Celent’s anti-money laundering vendor report: 2009 update

Celent’s anti-money laundering vendor report: 2009 update
Celent’s AML vendor evaluation reports have become something of a de facto standard, referenced by banks and regulators around the world. We began covering the sector in 2003, and are about to start work on our 3rd edition of the report. AML has not gone away as a concern for banks; indeed it has expanded, across both banking tiers (reaching down into community banks and credit unions in the US, for example) and across geographies (I recently spoke at an AML conference in Malaysia that drew over 500 delegates). The behavior detection technology that underpins AML software has also expanded its boundaries within the financial institution. Celent has been behind the “enterprise risk” approach, that is, consolidating AML and anti-fraud efforts, since our first AML report back in 2002. But until the last few years there were few real-life examples to point to. Recently, however, financial institutions have become increasingly concerned with fighting fraud, including fraud committed by customers as well as employee fraud. And a growing number of firms are beginning to take a wholistic approach to these issues. So this time around our report will take an enterprise risk approach as well, by including in our evaluation the anti-fraud products of the AML vendors. We’re calling it “Evaluating the Vendors of Enterprise Risk Management Solutions 2009.” We’ll be starting research on the report this month, beginning with qualifying vendors for inclusion in the report. The last edition evaluated 19 vendors and was 100 pages long. As the market has shifted, with new products emerging and others fading from sight, there may be some shuffling in order to keep the field of vendors representative of the marketplace. And although we are constantly looking at this space, we’d welcome any comments on vendors we should consider that we may have missed. As a reminder, the AML software providers evaluated in the 2006 edition of the report were: Accuity, Ace Software Solutions, ACI Worldwide, Actimize, ChoicePoint/Bridger Insight, Experian/Americas Software, Fortent/Searchspace, FircoSoft, LogicaCMG, Mantas, Metavante/Prime Associates, Fiserv/NetEconomy, Norkom Technologies, Northland Solutions, SAS Institute, Side International, STB Systems, Top Systems, Wolters Kluwer Financial Services/PCi

Credit Card Legislation

Credit Card Legislation
Large credit card issuers have been given relatively free rein in the past. That has now come to an end with recent legislation. Double cycle billing is now over. According to the American Banker, “The statute allows card companies to increase rates on existing balances only when a payment is 60 days or more late, a promotional rate expires, the rate is tied to a variable rate or the cardholder has entered a workout agreement.” While I can understand how card holders are upset if they find their rates increased unilaterally, it also prohibits banks from repricing for risk when the financial circumstances of the card holder change. I can think of a reasonable compromise: a happy medium would be to allow limited rate increases on existing balances (say x% every 3 months) given certain well-defined changes such as a drop in FICO score of greater than y. This is unsecured credit, and if risk increases so should price. Mortgages, car loans, and HELOCs have a collateral to help banks recover some of their loans in worst case. Credit cards don’t, so I think banks deserve A BIT, more flexibility. Credit cards shouldn’t give banks carte blanche to double cycle bill, apply payments to the advantage of the bank, repeatedly charge overlimit fees for the same event. Look for similar Congressional action on NSF fees tied to debit cards. With the government bailing out the banks, citizens are feeling empowered to question some of the more egregious practices.

