Protecting data and clients in FinTech - an interview with Jim Rumph

Protecting data and clients in FinTech - an interview with Jim Rumph

We are launching episode 4 of “under CTRL”, in which we invited Jim Rumph from the US-based company Wipfli for an interview.

Jim is a Senior Manager helping organizations manage technology and information security risks, working mainly with financial and fintech companies. He has responsibilities such as managing and performing audit and consulting engagements, penetration tests and carrying out security and risk assessments

The research and review of applicable laws, regulations and frameworks are also part of his job, so we speak to him about how he sees the current state of compliance with different regulations. According to Jim, the finance industry had a rather conservative approach to compliance, but there has been a lot of investment and innovation lately, making more options available for the industry and its clients, replacing the old paperwork used by banks, for example. Technology can be an enabler for this industry, and its digital transformation is in progress, but of course, being compliant poses challenges as well as the rapid changing of regulations.

While the pandemic has not interrupted Wipfli’s work, some of their clients have been struggling with how to continue working remotely: ensuring that they would have secure access to all necessary data has been a new challenge for some of them. According to Jim, it shows that there is a lack of companies considering the full extent of data security, security risks and compliance when setting up operations and processes and, crucially, before implementing new solutions.

Jim often needs to emphasize that security and compliance are not the same and companies need to have all the information and processes in place to be able to comply with all the regulations. He has observed an improvement in how fintechs are collaborating with banks and provide them with good solutions. The effective communication and collaboration between them means the customers end up winning.

We discuss the pitfalls and advantages of outsourcing and vendor management and the importance of trust and good communication regarding these, to make sure companies do not lose control over their data. During the conversation, we also touch on data residency options and different regulations in the US regarding the storing of data within the county’s borders.

Listen to episode 4 and learn more about how Wipfli makes their clients more secure and how, according to our guest, digital transformation is an enabler for the finance industry.

Listen to episode 4 on Spotify or Apple Podcasts or subscribe to our RSS feed to learn more and tell us what you think.

Show transcript Hide transcript

Paul Bartlett: Welcome to the fourth episode of “under CTRL”. I'm Paul Bartlett, and today's guest is Jim Rumph from Wipfli, one of the top 20 accounting firms in the US. Jim is a senior advisor in the financial services division, and has in-depth expertise in the area of risk management and IT compliance. On this episode, we will cover how Wipfli is taking accounting to the next level by being a technology and implementation advisor to its clients. Also we will touch upon how cyber security and forensics plays a crucial role in this ever-changing digital age. Hey Jim! Thanks for joining. How are you doing there?

Jim Rumph: Doing well. How are you?

Paul Bartlett: Yeah, I'm good thanks, Jim. I'm really curious about this topic that we are going to be talking about today around risk management and... and compliance, because we get obviously a lot of questions coming our way, certainly, with our solution, with how it does comply with different regulations within the European Union, but also in the US as well. So I think first of all, just get started with just introducing yourself and giving us a little bit background about you and your company.

Jim Rumph: Yes, sir. Thanks. First of all thanks for having me. I always love to come on podcasts and talk about things like risk management and... and IT controls. Always looking out for helping our clients and providing good advice. And I know this is a big topic these days about risk management and compliance...

Jim Rumph: As it should be. As it should be. We're trying to do things to protect our clients and consumers, so always again appreciate the opportunity to talk about things such as this.

Paul Bartlett: It's all yours.

Jim Rumph: Yes, sir. So a little bit about myself: I'm a senior manager in our risk advisory group here at Wipfli. Just a little bit about Wipfli: We're a top 20 accounting firm here in the US. We have about 50 offices, most of those in the US. We do have a couple overseas, but really we strive to be a little bit more than an accounting firm. When we think about accounting firms, we think about traditional audit and tax, but we try to go beyond that and really be an advisor to our clients. That includes helping them with things, such as technology consulting, technology implementations, kind of digital transformation, that's a buzzword that we talk about a lot, and I'm sure we'll dig into in today's podcast. But helping... yeah, help... helping clients in more than just traditional accounting areas, such as audit tax. Other areas we operate in are wealth management, are benefits consulting, or cyber security fraud and forensics is... is a big part of our practice, too. And we do this across many different industries: manufacturing, healthcare, government, nonprofits. I spend much of my time in financial services. In banks and fintech companies that do work with banks. And of course, you know, which this is all heavy... heavily regulated industries. So I spend most of my time in that financial services around realm. I do have a few other clients. But going back to how you started it: I really help around IT risk management at a very high level.

