. By gaining a deep understanding of consumer and market sentiment, businesses can make data-driven decisions, enhance their offerings, and build long-term resilience.
With Mangrove, you can:
✅ Gain real-time insights into changing sentiment across your operating geographies.
✅ Address potential risks and issues promptly in response to the evolving environment.
✅ Adapt your business strategies to meet market demands.
✅ Have market clarity when launching a new product or service.
✅ Make informed decisions based on comprehensive sentiment analysis.
Embrace sentiment analysis and leverage the power of data to build a resilient and successful future with Mangrove! Feel free to reach out to us.
4. Work with Us
Global business, SMB, or a Startup? We understand that technology is essential for modern businesses, and we've built replicable processes for businesses that guarantee long-term scalability and sustainability.
Let’s work with you to build better and scale faster. Schedule a Demo with us here. We can’t wait to connect.