Home

FinTech Security and Regulation Suggestions

Welcome to Continuous Improvement, the podcast where we explore strategies and insights for enhancing various industries through continuous improvement. I'm your host, Victor, and today we'll be diving into the fascinating world of Virtual Banking in Singapore's financial industry.

Virtual banking has undoubtedly reshaped the way we think about financial services. However, with innovation comes the need for effective regulation to manage risks and ensure the smooth functioning of the market. In today's episode, we'll be discussing the delicate balance between Virtual Banking innovation and regulation, and I'll be sharing some valuable advice for regulators in Singapore.

But before we dive in, let's understand the motivations behind regulation in the fintech industry. Uncertainty, resource conflict, disruption, and unforeseen events are some of the key drivers that lead regulators to assess the risks associated with emerging technologies.

Now, the adoption of cloud technologies has certainly revolutionized the financial system, offering unprecedented potential. However, it also brings new risks that require safeguards to prevent system collapse. This is where insightful regulation plays a crucial role.

When it comes to regulating the fintech industry, regulators can consider three approaches: rule-based, principles-based, and performance-based systems.

In a rule-based system, strict rules and processes are set by the regulatory authority, leaving little room for interpretation. On the other hand, a principles-based system provides guiding principles for market players, allowing them some freedom in achieving their regulatory responsibilities. Lastly, a performance-based system sets specific benchmarks for market participants to meet or exceed.

Now, each approach has its own benefits and challenges, but finding the right balance is vital for Singapore's fintech industry to thrive.

The Monetary Authority of Singapore, also known as MAS, aims to position Singapore as an experimental center for fintech innovation. Their long-term goal is to attract fintech innovators to the Asia-Pacific region. To achieve this, MAS has embraced the use of regulatory technology, or reg-tech, to streamline compliance processes and foster a conducive environment for innovation.

But what about virtual banks themselves? How can they navigate the evolving regulatory landscape? It all starts with establishing an open and respectful relationship between policymakers and stakeholders in the fintech field.

MAS has already taken steps to address this by amending its Guidelines on Outsourcing for Financial Institutions. These guidelines acknowledge that virtual banks can benefit from cloud services. However, they also require due diligence, robust governance, and risk management processes to be in place when utilizing cloud services.

Cloud security is of utmost importance, and regular reviews of cloud security environments should be conducted. Compliance with industry certifications such as ISO 27001, ISO 27017, ISO 27018, MTCS Level 3, and PCI DSS Level 1 ensures the highest level of security standards.

Additionally, MAS provides guidance on risk management techniques and expects financial institutions to comply with these guidelines and report their compliance accordingly.

In conclusion, successful cloud implementation for virtual banks requires a deep understanding of their current and desired states. Proper goal-setting and the development of workstreams specific to cloud migration are crucial.

By embracing innovation while maintaining effective regulation, Singapore can become a hub for virtual banking and secure its position as a fintech powerhouse in the Asia-Pacific region.

That's all for today's episode of Continuous Improvement. I hope you gained valuable insights into the relationship between Virtual Banking and regulation in Singapore's financial industry. Stay tuned for future episodes where we explore more strategies for enhancing various industries through continuous improvement.

Thank you for listening, and until next time, I'm Victor signing off.

金融科技安全與監管建議

我想提供建議，指導當局如何處理新加坡金融業的虛擬銀行應用。由於銀行業高度監管的性質，虛擬銀行創新與監管之間的關係經常處於緊張狀態。大家普遍認同，監管機構是必要的，可以減少與新的商業模式和金融產品相關的風險和未預見的後果。我建議監管機構與金融科技行業的快速變化保持步調。

虛擬銀行給監管市場參與者運營方式的監管機構帶來了新的問題。這使得監管機構必須仔細評估金融服務行業新興技術帶來的風險。雖然雲技術提供了前所未有的可能性，但也帶來了新的風險。

應考慮四大監管的動機：不確定性，資源衝突，破壞性和未預見的事件，以及公眾利益。採用雲技術將徹底改變金融系統的運營方式，需要采取保護措施防止因未預見的事件導致的系統崩潰。

更具體地說，應該採取預防性措施，保護虛擬銀行消費者免受完全市場驅動系統的弊端。在金融科技部門內進行監控有許多好處，但實施有效的監管仍然面臨重大挑戰。

許多市場參與者可能對監管持懷疑態度，認為這可能阻礙他們的前景或運營。因此，為金融科技行業實施具有洞察力的監管並不會一帆風順。監管機構可以考慮三種對金融科技創新的方法：

1. 基於規則的系統：監管機構設定嚴格的規則和程序，市場參與者必須遵守。

2. 基於原則的系統：監管機構提供指導市場參與者的原則，允許他們在履行其監管責任時有一定的自由。

3. 基於績效的系統：監管機構為市場參與者設定特定的標準，市場參與者需要達到或超越這些標準。

這些方法可以幫助新加坡金融科技行業蓬勃發展。謹慎的監管培育了創新的理想環境，建立信任和促進新的消費品和服務的普及接受。新加坡金融管理局（MAS）的目標是使新加坡成為金融科技創新的“實驗中心”，符合其長期吸引亞太地區金融科技創新者的目標。