You know, we do that in a variety of different ways: penetration testing, stock reports, risk assessments, social engineering and other technical audits. I spend most of my time in the financial services realm, but have other clients in other industries as well. And we help clients in multiple different ways: risk assessments, stock audits, IT audits, and penetration testing... kind of technical audits. But at the end of the day, what I tell people I do is: I try to make my clients more secure, or make sure they realize how secure they are. And what I always tell... that's a very long-winded answer of what I do, but to shorten that up a little bit, what I tell my mom I do is: I help my clients be more secure.

Because that's what it's all about, trying to help them make sure they understand all these risks out there. Because there's a lot of noise about these areas: cyber security and compliance and regulations. So I try to help my clients just be more secure.

Paul Bartlett: Yeah. And to that point, I think there's a lot of rattling the cage, right? About the things that you... you need to comply with, and anybody that's either starting out on a business or trying to transition to moving from filing cabinet online is overwhelmed with potentially all of the regulations and control measures that need to be put into place. And I was just wondering... see, how do you see the... this sector evolved over your period of time of working in that specific area of risk management and helping companies, let's say, from five, six years ago to today transition with the right technology stack?

Jim Rumph: Sure, great, great question. Good way to start! In financial services, it's a very interesting time. The industry itself has been very conservative in the past in the US, especially with banks. I mean kind of those legacy financial institutions. It's just a little bit more of a conservative industry. But really over the past, you know, say decade or so, we're seeing so much investment coming in now. So much... because, I mean, more entrepreneurs getting involved, a lot more innovation around these financial services. So I am seeing a whole lot of change over the past few years. And again, it's... it's new to this industry, because it's again, traditionally, just a little bit more of a conservative industry, we think about in the kind of quote-unquote "old days", going in and getting a loan. You go into your bank or your mortgage lender, fill out your paperwork, you know, for a certain type of loan... and... and go through the traditional process. But these days with all this new technology innovation, you have a lot more options, I guess, is the best way to put it. One of our clients, actually, they partner with a big box retailer. So, you know, say you're... you're a construction company, you go into a big box retailer to buy a bunch of goods. You can get maybe a micro loan right there at checkout. I mean, that... that is completely different than the kind of traditional way of thinking about loans and... and... and lending. So a lot of new innovation coming into the sector now, and I think it's great! I think it's great for this consumer. It's... it's meeting them where they need to be. But, you know, it is new for... for that industry, so we're seeing, as you would expect, challenges that need to be overcome, especially in the area of compliance and security. But overall, it's... it's... it's an interesting time to be in this... in this industry.

Paul Bartlett: And you would traditionally think about, looking back in the old days, that kind of compliance would have the upper hand. But I can see, personally as well, that compliance is kind of being pushed these days to... to conform to the technology that's... that's available today, right? Is... are you seeing the same kind of thing?

Jim Rumph: Yes, I think... and first of all, I always like to tell my clients compliance is not really the same as security. And security is not compliance. So there are two different things. And certainly with all this new innovation and new types of companies coming into regulated environments, what I've seen, it's... can be a little bit of a culture shock, you know, for these fintechs, these financial technical companies, that are popping now up, to solve very specific problems, who may not be used to the regulations and the laws. So it can be tough for them. Traditionally, banks and... and legacy financial services clients, they're used to regulating information. They're used to the compliance. But, you know, again with the rapid innovation of... of new types of products, it can butt heads a little bit with compliance and security. So making sure everybody's on the same page, everybody realizing that compliance is an important part of the business. And... and the ultimate goal is to make it safe for the consumer, for your customers. And I think once people adopt that approach, and raise the regulations, and raise the (inconclusive) aspect of it, I think... I think that's the first step.

