The following was posted by Niel Harper to his blog, a technology SME – David, Barbados Underground
There’s a common misconception that IT governance, risk and control (GRC) professionals like myself impose unreasonable demands on those trying to innovate and deliver human, social and economic benefits to society. But this is the furthest thing from the truth – our role is to ensure that those who are delivering technological solutions understand the risks and impacts associated with their IT platforms, and mitigate them in an adequate, effective, and sustainable manner.
The aforementioned point is key as I will go on to explore the privacy, security, and socio-economic implications of two recent announcements by the Government of Barbados pertaining to the implementation of Blockchain-related technology in the country. In a September 19th article titled ‘E-currency pilot coming’, it was stated that Prime Minister Mia Mottley “did not give details of the planned mobile wallet pilot project or when it would begin but gave the assurance that it would not be done in a reckless manner.” Barbados Today published an article on September 25th which stated ‘BSE to begin crypto-trading’, essentially heralding the decision of the Barbados Stock Exchange to trade in security tokens or crypto assets.
Given my intimate knowledge of privacy and security weaknesses in both the public and private sectors, the PM’s words do not instill in me any great confidence around the robustness of the security controls that will accompany these projects. The implementation of e-currency is a complex undertaking, that if not done correctly, can have a material impact on the country’s already weakened economic position. Security tokens are an extremely nascent solution with a lot of potential, but that doesn’t exempt them from security and privacy deficiencies. As such, I want to delve into some of the key areas that must be addressed before these solutions are widely deployed across our beloved nation.
Contract management and due diligence
Before any contracts are signed to commence these projects, the government must understand where personal data of Barbadian citizens will be stored. To provision users onto these platforms, personal data will need to be collected for AML and KYC purposes such as name, address, phone number, driver’s license, passport details, etc.
If the data is stored outside of Barbados, the privacy of Bajans may not be safeguarded as it will be subject to the laws and regulations of the jurisdiction in which the data resides (meaning that the legislation of a foreign country could permit them access to any and all data kept on Barbadian citizens). This is particularly concerning given the absence of data protection legislation in Barbados that would force any fintech company to ensure that transnational data flows must only occur where the destination country has an adequate legal framework in place to protect the rights of data subjects.
The lack of data protection legislation presents another problem in terms of imposing strict obligations on fintech providers to uphold the rights of data subjects. This includes setting requirements and fines for both data controllers and data processors as it pertains to protecting personal and sensitive data, obtaining consent to share personal/sensitive data, reporting data breaches to government and data subjects, among other rules. Hence, it would be in the best interests of Barbados citizens and foreign nationals if the 2018 Data Protection Bill was enacted into law before the launch of the new platforms.
In an ideal situation, the government should obtain 2-3 references from previous instances where the contracted parties have deployed solutions of this kind for other customers. However, it appears that Barbados will be the first country where the vendor will be deploying a ‘true’ e-currency platform, thus making the need for strong controls even more critical. As it pertains to tokenized securities, similar due diligence must be undertaken to protect our citizens.
The government must ensure that a qualified and independent security professional conducts a site visit to the vendors’ facilities to undertake a thorough assessment of their security controls. If this cannot be done, the vendor should be required to furnish government with a signed attestation from an independent and qualified third party that the facilities meet all the necessary best practice security requirements. Additionally, there should be a “right to audit” clause in the contract that allows the government to turn up at the vendors’ facilities at any time to conduct a security assessment.
The vendors’ financial statements should be reviewed by an independent auditing firm such as PwC, EY or Deloitte to ensure that they are in good standing and that they are able to remain going concerns for the foreseeable future. The viability of their business models should also be assessed as ‘feasible’. This would protect the country and its citizens from being left at the mercy of fintech service providers whose platforms enjoy massive uptake and integration into the socio-economic fabric of the country, and then they are quickly no longer in business.
With regards to PwC, EY, Deloitte, and other accounting firms (or any qualified professional services firm as a matter of fact), government should enlist one of them to have experienced IT auditors assigned full-time to both projects. This would ensure that IT governance, risk and control processes are embedded throughout the project lifecycles and don’t become an afterthought.
Another area of due diligence is assessment of the team who will be delivering and supporting the solutions. The government must obtain assurance that the right mix of skills is available to deliver and provide ongoing support for high performance, scalable and secure fintech platforms. Along with the technical positions, key roles that should be in place are Internal Audit (assurance), Privacy (compliance) and Information Security (availability, integrity and confidentiality).
Finally, a software escrow agreement that allows government access to the vendor’s proprietary code in the event they go out of business should be put into place.
Technical architecture
Undertaking a technical architecture assessment is critical to implementing both these projects. Once again, independent and qualified 3rd parties need to look at how the different elements of these platforms will integrate with each other and how they will be secured against cyber-attacks. A number of the questions that the selected fintech service providers need to answer and verify are as follows:
- How will web and application servers be hardened against attacks?
- How will database systems be hardened against malicious actors?
- How will operating systems be hardened and secured from hackers?
- How will identity and access management (IAM) be delivered to manage privileged access to these platforms?
- Will middleware and APIs have built-in authentication mechanisms?
- Will all data transmitted over public networks be encrypted?
- What encryption schemes will be used to protect sensitive data in storage?
- Will network devices such as routers and switches be hardened and utilize strong authentication mechanisms?
- Will there be separate firewall tiers to isolate and protect servers with higher risk profiles?
- How will administrators and developers securely access the platforms remotely?
- How strong will the controls be around disaster recovery/business continuity?
- Will online or offline wallets be used and how will they be secured (e.g. passwords, passphrases, two-factor authentication, biometrics, etc.)?
- How are mobile applications designed with security in mind (e.g. storage, communication, authentication, cryptography, etc.)?
- How are web applications designed with security in mind (e.g. input/data validation, authentication, authorization, storage, communication, cryptography, etc.)?
- Will private or public Blockchains be used? How will the Blockchain, smart contracts and related elements be secured?
- If fintech companies are using cloud services, how are issues like multi-tenancy, distributed denial of service (DDoS) attacks, breach notification, malicious insiders, etc. being addressed?
- How will integration with external systems be secured?