在理想狀態下，人們不必在創新和監管之間做出選擇。虛擬銀行可以利用創新技術來簡化監管合規。新興的監管科技（reg-tech）行業提供軟件解決方案，幫助監管機構更高效地行使職責。

隨著監管風景的變化，現有和未來的虛擬銀行需要為日常監管業務的變更做好準備。在政策制定者和金融科技領域的相關人士之間建立開放，尊重的工作關係對於有效採用虛擬銀行至關重要。

在2016年7月，MAS修改了其對金融機構（FI）外包的指導方針，以認識到金融機構可能從雲服務中受益。這些指導方針要求金融機構在使用雲服務時進行盡職調查並實施強健的管治和風險管理流程。

雲安全環境應定期審查，服務應遵從多種行業認證。例如，ISO 27001概述了安全管理的最佳實踐，而ISO 27017和ISO 27018提供了針對雲的具體安全建議。此外，MTCS Level 3和PCI DSS Level 1為新加坡和支付卡行業提供了更進一步的安全標準。

通過將以治理為中心，適合審核的功能與認證和審核標準結合，監管機構可以確保雲供應商的安全控制環境。

MAS指導方針提供了風險管理技巧的建議，包括對雲服務的盡職調查和風險評估。預計金融機構將遵循這些指導方針，並每年或按要求向MAS報告其合規情況。

MAS的技術風險管理（TRM）指導方針和新加坡銀行協會（ABS）雲計算實施指南為雲外包的風險管理，管治和控制提供了額外的指導。

總的來說，每家虛擬銀行走向雲技術的道路都是獨特的。虛擬銀行需要理解他們的現狀，期望狀態，以及從一種狀態過渡到另一種狀態所需的步驟，以便成功實施雲技術。這種理解將幫助虛擬銀行設定目標並開發工作流程，以實現成功的雲遷移。

FinTech Security and Regulation

As a FinTech consultant, I am conducting a study on the security and regulation of virtual banking in the US financial sector. The federal and state governments in the United States have various agencies that regulate and oversee financial markets and businesses. Each of these agencies has a distinct set of tasks and responsibilities, allowing them to operate independently while pursuing similar objectives.

The United States operates under a "dual banking system," meaning that banks can be chartered by either one of the 50 states or by the federal government. Regardless of who charters the bank, it will have at least one federal supervisor. Below is a list of US banking regulations that virtual banks must adhere to.

Firstly, the Gramm-Leach-Bliley Act (GLBA) mandates that financial institutions—companies providing financial products or services like loans, financial or investment advice, or insurance—inform their customers about their information-sharing practices and protect sensitive data.

The principal data protection elements of the GLBA are outlined in the Safeguards Rule. The FTC's Privacy of Consumer Financial Information Rule (Privacy Rule) supplements the GLBA by providing additional privacy and security requirements. The GLBA is enforced by the FTC, federal banking agencies, other federal regulatory bodies, and state insurance oversight agencies.

For instance, the Safeguards Rule (16 CFR 314) requires financial institutions under FTC jurisdiction to have safeguards for protecting client information. Companies subject to this rule must ensure that their affiliates and service providers maintain customer data securely and implement their own protective measures.

Additionally, the Financial Privacy Rule (16 CFR Part 313) requires financial institutions to issue specific notices and adhere to certain limitations on the dissemination of nonpublic personal information. Unless an exception applies, financial institutions must inform both affiliated and non-affiliated third parties about their privacy policies and practices and allow consumers to opt out of sharing their nonpublic personal information with nonaffiliated third parties.

Secondly, the California Consumer Privacy Act of 2018 (CCPA) grants consumers more control over personal data collected by organizations. California consumers now have new privacy rights, including the right to know what personal information a business collects and how it is used and shared; the right to request the deletion of collected personal information (with some exceptions); the right to opt out of the sale of their personal information; and the right to non-discriminatory treatment for exercising their CCPA rights.

In November 2020, Californians voted to enact the California Privacy Rights Act (CPRA), which significantly expands existing privacy rules and will take effect on January 1, 2023. It's worth noting that the current "business-to-business" and "HR" exceptions will expire on the same date, making the full range of CPRA standards applicable to these types of personal information, which are currently largely exempt from the CCPA.

Thirdly, the NYDFS Cybersecurity Regulation (23 NYCRR 500) imposes strict cybersecurity standards on financial institutions in New York. Under this regulation, entities like banks, mortgage companies, and insurance providers must implement comprehensive cybersecurity plans and policies and maintain ongoing reporting systems for cybersecurity events.

Fourthly, the Information Technology Examination Handbook's "Outsourcing Technology Services Booklet" offers guidelines to help examiners and bankers evaluate the risk management processes involved in establishing, managing, and monitoring IT outsourcing relationships. Federal financial regulators have the authority to oversee all activities and records of a financial institution, whether performed by the institution itself or by a third party.

Fifthly, another section of the Information Technology Examination Handbook, the "Information Security" booklet, provides guidance on assessing the level of security risks to a financial institution's information systems. It encourages institutions to maintain robust information security programs that are supported by board and senior management, integrated into business processes, and clearly accountable for security tasks.

