Blog | Guest Column

»  Weblog Main   |   »  View Entries By Topic   |   »  View Entries By Date

Why Bankers Should Make an Effort to Become “IT Savvy”

Posted on February 11, 2010

In May 2003, Nicholas Carr made a big splash in the IT world by writing an article for the Harvard Business Review titled “IT Doesn’t Matter.” Without getting into details, Carr differentiated between IT as an infrastructure commodity, like electricity, with no competitive advantage, and proprietary technology investments, which can be the foundation for competitive advantage. The commotion over this article among my clients was noteworthy. Among his conclusions, Carr argued for “managing costs and risks meticulously” and limiting spending (on commodity IT infrastructure).

By the fall of 2003, I was giving presentations to clients that explained Carr’s thesis and how they should think about their IT investments. My conclusion was that IT was still relevant and would not fade away as a priority. Rather, IT investments going forward need to add value and support an institution’s mission, strategies, and objectives with clarity and visibility to the business managers and end users. My recommendation was that bankers need to focus on making sound business and IT decisions and excel at execution.

In June 2009, Peter Weill and Jeanne Ross published a book (“IT Savvy: What Top Executives Must Know to Go from Pain to Gain,” Harvard Business Press) that reflected the results of their research across many industries, including the financial services industry. The authors define “IT savvy” as “a characteristic of firms and their managers reflected in the ability to use IT to consistently elevate firm performance.” Several financial institutions are profiled in the book as examples of “IT savvy” firms. The authors describe four operating models and related requirements for the digitized platforms that match each operating model. The authors’ research findings conclude that “IT savvy” firms that pick the appropriate operating model and digitized platform achieve a 20% higher level of performance than their peer competitors.

I believe the crux of the Weill/Ross thesis is valid and translates into the expectation that bankers in every line of business should become IT savvy. Some readers may think becoming IT savvy is an oxymoron for bankers. But, if bankers do not want to become IT savvy, then their institution’s future success is probably going to be below average, if the institution survives.

Last month, I published a case study analysis of one medium sized institution, HarborOne Credit Union ($1.8 billion, 14 branches headquartered in Brockton, MA) that is on the road to becoming IT savvy. HarborOne is aggressively pursuing its business objectives with a multi-year plan that incorporates and leverages IT investments to fulfill its mission, strategies and objectives. This case study provides an example of how an institution becomes “IT savvy.” HarborOne’s journey is not just about what is going on in IT. The commitment and participation of the entire management team and staff of about 350 employees are necessary to achieve an IT savvy status. HarborOne also knows it can not become “IT savvy” without successful IT supplier partnerships that have common objectives and a strong commitment between the institution and each IT supplier.

If you are a banker, making sound business and IT investment decisions will define your future potential. Achieving excellence in execution puts your bank on the road to realizing its potential.

Bill Bradway, founder and managing director of Bradway Research LLC, analyzes the business strategies and IT investments of US banks and credit unions.

Comments

Smart Use of Pricing Can Help Banks in the Battle for Deposits

Posted on February 13, 2009

By Dr. Robert Phillips, Nomis Solutions

“Unprecedented turmoil” is among the phrases most commonly used to describe the current state of banking. And, indeed the last few months have seen an historic rate of failures, near-failures, and acquisitions combined with a rapid tightening of credit. Amid all this turmoil, it is easy to forget that the basic business of gathering deposits and making loans is not going to disappear. In fact, as banks look for ways to survive the current environment, more careful management of the core businesses of lending and deposits will have a high priority. In this article, I’ll explain how pricing and profitability management can help bank executives break through the current market conditions and prepare themselves for the future

The Impact of Scarcity and Cost of Capital on Lending
Banks and finance companies are grappling with the perfect storm: a volatile funding environment, a lack of liquidity in the marketplace and extremely high inter-bank lending rates. This combination of factors is leading to a need to rethink the fundamentals of the business. In particular, it has generated three urgent needs:

1. The Need to Originate to Order
Historically, a robust secondary market with a seemingly insatiable appetite for credit products meant that the supply of credit was essentially unconstrained. A home could be found for almost any type of reasonable (and often unreasonable) loan. Now, funding and balance sheet needs are dictating the types of loans that can be funded. Lenders need to be able to use intelligent pricing to stimulate customer demand for the types of products they want to put into the market.

2. The Need to Understand Customer Price-Response
Our research has shown that the constrained supply of credit means that consumers’ responsiveness to price is at an all time low. Savvy executives can use pricing to capitalize on this opportunity to improve net interest margins and better position themselves in the market. However, the price-responsiveness of borrowers is changing more rapidly than we have seen before—often on a week-by-week basis. To the extent that it was ever any good, much of the received wisdom about customer price-response is now out of date and changing by the week. To fully capture the opportunity, targeted analytics and careful market tracking will be required.

3. The Need to Mitigate Adverse Selection
Consumers willing to accept higher rates are typically those that have the most burning need for credit and may have higher default probabilities. Unless this is clearly analyzed and managed, adverse selection will translate into higher losses for lenders in the future. Traditional risk measures based on bureau or custom scoring have been established based on historic market conditions and do not fully account for this. To manage and avoid adverse selection, lenders need to understand how higher APRs will change the loss behavior in different customer segments.

The Impact of Scarcity and Cost of Capital on Deposits
The collapse of the wholesale credit market has led to a new focus on deposits worldwide.

Racing for Deposits
Deposits are getting more competitive and difficult to secure as the “land grab” for deposits drives down margins. While acquisition is one way to building the deposit balance, most banks are going to need to rely on organic growth. As the economy moves into recession, the savings rate is likely to increase, creating new opportunities.

Understanding Changing Customer Response to Pricing
Consumers are considering brand and financial stability when making decisions about savings and deposits—there is a definite and discernible “flight to quality”. Banks with a strong reputation and an extensive retail network in a certain market will be able to compete most effectively. Those with a weaker reputation and/or less extensive retail branch network will need to price their deposits more aggressively to compete. Understanding where and how to target prices to attract the most deposit balances at the lowest rates will be a complex challenge. Most banks use an ad hoc and judgmental pricing process, which lacks an understanding of customer response, to address an incredibly complex problem with potentially tens or hundreds of thousands of price points. Many banks are moving to a more analytical approach that enables them to meet their targets in the most profitable fashion.

Using Best-in-Class Pricing and Profitability Management
Through a combination of advanced analytics, innovative technology and tailored business processes, a best-in-class pricing and profitability management approach can improve financial and operational performance on both sides of the balance sheet. With the ability to quantify customer response to pricing, executives can develop pricing goals and a pricing strategy that are aligned with business objectives and financial performance targets. Because they are able to forecast what they can expect to acquire as a result of a pricing action before putting prices into the market, this approach supports an intelligent debate on the inevitable tradeoffs such as volume versus profit and risk goals, tier/term mix, credit score distribution, and loan-to-value (LTV).

Once performance goals are set, prices can be optimized to achieve profit, volume and balance targets from the portfolio level down to the micro-segment level. Executives can measure the impact of a competitor’s price changes or recent exit on their business. Additional benefits include: increased profits and/or market share, higher returns on assets, improved deposits balances, more control over risk, a cohesive view of key performance indicators at a portfolio and micro-segment level, and the use of a more structured, repeatable and efficient pricing process.

For lenders, the ability to predict the impact of price on consumer response enables them to optimize their credit and term mix within the context of their risk and ABS conduit tolerances. For deposits executives, an understanding of customer response to deposit rates at the point of sale and renewal helps drive incremental margin improvements. By optimizing deposits pricing and understanding the impact of price on take up of all of their products, banks can efficiently find the most profitable way to both attract funds and lend them.

Dr. Robert Phillips is the founder and chief science officer of analytics and pricing solutions provider Nomis Solutions.

Comments

Looking Ahead: Financial Insights on Financial Services in 2009

Posted on February 09, 2009

By Aaron McPherson, Financial Insights, an IDC Company

In 2008, the storm clouds that had been building over the financial services industry burst forth and washed away the old world, leaving a landscape transformed. Venerable institutions like Lehman Brothers, Bear Stearns, Northern Rock, Fortis, Merrill Lynch, HBOS, and Wachovia were swallowed up, nationalized or simply dissolved as the assets on which their businesses were built evaporated. Governments around the world discarded their existing policies and madly improvised as they scrambled to keep the global financial system operating. Bailouts included government guarantees, troubled asset acquisitions, and direct capital infusions, ending with an unprecedented level of state ownership of financial institutions. Globalization ensured that the crisis spread rapidly around the world, leaving no country untouched.

As we look forward to 2009, the focus will be on stanching the bleeding and repairing the damage, resulting in the following 10 events:

1. The Number of Banks Worldwide Will Shrink by 5 %: Fourth quarter earnings are coming out, and so far there are no signs that the financial crisis is abating. Now the global recession is increasing charge-off rates, and more asset categories are dropping in value. The U.S. will be particularly hard hit, with its multitude of banks dropping below 8,000.
2. Regulatory Authority for European Financial Institutions Will Be Consolidated in a New “Superregulator”: In the European Union, ongoing conflicts between member states on the proper way to address the crisis will lead to the creation of a new regulatory agency with power to address bank failures that involve multiple member states in a systematic way (such as Fortis).
3. Innovation Now Will Be in Customer Acquisition and Retention Strategies: Large transformational projects will be put on hold while more tactical projects focused on improving the customer experience and channel integration will take precedence.
4. FinTech 100: Only 88 Will Welcome the New Year in 2010: While the list of the 100 largest financial technology providers typically sees 8 to 9 firms acquired during a year, we think this will increase to 12 in 2009, as weakly capitalized companies run out of time.
5. Outsourcing Will Surge Worldwide: Far more financial firms will consider and undertake outsourcing agreements, as the offerings continue to improve and pricing becomes more competitive.
6. Financial Services Firms Will Purchase Less Analytical Data for Consumer Credit Risk Management in 2009: As charge-offs surge, financial institutions will become more selective about who they sell to, resulting in lower purchases of credit data. Instead, they will focus on better use of internal data to predict delinquency and try to improve collections.
7. North American Banking Industry IT Spending Will Go Negative: In 2009, the North American banking industry will spend 4.6 percent less on IT, both internal and external, than it did in 2008. The way they will do it is through consolidation, data center virtualization, layoffs of internal IT staff and outsourcing.
8. Business Intelligence Will be the Cornerstone of Competitive Success for Financial Institutions in 2009: Financial firms will adopt business intelligence tools to better predict which customers are likely to switch or default. At the same time, leading financial firms will look to the cost side of each business, attempting to improve their cost allocation by business as well as by customer, product and channel.
9. U.S. and European Banks Will Increasingly Look East for Opportunities: With its large domestic markets and relatively stronger growth, Asia will be attractive to U.S. and European banks eager to find new sources of income.
10. Smaller Capital Markets Firms Will See Opportunities: Large corporates will reexamine their financial relationships, opening up an opportunity for smaller, more focused players to come in and win business. Tier 2 and 3 firms will also benefit from the glut of top talent newly available as a result of massive layoffs at most of the top financial institutions.

It is important not to allow the relentless drumbeat of bad news to blind one to the opportunities that still exist. Now is the time for those institutions that were not lured by easy profits to steal market share while their larger competitors were distracted. Financial technology suppliers, too, will find pockets of opportunity in the middle market, as well as a chance to acquire weaker competitors and gain market share. Those suppliers that can maintain research and development spending, and be willing to meet financial institutions halfway, will build a stronger position for the eventual recovery.

Aaron McPherson is practice director of financial services with Boston-based Financial Insights, an IDC Company.

Comments

Using Your ERP System to Weather the Bailout Economy

Posted on February 02, 2009

By Sharon Ward, Green Beacon Solutions

Most financial services companies rely on information in their enterprise resource planning (ERP) systems for financial reporting, yet the regulations and reporting requirements resulting from government bailouts are too new to have been built in to existing ERP systems. It’s likely that regulations will take effect quickly once the final bailout bills take shape. Whether a bank is looking for a new ERP system or continues to use an existing application, there are five important characteristics that an ERP system will need to allow organizations to react quickly to new regulations.

1. A flexible infrastructure: Some ERP systems utilize older architectures that make it difficult to change data structures or to present real-time information in accessible formats. This can make compliance reporting a real chore as every change in the rules may require a great deal of programming effort to ensure compliance. In some cases, real-time reporting may never be achieved.

If existing ERP applications are running on older generation architecture, companies should investigate whether it’s possible to upgrade to a newer version that will allow them to respond more rapidly to compliance concerns. Financial services companies evaluating new ERP systems should take pains to investigate the system’s infrastructure. Many companies consider the choice of IT architecture a minor point, best left in the hands of IT alone. On the contrary, this is actually one of the most strategic decisions a company can make since it affects the day-to-day transactional speed, business process flexibility, user interface, training requirements, cost of maintenance and the architecture’s flexibility to adapt as business processes change.

2. Simulation capabilities: As the financial services industry continues to implode, companies need to be positioned to take advantage of unexpected opportunities. One possible opportunity is the option to acquire new companies, lines of business, facilities or equipment. Each of these potential opportunities may have a profound effect on the financial results of the acquiring company. It will be essential to have the ability to run simulations to gauge the possible results before in-depth investigation of acquisitions or divestitures. Guidelines may provide for different ways of reporting transactions and results, and simulations allow a company to easily make the right decision for optimum results.

3. Multi-entity financials: When they are finalized, different lines of business may be eligible for varying types of aid. If the financial results for each line of business can be easily segregated, it can make qualifying for bailouts simpler. It can also prevent burdening a business entity with reporting requirements for bailouts in which they didn’t actually participate simply because the financials couldn’t be reported separately. Multi-company financials also enable a company to more easily assess the results of potential acquisitions or divestitures as discussed in the preceding paragraph.

Financial services organizations with existing ERP systems should investigate whether multi-company financials are available to them if they are not already utilizing them. Those looking for a new ERP system should ensure that the chosen system includes multi-company financials. Care should be taken during the implementation process to ensure that no steps are taken that preclude easily turning this capability on if it is not needed up front.

4. Compliance Workbench: This tool is a recent addition to some ERP applications that allows a company to monitor its employees’ compliance with regulatory requirements. This type of functionality was introduced in response to Sarbanes-Oxley and Basel II, but properly designed workbenches will be equally as useful when responding to bailout regulations.

A properly designed compliance workbench allows a company to define the business processes subject to regulations and ensure that sign-offs and other important steps are mandatory. Variations from accepted processes require override approvals and are captured for later reporting. Companies looking for new ERP systems should add this functionality requirement to the short list of strategic requirements.

5. User definable workflows: Working hand-in-hand with the compliance workbench, user definable workflows allow a company to quickly and easily adapt the existing business processes to whatever has been defined by the bailout committee. Workflows can also ensure that employees adhere to the procedures and flag exceptions for review and approval. Workflows can cut down on the amount of retraining employees require to ensure compliance since the proper procedures are inherent to the workflow.

