Commentaries and insightful analyses on the world of finance, technology and IT.

« July 2015 | Main | September 2015 »

August 20, 2015

Identity Controls Access; Access Provides Opportunities

-by Kuljit Singh and Mayur Bansal

The fact of who or what, a person or a thing is, is a definition of identity; which simply indicates a confirmed way of identifying a person. And one of the reasons for having, or giving an identity, is to help the person get what is his / hers, or what he / she deserve; that is, help the person have "access" to his / her things. But, in a world where fakes and counterfeits are everywhere, why should identity be an exception? And the identity becomes the victim, most often, in the virtual world. Banks have always been a Holy Grail for hackers, and one of the routes to get to that Holy Grail, has been assuming others' identities (euphemism for identity theft).

This fascination of hackers has thrown a challenge to banks - to ensure that only the right people get the right access, to the right resources. And further ensure that they do the right thing with those rights and resources. The management of this conundrum is called Identity Access Management (IAM). The reason banks or financial institutions need IAM is because any breach, dereliction, or plain neglect, can have cataclysmic consequences in the form of revenue loss, higher operating costs, and damaged reputation.

For instance, a malware called "Carbanak," which allowed hackers to surreptitiously install spyware on more than 100 banks' computer systems, has said to cost banks $1 billion - apart from the reputation and credibility lost, not only of targeted banks, but also of the industry as a whole.

So, in the game of one-upmanship, where hackers try to outdo banks' security, and the banks' efforts to keep the interferences from hackers to a minimum - if not obliterate it completely - the technology companies completely sided with banks. They have also been acting as guardians of the financial galaxies, by coming up with new ways and systems to verify people using PINs, passwords, fingerprints, voice, retina, even veins and other biometric sensed identifications. These technologies not only check the infringements by hackers, but at the same time, provide confidence to customers, and keep their faith in the entire banking system intact.

The cases in point - ING Bank is introducing voice-activated mobile payments, and many banks in Brazil are using veins to identify a person. Similar biometric systems have been adopted by many others.

With the combination of biometrics for identification, and security features for robustness, technology has been trying to retain the faith of customers in their banks and other financial institutions. This, in turn, has helped tide-over the heavy weather that was created by hackers.

Since hackers are not going away anytime soon, protecting the interests of banks, governments, and customers, will continue to be a field full of action for the foreseeable future. If we want to put a dollar-value to this opportunity, the MarketsandMarkets report on Identity Access Management estimates that the IAM market will grow to be US $18.3 billion, by 2019. This is an opportunity for us to train hard, and attain excellence, as true leaders do.

August 12, 2015

Pressure for Some, Opportunities for Others

-by Kuljit Singh and Mayur Bansal

Even though the crisis first started in 2007, the aftereffect is being felt even now. The major player or anti-player (as some banks feel it to be), which has emerged from all this is an entity called the regulators, which seems to be the keystone holding the entire edifice of financial services together.

In a broad sense, what the regulators have been trying to achieve is to decrease the areas of disingenuous liberties of the banks, and increase the resilience of the sector as a whole. To achieve the former, limit on how far banks can use internal models to manipulate calculation of capital for credit and market risk is being sought by regulators. Such less-than-honest use of internal models by banks have drawn a lot of flak from both regulators, and investors. To achieve the aim of resilience, regulators are pushing banks for macro-prudential measures such as higher capital, leverage, and liquidity requirements to enhance resilience of banking sector.

The case in point is the European Commission (EC), with around 39 different regulatory reforms and policies, which has been at the forefront in devising policies to stabilize, and make the markets more transparent. Some of the major areas covered are: Capital Markets Union, Banking Union, Prudential Requirements for Banks, Retail Financial Services, MiFID, and Accounting.
The US brought changes in its regulatory structure to make up for deficiencies identified in the 2008 financial crisis through Dodd-frank, and Consumer Protection Act 2010.

Then there are those regulations whose jurisdiction is global - BASEL for example.

Apart from the regulatory pressures, banks also have to deal with variety of economic and commercial factors, including the weak economic environment, low interest rates, market over-capacity, strong competition, technological change, low margins, and high cost bases.