Sixthly, the Consumer Financial Protection Bureau (CFPB) has issued guidelines for its Information Technology Examination Procedures under Compliance Management Review. While institutions can outsource operational aspects of a product or service, they cannot delegate the responsibility for ensuring compliance with federal consumer financial regulations or managing the risks associated with service provider agreements.

In summary, virtual banks operating in the United States must comply with all the aforementioned regulations. This involves interpreting the rules, clarifying them, and preparing the necessary documentation. To achieve compliance, virtual banks will need to thoroughly analyze these requirements and take the appropriate steps to meet them.

Some of the key bank regulations in the United States include the following:

1. Regulation B: This regulation aims to prevent discrimination in the credit application process. It outlines the procedures lenders must follow when obtaining and processing credit information. Under this regulation, lenders are prohibited from discriminating based on age, gender, race, nationality, or marital status.

2. Community Reinvestment Act of 1977 via Rule BB: This Federal Reserve regulation encourages banks to lend to low- and moderate-income borrowers. It also requires institutions to disclose the communities they intend to serve and the types of credit they are willing to offer there.

3. Home Mortgage Disclosure Act of 1975 via Regulation C: This regulation mandates that many financial institutions annually provide loan data about the communities to which they have offered residential mortgages.

4. Regulation CC: This rule requires depository institutions to make funds available within specified time periods and inform customers about their funds' availability practices. It also includes measures to expedite the collection and return of unpaid checks.

5. Regulation D: This regulation imposes reserve requirements on certain deposits and other liabilities of depository institutions for monetary policy purposes.

6. Regulation DD: Financial institutions are obligated to inform customers about annual percentage yields, interest rates, minimum balance requirements, account opening disclosures, and fee schedules. This regulation applies to personal accounts, not corporate or organizational accounts.

7. Regulation E: This regulation establishes standards for electronic funds transfers, specifying the responsibilities of both consumers and financial institutions. It covers actions consumers must take to report issues and the steps banks must follow to offer remedies.

8. Regulation H: This rule requires member banks to implement security measures against specific offenses, as outlined by the Bank Protection Act. Member banks are also required to report suspicious activities under this regulation.

9. Servicemembers Civil Relief Act (SCRA): This federal law protects military personnel as they prepare to enter active service, covering a range of topics such as rental agreements, evictions, and interest rates on various forms of credit.

10. Bank Secrecy Act (BSA): Also known as the Currency and Foreign Transactions Reporting Act, this regulation mandates that financial institutions report certain cash transactions exceeding $10,000.

11. Unlawful Gambling Enforcement Act (UIGEA/Regulation GG): This regulation prohibits transactions related to illegal internet gambling.

12. Regulation M: Known as Subchapter M, this IRS regulation allows investment companies to pass on capital gains, dividends, and interest to individual investors without double taxation.

13. Regulation O: This rule limits the credit extensions that a member bank can offer to its executive officers, major shareholders, and directors.

14. Regulation T: This regulation governs investor cash accounts and the credit that brokerages may extend for the purchase of securities.

15. Regulation U: This regulation restricts the leverage that can be used in buying securities with loans secured by those securities.

16. Regulation V: This rule requires all entities that provide information to consumer reporting agencies to ensure the information is accurate.

17. Regulation W: This Federal Reserve regulation restricts certain transactions between banks and their affiliates.

18. Regulation X: This sets credit limits for foreign individuals or organizations purchasing U.S. Treasury securities.

19. Regulation Y: This governs the conduct of corporate bank holding companies and some state-member banks.

20. Regulation Z: Also known as the Truth in Lending Act, this regulation aims to ensure that loan terms are communicated clearly, enabling consumers to easily compare credit arrangements.

In conclusion, the above overview outlines the U.S. banking authorities and regulations that virtual banks must comply with.

FinTech Security and Regulation

Welcome back to Continuous Improvement, the podcast where we explore the world of finance, technology, and innovation. I'm your host, Victor, and in today's episode, we're diving into the fascinating world of virtual banking regulations in the United States.

As a FinTech consultant, I've been studying the security and regulation landscape in the US financial sector, specifically in relation to virtual banking. The US operates under a unique "dual banking system," which means banks can be chartered by either one of the 50 states or by the federal government. But regardless of who charters the bank, there are regulations that virtual banks must adhere to.

Let's start with the Gramm-Leach-Bliley Act, commonly known as the GLBA. This act mandates that financial institutions inform their customers about their information-sharing practices and protect sensitive data. The GLBA is enforced by the Federal Trade Commission (FTC), federal banking agencies, other regulatory bodies, and state insurance oversight agencies.

Under the GLBA, financial institutions must have safeguards in place to protect client information. These safeguards extend to their affiliates and service providers as well. Additionally, financial institutions must issue specific notices and adhere to limitations on the dissemination of nonpublic personal information.

Now, let's move to the California Consumer Privacy Act, or CCPA. This act grants consumers more control over their personal data collected by organizations. It provides rights such as knowing what data is collected and how it is used, requesting the deletion of personal information, opting out of the sale of personal information, and non-discriminatory treatment.

