- Consumer Digital Platform – for delivering an outstanding digital experience for consumers. The award is open for traditional financial institutions, digital-first, and challenger banks.
- Small Business Digital Platform – for delivering an outstanding digital experience for small businesses.
- Corporate Banking Digital Platform – for delivering an outstanding digital experience for corporate clients.
- Consumer Banking Channel Innovation – for the most creative use of consumer channels, or the most effective channel integration.
- Branch Transformation – for the most compelling branch transformation initiative, including branch format innovations and creative use of live agents.
- Product Innovation – for demonstrating the ability to launch multiple innovative products.
- Open Banking – for the most impressive API strategy and results so far.
- Payments Product – for launching the best consumer or business payments product.
- Lending Product – for the most impressive consumer or business lending or collections initiative.
- Fraud Management and Cybersecurity – for the most creative and effective approach to fraud management or cybersecurity.
- Risk Management – for the most impressive initiative to improve enterprise risk management.
- Process Automation – for the most effective deployment of technology to automate business processes or decision-making.
- Employee Productivity – for improving employee training or collaboration, incentivising employees, or enabling mobile agents.
- Payments Replatforming – for the most impressive project to improve payments back office, e.g. payment services hub implementation or cards replatforming.
- Core Banking Transformation – for the most compelling initiative to transform a traditional core banking platform.
- Banking in the Cloud – for innovative approaches to implement a banking platform, e.g. deploying in the cloud.
- Banking as a Platform – for creating an ecosystem of partners via a banking platform that connects and enables third parties.
- Emerging Technology for Consumers – for creative deployment of emerging technologies for consumers (e.g. AI, ML, API, biometrics, wearables, voice, blockchain, etc.)
- Emerging Technology for Businesses – for creative deployment of emerging technologies for small business or corporate clients (e.g. AI, ML, API, biometrics, wearables, voice, blockchain, etc.)
- Most Promising Proof-of-Concept – for the most promising experiment – pilot or proof-of-concept – with emerging technologies.
- Financial Inclusion – for efforts to bring financial services to unbanked and under-banker communities.
Celent, through its work with Oliver Wyman, estimates the cost to US financial institutions of undertaking due diligence and assessment of new third party engagements to be ~ $750 million per year. Institutions are paying three times as much as their third party to complete on this exercise. The average cost to an institution to carry out due diligence and an assessment of a new critical third party engagement is $15,000 and takes the institution approximately 16 weeks to complete.
The top ten US banks average between 20,000 and 50,000 third party relationships. Of course, not all of these relationships are active or need extensive monitoring. But the slew of banking regulatory requirements for third party risk management is proving to be complex, all-consuming and expensive for both institutions and the third parties involved. In a nutshell, institutions are liable for risk events of their third and extended parties and ecosystems. The FDIC expresses best the sentiment of worldwide regulators:
“A bank’s use of third parties does not relinquish responsibility… but holds it to the same extent as if the activity were handled within the institution." www.fdic.gov
If an institution doesn’t tighten its third party risk management, it is significantly increasing the odds of a third party data breach or other risk event and will suffer the reputational and financial fallout.
In the first report of a two-part series, just published by Celent, “A Banker’s guide to Third Party Risk Management: Part One Strategic, Complex and Liable”, I show how institutions can take advantage of their established risk management practices such as the Three Lines of Defense governance model, and operational risk management processes to identify, monitor and manage the lifecycle of critical and high-risk third party engagements across functions and levels. It describes the components required for a best-practice program and shows examples of two strong operating risk models being used by the industry that incorporates third party risk management into the enterprisewide risk management program.
Unfortunately, there are few institutions that have successfully implemented strategic third party risk management programs. Most institutions fall between stage 1 and 2 of the four stages of Celent’s Third Party Risk Management Maturity Curve. But continuing to operate without a strategic third party risk management practice will leave your institution in the hands of cyber fate and the regulators.
Treasury management plays an important role in a corporation’s globalisation efforts especially in the areas of cash management, banking, foreign exchange risk, and investments. Treasury must address challenges with managing liquidity distributed across markets, currencies, and businesses, especially the need to keep up with regional liquidity nuances and regulatory issues.
As an outgrowth of globalisation, four key external forces impact opportunities and challenges for corporate growth and expansion: economic uncertainty, geopolitical climate, regulatory environment, and technology evolution.
