Is emerging technology an existential threat to financial institutions? It would seem so. Unless institutions openly face the challenges facing them and embrace new technology more effectively.
This Infopaper was created to address the issues surrounding current banking and finance technology – and offer a path to the future.
Is emerging technology an existential threat to financial institutions?
Verizon Enterprise Solutions recently hosted a roundtable discussion in London for some of the world’s most senior banking IT leaders and financial technology (fintech) specialists. A series of talks looked at what the threats to the financial services industry really are-and how major players can face them.
From the challenges presented by digital technologies, like Blockchain and smart contracts, to data regulation and the changes coming to internal IT cultures, these wide-ranging discussions focused on the real-world solutions to these problems.
Banks becoming fintech, the piecing together of digital finance platforms, how faxless loans have integrated with Fintech, and the orchestration of products and services through them-all of these possibilities entered the lively debate and gave a glimpse into the future of competitive advantage in a rapidly changing industry.
This is the end of the beginning
“The first two decades of the 21st century will go down in history as one of the most difficult periods for traditional financial institutions,” was the opening statement to Verizon’s Delivering the Digital Finance Platform roundtable discussion.
“And it won’t just be because of the Financial Crisis of 2008,” said Gabriel Schild, Executive Consulting Partner focused on Digital Transformation at Verizon Enterprise Solutions. “Banks and insurers of every shape, size and locale are being met by disruption beyond even sub-prime mortgages, errant staff and the near-systemic collapse of countries.
“The fact is that the very nature of finance is changing. New, nimble competitors are emerging faster than ever before to take market share from incumbents. They are servicing customers that now expect their commercial transactions to mimic their private, digital interactions.
“Meanwhile, financial institutions are faced with fundamental change to the national and supra-national regulation of citizens’ personal data. Yet all of this is happening in a low interest-rate environment that is putting cost-income pressure on companies, often with lower margins across business lines.”
As the banking and insurance IT experts around the table surveyed this new landscape, two trends emerged through the fog. They revolved around emerging technology: how it is transforming the world, and how they must respond to the challenges and opportunities it presents.
A new financial services paradigm
The first trend concerns financial products and services. The emergence of fintechs in the early 2000s saw small, agile businesses-often start-ups-wrap existing banking services with new technologies to make them more accessible to customers.
By 2010, forward-thinking banks and insurance businesses had begun to realize that they couldn’t necessarily do the same work, in the same way, at the same speed, with the same results. So they began running internal “hackathons” and “incubating” start-ups to test for proofs of concept and to understand potential ways to integrate.
The next step will see traditional institutions re-engineer their businesses to partner with multiple fintech firms, coming from highly diverse backgrounds and disciplines, in order to offer customers new or improved products and services through engaging customer experiences.
A new core
The second trend is related. This concerns how core banking systems are constructed and maintained at the back-end of a financial institution’s IT infrastructure to deal with the broader new world of emerging digital technology that fintechs are taking advantage of.
Among the world’s largest and most successful financial services institutions in particular, there has been a realization that past practices of relying on massive scale to push through technological innovation is no longer sufficient.
In a world where “agility”, “entrepreneurship” and “time-to-market” are the new watchwords of in-house business processes-and where the customer experience is king on the outside-many are challenging their own assumptions, and looking to a whole new set of technologies and relationships to move forward.
That is, of course, easier said than done. There is a series of factors affecting the financial services industry that are roadblocks to change. Not least because of the peculiarities of banking itself.
“Senior IT and security management tend to think differently to the majority of enterprise IT specialists,” said one senior IT procurement leader who preferred not to be named.
“Rather than embrace the possibilities of new technology as is happening so rapidly in the service, retail and manufacturing sectors, a bank’s default settings are to distrust absolutely anything that is not already within its firewalls.”
This is nothing new. Banks have always had a “vault function” – and enjoyed the perception that they were more “secure” than anything else. But high profile lapses in operational risk management of recent years-often blamed on technology and data control failures-have left a bitter taste in the mouths of many executives.
As another senior global enterprise IT figure, Charles Forte, put it: “In the financial world, internal IT security communities and business compliance and risk officers can often take a conservative line. That creates an issue for those trying to push through the adoption of new technology, particularly when expanding and integrating information and extending a ‘mobile first’ approach. You are not just challenged by the outside world, but are pushing the inside world boundaries too.”
A very bumpy road
That feeling of unease is not being helped by the evolving challenge of regulation. Basle III’s global capital, leverage and liquidity requirements and a host of national and supra-national Know Your Customer and Anti-Money Laundering regulations are well-known and putting a major strain on bank compliance.
But other regulatory regimes are soon to have a major global impact on banks’ relationships with their customers, with fintechs, and with data protection too.
