Congratulations to Celent Model Bank 2016 Winners!

Congratulations to Celent Model Bank 2016 Winners!

Last week many of us at Celent were in New York attending our Innovation and Insight Day on April 13th. It is Celent's flagship event during which we announce Model Bank and Model Insurer winners and celebrate their achievements. In addition, the program includes keynote speeches from industry leaders and Celent analysts, plenty of opportunities to network with peers, and even to experience some of the latest technologies first hand, courtesy of our sponsors.

The theme of this year's event was "Financial Services Reborn", and the Museum of American Finance on Wall Street provided an inspiring setting to celebrate innovation in financial services. Craig Weber, Celent CEO, kicked off the proceedings drawing insightful parallels between the battle of Alamo and the future of financial services. It must have been the first time in Craig's career that he had to come up on stage to the soundtrack of hip hop music, an extract from the Broadway musical "Hamilton", but it set the tone for the rest of the day – to expect the unexpected and to be open to new ideas.

Both of our guest speakers – Nadeem Shaikh, Co-Founder and CEO of Anthemis Group, and Leanne Kemp, Founder and CEO of Everledger – thrilled the audience and opened everyone's eyes to the opportunities presented by Fintech and Blockchain respectively, while our colleague Will Trout spoke eloquently about consumer-led convergence. A big 'thank you' to all the speakers, as well as the sponsors supporting the event!

The rest of the day was all about celebrating the achievements of Model Bank and Model Insurance award winners. As many of this blog's readers know, the vision for Celent’s Model Bank research, now in its ninth year, is to spotlight effective uses of technology in banking. This year we received a record number of submissions – well over 100 – that came from all over the world; the nominations were spread equally between North America, EMEA and APAC. The award winners come from four continents and nine countries and range from credit unions and microfinance institutions to the world's largest banks.

Celent Model Bank 2016 winners are:

  Model Bank 2016 Categories

  Award Winners

  1. Digital Banking Transformation

  Citizens Bank, US

  DenizBank, Turkey

  Garanti Bank, Turkey

  Santander, US

  2. Omnichannel Banking

  BECU, US

  Beyond Bank, Australia

  Standard Chartered Bank, Korea

  3. Digital Payments and Cards

  Bank of America Merrill Lynch, US

  RBC, Canada

  4. Corporate Payments and Infrastructure Modernization

  Bank of China, China

  CBW Bank, US

  5. Cash Management and Trade Finance

  CIBC, Canada

  HBL (Habib Bank), Pakistan

  6. Security, Fraud, and Risk Management

  Alfa-Bank, Russia

  USAA, US

  7. Legacy Transformation

  Sberbank, Russia

  Umpqua Bank, US

  Vietnam Bank For Social Policies, Vietnam

  Model Bank of the Year

  Eastern Bank, US

As always, we published a series of reports with detailed case studies of all winning initiatives. Celent research subscription clients can access the Model Bank of the Year and individual category reports via our website.

This year we also introduced a new award, Model Bank Vendor. We wanted to acknowledge the vendor role in helping multiple clients achieve technology or implementation excellence, one of our judging criteria, and to extend our appreciation to the entire vendor community, which is instrumental in the ongoing success of the Model Bank program. Celent recognized two companies as Model Bank Vendors for 2016:

  • EdgeVerve Systems
  • Nucleus Software

Congratulations to all our award winners! We are grateful to have been exposed to so many extraordinary initiatives and the talented individuals responsible for their success. We look forward to continuing with the Model Bank program next year to identify and award the most impressive banking technology initiatives from around the world, and will begin accepting nominations again in September – stay tuned!

 

The iPhone, the FBI, and the lessons for bankers

The iPhone, the FBI, and the lessons for bankers

With today’s news comes the interesting development that the FBI has apparently used a “tool” acquired from an unnamed third-party white hat security firm to gain access to the locked iPhone of one of the San Bernardino shooters without requiring Apple’s cooperation.  This issue had been the subject of a recent tug-of-war between Tim Cook and the US Department of Justice.

While FBI Director James Comey has been mum on the details, some in the IT security community have speculated that the new tool employs a so-called “brute force attack” on the iPhone by sequentially guessing the device’s passcode until the device unlocks itself.  While the lock-out feature is user-configurable, an iPhone running the current version of iOS will normally give the user 10 chances to input  the passcode correctly before permanently locking the user out while deleting all user data from the device.

Cloud services to the rescue.  The speculation is that the newly acquired FBI tool was able to get around this measure by simply cloning the software from the perpetrator’s iPhone — including the operating system and all of the user data files — hundreds or thousands of times and performing what is effectively a “distributed brute force attack” by repeatedly guessing passcodes from a master checklist across the clones in parallel.  When an individual clone became locked, that clone is discarded and the tool continues the guessing game with other clones on a reduced list of candidate passcodes until one of the guesses finally works.

The likely reason why the FBI has apparently succeeded is the fact that the perpetrator’s passcode was static, meaning it didn’t change during the course of the many times that the FBI tried one guess after another.  (In this context, it was important that the perpetrator was caught, as otherwise  he would have changed his passcode and/or wiped the data remotely, a capability that Apple provides to all iPhone users.)

