Large FIs spent $25M rolling out failed risk management frameworks during the 2000’s. So why try again?

Large financial institutions spent in excess of $25 million on rolling out failed enterprise risk management frameworks during the 2000’s. So why try again? Well for many obvious reasons, the most notable of which has been the large scale failure of institutions to manage their risks and the well-editorialized consequences of those failures. The scale of fines for misconduct across financial services is staggering and damage to the banking industry’s reputation will be long-lasting. Major Control Failures in Financial Services blog Source: publicly available data Regulators and supervisors are determined to stop and reverse these risk failures, specifically, the poor behavior of many bankers. Regulators are demanding that the Board and executive management take full accountability for securing their institutions. And there is no room for failure. This is the only way that risks can be understood and, hence, managed across the enterprise. There is no denying that risk management frameworks are hard to implement but Celent believes the timing is right for the industry to not only secure their institutions and businesses but to innovate more safely and, slowly, win back the trust of their customers. My recently published report Governing Risk: A Top-Down Approach to Achieving Integrated Risk Management, offers a risk management taxonomy and governance framework that enables financial institution to address the myriad of risks it faces in a prioritized, structured and holistic way. It shows how strong governance by the Board is the foundation for a framework that delivers cohesive guidance, policies, procedures, and controls functions that align your firm’s risk appetite to returns and capital allocation decisions.

Proposed new cyber security regulations will be a huge undertaking for financial institutions

New York State Department of Financial Services (NYDSF) is one step closer to releasing cyber security regulations aided by the largest security hacking breach in history, against JP Morgan Chase. The attack on JPMorgan Chase is revealed to have generated hundreds of millions of dollars of illegal profit and compromised 83 million customer accounts. Yesterday (Tuesday, November 10), the authorities charged three men with what they call “pump and dump” manipulation of publicly traded stock, mining of nonpublic corporate information, money laundering, wire fraud, identity theft and securities fraud. The attack began in 2007 and crossed 17 different countries. On the same day as the arrests, the NYDSF sent a letter to other states and federal regulators proposing requirements around the prevention of cyber-attacks. The timing will undoubtedly put pressure on regulators to push through strong regulation. Under the proposed rules, banks will have to hire a Chief Information Security Officer with accountability for cyber security policies and controls. Mandated training of security will be required. Tuesday’s letter also proposed a requirement for annual audits of cyber defenses. Financial institutions will be required to show material improvement in the following areas:
  1. Information security
  2. Data governance and classification
  3. Access controls and identity management
  4. Business continuity and disaster recovery planning and resources
  5. Capacity and performance planning
  6. Systems operations and availability concerns
  7. Systems and network security
  8. Systems and application development and quality assurance
  9. Physical security and environmental controls
  10. Customer data privacy
  11. Vendor and third-party service provider management
  12. Incident response, including by setting clearly defined roles and decision making authority
This will be a huge undertaking for financial institutions. Costs have yet to be evaluated but will be in the millions of dollars. It will be very difficult to police third party security because, under the proposal, vendors will be required to provide warranties to the institution that security is in pace. The requirements are in the review stage and financial institutions should join in the debate by responding to the NYDFS letter.

Increasing headwinds in corporate banking?

This week I’m in Singapore, which provides a beautiful backdrop for Sibos 2015, the annual conference that brings together thousands of business leaders, decision makers and topic experts from a range of financial institutions, market infrastructures, multinational corporations and technology partners.

IMG_2628

This year’s conference theme is connect, debate and collaborate and takes place at a time of increasing headwinds from a slowing global economy, higher compliance costs, increasingly global corporates, and competition from both banks and nonbanks alike. I spent the past few months taking a deep dive into corporate banking performance over the past 10 years–a period of both tremendous growth and unprecedented upheaval. As expected, corporate banking operating income and customer deposit balances have experienced healthy growth rates over the past 10 years. But surprisingly, despite increases in customer deposits, corporate banking income was largely stagnant over the past few years.

Corporate Banking Income and Deposits

Corporate banking plays a dominant role for the largest global banks. In 2014, corporate banking was responsible for 33% of overall operating income and 38% of customer deposits across the 20 banks included in this analysis.

As outlined in the new Celent report, Corporate Banking: Driving Growth in the Face of Increasing Headwinds, this critical banking sector is shaped by four external forces: economic conditions, the regulatory environment, business demographics, and financial technology. These same factors are slowing corporate banking growth and creating an environment in which banks are overhauling client offerings in the face of regulatory pressure, re-evaluating geographic footprints in response to shifting trade flows, and investing in technologies to ensure a consistent, integrated customer experience.

