Archives for August 2009

Businesses Require Better Protection Online

Banks have taken many steps to protect customers online. Multifactor authentication (MFA) , policies for online banking, and consumer education, are among some of the sentries in place. The FDIC however issued a warning last week specifically aimed at the business online banking / cash management space. The alert relates to financial institutions that provide payment services online, and indicates that over the past year there has been an increase in the number of reports and losses related to online EFTs. The alert specifically mentions, “malicious software, including trojan horse programs, key loggers, and other spoofing techniques, designed to circumvent online authentication methods.” This is of particular concern as more banks are attempting to increase usage of the online channel for payments. For example, Celent is seeing a trend towards banks offering small businesses the ability to send wires online. Even consumers in some instances are being offered the ability to send wires online (see the NetBanker blog, “Bank of America to Eliminate Wire Transfers from Branches, Moving Volume to Online Banking.” In Celent’s opinion, small businesses and consumers are quite vulnerable since they do not have a corporate IT department that can update virus protection or teach them what to watch out for. Additionally, most small businesses have not been issued the appropriate MFA solutions required to send a wire or other payment online. Relying on the familiar image/phrase and/or challenge questions won’t cut it. I’m not saying that MFA is perfect – it too can be bypassed. However, Celent does believe in the use of tokens (hard or soft), or out of band authentication when dealing with high value payments. There are several steps banks should take:
  • Banks should implement a transaction monitoring solution (if they have not done so already)
  • Banks should adopt out of band authentication solutions (e.g. replace traditional token by sending a one-time password to a mobile phone via SMS)
  • Banks should consider offering mobile soft tokens (e.g. an application on an iPhone or Blackberry that provides a one-time password). For more details see the following Celent blog entry, “Move Over Token, My iPhone Can do The Trick
  • Banks should revise certain policies and procedures (e.g. require a token, more frequent password resets)
  • Banks should emphasize new customer education tools (e.g. training videos / blogs / podcasts on online risks, importance of virus protection, etc.)

MIA In The Healthcare Debate

The recent passing of Sen. Edward Kennedy and the imminent opening of the U.S. Congress’ Fall legislative session turned my attention back to the healthcare reform debate. Reaching out to my healthcare banking industry contacts and reviewing various healthcare-related web sites, I quickly came to the obvious conclusion that this debate has yet to address some key issues for healthcare banking industry players. The first missing component is actually something I blogged about in May. Congress still has yet to determine sufficient minimal coverage in terms of health plan design. Once such coverage has been defined, the next thing to look out for is something called “actuarial equivalence”. Actuarial equivalence is an approach used to measure health plans against each other, using expected average benefit payouts as the comparitive yardstick. If HSA-compliant high deductible health plans (HDHPs) are the actuarial equivalent of the congressionally-defined sufficient minimal coverage, we can expect HSAs to flourish. If not, HSAs will likely wither on the vine… Needless to say, there is a lot of lobbying activity taking place in DC to ensure that HDHPs make the actuarial equivalent cut. A key argument being made is that HSA contributions (especially those provided by employers) should be considered the same as paid out benefits. Another missing element in the healthcare debate is that of wellness behavior. Healthcare reform is squarely predicated upon the rapidly rising cost of healthcare, much of which is behavioral-based. As described in my report Fit To Be Paid: The Dynamics Of The Wellness Reward Market, behavioral-based health problems cost the U.S. economy hundreds of billions of dollars in medical costs, and hundreds of billions of more in lost productivity. However, healthcare reform is proposing scant little to encourage/force behavioral change. Asking Americans to go to the gym, eat less (or heaven forbid) stop smoking may be a political pipe dream. Given this, institutionalizing financial rewards for behavioral change may be an alternative approach which could be supported by healthcare banking. As mentioned in my Fit To Be Paid… report, financial rewards almost always have a positive ROI. Fasten your healthcare banking seatbelts, the Fall promises to be quite the ride…