California voters also approved the California Privacy Rights Act, or CPRA, which expands existing privacy rules further. However, some exemptions will expire on January 1, 2023, making the full range of CPRA standards applicable.

Moving on, the NYDFS Cybersecurity Regulation imposes strict cybersecurity standards on financial institutions in New York. Banks, mortgage companies, and insurance providers must implement comprehensive cybersecurity plans and maintain reporting systems for cybersecurity events.

When it comes to outsourcing technology services, there are guidelines outlined in the Information Technology Examination Handbook. Financial regulators have the authority to oversee all activities and records, ensuring compliance with federal consumer financial regulations.

And let's not forget the Consumer Financial Protection Bureau, which has its own guidelines for information technology examination procedures. While aspects of a product or service can be outsourced, the responsibility for compliance with regulations cannot be delegated.

To summarize, virtual banks operating in the US must comply with various regulations related to data protection, privacy, cybersecurity, and financial operations. This includes the Gramm-Leach-Bliley Act, the California Consumer Privacy Act, NYDFS Cybersecurity Regulation, outsourcing guidelines from the Information Technology Examination Handbook, and more.

Understanding and adhering to these regulations is crucial for virtual banks to protect their customers' information, maintain compliance, and build trust in the financial sector.

That's it for today's episode of Continuous Improvement. I hope you found this overview of virtual banking regulations in the US insightful. Stay tuned for more episodes where we explore the latest trends, challenges, and innovations in the world of finance and technology.

As always, I'm your host Victor, and thank you for listening to Continuous Improvement.

FinTech Security and Regulation

As a FinTech consultant, I am conducting a study on the security and regulation of virtual banking in the US financial sector. The federal and state governments in the United States have various agencies that regulate and oversee financial markets and businesses. Each of these agencies has a distinct set of tasks and responsibilities, allowing them to operate independently while pursuing similar objectives.

The United States operates under a "dual banking system," meaning that banks can be chartered by either one of the 50 states or by the federal government. Regardless of who charters the bank, it will have at least one federal supervisor. Below is a list of US banking regulations that virtual banks must adhere to.

Firstly, the Gramm-Leach-Bliley Act (GLBA) mandates that financial institutions—companies providing financial products or services like loans, financial or investment advice, or insurance—inform their customers about their information-sharing practices and protect sensitive data.

The principal data protection elements of the GLBA are outlined in the Safeguards Rule. The FTC's Privacy of Consumer Financial Information Rule (Privacy Rule) supplements the GLBA by providing additional privacy and security requirements. The GLBA is enforced by the FTC, federal banking agencies, other federal regulatory bodies, and state insurance oversight agencies.

For instance, the Safeguards Rule (16 CFR 314) requires financial institutions under FTC jurisdiction to have safeguards for protecting client information. Companies subject to this rule must ensure that their affiliates and service providers maintain customer data securely and implement their own protective measures.

Additionally, the Financial Privacy Rule (16 CFR Part 313) requires financial institutions to issue specific notices and adhere to certain limitations on the dissemination of nonpublic personal information. Unless an exception applies, financial institutions must inform both affiliated and non-affiliated third parties about their privacy policies and practices and allow consumers to opt out of sharing their nonpublic personal information with nonaffiliated third parties.

Secondly, the California Consumer Privacy Act of 2018 (CCPA) grants consumers more control over personal data collected by organizations. California consumers now have new privacy rights, including the right to know what personal information a business collects and how it is used and shared; the right to request the deletion of collected personal information (with some exceptions); the right to opt out of the sale of their personal information; and the right to non-discriminatory treatment for exercising their CCPA rights.

In November 2020, Californians voted to enact the California Privacy Rights Act (CPRA), which significantly expands existing privacy rules and will take effect on January 1, 2023. It's worth noting that the current "business-to-business" and "HR" exceptions will expire on the same date, making the full range of CPRA standards applicable to these types of personal information, which are currently largely exempt from the CCPA.

Thirdly, the NYDFS Cybersecurity Regulation (23 NYCRR 500) imposes strict cybersecurity standards on financial institutions in New York. Under this regulation, entities like banks, mortgage companies, and insurance providers must implement comprehensive cybersecurity plans and policies and maintain ongoing reporting systems for cybersecurity events.

Fourthly, the Information Technology Examination Handbook's "Outsourcing Technology Services Booklet" offers guidelines to help examiners and bankers evaluate the risk management processes involved in establishing, managing, and monitoring IT outsourcing relationships. Federal financial regulators have the authority to oversee all activities and records of a financial institution, whether performed by the institution itself or by a third party.

Fifthly, another section of the Information Technology Examination Handbook, the "Information Security" booklet, provides guidance on assessing the level of security risks to a financial institution's information systems. It encourages institutions to maintain robust information security programs that are supported by board and senior management, integrated into business processes, and clearly accountable for security tasks.

Sixthly, the Consumer Financial Protection Bureau (CFPB) has issued guidelines for its Information Technology Examination Procedures under Compliance Management Review. While institutions can outsource operational aspects of a product or service, they cannot delegate the responsibility for ensuring compliance with federal consumer financial regulations or managing the risks associated with service provider agreements.