Paul Bartlett: And where do you see potentially, for example, you've got fintechs coming in, or you've got existing companies that are transitioning to maybe going online or looking at different technology stack and, with the plethora of different technologies that are out there, where do you see the pitfalls are, with regards to either new startups or existing companies? Where does it... they always run into difficulty around regulation and compliance?

Jim Rumph: And another good question. What we see, and... and I participate in a couple of incubator type programs. I'm based here in Georgia in Atlanta, and we have a lot of these types of companies, these types of fintechs. And... and what we were seeing is, it's been very good lately. These new fintechs are engaging with banks and people in traditionally more heavily regulated environments, and beginning that dialogue. Because that piece you're talking about of... of... of making sure we're compliant with all the rules and regulations, I think that's one of the biggest challenges. And certainly we have to (inconclusive) products that people want. That kind of goes, well, without saying. But it's the back end things, like those security issues and regulation issues, that... that are posing the biggest challenge, I think, for these new companies. But... and... and it used to be kind of banks and fintechs were butting heads a little bit. You know, they're... banks maybe see fintechs encroaching on their turf, and the fintechs are just trying to provide good solutions, but what's happening now, and I think it's great for the industry, is they're starting to work together. Awesome. And... and the banks can, you know, teach... teach these fintechs, you know, how to operate in the regular environment, and in return banks are getting access to new products that their customers want. But I do think that area is a big challenge, just that general, you know, kind of risk management area. But the more conversation that takes place, right, between all these parties, is the better. And ultimately, the consumers will be the one that ends up winning.

Paul Bartlett: Yeah.

Jim Rumph: But, you know, also thinking about... regulations are changing very quickly as well, so... so something's always coming out new. I know in the US, we have a lot of different states doing different laws around these areas. And it's... it's... it's just a challenge.

Paul Bartlett: Yeah, I mean, I... I tend to agree with that sentiment as well, is that we deal with companies coming into us, and they start asking us whether we can make them compliant. And of course, as an organization, we're not there to make them compliant. We can provide a level of security, which might fit into the compliance standard or the regulation for a state or some other particular sector, but we're not able to... to do that. And it's an interesting point that you raise, because I think, what I've seen in the past that fintech organizations are typically straight ahead with building a great application, you know. Its customers can basically work from their mobile phone, do everything online, but then suddenly they can run into issues with data security, for example, and how they store that data, and whether it fits with a regulation or not. Is that something that you typically see as well?

Jim Rumph: Yeah, that's... that's a good point. And what we always encourage any company, really, is to make sure to think about the security risk from the beginning, from the start. If you think about it at the very end, it's going to cause problems. I'll use an example of email.

Paul Bartlett: Yeah.

Jim Rumph: Think about email. It was never intended to be secure from the very beginning. It was intended as a way to share information. And that's... it does it very well, to send emails and to share information, it does that job really well. But now, of course, we've seen email as becoming a primary attack vector we're trying to secure. So it's... it's a lot harder to do later on in the game. If you can think about security, think about, you know, data early in the process, when you're creating these applications, and... and, you know, objectives. If you can think about it early and... and take security consideration into consideration from the start, it will help. So that's one thing I always recommend to my clients, just to think about it from... from the get-go. And I'll just mention one other thing that you talked about, what I thought was pretty interesting. Your clients want, you know, you to make them compliant with... with certain regulations. And of course, you can do that for your product, but that's not... that's not a full, you know, solution for them. And it can't be, you know. That's not your job. So with the prevalence of outsourcing, you know, that... that will continue to be, you know, an issue, in vendor management in particular.

Paul Bartlett: Yeah.

Jim Rumph: Making sure companies know how to manage... manage their vendors.

Paul Bartlett: I think this was also one of the areas... when we talk about vendor management and we talk about different technologies, there's a trust requirement there. Okay. it's what am I procuring? What am I taking from this vendor that's gonna secure my data or secure the trust, for my particular customers as well? Is that where you're also helping customers as well, in... in choosing the right technologies to get them secure and working in an effective and efficient manner?

