Filters

 

While cybersecurity and risks related to cybercrime have been growing priorities for financial institutions (FIs) for over two decades, the COVID-19 crisis has abruptly “changed the game”, forcing FIs to change practices abruptly and adapt to new ways of operating and communicating.

Most FIs have been on a digital journey for some years now with the goal of improving efficiency and leveraging technology to provide better financial services to clients. However, with the COVID-19 pandemic and related containment efforts, the digital agendas of many institutions have been unexpectedly accelerated or reengineered in a time of emergency. Movement away from physical branches and towards more mobile services and digital communication have become a necessity, and these changes in strategy have and will continue to trigger exposure to risks and the implementation of new practices at different levels of FIs.

This new reality is taking hold and impacting all individuals who have to adhere to home confinement and social distancing guidelines amidst the pandemic. Employees have had to shift to remote working arrangements without sufficient preparation or training in understanding and knowing the limitations of and changes required for this new way of working. As new digital channels for clients are utilised during the emergency to access FI services, new threats have emerged and new practices need to be established. For the institutions themselves, the initiation of changes on the structural level are required to ensure that new threats posed by new working models do not come at the cost of security.

Cyber-criminals’ arsenal

Cross-site-scripting attacks, are exploits in which the attacker attaches code onto a legitimate website that will execute when the victim loads the website. For financial institutions, this can be a significant risk if an institution ends up being responsible (or at least perceived as responsible) for infecting their own clients.

Distributed Denial of Service (DDOS) is a malicious attempt to interrupt the normal traffic of a targeted server, service or network by overwhelming it or its surrounding infrastructure with a flood of internet traffic.

Phishing is sending emails through a fake website supposedly from a trusted institution to gather personal identifiable information such as passwords, bank account details, social security numbers, or to infect the computer of the target.  Some phishing approaches are specifically targeted to FI employees, with the idea of getting them to open an attachment or to click on links which then redirect them to a fake website where they are encouraged to share personal identifiable information. Once a cyber-criminal gains access to an employee’s email account, (s)he will be able to:

  • Send emails on behalf of the employee
  • Gain access to customer financial information
  • Access critical company information

Ransomware attacks are caused by a type of malicious software or malware designed to deny access to a computer system or data until a ransom is paid. Such an attack on a financial institution can cause monetary damage.

Cyber threats are not new. However, amid the global COVID-19 pandemic, the increased number of people working from home and/or using digital channels for banking has created an ideal environment for cybercrime to thrive and for cybercriminals to use the weapons at their disposal in a more aggressive way.

Working from home and employee protection

The pandemic has triggered a sudden and rapid increase in employees working from home, as well as an urgent need to provide digital banking services to clients of financial institutions. While cyber threats are not new, amid the global pandemic, cybersecurity-related risks have significantly increased. In particular, the following are key cybersecurity-related challenges:

  1. Exposure to cybercrime for employees working from home
  2. Deployment of secured digital channels for banking service provision
  3. FI ability to detect and respond to cyber threats

While working in an office environment, employees usually adhere to company policies, which include certain controls regarding cybersecurity, such as rules on device set-up, firewall protection, internal network access controls, regular anti-virus updates etc. However, by working from home, employees are working away from the secured office environment, and, therefore, often operate from less secured Wi-Fi networks and from devices that are not set up according to the company’s policy controls. This makes employees more vulnerable to cyber-attacks. Employees working from home are most likely faced with phishing and social engineering attacks. Normally when an employee requires remote access, appropriate training and secured devices are provided. However, with the unexpected and increased demand for remote access to enable employees to work from home, it is possible that adequate protection has not been applied to remote access.

Remote Access to Software

 Financial institutions should consider all remote access as medium to high risk and adhere to the following approaches for secure remote access:

  • Multi-factor authentication for all remote user access, as passwords alone can be easily compromised.

The new standard: multi-factor authentication

Multi-factor authentication is one of the most effective controls you can implement to prevent unauthorized access to computers, applications and online services. Using multiple layers of authentication makes it much harder to access your systems.

