Celent Model Bank Awards 2017: The Legacy Perspective

Celent Model Bank Awards 2017:  The Legacy Perspective

We’re less than two weeks away from this year’s Insight & Innovation Day!

Once again my presentation of the Model Bank Awards for Legacy Transformation will serve as the only barrier to the much anticipated announcement of Celent’s Model Bank of the Year Award for 2017.  This is my third year speaking at our Insight & Innovation Day conference, and this is my third year “bringing up the rear”.   I’m not sure if this status reflects on the critical importance of Legacy Transformation, in the way that “Actress in a Leading Role” presages the much anticipated “Best Picture” Award at the Oscars.  More likely, this simply reflects the reality that most banks consider Legacy IT as boringly reliable and not very…well… sexy. 

Legacy IT is a term that most bankers associate with mainframe-based core banking systems (CBS) – systems that have never seemed to get much respect.   Most bankers place Legacy IT on the “pay no mind” list, thinking about CBS platforms as much as they ponder the Ethernet cables traversing the space in the ceiling above their cubicles.  This pay-no-mind approach seems to work well, until the day when the bank experiences a massive payments screw-up, or a systems availability issue arises, triggering a Greek chorus of blame from the press and industry pundits — "damn those aging back-office systems"!  

Given my tempered expectations, I was astonished at the number and diversity of very interesting projects that were nominated for Model Bank Awards for 2017. If this year’s nominations are any indication of what’s going on in the market, it appears that banks are finally looking to transform legacy IT from something they simply have to live with to something from which they can create competitive advantage.  Of course, CBS platforms will continue working in the background to support the bank’s strategic mission – the perennial nominee for “Best Supporting Actor/Actress” rather than “Best Actor/Actress” – but it’s also very clear that innovations like real-time payments and Open Banking will only go as far as the bank’s back-office systems will carry them.

My review of the various nominations we received this year reflects a shift in how large FIs around the globe are viewing CBS transformation:  while traditionally CBS renewal was viewed as addressing a “problem to be fixed”, increasingly it’s becoming an “opportunity to be seized”.  The old view of CBS projects was driven by the simplistic notion sense that COBOL was bad simply because it was old.  To the extent that a bank’s motivation was based simply replacing the old for the sake of modernity, it explains why many CBS renewal projects have been abandoned or never attempted at all.  I’d personally prefer my bank to be running on an old and well-maintained system than an new and poorly designed banking system.

The important nuance here is that if a bank cannot achieve internal consensus around the issue of legacy CBS, it’s relatively easy to continue to kick the can down the road – which is what many large and strategically important global banks continue to do.  On the other hand, the banks included in our group of Model Bank Award nominees view CBS renewal through a different lens, one that considers CBS renewal as an enabler of operational agility, a catalyst of back-office efficiency, and other important positive benefits.  Thus, few references were made this year to "old versus new", but rather to things like “delivering banking services anytime, anywhere, at scale and using technology to relentlessly drive efficiency”, as one Model Bank Award nominee articulated the emerging opportunity for CBS renewal.

Reflecting the diversity of the Model Bank Award nominations we received for Legacy Transformation, this year we will be making three separate awards for innovative projects that are powered by innovative CBS platform implementations:

  • Legacy Transformation:  This Award winner exemplified the long-term approach that CBS transformation demands, particularly for the large banks, and demonstrated that legacy transformation is not a sprint measured on a quarter-by-quarter basis but a marathon that takes many years to take root.
  • Banking in the Cloud:  Casting aside conventional doubts and concerns about the security and regulatory acceptability of cloud services, this Award winner built its entire stack of banking services wholly in the cloud, and thus serves as a model for other banks to observe and emulate in time.
  • Financial Inclusion:  CBS transformation projects are typically aimed at increasing organizational agility and reducing back-office IT costs, however this Award winner has demonstrated the social impact of building modern IT platforms in reaching the unbanked with a growing array of modern banking systems.

I’m looking forward to presenting these very worthy winners with their Model Bank Awards, while also sharing my observations regarding how the conventional view of Legacy Transformation needs to evolve along with all of our thoughts and preconceptions regarding the importance and nature of innovation in banking.