These questions and others need to be satisfactorily answered before these fintech solutions become live. A technical architecture review should be conducted to set a baseline of expectations with regards to the final solution. Bringing trusted, independent cybersecurity experts to the table will ensure that they are no controls gaps in the end-state architecture.
Testing
Testing is one of the best phases in software development to flesh out security issues. Hence, this is where government needs to double down on its due diligence. Below are a couple of questions that government should be asking and receiving answers/evidence for:
- How are code repositories being used and secured?
- What processes and tools are used to manage version control and to promote code from testing to live environments? Are these tools fit for purpose?
- What secure coding standards are being used by developers and what tools are being used to force adherence to these standards?
- How are static application security testing (SAST) and dynamic application security testing (DAST) being employed?
- How are source code analyzers being used to detect security weaknesses in both non-compiled and compiled code?
- Will stress testing be conducted to ensure the system design and resources can support transaction volumes?
- Are dynamic scanners being used to simulate attacks during the quality assurance (QA) cycle?
- Have threat modeling and risk assessment been conducted on the end-to-end solutions? Has an independent party verified the results?
- Does the test environment mimic the production environment as much as possible?
- Will an independent security architecture review be performed on the system before it goes live? Will all the material weaknesses found be remediated before the solutions go live?
- Will independent penetration tests (externally looking inwards) and vulnerability scans (internally looking outward) be performed on the system before it goes live? Will all the material weaknesses found be remediated before the solutions go live?
- What security-related scenarios will be included in user acceptance testing (UAT) or closed user group (CUG) testing (e.g. input/data validation, password quality rules, repudiation, roles-based access controls, path traversal, missing authorization, error handling, privilege elevation, etc.)?
- What levels of audit logs are generated by the systems? Are audit logs properly secured?
The testing phase provides an opportunity to iron out most of the security issues before the live solution is released to the public. The importance of this stage should not be underestimated, and government must ensure that they are fully engaged and involved throughout.
Deployment and ongoing support
Deployment and ongoing support will be integral to delivering a truly disruptive fintech solution to the citizens of Barbados. Of course, the first step is deploying the exact system configuration that was thoroughly assessed and remediated during the architecture and testing phases. This can’t be emphasized enough – You don’t want to deploy a system full of security vulnerabilities. That being said, there are a number of questions relevant to supporting the environment on an ongoing basis:
- What processes will be in place for identity and access management? How will day-to-day access for normal users and super users of the systems be managed (e.g. granting, revoking, and updating access)?
- How will secure configurations be maintained throughout the system lifecycles (e.g. mobile security, desktop hardening, server hardening, switch and router hardening, etc.)?
- What processes/solutions will be in place for managing system vulnerabilities?
- What processes/solutions will be in place for managing system upgrades and patches?
- What processes/solutions will be in place for making changes to production systems?
- How will production systems be monitored for performance issues, normal and privileged account usage, network intrusions, unauthorized file changes, access to restricted systems, etc.?
- How will malware be addressed on production systems (e.g. cloud services, virtual guests, servers, mobiles, etc.)?
- How will security awareness for end-users of the systems be addressed (especially given that the intention is for the mobile wallet to be deployed widely to the public)?
- What processes and systems will be in place for disaster recovery/business continuity?
- How will government ensure that the right legal framework is in place to protect the country and its citizens (e.g. anti-money laundering, taxation, consumer protection, privacy, critical infrastructure protection, etc.)? NOTE: The legal framework is already deficient and they’re going forward with the project(s).
- Who will be supporting the production systems on an ongoing basis – government or the fintech companies? Will there be sufficient knowledge transfer to government personnel if they are tasked with ongoing support and maintenance?
- Has there been detailed assessment of ongoing costs? Will these costs be borne by the fintech provider or government? If by the fintech provider, what’s the business model that will be in place to sustain their operation in a profitable manner? If by the government, are the right staff in place to support and maintain the platform? Will the overall cost burden undertaken by government be sustainable (especially given the country’s existing financial situation)?
Monitoring and evaluation
For any system implementation to be truly successful, there must be a plan for realization of the benefits articulated at the beginning of the project. Here are some of the key questions to be answered:
- What does success look like?
- How will success be measured?
- Will success metrics be shared with the public (they should be when taking into consideration the levels of risk and investment in these projects)?
- Are the projects delivered on time and within budget?
- Have technical objectives been achieved?
- Have financial objectives been achieved?
- Are socio-economic benefits being realized by the population?
- Have human behaviors changed in terms of the use of mobile payments?
- Has the Barbados Stock Exchange (BSE) become more liquid? Has there been a significant uptick in foreign direct investment (FDI) via the BSE? Are we seeing more security tokens being traded on the BSE?
- Are there less underbanked or unbanked individuals in the country? Have financial inclusion statistics improved? Is the common man less burdened by the cost of banking? Is it now easier to send money overseas (money transfers) or send money back to Barbados (remittances)?
- Has government reduced the costs of funding the fiat monetary system?
- Have the substantial risks associated with correspondent bank de-risking been mitigated?
These questions and more need to be answered once the systems go live. More importantly, a benefits realization/monitoring & evaluation (M&E) plan needs to be in place up front. The government and its fintech partner should not be deciding what needs to be achieved and measured once the systems go live – these benefits should be stated up front to convey the value proposition and return on investment (ROI) for the systems, and to support the level of investment and risks undertaken.
Conclusion
These projects represent significant benefits for the country. Conversely, they also represent significant risks. I am not against technology; I have spent the last 10 years of my life committed to facilitating the use of ICTs for development (ICT4D) in emerging economies. However, I am of the firm belief that citizens have a right to know exactly what their leaders are getting them into (i.e. openness and transparency are of utmost importance). It is my hope that government will engage in a more transparent process as it pertains to the planned implementations of Blockchain and distributed ledger technologies (DLT). Moreover, if fintech is being done, it needs to be done RIGHT. One of the most basic, yet important, tenets of information systems auditing is “TRUST, BUT VERIFY”. All of the questions I have posed deserve answers. Not only answers, but verifiable evidence. Government is not known for strong expertise in IT law, policy and regulation; systems development; and cybersecurity. This is why the citizenry of Barbados cannot be expected to abide by only trust as it pertains to the implementation of Blockchain technologies across the country. The potential benefits, and the risks, are way too high!