Jim Rumph: Sure. We... we spend a lot of time helping clients do that, making sure their vendor management program is in place. And... and one thing I always preach to my clients is, you know, you can never outsource responsibility. So you always have to again make sure you use your trusted vendors. I think outsourcing is a great way to solve a lot of these problems. But just realizing that you're not necessarily outsourcing risk, you're just... it's the risk is a little bit different, right? So you may not be in charge of, you know, securing data. Maybe your... your vendor's doing it, but you just want to monitor your vendor. You have that communication and that relationship with your vendor, to make sure you're all both on the same page, at the end of the day.

Paul Bartlett: Yeah. Yeah.

Jim Rumph: And as long as you have that communication... and I think... I think that's so important. Yeah. I think, as a whole, the industry will continue this trend of outsourcing, because again, I mean, like your solution, you solve a very specific problem. And you can probably do it more efficiently and effectively than... than your clients can by themselves. So I think outsourcing is a... for... for these particular problems, is a, you know, great way to do it. But as you say, vendor management becomes a big piece. When we see some of our clients get audited by the examiners and the regulators, vendor management has... has just been... the focus on vendor management has been increasing over the years. And... and certainly, I think it continues to do it. But if you have those trusted... trusted partners, it can be a win-win for everybody.

Paul Bartlett: Yeah. I mean, because... especially under these times as well, there's so much pressure on cost, right? There are companies out there that maybe outsource and... and try to do things remotely from, you know, working with... with other countries, providing their IT services or IT management stack. But do you see that there is potential risks? I mean, the rewards are there, financially, but the risks as well. Is that something that you... you also see? Do you have any like horror stories from... from that?

Jim Rumph: Sure.

Paul Bartlett: Because I've... I know that I've heard horror stories in the past of, you know, basically things being outsourced to different countries and then suddenly, you know, they're not in control of that data anymore. So they're entrusting people with that data in a cloud service somewhere remotely, in a far foreign country.

Jim Rumph: Yeah that's a great point, and what I see... I don't really have any horror stories, but here's what I see happening that causes problems: When somebody in a business unit hires a vendor without consulting maybe the information security group, or the composite group, or whatever group's in charge of kind of monitoring that. And then you create this relationship, and then the vendor comes and asks for this, this and this. Maybe that's... that's not good, maybe you want to share that information, maybe you don't. But as long as... we really need to again concentrate on deciding those things, you know, before we're signing a letter with, you know, a contract, with... with the client. That's where the kind of, to me, the horror stories happen is, when everybody is not on the same page going into a relationship. About, you know, what we have to put in and what we're going to get out. If we... if we solve those problems in the beginning and think about the security topic in the beginning, then... then that, you know, usually leads to a much better success. So I think that's the big takeaway and, of course, ongoing vendor management. Around... around the companies, and... and making sure you're all are on the same page about how we treat security and how we treat data security. But usually, the horror stories happen is when you think about that halfway during the... through the implementation. That's never where you want to be.

Paul Bartlett: Yeah, I had that experience as well with... with a company that just basically put their line of business straight into finding a tool, which was ours for evaluation. They went through, they said "yeah, it's great," and the next minute they over... overlook the... the whole security aspect of things. They needed to engage with the security team, which they weren't even aware of. Which surprised me, because you would think that internally, inside these organizations, that these kind of things would be well scripted out, but it tends to be in larger organizations.

Jim Rumph: You would think that.

Paul Bartlett: Yeah. That's the... yeah, behind the, you know, the shiny web pages and... and advertisements, that there are situations where people are just unsure about what the process is internally. And is that something that you... where you help them with... build that process out? So as well as taking the risk management, what procedure needs to be put in place, and what's the best way to do that, to be able to get to an evaluation of a particular technology?