Eight years on from the 2008–2009 financial crises, global economic growth remains sluggish, hovering between 3.1% and 3.4% since 2012. There are numerous examples of geopolitical events exacerbating volatility, uncertainty, and risks arising from the increasing interconnectedness of regions caused by globalization. New regulations impact treasury organizations in many ways, including in-house banking, intercompany transactions, and transfer pricing documentation.
Corporate treasury organizations continue to lean on technology to facilitate change and mitigate complexity arising from global expansion. Cloud-based treasury management systems (TMS) provide an opportunity to implement specific modules on a subscription pricing basis. Governmental agencies, banks, and fintechs are collaborating to evolve complex corporate treasury services.
As discussed in the new Celent report “Globalisation: External Forces Driving Corporate Growth and Expansion," although firms are in different stages of their globalisation journeys, they can benefit from working with their banking partners to adopt strategies and tactics that address the external factors affecting corporate growth and expansion. Universal banks understand geographic differences and nuances, and are in a unique position to advise firms seeking to expand their businesses globally. This report is the sixth in an ongoing series of reports commissioned by HSBC and written by Celent as part of the HSBC Corporate Insights program.
Most cyberattacks succeed because of weaknesses in people, processes, controls and operations. This is the definition of operational risk. Therefore, it makes sense to tackle cyber risk with the same tools you use to manage operational risk.
We continue to prove that the approach of the IT department managing cybersecurity is not working. Cyber risk is typically treated in parallel with other technology risks; the IT department is motivated to focus on securing the vulnerabilities of individual system components and proffers a micro view of security concerns.
My new Celent report on “Treating Cyber Risk as an Operational Risk: Governance, Framework, Processes and Technologies”, discusses how financial institutions are advancing their cybersecurity practices by leveraging their existing operational risk frameworks to centralize, automate and streamline management, technologies, processes, and controls for a sounder and more resilient cybersecurity.
The report identifies and examines the steps required to achieve a risk-based approach to a sustainable and, ultimately, a measurable cyber risk management strategy:
1. Establish a long-term commitment to drive a top-down, risk-based approach to cybersecurity.
2. Recognize that the traditional approach of the IT department managing cybersecurity is limited and that most cyber risks are weaknesses in people, processes, controls, and operations.
3. If you have not already, consider deploying the NIST cybersecurity framework and tailor the framework to fit your individual cybersecurity requirements. The framework lets you take advantage of your current cybersecurity and operational risk language, processes and programs, industry standards and industry best practices. Both cyber and operational risk should be informed by and aligned with the institution’s enterprise-wide risk management framework.
4. Move your organization along the cybersecurity maturity curve by building dynamic risk models, based on shared industry data and assumptions, to measure and monitor cyber threats and pre-empt those attacks.
5. Stop throwing money at the problem. Educate decision-makers on why and how breaches happen. Do not purchase in siloes or under pressure, select the right expertise to identify the issues and carry out due diligence on products.
6. Use the NIST’s five functions to navigate and manage cybersecurity technology requirements and purchases.
7. Know what technology you want from your vendors; know what advice to seek from your consultants.
8. Acknowledge that cybersecurity is the responsibility of every employee and human behavior is the most basic line of defense. Institutions cannot hesitate in the goal to educate their employees, third parties and customers.
We all know that "passwords suck", as my colleague Bob Meara stated clearly and succinctly in his recent blog. But what's the alternative – is the answer biometrics or something else?
We do believe that biometrics is part of the answer. However, our vision for authentication – security measures banks take when providing customers access to their services – is broader than that. Mobile devices will play a key role, but for them to be effective tools for authentication, a strong binding between customer identity and the device is essential – unless this step is done correctly, all subsequent authentication efforts are pointless.
We also contend that authentication must be risk- and context-aware. It should take into account what the customer is trying to do, what device they are using, how they are behaving, etc. and assess the risk of fraudulent behaviour. Depending on that assessment, the customer could either gain access or be asked to further authenticate themselves. And while biometrics can and will play an important role, the banks' authentication platforms need to be flexible to support different authentication factors.
We outline this vision in more detail in the report published yesterday by Celent, Security, Convenience or Both? Setting Out a Vision for Authentication. In addition, the report discusses:
- The upcoming PSD2 requirements for strong authentication.