Much of the discussion at Sibos is on exploring transformation in the face of disruption. As they look to an unsettled future, corporate banks that are flexible, adaptable, and creative will be the ones that succeed. Changing time-tested ways of doing business is painful, but critical for future success.

The importance of customer experience in financial services

Service Design. Journey Maps. Customer Stories. Mood Boards. Experience Recovery. These are a handful of the topics discussed at this week’s Customer Experience for Financial Services (CXFS) Conference, organized by Worldwide Business Research in Charlotte, NC. As an analyst currently immersed in research on corporate banking financial performance, regulatory environment, economic conditions, business demographics, and financial technology, the CXFS event was a welcome change of scenery.
Journey Mapping

Journey Mapping

The CXFS conference was all about the “voice of the customer” (VoC) and how financial institutions (FIs) can improve their customer “listening” skills. One of the sessions mentioned that FIs are listening to anywhere from four to ten channels including web site, call center, e-mail, Internet, customer surveys and social media. But as one presenter stated, having more VoC channels doesn’t automatically result in a better customer experience. For example, in recent years many global banks fully integrated their major lines of business with product, operations and technology grouped organized under one segment leader. These integrated groups have created silos which create a highly verticalized client experience (CX), preventing consistency across a firm. Event attendees were encouraged to “climb over the silos and create a collective story to make things change”. Customer experience strategy and technology have gone a long way since I was involved in online banking user interface design in the early 2000s. Technology providers at the event are enabling banks to digitize and tag unstructured data such as call center recordings, agent notes, e-mails, and social media posts. This enables firms to mine and analyze the data to inform customer-centric innovation. Other firms specialized in market research including voice of the customer and voice of the employee surveys. Customer experience consultants are helping firms to understand how customers are thinking, feeling, seeing, saying doing and hearing so that people, processes, products and technology can be improved. The event featured discussions on how to build CX into people, processes and products by creating centralized information stores, centers of excellence, customer councils, and shared KPIs. Most of the FIs at CXFS were early in their customer experience journey and still working out a comprehensive solution. My favorite quote of the event was advice from Ingrid Lindberg, CXO of ChiefCustomer.com: “Have the patience of a saint, the heart of a lion, and the tenacity of a street fighter because it is one giant game of Whack-a-Mole.”

On the cusp: regional integration in Asia

It’s 2015, the mid-point of the decade and a good time to start looking at major trends in Asian financial services over the next five to ten years. One of the major themes will be regional integration, which is another way of saying the development of cross-border markets. There are at least two important threads here: the ongoing internationalization of China’s currency, and the development of the ASEAN Economic Community (AEC) in Southeast Asia. RMB internalization is really about the loosening of China’s capital controls and its full-fledged integration into the world economy. And everyone seems to want a piece of this action, including near neighbors such as Singapore who are vying with Hong Kong to be the world’s financial gateway to China. The AEC is well on its way to becoming a reality in 2015, with far-reaching trade agreements designed to facilitate cross-border expansion of dozens of services industries, including financial sectors. While AEC is not grabbing global headlines the way China does, we see increasing interest in Southeast Asia among our FSI and technology vendor clients. From Celent’s point of view, both trends will open significant opportunities across financial services. In banking, common payments platforms and cross-border clearing. In capital markets, cross-border trading platforms for listed and even OTC products. In insurance, the continued development of regional markets. Financial institutions will be challenged to create new business models and technology strategies to extract the opportunities offered by regional integration. It’s the mid-point of the decade, and the beginning of something very big.

AFP 2014

I just arrived home from Washington, D.C., where the Association For Financial Professionals – a leading society for treasury and finance professionals in the US – held its annual conference.  It was interesting that the AFP decided to hold its conference in Washington – the first time it has been held in AFP’s hometown – during the run-up to the 2014 mid-term elections, and it was clear that the town was abuzz in activity as Election Day came near. I’ve been to many AFP conferences during my days at Metavante, but had taken a few years off, and so I was interested how AFP was doing as the economy continues its 5-year crawl out of recession.  Was I surprised!  I was amazed and encouraged how strongly the conference has bounced back since the dark days of the late 2000s, and the vibe reminded me of the recent SIBOS 2014 in Boston, where bankers and tech vendors competed for the attention of … well, bankers. Perhaps reflecting the post-recession environment in which US corporates operate, I noticed little talk of traditional cash management topics like optimized sweeps or new investment vehicles.  Rather, most of the buzz seemed to be around risk management, Big Data, and treasury dashboards.  It was clear that treasurers are moving to embrace technology to automate routine operational tasks, provide analytics-driven insights that are hard to capture using Excel spreadsheets, and help treasurers see through the fog of data to prioritize their work. Should Excel spreadsheets be getting nervous?  It’s too early to tell, as they are still the dominant tool in use in treasury departments.  However as treasury technology vendors continue to migrate their offerings from high-priced licensed solutions to flexibly-deployed SaaS offerings, many companies will find it harder and harder to justify holding off on treasury automation. We’ll continue to study the situation and will hope to bring back some interesting examples and use cases of companies making the leap into full-scale treasury automation.