How to Woo a Bank

How to Woo a Bank

When it comes time to choose a business partner, banks will favor those who help them execute their third party risk management (TPRM) responsibilities over those who begrudgingly comply.

The risk to a bank of doing business with a third party is real; the consequences of a risk event are not only disruptive, but often result in long-term reputational damage that can seriously affect the bottom lines of both the bank and the third party. We have all seen the media coverage. Parties who can make TPRM easier for banks by being proactive, transparent, and helpful will distinguish themselves in an ever more competitive environment.

They must show that they are compliant with the bank’s risk management requirements throughout the RFP, due diligence, onboarding processes, and lifecycle of the engagement.  OCC1 TPRM regulations alone require the bank to evaluate 16 risk dimensions when engaging with a third party. And, if the relationship involves a high or critical risk activity, the bank will carry out a much more thorough due diligence; often including an on-site visit to inspect operational risk procedures in the case of a risk event.

Furthermore, there is now an expectation that the third party will willingly take a portion of the liability of such an event.

Banks are introducing a new level of discipline and quantification around the measurement of third part risk. With this knowledge, banks can determine third party indemnification provisions and allocation of liabilities at the contract stage. You will be at a disadvantage if you do not have a way to measure and verify the scope of a potential risk event that involves your products or services.

Celent is also beginning to witness the inclusion of provisions within contracts that require a third party to reimburse the bank for out-of-pocket costs relating to data security breaches that occurred due to the third party's negligence. As banks continue to push back on third party risk liabilities, third parties need to ensure they have in place insurance policies that can fund indemnification obligations.

My recent two research reports discuss the changing and expanding landscape for TPRM and explain why banks, regulators and third parties need to commit to their significant other in the management and responsibility of risk.

Model Bank 2017: Some First Impressions

Model Bank 2017: Some First Impressions
Growing up, a family Christmas tradition was that my mother would ritualistically proclaim, “That’s the most beautiful tree ever.” It seems that way with Celent’s Model Bank awards, too. In our tenth year we’ve just been through more than 150 submissions, and just like my mother, I can say that this was the best crop yet. The quantity emphatically broke records, and the quality was outstanding. Ongoing innovation in banking technology is clearly beginning to pay off, and we’ve been privileged to learn an immense amount from all of the financial institutions that took the time to tell us about their how they’ve been using technology and innovation to serve customers better, become more efficient, and mitigate risk.

Those who’ve followed the Model Bank Awards closely will note that our awards format has evolved to follow the market over the years. As the imperative to be more customer-centric has become more pressing, it has in turn begun to blur the lines between one of the oldest ways to divide banking: channels. And lines elsewhere begin to blur, too – for instance, should a mobile payments initiative be in mobile, or in payments, or in its own category? We’ve addressed this conundrum with five categories chosen to provide a broad cross-section of the banking landscape.
  • Customer Experience
  • Products
  • Operations and Risk
  • Legacy Transformation / IT Platform Innovations
  • Emerging Innovation
The entries were exceedingly diverse, and came from repeat submitters and new participants. EMEA led the pack quantitatively, with APAC and North America roughly the same, and the strongest showing yet from Latin America. We expected to see nominations around digital banking, branch and core transformation, and payments, to name a few, and we weren’t disappointed. We were also pleasantly surprised to see intriguing initiatives involving employee productivity, cross-selling, AI, Biometrics, and Blockchain.

Inevitably some will be disappointed; there were so many worthy initiatives that the judging was the most difficult by far. It’s certain, though, that Celent analysts will have a full plate for the next two months as we reach out to our Model Banks and complete the work of distilling their rich stories into pithy case studies that illustrate the incredible innovations banks are undertaking today.

As for what you can expect between now and April 4 in Boston, look for a series of articles from the Celent analyst team highlighting some of the many insights that we’ve gleaned along the way. We’d recommend that you check back in; as we notify the winners and begin to develop our case studies, we’ll keep you posted with a series of articles like this one that detail some of the insights.

And while space is filling up fast, there’s still time to register for 2017 Innovation & Insight Day, April 4, 2017 in Boston, Massachusetts. Find out more about last year’s event here.