Jim Rumph: Yeah, we do help with that some. It's interesting... You talked about, especially with larger companies, maybe the hand's not talking to the foot. This happens all... all the time, and then... and as auditors, we try to get in there and talk to everybody, and get multiple perspectives from the business line, from information security, or maybe from IT. And sometimes, when we talk to all these different groups, we see that obviously not everybody's on the same page. So where... where we can, we try to help those clients put in processes. We've got to have defined processes for how we tackle these things. So if we're hiring a new vendor, you know, these people need... need to be involved from the very beginning. Making sure we got that written down, making sure we don't have to think about it when we go, you know, to procure a new solution, that we have those processes in place to make sure those things that need to happen do happen. So we... we do spend a lot of time talking with clients about that, because that is a challenge. Making sure everybody who needs... needs to be involved is involved. But also, you know, we don't want to slow down the process. We don't want to make it a really... a really cumbersome...

Paul Bartlett: Yeah.

Jim Rumph: ... for, you know, to us to get new... new products. Because we... we need new solutions and help from vendors, and we don't want to slow that process down too much. But we do want to provide some... some oversight. So a lot of it goes back to just general business process. I mean, you can... you can... if it's a bad process in the beginning and you try to automate it, it's just gonna be an automated bad process.

Paul Bartlett: Yeah.

Jim Rumph: So we always wanted to think about that kind of stuff from the beginning.

Paul Bartlett: Yeah. And that has happened. When we say about automated processes, it's about... again somebody needs to sign something off. I know myself, I've experienced it to the frustration of the customer as well, the amount of steps and stages they need to go through to get their hands on... on a piece of technology. But it has to check all the boxes, right? So... and typically, this is where it falls into the risk management category. And one thing I wanted to touch on, which I'm faced more and more with now we're dealing with customers is the introduction of... not that it's an introduction, but it's always been there, is this... this data residency option, or data sovereignty. Do you have any feelings or... or insights on that? Because it's one of the things that we... we're faced with quite frequently. Can we store our data within the US borders? Where's that data being stored? What kind of regulations are in place? What's your view on that?

Jim Rumph: That's a... that's an interesting topic, and I can... and I see it just evolving almost day-to-day, especially GDPR being implemented. In the US, what is happening is California implemented a similar law, or related to GDPR. And New York has... has had a little bit different one and... and honestly all the states are probably coming up with their owns. So it's a very interesting question, and I'm not sure the answer to it yet. I don't think anybody knows. But we have... some of my clients have been trying to just avoid issues, you know, like that. Honestly.

Paul Bartlett: Yeah.

Jim Rumph: Just kind of kicking it down the road, because nobody... I don't think anybody really knows the answer yet. GDPR is new and... and... and from what I can tell, not a whole lot of fines have been issued so far. So everybody's kind of... has a grace period to get, you know, compliant with that. Talking about... going back to the (inconclusive) question, like data sovereignty, knowing where your data is, it's just going to keep going more... Those types of questions are going to just continue increasing.

Paul Bartlett: Yeah.

Jim Rumph: And the big vendors will... will have to kind of figure that out. Especially in these regulated industries. And I think there's a push to do that. I mean, in the old days, you know, we put it in the cloud and it could be anywhere, depending on, you know, whose... whose cloud it is. But... but I have seen vendors become more cognizant of that question, especially in areas such as financial services, which are regulated. And I... I get it. I mean, I would want to know where my... my data is, you know, from a business standpoint. If only just to make you sleep better at night, right?

Paul Bartlett: Yeah.

Jim Rumph: I don't have a fully fleshed answer for you, cause I think it's still evolving. But I think...

Paul Bartlett: Yeah.

Jim Rumph: ... those are the types of questions that we need, you know, need to keep asking.

Paul Bartlett: Fleshing out. Yeah, because, I mean, I... I typically tell my... my customers, when they say "well, where's the data being stored," and "we have a default location, but we give other options as well." And usually, if you're dealing with an educational institution, it's the educational institution that's saying "right, you've got to have that data within the US borders, and then you want some justification for why that's the case." And really, there's no justification for it. It was based on some... Yeah. It was based on some policy that was created, you know, 10 years ago, and it's never been changed. And for example, you know, these days, people are saying "well, as long as it's fully encrypted or... or the regulation's as stringent or as strict as what they are for here in the US, for example, we're okay with that." But one of the things that's been sort of niggling away at me personally, when I'm asking these questions, is: How does that affect cyber insurance? Cyber security insurance, for example, which more insurance companies are willing to do and... and... and offer out there? You know, does it have any impact on the policy that they're procuring from these insurance companies? So yeah, those are all good... good questions that I'm also challenged with on a regular basis to find out. So if there's any listeners... listeners out there that can help us address those questions, then you can drop me a mail by any means. I just want to come onto the current situation right now, with... with Covid. How have you guys been dealing with it, personally as an organization? And even as individuals? Cause I think it's caught everyone out. And it's a topic that can't be ignored. And, more importantly, what do you see your customers going through right now? As someone mentioned to me earlier on the previous podcast, it's kind of caught everyone off guard, out of balance. And yeah, people are still trying to come to terms and figure out business processes, different ways of... of managing risk, because people are working remotely now. So what is it you see?

