Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:49 Page1
1
Editorial Didier Planche Editor-in-Chief
Substantial stakes and challenges
@ d.planche@banque-finance.ch
I
T investments within the banks will start to reduce due to the completion of migration projects and the increasing tendency to resort to outside systems, rather than to standard applications developed internally. Indeed, banking establishments are tending more and more to outsource their IT development, due to the basic costs involved and without really verifying the performance of their own present installations. All the same, taking all economic sectors into account, it is still the banking industry that has the highest IT budgets, as it has to meet the demands of controlling and risk management, as well as to comply with the new ever increasing and stricter regulations.
control and implementing all the specific requirements of the newly introduced regulations. In addition, the proposed costs must clearly remain reasonable. Two directions among others stand out in this regard, namely on the one hand, recourse to a remotely operated central console controlling the server, storage and the networks, while on the other, the use of third generation applications, flexible and easily maintained, strictly separating the presentation, application layer and data storage. In the same way, an architecture orientated towards the banks’ commercial processes, treated as services, would amount to a decided commercial advantage. BPO and cloud computing as the focal point
Only in the computer field, the banks are obliged to face important challenges, of which the first priority is to meet the expectations of their clients, who want, for example, fully secure internet banking transactions, and new performance levels with real time services, or even more transparent invoicing. Then, with the reinforcement of the taxation regulations in relation to compliance or to risk management, amongst other aspects, following the financial crises, becoming almost an everyday occurrence, this forces the banks to rapidly apply the corresponding directives, in order to avoid incurring losses or even the suspension of their licences. According to Hauke Stars, General Manager of HP Switzerland and Country Manager of HP Enterprise Business, the banking institutions are also contending with demands for an extremely high quality. “When it’s a question of replacing applications, they aim for the best-of-breed and the perfect solutions. In practice, they need those that enable them to reproduce the range of their former individually developed tailor-made services, and in parallel the agility and suppleness needed to innovate service benefits and in so doing, outflank the growing competition”, she declared in 2010, in a professional magazine. Consequently, the IT providers’ mission now is to offer their banking clients the best available options with maximum risk
At the business process outsourcing (BPO) front, its penetration of the banking sector appears to be set fair. Banking establishments, whose margins have decreased in recent times, are concentrating their efforts on this strategic orientation, needed to reduce their costs radically to remain competitive. The BPO finds its validity especially in the management of shares and payment traffic, but also in the management of communications, credit transactions and research. Cloud computing with its data centres could also become more important, as long as fears about data protection are completely overcome. A remote computer service enables customers to access the power of calculation, storage capacity and many applications located in the decentralized data centres. The big players in cloud computing, such as Amazon, Google, Microsoft, IBM and HP, have understood the potential of such a service, whose world market is estimated to reach USD150 billion by 2014. For their part, on-line banking services could explode between now and 2015, possibly even putting an end to local bank branch offices… The future stakes and challenges for the banking and computer industries, do indeed appear to be substantial enough for them to have to work together hand in hand. BANKING SOLUTIONS 2011
Banking solutions ok.indd 1
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:49 Page4
3
Content Editor-in-Chief: Didier Planche Contributors to this issue: Didier Assandri, Enrico Chincarini, Paul Cohen Dumani, Jean-Claude Favre, Nicolas Giannakopoulos, Enzo Giannini, Nicholas Hacking, Michaël Heijmeijer, Peter Hofmann, François Jeannet, Christian Knechtle, Elisa Kogej, Falk Kohlmann, Joseph Kuettel, Yoann Le Corvic, Raffael Maio, Charlie Matter, Christian Marchand, Reto Marti, Julien Probst, Marco Ricca, Alain Rubeli, Etienne SaintRaymond, Etienne Savatier, David Sikorsky, Romain Touren
Can the banks take advantage of the Cloud?