The bank's model is based on building strong synergies between the commercial and operational side of the business. However, these regulatory pressures are disturbing the synergies, especially among universal or cross-border banks, rendering their strategic assumptions obsolescent, thus requiring change in the business model. The main aims that are being sought by these models are just the right mix of return, capital and liquid resources along with acceptable degree of resolvability.

One of the major underlying component of all these aims put forth by the new model is cost reduction. This is why investments in IT by banks in the long run, could help in improving income through increasing services to the customers, by containing risk and providing security in the cyber space which would make the entire system robust and would encourage confidence in all stakeholders. Banks should also be able to benefit from centralized and streamlined infrastructure platforms which are able to support myriad and complex business and customer propositions, through in-house solutions or by help from vendors/service providers.

To achieve their goals, banks are pursuing different paths or strategies, but in each one of them, the role of technology is indisputable. Going forward, as banks try to steer their way through the maze of regulations, and other pressures, technology service providers would find many opportunities. Hence, for the technology providers there is plenty of hay to be made, and the sun is going to shine for a long while.

Next generation IT for banking - Challenges and way forward

The bank of the future will be very different to the bank of today, thanks to a variety of factors - technology changes, client needs, regulatory pressures and new competition - which will transform the way banks operate and respond to business imperatives.

Today's Bank
Even today, banking is largely aligned with organizational business structure. While this worked in the past, emerging trends suggest a need for deeper thinking in organizing the business applications that drive competitive advantage, in building the banking shared services utility model.
Exclusivity of services and confidentiality of information have always been valued by the industry, and associated expenses treated as an inevitable cost of doing business, which banks charged back to the end customer, who didn't mind paying because the banking returns were adequate. This meant banks had little reason to optimize their cost structures, which took a back seat to service availability and support in driving IT decisions.

The Changing Paradigm
We believe the bank of the future should focus on the following dynamic areas:
1.Products - constantly evolve to cater to demographic/regulatory/technology changes
2.Channels - accelerate digitization and integration to provide single view to clients
3.Operational - rejig internal systems, processes and governance model for agility and adaptability to changing market dynamics
4.Technology - watch out for new challengers and also opportunities to serve clients with differentiated offerings

Bank of the Future
Heightened competition and the pressure to optimize service costs for larger clients drove banking organizations towards outsourcing and offshoring. Leading analysts, such as Gartner and Tower Group, have estimated that 30 to 50 per cent of IT functions is outsourced  . Over the past ten years, banks have made significant cutbacks in fixed costs, while increasing the variable component to become more business-agile. Also, they have mostly moved away from individual-based programming and supporting applications to service level agreement-based development and support.
However, the past two years have really changed the landscape of the IT organization within the financial services industry. In the interconnected world, information exclusivity does not last long enough to be advantageous. Banks need to increasingly redefine their IT systems to support business initiatives to respond to emerging competition from non-banking businesses, such as telecom and retail. 

Destination IT
There's a new thinking in the IT organization. Changing market dynamics and the predictability   of IT applications for various business needs, is leading to the creation of shared service utilities across functions. Still early-stage, these concepts can enable IT organizations to become more efficient while rendering superior support to business. We believe banks must explore the opportunity to reshape the IT organization to lead such industry changes by examining:
•The practicability of building a shared service organization across business units: Shared services within certain functions of single Lines of Business (LOB) bring some benefits, but also pose issues in cross-border trade on account of varying regulation. Building cross-LOB supporting services is yet to be understood in detail. Typically, organizations are wary of disturbing a working process, preferring to wait for first movers to succeed before making radical changes to the IT organization.
•Significant challenge in aligning mindset among diverse teams across LOBs:   Consolidating services based on utility requires broad consensus among a diverse set of business stakeholders, and a leaner organization. While this may force unpopular decisions,  consensus is necessary to mitigate the risk of disruption. 
•Difficulty in analyzing cost benefit: Rebuilding legacy platforms supporting various business processes, consolidating databases, migrating applications and reorganizing message flows, and changing downstream application interfaces is difficult to conceptualize and analyze from a cost-benefit perspective. This is further complicated by the choices available today. Given the scale of change, decision makers are finding it hard to justify a future case based on current realities. Since some decisions are forward looking, quantifying their outcome is  difficult, and they may need a leap of faith to happen. 