Jim Rumph: It's the topic of the day, or at least the topic of the past four months. It's an interesting time and strange times. You know, I'm sitting here in my basement, where I have the... you know, my home office that I've been in for the past basically three or four months. For our firm... you know, we have a little bit different business model, because we are constantly going to see clients. I usually spend a lot of time at my clients' locations, you know, visiting with them and working... working there. So that has pretty much gone away. But our kind of business model, we were built for this, to be able to work from... from anywhere. So it hadn't really been much of a disruption for us in... in... at Wipfli. We're doing a whole lot more online meetings, when we share screens. But really, we've been able to... to kind of get our job done. But a lot of our clients are a little bit different, because it's a different business model, such as our bank clients. And they... they're on the front lines. They're essential. You know, people need access to... to their funds and... and need access to their banks. So... so it's been more of a challenge for them. And we actually had a... I hosted a round table, yesterday actually, for a few of my banks, to talk about this... this very issue. Because, you know, when... when Covid first hit a couple months ago, it was all about "hey, we got to get work done. We got to send everybody home, but we have to get the work." So I think what... what we saw was the risk kind of tolerance, you know, for... for cyber security went up a little bit. Because it had to. Because we had to get our job done. But now, as this thing is stretching out and we see that "hey, maybe there's not an end in sight at the end of the year or end of, you know, next summer, we don't know how long we do this," habits are changing. People are (inconclusive). And for some people realizing that "hey, maybe that's better than having a two-hour commute every day." So now, we're starting to think about "okay, this being a more longer term issue, how do we manage those risks?" Cause you got people working at home.

Paul Bartlett: Yeah.

Jim Rumph: We don't know how secure their home network is. We don't know, "hey, do they have encryption over their wi-fi?"

Paul Bartlett: Yeah.

Jim Rumph: You know, who else is in the house? So it's introducing new risks that we really hadn't focused on that much anymore. So... and... and people are still trying to figure out, you know, how to do that.

Paul Bartlett: Yeah.

Jim Rumph: How to... how to kind of manage those risks. And luckily there's a lot of good solutions out there that... that are specifically geared to, you know, help these types of issues, in... including what your product does. So it's an interesting time around this. I think a lot of change has happened and will happen, and... and one other point about this that we kind of talked about with my clients the other day, is: What we have shown is, how fast we can really pivot if we need to, to digital products, to a remote workforce. I mean, people in not just financial services acted very quickly, and showing that we can do rapid change to meet our customer needs. And I think... I think that's great, you know, for... for... for all industries, to show how fast we can adapt to circumstances.

Paul Bartlett: Yeah.

Jim Rumph: But, of course, making sure we manage that there's risk in the process. Because I was looking at the FBI report - they put out some threat reports every year, and I was just looking at their website - and, you know, the number of... of cyber security kind of cases that they handle, you know, through May of this year, is already greater than all of 2019. So there's a lot of people trying to prey on all this change and all this work from home situations. So...

Paul Bartlett: Sure.

Jim Rumph: Yeah, so it's... it's... it's interesting times for sure.