In summary, virtual banks operating in the United States must comply with all the aforementioned regulations. This involves interpreting the rules, clarifying them, and preparing the necessary documentation. To achieve compliance, virtual banks will need to thoroughly analyze these requirements and take the appropriate steps to meet them.

Some of the key bank regulations in the United States include the following:

1. Regulation B: This regulation aims to prevent discrimination in the credit application process. It outlines the procedures lenders must follow when obtaining and processing credit information. Under this regulation, lenders are prohibited from discriminating based on age, gender, race, nationality, or marital status.

2. Community Reinvestment Act of 1977 via Rule BB: This Federal Reserve regulation encourages banks to lend to low- and moderate-income borrowers. It also requires institutions to disclose the communities they intend to serve and the types of credit they are willing to offer there.

3. Home Mortgage Disclosure Act of 1975 via Regulation C: This regulation mandates that many financial institutions annually provide loan data about the communities to which they have offered residential mortgages.

4. Regulation CC: This rule requires depository institutions to make funds available within specified time periods and inform customers about their funds' availability practices. It also includes measures to expedite the collection and return of unpaid checks.

5. Regulation D: This regulation imposes reserve requirements on certain deposits and other liabilities of depository institutions for monetary policy purposes.

6. Regulation DD: Financial institutions are obligated to inform customers about annual percentage yields, interest rates, minimum balance requirements, account opening disclosures, and fee schedules. This regulation applies to personal accounts, not corporate or organizational accounts.

7. Regulation E: This regulation establishes standards for electronic funds transfers, specifying the responsibilities of both consumers and financial institutions. It covers actions consumers must take to report issues and the steps banks must follow to offer remedies.

8. Regulation H: This rule requires member banks to implement security measures against specific offenses, as outlined by the Bank Protection Act. Member banks are also required to report suspicious activities under this regulation.

9. Servicemembers Civil Relief Act (SCRA): This federal law protects military personnel as they prepare to enter active service, covering a range of topics such as rental agreements, evictions, and interest rates on various forms of credit.

10. Bank Secrecy Act (BSA): Also known as the Currency and Foreign Transactions Reporting Act, this regulation mandates that financial institutions report certain cash transactions exceeding $10,000.

11. Unlawful Gambling Enforcement Act (UIGEA/Regulation GG): This regulation prohibits transactions related to illegal internet gambling.

12. Regulation M: Known as Subchapter M, this IRS regulation allows investment companies to pass on capital gains, dividends, and interest to individual investors without double taxation.

13. Regulation O: This rule limits the credit extensions that a member bank can offer to its executive officers, major shareholders, and directors.

14. Regulation T: This regulation governs investor cash accounts and the credit that brokerages may extend for the purchase of securities.

15. Regulation U: This regulation restricts the leverage that can be used in buying securities with loans secured by those securities.

16. Regulation V: This rule requires all entities that provide information to consumer reporting agencies to ensure the information is accurate.

17. Regulation W: This Federal Reserve regulation restricts certain transactions between banks and their affiliates.

18. Regulation X: This sets credit limits for foreign individuals or organizations purchasing U.S. Treasury securities.

19. Regulation Y: This governs the conduct of corporate bank holding companies and some state-member banks.

20. Regulation Z: Also known as the Truth in Lending Act, this regulation aims to ensure that loan terms are communicated clearly, enabling consumers to easily compare credit arrangements.

In conclusion, the above overview outlines the U.S. banking authorities and regulations that virtual banks must comply with.

My Operating Manual as a Manager

I recently completed an online course on becoming a Complete Manager. One valuable lesson was the importance of creating an operating manual explicitly designed to help others understand the best ways to work with me. The manual serves to accelerate relationship-building with my teammates. I share it during one-on-one conversations, reinforcing the resiliency of my relationships and enabling quicker trust repair in the event of conflicts.

Ways of Working - Communication

Preferences for Receiving Feedback

• Be honest and assume positive intent.
• No surprises. Communicate issues early and often; I can't fix what I don't know.
• Be specific and use examples rather than vague arguments. Make any assumptions about me explicit.

Preferences for Giving Feedback

• Opt for 1:1 private meetings over group settings.
• Base discussions on facts rather than subjective biases. Be rational, not emotional.
• Provide constructive suggestions.

Forms of Communication

• Use Slack for internal team messages and respond as promptly as possible. Quick questions will come via Slack.
• Utilize email for external clients and Google Meet for extended discussions. Please provide advance notice so I can prepare.
• Reserve in-person interactions for social activities and team building. I won't contact my team via WhatsApp during non-office hours.

Ways of Working - Time Management

• My peak focus time for independent work like software development or document writing is in the morning. Feel free to interrupt for urgent matters.
• I collaborate best in the afternoons during team meetings or casual catch-ups for team-building activities.

Calendar Scheduling

• Send Google Calendar invites and either accept or reject them. If the timing isn't ideal, propose a new time.
• If you can't attend, decline the invite in advance and offer a brief explanation.
• I generally arrive on time for meetings. If I anticipate being late, I'll inform you via Slack.