Criminals might manage to steal one type of proof of identity (for example, your PIN) but it is very difficult to steal the correct combination of several proofs for any given account.

Multi-factor authentication can use a combination of:

  • Something the user knows (a passphrase, PIN or an answer to a secret question)
  • Something the user physically possesses (such as a card, token or security key)

Something the user inherently possesses (such as a fingerprint or retina pattern)

Within the past 5 years multi factor authentication has gone from a high level security measure to the gold standard in regards of security for online actors.

  • Strong password policies should be in place. A password policy that requires at least a minimum of 6 digits, with a random combination of characters, numbers and lower and upper case letters is stronger.
  • Corporate virtual private networks (VPNs) should be employed instead of utilising remote desktop protocols (RDP) over the internet. Limited and secure access by VPNs can significantly reduce the attack surface if any.
  • The private computers of employees not provided by the FI should be connected adhering to the FI’s policy regarding anti-virus software and anti-spy solutions, as well as subject to the application of certain security settings in web browsers.

What makes an antivirus solution “good”
  1. High detection rate of viruses and other malicious software:
    • Zero-day attacks (viruses taking advantage of security flaws before they are patched)
    • Malware, spyware and viruses
    • Trojans and worms
    • Phishing scams, including those sent via email
  1. Fast scanning engine, allowing users to clean their computers in short amount of time
  2. Has minimal impact on computer performance
  3. Simple to use user interface

Antivirus suites take the hard work off your hands by offering automatic security against a host of threats

  • Secure home Wi-Fi connections should use a stringent security protocol (e.g., WPA2) and change the default user names and passwords on home networking equipment, such as Wi-Fi routers.

Good Practices for virtual meetings

 Remote working has increased reliance on video and audio-conferencing applications, but these tools are increasingly targeted by cybercriminals.  Financial institutions should configure these tools to limit unauthorised access, and to make sure that employees are given guidance on how to use them securely. Financial institutions should establish corporate policies for virtual meeting security and educate staff on following them, as they leverage the technology for meetings with colleagues and clients.

  • All meetings must require an access code or password
  • Do not share meeting IDs on social media unless meeting is intended to be open to the public
  • Limit the reuse of access codes to prevent uninvited eavesdroppers, as codes might have been shared with former employees or past clients 
  • For sensitive topics, use one-time PINs or meeting IDs, and consider multi-factor authentication for joining the meeting
  • Use a waiting room for participants who log in before a meeting starts, and only allow the host to start a meeting
  • Use a tune when attendees log in and ask new attendees to identify themselves
  • If available, use a dashboard to monitor attendees, and identify all generic attendees
  • Do not record the meeting unless it is necessary 
  • If it is a web meeting (with video), remind participants not to share sensitive information

Measures for data loss prevention

 Employees may be using unauthorized personal accounts and applications, such as email accounts, and other unauthorized applications. FIs should remind employees regarding the following:

  • Avoid sending email correspondence from corporate mail accounts to private mail accounts
  • Use only company-approved USB devices on computers used for work
  • Designate how and where sensitive information should be stored, using either external media, the institution’s centralised file server or a cloud-based service
  • Make regular daily backup copies of all valuable information residing on your device. Data backups are crucial to minimise the impact if that data is lost, corrupted, infected, or stolen
  • Ask employees to keep work devices for professional use only and lock their devices when they step away from them. An innocent activity on a work computer could lead to a breach

Reaching clients through digital channels

Digital channels and products have become critical channels for FIs to interact with, engage with, and offer banking services to their clients as the entire sector steers through the uncertainty arising from the pandemic. There has been a spike in the deployment of digital products and channels by financial institutions mainly on the following technologies and platforms below:

  • Mobile apps
  • Chatbots
  • Internet banking

These channels are open and available to the public, allowing anyone to download them. Once registered for a service, a user can immediately use the service for interactions or transactions. These digital banking channels provide convenience and control to the client, but, at the same time, FIs need to guard against having vulnerabilities in such public-facing systems that could be used in orchestrating a cyber-attack.