ABOUT THE AUTHOR:
Niel Harper is a highly experienced, results-focused and globally recognized technology leader with 20+ years of sustained achievement in IT governance, risk and control (GRC), cybersecurity, telecoms engineering, application development, IT service management, enterprise architecture, and business continuity management. He has held leadership positions at organizations such as AT&T Wireless, Bermuda Commercial Bank, CARICOM Secretariat, CIBC, Internet Society and the Sint Maarten Telephone Group of Companies. He has also delivered consulting engagements in 20+ countries with organizations such as Bemol Lojas, European Union, First Global Bank, and LEX Caribbean, among others. He is a Member of the Expert Networks on Cybersecurity, Telecoms and IT at the World Economic Forum and a Member of the Research Advisory Group (RAG), Technical and Information Security at the Global Commission for the Stability of Cyberspace.
The blogmaster is curious to find out who is the point person representing government with these digital initiatives. Not the minister, the technocrats!
Thank you Mr. Harper for an excellent and enlightening post. So much food for thought!
Clearly there are more questions than answers:who? how? if?has? when?are? will? what? Hopefully answers will be given before the leap.
@David.
Tongues say the future Parl… Representative for St. Thomas.
I cannot say that I can give a name or trust and verify this.
Excellent. Excellent.
Contract management and due diligence
I would have like to see that employees of the company that stores the data must sign a confidentiality agreement,
Technical architecture
Excellent – buzzwords that I love to see – encryption, two-factor authentication,
Excellent, Excellent
One major correction though, the Barbados Stock exchange is NOT owned by the Barbados government.
From it’s Wikipedia page: “Although it was given effect by Parliament, the BSE functions as a not-for-profit organisation which is privately owned (by its Members). Authority is vested in a Board of Directors, which is chaired by the General Manager. ”
It appears that the last time parliament dealt with the BSE was in 2001, a while ago.
Its collectively owned by the private sector.
Did he make that claim? I missed it
If he did not then you remind me of 9of9. Making up stuff and then refuting your own claim..
I like BU. They are some very crafty folks here. They twist and distort. They put words in your mouth and then they ‘correct you’.
I just love them.
Watch how they will manoeuver to paint M Harper into one of the two corners. That is the level they understand and operate at..
The digital/ecommerce highway is filled with many potholes, N Harper has issued a warning on how the local authorities can avoid them.
I doubt whether anyone in government is capable of doing what Mr. Harper says is required. I am not even sure the knowledge/intellectual capital, etc. is resident on the island. Who does Rawdon have on his staff with the capacity to verify to government what is required? That is if they want verification of what is outlined, as Rawdon is now part and parcel of Mia’s government. So the left hand working with the right.
And that is fine, this can be the role of consultants.
All of the above prerequisites and parameters called for is the established protocol for web applications, crypto exchanges and platforms, bearing in mind that even established players are constantly tweaking and developing their models.
Instituting a payments platform is at best, the bottom tier. Creating a Crypto asset and Exchange is the greater challenge.
For a country that is now putting their feet in the water, may find it worthwhile to invite players of renown, who have already travelled that road, can either encamp their models and business as progenitors or be advisors of fintech development for the Barbados model (tuned to specifications) without going the route of reinventing the wheel.
All businesses necessitate navigating risks. At this juncture, its merely a pilot payment platform and not the creation and instituting of an e-currency. Where data collection is required, your cell number (in the case of acquiring a wallet) and email address and verification (per business account) is suffice to satisfy KYC rules in the Crypto Space (CS). Transnational CS data flows are embedded in 24 bit encrypted authenticating keys (for trading Cryptocurrencies) unlike data submitted for traditional web based goods and services. ALL DATA MUST BE PROTECTED, necessitating laws.
As per the BSE, Cryptocurrencies are viable trading assets.
All systems are shit (in technical jargon).
Storage devices fail and become outdated in 5 years.
@Kiki
Mankind life’s work is defined by new discoveries and advancement – what is new?
@ Mr Harper
Neil , you were going really well until you said these words
And then I immediately became suspicious of this supposedly unbiased article…
You said and I quote
“…Hence, it would be in the best interests of Barbados citizens and foreign nationals if the 2018 Data Protection Bill was enacted into law before the launch of the new platforms…”
What the badword are you saying?
You start by asking most of the right question and making most of the right observations AND THEN SAY TO YOUR AUDIENCE
“…Fear not theses and all your concerns are address in an Act that not a feller here ent know about A NEXT 1933 ENABLEMENT ACT OF MIA MAO MUGABE MOTTLEY!!!”
STEUPSEEE!!!
@PUDRYR
How do you propose data is managed in Barbados given our current position? Because Mr. Harper proposes that data protection legislation be implemented his good suggestions in the piece should be ignored?
@ Mr Neil Harper
Neil, I must admit that normally I would read a whole article and then comment but the things that you are saying are of such impact to de ole man’s slow poke reasoning dat I gots to comment immediately
You might not know this but at 2001 every single criminal record and fingerprint of government record was transferred to a American company WITHOUT THE KNOWLEDGE OR PERMISSION OF THE PEOPLE OF BARBADOS.
Ask David Simmonds THAT IS IF HE KNEW! in fact, given the new biometric passport that Humpty and Stacey affected de old man will put it to you nicely dat every effing record and picture and other particular that you provided in your baseline record ALSO IS NOW WIGH AN ENTITY THAT YOU NOR I NOR GHE PEOPLE OF BARBADIS KNOW BOUT, in similar circumstances
Not withstanding David Come Sing A Song’s futile interventions
But this I’d why dem does hate de ole man and why he WILL NEVER BE PART OF THIS NEW REGIME cause I does down forget tings nor unlike you? I is not into sucking pooch with these niceties of words.
We are in deep shy#€ Neil and you here soft soaping the true state of affairs which if tellers like you don’t stand up and say the truth we is screwed
You then said and I quote
“…Additionally, there should be a “right to audit” clause in the contract that allows the government to turn up at the vendors’ facilities at any time to conduct a security assessment…”
Which government?