There’s no way to predict exactly what the final bailouts will look like, but by adopting these techniques, banks can help ensure that their ERP systems are ready to respond to whatever the regulations require.

Sharon Ward is director of software strategy with Boston-based Green Beacon Solutions, a provider of business strategy and product implementation services for CRM, ERP and marketing automation.

Comments

‘EKG’ for Document Processes Helps Financial Institutions Get Lean

Posted on January 26, 2009

By Stephen Olson, Océ Business Services

Just like everywhere else, it’s belt-tightening time in the financial services industry. Between mergers and acquisitions and general cost-cutting, financial institutions are consolidating services and trying to do more with less. How do executives know when the belt is tight enough? Or too tight?

Financial institutions can now answer these hard questions with more than just intuition. Some have begun applying lessons from the manufacturing sector and implementing business performance management (BPM) tools across all their operations. These tools give the institutions quantitative, near-real-time insight into the operations that matter, from the 60,000-foot level to the atomic level, across functions, sites, regions and businesses. As an EKG monitors your heart in real time, BPM monitors your business. It spotlights risks before they turn into crises, giving you time to change your habits.

With hard data expressed in charts, graphs and numbers, decision makers can allocate resources more intelligently, shutting down underperforming operations and elevating high-performing operations as best practice models. One BPM focus area in financial institutions is document processes, such as mail, print/copy, imaging, records and eDiscovery. Through a combination of software tools and Six Sigma-based methodologies, institutions are systematically measuring, managing, benchmarking and proactively improving these processes in near real time. Just a few of the important document workflows that can be tracked, monitored, managed and improved include loan applications, lock-box operations, loan payments, statement posting and general mail.

How BPM for document processes works
There are surprising benefits in tracking these processes. Although documents are easy to dismiss as a fixed cost of doing business, they are actually fertile ground for cost savings, productivity gains and general performance improvement. Just consider how much electronic statements and online bill payment have saved the industry.

Every financial institution has revealing document performance metrics that can be derived from pressing business needs. These metrics include loan processing cycle time, on-time package delivery, mail volume, document scanning accuracy—anything that truly reflects service quality. Helpfully, printer/scanner/copier fleets, mail systems and couriers’ barcode scanners increasingly provide data for BPM systems to measure.

Once these key performance indicators (KPIs) are established, the institution can use BPM software to measure and monitor them 24 x 7 x 365. Managers can drill up to the macro level to oversee rolled-up aggregate document performance; drill down to the device, staffer or mail package level; and drill horizontally back and forth through time. Managers can compare site vs. site, isolate substandard service levels, and fix problems before they show up in red ink or customer dissatisfaction.

BPM systems make it easy for senior directors to standardize successful document processes across sites. If performance in a particular site and function shows up in the BPM dashboard as “excellent,” the company can replicate this best practice across all locations. If, on the other hand, one site or process is struggling in the red zone, the company can pinpoint the problem and launch a quality initiative—anything from a short staff meeting or form revision to a full-fledged Six Sigma project. Managers can even monitor a single dial on their PC and see an overall score for the entire document process management function on a daily, monthly, quarterly or yearly basis.

BPM in action
One major financial institution implemented BPM for document process management and made an alarming discovery: two of its 28 mail centers were grossly underperforming. The institution shut them down, saving the company $72,000 in the next six months alone without reducing service.

BPM systems are also effective for providing insight into compliance operations. One multi-site organization used its system to automate audit trails and eliminate 180 hours of compliance reporting work per year at each facility.

One manager saved money by noticing that performance was too good, a case of over service. Too many non-urgent packages were going out overnight. Detecting this on his BPM dashboard, the manager put a systemwide halt to excess shipping and saved $500,000 in the first year.

Many financial institutions are making the hard decision of lowering service levels to save money. BPM allows organizations to stay informed as they tweak service levels to ensure they avoid “killing the goose.”

Outsourcing implications
BPM capability is especially effective in outsourcing arrangements. The decision to outsource operations like mail distribution, copy, print, imaging and records handling is traditionally a leap of faith. But if the financial institution, through BPM, has immediate access to detailed, reliable and current data on KPIs, this transparency and accountability make the decision more attractive.

Such transparency also makes it easy for companies to tie their outsourcing contracts to service level agreements (SLAs). Vendors who fail to meet them pay a penalty. A vendor who meets or exceeds targets could get a share of the savings. This is equivalent to a performance guarantee.

Although careful management is always important, it’s especially true in down economies. The best-managed institutions, the ones that can tighten belts with precision, will survive and put themselves in a position to acquire their poorly run competitors. BPM not only helps these institutions survive but helps them whip new acquisitions into form and stay in good shape to thrive in the future.

Stephen Olson is national director, best practices, with New York-based digital document management technology and services provider Océ Business Services.

Comments

Avoiding the Pitfalls of Choosing a Risk Management System

Posted on December 15, 2008

By Nigel Hooker, DFA Capital Management

With the financial crisis on Wall Street and the threat to the world economy, never has there been more focus on risk management practices in banks and insurance companies. It’s now more critical than ever before to know how much capital is needed to support current and future business and which segments create shareholder value or destroy it.

At the core of financial risk analysis are systems that enable companies to model possible future economic and financial scenarios to gain insight into the financial risks that could damage their firms. Choosing the right tools for risk modeling can make the difference between success and failure so it’s imperative to consider the choices carefully to avoid common mistakes when establishing a risk management system.

Typical risk management systems include two main components: an economic scenario generator (ESG) – a tool that is used to model the economy, financial markets and other external influences – and a stochastic modeling tool, which applies the economic scenarios to the company’s risk exposures to simulate the results of the financial decisions made, and evaluate performance and risk metrics based on the output. How these two components work, individually and together, critically affects the reliability of the model outputs and whether they truly support better risk decision making.

ESGs are composed of several types of models that work together to depict the economy and financial markets. Within the ESG, the most important elements are frequently its equity model and its interest rate model. Keep in mind that not all equity models are created equal. The best equity models incorporate stochastic volatility and include random shocks that make it possible to reproduce the kinds of extreme scenarios observed in the real equity markets. Banks and other companies are now learning that modeling such real-world behavior accurately is critical to assessing the risk in investment portfolios and uncovering weaknesses in hedging strategies.

Understanding how an ESG models interest rates is also essential to ensuring that models are arbitrage free and that derivative pricing remains reliable. The best ESGs provide a risk-free (government bond) term structure with real-world dynamics that reliably reflect past behavior while producing a plausible number of more extreme yet conceivable scenarios. The fall-out on Wall Street indicates that some companies were not using models based on sufficient historical data to include extreme events similar to what we are experiencing in the markets today.

An ESG should also be looked at as a whole. Is it comprehensive enough to properly model the correlations between different economies and currencies? As we have seen in recent weeks, the world’s economies and currencies are intricately linked. Can you use the ESG to model a rich set of asset classes, including derivatives and other complex instruments? As recent history illustrates, the tools many companies were using to model investments had limitations that failed to expose the true risks of those investments.

Good ESGs model defaultable securities through both systemic and idiosyncratic components of risk, at security level, ensuring that simulations will reflect accumulation and concentration risk. What that means is that corporate bond models should be able to faithfully reproduce rating transition dynamics, default rates and the interaction between equity markets and credit spreads by rating class.

While the ESG models the economy and financial markets external to a company, these can only be applied to the company’s risk exposures through a stochastic simulation tool. A very common mistake companies make is to choose a tool that is only capable of modeling part of the business. A whole company model supports aggregation of data within complex business structures. Even the best modeling tools will fail to achieve their goals if they do not provide visibility to risks at a whole company level, thereby misrepresenting the risks a firm is truly facing.

The best modeling tools for a bank can be applied across the full range of its business segments; they can store output at detailed level, allowing full drill-down analysis of results; and can present output in both market consistent (fair value) and accounting-based views, recognizing fungibility (or not) of capital across disparate entities and jurisdictions. We’ve recently seen how the inability of healthy business units to support ailing ones has contributed to the failure of some firms.

Although selecting the right modeling tools for risk management is essential, one further mistake companies commonly make doesn’t have anything to do with tools. It is essential to ensure that corporate culture avoids the typical silo approach to running a business. As we continue to follow news on the economy, it becomes clear that companies that conduct risk management in business silos expose their firms to unnecessary and avoidable risks. Tying true enterprisewide risk management to business performance management, along with implementation of the right tools, is the only way for companies to ensure long-term success.

Nigel Hooker is EVP, Professional Services, Europe, for DFA Capital Management Inc., a provider of enterprise risk management software for the insurance and financial services industries.

Comments

Repeal SOX or Reduce Regulatory ‘Taxes’?

Posted on December 08, 2008

By John H. Capobianco, Lumigent Technologies

Former Speaker of the House Newt Gingrich is calling for the repeal of the Sarbanes-Oxley Act to spur the economy. I can appreciate his reasoning, especially regarding the "hidden tax in yearly compliance costs."

When I took a company public two years ago, annual spending in our finance department soared from $300,000 to $2.5 million, mostly to cover manual compliance reporting — a “compliance tax” of roughly $2.2 million per year that delivered exactly zero benefit for my products, my consumers, my employees or my company.

With respect to Mr. Gingrich, however, I can't imagine popular opinion backing the repeal of SOX. Overall, people are wary of Wall Street, and the overwhelming, bi-partisan consensus favors more regulation, more oversight and more accountability — not less. So, the bigger issue is regulation in general, not just SOX.

The knock against regulations is that they hamper companies, their competitiveness and ultimately, the economy. Yes, regulations necessarily impose additional costs — the hidden tax — on the companies that must demonstrate compliance. However, reducing regulations to ensure competitiveness isn’t an option. People believe a lack of regulatory pressures played a role in our current economic decline, and they believe more regulation will help restore the economy and our confidence in American corporations.

Instead, we need to comply with a growing number of regulations in a way that increases corporate transparency and visibility without introducing onerous costs that sacrifice competitiveness. We need a way to have our cake and eat it, too — something that information technology is particularly adept at doing.

From an IT perspective, regulatory compliance (along with governance and risk management) makes up the latest chapter in a 40-year effort to streamline business by automating processes that were previously done by hand. IT has already automated a lot of basic financial reporting and standard business processes in enterprise resource planning and logistics, manufacturing, banking and elsewhere.

What IT hasn’t automated yet is the human influence in business, making it a more streamlined process by exposing all the processes inside a business that pertain to the management of that business. Such visibility and transparency are necessary for a business to become more competitive and to best meet regulatory demands. In addition, the automation will free people to spend their time engaged in creative business activities, building the strategy of the company, and pursuing current and future opportunities rather than wasting their time monitoring and reporting on their past activities.

Going forward, businesses can expect more regulations, but they can also expect more IT solutions that automate data and controls audits and other routine but time-consuming tasks that demonstrate regulatory compliance and address auditor inquiries. In other words, IT will put corporate America in the position to give itself a compliance tax cut that has no adverse impact on its ability to meet underlying regulations. In turn, companies can focus their energies on satisfying customers, turning profits, and, yes, even spurring the economy.

John H. Capobianco is president and CEO of Lumigent Technologies, providers of GRC business control applications, and can be reached at john.capobianco@lumigent.com.

Comments

Creating the Compliance-Enabled Organization: CEO

Posted on November 17, 2008

By Steve Crutchley, Consult2Comply

Successful businesses today are those that can be called “Compliance Enabled Organizations” or “CEOs.” Having two CEOs—one a Chief Executive Officer, the other a Compliance-Enabled Organization—will help organizations manage their businesses more effectively. But what does “manage more effectively” actually mean?

A Compliance-Enabled Organization (CEO) is one that successfully applies a comprehensive Governance, Risk and Compliance (GRC) strategy with rules that ensure all aspects of GRC have been identified and implemented to secure business processes. An active CEO with an involved Chief Executive Officer will:

• Understand the GRC (compliance) landscape—applicable regulations, elective standards and best practices, and association relationships.
• Have an overall risk methodology in place—from business to technology and at varying levels.
• Undertake regular assessments—Chief Executive Officers are pushing responsibilities back to business process owners making sure they understand what they are ultimately responsible for.
• Not allow management of compliance in silos, such as governance in one area, risk in another and conformance to standards in another; instead, have coordinated efforts across the organization so everyone has a common goal.
• Have resource structures to support the business and compliance needs.
• Delegate responsibility but not accountability.
• Not rely on IT to lead GRC efforts. GRC is not and should not be technology driven; instead technology should be used effectively to support efforts

The flood of regulations, standards and best practices being thrust on business, particularly the financial services industry, has forced these organizations to get better organized. Business managers are taking a leading role to ensure business objectives are met and costs are contained. This has also put pressure on IT to support business objectives and business challenges. The business challenge is not simply to optimize costs (seen as a significant challenge in and of itself), but also to comply with regulations for privacy and data integrity, and to improve business, regulatory capability and capacity to deliver increasing value to the businesses it serves.

The banking industry has been struggling with these requirements for some time now. In the United States, most people have a bank account; most people have money in the bank; people view the banks as “trusted” organizations. The question financial institutions must ask themselves is, Are we really? Customer confidence is now waning due to 1) ongoing scandals, 2) continual losses of client information, 3) lack of transparency, disclosure of process or what they are doing that affects the client and 4) increases in fee structures.

These problems primarily stem from not following policy, from developing and running GRC requirements in silos, from a lack of communications across the organizations, and lack of due diligence internally. However, these issues are not confined to U.S. banks; many international banks are also suffering from the lack of GRC controls and internal due diligence.

Staying compliant today is becoming an arduous task. Recent events related to the banking industry have highlighted that many organizations are still out of control. Directors are no longer immune from being sued or fired by the stakeholders if GRC strategies are not implemented effectively and followed to the letter. For banks to become CEOs, they must develop a focus on business processes supported by an architecture, policies and practices, and technology that enables them to dynamically move forward to achieve effective compliance across the organization.

Responsibility for protecting organizational information assets has shifted to business—IT no longer can justify or take responsibility for asset and asset management. Business has been forced to identify asset owners with clearly defined responsibilities.

This movement to align IT governance to business governance is underway. The newly published ISO/IEC 38500:2008 Corporate Governance of Information Technology has been adapted from the Standards Australia AS8015:2005 and fast tracked into an ISO standard. ISO/IEC 38500:2008 is a high-level, principles-based advisory standard. In addition to providing broad guidance on the role of a governing body, it encourages organizations to use appropriate standards to underpin their governance of IT. Specifically IT governance must align with business governance and support business effectively. It is envisaged that this standard will also affect financial services organizations as they align IT to business objectives and incorporate IT governance with business governance.

Standards can help, but for a successful CEO, senior management must become increasingly involved in ensuring that the resources, technology, and processes are in place to enhance compliance to secure information, and protect and secure the assets of the organization.