Ways of Working - Information

Preference for Digesting Information

• I prefer reading to listening, as it allows me to process information more quickly.
• For detailed answers requiring analysis, communicate asynchronously. For quick guesses, synchronous communication is fine.

Making Meetings Successful

• Limit group size to fewer than nine people for meaningful conversation.
• Keep meetings within an hour, focusing on interaction over process.
• Be open-minded and ready to pivot when necessary.

Ways of Working - Getting it Right

What People Often Get Right About Me

• I'm an introvert; networking events drain me quickly.
• I'm a continuous learner with two master's degrees and various IT certifications.
• I work more efficiently in an office than at home.

What People Often Underestimate About Me

• My language skills are useful for APAC sales presentations.
• Despite being introverted, I have a sense of humor and enjoy team camaraderie.
• I am ambitious and goal-oriented, influenced by an Asian cultural emphasis on humility.

Ways of Working - What I Value Most

• Continuous improvement: Competence is the foundation of good management.
• Servant leadership: Team success over personal gains.
• Agile mindset: Flexibility and adaptability in a dynamic work environment.

Ways of Working - Relationship

When Relationships are at Their Best

• Diverse skills with clear roles and responsibilities.
• Democratic decision-making and consensus-building.
• Transparency, trust, and a harmonious atmosphere.

When Relationships are Frustrating or Stressful

• Show empathy and avoid the blame game during frustrating times.
• Don't distract with frequent status updates when I'm focused on challenging tasks.

In summary, this operating manual is an evolving document that reflects my management style and learning. If you'd like to discuss anything further, please feel free to reach out. I'm eager to collaborate with you.

My Operating Manual as a Manager

Welcome to "Continuous Improvement," the podcast dedicated to helping you grow and succeed as a manager. I'm your host, Victor, and today we're diving into the topic of creating an operating manual to enhance relationships in the workplace.

I recently completed an online course on becoming a Complete Manager, and one valuable lesson I learned was the importance of having an operating manual. This manual is designed to help others understand the best ways to work with me and accelerate relationship-building with my teammates.

Communication is the foundation of any successful team, and that's why I've outlined my preferences for giving and receiving feedback in my manual. It's important to be honest and assume positive intent, and to communicate issues early and often. Remember, I can't fix what I don't know.

When giving feedback, it's best to opt for one-on-one private meetings and base discussions on facts rather than subjective biases. By providing constructive suggestions, we can all grow and improve together.

In terms of communication channels, I prefer using Slack for internal team messages and responding as promptly as possible. Quick questions are best suited for Slack, while email is preferred for external clients. For extended discussions, let's utilize Google Meet, but please provide advance notice so I can prepare.

Moving on to time management, it's important to understand each other's peak focus times for independent work. For me, that's in the morning, so feel free to interrupt for urgent matters during that time. Collaboration and team meetings tend to work best for me in the afternoon.

When it comes to calendar scheduling, send Google Calendar invites and either accept or reject them. If the timing isn't ideal, propose a new time. And if you can't attend a meeting, please decline the invite in advance and offer a brief explanation.

We all have different preferences for digesting information, and for me, reading allows me to process information more quickly. Asynchronous communication is preferred for detailed answers requiring analysis, while synchronous communication is fine for quick exchanges.

Making meetings successful is crucial to our productivity. Let's limit group size to fewer than nine people for meaningful conversation, keep meetings within an hour, and focus on interaction over process. And remember, be open-minded and ready to pivot when necessary.

It's important to understand what people often get right about me and what they may underestimate. I'm an introvert, so networking events drain me quickly, but I have a sense of humor and enjoy team camaraderie. And despite my humility, I am ambitious and goal-oriented.

My operating manual also reflects what I value most as a manager. Continuous improvement is the foundation of good management, with a focus on competence. I also believe in servant leadership – prioritizing team success over personal gains. And in our dynamic work environment, having an agile mindset is crucial.

Understanding the dynamics of relationships is key to a harmonious team. When relationships are at their best, there are clear roles and responsibilities, democratic decision-making, and a transparent and trusting atmosphere. During frustrating times, let's show empathy and avoid the blame game.

In summary, my operating manual is a living and evolving document that reflects my management style and learning. If you have any questions or want to discuss anything further, please feel free to reach out. I'm eager to collaborate with you.

And that concludes today's episode of "Continuous Improvement." Thank you for tuning in, and remember, a successful manager is always striving to improve. Join us next time as we explore more ways to grow in your managerial journey. Take care, and stay focused on continuous improvement.