When $250 Million Can’t Buy Cyber-Peace

Last week’s newspapers brought the unsettling news that JP MorganChase’s internal CRM systems were penetrated by unknown attackers, compromising the personal information of 76 million households and 7 million small businesses. The Bank had released a statement to its clients on Thursday noting that “there is no evidence” that account numbers, ATM PINs, or social security numbers were accessed during the cyber attack. Today, news reports indicate that four other large financial services companies including Citibank and E*Trade were targeted by the same group, thought to be based in Eastern Europe or the Middle East.  In the case of JP Morgan Chase, the investigation has been focused on the personal computer of a single employee whose system may have been compromised by malware. The incident continues to be investigated by the FBI, Secret Service, and JP Morgan’s own private vendors, so there’s no need to speculate on who is responsible or what other information may have been compromised in the attack.  Still I hesitate to note that the Bank’s soft “no evidence” qualifier gives it plenty of wiggle room should the investigation uncover additional data leakages. The point here is that like the two other large data breaches of 2014 — Target and Home Depot — the JP Morgan Chase breach occurred in its private data center, the kind that is built at significant cost to resist these sorts of attacks – or at least detect and repel them when they do. JP Morgan’s annual report shares that the bank spends more than $250 million annually on cybersecurity, and will have 1,000 employees focused on the task by the end of this year.  Most banks do not have the size or management scale to match JP Morgan Chase’s annual investment, but if even $250 million can’t buy cyber-peace, what chance do average sized banks have of protecting themselves from the next malware du Jour? I contrast this situation with the growing use of cloud services in the financial services industry.  While other industries have been quick to embrace the cost, capability, and flexibility of cloud services, the banking industry lags behind — largely based on valid concerns about information security and control. JP Morgan Chase’s announcement serves as a wake-up call to banks of every size, informing them that when sensitive client data is concerned, private data centers and public cloud providers are partners in the ongoing fight for data security.  The next bubble to burst will be the long-held presumption that maintaining customer data in a private data center is inherently safer than storing it in a public cloud. To a cyber-attacker, an IP address is an IP address.  Whether sensitive customer data is located on a physical server on the bank’s premises or a virtual server located on a public cloud is mostly irrelevant.  What really matters is how well a bank (or its service provider) monitors network traffic, detects unusual or malicious activity, and shuts down suspect traffic.  The other lesson here is that as always, a little encryption can go a long way in ensuring that customer data is safe from the prying eyes of clever and determined hackers.  

Innovation in Spain: A Way Forward for Banks Globally?

Innovation is global. This isn’t too revolutionary of an idea, neither is it new nor original. Yet, increasingly, conversations with banks, especially in the US, reveal that many institutions aren’t looking too far outside of their market, let alone their vertical, industry, or country, for inspiration on how to innovate. In effect, this is giving an outsized impression by bankers of innovation in banking. The figure below, taken from a Celent financial services firm survey, and featured in the report Innovation in Financial Services Firms: The Leadership Gap, highlights the disconnect. It might seem intuitive at first glance—51% of respondents think their bank is worse at innovating than other industries. No surprises there. Digging into the other half, however, reveals that a startling 42% of survey respondents think that financial institutions are on par, better, or much better (!) than other industries. It begins to look a lot like Stockholm syndrome, where a hostage is kept for so long in a state of captivity that they begin to empathize and feel positivity toward their captors.

How well do financial institutions innovate compared with other industries?