As part of the CEO, executive management has a responsibility to ensure that the organization provides all users with a secure information systems environment. Furthermore, organizations need to protect themselves against the risks inherent in the use of information systems while simultaneously recognizing the benefits that can accrue from having secure information systems. Thus, as dependence on information systems increases, so too does the criticality of GRC activities, bringing with it the need for effective IT and security governance.

A Compliance-Enabled Organization can help companies realize real benefits and leapfrog the competition because they can employ new ways of doing business that reap cost savings. This is a proactive way of doing business and being compliant, not a defensive posture. With the proper GRC infrastructure, financial institutions will be able to:

• Better understand their GRC landscape.
• Lessen corporate risks.
• Lessen duplication of policies and procedures.
• Improve process relationships.
• Prove compliance for a much wider audience of partners, suppliers, employees and customers.
• Understand their due diligence requirements more easily.
• Know to whom to assign responsibility and accountability.

Steve Crutchley is founder and CEO of Consult2Comply, a Herndon, Va.-based company that helps businesses meet their regulatory and risk needs.

Comments

Go Mobile, Go Green

Posted on November 10, 2008

By Joseph Salesky, ClairMail Inc.

Care about the environment, but still have a load of bills stacked up in the mail pile? Everyday, consumers are becoming more aware of the effects their actions have on the environment. They are trying to do their part by employing the mantra that children learn in grammar school: “Reduce, Reuse, Recycle.”

Often, though, the first word in that phrase—Reduce—is forgotten. For example, if a person who receives five paper statements per month and pays those bills by mail with a check instead uses a paperless method for bill presentment and payment, one would save two pounds of paper, prevent 18 gallons of wastewater from discharging into oceans, lakes and rivers, and avoid the emission of 76 pounds of greenhouse gases. That’s the equivalent of driving 73 fewer miles per month.

Yet, this method is underutilized. According to a recent report by Javelin Strategy and Research, 75 percent of consumers still receive paper statements and about 34 percent pay by paper check. Thankfully, a new paperless method is available for reducing the amount of waste the average consumer generates: mobile banking.

Mobile banking is emerging as an integral part of any “green banking” program as more financial institutions look for opportunities to “go green” and offer more ways to invest in green ventures. Javelin shows that 43 percent of consumers would rather do business with a company they perceive to be “green.” With mobile banking, financial institutions can cut costs, generate new revenue and improve customer service while providing convenience and cost-savings for consumers, all while supporting their green banking initiatives.

With two-way mobile banking, consumers can receive dynamic, real-time alerts with time-sensitive information about their accounts (e.g. their balance is low or a questionable account activity has occurred), and resolve the issue directly on their mobile phone by simply responding with a text reply (e.g. to transfer funds or verify the transaction) without having to visit a branch or ATM. Consumers can also access account balances, transfer funds and get transaction history by using their mobile phones rather than going to the bank.

The breadth of banking tasks that can now be accomplished using a two-way mobile banking technology means going to the bank or ATM is less of a necessity since banking can be done from anywhere at anytime with a mobile phone. Even Javelin says that mobile banking helps “cut down on trips to the ATM or local branch, which reduces pollution and saves money on gas.” And don’t forget—one less trip to the ATM means one less crumpled ATM receipt in the trash.

Mobile payments, an offshoot of mobile banking, add to a bank’s earth-friendly solutions. M-payments offer a simple, convenient and paperless method for consumers to pay their bills via mobile phones—with no more paper bills, checks, envelopes, postage stamps or trips to the post office. While many companies offer online bill payments, mobile bill payments allow consumers to receive bills as two-way alerts that can be paid by simply responding “yes” or “no” via SMS; there is no need to find a computer and log in, and no paper is required. Moreover, paying bills on a mobile phone helps consumers avoid late fees and enables financial institutions to generate revenue by offering an expedited payment service.

Simplicity, convenience and security are what will drive adoption of green banking initiatives. Today’s mobile banking and payments options are both eco-friendly and user-friendly, only requiring familiarity with the mobile tools that consumers are already accustomed to using, such as SMS and mobile web. Additionally, two-way mobile banking has proven to be more secure than traditional online banking by employing multi-factor authentication and using encryption for both data in transmission and stored data; all confidential information is protected and none is stored on consumers’ devices. Managing accounts via the mobile channel provides consumers ready access and more overall control of their accounts, which reduces the consumer’s risk for fraud and identity theft.

Mobile banking and payments are green, simple and secure, and can be a revenue-generator for banks. Who knew it was so easy being green?

Joseph Salesky is president & CEO of ClairMail, a Novato, Calif.-based provider of mobile banking and payments solutions.

Comments

Identity Intelligence Key to Limiting Fraud Inside Financial Institutions

Posted on November 03, 2008

By Mark McClain, SailPoint Technologies

Over the last three years, identity management has been elevated from its position as an IT-only issue to become a critical matter on the radar screens of banking executives concerned about security and compliance issues. Historically focused on tactical issues like efficiently provisioning services and managing passwords, identity management is now a knot of interconnected issues with serious consequences like privacy breaches, fraud or misuse of corporate data. Companies are forced to balance safeguarding their IT assets – which usually means hundreds of applications – with the opposing need to maintain the speed of business.

The stakes in striking this balance have never been higher. Networked applications have opened sensitive systems to partners, customers, suppliers and mobile employees, exacerbating risk by expanding access to sensitive information. Just a few months ago, France’s Societè Generale was compelled to reveal the multi-billion dollar losses it suffered when a rogue trader with the right combination of access privileges bypassed internal controls to conduct unauthorized transactions. In this case, the employee had legitimate access to the systems, but was able to misuse them undetected. Lending Tree was hit with two lawsuits in May stemming from personal information thefts by an employee that allegedly continued from 2006 to early 2008. In other incidents, Wachovia Securities, Bank of America, Commerce Bancorp and PNC Bank all reported theft of customer account information by employees who sold it to third parties for profit.

Many companies are trying to manage these kinds of risks with either provisioning solutions from a software vendor or homegrown solutions. Both are costly and lack three fundamental capabilities for effective identity data management:
1. Visibility across critical information for the entire enterprise. Many deployments of provisioning solutions are limited to a small set of applications, and as a result, only provide a fragmented view of identity data.
2. Business context for identity data. Because identity management solutions were originally created for IT and security users, they provide access reports that can be too cryptic for reviewers to decipher, leading to inaccurate decisions and rubber-stamping.
3. A risk-based approach. Protecting information assets — and the business as a whole — requires a way to identify and assess identity management risks and take the necessary steps to reduce risk to levels acceptable to the organization.

An emerging technology category within identity management called identity governance addresses the business and IT dimensions of risk management. Identity governance approaches identity management as a cross-department, enterprise discipline that provides a layer of intelligence to give financial institutions the business insights needed to strengthen IT controls and reduce the risk associated with user access to sensitive data and applications. In short, it gives enterprises a degree of “identity intelligence” that they have never had before.

If identity governance sounds like it hearkens to a more established technology, that’s because it does. It takes the same approach to identity data that business intelligence vendors took to centralizing and analyzing business data. Business intelligence’s success bodes well for identity intelligence, since they are based on the same principles. Business intelligence collects data from isolated application “silos” into a central repository, where analytic applications process it to reveal patterns and trends. Identity governance collects user information from various applications into a central repository where managers can analyze it to identify risky employee populations, policy violations and inappropriate access.

Focusing attention on high-risk areas in this way enables companies to manage insider threats to the business without impeding business goals. One of the leading international banks in the world provides a good case study of identity intelligence’s power. This particular bank needed an efficient, cost-effective system for addressing Sarbanes-Oxley (SOX) and Basel II requirements. The staff realized that the manual access review and certification process was outdated; reviews were taking the entire quarter to process, so preparation became a year-round task. In addition, the bank was concerned about the errors and inefficiencies resulting from manual and paper-based processes.

The bank implemented a centralized identity governance solution to automate its access review process. Within 60 days, it launched a certification process across 29 SOX-relevant applications. The deployment included collecting and organizing identity data for more than 25,000 users into a single repository from which simple, business-friendly reports were made available to the business managers. The benefits realized in this first phase of deployment included:

• on-demand visibility into “who has access to what”;
• reduced the time to complete reviews by 66 percent from 3 months to 4 weeks;
• 20 percent reduction in unnecessary entitlements that reviewers were now able to identify; and
• improved overall compliance performance and risk posture.

The bank’s experience represents an effective compromise between IT and business needs – a compromise that resulted in a win for both organizations. Centralizing access data, analyzing it to determine levels of risk, then acting on that identity intelligence enabled the bank to bridge the IT-business gap by giving the bank’s management information that they could understand and act upon. By empowering business managers, the IT department met its goal of keeping vital data and applications secure, without slowing the flow of data and information, which was the business users’ main concern.

There are no perfect solutions to any complex problem, and identity management is no exception. There will always be risk in doing business through widely accessible computerized systems. Applying identity governance principles, however, gives companies the intelligence they need to focus their attention and resources where they are needed most, all while keeping risk to a minimum.

Mark McClain is CEO and founder of SailPoint Technologies, an Austin-based developer of identity governance solutions.

Comments

Data, Analytics and Automation Converge to Power Branch Growth

Posted on October 20, 2008

By John Gordon, Fidelity National Information Services

According to the Financial Insights report Revitalizing U.S. Branch Banking: A Little Less Talk, A Little More Action, bank branches continue to be the preferred channel for retail banking customers. When the firm conducted its 2006 Consumer Channel Preference survey of over 1,000 banking customers, nearly 75 percent reported using a branch at least one time in the previous month. This made the bank branch the most highly utilized retail banking channel, outpacing ATM, Internet and call center channels.

Given the ongoing central role of the branch, banks have stepped up branch transformation and renewal initiatives over the past several years. With the launch of the Internet channel behind them, many banks have turned their attention to platform updates and channel integration projects to improve customer experience and accelerate time to market. Process automation initiatives have also been underway to help boost branch efficiencies and reduce operating costs.

Branch automation has helped banks be more responsive to customers, streamline processes, eliminate redundancies and do more with less. Now, with the convergence of deeper and more accessible data sources, sophisticated analytics and automated decisioning tools, banks can score big returns by standardizing new account decision making, product selection and ongoing cross selling initiatives. They can also protect themselves against deposit fraud, reducing the risk of lost profits.

Investing in these high impact tools can help branches contribute profitable new customer growth to the financial institution and do so more quickly than other, more protracted IT projects. Since branches are being called upon to expand the types of products they must deliver and do so with impeccable service, the timing couldn’t be better.

New Account Opening Decisioning

While checking accounts are not the most profitable product for retail banks, they do offer an opportunity to build customer loyalty and sell more lucrative products like credit cards and automobile loans. New checking account growth is therefore an important determinant of a bank’s future profitability. Still, when a prospective customer comes into a branch to open an account, the financial institution must recognize and evaluate the associated risk.

At the branch level, sophisticated risk management and fraud prevention technology has often been lacking. When consumers enter a branch to open a checking account, new account staffers must work their way through a time consuming review of a variety of consumer data points such as the FICO score, retail payment history, bankruptcy or foreclosure events, ID verification and so on before making their decision to open the account. Sometimes, the decision is straightforward based on the bank’s policy rules, but in borderline cases, subjective decision making is a frequent occurrence.

There are a number of problems with this approach. First, bankers are currently spending about 75 percent of their time trying to verify customer identity and only about 25 percent of their time selling. This represents an untold amount of lost opportunity. It is also difficult to train staffers to follow precise rules when they are evaluating data from a variety of sources, making decisioning standardization hard to achieve. As a result, some consumers who should not be approved for a new account will get one, and others who represent a reasonable risk/reward opportunity may be turned away. Neither result is desirable.

The evaluation process itself can also be very cumbersome. New account staffers are often required to submit consumer information to multiple Web sites and evaluate the returned information based on policy rules. When results are borderline or ambiguous, they may consult with others in the branch to try and reach a final decision, though that doesn’t guarantee it will be the right one.

Finally, this approach makes it difficult for the bank to quickly implement policy changes across the branch network. Staffers must be trained so they can correctly apply the updated policy, learn how to interpret new consumer data points, select the appropriate product offer and so on. Again, compliance from staffers can be hit or miss, especially in the time period immediately following the change.

Fortunately, there is an alternative. Today, banks can automate the new account opening decision by incorporating a risk score that analyzes a wide range of consumer credit and debit information to return an approve/decline decision to the new account desk. The scoring result can be customized to reflect the unique risk parameters of each branch, and integrated into the new account set up functionality of the branch channel software.

By automating new account opening decisioning, banks can help their branches standardize decisioning around risk and policy parameters, and open more profitable accounts. They can also use the technology to return best fit product selections when consumers are approved for an account, allowing them to properly price their risk while delivering products that meet the needs of their customers. The positive impact on both growth and profits can be immediate and substantial.

Managing Deposit Fraud Risk

Since most new checking account customers open their account with a check (either their own or one written out to them), automated decisioning can also help bank branches identify check funding risk and respond appropriately. According to a recent TowerGroup report, Real-Time Check Deposit Fraud Detection Protects U.S. Consumers and Banks, although banks try to identify fraudulent checks drawn on other banks when accepting deposits, most fraudulent checks are not detected until after presentment to the paying bank. By the time a check has bounced and been returned to the depositing bank, the new checking account may have insufficient funds to cover the check and the financial institution incurs a loss.

Of course, this can occur when a new account is opened as well as during the lifespan of the account. The TowerGroup report indicates that check fraud losses could be “significantly reduced by banks expanding their use of real-time check fraud detection through third-party vendor services.”

These services have traditionally been deployed by retailers and check-cashing companies to minimize check fraud risk in real-time. Once merchandise or cash has left the building, recovery is difficult at best. However, third party providers are able to access vast data resources to analyze and determine whether a check is valid. The approve/decline decision is automatically delivered to the point-of-sale.

This same capability can be integrated with the branch channel platform and deployed to automatically inform decisions about fund availability. By automating the validation of checks prior to deposit, financial institutions can protect against losses and notify customers who may have unwittingly accepted a fraudulent check. They can also identify risk associated with the receiving customer accounts as well.

By broadening the depth and range of accessible data and creating sophisticated analytical models to effectively utilize that data, industry providers are helping banks make better and more consistent business decisions at the branch level and across the enterprise. By investing in sophisticated, proven solutions that bring the right data together with the best analytics, banks can automate critical decision making and earn a tremendous return on investment within a relatively short timeframe.

While economic realities may temper new IT spending over the near term, the implementation of automated decisioning tools like these should continue to be prioritized as the “low hanging fruit” that can generate positive results almost immediately. For branch operations, these solutions allow them to compete in their markets more aggressively while managing risk more effectively. This is exactly the kind of IT investment that makes good business sense.

John Gordon is EVP, Strategic Development, with Jacksonville, Fla.-based Fidelity National Information Services.

