Congratulations to All Celent Model Bank 2017 Award Winners!

Congratulations to All Celent Model Bank 2017 Award Winners!

Many of us at Celent just came back from a busy and exciting week in Boston. Undoubtedly, the highlight was attending Celent's Innovation and Insight Day on April 4th, where we celebrated achievements of the Model Bank and Model Insurer award winners.

The rain and clouds couldn't obscure spectacular views from the State Room overlooking the Boston harbour. And they certainly didn't dampen the mood of nearly 300 attendees representing banks, insurers and technology vendors from at least 15 countries around the world.

Craig Weber, Celent CEO, opened the day by presenting compelling evidence that financial services are more important than many celebrities. He was followed by an insightful presentation from Andy Rear, chief executive of Munich Re Digital Partners. The programme then split into parallel Banking, Insurance and Wealth and Asset Management tracks before reconvening again to close with a series of debates between Celent analysts on three topics: Internet of Things, artificial intelligence and blockchain.

During the Banking track we presented Model Bank awards, and discussed the winning initiatives and why they stood out from all others. As regular readers of this blog know, this year we introduced specific named awards with only a single winner for each award. I would like to offer my personal congratulations to all of our Model Bank 2017 winners:

Winner

Award

Alior Bank S.A., Poland

Emerging Technology for Consumers

Banco Original, Brazil

Consumer Digital Platform

Bank of America, USA

Risk Management

BMO Bank of Montreal, Canada

Process Automation

Capital One, USA

Emerging Technology for Businesses

CBW Bank, USA

Banking as a Platform

Citi, USA

Open Banking

Credit Suisse AG, Switzerland

Payments Replatforming

DenizBank, Turkey

Lending Product

Emirates NBD and ICICI Bank, India and UAE

Most Promising Proof-of-Concept

FGB, UAE

Corporate Banking Digital Platform

Idea Bank S.A., Poland

Small Business Digital Platform

India Post, India

Financial Inclusion

IndusInd Bank, India

Fraud Management and Cybersecurity

Millennium BCP, Portugal

Branch Transformation

Mizuho Financial Group, Japan

Consumer Banking Channel Innovation

National Australia Bank, Australia

Core Banking Transformation

OakNorth Bank, UK

Banking in the Cloud

Radius Bank, USA

Product Innovation

The Royal Bank of Scotland, UK

Employee Productivity

YES BANK, India

Payments Product

And of course, congratulations to Caixa Bank, our Model Bank of the Year 2017! The keynote presentation by Àngels Valls on how Caixa Bank has embraced digital was the highlight of the I&I Day for many of us in Banking – thank you! Finally, congratulations to Celent Model Insurer award recipients.

Each of the award winning initiatives is published as a case study and available to Celent research clients by following the links above. In addition, we also published an overall Model Bank 2017 report, which discusses how the Model Bank programme has changed over 10 years and reviews the content themes across all nominations in 2017.

We intend to run the Model Bank programme again later this year, so keep an eye on the announcements when the new submissions window opens. We have no doubt that you are all working on exciting things and hope that you will consider submitting your initiatives for 2018 awards. In the meantime, enjoy the case studies and let's celebrate the Model Bank winners of 2017!

Challenges Facing Organizations in the Current Risk Environment

Challenges Facing Organizations in the Current Risk Environment

The Association for Financial Professionals (AFP) recently published its 2017 AFP Risk Survey Report of Survey Results. The survey, supported by Marsh & McLennan Companies (Celent’s parent company), provides a snapshot of the challenges organizations face in the current risk environment. Responses from 480 senior-level corporate practitioners (primarily based in the US) formed the basis of the survey.

Corporate practitioners rank the highest risk factor impacting organization earnings in the next three years as tougher competition (40%), followed by customer satisfaction (33%), and U.S. political and regulatory uncertainty (32%.) While the three top-ranked factors are similar to those in the 2016 AFP Risk Survey, the order differs.

The survey authors made an intriguing observation on the ranking of risk factors: “It is interesting that in an election year (during which this survey was conducted), finance professionals believed competition would have a greater impact on their organizations’ earnings than would any uncertainty surrounding the U.S. political and regulatory environment.”

The report of survey results goes on to discuss risk mitigation actions in direct response to various types of risk. For example, in response to geopolitical risks, 60% of respondents are most focused on maintaining adequate liquidity, with a greater share of larger companies than smaller companies paying attention to maintaining liquidity (65% to 57%).