The same government that has unilaterally offered a Bitcoin deal to Rawdone in the first place you would have them do an audit pun the chicken count?
@ the Honourable Blogmaster
I am proposing an enhancement that all the previous fellers have conveniently overlooked while pretending to entertain the Estonians and what has worked very well for Estonia.
But ever before we get to Neil’s ideas Honourable Blogmaster the fact is that neither you NOR HE has addressed the simplest question
And if I were to ask it now could you supply that question for me?
I will pause and await your submission
There is no time for games, make your point and allow the discussion to flow.
On your other comment, you want the government to avoid utilizing the services of the leading accounting houses in the world?
Neil I shall “totoyer” you by the familiar because you were once a man with a genuine heart and I will err on the side of fond remembrance (though Charles Herbert is also similarly remembered)
You said and I quote
“…The vendors’ financial statements should be reviewed by an independent auditing firm such as PwC, EY or Deloitte to ensure that they are in good standing and that they are able to remain going concerns for the foreseeable future…”
While in a subsequent line you appended other providers to your list I WILL VEHEMENTLY DISAGREE WITH YOUR SUGGESTION AND RECOMMEND THAT ANY OTHER ENTITIES BE ENGAGED THAN THESE 3 and add the KPMG 4th horseman to that iniquitous list.
Let the IDB find a truly I dependent IT auditor for this function for all of those entities are daubed in the tar of incestuous iniquity and MUST BE AVOIDED LIKE THE BUBONIC PLAGUE
@ the Honourable Blogmaster
De ole man shall ask the question again as to which critical factor has Neil missed?
And so as not to trick you I will give you a hint with a part of Neil’ s text
“…Finally, a software escrow agreement that allows government access to the vendor’s proprietary code in the event they go out of business should be put into place…”
Do you or Neil have the answer yet?
Am going to leave this to marinate a little since men like Neil are probably still sleeping now while de ole man seeing faces of those who departed…as in ole men shall see visions? Heheheheh and Brother Hants de ole man doan use de wacky tabaccy…
@PUDRYR
Who do you recommend should be the caretaker of the proprietary code?
Finally Neil. I read the whole document
You prove true to the man I knew years ago.
You state the facts of the matter with your skill of not offending anyone.
But whereas that approach works in 1st world environments where the consciences of reviewers would elicit wise actions and outcomes, what you state, here in Barbados, is going to remain on a shelf for a very long time.
Unless you come out and say “this is ghd standard AND YOUR MICKEY MOUSE MMONEY PILOT HAS NOT MET THESE STANDARDS and should not be entertained!” What will happen is the following.
Your expertise in creating a Scope of works and a SRS outline will be used to reverse engineer a document that will be backdated
That docjmdnt will then be published by the Government of Barbados on GIS and it will be broadcast for public viewing AFTER THE FACT
These guys are making ig up on the fly aided and abetted by “she got it”
But it becomes evident in the execution of what she has that “she ent got it in its entirety” but she ammm making it look good as brimlers do.
@PUDRYR
You obviously have not been following Niel on Facebook and elsewhere because he HAS come out and challenged the arrangement/MOU between government and Bitt Inc.
Since you missed it again I will first share the main issue that is missing in any Barbados ICT matrix.
The absence of a clearly stated, enacted and enforceable Intellectual Property rights act
Nothing Fintech OR FINTECH RELATED can and will proceed here in Barbados, AT 2018 OR BEYOND, until the current government of Barbados, shows its commitment to safeguard the very atoms on which Fintech is based.
And that is the critical element of the proposed growth of Barbados that all the “gather round the broken trident” espouses are missing!
Here is the message that this government has been telegraphing
1.We have a 30-0 majority in parliament and the Senate
2.we can have and will change the Constitution and the Laws to accommodate our own
3.We already tested this with Rawdone Mccunny and Wigfittings and wunna could not change a thing.
4.”we MPs have raised our salaries and when we teif your ideas, and your tax money, you cannot do us anything because our 1933 Ensblement Act gives us Immunity from prosecution. And even if found guilty, the fine for us is a measly $1500″
FOR TRULY WE HAVE ASCENDED TO MOUNT OLYMPUS AND HAVE BECOME GODS…
@PUDRYR
Is it not correct to also state that a pilot is meant to identify ‘gaps’ before going live?
Don’t get antsy Honourable Blogmaster you dun know de ole man going answer my question in due course.
You are new at this IT audit process in international development funding so I can snd will excuse you.
Neil is not, and I am surprised that he relied on names that ARE TRADITIONAL FINANCIAL AUDITORS AS OPPOSED TO true IT auditors.
None of the named actors are really the real players in IT or ICT audits. They are at best facilitators and flow through entities only recently appending this aspect of IT audits to their portfolios but it is not their substantive business ( I got that word substantive from AG Dale Smiley Teets Marshall when he referred to Mia Motley as the “substantive prime minister”)
@PUDRYR
Is it not correct to state that the top accounting houses have IT consulting arms adequately staffed with SMEs?
@ the Honourable Blogmaster
Your assistance please with a number of items here that are in suspense
You are correct that I don’t follow Neil elsewhere.
But if you follow my progressive submissions here on Neil’s article you will see a direction that ultimately gives Neil a verbal endorsement to his piece and also says that he has not departed from his principles in times aforetjmes.
Where I digressed in a signicant way is my begin point and his.
Neil is spoilt because he has been working with reasonable white people in first world countries
Let me cut and paste his credentials to make this point clear “…He has also delivered consulting engagements in 20+ countries with organizations such as Bemol Lojas, European Union, First Global Bank, and LEX Caribbean, among others…”
Now what that exposure tends to do with some bajans, is mek we see the world BEYOND Barbados ‘ shores.
My begin point lies in ownership of IP innovations and inventions.
And you cant get to Neil’s end point or anyones end point IN ANY SECTOR , TILL A FELLOW STARTS WITH MY POINT and disavowing governments that they are there to be your competion by teifing your ideas.
You nor he nor none of you ARE NOT SAYING THIS TO ANYONE ANYWHERE HERE PUN BU.