Comments

Justifying Change In Branch Technology

Posted on October 13, 2008

By William A. Proctor, S1 Enterprise

With recent events on Wall Street and the resulting bailout logjam, asking executive management to approve a branch renewal has to feel ill-timed. However, bankers have to consider that upkeep on their legacy branch systems may be costing more in hard dollars and lost opportunity costs than a replacement system might.

The High Cost of Saving Money

Running antiquated hardware is akin to driving a vintage auto—it finally becomes impossible to locate replacement parts. Likewise, components to keep a DOS or Windows 3.1 system operating eventually become scarce and expensive. The equally outdated software that still runs on the system—and the outmoded PCs needed to operate that software—are incompatible with contemporary applications that could bring you 21st Century efficiencies.

Compounding the problem for many banks is the fact that a series of acquisitions has saddled them with a mixed bag of technologies—some older, some newer, but none of which work in harmony without tremendous integration and costly manual processes.

Further, two decades ago developers had never heard the phrase Check 21, and the concept of imaging for any industry was in its infancy. Today, it’s a fact of life, with financial institutions saving substantially by eliminating couriers that once transported bits of paper from point to point. Sure, banks can conceivably get there, even with aging systems—it’s just likely to be much costlier.

Finally, legacy systems typically require a server in every branch, which involves the initial purchase, installation and ongoing maintenance. By contrast, today’s web-launched smart client systems give institutions the option of keeping hardware out of their branches, a significant benefit that can go a long way in justifying a branch refresh.

Risk from Every Side

A bank operating a system developed in the ‘70s or ‘80s relies on technology pre-dating the advent of virtual fraud. Current technology providers are in a day-by-day battle with the criminals, with each finding new ways to outsmart the other at every turn. Without the hardware and software to support the side of good, bankers are exposed to spiraling costs associated with check fraud, identity theft and money laundering.

Certainly not all risk comes from bad guys wreaking havoc. While regulatory requirements are created to protect our economy and people, non-compliance is a very real threat to the bank—especially the executives at the top who are officially on the line. Yet, ironically, it’s the least experienced front-line employees who bear the greatest weight of complying with a dizzying array of rules and guidelines. Banks with older systems often lack the flexibility to incorporate workflows that automate requirements—identity verification, check-hold timetables, the need for currency transaction reports, truth-in-lending and more. Today’s branch solutions can eliminate the guesswork.

Soft Costs Add Up to Hard Dollars

Significant turnover at the teller line is always an issue. In fact, TowerGroup estimates teller turnover averages 33 percent annually across the industry, with full-time and part-time tellers turning over at a rate of 25 percent and 53 percent, respectively. (TowerGroup report: “The Role of the Bank Teller: What really needs to change?”, June 2008). At these rates, training represents a substantial budgetary strain. This is especially true if inexperienced employees are struggling to navigate complicated layers of screens and decipher third-party applications that look and operate differently from the primary system. However, the cost of training is just one factor. A host of other hidden costs come into play.

Without a contemporary, intuitive solution, the teller line can slow to a crawl, igniting ill will among customers who always have the option of defecting to the bank down the street. Today, some branch solutions on the market have so simplified the teller home screen that it’s almost impossible for the station to be out of balance, thus reducing costly errors. Finally, efficiencies built into current branch technologies take the emphasis off keystrokes, freeing platform representatives to focus on identifying true customer needs. The long-term payoff in terms of cross sales and customer loyalty is a viable offset to the cost of a branch renewal.

According to Tom Brogan, research director in Retail Banking for TowerGroup, “As the role of the branch teller evolves to include not only transaction processing but sales and service, the ability to have a single desktop for the ‘universal teller’ is a must.”

Turn Bad Timing into Good Timing

The direction and details of economic rescue is just unfolding, with long-range repercussions being anyone’s guess. Banks in need of a branch overhaul should avoid becoming paralyzed and instead work through the business case based on an honest appraisal of equipment and maintenance expenses, opportunities associated with 21st Century payment methods, potential losses due to fraud and non-compliance, and the cost of staff turnover and ineffectiveness.

William (“WA”) Proctor serves as SVP and general manager for S1 Enterprise’s branch solutions unit, overseeing the design, development and delivery of branch applications.

Comments

Is analytics the answer to the downtrodden market?

Posted on October 06, 2008

By Ellen Joyner, SAS

These have been chaotic and difficult times for bankers. The mortgage crisis and subprime meltdown have touched every sector of the banking and financial community. It has also sparked an interest in figuring out how to avoid a similar meltdown, and how to quickly get an institution back to lending. A key to moving forward is for institutions to better understand the risks they are taking on when they buy or sell packages of mortgages or similar financial instruments. And the best way to do that is to use technology to get an in-depth look at risk across the portfolio or organization.

Today’s current credit challenge requires better optimization of risk adjusted pricing and returns throughout the organization. For both the firms and government regulators, predictive analytics and data integration will be a key tool in analyzing and determining the course of action for illiquid assets (i.e. toxic mortgages). The new risk management efforts that will emerge require technology that provides greater transparency. Despite banks’ high level of investment in response to Basel II and for risk management tools, there’s been little improvement in real transparency of risks.

To help avoid another crisis, next-generation modeling needs an infrastructure that supports greater awareness of the risks being taken on by business units. Specifically, it requires forward-looking components: analyzing risk within loan portfolios, the ability to “price” complex securitizations and derivatives, what if scenario analysis, combining credit and market risk factors, forecasting with stress testing combining credit and market portfolios and presenting a concise enterprise risk view with impacts to capital. Additionally, the ability to not only provide up to date “Value at Risk” calculation, but also the ability to cross correlate portfolio performance with other market factors such as equity performance and issuer risk will be critical. Full valuation capabilities on certain portfolios will also become a required practice. Portfolio risk and capital management modeling functionality are critical to estimate required levels of regulatory and economic capital to support the business strategy and risk appetite.

A recent report by the President’s Working Group on Financial Markets says there was a “breakdown in the underwriting standards for subprime mortgages,” an “erosion of market discipline ... related in part to failures to provide or obtain adequate risk disclosures” and “risk management weaknesses at some large U.S. and European financial institutions.” The breakdown dates to 2004. As the real estate market boomed nationwide, mortgages were granted, packaged and sold and then sold again. But as the Working Group pointed out, no one—not the rating agencies, the sellers or the buyers—had properly analyzed the risk involved. When the investments went sour, “firms struggled to determine the size of these exposures and their losses.”

Financial institutions do not need to put themselves in this type of risk situation. Excellent solutions exist to assess risk down to the individual loan. Equally important, banks with the most sophisticated risk management tools will weather this storm—and any future ones—with an increase in their market share. And as important as it is to avoid unnecessary risk, it’s equally important to deal with sour loans promptly, efficiently and with the best return possible. The same kind of analytics that help banks figure out who their best clients are can be tweaked to determine which loans are salvageable and which should be sold off quickly. Performance management and scenario modeling solutions currently used by leading-edge institutions can be leveraged to support risk analysis, loss mitigation, target marketing and fraud prevention.

Right now, there are few institutions that have a true sense of which loans will go bad and when. Sure, they’re sending out 30-day late or 60-day late payments. But how many employ forecasting tools to determine which of those receiving 30-day late notices will end up in default within six months? By examining a borrower’s past payment history, and bringing in data from credit bureaus and other sources, savvy institutions can automatically score loans to get a better sense of where they stand and take proactive steps to protect against losses. Institutions that do this will be in demand for their loan servicing skills by the investors who buy these bundled products.

For the purchasers of mortgage-backed products, a portfolio-level view of risk is also essential. Few financial institutions are employing tools to balance risk across portfolios. One of the nation’s largest credit unions, Wescom of Southern California, has recently begun doing this. It wants to bring the same rigor to credit risk management that interest rate management has received over the years. “We expect to more accurately assess how much current and future risk we have embedded in our individual loan portfolios and determine where adjustments may be needed,” says Ann Mendez, chief credit officer and SVP of Wescom.

The Working Group suggests that a government authority or market participants need to “ensure that global financial institutions take the appropriate steps to address the weaknesses in risk management and reporting practices that the market turmoil has exposed.” Can your financial institution afford to wait for specific regulations? Acting now can put you ahead of the next financial crisis.

Ellen Joyner is the financial services marketing manager with SAS (Cary, N.C.). She is responsible for researching current market trends in financial services to help determine strategy and direction for new banking- and investment-focused technology solutions.

Comments

Will “Green Banking” Lead to Red Ink for US Banks?

Posted on September 30, 2008

By Patricia McGinnis, Financial Insights

In the “green” domain, American industry across the board is in the unfamiliar position of being the laggards. Many other nations of the world (unlike the U.S., signatories to the Kyoto Protocols) have already taken great strides in both educating their populations and changing the behavior of their business managers, including those in financial services. Eventual U.S. adoption of some sort of expanded emissions control legislation is inevitable, although its timing and scope remain uncertain. When it happens, American consumers and American businesses together will face a possibly difficult period of adjustment.

Globally, the green movement is broadly focused on stopping and reversing the trends in climate change and the warming effects of too much atmospheric "greenhouse gas," primarily carbon dioxide. Around the world, social and political forces are proposing that sustainable policies and practices must replace those that have prevailed throughout the Industrial Revolution. While some may still want to debate the scientific evidence, U.S. business managers must essentially lay that question aside, and concern themselves now with the reality of a broad new regulatory framework which already impacts their activities worldwide, and will have increasing effect domestically.

Is this green movement all hype? Positively not. Improved energy efficiency is well within the reach of American industry and American consumers. Current levels of fuel prices justify the attention regardless of one’s views on global warming. Nevertheless, Al Gore’s Nobel Prize is testament to the high regard accorded to the “global warming” argument internationally, and climate change-driven policies are being implemented globally, by the UN, the EU and multiple other governmental bodies.

Have green initiatives been “hyped” for image purposes? Of course they have. Some U.S. firms have already launched their own energy efficiency initiatives and begun planning for anticipated business impacts, including the launch of purportedly “green” products. Simultaneously, they have revved up their PR machines to trumpet their intentions and achievements. Firms should also be aware that the risks attending over-zealous PR in this domain are high. Environmental activist groups have already demonstrated the ability to mount their own negative PR blitzes if a firm that tries to “talk the talk” of environmental responsibility is judged to have failed in “walking the walk.”

Who does the calculation that supports such a judgment? Is the green movement an issue of moral and social responsibility, or an economic one? Clearly it began primarily as a social issue among individual supporters of environmental groups. In the hands of governments and regulators, however, it is rapidly becoming an economic one, based on the calculated “carbon footprint” or aggregated carbon emissions of the person or firm. Multinational efforts are underway to bring transparency to the emerging discipline of energy-efficiency accounting; that transparency will gradually separate fact from fiction and substance from rhetoric.

This new energy-driven math is beginning to have wide-reaching effects. Already in much of the world, persons and entities that despoil the environment will be made to bear those costs; those which enhance and repair the damage will be financially rewarded. Many industries and businesses have long enjoyed a free ride of unreimbursed environmental damages as a side-effect of their activities; under new and still developing regulations, these costs will become all too real in the form of required “carbon offset” purchases.

What will all of this mean for U.S. banks? They can expect significant changes in three major areas, some of which offer bottom line opportunities, while others may put the bottom line at risk.

Internal operations: Like all other firms, banks will become subject to the full costs of their own energy and resource use. Paper recycling is just the tip of the iceberg! Data centers are a focus of “green IT” because of the available savings in hardware costs and electricity, both for power and for cooling. Teleconferencing will replace much business travel, as it has already in Europe, and low energy usage certified (LEED) premises will become more attractive. There is virtually no end to the list of alternative techniques, from wind power to machine virtualization, but the good news is that most of them will result in reduced expenses, as well as reduced resource consumption.

Business parameters: Banks will experience significant repositioning of the efficiency, liquidity and risk profiles of their customers, although the impacts will differ greatly between retail and wholesale banking. Heavy carbon emitters will be penalized, (both individual and corporate, some for the better and some for the worse) as they, too, feel the financial effects their own carbon footprints.
Committed retail clients may present new opportunities for profit through carefully designed “green” product and service offerings. On the wholesale side, corporate clients will experience their own, possibly traumatic adaptations to the world of carbon-neutral economics. Banks will need to carefully monitor the risks they accept in corporate relationships until they are able to assess the bottom line impacts to be absorbed by those customers.

New opportunities: Banks that make an early effort to catch up with the Europeans in understanding “carbon economics” will find major new opportunities. Global markets are developing for the trading of “carbon offsets,” and banks should be in the forefront to price and trade these, as well as multiple other new instruments that future customers will want or need.
Similarly, banks will find huge financing opportunities in new energy efficiency-driven industries such as wind and solar power, bio-fuels, fuel cells, hybrid autos, new building materials and many more. As in any new frontier, some explorers will win and others will fail, and it will take savvy bankers to tell the difference in advance.

Advice for bankers? Yes, the green movement is real and is a game-changing movement. It will have major long-term effects on banks’ own operations, as well as the fortunes of their customers. Banks must take steps now to understand how it will impact every aspect of their activities, in order to ensure black ink rather than red. Banks that seize the opportunities will prosper—the remainder will be left in the dust by those who do.

Patricia McGinnis is a senior research analyst with Boston-based Financial Insights, an IDC company.

Comments

Locking the Back Door to Distributed Branch Office Networks

Posted on September 10, 2008

By Bert Wilhelm, Uplogix

The security of branch office networks has been enhanced in the last decade through the adoption of technologies such as directory systems, AAA security policies, logging and encryption. More recently, financial services organizations have undertaken major projects to move access and tracking security to a more comprehensive and powerful model called Identity and Access Management (IAM). IAM aims to securely manage user identities and access rights across multiple business functions and applications.

Even as organizations embark on IAM projects to evolve access management for production networks, there is a method of access which, in many cases, lacks the existing protection measures. Should you lose your network connection, one of the most commonly used forms of access control is through out-of-band (OOB) connections, which have been largely unaddressed from a security standpoint. When a problem arises with an enterprise network connection to a branch office, the OOB connection acts as the “back door” to provide a secondary means of accessing devices and systems if the primary connection has been lost.

Unfortunately, OOB connectivity for remote console management has not seen the same degree of security improvements that have been made to production networks. For example, access to an OOB connection may require only a static username and password and the connection may not be encrypted. This is a risky practice because remote administration requires access to the device console. If the unsecure OOB connection is hacked, then thieves have console access to the network equipment and/or servers. This means they have carte blanche to execute operations and changes to the devices and could gain access to other parts of the network. If configuration changes or updates don’t work, it’s critical to be able to retrace the steps that were taken. If contractors or other third parties do work, logging provides a record of their activities.

Entering the picture is a new technology called secure remote management (SRM) which brings new functionality and intelligence that takes an integrated approach to solving the OOB security predicament. SRM does this by locking the backdoor to ensure internal security and management policies are always enforced, even during a network outage.