Next Generation Online Banking Solutions

Next Generation Online Banking Solutions
I have been receiving many inquiries from banks about what to do with their aging online banking platforms. They recognize the need to upgrade but question what their provider is suggesting or simply would like to know more about where the market is headed. I have spent a lot of time researching the market and I have a pretty strong opinion regarding the types of features/functions that banks need to offer. Usability and customer experience are paramount. Some of the key areas of discussion lately have been:
  • Vendor solutions. Should I stick with my current vendor or switch to a new provider? Who has the best solution out there? This is not a simple question to answer, and one that requires plenty of investigation. Celent has recently evaluated the vendors of retail online banking solutions (see the following report). Banks have been approaching us for custom evaluations where we plug in their specific requirements. I enjoy these projects as they always produce different results and I get to meet a lot of interesting and knowledgeable people.
  • Web 2.0 Rich Internet Applications. Banks are trying to sift through the hype. They want to build Rich Internet Applications (RIA) but are having a hard time defining the business case. It’s a slow-moving process, but banks are recognizing the shift and the need to remain competitive. Non-banks are leading the Web 2.0 charge and banks are realizing that they are playing catch-up when it comes to customer experience.
  • PFM. I have blogged about this extensively. Banks know they need to jump on the PFM bandwagon. Should they build a solution, buy pieces, outsource the entire thing? They also want to know how to integrate PFM properly into online banking. Lots of questions here.
  • Social Media. Twitter is the talk of the town. I am receiving a ton of inquiries about how banks can leverage Twitter and other forms of social media. Banks also want to know how to integrate this into online banking and customer support.
While retail online banking has been the subject of most inquiries, small business online banking has proven to be a popular topic as well. Most banks tend to lump their small business customers onto retail solutions and ignore their unique requirements. The last thing a bank wants to do is let a small business customer fall through the cracks. They require customized features, some of which will need to be scaled down from cash management solutions (e.g. ACH, wire transfers, entitlements). The same can be said for high net worth customers who may require sophisticated capabilities. In any case, I have been conducting a lot of online banking research lately and I am enjoying the fresh perspective that certain banks are thinking about or even starting to take. If you would like to discuss any of these please comment or feel free to send me a note (email / Twitter).

The Risks of PFM Revealed

The Risks of PFM Revealed
It was an interesting and dangerous week in the PFM space. I have been talking about the security risks and data privacy issues of PFM for some time and unfortunately my predictions have come true. This is what happened:
  • Rudder experienced what I would consider to be a serious data breach. Certain Rudder users were able to see the account information of other users. Twitter and the blogosphere were ablaze yesterday with details of the breach. A good summary can be found on the TechCrunch blog. This is a serious blow to Rudder and the entire consumer direct PFM space. This is an inexcusable gaffe and one that will have folks questioning whether they should be providing their account info to these sites.
  • Mint.com may begin to sell “anonymous” consumer data (This Bloomberg article sums it up). This will raise the eyebrows of many users and I believe it is a privacy violation. Banks have all kinds of “anonymous” data on their consumers but they can’t just turn around and start selling it (they would likely get shot down by regulators).
These 2 events further reinforce my belief that PFM needs to be taken care of by a bank. Startups may have cool, next generation products, but they can’t necessarily be relied upon to protect your information and privacy. Don’t get me wrong, many banks have experienced data breaches, but they answer to a higher authority and are in a better position to help customers deal with the consequences.

PFM is an Integral Component of Online Banking – Digital Insight and Metavante are on The Right Track

PFM is an Integral Component of Online Banking – Digital Insight and Metavante are on The Right Track
Interesting happenings in the PFM space yesterday. Digital Insight announced an agreement with Metavante that would enable Metavante to offer Digital Insight’s FinanceWorks to its online banking customers. I’m a big believer in integrating PFM with online banking so it is nice to see the traditional online banking solution vendors take the next step. Digital Insight has been selling FinanceWorks like hotcakes – More than 160 banks and credit unions currently offer or are in the process of launching the solution. There are a couple of reasons why the Digital Insight/Metavante deal is significant:
  • Credibility and Proven track record. Digital Insight and Metavante have been in the online banking space for eons. They have experience with online banking solutions and have acknowledged the important role played by PFM.
  • Integration Experience. There are a few consumer-direct PFM players (e.g. Wesabe, Gezeeo) that have announced that they will market their product to financial institutions (see the following blog entry). While they have very viable and competitive offerings they don’t have experience integrating with online banking solutions. This will however change as these vendors continue to sign up additional financial institutions. They will give the traditional OLB players a run for their money.
Additional OLB players will come out with next generation PFM solutions – it is only a matter of time. Digital Insight (and now Metavante) have a good head start.