What does this have to do with banking security?  As demonstrated by the success of the FBI’s  new white hat tool in breaking Apple’s device security, the simple reality of data protection is that no encryption technique is foolproof, particularly from the threat of a brute force attack.

Given the power of the cloud to solve a large computational problem like guessing an large encryption key using a cloud-based “divide and conquer” approach, bankers need to pay attention to the need to employ strong encryption keys while rotating their keys on a regular basis.

The definition of “regular basis” will depend on the sensitivity of the data to be protected, but one thing is for sure:  the bank that creates an enterprise encryption key once and thinks the bank is protected forever is dangerously vulnerable to a future cyber attack based on a distributed brute force technique such as the one that was quite possibly used by the  FBI’s white-hat vendor.

Given the importance of encryption to maintaining a safe and FFIEC-compliant environment for the safekeeping of NPI, and especially in light of the emergence of  services like Blockchain that are dependent on encryption for success, banks ought to be paying close attention.

Liquidity management: Staying afloat in turbulent times

Liquidity management: Staying afloat in turbulent times
Liquidity management has recently begun to assume increasing importance as four key external forces create turmoil in a historically placid section of corporate treasury. External Forces

The most significant regulation affecting liquidity management is Basel III, along with others such as money market fund reform. Taken together, they’re changing the way banks structure their balance sheets and the relationship between business customers and their banking partners.

On the economic front, businesses of all sizes continue to seek opportunities abroad. Combined with an environment of negative interest rates in several countries, this is making management of liquidity distributed across markets, currencies, and business units that much more complex and increasingly challenging.

Industry initiatives such as expanded use of ISO 20022 XML and real-time payments provide both opportunities and challenges for cash and liquidity management, and as the speed of transactions accelerates, so does the need for even more timely information.

Technology evolution has facilitated a move toward centralisation, which in turn is accelerating the adoption of more advanced cash and liquidity management capabilities to support the modern day treasury function.

With external forces causing substantive and permanent shifts in available options, corporations need to have the technology infrastructure in place to manage their liquidity and investments with tighter risk governance. As discussed in the new Celent report “Staying Afloat: External Forces Impacting Corporate Liquidity Management,” no one can predict what lies around the next bend in the river, but robust strategic preparation can equip treasurers to ride out the next stretch of liquidity management turmoil.

The new 4 C’s of commercial lending

The new 4 C’s of commercial lending
Last week, I participated in a Finextra webinar on the topic of “Connected Credit and Compliance for Lending Growth” with panelists from ING, Vertus Partners, Misys and Credits Vision.  As I prepared for the webinar, I thought back to my first exposure to commercial lending when I worked for a large regional bank and I recalled the 4C’s of commercial lending from credit training:  character, capacity, capital and collateral.  All of those original 4C’s are still relevant in today’s environment when evaluating borrowers, but when considering the state of the commercial lending business in 2016, we need to think about an entirely new set of 4C’s:
  • Constraints on capital and liquidity
  • Cost of compliance
  • Changing client expectations
  • Competition from new entrants
On a global basis, banks are being forced to restructure their business models, technology platforms, and organizational processes in order to grow their portfolios, remain profitable, and stay in the good graces of their regulators.  All the while, meeting the evolving demands of clients who can view and manage their personal finances on demand, at their convenience, using the device of their choice. Despite these challenges, the panel remains optimistic that banks can and will evolve to grow this critical line of business. finance590x290_0 Where does this optimism comes from? Alternative lenders provide both a threat and an opportunity for banks as they make the difficult decisions on whether and how to serve a particular segment of the commercial lending market. Fintech partners offer more modern solutions than the decades-old clunkers that many banks still use; providing for more efficient and accurate decisioning, enhanced visibility and processing within the bank, and where appropriate, self-service capabilities.  Connectivity with clients and partners will increasingly be the hallmark of a successful commercial lender. For more insights from the panel, please register for the on-demand version of the webinar here: Finextra: Connected Credit and Compliance for Lending Growth.  

Proposed new cyber security regulations will be a huge undertaking for financial institutions

Proposed new cyber security regulations will be a huge undertaking for financial institutions
New York State Department of Financial Services (NYDSF) is one step closer to releasing cyber security regulations aided by the largest security hacking breach in history, against JP Morgan Chase. The attack on JPMorgan Chase is revealed to have generated hundreds of millions of dollars of illegal profit and compromised 83 million customer accounts. Yesterday (Tuesday, November 10), the authorities charged three men with what they call “pump and dump” manipulation of publicly traded stock, mining of nonpublic corporate information, money laundering, wire fraud, identity theft and securities fraud. The attack began in 2007 and crossed 17 different countries. On the same day as the arrests, the NYDSF sent a letter to other states and federal regulators proposing requirements around the prevention of cyber-attacks. The timing will undoubtedly put pressure on regulators to push through strong regulation. Under the proposed rules, banks will have to hire a Chief Information Security Officer with accountability for cyber security policies and controls. Mandated training of security will be required. Tuesday’s letter also proposed a requirement for annual audits of cyber defenses. Financial institutions will be required to show material improvement in the following areas:
  1. Information security
  2. Data governance and classification
  3. Access controls and identity management
  4. Business continuity and disaster recovery planning and resources
  5. Capacity and performance planning
  6. Systems operations and availability concerns
  7. Systems and network security
  8. Systems and application development and quality assurance
  9. Physical security and environmental controls
  10. Customer data privacy
  11. Vendor and third-party service provider management
  12. Incident response, including by setting clearly defined roles and decision making authority
This will be a huge undertaking for financial institutions. Costs have yet to be evaluated but will be in the millions of dollars. It will be very difficult to police third party security because, under the proposal, vendors will be required to provide warranties to the institution that security is in pace. The requirements are in the review stage and financial institutions should join in the debate by responding to the NYDFS letter.