Compared with traditional network and systems management tools that rely on the network and remain labor-intensive, secure remote management combines the localized control and connectivity of a console server with the intelligence of an enterprise software solution. This platform front-ends a branch office’s equipment by safeguarding against the vulnerability of the OOB dial connection, allowing only outbound dialing or answering calls only if the primary connection has been lost. SRM controls access to routers, switches, and servers by enforcing AAA policies and integrating with IAM systems.

One of the country’s largest savings and loan institutions was faced with the challenge of effectively managing and securing multiple existing branch offices, along with new ones opening up. The rapid expansion was overwhelming the bank’s small IT operations and support team in maintaining control of internal security threats and ensuring only the right users had the right access to devices and systems. Implementing secure remote management gave IT staff the visibility and control to guarantee security and bank management policies were always enforced, even during a network outage.

Risks were reduced by minimizing the threat of insider abuse and unauthorized access to the bank’s IT systems through multifactor authentication capabilities. This process satisfied the need to protect root passwords by providing command-level access control and simple role-based permissions, ensuring the right users were getting the right access to the right network devices.

Losing access to your distributed network or being blind-sided by internal security threats has been greatly overlooked. By locking the back door with new secure remote management practices, financial services organizations now have access and control regardless if the network is up or down—putting IT staff at ease knowing they aren’t the easiest target on the block.

Bert Wilhelm is the director of product and technical marketing at Austin, Texas-based Uplogix. Uplogix provides an integrated remote management solution that automates routine administration, maintenance and recovery tasks.

Comments

Customer-Oriented Expense Management Improves Efficiency and Service

Posted on August 25, 2008

By Anthony Klick, Diamond Management & Technology Consultants

Behind the headlines about bank restructuring and “right-sizing,” management teams are grappling with two diametrically opposed challenges: improving efficiency and strengthening customer service quality. Each of these objectives is integral to a bank’s success, and institutions need to develop effective strategies to manage expenses and improve efficiency ratios without undermining customer service quality or long-term customer relationships. But for many, it’s a devil’s bargain—they reduce the cost base at the expense of attracting and retaining profitable customers. Some banks, however, are learning that by applying customer-oriented expense management principles, they can avoid “damned if you do, damned if you don’t” decisions.

Throughout the industry, banks are taking necessary, but often risky, steps to reduce expenses. The problem is that expense-reduction measures that provide quick results can also be the most short-sighted—potentially compromising long-term profitable growth. This risk is typically associated with across-the-board cuts, where funding inevitably is taken from areas that still require investment. Furthermore, banks cannot sustain across-the-board expense cuts over the long term. Instead, a bank should manage expenses in a thoughtful manner through an effective, sustainable strategy that minimizes risk to the institution.

There are banks operating in the “sweet spot” of high customer service ratings and low efficiency ratios, but this has become more of an exception than the rule in today’s industry. Too often, a bank will react to a high efficiency ratio by taking out a percentage of expenses across the entire institution, 20 percent to 25 percent, for example. A bank might quickly achieve a desired effect in terms of its efficiency ratio, but at what cost? Often the capabilities to attract and retain profitable customers suffers.

For example, executive management may decide to cut staff at the retail branch level, but in doing so, customers frustrated with poor service levels and long wait times head for the competition. The same holds true for banks’ call centers, where cuts at the lower end clearly have an impact on service. Across-the-board cost-cutting may look right for a short period of time, but the bank will likely experience customer attrition, low employee morale and difficulty attracting new customers.

Customer-oriented expense management involves a thoughtful, objective process, devoid of rash decisions and emotion. Objectivity must be inserted into the process to challenge every aspect of the business and to ensure there are no “sacred cows” when analyzing the organization, its functions and its technology. An objective party will have a decided advantage when identifying areas where the institution can afford cuts and where funding is most urgent.

Managing expenses from a customer-oriented perspective typically includes some thoughtful reinvestment of savings—not simply randomly removing expenses. Rather than cutting 20 percent across the board, for example, an institution might find that one of its business lines can afford to shed 40 percent of expenses. Using a customer-oriented expense management approach, half of that 40 percent would then be reinvested in a growing or underfunded business.

From an organizational standpoint, several pieces must fall into place for an expense management strategy to work, and banks that are getting it right apply several fundamental principles. First, an enterprisewide program will only succeed if it has been sanctioned by the CEO and CFO. Banks that have constantly improved their efficiency ratios while maintaining coherent customer experience strategies have prioritized sustainable expense management by emphasizing discipline and accountability throughout the firm. They have committed to analyzing all areas of the institution, diagnosing the trouble spots, and mapping a strategy to resolve weaknesses and inconsistencies detected in the bank’s organization, processes, technology and business goals.

Further, efficient banks with the highest customer service ratings approach their annual budgeting process from the customer’s perspective, realizing that customer satisfaction drives profitability. A customer-centric operating model considers both the cost and revenue potential in making investments. This customer view helps management strike the right balance of cost-reduction and customer-facing initiatives. The impact of eliminating products, processes and services can be rationalized objectively. Areas worthy of reinvestment can be identified accurately. And the investment requirements of new products and services can be calculated based on their cost, revenue potential and customer impact.

Whether a bank is seeking to increase profitability through a merger or acquisition, or developing a strategy for organic growth, a customer-focused expense management program becomes a critical element. A bank can typically achieve a majority of the program’s benefits within 12 months as part of a strategy to maintain a low efficiency ratio and the ability to nurture long-term customer relationships.

In the absence of change on the near-term banking horizon, many institutions need to look within their organizations and determine whether they are properly managing expenses, whether their efforts have improved customer service quality, and whether they are serving customers in the most cost-efficient way possible. Implementing a customer-oriented expense management program can address all three of these variables and seal the gaps that are found along the way.

In the current environment, it boils down to a question of, “Can our bank afford not to do this?”

Anthony Klick is a partner in Chicago-based Diamond Management & Technology Consultants’ Financial Services practice, with more than 25 years of experience in process/technology improvements, organizational redesigns, service quality implementations, and expense management.

Comments

Taking ATM Fraud Prevention to the Next Level

Posted on July 02, 2008

By Mike Fenton, Parascript, LLC

Since the establishment of the first ATM networks in the early 1970s, ATMs have become an essential component of consumer banking technology that continues to evolve. Customers have come to rely on them for convenience and ease in accessing their financial institution and making transactions without the need for a human interface or bank teller. This type of service answers the demands of our fast-paced society and may seem unconditionally attractive. However, security is a big concern for both banks and consumers and is one of the reasons limiting ATM usage.

Although ATMs create convenience for customers and generate income or cost savings for banks, they also allow access to criminals, who have multiple methods of fraud in their arsenal—from sophisticated gadgets that allow them to steal personal information from a card when swiped, to setting up and operating their own ATMs. Unfortunately crime is a concurrent element of modern society and it benefits from the same technological advances that are created to open new opportunities.

Even though the percentage of incidents of fraud relative to the total number of daily transactions at ATMs is less than one percent by some estimates, the menace of fraud should not be underestimated. It is necessary to be aware of existing threats, as well as the available technological innovations that safeguard against them.

For instance, withdrawals with cloned cards (or so called "white card" fraud, when stolen data is loaded onto the back of a blank plastic card that looks like a credit card) can be prevented by checking special security codes embedded in the magnetic stripes on the back of every ATM card. Similarly, shoulder surfing (looking over another person's shoulder in an attempt to obtain a password for an ATM or other data), and card skimming (using a hidden card-reading device and a camera to steal a customer's card information) can often be avoided by educating consumers and increasing their awareness and vigilance. Similarly, technology is available to provide powerful means of protection against other types of fraud. In particular, software can be used to combat empty-envelope fraud, which according to industry reports, is the number one type of fraud affecting ATMs.

Image-enabled ATMs using OCR technology can completely eliminate empty-envelope fraud, as well as help stop check kiting and closed-account fraud, as processing times become significantly shorter. Once checks are deposited, they are imaged and OCR technology automatically performs courtesy and legal amount recognition (CAR/LAR) on a deposited item, without having to rely solely on the input from the customer. Images and relative transaction data are sent to the central check processing site, where item processing and a complete audit are executed for clearing purposes. Thus, an image-enabled ATM becomes a remote deposit capture system, allowing for Day 0 or Day 1 processing as part of the financial institution's check processing workflow. As soon as the check is deposited, the image can be processed as a remote deposit item, resulting in faster processing and posting.

However, the idea of image-enabled ATMs is not enough to ensure the success of the project (enterprise). It is crucially important to choose a reliable software solution that can guarantee a read rate and accuracy acceptable for the application. Such products are available, and have been used (and proven in efficiency and reliability) by financial institutions in back office check processing for years. Nowadays, read rates and accuracy have achieved a level that is acceptable for applications that involve direct interface with customers, where a high false alarm rate could cause discontent and reduction in usage.

In addition to amount recognition, technology can execute CAR/LAR mismatch detection by verifying that the legal amount and courtesy amount are the same. This feature helps to detect check alterations and prevent fraud. Other fraud detection solutions are also available and, if integrated in ATMs, can help combat fraud. For example, signature verification can be performed at the time of deposit on "on-us checks," as well as be used to verify signatures on checks between members of an image exchange network if the images of signatures are shared.

These are just a few examples of software capabilities that can provide a reliable safeguard against crime. Better communication with vendors and collaboration in working out the requirements for emerging technologies or products will help to equip the industry with powerful, innovative, and secure solutions that will satisfy customers, generate revenue, minimize fraud and become a competitive differentiator for banks.

Mike Fenton is vice president of sales and operations for Boulder, Colo.-based Parascript (www.parascript.com), an image analysis and pattern recognition technology provider.

Comments

Patents: Don't Change the Landscape Too Quickly

Posted on June 27, 2008

By Alan Tenenbaum, Cohen Pontani Lieberman & Pavane, LLP

Over the past few years, we've seen an enormous amount of patent litigation against companies in the financial industry. The patents at issue in these litigations primarily concern business methods, covering such things as financial email alerts, systems for trading treasuries and other securities, Check21 technology, pre-paid gift cards, and online credit applications, to name a few. The trend is continuing, with recent infringement suits brought by Edge Specialists LLC for patents that concern systems for automated options trading, and by Lincoln National Life Insurance Co. for patents that concern computerized methods for administering annuity products.

Undoubtedly, there will more patent litigation in the future. We can also expect to hear lots of debate about the merits of these cases, with passionate arguments being made about the issues. In the end, much time, energy and money will be spent analyzing these patents, defending these cases and complaining that our patent system is too unfair, complex and unpredictable.

One thing is certain, and that is that there is much uncertainty in the financial industry as a result of patent issues. Significant criticism has been levied against our patent system, and some people have proposed drastic changes in the laws to minimize the cost and uncertainty associated with patent litigation. Of course, it remains to be seen whether the recent litigations are the result of flaws in the system, or merely a consequence of aggressive enforcement against an industry that failed to adequately manage IP risk for many years. Either way, the debate is now shifting, with some people questioning the need for drastic changes and asking whether such changes could stifle the lifeblood of our economy—innovation. While Congress will eventually change the law, no one can yet predict, with certainty, what those changes will be or when they will be implemented (the most recent patent reform bill was approved by the House but has been stalled by the Senate).

The United States Patent and Trademark Office (PTO) has already made changes to the procurement process to address concerns about perceived problems at the PTO and the quality of patents that are being issued—without waiting for Congress to act. In 2000, the PTO implemented a "second pair of eyes" review program for patent applications in certain technology groups, including the business method group. Through this program, a second examiner now reviews each patent application before issuance to ensure that the requirements of patentability have not been overlooked. The program has been refined and expanded since its introduction, and it appears to have contributed to a reduction in the percentage of business method patents that have been granted in the past few years. It is purportedly also improving communication and training of Examiners responsible for these controversial types of patents—hardly a bad thing.

The PTO recently launched a peer review pilot project that permits the public to review certain patent applications and submit information and commentary for consideration during examination of those applications. The project is very limited at the moment, but the PTO is expected to expand the project in the near future based upon its initial success.

The PTO also recently attempted to implement significant changes in the patent procurement process, including limits on the number of claims (claimed inventions) per application and the number of subsequent related "continuation" applications that may be filed by an applicant. Although the PTO stated that the changes would streamline the patent process, reduce the backlog of pending applications, and increase the quality of patents that do issue, the changes were highly controversial and were challenged in the courts. The PTO was enjoined from implementing the new procedures, but has recently appealed that decision.

Additional changes are taking place in the courts. In 2006, the Supreme Court issued a decision in the case of eBay v. MercExchange, essentially concluding that a patent holder who wins a patent infringement action is not automatically entitled to a permanent injunction against the infringing conduct. The decision is widely seen as making it more difficult for patent "trolls" and patent holding companies to obtain injunctions, which should reduce the cost of licensing and settlement of cases.

In 2007, the Supreme Court issued a decision in the case of KSR v. Teleflex, where it clarified (and broadened) the test for whether an invention is obvious (over prior art). The KSR decision will make it more likely that marginal patents will be struck down. Also in 2007, the Court of Appeals for the Federal Circuit (Federal Circuit), the appellate court that oversees patent decisions, issued a ruling in the case of In re Seagate Technology LLC, where it articulated a new standard for determining whether patent infringement was willful, making it much more difficult to prove willfulness and reducing the likelihood that enhanced damages will be awarded in patent litigation. These decisions could benefit financial entities that have been the target of patent holding companies (which have sought to extract significant royalties based upon questionable patents), by making the chance of a significant damage award less likely.

The Federal Circuit also recently heard oral argument in the case known as In re Bilski, which concerns a patent application for commodities trading. The application claims a method that purports to balance consumption risk by engaging in a series of transactions between the provider and consumers, and between the provider and market participants having a counter-risk position to that of the consumers. The PTO rejected the application on the basis that it did not claim "patentable subject matter", and the Federal Circuit is now considering whether that rejection was appropriate. The case is noteworthy because many expect the Federal Circuit to use this opportunity to curtail business method patents or more narrowly define the subject matter that may be protected by such patents. Not surprisingly, there is no consensus within the patent community as to how the Federal Circuit will rule, or even whether it is possible to draw a clear line between the subject matter that can be protected and the subject matter that cannot.

Throughout history, we've heard complaints about our patent system with each new revolution in technology (e.g. radio, telephone, television, and talking machines). In the recent past, there were complaints about genetically modified seeds (why can't farmers save seed?), patented life forms (how can someone patent a mouse?), and life-saving drugs (patents prevent generic competition!). Today, the focus has shifted to patents impacting the financial industry.

While debate rages, we should remember that our system was created long before the advent of computers, the Internet and the financial technology available today. That system has served us remarkably well over the decades, and policy makers and technology experts agree that the benefits given to inventors and patent owners under our system have resulted in increased innovation, investment and economic growth, and contributed to this country's technological lead for more than a century. History tells us that if we want to encourage the development of new financial products and services, we must find a way to reward investment in that development by protecting the resulting technology within our patent system. Of course, the difficulty lies in figuring out how to do so without opening the gates to junk patents, nuisance suits and other abusive practices.