Tendencies of financial Applications 32
Lower costs counteract reduced margins Cover - Fragment from La Mutante by Lu. Acrylic on canvas, 2010 116 x 81 mm
Publishing: Promoédition SA Delegate Editor: Roland Ray
1
Leaders’ Interview 5
Challenges and opportunities in a new world of information technology
Impression: Atar Roto Presse SA
Topical of Regulation
www.banque-finance.ch Edition and Administration: Banque & Finance Rue des Bains 35 Case postale 5615 1211 Genève 11 Tel. +4122 809 94 60 Fax +4122 781 14 14 E-mail: info@banque-finance.ch Advertising: Médiapresse Pub SA Rue de la Vigie 3 Case postale 1119 1001 Lausanne Tél. +41 21 321 30 77 Fax + 41 21 321 30 69 In charge: Roye Yarden Subscriptions: Promoédition SA Case postale 5615 1211 Genève 11 Tel. +4122 809 94 55 E-mail: abo@banque-finance.ch Ccp: 12-17931-5 1 year subscription (6 issues) CHF 60.2 years subscription (12 issues) CHF 90.Banque & Finance is issued 6 times per year and publishes one special edition. © Promoédition SA, Geneva, 2011
Editorial
Substantial stakes and challenges
Marketing: Florence Ray
Outline & Layout: Lucile Dubost, Alter Ego Médias
36
Wallet 2.0
39
Bank IT: Trends and challlenges
Photo de Une © Bertrand Rey
Production: Maryse Avidor
Stakes of Security
29
8
The business of IT: How regulation makes it evolve from an enabler to a partner
13
Problems and challenges with the application of the “Basel 3” capital solvency ratio for banks
New Tools of strategic Management 16
Any new trend in banking BPO in Switzerland? No news or the calm before the storm?
42
New trends in banking systems: A subject that will always be topical
43
The IT advantage: Why SMBs should use technology to solve the accounting and administration problem
49
How should IT architectures change to support a taxdeclared asset strategy?
52
Mobile banking: what is it?
54
Trends in Trade Finance technology: Improvements in collateral Management and Supply Chain Finance
56
Investing in Corporate Information Security: One of the toughest challenge of the incoming years
60
New orientation and trends on banking software security
62
Ensuring data confidentiality in the 21st century
64
Rationalisation of costs in CoreBanking vs security
66
Can we trust emerging mobile devices’security and allow access to sensitive data?
68
A New Computer Security Gold Standard
Evolution of Trading online & financial Informations 71
Trading technology: The next challenges?
74
From financial information to financial intelligence
77
Finance Forum
Can the Banks take advantage of the Cloud?
18
IT outsourcing: A panacea for swiss Private Banks
23
Moving from silo matching to global enterprise wide reconciliation
26
29
Modern technology: Relationship Managers facing new challenges
Your magazine on the web www.banque-finance.ch BANKING SOLUTIONS 2011
Banking solutions ok.indd 3
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:49 Page5
5
Leaders’ Interview Banking Solutions has interviewed two leaders in banking information technology, Jean-Claude Favre, Chief Information Officer, and Etienne Saint-Raymond, Corporate Secretary, Crédit Agricole Suisse Private Banking Services. These two experts reveal the new challenges facing the computing business as regards recent banking regulations, information security, and the evolution of Business Continuity Management and cloud computing. They also touch upon the next big IT trends in on-line banking services.
JEAN-CLAUDE FAVRE CHIEF INFORMATION OFFICER
ETIENNE SAINT-RAYMOND CORPORATE SECRETARY
Challenges and opportunities in a new world of information technology Banking Solutions: What are the main challenges facing the IT sector in order to address banks’ new needs? Jean-Claude Favre & Etienne Saint-Reymond: Against a backdrop of continual and ever-accelerating changes, the challenges facing private banks’ IT departments are increasingly complex and costly. The departments have to respond both to the expectations of authorities – for example, in terms of reporting – and the requests of clients who are more and more demanding. Whatever the area – legal, tax, compliance, risk
© point-of-views.ch
management – these constraints require major IT developments so that institutions can perform the necessary controls and reporting procedures in accordance with requirements. Only banks that have scalable, high-performance information systems will be able to keep pace with the changes stemming from a constantly changing environment. BS: What precisely are the key issues for the IT sector in light of recent banking regulations, particularly as regards taxation?