Increasing headwinds in corporate banking?

Increasing headwinds in corporate banking?

This week I’m in Singapore, which provides a beautiful backdrop for Sibos 2015, the annual conference that brings together thousands of business leaders, decision makers and topic experts from a range of financial institutions, market infrastructures, multinational corporations and technology partners.

IMG_2628

This year’s conference theme is connect, debate and collaborate and takes place at a time of increasing headwinds from a slowing global economy, higher compliance costs, increasingly global corporates, and competition from both banks and nonbanks alike. I spent the past few months taking a deep dive into corporate banking performance over the past 10 years–a period of both tremendous growth and unprecedented upheaval. As expected, corporate banking operating income and customer deposit balances have experienced healthy growth rates over the past 10 years. But surprisingly, despite increases in customer deposits, corporate banking income was largely stagnant over the past few years.

Corporate Banking Income and Deposits

Corporate banking plays a dominant role for the largest global banks. In 2014, corporate banking was responsible for 33% of overall operating income and 38% of customer deposits across the 20 banks included in this analysis.

As outlined in the new Celent report, Corporate Banking: Driving Growth in the Face of Increasing Headwinds, this critical banking sector is shaped by four external forces: economic conditions, the regulatory environment, business demographics, and financial technology. These same factors are slowing corporate banking growth and creating an environment in which banks are overhauling client offerings in the face of regulatory pressure, re-evaluating geographic footprints in response to shifting trade flows, and investing in technologies to ensure a consistent, integrated customer experience.

Much of the discussion at Sibos is on exploring transformation in the face of disruption. As they look to an unsettled future, corporate banks that are flexible, adaptable, and creative will be the ones that succeed. Changing time-tested ways of doing business is painful, but critical for future success.

Paying banks to take your money — huh?

Paying banks to take your money — huh?
Corporations have historically parked excess cash in their demand deposit accounts to take advantage of earnings credit allowances. Each month, the bank calculates the earnings allowance for a client’s accounts by applying an earnings credit rate to available balances. The earnings allowance is then used to offset the cost of cash management services. In the United States, corporates got the option of earning interest in money market accounts with the repeal of Req Q by Dodd Frank. The Liquidity Coverage Ratio (LCR) provisions of Basel III and the advent of negative interest rates in some European countries are upending traditional cash flow management for banks and their corporate and institutional clients. The LCR requires large and internationally active banks to meet standard liquidity requirements. It makes assumptions for deposit runoff in times of financial stress, resulting in a liquidity squeeze. Banks must hold enough high quality, liquid assets (HQLA) to fund their operations during a 30-day stress period. Examples of high quality assets include central bank reserves and government and corporate bond debt. The phase-in of the LCR started on January 1, 2015. It requires banks to distinguish between two types of short-term (30 days or less) deposits. Operational deposits include working capital and cash held for transactional purposes. Non-operational balances are other cash balances not immediately required and assumed to be investments; such as short-term time deposits with a maturity of 30 days or less and accounts with transaction limitations, such as money market deposit accounts. Non-operating/excess balances are assigned a 40% runoff rate for corporations and government entities and 100% for financial institutions, making them the least valuable to banks. As a result, corporates with non-operational cash investments may find it difficult to place in overnight investment vehicles. Many banks are reducing their non-operating deposits either by encouraging corporates to place their funds elsewhere, or by creating new investment products such as 31+ day CDs, money market funds and repurchase agreements to avoid the LCR charge on excess balances. Similarly, corporates also face a risk of higher costs for committed lines of credit which also require more Basel III capital to be held by banks. Bank demand for HQLA in the form of central bank reserves along with European fiscal policy has pushed central bank interest rates into negative territory for the safest monetary havens (Sweden and Switzerland). In other countries with central bank rates hovering near zero, once you take the inflation rate into consideration, those rates are negative as well (ECB and Denmark). Central Bank Interest Rates Central banks had hoped that negative interest rates would encourage commercial banks to increase lending, but there’s only been a slight increase in outstanding loan balances. Financial institution clients are hardest hit by central bank negative interest rates, particularly deposits in Euros, Swiss francs, Danish crowns and Swedish crowns. Many global banks are charging “balance sheet utilization fees” or other deposit fees. For corporate clients, savvy banks are taking a collaborative approach—working with corporate treasurers to educate them on the impact of regulatory and economic forces on their cash management and investment decisions and advising them on the available options.