Chase-ing away customers

I, like many Americans, hold a Chase credit card. With their recent purchase of WaMu with a huge branch network on the West Coast, they were continuously making offers of increasing dollar amounts to open a checking account. After about a dozen of these, culminating with one for $150, I finally relented. The experience was an eye opener. I opened the account on August 13th, and because of an account I had closed many years ago, the customer service representative (CSR) at the branch was unable to set up internet banking. Strike 1. He called the operations center and was unable to solve the problem. I was told I would get an email with in two days. I didn’t. I waited a week and still no email. Strike 2. I then went to, called the 800 number when unable to log in and reached an off-shore call center. I immediately asked for a supervisor, who looked into the matter in real time. He told me that the incorrect form had been filled out in the operations center and that he would fill out the correct form. I should wait two days, then visit a branch where I should create a new internet banking account. I visited a branch and sat down with a CSR. We couldn’t set up internet banking. The rep called on-line banking operations. It turned out that while the correct form was filled out in operations, it wasn’t filled out correctly. Strike 3. I should wait a day and go back to a branch to authenticate with my debit card and PIN and open up internet banking. I have saying for customer service: Strike three and I’m out. Then I thought about what a great topic this would be for a blog post, and continued the process. I then went to the branch and tried to open up internet banking asking for the branch manager. It failed. Strike 4. The CSR and the branch manager printed out the error message and told me to go to the branch where I opened the account which was 8 miles down the road. I drove to the originating branch, where I asked to speak to the manager. I told her about the process I had been through, and that I would close the account if I didn’t have internet banking set up this visit. She was willing to close the account. I also presented my business card and told her that I would be blogging about this experience. That finally got someone’s attention. The manager sat down with a CSR, who had me authenticate and create an internet banking account. It failed. Stike 5. They then called the operations center, asked for a manager, spent a good bit of time on the phone and finally I received an email on my iPhone with a temporary password. It worked! I was late for my next meeting, but the account WITH internet banking was open.
  • Time spent opening account: 3.7 hours
  • Chase employees involved: 12
  • Time since opening account: 13 days
What went wrong here? 1. No one was willing to own the problem to resolution. Westpac Bank has an initiative called “Ask Once.” When a customer contacts the bank with a problem, the first point of contact owns the problem and brings it to resolution. Nedbank in South Africa offers a similar commitment. ask once Should American banks consider such an initiative? Until I identified myself as someone in the industry who would raise the issue with a blog post, the branch manager was more than willing to close the account rather than try to get internet banking to work and gain a customer. 2. The world of legacy systems makes it difficult to solve problems immediately. Between complex integrations, batch operations, and remote operations centers, it’s hard to solve problems. 3. Off-shoring made the problem harder for me to solve. While off-shoring reduces cost, and works for simple requests, when there are complex problems they need to be escalated to more experienced long-time employees. What didn’t go wrong? This wasn’t an integration issue. I was on 100% WaMu systems here in Calfornia, but I’m told that we will be migrating over to Chase systems in October. I’ll keep you informed. As banks cut costs are you seeing customer service levels drop? Is there an opportunity for banks to invest in service to gain share? I welcome your comments.

Why Canada is Hotter than the United States

I know it sounds counter-intuitive, but Canada is hotter than the United States, at least when it comes to core banking. After visiting clients and prospects in Canada it is clear that core banking is heating up, but not quite ready to boil. Certain banks in Canada have been examining core banking migrations and have been doing so for a long time. Some will start to move soon. Reasons core banking in Canada is moving forward more quickly than in US:
  1. Canadian banks are experiencing specific pain points around core banking in certain LOBs.
  2. There is fuel (cash) for the fire. Canadian banks are in much better financial shape than US ones.
  3. Canadian banks have mostly internally developed systems; many American banks have licensed systems.
  4. Canadian banks see their Australian peers moving forward with core banking.
  5. When one of the big five in Canada move, it moves the market.


When the pot does eventually boil, and one of the big five moves, it impacts the market strongly. Others in this group will need to form a response.

Islamic Banking in India : Stumbling at the Regulatory Block

Islamic banking has been on the rise in the Asia-Pacific region, accounting for 60% of the global Islamic banking market. However, despite its rise in the rest of the region, the penetration of Islamic banking in India has been low. This is especially surprising with India having approximately 154 million Muslims and being the second largest Muslim population of the world. As mentioned in the Celent report Rise of Islamic Banking in the Asia-Pacific Region, this is primarily due to a regulatory block which allows Islamic banking to operate only in the form of a Non-Banking Financial Corporation. An amendment in the Banking Regulation Act of India, 1949 is required to allow the Islamic banking system to operate in banks in India.

The primary reason for the regulation can be mainly attributed to the socio-religious nature of the Indian political scene. This is especially evident in the Raghuram Rajan Committee of Financial Sector Reforms report submitted to the Prime Minister of India last year. Although the report recommended principles based on Islamic banking, the term “Islamic banking” was deliberately replaced by “interest-free banking”. The committee recommended that measures be taken to permit the delivery of interest-free finance on a larger scale, including through the banking system. With this recommendation, the ball is in government’s court and it is up to them to come up with appropriate measures to introduce these products in the Indian banking sector. However, a rebranding of the various Islamic banking products must be done to achieve widespread acceptance and serve its foremost purpose of financial inclusion.