Around the world, new rules are being created to grapple with the consequences of that technology. The European Union’s (EU) new General Data Protection Regulation (GDPR) is one such regime. It replaces the EU Data Protection Directive on 25 May 2018, after a two-year transition period.
“Many bank IT departments already have higher standards of data protection than regulators like the EU, and each individual bank will have its own view on whether GDPR is useful or not. But regardless of that outcome, GDPR brings renewed pressure on financial institutions to seek out technologies that support compliance rather than stand in its way,” said Verizon’s Schild.
Tightening the noose
GDPR harmonizes data protection regulations across the EU from a mix of national variations to a much clearer and more exacting set of standards. It also introduces an extension of the obligations on companies outside the EU that process data while targeting or providing services directly to EU residents
On the one hand, it confirms a citizen’s ownership of personal data processed or stored by any organization other than law enforcement and intelligence services. It makes plain that the consent to this processing and storing of personal data must be explicit, and also enshrines the “right to erasure.”
It gives citizens the right to challenge decisions that have been made on a purely algorithmic basis, and the right to have personal data transferred from one electronic processing system to another, in a structured and commonly used Open Standard format.
And it specifically and repeatedly references the anonymization and pseudonymization of personal records – a clear impetus for financial institutions not just to look at new technologies, such as Blockchain and Distributed Ledger Technology, as efficiency and security measures, but as a means of compliance.
But with these technologies still at such a formative stage, senior IT security officers are understandably wary of signing off on the risk they represent. At the regulatory level, when somebody finally does put their pen to paper, the business then has to take on that risk. For large banks, there is both a massive personal and a massive regulatory disincentive to do so.
Seas of data
Which brings us to the state of many banks’ customer data. As with other large, traditional businesses, “there are seas of structured data and seas of unstructured data-which are frankly a bit of a mess for most people.” Just trying to create meaningful information from data held-let alone actionable insight-is often near impossible. Or at the very least by now a major machine learning project. With GDPR, the incentive for banks to get their houses in order just gets bigger.
A new playing field
Meanwhile, other regulations are emerging that could haunt financial institutions. The EU’s revised Payment Services Directive (PSD2 – EU Directive 2015/2366), for example, is a direct challenge to big bank dominance in the financial services sector.
Its predecessor, Directive on Payments Services, included the specific aim of opening payments operations up to new entrants. PSD2 takes this much further to include stronger consumer protection, the incorporation of new and emerging payment services into the regulation (think mobile, online and Blockchain) and the creation of an equal playing field for payment service providers such that new companies can get into the payments space.
In practice, it gives consumers more control over the information they receive, the products they buy, and their ability to move between vendors. “What PSD2 means is that power shifts to the customer,” said Anne Boden, CEO of start-up, digital-first bank, Starling. “It is the end of owning a client relationship. What financial institutions will be doing is temporarily connecting with them.”
The advantages of scale
Despite these emerging threats, banks’ sheer size continues to be an advantage. But this dominance could be about to end. Just as the five largest technology firms by market capitalization (in no particular order: Apple Inc., Alphabet Inc., Microsoft, Amazon.com, and Facebook) are reaching a point where they no longer have to rely on traditional manufacturers to make things – tech giants are also becoming fintech conglomerates in their own right, potentially without the need for traditional bank or insurance partners.
This is not necessarily a first-world issue, either. “Some tech giants are ‘skipping’ traditional banking methods entirely for the two billion people who have been underserved by banks in emerging economies – moving straight to crypto-currency and Blockchain methods,” said Manuela Krull-Mancinelli, Digital Transformation Manager and Blockchain Entrepreneur at Krull Interim Solutions.
Yu’e Bao (technically: Zeng Libao), the Alibaba-affiliated Chinese platform for money-market investment is already the fourth largest money-market fund in the world and Chinese tech-giant Tencent is not far behind.
Major tech companies are increasingly fintech oriented. Apple (Apple Pay), Google (Android Pay) Amazon (Amazon Pay), and now Facebook (through the Messenger app) are all working on fintech solutions – and not just for their payment platforms.
As Susanne Chishti, CEO of Fintech Circle said, “Most people in the financial services industry saw fintechs as eating their lunch. The real lunch-eaters are the big tech giants.”
It doesn’t have to be this way. Banks can address the trends of fintech integration and core system development to meet all of these challenges. But it will take nerves of steel, a genuine desire for change, and serious funding, as evidenced by recent examples of major European banks announcing multibillion Euro investments in digital transformation.
Structural solutions to structural problems
To face the challenges from fintechs and conglomerations of fintechs, one logical conclusion is for banks and insurers to become fintechs themselves.