If you are a corporate banker or treasury management professional, I highly recommend a reading of the 2017 AFP Risk Survey results. The survey data provides valuable insights into the current and emerging threats facing US corporations of all sizes.

Celent Model Bank Awards: Fraud, Risk Management, Process Automation and Flub-Free

Celent Model Bank Awards: Fraud, Risk Management, Process Automation and Flub-Free

It is my privilege to be part of the judging panel for Celent Model Bank Awards for 2017 for the following three categories:

  • Fraud Management and Cybersecurity – for the most creative and effective approach to fraud management or cybersecurity.
  • Risk Management – for the most impressive initiative to improve enterprise risk management.
  • Process Automation – for the most effective deployment of technology to automate business processes or decision-making.

A common theme across this year’s submissions for the above categories is the importance of agile technology, digital process automation, and consistent and focused practices across the organizations. A large number of the entries show that a streamlined and automated operational risk framework is critical to run a successful risk management program. Everything connects and has a consequence and unless banks can join the risk dots across their ecosystems, they will continue to spend at a very high rate with unsatisfactory and, at times, devastating results.

Improved data analysis and machine learning capabilities also featured prominently in the winning case studies. A central data platform, automated processes and improved insights have produced notable increases in efficiency, better control of costs, reduced resourcing requirements, reduced errors and false positives and have made it easier for the banks to adapt to their digital footprint, an expanding cyber threat landscape, and intense and complex regulatory obligations.

Hopefully, no flubs on the big day

Without exception, every submission is of a high-quality and we found it a daunting task to pick the most worthy award recipients. In the end, we are excited and confident about our selection of winners in the above categories, yet we are sorry that we could not recognize so many others that clearly also deserve recognition.

At the moment we are staying tight-lipped about who won the awards. We will be announcing all winners publicly on April 4 at our 2017 Innovation & Insight Day in Boston. In addition to presenting the award trophies to the winners, Celent analysts will be discussing broader trends we’ve seen across all nominations and will share our perspectives why we chose those particular initiatives as winners. Make sure you reserve your slot here while there are still spaces available!

 

How to Woo a Bank

How to Woo a Bank

When it comes time to choose a business partner, banks will favor those who help them execute their third party risk management (TPRM) responsibilities over those who begrudgingly comply.

The risk to a bank of doing business with a third party is real; the consequences of a risk event are not only disruptive, but often result in long-term reputational damage that can seriously affect the bottom lines of both the bank and the third party. We have all seen the media coverage. Parties who can make TPRM easier for banks by being proactive, transparent, and helpful will distinguish themselves in an ever more competitive environment.

They must show that they are compliant with the bank’s risk management requirements throughout the RFP, due diligence, onboarding processes, and lifecycle of the engagement.  OCC1 TPRM regulations alone require the bank to evaluate 16 risk dimensions when engaging with a third party. And, if the relationship involves a high or critical risk activity, the bank will carry out a much more thorough due diligence; often including an on-site visit to inspect operational risk procedures in the case of a risk event.

Furthermore, there is now an expectation that the third party will willingly take a portion of the liability of such an event.

Banks are introducing a new level of discipline and quantification around the measurement of third part risk. With this knowledge, banks can determine third party indemnification provisions and allocation of liabilities at the contract stage. You will be at a disadvantage if you do not have a way to measure and verify the scope of a potential risk event that involves your products or services.

Celent is also beginning to witness the inclusion of provisions within contracts that require a third party to reimburse the bank for out-of-pocket costs relating to data security breaches that occurred due to the third party's negligence. As banks continue to push back on third party risk liabilities, third parties need to ensure they have in place insurance policies that can fund indemnification obligations.

My recent two research reports discuss the changing and expanding landscape for TPRM and explain why banks, regulators and third parties need to commit to their significant other in the management and responsibility of risk.

Introducing Celent Model Bank 2017 Awards

Introducing Celent Model Bank 2017 Awards
As my colleague Dan Latimore wrote in the article that began this series, 2017 was the best ever year so far for Celent Model Bank programme in terms of quantity, quality and diversity of nominations. As we went through the judging process, we felt a range of emotions – grateful and privileged to receive so many amazing stories, and daunted by the prospect of having to pick the most worthy award recipients. In the end, we are excited and confident about our selection of winners, yet we are sorry that we could not recognize so many others that clearly also deserve recognition.

