Banking in the near future: optimising risk management and resilience in the digital age
Technology may be the great enabler for banks and their customers,
but to achieve holistic risk management, culture change and education are equally important
Charlotte Branfield - Head of operational resilience, Citi
Jason Maude - Chief technology advocate, Starling Bank
Andrea Brody - Chief marketing officer, Riskonnect
Ralph Nash - Chief compliance officer, HSBC UK
Marc Leaver - European chief operating officer, Standard Chartered Bank
Suresh Viswanathan - Chief operating officer, TSB
What is the current state of personalisation in banking in the UK and around the world?
RN: Last year’s events have accelerated some of the trends already emerging in banking. These include the increased use of automation and digitalisation and the concept of “the bank in your pocket”. Branch networks will remain important, but increasingly we see demand-led interaction around digital and that’s something we need to satisfy. A greater digital focus creates both risk and opportunity from a stability and resilience perspective. There are some risks, both technical and ethical, but if we get it right, it could be a win-win scenario for the bank and the customer. We are at an exciting juncture.
JM: In the next decade, affording customers immediate and secure access to their data in the same way they have access to their money will become a requirement, rather than a “nice to have”. If you, as a bank, cannot offer that connectivity or application programming interface (API) capability, you will be like a town the railroad missed out, and you will weaken and die. Customers, including small and medium-sized enterprises, are not going to do business with a bank that relies on paper processes.
CB: What makes a good bank is how fast they reach the customer, to solve their problems and provide financial services conveniently, efficiently and responsively. Therefore, the concept of a bank is evolving from the traditional bricks-and-mortar bank to an “embedded finance” model. Driven by the demand for high-quality seamless customer experience and fintech partnerships, banks will become hubs where products can be plugged in and out. When you think about banks’ business models, that’s pretty revolutionary. The whole system is changing and it’s an exciting time to be involved in operational resilience.
ML: I agree that we are at an inflexion point in banking: if we don’t change the traditional way of delivering products and services to clients, we will be redundant in the digital age. We see ourselves as a bank that connects clients, products and markets. To do this we utilise digital offerings to tap into the digital needs of our clients. Three pillars to build this: innovative partnerships exploring disruptive business models; investment in fintechs; and, arguably the most challenging element, greater internal innovation.
SV: The definition of where a bank starts and finishes is transforming. Previously we have been constrained by physical infrastructure and analogue systems. As we emerge from a post-pandemic world, the march to digital is inevitable. However, as we move towards a world driven by open banking and APIs, you lose control of when demand hits. People trust banks and I think now it is obligatory to ensure we deliver more value to customers than just a current account, a loan, a mortgage and a card. It’s a unique position to be custodians of customer data and leverage that trust, and it means we, as banks, can offer them more connectivity.
AB: We talk with our financial services customers all the time. The same topics are discussed; the drive for greater automation and data analytics is taking centre stage because of the need for connectivity. It’s imperative to leverage technology, but improved risk management in corporate strategy is required and the pandemic has exacerbated the need for better reporting.
What are banks’ biggest operational challenges in 2021 and what problems are on the horizon?
RN: The last year emphasised the importance of banks as a transmission mechanism of government policy to support individuals and businesses through the coronavirus crisis. We have effectively done years of lending in a few months, at an unprecedented level. Managing the exit from government support schemes will be a significant operational challenge for HSBC and the industry, this year and next, particularly in the UK. Customers’ payment holidays will end, but some will be unable to resume repayment on their debt. Historically banks have been worried about cash and keys, and now they should treat data and systems as crown jewels and focus on building resilience for the latter. The operating model and technologies need to support that, as well as meeting regulatory and societal expectations.
JM: To keep pace with those expectations, it’s essential to have the architecture to operate faster. It’s often thought that for banks there is a seesaw-like balance between security and reliability on the one side and speed of delivery on the other. At Starling Bank, we have constructed a system that makes these two things mutually reinforcing. We rapidly deploy feature changes, new products and services, and seek bugs daily to increase resilience. This system will be vital as we look to enter new markets globally in 2021.