Source: Celent The disruption of traditional financial services is very much a global phenomenon, with financial services tech startups filling the gaps where traditional services have lagged behind evolving consumer demand. Moving in step with innovation is a shift in the way in which banks can foster innovation. There are plenty of examples globally. In Spain, innovation is coming from some of the largest banks themselves. La Caixa recently set out to make Barcelona the first ‘contactless city,’ improving in-store and ATM experiences through a new contactless payment system. BBVA launched innovative customer assistance platforms like a video-conferencing service that allows users to connect to branch personnel for specialized help, the intelligent assistant called Lola, and the Contigo initiative which gives users unprecedented control over contacting personal advisors. Banco Sabadell launched mobile cash withdrawal through “Instant Money,” and one of the first Google Glass banking apps globally. Spain, however, is an anomaly in the financial industry, and while financial institutions in countries like the US have attempted to innovate, success has varied. One bank, BBVA, has been a leader in innovation, broadening the way in which new technology and value is discovered, fostered, and funded. Consider the following ways BBVA approaches innovation:
  • BBVA Innovation Center: Headquartered locally in Madrid, the BBVA Innovation Center is where many of the innovative ideas and designs are cultivated. Acting as an incubator for creativity, the bank is able to internally design and test prototypes for new ideas. Products like Tu Cuentas, BBVA Contigo, and ABIL ATMs have come out of the work done there.
  • Acquisition: BBVA, in the highly publicized acquisition of the US-based neo-bank, Simple, has ventured into new territory by leveraging acquisition to adopt innovation. It remains to be seen how the two businesses come together, and what role Simple will play in the larger BBVA vision, but the deal offers an example for other banks to follow. As institutions start to look more like software companies, they will begin to do what businesses in industries like tech and pharmaceuticals have been doing for a long time: letting others innovate, and then acquiring them.
  • Venture capital:  Innovation needs resources, and with BBVA Ventures, the bank has taken the step to partner and invest with entrepreneurs to help ideas grow and become successful. BBVA Ventures has already invested in companies like FreeMonee, SumUp, and Radius, and last year announced $100 million for investment into new projects.
BBVA is a mixed bag of approaches to innovation, but perhaps the most telling theme is the way in which it has viewed fintech startups as partners or investments, rather than future business threats. Look forward to the upcoming Celent report, Innovation in Spain: Profiles of Spanish Financial Services Tech Startups, where the state of innovation is examined by looking at some of the most interesting new startup companies. Innovation doesn’t exist in a vacuum, and gaps in financial services are often global phenomena. Taking a US-specific view of innovation limits the potential for finding the next great idea, and institutions should broaden their horizon.

Reflections on NetFinance 2014: It’s about relationships

NetFinance 2014 just finished in Miami.  Celent spoke on “Engaging Mobile Customers through Content, Display, Alerts, and More,” which generated a number of follow-on conversations on how to execute on the notion of engaging with customers, and a great question on how long today’s innovation stays differentiated. Our answer: “not very.” I’ve mentioned before that customer-centricity is becoming a key concept that many banks are highlighting as a key point of their retail strategy. What NetFinance crystallized for me is that the necessary follow-on to this customer-centricity is this simple idea: The best defense against continuing commoditization is a solid customer relationship. Technology, clearly, can go a long way to enhancing that relationship. A number of vendors at the show (like AdRoll, Backbase, Domo, EarthIntegrate, Ektron, Epsilon, IgnitionOne, Leadfusion,  Liferay, Message Systems, Message Broadcast, and Personetics, among others) focus on helping banks touch customers at the right times, or giving them an omnichannel view of all customer touch points, or enabling customers to start a transaction in one channel and continue it in another. But for these technologies to be effective, customers need to be receptive.  And they’re going to be more receptive if they think, and feel, and believe in their gut, that their bank is going to do the right thing by them. All the technology in the world can’t replace some very visceral customer feelings. To engender these feelings with their customers, and stop them from transacting with one hand holding their wallet so their pocket doesn’t get picked, banks should consider some potentially radical ideas (simple concepts?):
  • Not every touch needs to be a sale.
  • Foregoing short-term income for longer term gain can (in many instances) make sense
  • Surprising customers on the upside can yield long-term benefits
Now, the natural reaction to this is that it potentially puts banks into a (short-term) revenue hole. And that may be true, but when the real game of ongoing commoditization is long-term, banks need to thinking beyond the next quarter.

What does Digital mean to you?

Celent held a client roundtable on the subject of “Digital.” We had a sneaking suspicion that there wasn’t a lot of consensus on what that word actually means, so just prior to the event we asked participants “to list three words or initiatives that you associate with digital in your organization.” Here’s what we found: of 30 responses from 10 people, only two terms were mentioned twice: “mobile” and “customer experience” (which isn’t quite a single word). Every other word was unique. Digital WordCloud I find this fascinating: there’s no agreement on what digital means, and yet it’s one of the hottest topics in financial technology today. How are we going to deal with this issue when we can’t even agree on what it is? We’d suggest that defining what digital means in your organization is a vital first step to refining your digital strategy. My colleague Will Trout has also blogged on what we found during our roundtable.  You can find his thoughts here: http://wealthandcapitalmarketsblog.celent.com/2014/04/12/celent-roundtable-exploring-digital-in-financial-services/