Banking Third Party Risk Management Requirements are a Big and Expensive Ask

Banking Third Party Risk Management Requirements are a Big and Expensive Ask

Celent, through its work with Oliver Wyman, estimates the cost to US financial institutions of undertaking due diligence and assessment of new third party engagements to be ~ $750 million per year. Institutions are paying three times as much as their third party to complete on this exercise. The average cost to an institution to carry out due diligence and an assessment of a new critical third party engagement is $15,000 and takes the institution approximately 16 weeks to complete.

The top ten US banks average between 20,000 and 50,000 third party relationships. Of course, not all of these relationships are active or need extensive monitoring. But the slew of banking regulatory requirements for third party risk management is proving to be complex, all-consuming and expensive for both institutions and the third parties involved. In a nutshell, institutions are liable for risk events of their third and extended parties and ecosystems. The FDIC expresses best the sentiment of worldwide regulators:

“A bank’s use of third parties does not relinquish responsibility… but holds it to the same extent as if the activity were handled within the institution." www.fdic.gov

If an institution doesn’t tighten its third party risk management, it is significantly increasing the odds of a third party data breach or other risk event and will suffer the reputational and financial fallout.

In the first report of a two-part series, just published by Celent, “A Banker’s guide to Third Party Risk Management: Part One Strategic, Complex and Liable”, I show how institutions can take advantage of their established risk management practices such as the Three Lines of Defense governance model, and operational risk management processes to identify, monitor and manage the lifecycle of critical and high-risk third party engagements across functions and levels. It describes the components required for a best-practice program and shows examples of two strong operating risk models being used by the industry that incorporates third party risk management into the enterprisewide risk management program.

Unfortunately, there are few institutions that have successfully implemented strategic third party risk management programs. Most institutions fall between stage 1 and 2 of the four stages of Celent’s Third Party Risk Management Maturity Curve. But continuing to operate without a strategic third party risk management practice will leave your institution in the hands of cyber fate and the regulators.

The growth and impact of Money 20/20

The growth and impact of Money 20/20

It’s remarkable that in just five years Money 20/20 has gone from a standing start to having about 11,000 [sic – you read that right] registrants. We go to many conferences throughout the course of the year, and the growth in Money 20/20 is unprecedented in the financial services space (as the chart shows). We’ve used data from sponsors and from blogs to assemble the numbers below; there’s no doubt that Money 20/20 is now the 800 pound gorilla in the space.

conference-attendance-over-last-six-years

Money 20/20’s growth is due in large part, we believe, to the ecumenical approach that the organizers have taken toward the payments ecosystem.  Rather than focusing on just banks and vendors, the show includes processors, merchants, venture capitalists, startups, and other various and sundry hangers-on (including analysts). The organizers’ excellent marketing has played a role, to be sure, as has their interesting mix of commercialism and insightful content from the various participants on stage in both plenary and track sessions. But in many ways Money 20/20 has hit a particular point in time just right, recognizing that the payments ecosystem is bigger than just banks, and needs a forum where every participant could get together. The tragedy: this event could have belonged to any of the incumbent organizers of conferences, but they didn’t seize the initiative.

A final thought on substance: while the need for cooperation and collaboration across the ecosystem was universally acknowledged, as was the precept that incumbents and fintechs must partner (hallelujah!), it was interesting that one of the most ambitious payment collaborations of all time, MCX, was nowhere to be seen. It, at least in 2015, was a bridge too far.

Get off the bench: free lunch is over for banks?

Get off the bench: free lunch is over for banks?

This is a copy from my guest post for Finnovista that I wanted to share with you here as well.

A few years ago when we started collaborating in creating the Latin American Fintech community there were no Fintech associations, no Fintech conferences and for sure there was no mapping of Fintech start-ups at all. It has been quite a journey for all of us involved. Kuddos to the Finnovista team for being a key element and catalyser for these achievements!

What exciting moment to be in financial services! Many things going on. Banks are being unbundled; and its happening everywhere. Want to take a look? Check what’s going on in the US, Europe and in more near places across Latin America like Mexico, Brazil, Colombia, Argentina and Chile.