Over its ten years of existence, Celent’s Model Bank programme has always changed and evolved. In the last few years we have been awarding multiple initiatives in a small number of categories – for example, last year we had four winners in Digital Banking Transformation, the busiest of seven categories. While all the awards within the category were equal, we knew that some institutions craved for more exclusive recognition. This year, we decided to take it a step further and to introduce specific named awards with only a single winner for each award.

After long deliberations, the judging panel decided to recognise 21 initiatives as winners of the following Model Bank 2017 awards:
  • Consumer Digital Platform – for delivering an outstanding digital experience for consumers. The award is open for traditional financial institutions, digital-first, and challenger banks.
  • Small Business Digital Platform – for delivering an outstanding digital experience for small businesses.
  • Corporate Banking Digital Platform – for delivering an outstanding digital experience for corporate clients.
  • Consumer Banking Channel Innovation – for the most creative use of consumer channels, or the most effective channel integration.
  • Branch Transformation – for the most compelling branch transformation initiative, including branch format innovations and creative use of live agents.
  • Product Innovation – for demonstrating the ability to launch multiple innovative products.
  • Open Banking – for the most impressive API strategy and results so far.
  • Payments Product – for launching the best consumer or business payments product.
  • Lending Product – for the most impressive consumer or business lending or collections initiative.
  • Fraud Management and Cybersecurity – for the most creative and effective approach to fraud management or cybersecurity.
  • Risk Management – for the most impressive initiative to improve enterprise risk management.
  • Process Automation – for the most effective deployment of technology to automate business processes or decision-making.
  • Employee Productivity – for improving employee training or collaboration, incentivising employees, or enabling mobile agents.
  • Payments Replatforming – for the most impressive project to improve payments back office, e.g. payment services hub implementation or cards replatforming.
  • Core Banking Transformation – for the most compelling initiative to transform a traditional core banking platform.
  • Banking in the Cloud – for innovative approaches to implement a banking platform, e.g. deploying in the cloud.
  • Banking as a Platform – for creating an ecosystem of partners via a banking platform that connects and enables third parties.
  • Emerging Technology for Consumers – for creative deployment of emerging technologies for consumers (e.g. AI, ML, API, biometrics, wearables, voice, blockchain, etc.)
  • Emerging Technology for Businesses – for creative deployment of emerging technologies for small business or corporate clients (e.g. AI, ML, API, biometrics, wearables, voice, blockchain, etc.)
  • Most Promising Proof-of-Concept – for the most promising experiment – pilot or proof-of-concept – with emerging technologies.
  • Financial Inclusion – for efforts to bring financial services to unbanked and under-banker communities.
And of course, we also kept our Model Bank of the Year award, first introduced in 2012, which recognises one financial institution that in any given year simply stands out from the crowd and uniformly impresses Celent judges.

For the time being, only the nominees will know if they won any of these awards, as we begin working with them to distill their achievements into a series of case studies. We will be announcing all winners publicly on April 4 at our 2017 Innovation & Insight Day in Boston. In addition to presenting the award trophies to the winners, Celent analysts will be discussing broader trends we’ve seen across all nominations and will share our perspectives why we chose those particular initiatives as winners. Make sure you reserve your slot here while there are still spaces available!

Banking Third Party Risk Management Requirements are a Big and Expensive Ask

Banking Third Party Risk Management Requirements are a Big and Expensive Ask

Celent, through its work with Oliver Wyman, estimates the cost to US financial institutions of undertaking due diligence and assessment of new third party engagements to be ~ $750 million per year. Institutions are paying three times as much as their third party to complete on this exercise. The average cost to an institution to carry out due diligence and an assessment of a new critical third party engagement is $15,000 and takes the institution approximately 16 weeks to complete.

The top ten US banks average between 20,000 and 50,000 third party relationships. Of course, not all of these relationships are active or need extensive monitoring. But the slew of banking regulatory requirements for third party risk management is proving to be complex, all-consuming and expensive for both institutions and the third parties involved. In a nutshell, institutions are liable for risk events of their third and extended parties and ecosystems. The FDIC expresses best the sentiment of worldwide regulators:

“A bank’s use of third parties does not relinquish responsibility… but holds it to the same extent as if the activity were handled within the institution." www.fdic.gov

If an institution doesn’t tighten its third party risk management, it is significantly increasing the odds of a third party data breach or other risk event and will suffer the reputational and financial fallout.