Alan Tenenbaum is a partner in the New York City-based law firm of Cohen Pontani Lieberman and Pavane LLP (www.cplplaw.com). His practice focuses on intellectual property litigation and counseling.

Comments

Banks Turn to SaaS to Stretch IT Budgets

Posted on June 16, 2008

By Randy Rodriguez, Bluewolf

One word summarizes today’s banking climate: volatile. Bank CEOs are focused on capital markets, fall-out from the subprime debacle, and the pace of merger and acquisition. FDIC’s last Quarterly Report for 2007 points out the realities facing today’s banking leaders. With banking quarterly income at the lowest levels in 16 years, eroding margins, earnings volatility, non-current loans rising and one in four banks losing money, IT managers will continue to face enormous challenges in 2008.

IT managers project that security and compliance requirements will be the top priority for 55 percent of banks in 2008, reducing budgets for marketing, product and relationship initiatives. Although 45 percent of banking managers cite customer relationship management (CRM) as a top priority, most agree that a growing percentage of the IT CRM budget risks being siphoned.
With the pressure on full blast, IT managers are facing a challenging dilemma: “How can I get more done with less?”

Today’s bank IT managers face a myriad of challenges as virtualization expands and ID theft issues become increasingly rampant. Customers demand assurances that their banks can be trusted to secure their data. Informed and tech-savvy consumers expect their bank to handle remote deposits, nationwide ATM and debit card services, online banking and electronic bill paying from multiple physical and digital locations. Therefore, fraud detection/prevention, Sarbanes Oxley (SOX) and other regulatory compliance and ID/data security issues have become even more mission critical for the banking CIO.

Banking’s dependence upon transactional systems for deposit, lending, mortgage, credit card and other products have often left them unable to understand the overall value of a retail customer and to build relationship strategies to cross-sell along bank product lines.

With compliance and security projected to consume an increasingly large chunk of a bank’s IT expenditures, how can the IT manager answer to the various business heads and product managers hungry to maximize the value of each retail customer relationship?

Savvy IT managers have made a smart move, turning to Software as a Service (SaaS) solutions to drive retail customer relationship and marketing strategies. A successful SaaS program can enable the bank IT manager to remain committed to compliance and security challenges, while expanding support for customer retention, pricing personalization and product bundling.

The return on investment figures for SaaS-based CRM solutions are powerful. For example, industry analyst firm Forrester Research cites a 170 percent return from one bank’s CRM deployment of Salesforce.com, one company that provides SaaS solutions. Forrester concludes that the SaaS model enables internal IT budgets to fund regulatory, security and compliance management while enhancing customer relationship strategies.

SaaS solutions enable product, marketing and IT to deliver in highly dynamic environments built upon a multi-tenant, or ”many to one,” delivery model.

What benefits are attainable from SaaS-based CRM solutions? They allow bank IT managers to:
• Manage customers through call reports, pipeline management and relationship plans;
• Manage internal referrals in a centralized location, which enables broader collaboration;
• Provide a 360-degree view of a customer from both a business and private wealth perspective;
• Enable global knowledge sharing across multiple product lines;
• Integrate with monolithic legacy systems to enable consistent views of the customer;
• Focus on the relationship—not transactional—aspects of the bank’s customers;
• Build internal referral solutions, enabling more intuitive product marketing and pricing strategies;
• Enables banks to meet the challenges of regulatory, security and compliance while continuing to devote resources to supporting essential but often lower priority customer retention strategies.

The right combination of bank involvement, SaaS consultative leadership and a well-chosen SaaS strategy will create a balanced IT environment that stretches budgets while allowing banks to remain committed to meeting core services around the continued volatility projected for 2008.

Randy Rodriguez is managing director, financial services innovation, with Bluewolf, provider of on-demand software services.

Comments

How to Revitalize Midsize Banks

Posted on June 02, 2008

By Anand Swaminathan and Andrew Kappy, Accenture

Medium-sized banks find themselves in an increasingly desperate situation. They are losing significant market share to their larger competitors without the scale or funds to weather the weak economy, diversify their business or acquire others as a competitive strategy.

In this difficult environment, they must become more innovative, as did one midsize U.S. bank which needed to improve its procurement capability. It sought to significantly cut costs associated with third party vendors, improve compliance with their own spending policies, and use technology to streamline the entire process of buying and paying for goods and service.

The bank signed a seven-year agreement to outsource its strategic sourcing, vendor management, accounts payable and help-desk support functions across 45 products and services used by the bank. By enlisting an execution partner, the bank succeeded in realizing both savings and capability improvements.

This is an example of next generation sourcing initiatives that leading midsize financial institutions are embracing. Traditional outsourcing focuses on cost reduction, leveraging cheaper labor and utilizing some third-party technology. Leading midsize banks, however, are taking the next step by making outsourcing part of their core strategy to generate urgently needed efficiencies and access current technology without major capital investment. This strategy combines cost savings through labor arbitrage, improved technology capabilities, process reengineering, and a shift to a cost approach that is directly tied to revenue fluctuations. An example is a transaction-based model where the bank is charged each time it uses the outsourced service, perhaps to run a credit check on a loan application, rather than paying an "all-you-can-eat" fee that continues even when you don't use the service.

Another financial services company entered a multi-year sourcing arrangement that not only reduced human resources costs by up to 30 percent, but provided several long-term benefits. These included the establishment of one core human resources system using advanced technology, a reduction in additional investments in human resources operations, and the ability to support multiple acquisitions that more than doubled the employee population in less than two years.

Yet another bank engaged an execution partner to cut costs in its lending operation, including mortgage post-close, lien release, and tax and escrow services. After re-sequencing process steps and implementing imaging and automation, the lender outsourced these lending functions and, in less than a year, began realizing considerable cost savings. It is now exploring opportunities in marketing and other back-office lending operations.

This sourcing strategy also focuses on revenue growth by equipping both the back- and front-offices with the products, tools and processes necessary to drive shareholder value, while lowering costs. In many cases, third-party providers can deliver significant cost savings compared with current operating expense. Ultimately, the strategy can help financial institutions go beyond relieving short-term problems to address long-term sustainability.

Losing efficiency advantage

Why focus on medium-sized banks – those 30 North American institutions with assets ranging from $20 to $60 billion? When compared to larger banks, our analysis indicates that midsize banks are losing their efficiency advantage, faltering in revenue growth, and relying more heavily on a non-diversified product and revenue mix. Unfortunately, the current deteriorating economic environment is exacerbating the impact of these negative trends.

Absent quick action, these banks will find it increasingly difficult to compete effectively against their larger and more diversified brethren – resulting in continued loss of market share as they struggle to generate superior returns.

Large banks were less efficient in the 1980's and 1990's when an increase in assets and technology led to back-office complexity. Since then, Bank of America, JP Morgan Chase and other big banks have heavily invested in simplifying and streamlining their back office functions, including technology, human resources and procurement.

Such actions have dramatically decreased large banks' non-interest expense in the areas of technology, occupancy, and communications – dropping their average spend per dollar of revenue from $0.23 to $0.16 over the five-year period from 2002 to 2006. In contrast, medium-sized banks have increased non-interest expense relative to revenue (from $0.15 to $0.16) in that same period. This has left them at an efficiency disadvantage relative to large banks.

Slower growth

In addition to losing their cost advantage, midsize banks grew at a much slower pace than the four largest banks in North America by asset size (53 percent for midsize banks vs. 89 percent for the four largest), revenue (62 percent vs. 86 percent), and net income before tax (38 percent vs.128 percent) between 2002 and 2006.

Even more alarming, mid-sized banks' revenue is increasingly concentrated in fewer products, leaving them more susceptible to market shifts and changes in customer needs. In recent years, they have relied on consumer and commercial loans for over 80 percent of their interest revenue—products facing diminishing returns due to a 15-year decline in Treasury yields. In contrast, the largest banks are diversifying across additional sources of revenue such as asset trading and Treasury investments.

Moving ahead

In working with midsize banks, we have learned how they prepare to undertake a major outsourcing initiative. The bank typically first considers its market position and the essence of its differentiation. Understanding what the bank must and can do well in the marketplace is at the very heart of strategy and success. Having determined the core of its competitive strategy, the bank then reviews the functions, processes and technologies that provide its differentiation to determine which could be improved. Human resources, finance and accounting, procurement, mortgage fulfillment and lockbox operations are just a few examples.

The final step is to determine how a third-party partner can help reduce operating costs, free up capital and resources to invest in critical capabilities, and minimize the risk associated with such activities. The end result will be that the midsize banks can refocus their attention on regaining market share through improved customer focus, and product and channel innovation, with the added flexibility provided by a lower expense base.

Midsize banks must take immediate action to remain relevant and competitive. For some, the sourcing strategy described here may provide the difference between future high performance and continued mediocrity.

Anand Swaminathan (anand.swaminathan@accenture.com), a Senior Executive in Accenture's Banking Group, is based in San Francisco; Andrew Kappy (andrew.b.kappy@accenture.com), a Consultant in Accenture's Banking Group, is based in Toronto.

Comments

A Little Homework Could Have Saved Banks a Lot of Patents Grief

Posted on May 23, 2008

By John Cronin and Rachael Schwartz, ipCapital Group

Recent patent-related stories in the news suggest to the inexpert public a disturbing trend that some lucky inventor comes up with a simple concept, receives a valuable patent from a broken patent office and then easily earns hundreds of millions of dollars in licensing fees from industry leaders who cannot afford not to use the new technology themselves. From these stories, the public may start to recognize patents as a threat to industry, as they may force companies hoping to compete to license technologies at exorbitant costs. However, once one investigates the patents more deeply, it is clear that they do not threaten to shut down industries or disrupt the U.S. patent system.

DataTreasury's remote image capture patent is the banking industry's most recent source of frustration. In 1994, an inventor was inspired upon seeing the shoe boxes filled with old receipts where a local pizzeria kept its records. Claudio Ballard developed and patented an invention to help small businesses by remote image capture, using a unique combination of a management system, a visualization system, a data manager and a communication system for verification using encryption. Although it would have been difficult for anyone to predict the invention becoming such a critical idea back in the paper-based world of the mid-1990s, Mr. Ballard nonetheless invented a method for remote image capture, developed a working prototype of the technology at his own expense, created a company called DataTreasury and ultimately tried to market his invention to the world.

In the late 1990s, Mr. Ballard tried to license his remote image capture invention to the major banking institutions. For years, he was unsuccessful in convincing banks to adopt his technology. Then, in 2003, Congress legalized the digital processing of check transactions so that banks no longer needed to return cancelled checks to their signers, saving banks billions of dollars. In response, the banks developed remote image capture technology on their own, but did not acquire a license from DataTreasury.

DataTreasury logically sued for patent infringement. However, after extensive lobbying by the banking industry, Sen. Jeff Sessions (R-AL) added an amendment to the pending Patent Reform Act of 2007 that would allow financial institutions to utilize the check-imaging patent without paying a licensing fee to DataTreasury. However, Sen. Sessions has since dropped that amendment at the urging of the U.S. Patent & Trademark Office over the legality of the amendment.

Regardless of Congressional wrangling on the topic, it appears the banking industry may have been caught off guard by the DataTreasury patent. There are several reasons for this. The first is that banks in the late 1990s typically did not use or understand the value of patents like other industries. Most banking inventions were financial products and services, which weren't considered patentable subject matter until after the State Street Bank decision of 1998 (State Street Bank v. Signature Financial Group, Inc., 149F.3d 1368). The technology that banks used was usually developed by third party vendors, which may or may not have originally patented the technology. Therefore, the banks had little reason to question the legality of the technology they used.

A second reason is that banks weren't in the practice of doing a "Product Clearance" search, as is typically done by IP-sophisticated companies. This is when a company that has created new technology researches the patent database to identify related patents and then legally determines whether it would need to take a license to any patents. If banks had done a Product Clearance search when they were developing the imaging technology, they would have uncovered DataTreasury's original claims and taken appropriate action.

Moreover, when most IP-sophisticated companies come across a patent in the space they are inventing in, they avoid infringing on the patent by either licensing it or "inventing around" it. Inventing around a patent involves developing other ways to achieve the same functions using a different means and not violating the claims of the original patent. Most patents can be invented-around if the right team of technology and IP experts are brought together and led through a facilitated process of targeted invention. However, it doesn't appear that any of the banks had inventing-around capabilities when they were developing their remote imaging technology. Had they brought in those capabilities, we feel that they could likely have created a similar alternative to Mr. Ballard's creation and avoided years of legal wrangling.

Therefore, the reason that the major banking institutions are in this dispute with DataTreasury is because either they weren't expert at the patent business or weren't aware of how to avoid infringing other patents. But is this lack of expertise a sufficient reason for Congress to bail out an entire industry?

If Congress chooses to provide relief to the banks, it could disrupt our whole process of innovation by tipping the system toward large established companies who use inventions from small innovative companies without proper due. Congress' involvement in this issue was based on lobbying by large companies with deep pockets. The DataTreasury case study represents the American spirit of inventing and entrepreneurship, embodying the great qualities of innovation, vision and risk-taking. The U.S. patent system was designed to encourage and reward such behavior.

The lesson learned is this: Every industry should take a strategic look at the IP they have and the IP they need to continue to grow. Respecting the patent system and using the processes available to all is good for individual business growth and good for the American economy.

John Cronin is Managing Director and Chairman of ipCapital Group and Rachael Schwartz is a Senior Manager at ipCapital Group (ipCG). ipCG provides professional services for clients that wish to develop and execute intellectual property (IP) strategies, strengthen and monetize IP portfolios, and establish and implement Intellectual Asset Management (IAM) practices.

Comments

ISO20022/UNIFI is the Answer – What was the question?

Posted on May 02, 2008

By Wayne Meikle, Financial Services Director, IONA Technologies

People tend to equate ISO20022/UNIFI directly with XML. The benefits are a global set of common standards based on more open and cost-effective XML technology platforms—so life gets easier, doesn't it?

While there is some truth in this, the real picture is more complicated.
This article will discuss the historical background of financial services standards, the origins of ISO20022, and how you can map out an ISO20022/UNIFI adoption program for the next five years.

Historical Context
The world of financial services is about highly-reliable, fast, auditable and seamlessly processable inter-firm communications of instructions to enable business transactions. This is the way money and other fungible instruments work—they move financial assets.

Historically, these movements (or messages) evolved into standard formats based on national or regional boundaries, market participant initiatives, or standards mandated by specific industry utilities such as SWIFT. These message standards developed around silos of automation based on market practice or geographical locations, and the message standards were not compatible.

In order to address this compatibility challenge, the International Standards Organization [ISO], a worldwide federation of National Standards Bodies, developed the UNIversal Financial Industry message scheme (abbreviated to UNIFI),

What is UNIFI?
UNIFI is a standard for standards—a methodology for the creation of consistent message standards using data to describe data and interactions. This flexible framework allows communities of users and message development organizations to define message sets according to an internationally agreed approach and to migrate to the use of common XML-based syntax.