It’s making no distinctions, affecting personal and business banking equally. Consequently, the nature of competition is changing; and pressure is not expected to come from other financial institutions. In a recent Celent survey, to SME banking representatives from Latin American banks, most believe that fundamental changes that are expected to occur in the banking industry won’t come from other financial institutions; instead they are looking mainly to new entrants and adjacent industries.

In last year’s survey to retail banks in Latin America, Stanford University found that 47% of the banks see Fintechs as a threat. The same survey indicates that only 28% of the banks meet the needs of their digital customers. Not a position where you want to be.

Customer expectations, pressure on revenue and cost, and increased regulation don’t make the life easier for banks either. Fintech start-ups may advantage banks on responding to customer expectations and being leaner has Fintechs better positioned to pressure on costs; but they have to play under the same regulation and at some point earn revenues in excess of cost (a.k.a. be profitable).

FCA, the U.K. financial regulator, has opened its sandbox for applications from financial firms and tech companies that support financial services. Successful applicants can test new ideas for three to six months with real consumers under loosened regulations. This is something we haven’t see yet in Latin America, though regulators are increasingly open to the benefits of Fintech and innovation, particularly if it is related to financial inclusion: we have seen the support of regulators to mobile wallets across the region in the last couple of years. Mexico appointed this year an officer for Fintech development in what I see as the leading case in the region to facilitate the adoption of services provided by Fintechs under the umbrella – and supervision – of the regulator. Most lately, the Argentinean regulator has introduced changes enabling digital onboarding, and in payments facilitating competition and adoption; though no sandbox yet, but maybe a digital/branchless bank in the way? Will it be a disrupting incumbent or a new player? By themselves or in cooperation with Fintechs?

Indeed, there has been a lot of debate regarding the nature of the (best) relationship between banks and Fintechs; be it competition, cooperation or coopetition, banks need to play a different game. The ecosystem has changed incorporating a myriad of players and increased complexity. Banks must reconstruct their business models around three areas, recognizing that they are part of a broader and new financial ecosystem:

  • Channels: How the bank serves customers
  • Architecture: How the bank organizes to deliver value
  • Innovation: How the bank delivers new ideas, products and services around both channels and architecture

Banks can innovate on their own, or partner with Fintechs or other 3rd parties; at the end of the day banks need to select and execute on the best innovation models. There is no single answer that fits all; each institution will have to discover the best combination of innovation models aligned with risk appetite, organizational culture and the target customers you want to reach.

Solving the Fintech Vendor Due Diligence Conundrum

Solving the Fintech Vendor Due Diligence Conundrum

Banks are ultimately responsible for all of the services that they provide, even when they contract with third parties to help them deliver those services. More and smaller banks are partnering with outside providers, and there are more and smaller third parties being formed to meet more specific bank needs. While there’s even a section in the U.S. Federal Financial Institutions Examination Council’s (“FFIEC”) IT Examination HandBook detailing what sorts of due diligence a bank should conduct on its third party service provider, there’s still room for interpretation when deciding how more inexperienced banks should deal with those responsibilities.

The answer isn’t straightforward. All banks are challenged when contemplating a relationship with a small fintech because of the first three items on the FFIEC checklist: Existence and corporate history; Qualifications, backgrounds, and reputations of company principals…; and Other companies using similar services from the provider…. Small, new companies will find it more difficult than established firms to pass muster; many banks simply won’t want to take the risk of dealing with them. And many smaller banks simply won’t have the resources or expertise to properly vet these new entrants.

At the same time, many larger service providers to banks (including software vendors, outsourcing providers, and consulting shops) are searching for ways to bring innovation to their banking clients.

In recent conversations with clients I’ve been struck by an increasingly popular solution: a larger, more established firm bringing a fledgling company under its wing. The incumbent does the due diligence, offers advice, and, when satisfied, vouches for the FinTech. It may license the software, or engage the Fintech as a subcontractor; in any case, it’s assuming responsibility for the work of the smaller and newer firm.

Vendor Management Graphic

Executed properly, it’s a three way win: the bank accesses a new and innovative solution; the incumbent service provider is able to add new value to the relationship; and the fintech is able to begin a relationship from which it would otherwise have been shut out. All participants in the banking ecosystem should consider whether this solution can help their particular situation.