Paul Bartlett: Yeah. Yeah, and I... I also think there are some businesses out there... it's... for them, regardless of people working from home, it's business as usual. You know, pre-financial results need to be reported to auditors. I've got one customer who came to us saying "hey, we need a solution and we need it fast, because we didn't assume that we would not have auditors on site, you know, doing the books. We need to do the prefi... still would release the pre-financial results." So they're all working remotely. And for me that was a use case that I didn't even think of, that suddenly the idea of auditors and finance teams not being able to meet anymore due to the Covid situation, was... yeah, "hey, you know, there's a new space up there, basically, in the cloud for a secure data room, where these third parties or regulators and... and... and independent auditing teams need to work." So that really opened my eyes up as well, and also made me consider about the risks of... of working remotely. So it was... it was good to get your insight on that. I'm just moving ahead now to the future, because I'm just being conscious of time. What do you see happening from now on? From the aspect of regulation, risk management, where is the finance industry heading? I mean, is there a future for bank branches, for example, or is it going to be all fintech in the future? Are we going cardless? What... what potential risk is there? There's a whole abundance of questions in there. So... but what do you see for the future?

Jim Rumph: Sure. I... I think we will continue rapid innovation. The... the amount of processes that will be digitized will keep increasing. As a result of that, data security issues and concerns and challenges will keep increasing as well. And to me, in turn, that means regulations are not going to be lessened...

Paul Bartlett: Alright.

Jim Rumph: ... there are going to be more and more. Especially, when we consider all the data breaches that have... that have happened and will continue to happen. None of that is going to go away, you know, anytime... anytime soon. I don't think, going back to when you're you mentioned about bank branches, I don't necessarily think they will go away, but they will change, and they will evolve to customer demands. You know, as consumers, we're used to kind of have everything we need maybe on our phone or on our tablet or our laptop, and those types of products continue to be high in demand. So I do expect a lot of rapid innovation to continue to happen. And... and, of course, again as a result, we will continue to collect more and more data, and then we kind of have to secure that data.

Paul Bartlett: Yeah.

Jim Rumph: And have to show others that we're securing that data, because, you know, we talked about outsourcing and vendors... The more, you know, vendors we have, the more we have to monitor those... those vendors. And... and to make sure we know where our data is, and then make sure it's secure. But I'm very excited about the future. You know, some people, you know, get worried that maybe technology is going to take their jobs away and... and whatnot, and I totally understand that.

Paul Bartlett: Yeah.

Jim Rumph: But I try to look at it from the perspective of, you know, that's gonna... maybe some doors will be shut, but a lot more doors will be opened in... in the technology space. So... so I've got... I've got really good hopes about technology and how it can make... make our laws better. And at the end of the day, technology is just a tool.

Paul Bartlett: Yeah.

Jim Rumph: And should be a tool used to make people's lives better. I think it has the capability to do that, and I'm... I'm really looking forward to, you know, how... how the industry evolves.

Paul Bartlett: Yeah. I think at the beginning of the... the show, you mentioned digital transformation, and... and what does that mean? All we can say, potentially, for some organizations that that's come early. Some people are being forced to change now, because of the situation. But I'm just always a little bit confused about the digital transformation terminology, because companies are constantly, you know, adopting, evolving... So it's a continuous process, right? It never ends. And I'm also thinking about: Is it something that we'll see in the future, where I'll be on a Zoom call with my bank manager, rather than going in and facing them. Because... it's not because of the Covid, potentially, but because now if we found a more effective way, efficient way of working, and we're actually maximizing the benefit of technology, which I believe in the past has always been maybe under-utilized for our own product, for example. It was just used, basically, for a file repository. But now it's being used for... for many other things as well, because it always had that capability there, but now other people are finding other use cases and applying it to the maximum potential. So, yeah. Okay, Jim! Great discussion. Really happy to have you had you on the show today. I wish you all the best, and hopefully talk to you soon in the future. I'm gonna call it a day for today. Thanks a lot for your time and your insight.

Jim Rumph: Thank you so much for having me! I enjoyed it.

Paul Bartlett: No problem. Thanks a lot, Jim. Take care! Bye-bye now!

Jim Rumph: Thank you!

Paul Bartlett: And that's it for today's episode of "under CTRL". You can find links to all of our social platforms and to our guests in the episode description. If you like the show, make sure to subscribe and leave a review. Join us in two weeks' time for the next episode.