The urgency of deploying a mobile app should not be a trade-off for fitting security. Each of the above digital channels comes with their own characteristics as described below and requires specific security considerations.

Mobile apps

 Mobile banking apps are a preferred digital channel of choice for many due to the proliferation of mobile devices. Mobile apps allow customers to carry out most banking activities without requiring a visit to a branch, including checking account balances, transferring funds, paying bills, viewing statements, managing cards directly and reaching out to customer support. Over the years and pre-COVID-19, the number of users who transact on mobile apps has been growing at a phenomenal rate, surpassing the number who are transacting at branches in many countries. Amidst the COVID-19 pandemic, mobile apps have experienced a further surge in usage.

With an increase in popularity, comes increased cyber risk. There are three areas within the mobile technology chain where attackers may exploit vulnerabilities to launch a malicious attack, namely: the device, network and the data centre. Device-based attacks target the mobile device itself, exploiting a vulnerability on the device to orchestrate a cyber-attack. For example, an attack can be initiated through phishing or a drive by download, where a visit to a website triggers a download of a malicious code without the knowledge of the user. Network-based attacks, on the other hand, exploit the vulnerabilities on the network through which the mobile device is connected. For example, applications on the mobile device with no encryption for data exchange, when used on an unsecured Wi-Fi network, run the risk of data being intercepted by an attacker eavesdropping on the Wi-Fi network. Data centre attacks target web servers and databases, with the attacker exploiting vulnerabilities in operating systems or applications modules running on the web server.

Chatbots

 Chatbots have been around for a while but are still new to many users. For FIs, chatbots are a highly beneficial technology for interacting daily with customers, with the capability of integrating with AI-powered technology for customer interactions. How this technology is used in the financial sector should be in line with the regulations of the sector, protecting customer information from third parties.

Financial institutions are now deploying chatbots on social media channels such as WhatsApp, Telegram, Viber and Facebook Messenger, with a range of banking services such as account balance checks, funds transfers, viewing mini statements, customer onboarding and the paying of bills.

Internet Banking

 Internet banking has been around and evolving for decades now. Internet banking offers customers an easy way to monitor their finances, allowing them to view payments, check account balances, update personal information and access other banking services online via a secured website. This easy access makes internet banking a common target for hackers and other cyber criminals. Understanding the security issues related to internet banking can help both FIs and clients to stay safe from intruders. The key in addressing vulnerabilities in internet banking is adhering to the guidelines for digital channels addressed in the table below.

Securing digital channels
  • Ensure user identity is verified before any information requested is provided. Two-way verification, either by SMS with a one-time password (OTP), or by authorisation of an email address, is one of the processes that can be implemented for user verification
  • Utilise a biometric authentication process to secure chatbots
  • Ensure communication between chatbots and users are encrypted end to end. WhatsApp, Telegram, and Facebook Messenger all have features that enable an end-to-end encryption of communication. Once the communication is encrypted, this prevents third party access unless physically present on the users' end
  • Chatbots can permanently delete conversations between them and users. Enable and set a time frame for the deletion of conversations containing sensitive data on the chatbot
  • Mobile banking apps should, at a minimum, be developed with the same security standard as any other software
  • The Open Web Application Security Project (OWASP) provides a comprehensive mobile security testing guide. The guideline can be downloaded from the link below. This should serve as a checklist for testing vulnerabilities in a mobile app and applying the needed recommendations: https://owasp.org/www-project-mobile-security-testing-guide/#
  • Use only official apps from app stores. Mobile apps from your app store are less likely to contain malware
  • Keep apps on your mobile phone updated. When a vulnerability is detected in an app, a patch is mostly sent for a fix in the form of an update by the vendor. Keeping your apps and phone software updated ensures maximum security

Adapting the organisation to the new challenges

In an era of increased usage of digital channels and technological transformation, as well as intensified usage of clouds and broader networking capabilities, the threat landscape continues to increase, and threat actors will try to simultaneously attack operational systems and backup capabilities in highly sophisticated ways, potentially leading to enterprise-wide destructive cyber-attacks.