The Need for Legacy Work Culture Transformation?

The Need for Legacy Work Culture Transformation?
It has been quite some time since the core banking trend hit the Indian banking industry. Almost all the top banks in India have implemented the core banking makeover in their systems and moved towards “Anytime, Anywhere” banking. But, the obvious question arises. Have the banks really moved, in spite of their marketing campaigns saying so? I recollect an incident where my colleague wanted to apply for the online banking service from the bank in which he was maintaining his salary account. Despite being one of the largest banks in India and one of the first banks in India to start the core banking transformations, he was informed that he can apply only in the branch in which he had opened the account! If the bank was indeed centralized and had implemented the “Anywhere” banking concept as advertised, why would the specific branch matter?

The culprit is not in the IT systems implemented in the bank but among the people using it. IT transformation has been the buzzword in the banking industry in India. But, the transformation of the bank is not brought about by IT alone. Business processes, policies and more importantly the work culture of the bank matters the most. I remember reading an interview of a CEO of one of the banks in India, where he mentions that a major challenge that the bank is facing is in changing the work culture of the bank. The current work culture has been inherited from decades of protectionist regime that the nationalized banks have enjoyed. The systems and processes are indeed very bureaucratic. Performance-based work culture has yet to find its place within the nationalized banks.

Fortunately for the banking industry, the liberalization and the emergence of private and foreign banks have started changing the outlook of the bank employees. With even nationalized banks gearing for major rebranding exercises, maybe it is time for them to look into their internal policies and instill corporate culture as well. The true transformation happens only when the legacy processes and policies are changed along with legacy IT systems.

NCR’s Mobile Deposit Move

NCR’s Mobile Deposit Move
On 28 April, NCR announced its integration of Mitek Systems’ ImageNet Mobile Deposit to its’ APTRA Passport imaging platform. The NCR decision follows integrations already completed by J&B Software and RDM Corporation. This was a smart move on NCR’s part in our opinion. Others are sure to follow. Mitek announced its ImagNet Mobile Deposit platform in January 2008 and followed with announcements of Blackberry support in September 2008 and Apple iPhone compatibility in October. To be sure, Mitek is pushing the envelope with remote deposit in an environment where the industry is barely adept at small business RDC using specialized check scanners and “consumer capture” is largely offered among credit unions alone. But all this is changing. In our opinion, mobile remote deposit is destined to succeed for two reasons: convenience and device ubiquity. Apple shipped 2.3m iPhones in 2007 and 13.7m in 2008. RIM boasts about 25 million BlackBerry subscribers through February 2009. The world is quickly going mobile, and mobile banking is riding the wave. Bank of America alone boasts well over a million mobile banking users (June 2008). Apart from risk concerns, why wouldn’t mobile RDC be an obvious feature for select mobile banking users? We’re not alone in expecting mobile remote deposit to catch on. In research derived from a Fiserv-sponsored online survey of roughly 300 customers in October 2008, one third of respondents see a need to offer mobile deposit capture services to their business customers. The majority of respondents indicated that businesses that sell products and services at the buyer’s location (such as home appliance repair businesses and food and beverage distributors with trucks in the field) are their primary target market for mobile deposit capture. We agree. Banks would do well to launch mobile RDC first to business clients while there may still be fee income to be had. But banks clearly aren’t rushing into mobile RDC as they had with RDC’s original incarnation. Caution is understandable, but scoffing is short sighted. Celent’s position is that viability of mobile check deposits rests on four requirements: 1. Client usability – the application must be fast, simple to use and provide reasonably consistent performance despite widely varying lighting conditions, steadiness of hands and check stock characteristics. Obviously, mobile deposits introduce greater variability in image characteristics than images captured on specialized scanners. 2. Operational viability – even the most enriching user experience would be for naught if mobile deposits wreak havoc in the back offices of deploying financial institutions. 3. Security – image and data transmissions would need to be secure. Any security vulnerabilities would prove disastrous. 4. Broad device support – part of the value proposition for mobile deposits rests on not having to invest in image capture devices. To provide some direct experience in using ImageNet Mobile Deposit, Celent requested a test account from Mitek and experimented using the authors AT&T Tilt device. Installing and learning the simple application took no longer than 15 minutes. Sample deposits were performed using a mix of personal and business checks after lining out the check codeline for security. Overall user experience was favorable – even for this novice camera phone user. And, the image analytics appear to have been up to the task. With intentional carelessness toward lighting, contrast and steadiness of hand, resulting check images appeared Check 21 ready. Mobile RDC is clearly a nascent market, and banks have lots on their hands these days. But sitting on the mobile RDC sidelines may leave banks wishing they hadn’t.
Checks captured on the author's device with intentional carelessness