“Some banks have already begun this process,” said Schild. “They are buying into the better known Blockchain consortia. One well-known European bank is doing this with a counterparty in the lending area, using Blockchain to register transactions. Another major UK bank has a trade-finance Blockchain solution under development.” Many people and businesses are learning how to buy Bitcoin in the UK, and this technology has a high possibility of skyrocketing in the near future.
Jamie Steiner, from data authentication firm Guardtime, described to the audience that its own solution for realtime insurance location data stamping and distribution over Distributed Ledger Technology is gaining traction in the insurance industry.
“Others are embracing third-party fintechs across the entire digital landscape,” continued Schild. “A very well-known European bank now has 90 fintech partnerships.” But relationships like these are not a one-way street.
“Despite PSD2 and the ‘level playing field’ it promises, compliance is still a big issue for fintechs with small teams and limited resources,” said Fintech Circle’s Chishti. “The smartest banks are building their own platforms and seeking out the best fintechs to put on those platforms. The risk is that banks are ultimately liable for the services fintechs provide, and therefore will select very carefully whom to partner with.”
The changing IT landscape
Similar changes are happening to the supply chain model for banking IT. “There is a fundamental shift in the way banks consume IT,” said Charles Forte. “The idea that the Tier One service provider is the only group that can help you is no longer sufficient. In the last few years, we have been buying risk aversion rather than capability. Our world needs to be made up of a diverse set of smaller specialists. Even the Tier One providers are creating their own ecosystems.”
One issue is longevity. “The problem is that it is really difficult to manage,” said the senior IT procurement leader. “You hang your hat on one company and then 12 months later realize it should have been another.
“The most sensible solution would seem to be a mix of smaller and bigger providers – a hybrid model. And an understanding that there are no clear cut answers.”
“We are only at the beginning of trying to understand how this new supply model works,” agreed Forte. “We have to accept that a lot of the IT outsourcing holes we have fallen into in the last 30 years, we have dug ourselves. The same is going to be true of this new model. We will make lots of mistakes. But it is absolutely clear that we have to have a different way of working. In the next five years some of those models and mechanisms will become more distinct and more established.”
Not just reconfiguring external relationships
Scary though these new models might seem, there are major advantages that can be felt across financial services
“The nature of digital innovation is such that you need a very diverse group of people to come together to look at the opportunity and to realize it,” Forte said. “There is an opportunity for CIOs to take on the new role of what I call the Chief Connecting Officer, where you are not moving lines of business, but moving lines of people. That is how you create an ‘agile’ business.”
This does mean that some teams will have to retrain or lose staff members without the right skills. And that creates an obligation to give those remaining the right colleagues and the right environment to help drive change forward. This means establishing flexible work schedules and implementing a kind of hybrid work model, where leaders and skilled employees are allowed to work from their place of comfort. This could further help drive greater productivity and innovation in the coming days. “If the digital conversation is channelled widely and progressive IT leaders embrace it,” said Forte, “digital transformation will settle down quite quickly.”
So if you are the CXO of a large financial services institution, should you focus on investing in your own people and
developing talent, or should you invest in an ecosystem of partners where the talent already exists?
“Both,” answered Forte. “You will always need a significant team of smart people. Anybody that did black-box outsourcing in the past 10 or 15 years paid the price. If you want to have worldclass suppliers, you have to be a world class customer. And you can only be a world-class customer if you know what you are talking about.”
Should banks be agile?
Swathed in regulatory compliance, steeped in history and old internal cultures, massive in scale, banks are hardly the most obvious targets for wholesale change to the way they do business.
For Verizon’s Schild, “a digital platform is the focal point where customer interaction happens when you bring supply and demand together. You are moving away from the pipeline model of services to a centralized digital space that supports a seamless experience for the customer and the staff member.
“It must also have the capacity for massive and rapid scaling. Given all of the issues, many banks and insurers would be unable to manage a doubling or tripling of customers using their legacy platforms in the next 18 months.
“The third element is risk. With multiple connections to the platform from both customers and third-party fintechs, the dissolution of the security perimeter and the increasing weight of regulation are causing huge problems for financial institutions, enhancing the threats from cyber insecurity, fraud and non-compliance. A digital finance platform must be able to deal with all of these threats simultaneously.”
So what is the solution?
Partnering with experts to deliver excellent customer experience, scale and risk management. Owning the platform.
Orchestrating who and what is on the platform. Curating the financial products and services. But empowering world-class vendors like Verizon Enterprise Solutions to manage it.
Managing front end growth
“Banks will become Software Defined Wide Area Networks [SD WANs] capable of connecting any device to any application that facilitates banking value chains,” was the bold statement from Oliver Cantor, Associate Director for Network Product Strategy at Verizon.