Mobile banking adoption growth is slower than you think

Mobile banking adoption growth is slower than you think

In March of this year the Federal Reserve released the newest iteration of its consumer survey report on mobile banking, Consumers and Mobile Financial Services 2016. One fact that sticks out is how slow mobile banking adoption has been over the last few years.  While 53% of smartphone users have used mobile banking in the last 12 months (nowhere near “active”), that number has only grown 3 points since 2012, a CAGR of just 1.9%! This is hardly the unrelentingly rapid pace of change espoused by many who thought evolving customer behavior would overwhelm traditional banks’ ability to adapt.

1

Obviously there’s a disconnect between the hype surrounding mobile banking and the reality of how consumers are actually interacting with financial institutions.  But why then have forecasted rates of adoption not been realized?  There are a few possibilities.

  1. Mobile banking is reaching peak adoption: In the consumer survey by the Fed, 86% of respondents who didn’t use mobile banking said that their banking needs were being met without it.  73% said they saw no reason to use it. While the idea that mobile banking adoption would peak at around 50% doesn’t intuitively make sense for those in the industry, it’s obvious that many consumers are perfectly fine interacting with their bank solely through online banking, ATMs, or branches; they may never become mobile users.
  2. Mobile banking apps need improvement: It’s likely that many mobile banking apps still aren’t mature enough to ease some of the UX friction and convince a large portion of consumers that they provide sufficient value. In the same Fed survey, 39% said the mobile screen is too small to bank, while 20% said apps were too difficult to use.  With three-fourths of non-using respondents (mentioned in the previous bullet) finding no reason to use mobile banking, apps may need to improve functionality and usability to attract end users.  The correlation between features offered and mobile consumer adoption is also well established. Mobile banking apps may have reached an adoption peak relative to their maturity, and institutions will likely see adoption grow as apps advance and as demographics increase usage.
  3. Channel use is a lot stickier than perceived: Consumers are still consistently using the branch.  The two figures below illustrate what’s happening. The first graph comes from the Federal Reserve report on mobile banking usage, while the second is taken from the Celent branch channel panel survey taken of more than 30 different midsize to large banks.  On average, 84% of consumers surveyed by the Fed report using a branch, while respondents of Celent’s survey see 83% of DDA/savings accounts and 79% of non-mortgage lending products originated from the branch channel.  Mobile only has a 2% share of total sales.  While many institutions find it difficult to attribute sales across multiple channels and have a well-known historical bias towards branch banking, these stats don’t support the notion that consumers are migrating away from the branch and towards mobile banking.  We’re aware these numbers don’t take into account transaction migration, and likely the sales mix will shift as more banks launch mobile origination solutions, but regardless, it’s obvious the branch is still the most used channel by far.

 

Capture2 Capture3

Mobile banking isn’t taking over the financial lives of consumers as much as institutions and many analysts predicted it would, and at least for now is settling into a position alongside other interaction points. Consumers are clearly opting to use channels interchangeably, and it’s not obvious that mobile will have any predominance in the next few years.   As a result, banks need to move away from arbitrary goals surrounding channel migration and instead let the consumer decide what works best for them.  This certainly doesn’t imply that institutions should stop developing mobile—there’s clearly lots of areas for improvement—but it’s important to not get swept up in the hype surrounding emerging channels.

Remember, more than 60% of FI customers aren’t enrolled in mobile banking, and it accounts for only 2% of sales. Focusing so intently on capturing such a larger share of mobile-first or mobile-only consumers risks misaligning bank resources towards projects that don’t offer the maximum value. Banks shouldn’t be rushing into things—they’ve got time to do this right and in an integrated way.

Financial institutions need a mobile strategy for younger consumers who will most certainly prefer mobile, but older consumers aren’t going anywhere anytime soon. Mobile, at least for now, isn’t the end-state. Mobile-only banks aren’t going to take over the world anytime soon and institutions should be considering the broader proposition of digital in the organization. ​​​​This means a solid digital strategy across all channels, and a focus on driving the experience, not pure adoption.

Brexit. Eventually. Possibly.

Brexit. Eventually. Possibly.