In addition to the regulations, some experts feel that the infrastructure for Islamic banking is not yet in place and steps must be taken in that regard. In fact, last week, Kerala State Industrial Development Corporation (KSIDC) announced setting up India’s first interest-free financial institution along Islamic banking principles in Kerala. It is beyond doubt that there exists a huge potential for Islamic banking in India. But, it will take strong policy decisions to tap the same.

JHA Acquisition of Goldleaf – Bigger than it Looks

Goldleaf Financial Solutions is not a big company (US$80 million in 2008) – certainly not by US core system vendor standards, but the acquisition of Goldleaf by Jack Henry & Associates may be bigger than it appears. For its size, Goldleaf has a large share of the distributed capture market. With more and more financial institutions adopting branch capture (in many cases at the teller line) JHA was wise to be interested in Goldleaf’s installed base. Conversely, JHA provides the teller system of choice to roughly 12% of small banks (<$1b in assets) and 18% of midsize banks ($1b – $10b in assets) by our calculation. That’s a great installed base of teller systems to equip with distributed capture technology.
JHA Brings a Big Teller System Installed Base

JHA Brings a Big Teller System Installed Base

Properly integrating teller and capture systems has proven to be easier said than done. Doing so is a prerequisite for a smooth running teller capture implementation. After a few years (since Check 21) now, there have been relatively few “certified” integrations, and Goldleaf leads the pack by a large margin. Its experience in this area will likely prove valuable to JHA which, despite its size, has had little to show in this area.

Seemed Like A Good Idea At The Time…

Just last week, the Blue Cross Blue Shield Association (BCBSA) announced that it was looking to sell its Blue Healthcare Bank operation. BCBSA originally chartered the bank in 2007, mainly to capture a share of the HSA market. Back then, this seemed like a really smart move and received considerable industry attention. At the time, United Healthcare had already proven the viability of an insurer-owned bank model with its Exante (since renamed OptumHealth Financial) Bank. Combine this model with the very widely-known Blue Cross Blue Shield brand and voila, it looked as the healthcare banking industry had a major player on its hands. This obviously did not turn out to be the case. Some of the missing components of Blue Healthcare Bank’s strategy can be found in Celent’s report, HSA Acquisitions: Hare-Like Market, Tortoise-Like Dedication. The bank got off to a slow start due to the fact that many of its member organizations/owners (i.e., the independent Blue Cross Blue Shield health plans around the country) had already partnered with faster-moving HSA custodial banks. Also, it was easy to wonder about Blue Healthcare Bank’s commitment to the market. There was little to no presence at industry events and I can’t tell you how many times I got a blank stare when I asked well-connected industry players whether they knew about the bank’s activities. From this, it’s probably safe to assume that awareness of the bank within the broker channel was extremely low. So, a good idea gone wrong. More importantly, this is a strong signal other health plan carriers (e.g., Wellpoint) that starting one’s own bank is probably something best avoided.

Electronic Invoicing: What’s in it for banks?

I am currently running a research project on e-invoicing across Europe, U.S.A., and Asia. The key areas of my investigation are:

· Volumes of paper and electronic invoices exchanged in the regions

· The role of the Public Administrations in pushing for the use of e-invoices

· Communication standards and transmission channels (e.g., inter-bank; proprietary; open networks) used for e-invoices

· Regulatory frameworks (e.g., digital signatures) that make e-invoices legally valid

· Business models adopted (e.g., fees applied- monetary value, where possible) to deliver e-invoice services

Existing market research shows with evidence that the benefits to corporate clients are significant. Especially the current economic scenario encourages corporate decision makers to identify sources of internal savings and operational efficiency. E-invoicing promises important returns. This keeps the item high on the corporate treasurer’s agenda, accelerating the business opportunities for software vendors, service providers, and the activities of government and standard bodies that aim to reduce roadblocks tied with disparate fiscal, legal and technical communication protocols.

The issue we encounter is rather with banks, which are still facing the dilemma of what to do to benefit from this trend.

Our opinion is that the real problem resides in the revenue model. Banks have tried to sell “paper-to-bit” conversion (i.e., dematerializing) services, encountering two major, and still unresolved, issues:

How much to charge

Who should pay

How to convince small companies to move from paper-based invoices to electronic B2B processes (i.e., onboarding)

Our recommendation to banks is to look at the “big picture” of e-invoicing: Electronic invoicing is part of a larger end-to-end (i.e., integrated) process.

While the “basic” electronic invoice process starts from the conversion of the invoice document from paper to electronic, down to the archiving of the invoice, a more “integrated” electronic invoice process encompasses the end-to-end order-to-payment cycle: Order, Delivery, Invoicing, Payment.