Checks captured on the author's device with intentional carelessness

NACHA Payments – Trends and Thoughts Related to Online Banking

NACHA Payments – Trends and Thoughts Related to Online Banking
I got back late last night from the NACHA Payments conference in Orlando. It was a good event, although not surprisingly, it was apparent that attendance was down. Sessions seemed to be well attended, although exhibit hall traffic was light (and much smaller this year to boot). I spent most of my time at the conference in meetings with our clients – a mix of banks and software vendors. Most of my meetings centered around online banking and payments, particularly for small businesses and large corporates. A few noticeable trends emerged:
  • Web 2.0 is finally arriving to the business online banking space. Almost all the vendors I met with either talked about or showed me fresh GUIs with better navigation and layout. This is long overdue. A couple of the vendors have been working on this for a little while, and their advances made it into my upcoming online cash management vendor evaluation report (the report is complete. It’s now time for it to be edited and for the vendors to review their profiles prior to publication). Bank of America had an interesting but basic presentation on next generation Web 2.0 cash management solutions. I was quoted in the presentation, and it’s nice to see a bank thinking about the next generation of solutions.
  • Dashboards are a key component of next generation online banking solutions. This was definitely the buzzword. I discussed this at length in my report, Web 2.0: A Quantum Leap for Wholesale Banking .
  • Banks still don’t get the importance of PFM for small business. I seemed to be the one asking the questions about this. I would have liked to see greater emphasis on PFM, particularly with the Web 2.0 demos and discussions.
I also gave a presentation together with Bremer Bank and Fiserv called, Courting a New Kind of Customer: Serving Small Business Online. The session was well attended and there were a few good questions at the end.

The Swiss (well, Japanese) Army Knife of Cards

The Swiss (well, Japanese) Army Knife of Cards
I was in Japan on vacation last week, and saw a payment card that would likely make any U.S. card expert’s head explode — allow me to explain. I’ll start with the easy stuff. This is a Visa-branded credit card, issued by Mizuho Bank of Japan. As such, it functions like any other Visa-branded credit card. Getting a wee bit trickier, the card is for “Electronic Use Only”, a fancy way of saying that it’s not embossed. So far, so good, right? Now things get really interesting… The card has a mileage points program, which can be used to automatically load a Suica e-money purse, which can be used at numerous public transportation systems around Japan (mainly Japan Railways) and merchants such as convenience stores and station kiosks. In the U.S., the only card that is similar is the Starbucks Duetto Card, with second purse use limited to one merchant (i.e., Starbucks). http___wwwmizuhobankco1 As Celent SVP Bart Narter often says, “But wait, there’s more…” The card is a chip-enabled for greater security at POS and ATMs. Very importantly, the Suica e-money purse is supported by contactless technology, an absolute necessity for use at railway turnstyles during morning and evening commutes. Also, the Suica purse can be auto-loaded from the credit purse once the balance drops below a certain threshold. No such combo payment-transit card has yet to take off here in the U.S. Finally, when used at certain merchants (i.e., Japan Railways stations and agents), the card functions as a View Card, a private-label credit card which offers more favorable merchant discount rates than Visa-branded transactions. There are very few, if any viable examples of dual branded-private label cards available in the U.S. today (I do seem to recall that Brooks Brothers once co-branded a similar type of card with GE Money). All of this without an annual fee — don’t hold your breath for a U.S. equivalent.