A govt that could not managed a small storm entering deeper waters
Wuh loss
@ the Honourable Blogmaster
I am going to share a secret with you which you can confirm with Mia.
The InterAmerican Developmdng Bank in Oistins? has resident IN BARBADOS a specific unit that effects these audits ON THE FLY because they have entities that do these activities daily!
I would call off the names for you but that would reveal identities that best are left hidden BUT all Mia Mao Mugabe has to do, sorry, is now doing, is exactly what de ole man told her ***
Do Not Get Tied Up!!
This is ghd selective ignoring OF THINGS THAT ARE THERE AND WHICH THE IDB USES EVERY SINGLE DAY.
Do not let me get stupid this Monday morning and explain the innards of this game that is being played!
The IDB, unlike the European Union that took 8 years to dismiss a fiefdom chief and Dougla, IS NOTFREE AND EASY WITH ITS MONEY
They do not play! They bring to bear the very best in resources when it comes to development.
This is not the fly by night arrangements of Edutech, the bank has changed its modus.
This is why they have their ratings while the EU and the UNDP struggle to survive in the IFI spectrum with decreasing donations.
Suffice it to say that the spectrum of resources are there but we have to use them as opposed go going round them.
I will share one trick that governments use before I leave this point.
The IDB has a range of resources available for its clients but the client must approve them.
If a client has a preferred provider, they will refuse IDB resources until their HR is chosen UNLESS THE IDB, SEES THE DECEIT, and insists on their HR.
You understand what I am saying and why I am saying it?
To keep the GoB honest the IDB is going to have to INSIST ELSE MIA GOING ROB US BLIND!
Staggering credit card debt held in the hands of barbadians
http://www.nationnews.com/nationnews/news/202180/usd347m-credit-card-debt
@ the Honourable Blogmaster your assistance please with an item.
Let me suggest this strategy with regard to this and ANY PILOT FOR THE GoB
Let me use your Caribbean Signal website to make this point.
You remember how that site was running interference for White Oak how it “answered” a series of questions posed to it by an imaginary IMF?
Neil Holder has raised some serious questions which should be answered by a bonafide IDB approved IT Audit firm.
If that is done, then de ole man would have a better willingness to entertain Rawdone’s proposals but until then…this is a sophisticated scam…
The media needs to do its job and investigate :
1) Whether we are still employing White oaks
2) Did we use them to negotiate with the IMF or did the locals alone came up with BERT
3) How much are we paying White Oaks?
4) Did they meet with Bishop Joseph Artherley as Mia Promised?
5) Who was responsible for bringing White Oaks to Barbados – was it Avinash Persaud or was it Rawdon Adams ?
6) Did they get a finders fee?
@David
If they need to run a pilot it means they are not ready and have not done a thorough risk assessment.
With the simplest implementation tool (PDCA), a gap analysis would be mandatory in the plan (P) stage. The results and solutions of the gap analysis would be incorporated into the implementation plan.
If you have to run a pilot it means either you don’t trust the gap analysis done, you are not sure of the impact of the issues found or you haven’t done a gap analysis and you are just winging it and if it goes bad, just toss it aside.
Knowing this country, I’d say they are winging it.
Wily has made the following comment on numerous previous occasions with respect to GOB grandious announcements…..
THIRD(TURD) World Barbados trying to play in FIRST WORLD technology arena, guess what the consequences are going to be…..CLICO ETC, ETC.
Best scenario for Barbados is to BAN forgien TV and Internet so local politicians do not have access to new out of their league ideas.
Yes Mr. Blog master Wilys stands by waiting your usual snipped rhetoric.
@ DofBU
Fintech is no longer about in-house IT development but using off the shelf platforms apps and packages
This avoids ongoing maintenance of international industry standards changes, regulations, format changes etc
Western corps no longer use local development but outsource work to third world
Countries like BRB only need to get involved at dealership level of systems implementations
The race is not for the swift nor the battle for the strong but who can endure
Lick him with the Dustbin
Well…those of us with bank accounts in Barbados who can already see where this is going will definitely close those accounts and stay well away from this Bitt Inc mMoney scam…that is why it is always good to keep foreign accounts..
…. let’s see if they try to pollute the credit unions with this crap…which will just morph into another small time Ponzi scam ripping off the population as is their goals..
…small island turd world governments and business people are small time crooks AND con artists..
“Which government?
The same government that has unilaterally offered a Bitcoin deal to Rawdone in the first place you would have them do an audit pun the chicken count?”
Indeed…this government needs to go the way of DLP…29-0 and OUT of the people’s lives…the sooner… 4 years 7 months…the better.
“All systems are shit (in technical jargon).
Storage devices fail and become outdated in 5 years.”
And NEED to be upgraded AND maintained REGULARLY…something Barbados governments NEVER DO…
……hence the reason the world class programmers that Bitt Inc tried to recruit…REFUSED to get involved…this group is a very tight knit, well connected, well informed network of programmers and are not about to get involved with crooks who cannot pay them and who do not maintain OR upgrade anything..
Piece has a good point when he states “I WILL VEHEMENTLY DISAGREE WITH YOUR SUGGESTION AND RECOMMEND THAT ANY OTHER ENTITIES BE ENGAGED THAN THESE 3 and add the KPMG 4th horseman to that iniquitous list.”. I remember reading somewhere that these companies were failing as financial auditors which is supposed to be their strength.
Wouldn’t use them for any other kind of audit.
“To keep the GoB honest the IDB is going to have to INSIST ELSE MIA GOING ROB US BLIND!”
That seems to be the only plan Mia and her gang got….turning corruption INTO LAW.
@ Neil Harper
Neil
if Barbados is serious WHICH WE BOTH KNOW IT IS NOT!!!
Protecting the Right of Citizens
The First Enablement FOR ANY CITIZEN GOVERNMENT COLLABORATION must ensure that Citizen Submissions/Registrations are safeguarded and their property CANNOT be stolen by employees of the very institution that is supposed to be processing them LIKE IDEAS4BARBADOS
The primary objective of my suggested Intake and ongoing processing mechanism is that it absolutely safeguards one’s property while monitoring who has AUTHORIZED access to them.
circa 2001, BIDC officer, while processing application of small business man, for fruit jams STEALS THE GLASS BOTTLE SOURCE FROM APPLICANT, under the guise of BIDC seeking to ASSIST sourcing bottles cheaper and thereafter takes information and gives said bottles to his mother FOR HER JAM BUSINESS
what this government, ONE which we see changing the constitution, and all the LAWS every day must do, EVEN THOUGH IT WONT DO, is to present people with a mechanism which permits us to submit our content, under perfect protection protocols, every time, control who can see them, update them and revoke access at any time.