The base ISO20022/UNIFI standards methodology provides for variants based on usage by services utilities such as SWIFT, the current appointed ISO20022/UNIFI Registration Authority, as well as for other utilities and market participants.

The current ISO20022/UNIFI standards incorporate lessons from the first implementations of ISO 20022/UNIFI Funds Distribution messages and Customer-to-Bank payment messages, as well as from FpML, FIX and others that provide examples of successful market best practices.

ISO20022/UNIFI is essentially the roadmap to having a consistent lingua franca in global financial markets.

What does this new global standard for standards do for my business?

Mandated change is initiated by regulation, through migration by network providers such as SWIFT from the old MT to the new MX standards, or by demands of the business to support new transaction flows only available in ISO20022/UNIFI. To understand the effects of mandated change, we can look at the payment standards used by the Single Euro Payment Area [SEPA] initiative, a current example of applied UNIFI.

The short-term incremental service provision costs to the business to comply with SEPA will be significant. There will be an indeterminate period of co-existence—at least two years and possibly much longer—that existing systems will be required to support both legacy and new standards. The current SEPA program teaches us that banks, infrastructure providers and corporations need to support the old domestic payment standards, the new UNIFI/EPC/SEPA standards, and still support the SWIFTNet FIN standards for international transactions.

While it will increase costs in the short term, ISO20022/UNIFI also offers opportunity for competitive advantage. Business transactions based on the ISO20022/UNIFI standards increase the reach of firms to more customers in more locations with less concern for national boundaries and local legacy standards. This also allows more firms to reach into new markets with lower barriers to entry.

How do I map out my ISO20022/UNIFI adoption program for the next five years?

Most firms now realize that ISO20022/UNIFI based standards adoption has reached critical mass. It is not optional and all firms need a cohesive plan for how they will support both legacy standards and new standards during the transition period. One option is to simply trust that their vendor suppliers have the answers. If this is the case, firms should be sure to ask them for a road map.

Alternatively, and more advisedly, the firm should have an architectural road map that capitalizes on reusing ISO20022/UNIFI messaging and integration services. They should look to use standards-based integration technologies that support the legacy and the new XML-based merging standards, as well as solutions that provide platform-neutral deployment technologies to use with existing computing infrastructure.

Adoption of ISO20022/UNIFI standards is not a big-bang approach, but a market-driven migration to a common language.

The question is: What is the lingua franca of the global financial services markets?

ISO20022/UNIFI is the answer.

Wayne Meikle is the financial services director for IONA Technologies, providers of standards-based solutions to IT organizations.

Comments

Will FICO Scores Suffice In Credit Crunch World?

Posted on April 14, 2008

By Clark Abrahams, Marketing Director, SAS

Is a new credit assessment the intervention needed for the subprime crisis? As I follow the unfolding mortgage crisis, one thing is abundantly clear—there is significant room for improvement in current credit assessment approaches. Credit scoring has not done an adequate job of assessing risk in the subprime mortgage market. That fact is beyond dispute. Simple re-calibration of the existing models will not fix the problem of the blind spot in today's underwriting practices.

Technology has a vital role to play to boost efficiency and help measure and monitor credit risk. However, in order to create a more effective means of identifying risk in the first place, a comprehensive new credit risk framework is needed. Simply throwing technology at the problem will not fix it.

Loans need first to be properly classified, and then risk rated. The process today has that backwards.

A better solution may be a hybrid approach that combines the best that technology can offer coupled with expert human judgment. Such an approach can help deal with the current crisis and may lessen the extent of, or even prevent, the next one. A better credit assessment needs to:

• Expand the boundaries of information associated with mortgage loans;
• Appropriately segment borrowers based upon primary factors;
• Layer in secondary risk mitigation factors, where needed;
• Assign actions for each identified segment;
• Allow for system updating, unlike scorecards, so that polices can adapt in response to the evolving economic climate, and so that risk estimates can be improved over time instead of becoming more unreliable over time, again as is the case with credit scoring.

As the accuracy and power of the FICO score continues to get debated, new and improved ways that address limitations of credit scoring systems and better evaluate credit risk will be in demand.

Clark Abrahams is the marketing director for Cary, N.C.-based business intelligence and analytical software and services provider SAS.

Comments

Not All Alerts Are Created Equal

Posted on March 24, 2008

By Joseph Salesky, ClairMail Inc.

In theory, alerts can be an effective customer service tool for fraud prevention, account management, bill payment and other banking functions. When executed correctly, not only can alerts increase customer service and satisfaction, they can also significantly cut costs for banks, introduce new revenue opportunities and accelerate adoption of the mobile banking channel.

In practice, however, most alerts offered by banks today – phone calls, email and 1-way alerts – fall short of making these benefits a reality. Phone calls are only effective if the customer answers live; more often than not, a voicemail message is placed, requiring the customer to remember and dial back a phone number in order to remedy the situation. Emails also oblige the customer to reply, and can go many hours or days without being checked. 1-way alerts provide timely notification but lack a convenient response mechanism, thereby still placing the onus on customers to contact the bank. Like a phone that is only able to receive calls but unable to send them, these alert types are only half-effective.

The key to truly effective alerts is ensuring that they are both timely (sent and received instantly) and actionable (provide a convenient way for customers to immediately resolve issues). How best to reach customers in real-time and empower them to immediately respond to alerts and resolve account issues? The answer is 2-way alerts.

With over 254 million mobile U.S. subscribers – an astounding 84% penetration rate – mobile phones are more pervasive than the Internet and readily available at any time. Whether at home, work or on vacation, customers are very likely to have their cell phone with them. Moreover, according to Aberdeen Group, over 1 billion SMS messages are exchanged every month, making SMS alerts a timely (and ubiquitous) communication medium.

Taking advantage of the dynamic, real-time, 2-way nature of SMS alerts adds the critical "actionable" component. In a recent report, Javelin asserts that 2-way is the key driver for providing value to bank customers and accelerating adoption. Javelin argues that banks "able to provide time-sensitive informational 2-way alerts that affect account status will experience higher adoption of the mobile channel and give customers the control they desire."

2-way alerts are the perfect combination of timely and actionable, making them valuable to both customers and banks.

For customers, 2-way alerts provide the obvious comfort of being informed in real-time when issues arise with their financial accounts, and the convenience of being able to immediately resolve the problem via their mobile phone.

Consider the example of a questionable account activity. A 2-way alert is immediately sent to the customer, asking him to verify the transaction by simply replying with a "Y" (for "yes") or "N" (for "no"). Unlike existing alerts, this alert type is timely and actionable. The alternatives would be a phone call, email or 1-way alert, all of which require the customer to make an effort to call or visit the bank, with the possibility of the customer's account being frozen until the transaction is verified.

2-way alerts are non-intrusive yet deliver valuable information in real-time, and empower customers with simple control of their account. Without the timely delivery and ability to take action, this type of information can be virtually useless.

For financial institutions, 2-way alerts can significantly cut costs and generate new revenue. Banks can avoid huge losses from fraud and identity theft by utilizing 2-way alerts as a fraud prevention tool. These alerts divert traffic away from more expensive customer interaction channels, such as call centers and IVR systems. Mobile alerts are estimated to cost pennies, compared to $14 for each call center call or $3 for each call to the IVR system.

Two-way alerts also give banks the ability to generate revenue. With functionality such as mobile bill pay, in which a customer receives an actionable alert when a bill payment is due and can pay via text reply, banks stand to gain significant revenue. Banks can take advantage of "the float," improve payment predictability, eliminate check processing fees, charge for expedited payments, and bring on new billers (e.g. utility or cable companies) willing to pay the banks for these services. Finally, 2-way alerts can serve as a direct marketing medium by enabling banks to accompany alerts with actionable, targeted and contextual offers.

Alerts are not just a value-add for customers, but for banks as well. Something as simple as a 2-way text message, when executed correctly, can generate significant revenue and savings for banks, and can deliver a less intrusive and far more effective communication channel for customers. The two key elements for a successful alerting strategy is to ensure alerts reach customers in real-time and empower them with a quick and easy way to take action.

Done properly, 2-way alerts can do wonders for a bank's bottom line.

Joseph Salesky is CEO of ClairMail Inc., a Novato, Calif.-based provider of mobile banking and payments solutions.

Comments

Efficiency Ratio: A Focal Point for Change In Lending

Posted on February 25, 2008

By J. Brian King, Benchmark Consulting International

One of the greatest challenges faced by financial institutions is sifting through and processing data in order to extract meaningful information on which to base their decisions, according to a whitepaper by BenchMark Consulting International (Atlanta). Understanding and properly leveraging internal data as well as appropriate external data can allow lenders to confirm where they are performing well and identify possible areas for improvement.

There is an important distinction to make between data, information, and true business intelligence. While all of these elements are critical to managing a business, recognizing those distinctions and understanding the strengths and limitations of each of these components can help drive success.

As competition and consolidation in the banking industry have heated up over the past two decades, the need for operational efficiency has encouraged banks to look for opportunities to better leverage their data. Banks have taken great strides to turn their own data into information so they can identify opportunities to eliminate waste and redundancy in their operational processes. Banks have leveraged evolving technologies to make the capture, processing, storage and analysis of data into a streamlined process.

Many users today have incorporated graphical representations of performance data to provide management with a dashboard, scorecard or monthly management report package that allows them to assess performance at a glance. These internal dashboards typically measure the company's performance against last month, against this same month last year (to accommodate for seasonality), as well as against forecast.

Once banks have these internal reporting capabilities, they soon realize that looking at just their own performance allows them to see only a part of the picture. To unlock the decision-making potential of this information, the question naturally arises, "How do I compare to my competitors?" Unfortunately, an internal dashboard often does not include the external industry data necessary to make those comparisons.

Publicly available external data is a natural first step beyond the company's own walls for broader comparisons of performance data. For purposes of this review, external public data is information available for free, or at a relatively low cost, possibly as part of a membership in a trade association or through a subscription to a newsletter or other publication.

While internal data may also show a negative trend in delinquency, without the industry data, there is no way to tell if the improvement in the delinquency performance is a function of ineffective collections efforts in this shop, or if the organization is performing well-above others based on market conditions.

Moving beyond data that is publicly available, there are also external private data sources. This data may come from the same industry and trade associations discussed above, or research and consulting firms. The four key differentiators of this type of data are:

o It is generally available exclusively to participant organizations
o The data is generally more robust, allowing for segmentation and filtering
o There is typically an investment made in submitting the data with more robust data integrity
o Often there is an explanation as to the "why" behind the numbers

The good news is that this external data is enabling a new approach to industry comparative metrics. While any organization is free to process its own internal data as it sees fit, publicly available data is much less malleable. Private external data goes beyond information that is publicly available, enabling organizations to get to successively higher levels of business intelligence maturity.

Since few institutions target average performance, greater detail and richer sources of data are required. While external private data requires an incremental investment, many banks are realizing that the value it can provide far outweighs the cost. Offering a richer source of data that goes beyond industry averages, external private data allows banks to leverage their internal data to gain knowledge and wisdom about the competitive landscape, thereby enhancing their decision-making capability. By adding this outside perspective to information available internally, banks can turbo-charge the value of investments in data management and reporting technology.

J. Brian King is SVP and consumer, mortgage, and retail practice executive at BenchMark Consulting International. He has extensive background in mortgage and consumer lending, strategic planning and product development.

Comments

The Dynamic Duo: IT and Legal Working Together to Beat the Bad Guys

Posted on January 28, 2008

By Mark Greisiger, NetDiligence, and Jon Neiditz, Locke Lord Bissell & Liddell LLP

Imagine this nightmare:

Criminals from across the globe, armed with the most sophisticated weaponry, are converging on your bank. Inside the bank, the guards are fast asleep. Panicked tellers sound alarms. Nothing happens. (No one knew they didn't work; they were never tested.) The bad guys know precisely where the vault is and it's wide open. Bad guy after bad guy marches out with your customers' wealth. The crime's swiftness is mind-boggling. What should have taken hours was over in seconds.

But the worst is yet to come: customers, outraged that you didn't have better safeguards, are closing their accounts and suing you for negligence. Before you jolt awake, one last image flashes through your mind: the words "CEASE AND DESIST" scrawled in blood-red paint across your bank's front door and a letter emblazoned with "CLASS ACTION LAWSUIT" in your mailbox.

Unfortunately, this dream isn't all that farfetched in cyberspace. Especially if you haven't enlisted the crime-fighting power of the dynamic duo—legal and information technology (IT). Together, those charged with overseeing your legal and IT can provide the protection you so desperately need in the face of today's exponentially evolving technology and increasingly litigious business environment.

You see, while technology has revolutionized the industry, it has also left financial institutions, and their customers, more vulnerable than ever. In cyberspace, there are, indeed, legions of bad guys developing technologies to break into your systems and steal your customers' identities. And they can do it from Eastern Europe or the Middle East or Asia—in cyberspace, there are no geographic barriers.

We get multiple calls about security breaches every week. Fortunately, most issues are resolved before it's necessary to notify authorities, but their ever-increasing frequency is alarming.

If your IT and legal teams aren't joining forces to establish safeguards against these escalating threats, it's the equivalent of leaving your vault wide open and putting your guards to sleep.

It's no wonder financial institutions are required to adhere to a multitude of cybersecurity regulations that were unheard of just a half-decade ago. For instance, the Gramm-Leach-Bliley Act (GLBA) and its state progeny require banks to take prudent and reasonable precautions to protect identity. Often clashing with those laws are breach notification statutes in 39 states. Most require banks to notify customers if their systems have been breached and customers' personal information potentially exposed. Here's just a sampling of issues that make adherence challenging:

• Definitions of what is considered personal information vary with each statute.

• Regulations shift from state to state; applying where each customer resides. What's required in one state may be prohibited in another. You need a sound national response strategy that can easily be adjusted to address every shift in regulation.

• Notice-triggering breaches are costly. One study estimated that if you send customers a breach notice you'll lose 20 percent of them. Send out a second notice, and many more will bolt. Even though breaches will occur in the best security systems, the fires have been fanned for claiming negligence and instigating class action lawsuits.

• Both the law and your market position make you responsible for the security breaches of your customers' data residing at vendors and third-party suppliers, such as core processors. For some banks, the ripple effect can morph into a tidal wave. For instance, if credit cards are involved, you must pay for reissuing them. At $10 to $16 or more per card for thousands of customers, that's costly. What's more, the organization that delivers the bad news is generally the one blamed by the customers and the media.

It's too easy to install new technologies without understanding the legal impact. For instance, IT may forge ahead with a paperless record-keeping system while unaware of:

• Compliance with privacy and security requirements,
• Managing the costs and risks of electronic discovery, and
• Ensuring that all electronic documents will be enforceable and admissible in court.