ML: Standard Chartered Bank has moved to a cloud-first strategy and we are looking to shift our core banking platform into the cloud by 2025, subject to regulatory approvals. Regulators are beginning to become more comfortable with banks’ evolution to digital and familiar with safe data storage. Certainly, the strides made by Starling Bank and others are fabulous for the industry and the customers we serve. Partnerships with technology specialists are critical to our strategy because we know clunky platforms and traditional banking methods are not sustainable, frankly.
SV: Today, 90 per cent of TSB’s customer services are digital, as is 70 per cent of our sales. In terms of operational resilience, it is very important to have a multichannel approach because you want to comfort and support customers and be readily available. We are marching to the cloud and, as networks become much smarter and 5G is more widespread, we can push more content through the pipes into the hands of devices customers hold. That capability gives us the ability to educate customers and improve financial literacy. A key imperative, though, is to become more holistic in our management of risk.
CB: I agree that banks need to embrace holistic risk management and think about processes differently. At Citi, our priorities lie in better understanding our clients’ experience of using our services and improving upon it. As an industry, we have to move away from the mindset that cybersecurity, for example, is only a tech expert’s responsibility. That approach causes a disconnect concerning operational risk because, in today’s digital economy, the fundamental commodities at risk are trust, data and connectivity, not just money. If we want to manage cyber risk properly, we are going to have to have far greater engagement from the client relationship managers, the user experience designers, and the product sales and development teams, and not just within banking, but in the public sector as well.
AB: Considering the customer’s viewpoint is a perfect way to look at risk holistically. Every department in a bank is responsible for risk. Thus, silos need to be broken and communication between the different functions improved, and this can now be enabled by technology.
How can technology help optimise risk management?
RN: Increasingly, we feel there are some challenges in using data from an ethical perspective. How do we ensure we don’t end up with unintended consequences due to modelling our customers’ data? For instance, if we become more sophisticated at modelling the propensity of a customer to commit financial crime, or pose a compliance risk, do we end up inadvertently becoming less inclusive and less able to target the unbanked at a time when probably we should be trying to do the complete opposite? There is also the question of staff surveillance; what is legal but fails on the “creepiness” test?
ML: The debate about vaccine passports has dominated the news recently, showing that the ethics of handling customer data is no longer a horizon risk. As banks, we are grappling with the same challenges: we know if we use data-driven insights, we can make better business decisions and we can improve the way we serve our clients. But what is the tipping point? While customer data protection has long been part of the design of a bank’s processes and systems, with increasing digitalisation, data management best practice needs to be embedded into its DNA. Ultimately, the customer’s data is a gift and we must keep it secure.
JM: We think of cybercriminals as competitors who are trying to steal our business, so we combat them by making it too expensive for them to spend time trying to hack our systems. A security bug is a big draw because it allows you to hit multiple people all at once and in banks no one has coded everything from scratch. Chaos engineering is going to become more prevalent in our industry. We deliberately attack our systems in a controlled manner to test and prove we are resilient.
SV: There is a lot of artificial intelligence (AI) and machine learning in the banking industry, though some applications are more mature than others. Smart partnerships that drive innovation will be vital to delivering super specialisation, for example if you want to optimise the noise-to-signal ratio in ATM fraud. It’s about adding value to the customer, but not at the cost of impacting operational resilience. For this reason, we need to be bold, be innovative, fail fast and move on.
CB: There are so many shiny new tech toys and it’s easy to think a bank has to have the latest gadgets and be deploying the latest piece of AI, but without actually understanding why. It’s critical to go back to basics and back to your first principles. Ask yourself, “What benefit is this bringing to either the business or my customers?” It’s an exciting time to be involved in resilience and risk management because it means looking carefully at your organisational structure and culture.
AB: It is indeed an exciting time and there is clearly a real focus on operational resilience in the digital age from those in the financial services space. There are many challenges, but a bank’s technology stack must support the desired outcomes. It will be fascinating to see how the ethics and compliance concerns evolve in the coming years.
For more information please visit