BANKING SOLUTIONS 2011
Banking solutions ok.indd 5
23/09/11 16:56
6
Leaders’ Interview Crédit Agricole Private Banking Services now serves more than 20 private banks with its one-stop BPO offering, which combines the S2i system in Application Service Provider mode and the outsourcing of back office services for securities, payment instruments, foreign exchange, cash management and, in some cases, accounting. The client banks are based in eight countries: Switzerland, Luxembourg, Belgium, Monaco, Portugal, Singapore, Hong Kong, and the Bahamas. We have developed a large number of innovations, including: • c onsolidation of multi-deposit portfolios, whereby a client’s assets managed by the bank are aggregated with the assets that he or she has deposited with other banks and that are reflected in S2i’s mirror accounts; •m anagement tools for independent wealth managers and securities dealers; • i ntegrated handling of French and Belgian tax regimes, pending the addition of other European systems and implementation of FATCA; •a business intelligence IT system, which is totally compatible with S2i and provides a full set of decision tools; •a major upgrade of our e-banking module, eS2i , which gives clients secure access to their portfolios, with enhanced capacity for position checking and straight through processing of securities transactions and payments.
J-CF & ES-R: The major issue is to successfully implement solutions appropriate to new banking regulations, often in very short timeframes. The solutions must be consistent with existing IT systems, yet flexible enough to be upgraded and meet future needs that are as yet unidentified. A bank IT system spanning several financial centers has to cope simultaneously with several sets of banking regulations and/or tax regimes. Since each set of regulations evolves at its own pace, the teams responsible for incorporating new developments need specific expertise. Such level of expertise is affordable only in IT organisations of a certain size, which explains the growing interest in pooling such developments. BS: How will these mandatory IT innovations affect banks’ operating costs? J-CF & ES-R: Each of the IT developments prompted by the above-mentioned changes entails a sometimes considerable cost, which has to be borne by the bank or banks using the application in question. This obviously has a negative impact on operating costs. The additional expenditure is generally passed through to clients, making the financial center in question less competitive. For example, implementation of the Foreign Account Tax Compliance Act (FATCA) will cost many banks several million francs to adapt their IT solutions. BS: For banks, what are the main issues in terms of IT security? J-CF & ES-R: This is another area that will have a major impact on banks’ operating costs. The technologies developed in recent years have delivered greater opportunities for significant expansion; but they have also forced banks to introduce a range of monitoring tools that are more sophisticated in terms of security. Our clients want easy access to information, but this must not be achieved at the expense of security. Here, too, small banks are finding it increasingly hard to justify the cost of setting up an infrastructure with robust security. They will therefore have to rely on a shared platform, splitting the cost with other banks that have similar needs. Choose a BPO solution BS: For banks, what are the implications of Business Process Outsourcing and Business Continuity Management, and how do you analyze the advantages and disadvantages of these innovative IT management tools? J-CF & ES-R: For all the above reasons, Business Process Outsourcing (BPO) solutions are an effective response for banks faced with rising operating costs as a result of the increasingly complex regulatory environment. Banks can benefit from the resources and expertise of a major organisation while sharing the related costs with other BPO clients. The same applies to Business Continuity Management (BCM) solutions, which allow some banks to benefit from needsresponsive common infrastructures if they have to move to a backup site. These backup facilities are very often too costly for a single institution, even though they are vital to business continuity if its live-business site is down.With a BCM offering, the bank gets a solution appropriate to its size and resources. On the other hand, it has to agree to share this solution with other insti-