FIs can improve their defense mechanisms and attack readiness by maintaining good cyber hygiene, setting up and maintaining a current incident response strategy, a response architecture and by implementing cyber recovery solutions to mitigate the impact of cyber-attacks.

Good cyber hygiene is a reference to the practices and steps that financial institutions and their employees take to maintain system health and improve online security. Regular implementation of a few key practices can dramatically improve the security of any system:

  • Provide employees with regular communication and awareness messages, including basic security knowledge:
    • Beware of phishing, especially COVID-19 scams and fraudulent COVID-19 websites
    • Know working from home “DOs & DON’Ts”
    • Ensure home Wi-Fi is secure
    • Always use VPN on public Wi-Fi
  • Create a shared channel called #phishing-attacks or an email address to which suspicious emails are forwarded
  • Identify critical financial workers in order to ensure undisrupted availability of services for customers
  • Review contingency plans to address the COVID-19 pandemic
  • Update your company’s Acceptable Use Policy to address working from home and the use of home computer assets
  • Identify functions that can only be undertaken in a secured environment at the office (i.e. not remotely)
  • Review and adapt disaster recovery plans to the current context
  • Provide protective technology on endpoints (hardening, anti-virus, endpoint detection and response, etc.)
  • Enforce software updates
  • Utilise a password manager or run password audits
  • Provide VPN access and disable split tunneling
  • Enable multi-factor authentication everywhere, especially on email accounts

Practical steps for a secure environment

The main solution for the reduction of threats is to make sure that there is a high degree of awareness among employees and, where possible, clients. Several tools can be used for this purpose:

Awareness seminars, where the subject is discussed among employees or clients, including sharing the experience of those who have been subject to an attack. These seminars should be aimed at refreshing employees' knowledge of minimum requirements regarding information security:

Email security, to ensure staff know how to keep their emails secure

  • Avoid opening emails, downloading attachments, or clicking on suspicious links sent from unknown or untrusted sources
  • Verify unexpected attachments or links from people you know by contacting them through another method of communication like a phone call or text message
  • Do not provide personal information to unknown sources like passwords, birthdates, and especially, social security numbers
  • Be especially cognizant of emails with poor design, grammar, or spelling as this can be a sign of a phishing attempt

Password protection

  • Enforce the use of strong passwords on all corporate user accounts
  • Avoid easy-to-guess words like names of pets, children, and spouses as well as common dates like birthdays

Web safety

  • Make sure that any websites that require the insertion of account credentials like usernames and passwords, along with those used to conduct financial transactions, are encrypted with a valid digital certificate to ensure your data is secure. Secure websites like these will typically have a green padlock located in the URL field and will begin with “https.”
  • While FIs employees are working remotely, ensure that they are not using public computers and/or logging into public Wi-Fi connections to log into accounts and access sensitive information
  • Sign out of accounts and shut down computers and mobile devices when not in use

Device maintenance 

  • Keep all hardware and software updated with the latest, patched version
  • Run company-approved antivirus or anti-malware applications on all devices and keep them updated with the latest version
  • Create multiple, redundant backups on daily basis of all critical and sensitive data and keep them stored off the network in the event of a ransomware infection or other destructive malware incident. This will allow you to recover lost files, if needed

Phishing simulations, which consist of sending phishing emails which redirect recipients to a page explaining the issue and what could have been the consequences if this would have been a genuine attack

Technology training, to be used when new technologies are implemented to ensure that procedures are well understood and that the limitations and dangers of using new technologies are clear for users

Information access and distribution. Centralising all communication materials that FI is going to use in crisis management into one place is a great way to make sure that the right information reaches the right employees at the right time. Employee communication platforms (intranets), as well as regular daily emails, can be used for the timely communication of all necessary information.