In the first report of a two-part series, just published by Celent, “A Banker’s guide to Third Party Risk Management: Part One Strategic, Complex and Liable”, I show how institutions can take advantage of their established risk management practices such as the Three Lines of Defense governance model, and operational risk management processes to identify, monitor and manage the lifecycle of critical and high-risk third party engagements across functions and levels. It describes the components required for a best-practice program and shows examples of two strong operating risk models being used by the industry that incorporates third party risk management into the enterprisewide risk management program.

Unfortunately, there are few institutions that have successfully implemented strategic third party risk management programs. Most institutions fall between stage 1 and 2 of the four stages of Celent’s Third Party Risk Management Maturity Curve. But continuing to operate without a strategic third party risk management practice will leave your institution in the hands of cyber fate and the regulators.

Globalisation: External Forces Driving Corporate Growth and Expansion

Globalisation: External Forces Driving Corporate Growth and Expansion

Treasury management plays an important role in a corporation’s globalisation efforts especially in the areas of cash management, banking, foreign exchange risk, and investments. Treasury must address challenges with managing liquidity distributed across markets, currencies, and businesses, especially the need to keep up with regional liquidity nuances and regulatory issues.

As an outgrowth of globalisation, four key external forces impact opportunities and challenges for corporate growth and expansion: economic uncertainty, geopolitical climate, regulatory environment, and technology evolution.

Eight years on from the 2008–2009 financial crises, global economic growth remains sluggish, hovering between 3.1% and 3.4% since 2012. There are numerous examples of geopolitical events exacerbating volatility, uncertainty, and risks arising from the increasing interconnectedness of regions caused by globalization. New regulations impact treasury organizations in many ways, including in-house banking, intercompany transactions, and transfer pricing documentation.

Corporate treasury organizations continue to lean on technology to facilitate change and mitigate complexity arising from global expansion. Cloud-based treasury management systems (TMS) provide an opportunity to implement specific modules on a subscription pricing basis. Governmental agencies, banks, and fintechs are collaborating to evolve complex corporate treasury services.

As discussed in the new Celent report “Globalisation: External Forces Driving Corporate Growth and Expansion," although firms are in different stages of their globalisation journeys, they can benefit from working with their banking partners to adopt strategies and tactics that address the external factors affecting corporate growth and expansion. Universal banks understand geographic differences and nuances, and are in a unique position to advise firms seeking to expand their businesses globally. This report is the sixth in an ongoing series of reports commissioned by HSBC and written by Celent as part of the HSBC Corporate Insights program.

Stop Throwing Money at Cybersecurity

Stop Throwing Money at Cybersecurity

cyber-operational-risk-150x1501 Most cyberattacks succeed because of weaknesses in people, processes, controls and operations. This is the definition of operational risk. Therefore, it makes sense to tackle cyber risk with the same tools you use to manage operational risk.

We continue to prove that the approach of the IT department managing cybersecurity is not working. Cyber risk is typically treated in parallel with other technology risks; the IT department is motivated to focus on securing the vulnerabilities of individual system components and proffers a micro view of security concerns.

My new Celent report on Treating Cyber Risk as an Operational Risk: Governance, Framework, Processes and Technologies”, discusses how financial institutions are advancing their cybersecurity practices by leveraging their existing operational risk frameworks to centralize, automate and streamline management, technologies, processes, and controls for a sounder and more resilient cybersecurity.

The report identifies and examines the steps required to achieve a risk-based approach to a sustainable and, ultimately, a measurable cyber risk management strategy:

1. Establish a long-term commitment to drive a top-down, risk-based approach to cybersecurity.

2. Recognize that the traditional approach of the IT department managing cybersecurity is limited and that most cyber risks are weaknesses in people, processes, controls, and operations.

3. If you have not already, consider deploying the NIST cybersecurity framework and tailor the framework to fit your individual cybersecurity requirements. The framework lets you take advantage of your current cybersecurity and operational risk language, processes and programs, industry standards and industry best practices. Both cyber and operational risk should be informed by and aligned with the institution’s enterprise-wide risk management framework.

4. Move your organization along the cybersecurity maturity curve by building dynamic risk models, based on shared industry data and assumptions, to measure and monitor cyber threats and pre-empt those attacks.

5. Stop throwing money at the problem. Educate decision-makers on why and how breaches happen. Do not purchase in siloes or under pressure, select the right expertise to identify the issues and carry out due diligence on products.

6. Use the NIST’s five functions to navigate and manage cybersecurity technology requirements and purchases.

7. Know what technology you want from your vendors; know what advice to seek from your consultants.

8. Acknowledge that cybersecurity is the responsibility of every employee and human behavior is the most basic line of defense. Institutions cannot hesitate in the goal to educate their employees, third parties and customers.