作為經理的操作手冊

我最近完成了一門成為完整經理的在線課程。一個寶貴的課程，就是創建一份明確設計來幫助其他人理解與我一起工作的最佳方式的操作手冊的重要性。這份手冊有助於加強我與我的團隊成員建立關係。我在一對一的對話中分享這份手冊，進一步強化我的關係的韌性，且在衝突發生時能更快地恢復信任。

工作方式 －溝通

接收反饋的偏好

• 誠實且總是樂觀地面對。
• 沒有驚喜。提早且經常性地溝通問題；我無法修正我不知道的事情。
• 具體且使用實例而不是模糊的爭論。將對我任何假設明確表達。

給予反饋的偏好

• 選擇在1對1的私人會議中，而不是在團隊的設定中。
• 基於事實而不是主觀偏見來討論。應該理性，而不是情緒化。
• 提供建設性的建議。

溝通的方式

• 使用Slack作為團隊內部信息，並盡快回覆。快問題將透過Slack 提出。
• 使用電子郵件來應對外部客戶和Google Meet進行深入討論。提前通知我以便我做好準備。
• 保留在離線互動的社交活動和團隊建設。我不會在非辦公時間透過 WhatsApp 聯繫我的團隊。

工作方式 －時間管理

• 我最佳的獨立工作，如軟件開發或文件撰寫的集中時間是在早晨。如有急事，請隨時打斷我。
• 我在下午的團隊會議或隨和的聊天中最佳的合作時間，這些都是團隊建設活動。

日曆安排

• 發送Google日曆邀請，並接受或拒絕他們。如果時間不佳，提議新的時間。
• 如果你不能出席，請提前拒絕邀請並提供簡短的說明。
• 我通常會準時到達會議。如果我預見將會遲到，我將通過Slack 通知您。

工作方式 －信息

消化信息的偏好

• 我寧願閱讀而不是聆聽，因為這讓我更快地處理信息。
• 對於需要分析的詳細答案，進行異步溝通。對於快速的猜測，同步溝通就可以。

讓會議得到成功的方法

• 把團隊規模限制在少於九人以進行有意義的對話。
• 保持會議在一小時內，更加注重互動而不是過程。
• 保持開放的心態，做好變革的準備。

工作方式 －做對的事情

人們常常對我做對的事情

• 我是一個內向的人；社交活動消耗我相當多的精力。
• 我是一個持續學習的人，有兩個碩士學位和各種IT證書。
• 我在辦公室的工作效率比在家裡更高。

人們常常低估我

• 我的語言技能對於APAC地區的銷售呈現非常有用。
• 儘管是個內向的人，我有幽默感並喜歡團隊的歡愉。
• 我是一個有雄心且以目標為導向的人，受亞洲文化對謙虛的強調影響。

工作方式 －我最重視的事情

• 持續的改進:能力是良好管理的基礎。
• 公僕領導者:團隊的成功高於個人的收益。
• 敏捷的心態:在動態工作環境中的靈活性和適應性。

工作方式 －關係

當關係在最佳狀態時

• 不同的技能具有明確的角色和責任。
• 民主的決策製定和共識建立。
• 透明度，信任和和諧的氣氛。

當關係令人沮喪或壓力時

• 在受挫的時候要展示同情並避免指責遊戲。
• 不要在我專注努力的任務時用狀態更新干擾我。

總的來說，這份操作手冊是一份關於我的管理風格和學習的進化文檔。如果您願意進一步討論任何事情，請隨時與我聯繫。我非常期待與您合作。

Azure EventHub, Logic Apps, and DataVerse

Kafka messages can be exported to and imported from Microsoft Cloud for Financial Services (FSI). This cloud solution offers various components, including a unified customer profile for managing customer data. It also has the capability to store personally identifiable information (PII). Data can flow from Kafka to Azure EventHub, and from there, Logic Apps can synchronize the data to DataVerse, which FSI can then consume. This workflow is illustrated in the diagram below:

To set up this connection, follow the steps below:

1. Sending Events to Azure EventHub

For example, you can use the Python script below to send three simple event messages to Azure EventHub.

import time
import os
import json
from azure.eventhub import EventHubProducerClient, EventData
from azure.eventhub.exceptions import EventHubError

# Replace placeholders with your EventHub name and connection string
EVENTHUB_NAME = "REPLACE_WITH_EVENTHUB_NAME"
CONNECTION_STR = "Endpoint=sb://REPLACE_WITH_CONNECTION_STRING.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=REPLACE_WITH_SHARED_ACCESS_KEY"

body = json.dumps({"id": "something"})

def send_event_data_batch(producer, i):
    event_data_batch = producer.create_batch()
    event_data_batch.add(EventData(body))
    producer.send_batch(event_data_batch)

producer = EventHubProducerClient.from_connection_string(
    conn_str=CONNECTION_STR,
    eventhub_name=EVENTHUB_NAME
)

start_time = time.time()
with producer:
    for i in range(3):
        send_event_data_batch(producer, i)

print("Sent messages in {} seconds.".format(time.time() - start_time))

Replace the placeholders for the EventHub name and connection string. If the message is sent successfully, you will see output similar to "Sent messages in 1.730254888534546 seconds."

If you encounter the error "Authentication Put-Token failed. Retries exhausted," double-check the placeholder values to ensure they are correct.

2. Connecting Azure EventHub to Logic Apps

Navigate to the Azure portal and search for Logic Apps. Create a new one to serve as your automated workflow. EventHub events will act as the trigger, and DataVerse will be the output. Choose "Consumption" as the plan type, which is suitable for entry-level development.

Once your Logic App is created, go to Development Tools and access the Logic App designer. The process involves three steps:

2.1 EventHub Trigger

The first step is to connect to EventHub as the trigger. For development purposes, set the check interval to 3 seconds.