COVID-19, a catalyst for digital transformation

The COVID-19 crisis has brought about significant change in perceptions towards and the application of remote working and alternative channels in a short timeframe. The ripples of these changes will impact financial institutions for years to come and will influence the shape of a different world: a seamless world in which all channels are used by all types of clients for different purposes, a world in which financial services offered are the same whether you use your mobile or go to a branch. While the COVID-19 crisis did not create these technologies or approaches, the crisis has been a catalyst and an accelerant, creating both the opportunity and necessity for financial institutions to establish today the digital practices and procedures that will be required tomorrow.

In the context of the COVID-19 pandemic, the barriers that stood and stand in the way of development of women's entrepreneurship have aggravated and can harm the future of women's business even more.

Therefore, it is even more critical now to look at these barriers and find approaches and tools to mitigate the impact of the crisis on women and female business.

While assessing the past and looking into the future, numerous international institutions and think tanks argue that if women entrepreneurs played a more active role, huge benefits would be achieved in the global economy. Even before the crisis caused by restrictive measures to overcome COVID-19, an analysis by the Boston Consulting Group showed that if women and men participated equally as entrepreneurs, global GDP could rise by approximately 3% to 6%, boosting the global economy by $2.5 trillion to $5 trillion.[i] These are huge numbers! Now in a pandemic, the issue of economic growth goes by the wayside in many countries, while the issues of gender inequality have taken top lines on the agenda of many countries and economies.

Like most countries in the world, Central Asian countries have committed to support gender equality and women's economic empowerment.[ii] However, data analysis demonstrates that effective tools to expand economic opportunities for women have not been created so far: before the crisis, we could witness a sizeable gap in employment and renumeration, and limited financial inclusion of women in Central Asia, like in many other countries of the world.[iii]

Table 1 Women in labor force[iv]

 

Female population, % of total

Percent of females in labor force, %

Percent of firms with female top managers, %[v]

 Kazakhstan

51.5

48.4

26.0

 Kyrgyzstan

50.5

38.4

32.9

 Uzbekistan

50.1

40.8

12.4

 Tajikistan

49.6

37.3

6.6

 

Female population accounts for 50% of total on average in Central Asian countries, with Kazakhstan having the largest share of women in labor force (48.4%). The percentage of women in top management roles shows that employers still give preference to men. The figures clearly show that women on their career path face the so-called "glass ceiling" and remain in lower-level positions, which results in lower female involvement in decision-making and representation in senior positions. This trend is partly due to discriminatory attitudes and stereotypical perceptions of women as leaders, as well as to natural selection, when men “choose their own kind.” Here we see the problem of disparity in employment and promotion, resulting in a high female representation in the informal sector of the economy[vi].

Even in times of no crisis, female mobility, career advancement and entrepreneurial success are limited due to time constraints that women fact because of household chores, caring for children and elderly relatives, which inhibits their growth, self-development and business development.[vii]

The circumstances described above impede the development of women's entrepreneurship in Central Asia. And, as a result, when women start their own business, they mainly invest in specific enterprises, which often have lower profitability levels than men's enterprises.[viii] Given all of the above factors, it is not difficult to conclude that the level of financial inclusion of women in business, too, is lower than that of men.[ix]

 

The all-encompassing wave of COVID-19 has had a negative impact on both female and male businesses.

According to forecasts, as a result of the virus-containment measure, the global economy will decrease dramatically by 3% in 2020, which is much worse than during the 2008-2009 financial crisis.[x]

The current crisis has an unprecedental impact on enterprises of all types and sizes around the world, and the countries of Central Asia are no exception. Many firms were forced to suspend or shut down their business. All over the world we are witnessing an increase in unemployment, which, in turn, leads to a drop in the consumption of goods and services (people have no payment capacity), and, as a result, is detrimental to the economic prospects of enterprises.

Businesses that continue operations face lower turnovers, lower profits, or even operate at a loss. In such an environment, many enterprises will increasingly encounter difficulties in servicing their obligations to financial partners (including financial organizations).