A Citizen MUST BE ABLE TO GET a document tracking and interaction and audit report, ON REQUEST, to see how one’s submissions are being shared, used and interacted with, track where your IP was sent and how many people have seen them.
When you have the CEO of EGFL Timothy Simmons write and refuse to sign an NDA for patented IP you have a serious problem to even consider submitting any proposal with a dishonest govermdnt that is pretending that it wants to conjointlt Generate revenue with citizens with their property and Monetize said property through joint collaborations WITH REPEAT CROOKS.
So all the fancy video campaigns and display advertising the the GoB is using means nothing when these basic terms of engagement CANNOT BE MET every single time you interact with them
@ the Honourable Blogmaster your assistance please with an item here thank you
@ the Honourable Blogmaster, you assistance is being sought for an item here thank you
@ Neil Harper
Neil, de ole man recognized that this submission was not a proactive submission of yours from the time that you allowed all these responses to languish in cyberspace AND DID NOT RETURN ONCE TO RESPOND TO ANY BLOG HERE.
And I started to wonder why was that?
I mean, you are not egotistical like Grenville Phillips who thinks it below his standing to respond to the masses.
Or David Come Sing a Song who is also a snob from Harsun College but is also afraid to respond lest (1) it is shown where his sympathies lie or (2) he offends his cousin Mia.
But you are different so after mulling it over for a while subconsciously it came to me that you are doing what is politically correct.
I mean after all you clearly spelt out the MMoney fallacy in your article.
But whereas you have a modicum of “control” on who posts in your Facebook domain and consequently what you permit to be seen in your blog, you have no such control here on BU.
Additionally BU is a political site and you don’t want to burn your prospects to come here and say something that will irreversibly damage your prospects for a Mugabe consultancy.
De ole man wish he could learn dem political niceties from fellers like you but you csnt teach an old dog new tricks…Bojangles had a dog that jes up and died…
@ the Honourable Blogmaster your assistance please with an item here for Neil Harper thank you
Chinese Laptops or Bots ?
https://barbadostoday.bb/2018/10/13/more-than-150-tablets-donated-by-chinese-embassy/#comment-520478
Before any contracts are signed to commence these projects, the government must understand where personal data of Barbadian citizens will be stored. …
This is particularly concerning given the absence of data protection legislation in Barbados that would force any fintech company to ensure that transnational data flows must only occur where the destination country has an adequate legal framework in place to protect the rights of data subjects.
The lack of data protection legislation presents another problem in terms of imposing strict obligations on fintech providers to uphold the rights of data subjects……
Hence, it would be in the best interests of Barbados citizens and foreign nationals if the 2018 Data Protection Bill was enacted into law before the launch of the new platforms.(Quote)
Put simply, this is a regulatory issue. Government does not do anything, it appoints experts who carry out certain functions on behalf of the state. They are called regulators.
The absence of the appropriate legislation is a flaw in the regulatory environment. I know sometimes people talk about how quali9fied they are and who they advise, but the financial regulatory landscape is primitive even though it fantasises about punching above it weight. I HAVE BEEN SAYING THIS FOR YEARS, AND IT REMAINS SO.
The primary role of the state is to protect its citizens. Allowing an experiment in financial engineering without the proper risk protections is irresponsible
Barbados is a failed state.
The real threat is the Rawdone Dog & his Bit(t)e so it is to The enemy of the State.
This is the Prime Directive upon which one should fix their attention during the coming 12 weeks.
Others, like Mr. Codrington, Bush Tea and Theophillus who are skilled in finance and economics will speak to those aspects of the scam in making.
Fellows like Niel and Nineofnines and others will speak to the blatant IT contraventions.
De ole man shall speak to the people and the sheeple by way of a Stoopid Cartoon campaign series called “The Bitt Dog Bit(t)e ”
Facts about the Bitt Dog’s Bite.
Below are some little known, and less cared about, facts about the Rawdone Bitt Dog and its bit(t)e pressure measured in PSI – not pounds per square inch but “people- suffering- incessantly” as being encouraged by Mia Mugabe Mottley every week in the news. The series of Stoopid Cartoon that are going to follow over the coming 4 months, or for the 12 weeks time the Rawdone Dog is scheduled to be in the “Central Prank shitbox” will highlight the wickedness that is planned against unsuspecting bajan sheeple.
The campaign will warn all Bajans to stay clear of the vicious Rawdone Dog who its owners fondly call “YourMoneyisMyMONEY” or “MyMoney” for short
The campaign will also explain the effect of its dangerous Bit(t)e.
Bajans can expect Upcoming Stoopid Cartoon Data to indicate how this specific animal will seek to “bit(t)e its users and why the Rawdone dog must be viewed seriously.
Ignore at your financial peril.
@PUDRYR
How is mMoney a threat to consumers if the regulator acts as the clearing house or a delegated entity for transactions and ask Bitt Inc to top up a float balance to match volume of transactions being processed? This is how these setups work all over the world. The blogmaster prefers to see a debate that punch holes in the arrangement from the technical and not the targeting of personalities. We have to support fintecs whether homegrown or international, this is how business will be done now and in the future.
Let me explain why I am pursuing this action in the way aforementioned.
This is not a personal thing.
It is the principle involved here.
You import a man to Barbados
You change the constitution and make him a senator
You then, even before the process of recovery has been seen to start, publicly endorse his single source untested solution
He himself comes to the public and cannot explain his offering.
You then instruct the Financial Services Regulators and our Central Bsnk to set up a monkey mechanism for a sandbox
He, your impartial Senator, is the only candidate in said sandbox…
You see the optics on this one Honourable Blogmaster?