- The rise of biometrics, including different modalities and device-based vs. server-based implementations.
- An overview of various standard-setting bodies, such as FIDO alliance and W3C Web Authentication Working Group.
Also, yesterday we launched a new Celent Digital Research Panel survey, this time focused on Authentication and Identity management. The objectives of this survey are to assess amongst the US financial institutions:
- Investment drivers for customer authentication and identity management.
- Current state and immediate plans around authentication and identity management.
- Perspectives on the future for authentication and identity management.
If you already received an email invite, we do hope that you will respond before our deadline of August 8th. If you represent an FI in the US, and would like to take part, but haven't received the invite, please contact us at firstname.lastname@example.org. We will publish the results in a Celent report, and all respondents will receive a copy of the report, irrespective of whether they are Celent clients or not. We look forward to hearing from you!
Banks have worked hard to manage the different risks across their institutions. It has been and will remain costly, time consuming and a top priority. Celent profiles two award-winning banks who have modelled excellence in their use of risk management technologies across their banks.
- Degree of innovation
- Degree of difficulty
- Measurable, quantitative business results achieved
ALFA-BANK: SETS THE STANDARDS FOR BASEL COMPLIANCE IN RUSSIA
Alfa-Bank built a centralized and robust credit risk platform to implement Basel II and III standards, simultaneously, under very tight local regulatory deadlines. The bank decided to centralize all corporate credit-risk information onto a single platform that connected to front office systems and processes. Using Misys FusionRisk, Alfa-Bank was able to implement a central default system with a risk rating and risk-weighted asset calculations engine. The initiative is seen as one of the most important initiatives in the bank’s history. The successful completion of the project has placed Alfa-Bank at the forefront for setting standards and best practice methodologies for capital management regulations for the Russian banking industry and Central Bank.
USAA: SECURITY SELFIE, NATIVE FINGERPRINT, AND VOICE SIGNATURE
The game-changer for USAA is to deliver flawless, contextual customer application services that are secured through less intrusive authentication options. The use of biometrics (fingerprint, facial and vocal) to access its mobile banking application positions USAA to be able to compete with Fintechs across the digital banking ecosystem and offer exceptional service to its military and family members.
USAA worked with Daon Inc. to provide biometric solutions paired with its “Quick Logon” dynamic security token technology, which is embedded in the USAA Mobile App for trusted mobile devices. Biometric and token validation focus on who the user is and who the verifiers are and it addresses increasing concerns around the high level of compromise of static user names, passwords, and predictable security questions from sophisticated phishing attacks, external data breaches, and off-the-shelf credential-stealing malware.
For more information on these initiatives, please see the case study abstract on our website.
Please join me on Thursday, April 21st at noon EST for an overview of the 2016 edition of our Top Trends in Corporate Banking report, which was published in March.
Corporate banks continue to place an enormous focus on investing in digital channels to meet the ever-increasing demands of clients for enhanced tools while boosting security and fraud prevention. Despite this investment, corporate banking has lagged in terms of adoption of innovative technologies. To improve that performance, corporate banking lines of business are undertaking a broad set of initiatives to overcome the inertia that has left clients behind in terms of innovation. Among the top trends, we will examine the opportunities in trade finance and customer onboarding for improving efficiency and enhancing client satisfaction. Other top trends include fintech partnerships, distributed ledger technology and open APIs and adapting liquidity management strategies. I look forward to having you join us on Thursday!
Last week many of us at Celent were in New York attending our Innovation and Insight Day on April 13th. It is Celent's flagship event during which we announce Model Bank and Model Insurer winners and celebrate their achievements. In addition, the program includes keynote speeches from industry leaders and Celent analysts, plenty of opportunities to network with peers, and even to experience some of the latest technologies first hand, courtesy of our sponsors.
The theme of this year's event was "Financial Services Reborn", and the Museum of American Finance on Wall Street provided an inspiring setting to celebrate innovation in financial services. Craig Weber, Celent CEO, kicked off the proceedings drawing insightful parallels between the battle of Alamo and the future of financial services. It must have been the first time in Craig's career that he had to come up on stage to the soundtrack of hip hop music, an extract from the Broadway musical "Hamilton", but it set the tone for the rest of the day – to expect the unexpected and to be open to new ideas.