tutions. BPO or BCM solutions can often impose a number of technical or organisational constraints on a bank, which would not be the case if it had a proprietary solution. When choosing a BPO solution, the bank needs to adapt its organizational structure so that it can operate with the solution. It must then make sure that the structure evolves in synch with the BPO solution. BS: How do you view the development of cloud computing and datacenters in the banking sector? J-CF & ES-R: We are convinced that the banking sector will continue to make use of shared datacenters. However, a distinction needs to be drawn between the optimisation and sharing of a costly infrastructure and full dematerialisation of banking IT. In our view, cloud computing in the banking sector is conceivable only for private clouds. So we are not in a situation where a client bank is unaware of where its data is located inside the cloud. To be able to manage sensitive data and keep information confidential, banks will need to know where and how their data is stored at all times. BS: Based on your expertise and judgement, which bank IT applications currently offer the most advanced functionalities, and in which specific areas? J-CF & ES-R: Crédit Agricole Private Banking Services has produced a solution designed mainly for private banking. In this sector, our S2i solution is one of the most feature-rich and comprehensive applications in terms of functionalities. Because S2i is offered only as part of a BPO offering, it cannot really be compared to “banking package” solutions such as Avaloq, Apsys or Olympic. Some banks may opt for a solution that offers less functionality but gives them greater control because it is installed on their servers. Greater mobility BS: Mobile phones now offer a host of practical banking applications. What do you think of this technology, especially in terms of secure transmission of confidential data? J-CF & ES-R: Mobile phone-based banking apps will continue to develop and gain ground, especially in the personal and retail banking sectors. Secure solutions will allow clients to check their bank balances quickly and easily and perform small-scale payment transactions. It is less certain whether such apps are necessary in private banking, where clients place a premium on discretion and prefer personal contact with an advisor. BS: In your view, what will be the major IT trends in the coming years and will on-line banking services experience explosive growth? J-CF & ES-R: Bank customers have already gotten used to some ownline services, such as account-checking and bill payment. This trend will continue, with greater reliance on mobile solutions for routine payment transactions in restaurants, cinemas, public transport, shops and so on. Future IT solutions will have to adapt to the need for greater mobility, and provide the levels of flexibility and security that are necessary in an increasingly demanding banking environment. Interview with Didier Planche
BANKING SOLUTIONS 2011
Banking solutions ok.indd 6
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:49 Page6
8
Topical of Regulation
The Business of IT
Elisa Kogej Managing Consultant at Global Business Services, IBM Switzerland
@ elisa.kogej@ch.ibm.com
How regulation makes it evolve from an enabler to a partner New regulations have an increasingly complex impact on IT services. On top of traditional IT challenges, they push the IT sector to manage projects differently, to provide IT governance and require new competences to support this shift in mindset. Business and IT are becoming close partners.
Resources Allocated to Using Data
T
he implementation of new regulations for Swiss financial intermediaries has become far more complex in recent years. Financial intermediaries have not only to comply with Swiss regulations, but also with international ones (AML and GAFI), or legislation imposed by one country on others (FACTA). In some cases, even though they do not need to comply with such laws, they still need to analyze the impact on their strategy (e.g. MiFID for Swiss banks). There is generally a twofold purpose for this legislation. Some aim at managing the risks (e.g market and liquidity, systemic risk) and, assuring transparency and disclosure. The interests of the customer, the government and the bank converge here. For others, the purpose is tax-related and has a direct impact on the customer (QI, ESD). In this latter situation, it increases the amount of risk to be managed by the banks, forcing them to review their business strategy as well. In both cases, the challenge for financial intermediaries is about how to manage data from data capture to reporting (to top management for liquidity management or reporting to local authorities for Basel II/III). Legislation thus has a cross-departmental impact
Source IBM Global Business Services n: 103
starting with the on-boarding processes (front-office), through investment decision (RM), transaction (back-office) up to reporting (either to the customer or the local authority). It also impacts business strategy, processes, operating models, data and systems, and thus IT, and therefore requires an appropriate project management and organization across the bank. IT has a specific role to play here. The approach for implementing legislation changes is different to the one used for business strategy. The main challenges faced when implementing legislation changes are to shorten the lifecycle between final requirements and solution delivery, as well as to deliver on time and with quality. Up to now, most IT projects have been initiated by internal demand to create value for the customer (products, new services etc.).