What did Britain say to its trade partners?

See EU later.

It’s been a funny week or two to say the least, so it seemed apposite to start with a joke (and we’re not talking about the England vs Iceland result! – the Icelandic commentator is worth a 30sec listen.)

The UK woke up to find that it was leaving Europe. Given the legendary British reserve, stiff upper lip, etc., it is quite incredible just how divided the country has become, and how everyone has an opinion. As a result, there has been a lot said before, during and after the campaign that needs to be sifted very carefully. This is a genuine attempt at a factual look at quite what this means as many of the facts are very definitely not facts.

What's actually going to happen? Frankly, the short answer is nobody actually knows. No country has ever left before. Greenland did but is both smaller and was leaving for other reasons. Nor did they invoke Article 50 (more of which in a second) which has never been used. Whilst there are some legal guidelines and processes, given that the European Union is an economic union governed by politicians, it’s fair to say that the process will be very political in nature. Particularly as Article 50 is not very precise.

The first step is for the UK to activate Article 50 which effectively formally starts the process. The UK has two years from informing the European Parliament that it intends to leave and actually signing article 50. Given other European elections, and despite some public calls from Europe to get on with it, some believe that it is likely to be later rather than sooner.

Until Article 50 is signed, the UK is still in Europe, and everything continues as they do today. What is less clear is when Article 50 is signed, what happens next, and how long the process will take. UK Government analyst suggests 5 years, yet others say at least a decade.

Nor is it yet clear what the UK will choose to negotiate on. For example, it may choose, voluntarily to adopt regulation such as PSD2. We (or, to be clear, Gareth) believe that the UK will push ahead with the PSD2, as many of the rules are either in place in the UK already, or reflect the way the Government is thinking e.g. the Open Data Initiative arguably is far wider reaching that the Access to Accounts element of the PSD2.

It’s not clear quite what is or isn’t the European Union necessarily. For example, passporting, the rule that allows financial services firms to be licenced in one country and operate in another, is actually (according to the Bank of England website at leastother reputable sites even disagree on this!), an European Economic Area (EEA) initiative, and even countries outside of the EEA, such as Switzerland, have negotiated deals. This is particularly key for card acquirers, many of whom use their UK licence to negate the need for local ones across Europe.

So, as they saying goes, the devil will be in the detail. And that’s going to take time to unravel, and to negotiate even on the things that need negotiating.

Over the coming months, banks will need to scenario plan on multiple dimensions. They will need to identify key regulations that impact their business, how that might be regulated, and how long it would take the bank to respond. Yet many, if not most banks, will have done some of this risk profiling before the vote took place.

Until there is clarity, the reality is that it’s the political fall-out is going to have the most impact in the short-term, itself creating a degree of additional economic turmoil.

Large FIs spent $25M rolling out failed risk management frameworks during the 2000’s. So why try again?

Large FIs spent $25M rolling out failed risk management frameworks during the 2000’s. So why try again?
Large financial institutions spent in excess of $25 million on rolling out failed enterprise risk management frameworks during the 2000’s. So why try again? Well for many obvious reasons, the most notable of which has been the large scale failure of institutions to manage their risks and the well-editorialized consequences of those failures. The scale of fines for misconduct across financial services is staggering and damage to the banking industry’s reputation will be long-lasting. Major Control Failures in Financial Services blog Source: publicly available data Regulators and supervisors are determined to stop and reverse these risk failures, specifically, the poor behavior of many bankers. Regulators are demanding that the Board and executive management take full accountability for securing their institutions. And there is no room for failure. This is the only way that risks can be understood and, hence, managed across the enterprise. There is no denying that risk management frameworks are hard to implement but Celent believes the timing is right for the industry to not only secure their institutions and businesses but to innovate more safely and, slowly, win back the trust of their customers. My recently published report Governing Risk: A Top-Down Approach to Achieving Integrated Risk Management, offers a risk management taxonomy and governance framework that enables financial institution to address the myriad of risks it faces in a prioritized, structured and holistic way. It shows how strong governance by the Board is the foundation for a framework that delivers cohesive guidance, policies, procedures, and controls functions that align your firm’s risk appetite to returns and capital allocation decisions.