2.2 Initialize Variables

The next step is to parse the message from EventHub. The sample message is:

{
  "id": "something"
}

To extract the value using the key "id," you can use the following expression:

json(decodeBase64(triggerBody()['ContentData']))['id']

2.3 Add a Row to DataVerse

The final step is to use the database connector to add a new row to the corresponding DataVerse table. If the table doesn't yet exist, navigate to https://make.powerapps.com/, select DataVerse, and then Tables to create one. Use the variable initialized in step 2 to populate the fields.

Once completed, save the workflow.

3. DataVerse

DataVerse serves as a database for storing data in tables. If the Logic App is successfully triggered when a new event is added, you will see a new row in the DataVerse table.

Finally, once all the data is synced to Azure FSI, you can navigate to the Microsoft Cloud Solution Center at https://solutions.microsoft.com/ to select the component you wish to use. For instance, you can select the Unified Customer Profile to manage customer data.

To launch the Dynamics 365 sandbox, navigate to the Solution Center and click the "Launch" button. The Unified Customer Profile app will display populated sample data.

Feel free to reach out if you have any questions about setting this up. Cheers.

Azure EventHub, Logic Apps, and DataVerse

Welcome to "Continuous Improvement," the podcast where we explore practical tips and strategies to enhance your work processes and boost your productivity. I'm your host, Victor, and today we're diving into the world of data synchronization between Apache Kafka and Microsoft Cloud for Financial Services (FSI). In this episode, we'll walk you through the steps to export and import Kafka messages to FSI and discuss the benefits of integrating these two powerful platforms. So, let's get started!

First things first, let's understand the process of exporting Kafka messages to Azure EventHub, one of the components of Microsoft Cloud for FSI. To achieve this, we'll be using a Python script that sends event messages to Azure EventHub.

[Background explanation]

Here's an example Python script to get you started. You would need to replace the placeholders with your own EventHub name and connection string. The script sends three simple event messages to Azure EventHub, demonstrating the process of exporting data.

[Code snippet]

Once you've customized the script, execute it. If everything goes well, you should see a message indicating the successful delivery of the events. But remember, if you encounter any errors, double-check the placeholder values to ensure they are correct.

With the Kafka messages successfully sent to Azure EventHub, the next step is to connect Azure EventHub to Logic Apps. Logic Apps will act as the workflow automation tool to synchronize data from EventHub to DataVerse, another component of Microsoft Cloud for FSI. Let's walk through the process.

[Background explanation]

Start by navigating to the Azure portal and searching for Logic Apps. Create a new Logic App to serve as your automated workflow. EventHub events will act as the trigger, while DataVerse will be the output. For development purposes, choose the "Consumption" plan type, suitable for entry-level development.

Once your Logic App is created, access the Logic App designer. The process involves three main steps: EventHub trigger, initializing variables, and adding a row to DataVerse.

[Background explanation - EventHub Trigger]

In the first step, configure the Logic App to connect to EventHub as the trigger. For development purposes, set the check interval to 3 seconds to ensure smooth processing.

[Background explanation - Initialize Variables]

Now let's move on to step two – initializing variables. In this step, you'll parse the message received from EventHub. The sample message structure would look something like this:

{
    "id": "something"
}

To extract the value using the key "id," you can utilize the provided expression:

json(decodeBase64(triggerBody()['ContentData']))['id']

This expression helps you retrieve the specific data you require from the received message.

[Background explanation - Add a Row to DataVerse]

Finally, the last step involves adding a row to DataVerse. Utilize the database connector to accomplish this. If the table doesn't exist yet, you can create one by navigating to https://make.powerapps.com/ and selecting DataVerse. Populate the fields with the variables initialized in step two.

Congratulations! You've successfully set up the connection between Azure EventHub and Logic Apps, ensuring continuous data synchronization from Kafka to DataVerse within Microsoft Cloud for FSI.

But wait, what exactly is DataVerse? Well, DataVerse serves as a database for storing data in tables. Once your Logic App is triggered by a new event, you'll see a new row added to the DataVerse table.

[Background explanation]

And with all the data seamlessly synced to Azure FSI, you can now explore the various components offered by Microsoft Cloud for FSI. For instance, the Unified Customer Profile allows you to efficiently manage customer data, providing a comprehensive view of each customer.

Access the Microsoft Cloud Solution Center at https://solutions.microsoft.com/ to explore and select the desired component that best suits your needs. And don't forget that you can launch the Dynamics 365 sandbox from the Solution Center to see the Unified Customer Profile app in action with pre-populated sample data.

[Closing remarks]

That wraps up today's episode of "Continuous Improvement." We hope you've found value in learning how to export Kafka messages to Azure EventHub, synchronize data to DataVerse using Logic Apps, and leverage the powerful components provided by Microsoft Cloud for FSI. If you have any questions about setting this up or need further assistance, feel free to reach out.

Remember, continuous improvement is all about finding ways to enhance our processes and stay ahead of the game. Join us again next week for another insightful episode. Until then, keep improving and stay productive!