In Conclusion
Banks building a business-aligned, real-time responsive technology landscape to support next-generation banking should take the following dimensions into consideration:
•Lower cost of transactions and higher operational efficiencies - through services standardization and harmonization of the lifecycle managed across processes  .
•Leveraged data management through proper lifecycle management - enabled through enhanced dashboards, minimum error, and complete visibility into banking relationships with customers and suppliers.
•Enhanced risk management services - through proper alignment of risk servicing infrastructure enabling a consolidated view of various risks across entities, accounts and geographies.
•Adaptation of "Single Customer View" - with a complete and accurate customer warehouse. Provisioning an organization-wide standard of customer data for representation, access, control and governance improves cost and operational efficiencies.

Along with simplifying application architecture and supporting infrastructure, banks must address the key issue of mapping raw data from source systems into an appropriate canonical representation that downstream applications will consume as they are provisioned. Thanks to Service Oriented Architecture and Batch Integration mechanisms, today's technology is up to these challenges.

August 10, 2015

Risk Technology: Let the CAT out of the bag

Today's banks are facing a common challenge across the globe: mounting technology costs and increasing compliance requirements. New organizations are surfacing at every nook and corner to disrupt normal life through violence, and are being funded heavily to conduct global attacks. Due to the way the banks have operated so far - coupled with the macro conditions globally - a need has arisen for tighter controls and more stringent compliance requirements. Everyone talks about the cost aspect all the time; this blog will focus on the transformation approach banks need to take in enterprise risk technology. A cross-talk within LOBs would definitely be successful in catching the big fish that currently operate outside of the radar.

The need to focus on risk management and better compliance requirements, arises from the growing fraudulent activities the world over, and the demand for illegal fund placement to feed the current crop of terror networks. The need of the hour for all financial institutions is to, at the least, talk internally across the boundaries of LoBs. Let each of them take their CATs out, that is, Customer information, Account information, and Transaction information. Bring these three attributes centrally and imagine the possibilities of obtaining Predictive, Behavioral, and Business analytics which can out-pattern any application in the world. Let's take a look at the individual components of this CAT -

1. Customer information: Each LoB holds its own System of Records to capture customer information, and their core attributes like party key, bank-assigned unique numbers, name, address, and home and work details. Most of the times, the LoBs do not talk to each other and tend to hold back this information.

2. Account information: Each LoB holds some specific account attributes, like associated owners, which are never cross-reconciled across the LoBs. This leads to missed accounts when trying to sieve them through various rule based scanners.

3. Transaction information: This is the most critical of the three and perhaps the most immature part across organizations. The fraudulent minds take advantage of this vulnerability within the bank technologies and are able to successfully siphon off the money,  pass through undetected during scanning, or are able to place and direct the illegitimate funds to feed the weeds. Not even the big banks of the world have a mature LoB-wide transaction scanning with reasonable SLAs to take informed decisions. By the time something fishy is identified, they have missed the bus by a long while.

Like all problems, these security issues have a solution too; the need of the hour is for all these CATs to be out on a single hub, reconciled and analyzed, and then discussed upon as a first layer of security checks. This hub should handle the billions of daily transactions (the average volume for big banks ranges between 40-50 billion transactions, everyday) of various forms from various LoBs, reconcile the involved parties and accounts across transactions in order to get the complete picture, and then assign them risk ratings in order to get a clear classification of High-Medium-Low Risk customers, and their relationships with the bank.

Coupled with Predictive and Business analytics, this can work wonders and truly help investigation teams - within and outside the banks - tighten the fund movements, and curb the illegitimate fund placements and fraudulent activities.

This system of LoBs letting their CATs out of their bags, with a clear understanding and good coordination between them, will go a long way in curbing funds to undesirables the world over. However, most of the banks and LoBs currently operate in silos; which results in divided information with no real connection to establish a concrete risk profile. Many transactions pass under the radar and end up funding wrongdoers across the world. Only a well-connected kitty party of these CATs, across LoBs, will mitigate the risk these financial institutions run, at present, by failing to catch the suspicious transactions and parties, and paying penalties for their failures. More than improving the loss liabilities of banks, this system would directly impact the moral system of the people by cutting the financial pipeline to the malignant networks and rings around the world.