If it walks like a duck and talks/quacks like a duck it can ONLY BE A DUCK
This is not an impartial solution, there are too many forced elements for me to believe in its transparency and accountability
And no one, including you, is saying to Mottley, rethink this one…
De optics are REALLLL BAD
You are aware the law was changed to accommodate independent Senator Wiggins as well? McConney is a government senator therefore no need to mention her.
You are aware that creating a sandbox to offer a measure of oversight for fintecs is late in coming? The fact that Bitt Inc has been unregulated up to this point reflects on the former government NOT Bitt Inc.
You are aware that digital currency is not untested technology? What is untested is our inability to have implemented sturdy testing and monitoring guidelines as Niel Harper has articulated.
You are aware the law was changed to accommodate independent Senator Wiggins as well? McConney is a government senator therefore no need to mention her. (Quote)
Senator Wiggins was out of the country on official duties, the others had been domiciled overseas. The law was flawed. As to the perverse thinking behind the so-called Regulatory Sandbox I refuse to discuss such regulatory matters with David BU, apart from the obvious: wat legislation created this new regulatory body? When was it discussed in parliament? Who are its members? What is its authority?
@ David
Poor Hal does not yet grasp that your provocative stances on these Blogs are designed to try to elicit responses from otherwise indifferent brass bowls.
However this idea of the BLP so BLATANTLY pushing the interests of their favourite persons, changing the constitution, promoting jokers to high office, getting their 5% iINCREASES just prior to major job cuts…. (just as the damn DLP did for themselves) is so REPULSIVE… that you need to be careful how you (even if provocatively) seem to be supportive….
It is a lotta shiite…. PERIOD.!!!
@Bushie
You are that even if the government did not select Adams and McConney at the first pass the law had to be changed anyway to accommodate Wiggins? Which came first the chicken or the egg? Around and around we go eh?
@ the Honourable Blogmaster
Others have answered in my stead.
But I will add these inconsequential points
Why change the law at all?
What is one year? In the grand scheme of things that you and a transparent and accountable government, with a unanimous mandate by the people, would interfere with the constitution of this country FOR SO FRIVOLOUS A THING?
All over this blog you, carswell Franklyn? and others went off pun Kellman for overlooking an employee with seniority and hiring he cousin!
Everybody was talking bout optics den but Mugabe do the same thing, THREE EFFING TIMES, and neither you nor Caswell?(at least not here of late) nor none of the other DLP castigators ent say one word!
It was wrong for Michael Lashes to hire he family at de Transport Board and all the rest of nepotism infelicities BUT NOT ONE BADWORD IS WRONG WITH MUGABE DOING THIS BADWORD.
Explain to me what that sandbox is as it compares to Niel Harper’s terms of qualifying a national Fintech Strategy?
Truly beaty hath fled to Brutish Beasts and men hath lost their reason
@ the Honourable Blogmaster your assistance please with an item here.
You said and I quote
“…You are aware that creating a sandbox to offer a measure of oversight for fintecs is late in coming?…”
Yes I am sadly aware of that fact but your following statement is a non sequitur AND MOST ASSUREDLY DOES NOT FOLLOW!
And I will show you why!
BITT IS VAPOURWARE!
It does not exist so your statement which follows is meaningless.
“…The fact that Bitt Inc has been unregulated up to this point reflects on the former government NOT Bitt Inc…”
You then go on to deflect what IS NON EXISTENT by talking bout A FORMER GOVERNMENT!!
David please!
This reminds me of a time a girl invited me to he home while mummy and daddy were at home and the father returned to find me in her room with the condom in one hand….and tings dem in the other …and me there mumbling shyte to Mr. **** bout “how I sorry and I was overcome by …and it would never happen again ” and a whole set of ingrunt things
My man…Mugabe feel that sheeple stoopid but we got this and we got her number.
This MyMoney scam is a trick to syphon off money and to virtualized VAT returns, and go claim that x money is collected and reallocate such to the real ” MmMoney REGULATORS”
And all the FSC and Central Prank Shyte dat wunna proposing with this Sandbox reminds me of the sand we had in a box go hold the shite for the yound kittens in we house when we was growing up.
TO STOP DEM SHITTING IN WE BED WHICH IS WHAT MOTTLEY IS DOING…
Yours is another view.
@ the Honourable Blogmaster your assistance please with 2 items here thank you
Regulation is Barbados is beyond a joke. If the agencies in Bdos charged with regulatory oversight e.g. FSC, CBB, etc. are such a shambles imagine how much a farce this regulatory sandbox will turn out to be?
If oversight of simple financial products is so poor in Bdos imagine the challenge of monitoring the complex interactions between financial services, data and the internet which occurs in the fintech space?
Bdos needs to attack the fundamental problems first instead of trying to copy everything seen in the developed markets.
This “Punching Above Our Weight” nonsense has gone to our heads.
@A. Dullard,
Last year Gibraltar launched the Gibraltar Blockchain Exchange to regulate cryptocurrencies. It is now ten years since cryptocurrencies were created. The market is now valued at an estimated £152bn.
In such a lucrative market, which largely remains unregulated, and in which it is difficult, if not near impossible, to verify claims as o heir reserves (just check out Tether, which claims to have reserves of US$2.7bn, but so far has declined to be transparent about this) and others.
I am not an expert on cryptocurrencies, not am I even interested (recently two friends of mine, one of Jamaican heritage and the other of Chinese, asked me to become involved in a syndicate, but I refused). But I do know a bit about financial regulation, and this is a catastrophe waiting to happen.
The top four global accountancy firms have responded to this challenge by hiring hundreds of specialists in order to offer a new audit service.
As we speak it is not clear how these assets will be accounted for on the books; are they intangible assets or inventory, some ask. PWC alone has hired 400 blockchain experts. Most mainstream banks are reluctant to become involved and serious regulators want t know if these blockchains carry out due diligence on would be clients, given the fear of moneylaundering. Despite all these cautions, little Barbados wans to punch above its weight.
We now have a prime minister and minister of economic affairs, whose training is in the law, being briefed by colleagues as if this is a case, and who is prepared to go out in to the public and argue a case as if she is an expert. She is no financial expert.