Both of our guest speakers – Nadeem Shaikh, Co-Founder and CEO of Anthemis Group, and Leanne Kemp, Founder and CEO of Everledger – thrilled the audience and opened everyone's eyes to the opportunities presented by Fintech and Blockchain respectively, while our colleague Will Trout spoke eloquently about consumer-led convergence. A big 'thank you' to all the speakers, as well as the sponsors supporting the event!
The rest of the day was all about celebrating the achievements of Model Bank and Model Insurance award winners. As many of this blog's readers know, the vision for Celent’s Model Bank research, now in its ninth year, is to spotlight effective uses of technology in banking. This year we received a record number of submissions – well over 100 – that came from all over the world; the nominations were spread equally between North America, EMEA and APAC. The award winners come from four continents and nine countries and range from credit unions and microfinance institutions to the world's largest banks.
Celent Model Bank 2016 winners are:
Model Bank 2016 Categories
1. Digital Banking Transformation
Citizens Bank, US
Garanti Bank, Turkey
2. Omnichannel Banking
Beyond Bank, Australia
Standard Chartered Bank, Korea
3. Digital Payments and Cards
Bank of America Merrill Lynch, US
4. Corporate Payments and Infrastructure Modernization
Bank of China, China
CBW Bank, US
5. Cash Management and Trade Finance
HBL (Habib Bank), Pakistan
6. Security, Fraud, and Risk Management
7. Legacy Transformation
Umpqua Bank, US
Vietnam Bank For Social Policies, Vietnam
Model Bank of the Year
Eastern Bank, US
As always, we published a series of reports with detailed case studies of all winning initiatives. Celent research subscription clients can access the Model Bank of the Year and individual category reports via our website.
This year we also introduced a new award, Model Bank Vendor. We wanted to acknowledge the vendor role in helping multiple clients achieve technology or implementation excellence, one of our judging criteria, and to extend our appreciation to the entire vendor community, which is instrumental in the ongoing success of the Model Bank program. Celent recognized two companies as Model Bank Vendors for 2016:
- EdgeVerve Systems
- Nucleus Software
Congratulations to all our award winners! We are grateful to have been exposed to so many extraordinary initiatives and the talented individuals responsible for their success. We look forward to continuing with the Model Bank program next year to identify and award the most impressive banking technology initiatives from around the world, and will begin accepting nominations again in September – stay tuned!
The world seems convulsed these days. No matter where you live, something significant is developing around you or about to burst.
Brazil has not been the exception. Economic slowdown and corruption allegations involving high officers in government and the private sector, have led to massive social protests. The Panama Papers only to continue to build a lack of trust on things changing easily. But Brazil is a huge economy, with very talented people and industries that can compete at world-class level. Some things need to change for sure; with a trusted leadership is just a matter of time for Brazil to come back to the right path.
On a positive note from the financial sector, early this year FEBRABAN, the Brazilian banking industry’s main federation, and Brazil’s top five banks entered into a memorandum of understanding with LexisNexis®Risk Solutions by which the latter will provide technical services for a new credit intelligence bureau that will modernize the current Brazilian credit risk information ecosystem.
The effort has the objective of financially including more Brazilians in the long run and efficiently assessing consumer credit risk, with the potential to "change lives, generate sustainable economic expansion in a world-class economy, all the while providing financial institutions with the tools to assess and manage risk more effectively" as indicated in LexisNexis®Risk Solutoins press release. It will make possible for the credit intelligence bureau to process and analyze complex, massive data sets in a matter of seconds. It is expected that the ability to process quickly large volumes of transaction data will help the credit intelligence bureau to effectively manage financial payment experiences, resulting in a bureau with a sophisticated infrastructure.
This decision by FEBRABAN, Bradesco, Banco do Brasil, Caixa Econômica Federal, Itaú Unibanco and Santander comes very handy in order to offset the effects of the country's economic moment by expanding the potential market and providing financial solutions to people that are seeing its purchasing power affected. Banks are not alone in coming up with positive initiatives as insurers have also made moves along these lines.
It’s good to see that, from the banking perspective, Brazil does not stay arms crossed waiting to see what happens; instead they are trying a good recipe to be applied in times of need: Seeking efficiency and growth, by financially including more people into the system through a more effective risk assessment.
- Constraints on capital and liquidity
- Cost of compliance
- Changing client expectations
- Competition from new entrants