Therein lies the conflict that separates this dynamic crime-fighting duo. Legal and IT have traditionally operated in different realms—IT is operations-focused, accustomed to charging ahead without consulting legal. Legal oftentimes doesn't understand the dynamics of IT.

All of that is changing, however, due to information security issues and electronic discovery. For the safety of your customers and the well-being of your financial institution, it's critical IT and legal work closely at all times. Here are some suggestions to make that happen:

1. Don't wait for a security issue to introduce your IT and your legal departments. We've witnessed that more times than we care to recount. Be highly proactive. Use electronic discovery to get a jump on information security issues. Consider hiring an Electronically Stored Information (ESI) Coordinator to help you bridge IT and legal, as now recommended by a number of judicial districts.

2. Enlist outside, objective experts to handle tasks such as conducting a security assessment, preparing a crisis communications plan and reviewing the customer notification requirements in states where your accountholders reside. Experts who do this work constantly can provide valuable perspective. What's more, their input will help you respond quickly to any breaches, and will help prove you did your best to provide reasonable and prudent safeguards. Their expertise could ultimately save millions of dollars.

3. Don't get caught up in security theater, i.e., countermeasures that provide the feeling of security while doing little or nothing to actually improve it. For example, many breaches are related to poor patch management—the ease of getting into the system through security holes in Internet-facing operating systems or business applications. Bad guys often rely on human weaknesses and may count on a bank being understaffed in information security. Scan test your systems and servers at least quarterly to see how well they can defeat and deflect the thousands of known hacker exploits.

4. Establish a security council that would be responsible for:
• Orchestrating the relationship between IT and legal.
• Overseeing outside cybersecurity and legal experts.
• Ensuring third-party vendor compliance.
• Developing strategies and tactics to manage risk.
• Establishing privacy policies to advise clients and vendors on how data will be protected.
• Creating a response plan in the event of a security breach.

Unite the powerful crime-fighting forces of legal and IT so this dynamic duo can ensure that bad dreams won't come true for your financial institution.

Mark Greisiger is president of NetDeligence, a cybersecurity assurance organization. Greisiger is an authority on cybersecurity and network risk for computer-dependent businesses, government agencies and financial institutions.

Jon Neiditz leads the Information Management & Privacy Practice for Locke Lord Bissell & Liddell LLP's Business Technology Group. In recent years, his practice has focused on assisting clients to meet the legal and technological challenges of electronically stored information.

Comments

Getting Personal with Customers Using Interactive Documents

Posted on January 07, 2008

By Jerry Driscoll, Exstream Software

Despite the large number of mergers and acquisitions within the industry over recent years, banking still remains highly competitive. Walk down any street in an average American city, and you're likely to pass three or four bank branches marketed to attract more customers and encourage them to do more business by opening more and different types of accounts. As always, however, the most effective way to do this is to build personal relationships with customers, to develop trust and inspire loyalty.

Yet there are obstacles. The same technologies that have streamlined banking and reduced internal costs—such as drive-through teller windows, ATMs and automated telephone systems—now stand in the way of developing that all-important, face-to-face customer intimacy. As banks extend their services regionally or even nationally, this impersonality may become only more pronounced.

Another impediment to relevant and personal communications with customers is the fact that while banks keep detailed files of customer information, it is often stored in separate data silos. Statements are issued from one system and the marketing department uses another. Therefore, customers who already have the credit card often continue to receive brochures promoting credit card services. This wastes printing and postage dollars and, more importantly, fails to take full advantage of valuable customer data.

A typical step toward customer-centric communication has been to develop templates of correspondence to speed the document creation process. However, by definition, templates provide few editing capabilities. If a financial advisor or customer service representative (CSR) changes only one paragraph to fit a specific situation, for instance, one more template is usually added. Eventually, with hundreds of templates to choose from, finding the most appropriate becomes so cumbersome that it's quicker and easier to create another. Managing these templates becomes a logistical nightmare—not to mention the risk involved in this error-prone, manual endeavor.

Building a better solution

Technology now exists to tap into customer data from a variety of sometimes incompatible sources and combine them with marketing text and graphics files to produce relevant and personalized communications. Predetermined "rules" control which customer will receive which marketing message with his or her statement. Messages can now even be printed directly on the statement. In this way, every customer receives a message appropriate to his or her situation, and these documents can be delivered either through the mail or via email, according to customer preferences.

The latest innovation in personalized communications is the advent of interactive documents. These replace standard, fixed templates with documents that allow for "controlled editing"—tailoring correspondence or developing a unique proposal while keeping other information intact. Financial advisers and CSRs can now choose different headings or logos as well as pre-approved paragraphs or other language for the body text. When desirable, bank employees can type in their own free-form text in designated areas. And interactive documents will automatically insert appropriate disclosure and compliance language based on rules like Zip Code, type of account, or other predetermined criteria.

Other types of interactive documents accommodate clients who wish to take out a loan, open a line of equity credit, or apply for a mortgage. Until now, they've confronted the confusing, tedious and intimidating task of filling out pages of preprinted one-size-fits-all forms. For existing customers, the bank may have much of the required customer information on file already and interactive documents tap into this information to pre-fill data fields, while non-applicable fields simply disappear from the finished form. The process is much more efficient for the institution and for customers, and it reduces confusion and errors.

What To Look For

Financial institutions can now link all of their customers' information together to produce dynamic personalized communications that address clients' interests while meeting all regulations. When seeking an effective solution, financial institutions should look for the following:

1. A comprehensive platform for producing all types of document applications to integrate all the communications the institution sends its clients.
2. The ability to create interactive documents that allow for both streamlining and personalizing each document, including changing logos or other institutional branding, compliance language, and account information.
3. The ability to accept information from multiple internal systems, data warehouses, ECM systems, and other data sources without requiring the institution to normalize the data.
4. A collaborative environment that allows marketing and legal groups to control content to meet the institution's requirements.
5. The ability to produce output that is personalized and relevant to each individual client.

With many banks and financial institutions to choose from, customers simply need to ask: Who do I trust? Who knows me and serves me best? Today's cutting-edge enterprise document automation technologies can help to establish long-term and profitable relationships with clients efficiently and without "breaking the bank."

Jerry Driscoll is group vice president of financial services for Exstream Software. Exstream Software helps organizations of all sizes connect with their customers through higher quality, fully personalized communications.

Comments

GUEST COLUMN: Biometric Signature Authentication for the Information Age

Posted on November 12, 2007

By Dr. Tatiana Vazioulina, Parascript, LLC

The dramatic rise of financial fraud has become a scary trend in today's world. According to recent studies, approximately 9.2 million Americans suffered from identity theft crimes in 2004, costing consumers $5 billion, and banks and corporations $48 billion. The growth of these crimes has resulted in a renewed interest in advanced security means. Institutions are increasingly demanding more reliable, less costly authentication and authorization for everyday activities, such as performing financial transactions, boarding an aircraft, entering a secure physical location or crossing international borders. Biometrics is an emerging technology that is quickly garnering wide attention for its promises to alleviate security breaches and offer solutions to key challenges, such as financial theft and fraud, faced by real-world enterprises.

Biometrics is used to verify identity by way of physiological traits or behavioral characteristics that are unique to each individual and cannot be forgotten, lost or stolen. It can take the form of several different techniques such as hand geometry, iris or retinal scans, dynamic signature verification, face and voice recognition, fingerprinting and others.

Among these methods is biometric handwriting. Signature characteristics are absolutely unique to an individual and virtually impossible to duplicate. Therefore, handwriting still remains one of the most powerful human identifiers today. In dynamic signature verification, multiple biometric characteristics of a signature in question are scrutinized and compared against a reference signature kept on file to make a conclusion that measures the confidence of the signature's genuineness. If several genuine reference signatures are available, the measure of the stability of the particular feature is developed and used to estimate the probability of deviations observed in the questionable signature.

The most advanced signature verification systems employ a powerful combination of engines using different approaches for comprehensive signature verification. Each engine analyzes biometric characteristics such as speed, acceleration, deceleration, stroke sequencing and length, pen pressure and timing information received directly during the act of signing together with other innovative technology that scrutinizes signature shape. Finally, the results received from different methods of analysis are combined to provide a reliable measure of the likelihood of coincidence between the signature in question and genuine reference signature(s). The success of dynamic signature verification in such systems relies on analysis of graphical representation of a signature and biometric characteristics received during the process of signing. Usage of several independent methods of analysis leads to a dramatic performance improvement and adds substantial robustness to the signature verification software.

Since there are many different characteristics involved in the analysis, the biometric signature verification technology is able to ensure a high efficiency of verification even if certain characteristics of signing (i.e. pressure) are not tracked. This important aspect of signature authentication reduces dependence on the type, specifics and quality of pen-enabled or pointing devices. For example, pressure characteristics are very important if the signature is obtained on pressure sensitive devices and less important if captured on pointing devices built into many laptop computers that are not sensitive to exerted pressure.

Technological advancements have increased the accuracy of biometrics systems while making them more widely affordable as a viable method of verification. Due to the level of reliability, convenience and high security that biometrics provides, it is already being used extensively in a number of applications to provide a competitive edge to alternative technologies.

At the same time, not all biometric methods are equally acceptable in all industries and all applications. One of the greatest challenges of biometrics are privacy concerns due to its relatively intrusive nature. It is for this reason, for example, that fingerprinting and iris scans are not accepted in many retail, banking and financial services applications. Dynamic signature verification is a much more easily digested biometric method of identification. The act of signing one's name is socially accepted and commonplace in our legal and commercial lives. As such, individuals are less likely to object to their signature being confirmed as compared to other possible biometric analyses. This allows dynamic signature verification to be seamlessly integrated into existing working processes.

Not only is dynamic signature verification the least controversial of current biometric methods on the market, it is also one of the most accurate, intuitive, fast and cost effective, and operates with compact data. All these factors make it an ideal solution for document authentication and enterprise workflow. Nowadays a wide range of equipment is available for digitizing signatures: palmtop or PDA-type devices, digitizer tablets, pointing devices and smart phones. Biometric signature verification software universally supports any form of pen-enabled input device on which a signature is written.

The solution can support any signature authentication application, from homeland security to banking and retail applications, providing organizations and individuals with enhanced security and control over the documents and transactions that are originated, transacted and stored in today's business environments. Based on state-of–the-art technology, signature verification software extracts maximum data concealed in a biometric signature, captured with a digitizer, and converts the data to information that allows a more reliable detection of forgery than any other solution available on the market, including manual verification.

Given its applications and potential for sophistication without being overly intrusive, dynamic signature verification represents an ideal bridge between the long-recognized practice of signing a document and the reliable authentication and authorization that are increasingly needed for many commonplace activities and transactions.

Dr. Tatiana Vazioulina is with Parascript, a company that employs patented digital image analysis and pattern recognition technologies to extract meaningful information from images.

Comments

GUEST COLUMN: A Greener Data Center Starts with a Better Handle on IT Assets

Posted on August 20, 2007

By Richard Muirhead, CEO and Founder, Tideway Systems

Going green is a red hot issue these days, particularly in the data center which is a big consumer of energy. Rising energy costs, combined with the increasing number of servers, cooling equipment and related infrastructure being deployed, are creating new pressures on corporate bottom lines in financial services organizations and in many other industry sectors.

According to a recent study by Stanford University’s Jonathan Koomey, the energy consumed by data center equipment and infrastructure more than doubled in the U.S. and worldwide between 2000 and 2005. In the U.S., the electricity bill totalled $2.7 billion in 2005 and rose to $7.2 billion worldwide in the same year. Put another way, our own estimates indicate that a single, moderate-sized server in the data center of a large financial institution has about the same carbon footprint as a gas-guzzling family SUV that gets 15 miles to the gallon.

There are many issues to consider other than power consumption, however. These include the broader environmental concerns of limiting carbon and greenhouse gas emissions, using materials from renewable resources, recycling materials and reusing heat from data centers.

A Wider View of Your IT Assets

To take the first steps in creating a greener data center, financial institutions need to get a better handle on their IT assets. Some two and a half percent of IT assets continue consuming electricity even though the business thinks the equipment has been disposed of. This lack of overall visibility can lead to inefficient use of current assets and wasted investments in new equipment.

Financial services companies are dramatically reducing their IT carbon footprint, energy consumption and overhead through data center optimization. This is typically a manually intensive and risky process, especially since technologies such as virtualisation make it difficult to understand the impact of removing real-world pieces of hardware. New technologies, however, such as application dependency mapping, now make it possible to automate more of the process, and critically show the definitive business and technical impact of removing any one piece of hardware. The following is a top-level view of the typical phases of a data center optimization strategy:

Diligence: A complete IT inventory of servers, storage and applications, including identifying inter-system and application dependencies and relationships, is central to any sustained data center optimization effort. When done manually, this intensive and highly-detailed activity can take a great deal of time to complete to attain the required granularity and data quality. Data gathered is employed in subsequent planning, costing and risk-mitigation activities, and used as the basis of a configuration database that will help manage change during the migration itself.

Understand: Once a sustainable method of collecting and maintaining accurate inventory and dependency data is established, an organization can look beyond the data to reach a deeper understanding of how technology underpins its business operations. In this phase, the focus is on addressing questions that correlate technology and application assets with their business owners and stakeholders, and on mapping the interdependent relationships.

Design and plan: Armed with a full description of the IT and business asset landscape, the project team can concentrate on finding optimization opportunities, designing the desired end-goals, and planning the process for getting there.

Implement: In the implementation phase you need to obtain a precise picture of the state of the IT environment from day to day. This allows project progress to be monitored, provides a continuously updated view of what changed incorrectly in the environment when incidents occur, and assists with necessary re-planning. If the project has been planned effectively, then the implementation itself will be a controlled, predictable exercise.

As you delve into your data center optimization project, it is important to consider ways to create a continuous, repeatable and adaptable program. The newest application dependency mapping tools automate the process of understanding IT assets and their interdependencies, including the ramifications of planned changes, or services impacted by component problems. According to Gartner, a service dependency map is a “prerequisite for achieving success” with a host of IT-related issues, including service-level agreements and availability, systems configuration and changes, and performance management.”

Greener Data Center Benefits the Bottom Line

As the appetite for information grows, so does the infrastructure required to support it. And while technology vendors are developing more energy-efficient products, businesses can do their part in reducing the impact the data center has on the environment.

Organizations are implementing a number of environmentally friendly data center strategies including reducing the number of servers through server virtualization, switching off unused hardware, deploying more efficient cooling and power supply products and replacing slow, energy-hogging servers. A few are even taking advantage of new financial incentives from electric power companies by reducing energy usage during peak months. Green data centers that operate with greater energy efficiency make sound financial sense, and ultimately improve the environment we live in.

Richard Muirhead is CEO and founder of Tideway Systems. Tideway helps companies gain transparency of their IT estates and realize the significant “green” aspects of data center optimization.

Comments

• Most Popular Articles