Will ISOs claim the RDC market as they have done with credit cards?

Will ISOs claim the RDC market as they have done with credit cards?
Remote deposit capture (RDC) has taken financial institutions by storm. In just over three years since its debut, more than half of all US banks have adopted solutions, along with a significant number of credit unions and retail brokerages. But this extraordinary adoption among financial institutions has thus far led to comparatively tepid client adoption. Based on multiple research efforts, we can conclude that this lopsided picture is not the result of an exaggerated view of the market opportunity. The rationale for such historically temperate sales and marketing efforts among banks is defensible in many cases. But RDC is no longer a nascent market. The time has passed for financial institutions to take a more aggressive stance. RDC: The Perfect ISO Opportunity? The credit card business isn’t what it used to be. Market growth has cooled, with stiff competition and challenging margins. Independent sales organizations (ISOs) appear more than eager for the opportunity to expand their product lines beyond card services. For ISOs, the opportunity is two-fold: cross-selling RDC to current merchants and expanding reach beyond card-heavy clients into entirely new markets within existing geographies. From a market development perspective, the scenario is close to ideal. Compared to financial institutions, ISOs appear to be in a good position to act on the opportunity. But, how is this going to work? ISOs will need to provide remote deposit capability that allows businesses the ability to maintain existing bank relationships. Ironically, that won’t likely be done using the image based processing that Check 21 envisioned. That’s because most banks aren’t ready to receive image cash letter (ICL) deposits, and those that are limit such arrangements to large volume clients because of the time-consuming file certification and management overhead involved. Instead, ISOs are likely to utilize a third party aggregator and a presentment financial institution, into which all the collective small business check deposits will be sent via image. Then, the presentment financial institution will settle with multiple banks of first deposit using ACH credits, while presenting items to paying banks via image exchange (Figure 1). In so doing, banks of first deposit maintain deposit relationships, businesses enjoy the benefits of remote deposit, presentment banks earn fee revenue, and ISOs do what they do best – sell and service clients. It might actually work. picture122 Not All Roses As attractive as RDC may be for ISOs, success won’t be a slam dunk. ISOs don’t know check payments like they know cards. Thorough training will be an imperative. Additionally, the RDC value proposition is highly varied among market segments. Many ISOs enjoy specialization, and won’t find their target market segments a good fit for RDC. Unlike merchant acquiring, RDC is not required for check acceptance. Some segments (restaurants, for example) will make lousy targets for RDC. ISOs will need to sort this out. Secondly, the processing model presents significant return item risk to presentment financial institutions. To mitigate this risk, presentment banks will wait until all funds are good before originating the ACH credit to banks of first deposit. Client funds availability will likely be delayed compared to bank direct RDC models. It’s too early to tell if this will be a factor in selling. But, the biggest risk to the success of ISO RDC delivery is the business model itself. Today’s bank direct RDC pricing leaves plenty of room for ISO profit. But, if free scanners and lower monthly maintenance fees become the norm, there may be insufficient profit opportunity left for an ISO in the middle. Will ISOs claim the RDC market as they have done with cards? It’s simply too early to tell. Many banks regret what has occurred with merchant acquiring and won’t let that happen again with RDC. But that won’t stop ISOs from getting a foothold in this large and diverse market. Some banks, those primarily seeking core deposit growth, welcome third party involvement to take care of the hardware deployment and provisioning. So what can be predicted with certainty? Just this: it’s going to be fun to watch!