Ten years ago something similar happened: top notch financial engineers came out with all kinds of new vehicles, such as SPVs and SIVS, which they sold to their CEOs, who to a man and woman (mainly men) were armed with MBAs, from our top business schools. The only problem was most of them were marketing experts and had not a clue about financial engineering. When the proverbial hit the fan they were as lost as the general public. Not being part of that international debate, Barbados is about to make a mess of it.
I still ask: what is the legal status of the Regulatory Sandbox? What legislation created this body? When was it discussed in parliament? It is all going to end in tears.
Barbados is a failed state?
(PS: I see Marla Dukharan is taking part in the Kilkenomics economics seminar; good luck to her)
This is what any Bajan Sandbox has to look like to pass the standards
Barbados is a corrupt turd world country
ITS EXISTING FINANCIAL INSTITUTIONS CANNOT BE TRUSTED
For there to commence a modicum of trust, the first thing that has to happen is for the government to enlist the services of a Fintech Specialist under the Interamerican Development Bank’s Enterprise Innovation Credit Fund or similar credible professional facility funded by professional entities like The program, jointly funded by the same Inter-American Development
Bank (IDB), the United Kingdom Department of International
Development (DFID) or the Canadian International Development
Agency (CIDA).
They will find credible experts to effect a desirable outcome
Secondly, the contract must state that the reports of that party MUST BE PUBLIC!!!
So we not only get an unbiased party but AS THEY WORK THROUGH THEIR ASSIGNMENT, their issues and concerns are made public!!
This way Rawdone’s project is exposed to we bajans and we get to see real people providing non biased commentary about this MyMoney scam.
Anything other than this is Sleight of Hand and presents a shoe-in for this highway robbery that is another Trade Confirmers Limited scandal waiting to happen.
Nothing less than full disclosure using Niel holders stringent definitions and ToRs
But dat is not going to happen cause the M in MyMoney stands for Mugabe
@ the Honourable Blogmaster your assistance please with my response to your response to my response…thank you
@ the Honourable Blogmaster
You are conveniently side stepping this issue with all sorts of extraneous issues
The use of inviolable technology to certify data IS NOT THE ISSUE HERE.
To confirm this point every country in the world grapples with issuing ID and things like passports THAT CANNOT BE REPLICAGED AND SOLD IN THD BLACKMARKET BY HUMPTY DUMPTY AND STACIE
Those are things that got Barbados ‘ former chief immigration officer shot dead in his gallery at Butler’s Road in Spooners Hill!
What we are talking about here is the willy Billy adoption of MyMoney ‘s scam by the Country’s Prime Minister who changed the law to import said principal Rawdone AND MAKE HIM A SENATOR!!
Is this so hard to comprehend?
Which part of biased nepotism and lack of transparency do you not understand?
I mean, I understand Mugabe Mottley doing she thing but for you to come here and repeatedly seek to ram this position down our throats is unbelievable and disingenuous
This MyMoney scam is going to end in sorrow because the FSC nor the Central Prsnk DO NOT HAVE THE RESIDENT EXPERTISE TO EVALUATE BACK DOOR CODE
“…A computer trapdoor, also known as a back door, provides a secret — or at least undocumented — method of gaining access to an application, operating system or online service…”
What de badword does FSC or Central Prank know about MyMoney that this hurriedly constructed 12 week coverage of the Mottleyian regime scam is going to reveal?
Steupsee this IS GOJNG TO END DISASTROUSLY!!
We will have to take you at your word that it is a scam what else can we do.
@ the Honourable Blogmaster your assistance please with an item here for you thank you
I know it is a scam but what i am suggesting is that people agitate for them to change the parameters for ALL FINTECH PROJECTS and MAKE THEM GO THROUGH ONE PROCEDURE which at least will safeguard us going forward David.
Remember that I am for the industry 100% but I am against this system and shoe in THAT DOES NOT HAVE CLEAR guidelines and a transparent element that protects Bajans.
We just get unfair by Clico, Trade Conformers and all sorts of other scams, you mean that just begging for a reasonable mechanism that exposes all of the flaws to bajans is asking too much?
Wow this is really unbelievable.
But you do realize that if you, champion on the forefront of the Fourth Estate are so much of the inclination to beleive that what I am asking for is just that I am opposing for the sake of opposing, then you dun know that the sheeple out there just do not give one damn about it.
That is simply frightening!!!
https://www.facebook.com/steven.a.j.williams/videos/10161380139105727/?comment_id=10161380563345727
@ the Honourable Blogmaster
Let me just show you how serious people are doing this sort of thing and not frigging spiders
“…Copyright © 2018. Inter-American Development Bank. This work is licensed under a Creative Commons IGO 3.0 Attribution-NonCommercial-NoDerivatives (CC-IGO BY-NC-ND 3.0 IGO) license (http://creativecommons.org/licenses/by-nc-nd/3.0/igo/legalcode) and may be reproduced with attribution to the IDB and for any non-commercial purpose. No derivative work is allowed.
Any dispute related to the use of the works of the IDB that cannot be settled amicably shall be submitted to arbitration pursuant to the UNCITRAL rules…”
That is from the same Interamerican Development Bank that Mugabe is drawing down national indicative programme funding from.
And, were I to go to Worldbank or the IMF or any of the other agencies she is currently seeking free money from, it would be clearly evident that these entities have a policy for and about people’s property , be that intellectual or physical, a concept that Mia Mugabe nor her henchmen of Teets and Pain robbers of elderly people’s property CANNOT UNDERSTAND.
This is why all those SBA loans for small businesses and Ideas4Barbados schemes WILL FAIL!!!
The average Joe in Barbados is ignorant about patent and copyright and everything that falls under that branch of the law. We have invested billions of dollars in education however the challenge remains how has it manifested itself for the benefit of the country/people to ensure there is a sustained way of good life.
This is how any government and the supporting task must be appraised. This is directed to Vincent, the performance must be tangible, it must be seen and felt. It has to be judged by what is visible i.e. discrete activities. Not on a whim and a prayer driven by the subjectivity of people in a small, insular and polarized society. This is why scientific systems are implemented to compensate. It is never a perfect system, it is man made after all.
@the Honourable Blogmaster your assistance please with an item here thank you