“Banking value chains will be made up of internally-operated but externally-sourced banking functions and solutions. The applications themselves will be able to “live” anywhere: in the virtualized data center, private cloud deployments, carrierneutral facilities, Software as a Service (SaaS)-based solutions, and even with fintech suppliers via banking and insurance APIs [Application Programming Interfaces].”
For example, a bank could source a credit card product from outside the organization. It would need to be accessible for marketing, distribution and operation on the bank’s platform-white labelled or otherwise.
The application managing the card could be beta and alpha tested using agile development techniques, and then deployed across the bank’s channels with “one click,” all of this taking place between a fintech partner’s private cloud, for example, through direct connectivity with the bank’s network, and between the fintech’s application and the bank’s various APIs.
Most of the private banks tend to use a wide range of payment processing services provided by external service providers. Likewise, since the risk of fraud is greater among businesses that operate largely or exclusively online, most payment processors, as a result, identify them as high-risk merchants. As a result, if you intend to run your business primarily online, it might be a good idea to look into high risk payment processing services from companies like Easy Pay Direct that understand the challenges you face in your industry and how to meet your credit card processing needs as an eCommerce business.
CX is king
“This is more than simply a technical solution to a technical problem,” said Schild. “The seamless connectivity required to make this scenario possible also means that the customer experience at the end of the process should be consistent across all channels and all devices or end-points. Customers should be able to switch channel mid-transaction-mobile to desktop to branch to call center-with the banking app the key client touch point.”
“Combine this behavior with already existing client data living in systems of record, and you have a virtuous circle of
sophisticated data management platforms using compliant data analytics capable of truly setting banks apart,” Schild added.
But with so much emphasis on security among financial institutions and so much risk aversion to change, how can banks and insurance firms be sure that these new technologies are worth the investment?
“We understand that we don’t want to be managing these systems any longer,” said one banker, “but how can we be sure that the time-to-mitigation when we are under attack is fast and efficient? What differentiates your defence services in the marketplace?”
Adaptive and secure
“The ultimate benefit of SDN segmentation is security,” said Christopher Novak, Director of Verizon Threat Research
Advisory Center’s Investigative Response. “You can make better decisions on where you apply security and why.
“Software-defined networking allows you to deploy an advanced security posture through the virtualization of security functions and the enforcement of security policies across entire dataflows. You can safeguard infrastructure and resources, as well as secure your data, whether it is moving through legacy networks, state-of-the-art SDNs, or hybrids of the two.”
“Verizon is a market leader in the managed security space”, said Schild. “By monitoring cyber threats through our Security Operations Centers (SOCs) around the world, our security analysts use machine learning, statistical analysis and artificial intelligence to process millions of security events each day.
“Our analytics platform can monitor almost any device that generates machine data,” he continued. “In addition to detecting traditional signature-based threats, it uses behavioral modelling to detect advanced threats by aggregating intelligence from law enforcement, technology providers and our own sources to track, increase situational awareness and help shorten time-to-detection.
“There are very few players in the world capable of offering the same level of protection for banks and insurers as they make the transition to SDN.”
Darkening the core
“But we are taking this further,” Cantor added. “With the growing number of end-points and so many more complex
arrangements in the network and the cloud-the dissolution of the security perimeter-we have launched a product that changes entirely the way networks are accessed.
“It is named after a paper co-written by Verizon and the Cloud Security Alliance called the Software Defined Perimeter (SDP), and it moves us from a data or network security perspective to an identity-centered approach.
“SDP puts gateways, inline, in front of all of your assets. They are just like firewalls that have one rule – which is ‘deny all’. They stop your network advertising your servers, your ERP, your email, your databases, your customer records or your payment systems because of the way TCP/IP works. We call it “darkening the core.”
“The only thing that can talk to a gateway is an SDP controller. The client talks to the controller to authenticate first, and then it is allowed to consume resources on validation. Once it has finished, the SDP tears it all down.
“Verizon can provide seamless connectivity with internally operated but externally-sourced finance functions and solutions,” said Schild in closing. “It can enhance customer experience at the end-point through application-aware routing and faster protocol interaction.
“It can provide access to current data for employees as well as the machine learning algorithms deployed to analyze data for security and sales. And it can gather information to help you address security compliance requirements.
“With SDP, we can now make the digital finance platform disappear from public view. With Verizon managing all of these things, financial institutions can get on with building finance value chains rather than expending precious time and effort on handling their data and protecting their networks.”
The end of the beginning
As technology accelerates and the pressure on financial institutions to deliver new products, services and ways of doing business increases, Verizon offers its clients a path through an uncertain future.
As Oliver Cantor said at the end of the roundtable: “No one is certain where technological change will take us in five years’ time. But what we can show you is that we have an open platform, a powerful methodology and a clear strategy to prepare for what is going to be there in five years’ time.”