BANKING SOLUTIONS 2011
Banking solutions ok.indd 8
23/09/11 16:56
9
Topical of Regulation
Information and Data Challenges to Profitability over the next five years
different options and monitor them while the legislation is changing prior to final implementation. Technical Challenges
Source IBM Institute for Business Value analysis / CFA Institute Survey n: 1207
The business asks for a certain delivery date and quality, while the IT confirms whether it is possible or not and whether it is in a position to improve quality afterwards. Constraints and impacts in case of non delivery are mainly internal; customer experience may also be impacted. This is clearly the opposite for the legal projects. The initiation of the project is external, the banks and the IT face external constraints concerning deadlines (not possible to postpone them) and on quality (no errors are accepted), and requirements are not fixed as long as the legislation is not finalized. How should this be approached? From an ad hoc and sequential approach to a strategic and iterative view: IT services evolve from being an enabler to a partnership with the business. The IT department should start to analyze the impact on the systems and data prior to the final version of the legislation and be pro-active. Since legislation has unclear areas or open points, IT should work with assumptions to build scenarios and identify how it impacts the IT short and long-term strategy plans, requiring a 2 to 3 year overview at least. CRM is one of the applications to be impacted. There are several key questions concerning modification of a CRM. What is the current roadmap for this system? Will it still be in place? What are the other currently identified requirements for this period? Are there any issues for the release management? What would be the retro-planning and deadline for final functional specification? How does that match with the currently expected final legislation? Should banks split the change delivery service: cross-project or otherwise? This is only possible if the business has previously carried out the same exercise with its own business strategy. With legislative projects, the IT is no longer here as an “enabler� just to support and implement the business strategy once decided, but should probably become a partner in the business strategy decision process. IT would be in a position to offer
Becoming a partner mean: having its own governance and interacting with different stakeholders. Where this is not already the case, top management will probably push to extend governance to the IT department. An effective IT governance framework would thus include such activities as strategic alignment, IT performance measurement, risk mitigation (including compliance), value delivery and resource management, helping financial intermediaries in both increasing value for customers and managing risks. In such cross-departmental projects, it is sometimes difficult for banks to appoint an owner of the project. Is it a legal, compliance, tax, business, operational or IT project? In reality, all these departments are involved and provide their own input at different times. There are different stakeholders with whom to interact. These projects therefore require new profiles, combining a global view of the bank with legislative understanding to quickly identify the impacts and implementation challenges and being able to understand all key stakeholders.
IT departments facing the following challenges with legislation
1 Business, Legal, Compliance, Finance‌
This is from the organizational point of view, but regulations also introduce other, purely technical challenges. All legislation usually impacts the same data and systems, but business rules are subject to change over the years. There is a consistency and repetition in the main systems, data and processes impacted by regulation. Impacts are on BANKING SOLUTIONS 2011
Banking solutions ok.indd 9
23/09/11 16:56
10
Topical of Regulation
Regulations strenghten the « Plan and Manage » activities (64%) of the IT
Source IBM
customers (CRM, customer documentation storage and life-cycle, account opening, communication to customers), on portfolio management, on products (specific information which could be provided internally or through external providers), transactions and applications displaying available information differently to cover reporting needs for a local or foreign authority or for a customer. However, the business rules for applying local tax legislation are complex, various and subject to update. And this is especially true for withholding and reporting. A huge amount of business rules and data must be implemented one-off and kept updated every year, whether developed internally or externally. A clear data and business architecture is needed to assure integrity and validity. Some banks have launched initiatives for a data dictionary, clear data maintenance and clear data business ownership. They will be in a better position to match the information available at the bank to the legislation requirements very quickly. It will also enable top management to gain insights, act, and take decisions based on them. Data management and analysis is thus key. It is beyond the technology itself to call for transforming data into information or to create real data ownership accountability throughout the bank. Many answers A flexible and scalable IT infrastructure is needed but probably not sufficient. Is there a “miracle solution”? Should you choose an integrated platform? Whether developed internally or bought from an external provider, such a platform will certainly not cover all requirements. Why? This multi-tax environment is mainly a challenge for countries like Switzerland, and external providers deciding to support this approach need sufficient customers to cover the incurred costs. Would the