Micro, small and medium-sized enterprises (MSMEs) are particularly affected. On the one hand, it is easier for them to adapt, since they are usually more flexible (especially small and medium-sized enterprises when it comes to cost-cutting, finding new suppliers, new sources of profit, etc.). However, at the same time, they are especially vulnerable because they tend to have lower levels of productivity, fewer assets and more limited cash reserves they could rely on in a crisis. And then, such factors as the lack of necessary business and practical experience, a minimum of know-how, a low level of financial literacy, and limited access to finance, which negatively affect the growth and development of MSMEs even during crisis-free times.

For women who run a business, the situation is exacerbated by the traditional burden of caring for children and relatives (especially taking into account quarantine measures to close schools, kindergartens, and other institutions). And, as a result, women more than men come to the fore and / or factors such as an acute lack of time to take anti-crisis measures and conduct business are compounded. Considering that, compared to men's, women's business is often smaller and / or concentrated in low-profit areas, many women's enterprises which also have an additional burden may simply not have the knowledge, skills, time, financial capabilities to respond in a timely manner to the crisis and return to normal activities.

 

Response of the state, international and financial institutions

  • Most Central Asian countries have developed specific economic measures to support entrepreneurship. Conditions have been created for businesses to increase liquidity, and access to credit lines has been streamlined. In addition, current loan repayment terms have been extended or suspended. Some banks and other financial institutions granted deferrals on loan repayments. Among other measures, the governments of the Central Asian countries have provided tax incentives and tax holidays to SMEs, postponed the deadlines for submitting tax return forms and tax payments, suspended tax audits or exempted most enterprises from social contributions. Social protection measures have been taken, subsidies and food baskets provided to the most vulnerable.
  • Countries in Central Asia received emergency funding to mitigate the direct economic impact of the virus. For example, Kyrgyzstan was the first country to receive funds from the IMF in the amount of 120 million US dollars. In Tajikistan, the IMF approved an immediate write-off of the government debt, and the EU provided assistance in the amount of 48 million euros. The European Bank for Reconstruction and Development (EBRD) has proposed concessional financing measures for SMEs and emergency financing mechanisms to protect banks' liquidity for countries of presence. Many other international organizations that are present in the countries of the region have quickly reacted and reconfigured their technical assistance programs, focusing on combating the impact of the crisis on the population, enterprises and the economy as a whole.

To cope with the current crisis and its consequences, all MSMEs need support, and women in business especially need support, given the specifics of doing business and the circumstances that restrict activities even in stable economic conditions. Government organizations, international investors, and financial institutions can play an important role in overcoming the crisis.

 

Financial institutions, public and private companies to minimize the impact of the crisis on business (in particular, female business)

  • Financial institutions can adapt tools and approaches to assessing current business needs based on the current realities. Many experts talk about debt restructuring, additional business lending, etc. But such measures must be customer-oriented, economically feasible and competent, since a new loan or deferred repayment is not always the best solution for a business. The crisis leads to a further increase in high debt burden, and for many entrepreneurs, an increase in the debt burden can become economically disastrous.
  • It is important to learn to make a quality assessment and analysis of the business situation and offer tailored and feasible, rather than standardized
  • Design and implement subsidizing and financial support programs for businesses that had to suspend operations under the crisis impact. Especially, programs for women who are more exposed to the crisis and suffer more because of their traditional roles in the family.
  • Initiate and establish discussion and information-exchange platforms, which is critical for any business, and, in particular, for women who, even under normal circumstances, have fewer business and social contacts for exchanging experience than men have. Such platforms will help to disseminate information faster about various business support measures to overcome the crisis, share ideas and know-how that will help overcome the impact of the pandemic.
  • Conduct educational/informational programs and events for entrepreneurs and enterprises.

Such measures can be aimed at helping firms to forecast key indicators in the times of uncertainty, teach and help them to pivot their business, bring new services and products to the market. These can also be events on improving financial literacy or on more specialized topics, such as accounting, marketing, IT, etc. Given the specific barriers that women face, namely: lack of time for self-development and lack of knowledge and skills, initiate and create special training programs specifically for women to give them a boost and support in these difficult times. In the conditions of restrictions, they need advice, more than ever, in the field of business skills development, delegation of authority, and business management.