Setting Out a Vision for Customer Authentication

Setting Out a Vision for Customer Authentication

We all know that "passwords suck", as my colleague Bob Meara stated clearly and succinctly in his recent blog. But what's the alternative – is the answer biometrics or something else?

We do believe that biometrics is part of the answer. However, our vision for authentication – security measures banks take when providing customers access to their services – is broader than that. Mobile devices will play a key role, but for them to be effective tools for authentication, a strong binding between customer identity and the device is essential – unless this step is done correctly, all subsequent authentication efforts are pointless.

We also contend that authentication must be risk- and context-aware. It should take into account what the customer is trying to do, what device they are using, how they are behaving, etc. and assess the risk of fraudulent behaviour. Depending on that assessment, the customer could either gain access or be asked to further authenticate themselves. And while biometrics can and will play an important role, the banks' authentication platforms need to be flexible to support different authentication factors.

We outline this vision in more detail in the report published yesterday by Celent, Security, Convenience or Both? Setting Out a Vision for Authentication. In addition, the report discusses:

  • The upcoming PSD2 requirements for strong authentication.
  • The rise of biometrics, including different modalities and device-based vs. server-based implementations.
  • An overview of various standard-setting bodies, such as FIDO alliance and W3C Web Authentication Working Group.

Also, yesterday we launched a new Celent Digital Research Panel survey, this time focused on Authentication and Identity management. The objectives of this survey are to assess amongst the US financial institutions:

  1. Investment drivers for customer authentication and identity management.
  2. Current state and immediate plans around authentication and identity management.
  3. Perspectives on the future for authentication and identity management.

If you already received an email invite, we do hope that you will respond before our deadline of August 8th. If you represent an FI in the US, and would like to take part, but haven't received the invite, please contact us at info@celent.com. We will publish the results in a Celent report, and all respondents will receive a copy of the report, irrespective of whether they are Celent clients or not. We look forward to hearing from you!

Security, fraud, and risk Model Bank profiles: Alfa Bank and USAA

Security, fraud, and risk Model Bank profiles: Alfa Bank and USAA

Banks have worked hard to manage the different risks across their institutions. It has been and will remain costly, time consuming and a top priority. Celent profiles two award-winning banks who have modelled excellence in their use of risk management technologies across their banks.

They demonstrated:

  1. Degree of innovation
  2. Degree of difficulty
  3. Measurable, quantitative business results achieved
(Left to right, Martin Pilecky, CIO Alfa-Bank; Gary McAlum, SVP Enterprise Security Group USAA; Joan McGowan, Senior Analyst Celent)

(Left to right, Martin Pilecky, CIO Alfa-Bank; Gary McAlum, SVP Enterprise Security Group USAA; Joan McGowan, Senior Analyst Celent)

ALFA-BANK: SETS THE STANDARDS FOR BASEL COMPLIANCE IN RUSSIA

Alfa-Bank built a centralized and robust credit risk platform to implement Basel II and III standards, simultaneously, under very tight local regulatory deadlines. The bank decided to centralize all corporate credit-risk information onto a single platform that connected to front office systems and processes. Using Misys FusionRisk, Alfa-Bank was able to implement a central default system with a risk rating and risk-weighted asset calculations engine. The initiative is seen as one of the most important initiatives in the bank’s history. The successful completion of the project has placed Alfa-Bank at the forefront for setting standards and best practice methodologies for capital management regulations for the Russian banking industry and Central Bank.

USAA: SECURITY SELFIE, NATIVE FINGERPRINT, AND VOICE SIGNATURE

The game-changer for USAA is to deliver flawless, contextual customer application services that are secured through less intrusive authentication options. The use of biometrics (fingerprint, facial and vocal) to access its mobile banking application positions USAA to be able to compete with Fintechs across the digital banking ecosystem and offer exceptional service to its military and family members.

USAA worked with Daon Inc. to provide biometric solutions paired with its “Quick Logon” dynamic security token technology, which is embedded in the USAA Mobile App for trusted mobile devices. Biometric and token validation focus on who the user is and who the verifiers are and it addresses increasing concerns around the high level of compromise of static user names, passwords, and predictable security questions from sophisticated phishing attacks, external data breaches, and off-the-shelf credential-stealing malware.

For more information on these initiatives, please see the case study abstract on our website.