BANK Negara Malaysia’s Risk Management in Technology (RMiT) policy document came into effect on June 1, an event that was eagerly awaited by Securemetric Bhd as it is expected to be a game changer for the ACE Market-listed digital security solutions company.
RMiT sets out the central bank’s expectations in regard to the technology risk management framework (TRMF) and cyber resilience framework (CRF) of financial institutions.
The TRMF is for the safeguarding of a bank’s information infrastructure, systems and data while the CRF relates to its cyber resilience.
In a nutshell, the policy provides banks with guidance on how their IT security ought to be strengthened.
Although the smaller banking groups constitute the bulk of Securemetric’s domestic customer base, the push for RMiT paved the way for the group to approach financial institutions with its products.
Securemetric is particularly proud of its public key infrastructure (PKI) — which allows users of public networks to transmit data securely by using digital certificates to perform digital signing — and Centagate, a centralised authentication system that allows users within an organisation to sign in to multiple applications using a single sign-on method.
It also provides software licensing protection in the form of a USB dongle to prevent the unauthorised copying, imitation and distribution of software.
CEO Edward Law Seeh Key is optimistic that RMiT will prove beneficial to the industry and the company. “For Securemetric, in particular, there are a few key areas in the policy that are relevant to our expertise, for instance in crypto[graphic] key management solutions and in mobile application security,” he tells The Edge.
Listed on Bursa Malaysia in November last year, Securemetric has already gained a foothold in other Southeast Asian countries, with subsidiaries in Vietnam, Indonesia, the Philippines and Singapore. Its customers are primarily financial institutions, government organisations, public certification authorities and IT service providers.
Vietnam is an important market for Securemetric, one of its largest customers there being Vaxuco — a military goods importer owned by the Ministry of National Defence. Vaxuco accounted for more than a third of Securemetric’s revenue for its financial year ended Dec 31, 2017.
Last month, Securemetric was awarded two contracts totalling RM3.94 million for the provision of solutions to the Joint Stock Commercial Bank for Foreign Trade of Vietnam (Vietcombank). While the contracts may not be large, Vietcombank is one of the country’s largest banks by asset size, with 111 branches nationwide.
“One of our key strengths that has enabled us to extend our reach into Southeast Asia is localisation, which to us means not only customising our solutions to fit local market requirements but also focusing on the people aspect. We hire and train locals in the countries that we operate in and that has proved to be a [viable] model for us.
“Our target is to eventually cover the entire Southeast Asia,” says Law.
The Feitian factor
Given its market capitalisation of only RM130 million, Securemetric is considered a relatively small player in the field.
Even so, it has attracted the attention of some of the bigger players.
On March 8, Fei Tian Technology (Hong Kong) Ltd — a unit of Feitian Technologies Co Ltd — acquired an 8.21% stake in Securemetric to emerge as a substantial shareholder of the company.
Listed on the Shenzhen Stock Exchange with a market capitalisation of RM3 billion, Feitian is the top supplier of user authentication and transaction security for online banking in China.
Law reveals that Securemetric has been working with Feitian over the past 15 years, and that the Beijing-headquartered company opted to take up a stake in Securemetric shortly after its initial public offering last year.
“Feitian has been actively looking for opportunities outside the China market, and Southeast Asia has been one of its key targets. I personally flew to Beijing to understand Feitian’s intention of taking up a stake in Securemetric, and definitely this is a friendly investment as it wants to strengthen its partnership with us. It actually has the intention of taking up a larger stake but this is still under discussion,” he says.
“With Feitian’s strong competence in hardware security, we see high potential for us to do more cross-selling by bundling some of its hardware devices with our [software solutions] for projects in this region.”
One area of synergistic collaboration between the companies is the fast ID online (FIDO) segment.
Feitian is a member of the FIDO Alliance, which is an organisation formed to address the lack of interoperability among authentication systems as well as the problems faced by internet users in creating and remembering multiple usernames and passwords for different application software.
Other members of the alliance include Amazon, Alibaba Group, Google, PayPal and Visa.
“Imagine today if you have a FIDO token, you can use it to log in to Facebook, Gmail and even online bank accounts that support FIDO. That will do away with the need for usernames and passwords,” says Law.
“The biggest potential for FIDO’s application will come in in the later part of the year when all of Microsoft’s solutions will support FIDO by default.”
This means that any organisation in Southeast Asia that is using the latest version of Microsoft is a potential client of Feitian as a FIDO Alliance member, Law says, noting that this could benefit Securemetric as its partner.
“We will focus our research and development on FIDO solutions instead of devices as we will leave that part to Feitian, and we can bundle our products together to be offered to the market,” he continues.
Although Feitian’s acquisition of a stake in Securemetric has been beneficial to the ACE Market company, it had led to its public shareholding spread falling below the minimum requirement of 25%.
At the time, Law controlled 51.9% of Securemetric while chief operating officer and co-founder Nioo Yu Siong held 9.27%, executive director Yong Kim Fui, 6.02%, and Li Jianjun, 4.93%.
In what is likely to have been an attempt to address the public shareholding issue, Law disposed of 10 million Securemetric shares on May 27 shortly after the end of a six-month moratorium period imposed by listing rules, paring his stake to 47.7%.
Those who invested in Securemetric’s IPO have little to complain about so far, given that not many offerings in the past one to two years have performed as impressively. Since its listing at an offer price of 25 sen a share, the counter has more than doubled, closing at 53.5 sen last Thursday.
In its first financial quarter ended March 31, the group reported a net profit of RM167,000 on revenue of RM5.84 million, and expects its prospects this year to remain favourable.