In this case, all documents (e.g., purchase orders; sales orders; shipping documents; invoices; payment documents; credit and debit notes) are digitized in electronic format, and all are automatically reconciled and archived.

There is no business for banks in the service of dematerializing a paper invoice (i.e., the “basic” e-invoice process). Our experience shows that corporates expect a free service for this, such as having an e-banking account. It has become part of the “cost of doing business” for a bank.

This part, and all the related onboarding, technological and connectivity aspects, should be handed off to a service partner, at no charge for the end user.

The business for banks comes from the services provided along the other integrated processes (i.e., Order; Delivery; Payment), where they can attach supply chain finance products and services.

Bottom line

The electronic invoice becomes the wagon that carries all the necessary data and information that a bank must analyze and use, to spot the business opportunities of its corporate customers. Therefore, banks should invest in analytics and supply chain visibility applications.

Mobile RDC: What’s the hold up?

Now that the dust has settled on remote deposit capture, RDC, for commercial customers, a relatively small number of financial institutions are looking towards measured expansion of the technology to include wealth management, micro business and private banking clients. Some even contemplate making RDC available to a broad consumer base using suitably equipped mobile phones as the image capture device (a.k.a. Mobile RDC). Yet compared to the meteoric adoption of commercial RDC, this subsequent market expansion is moving at a snails pace. What’s the hold up? More specifically, beyond a handful of financial institution pilots, why have so few banks launched initiatives? The most commonly cited adoption barrier is risk. In particular, some argue, the risk of users depositing the same item more than once. In addition, the FFIEC guidance, Risk Management of Remote Deposit Capture, January 2009, admonishes financial institutions to undertake careful risk mitigation and controls when deploying RDC, including determining which customers are suitable for RDC, training them appropriately, and developing appropriate systems monitoring and reporting capability. Some financial institutions have concluded that attaining all these requirements amidst serving a customer base as potentially vast as the consumer or small business market is untenable – or at least more trouble than it might be worth. Given the state of things in financial services, who could fault a financial institution for being risk adverse? Yet, something tells me that risk is only part of the story – or worse, a convenient justification for inaction. The larger challenge for financial institutions contemplating adopting mobile RDC is what to do with all their branches. Over eighteen months ago, Celent surveyed over 150 commercial RDC deploying financial institutions and found that even then, in RDC’s formative years, a third of banks experienced a significant reduction in branch transaction volume as a direct result of RDC (Figure 1). Since that survey fielded, total RDC client adoption has more than doubled, displacing more branch traffic. A significant small business or consumer RDC initiative would have a more profound impact.

Figure 1 – RDC’s Impact on Branch Traffic, December 2007

Source: Celent FI survey, December 2007, n=157

Source: Celent FI survey, December 2007, n=157

We’re not prophesying the end of branch banking. Rather, we’re suggesting that some amount of branch infrastructure reengineering is a likely prerequisite to enjoying a respectable return on investment in mobile RDC. Many banks already are grappling with declining branch profitability. Fixing that problem will likely be costly and protracted. Branch closures may stop the hemorrhaging, but systemic redesign is needed. In this context, a successful consumer RDC launch would exacerbate the pain already being felt and hasten the need for the really big task of branch redesign. This makes FFIEC compliance looks easy by comparison. RDC (mobile or otherwise) is, after all, a customer self-service channel. Unlike other self-service channels that have largely added customer transactions (yet with great benefit), RDC eliminates trips to the branch by definition. Check transactions remain the #1 reason banks have tellers. Mobile/consumer RDC could change that in a big way. That may be the big reason for hesitation at some banks.

Big in Japan

As I visited with a number of the Japanese mega-banks they found themselves in situations not unfamiliar to American or Western European banks. The mega-banks are all a product of mergers and there is a need to rationalize systems across the merged entity. They also find themselves with large monolithic systems that are increasingly inflexible, but don’t know where to start or how to start. Most are investigating SOA as a solution to this problem. The buzzword in Japan seems to be EA or Enterprise Architecture. In reality it is about SOA. Since most of the mega-banks had monolithic cores across the entire bank, they didn’t require the integration layers that the US banks needed to deploy in order to provide the customer a single view of all his or her accounts. Everything was in one giant system. The sheer magnitude of the system makes it both hard to change and hard to leave. SOA can be a way for these banks to first modularize, and then gradually migrate. This is the same situation most very large banks face, and SOA could be the path to break up the monolith and gradually chip away at it. It is a daunting task, which is why the mega banks are more in a contemplative mode than an action oriented one. daibatsu