  • Promote the development of special business support programs in the field of information technology. E-commerce is efficient and has many advantages during the crisis of overall distancing, and many businesses need to reconfigure their activities. For women, this turns out to be more difficult than for men, since they lag behind men in this area.[xi] Therefore, it is important to promote training in special skills for the MSME sector as a whole and at the same time to break female gender stereotypes in the field of IT.
  • Develop infrastructure for the care of children, elderly and sick relatives.
  • In a broader sense, it is necessary to create leadership support systems where men and women have equal rights and opportunities, before the next crisis breaks up. This can be done by equipping women with skills, training and opportunities to take leading positions, both at the head of enterprises and among business enterprises in which women are owners and managers, and by advocating for the changes that have been discussed in this article.

If both male and female businesses enjoy equal opportunities, and even the smallest companies are more competent, it will be easier for them to keep their business afloat, plan for the future, or even start a new business.

The conditions in which the world finds itself due to the SARS-CoV-2 virus give us the opportunity to implement changes that can protect the business from the most severe blows: going out of business today and in the future.

Everyone has a long and hard way to go. But this path can be fair if men and women have equal access to opportunities!

 

 

Additional sources of information:

[i]  https://www.bcg.com/publications/2019/boost-global-economy-5-trillion-dollar-support-women-entrepreneurs.aspx

[ii] https://eca.unwomen.org/en/news/stories/2015/09/30-countries-in-europe-and-central-asia-have-stepped-it-up.

[iii] The Global Gender Gap Report 2018, World Economic Forum (см. «List of Countries»)

[iv] The Global Economy.com serves researchers, https://www.theglobaleconomy.com/economies/

[v] World Bank, https://www.enterprisesurveys.org/en/data

[vi] Maltseva, Irina. (2007). Gender equality in the sphere of employment. Dushanbe: United Nations Development Fund for Women.

[vii] ILOSTAT, ILO Department of Statistics, 2020, https://ilostat.ilo.org  [accessed 7 May 2020]; ILO: A quantum leap for gender equality: for a better future of work for all (Geneva, 2019). Before the crisis caused by COVID-19, every day 16.4 billion hours were spent on unpaid care work around the world, with more than two/thirds being performed by women.

[viii] Zbierowski, P. (2017). The Aspirations of New Technology-Based Firms in CEE and CIS Countries. Foresight and STI Governance, vol. 11, issue 3, pp. 50-60. Kazakhstan is an exception: women account for 52.1% of workforce in high-tech enterprises and for 49.1% - in low-tech enterprises. But for countries such as Kyrgyzstan, Uzbekistan and Tajikistan, low profitability and productivity of female businesses remains a real problem, due to the fact that most companies owned by women are small and employ fewer employees.

[ix] The World Bank, https://www.worldbank.org/en/topic/smefinance. Even before the crisis, according to the estimates of the World Bank experts, women-owned MSMEs around the world face a $ 1.7 trillion funding gap (of which 103 billion US dollars - in Central Asia and Europe).

[x] International Monetary Fund, World Economic Outlook Reports, World Economic Outlook, April 2020: The Great Lockdown, https://www.imf.org/en/Publications/WEO/Issues/2020/04/14/weo-april-2020

[xi] According to the International Telecommunication Union, a UN agency, women use and have access to digital technologies less often than men (for example, in 2019 the share of women with access to the Internet was 48% vs 58% of men worldwide).

 - Pictures designed by Freepik

Episode #1: Overview of portfolio risk management

Episode #2: Analysis of portfolio risk with KPIs

Episode #3: Vintage and migration analysis

Episode #4: Advanced topics in portfolio risk management

Episode #1: Overview and concept

Episode #2: Foundations of portfolio analysis

Working Excel sheets for the episode: portfolio snapshot and historical portfolio

Episode #3: Migration analysis for stress testing

Working Excel sheets for the episode: migration and portfolio

Episode #4: Stress testing for capital adequacy

Working Excel sheet for the episode: CAR

Episode #5: Stress testing for liquidity

Working Excel sheet for the episode: liquidity

Page 5 of 9