number of Swiss customers be enough? Could you choose a standard external solution for specific needs? This could probably be an option for customer identification or reporting (to either local authorities or customers). Reporting will become a strategic competitive advantage. Since there is usually a standard format per country, adopting a standard external solution would not decrease the added-value to the customer. The legislation creates business opportunities for external tool providers in the “on-demand” market. On the other hand, it also creates more responsibilities as tools have to be compliant. Thus, software providers choosing to work on legislative applications will have to decide on their strategy very early on, before legislation is finalized. to be part of the options analyzed by the banks. They will also, like banks, need to manage the shortened lifecycle between requirements and delivery. How will they manage integration and deployment on time with all their customers? How will they support starting development which may change at the last minute? How will they update legislation changes over the years? 50% of those interviewed by IBM said outsourcing infrastructure or development has a low impact on business goal achievements. In all cases, we are talking about adding layers to the architecture and infrastructure. This will increase both implementation and running costs. External providers or outsourcing options do not remove the need for financial institutions to identify strategy and its impact on customer services, processes etc. In reality, there are as many answers as there are bank strategies. Back to basics for solution design and choices. When building or choosing an external solution, we recommend thinking globally by leveraging existing solutions in Switzerland and at the Group level, and collapsing silos to avoid working in isolation. Anticipating how the solution can be re-used or extended to cover long-term IT needs is key. It is also sometimes a good opportunity to put more pressure on providers. We should also keep in mind traditional reasons for choosing a solution: budget, flexibility in maintaining and running the system, further developments, adaptation to the banking processes, return on investment etc. Banks need to reduce costs, including the IT budget. We can anticipate that a large part of the IT budget may be assigned to legislation requirements leaving little over for business initiatives. IT will thus have to show intelligent cost reduction and/or provide regulatory solutions that can be leveraged for other business needs. The increasing regulation may appear to be a burden for some financial intermediaries. In the current environment of cost reduction and increasing customer expectations regarding risk management, those legislative projects will help financial institutions to reassess their playing field, to focus on the most important objectives and to formalize their business strategy and operating model, including IT. The business of IT, as a partner, is to be part of a simplified agile enterprise that balances growth, efficiency and business resiliency.
BANKING SOLUTIONS 2011
B&F 110 juill-aout.indd 10
26/09/11 12:36
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page7
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page8
13
Topical of Regulation
Problems and challenges
The application of the “Basel 3” capital solvency ratio for banks
Romain TOUREN Consultant, Amaris
@ rtouren@amaris.com At the end of 2010, the “Basel 3” agreement released new prudential standards that are gradually forcing European banks to raise up their capital levels between 2013 and 2019. Now, these new requirements have changed the strategy of banks in managing their liquidity and cost of capital.
I
n 2007, the subprime financial crisis highlighted serious shortcomings in the management of bank portfolios around the world. The first lesson of this crisis is the excessive growth of bank balance sheets and off balance sheets materialized mainly by the proliferation and complexity of derivatives. Simultaneously, the other that emerges is the obvious degradation of the level and quality of capital to cover market risks. As a consequence, many financial institutions that did not have enough financial resources to support the liquidity crisis either went bankrupt or were bailed out by the states at the end of 2008 and during 2009. On 16 December 2010, the initiative to reform banking regulation was taken by the enactment of the “Basel 3” agreement to avoid a new future systemic risk related to the interdependence of banks and a new crisis of confidence and liquidity widespread in the international regulatory organizations, under the FSB (Financial Stability Board) and the G20 leadership. These should be gradually rolled out between 2013 and 2019, and apply mainly to European banks (American banks have adopted their own regulatory framework without
applying the standards of Basel 2). The first key step to these agreements is to strengthen the quality and quantity of available capital in the banking system. In that sense, “Basel 3” provides an increase in the solvency ratio of Core Tier1 that will rise from 2% (Basel2) to 4.5%, with a safety cushion of 2.5% (by 2019) in which banks can draw on case of difficulties. This means that the “hard” capital comprised exclusively by shares and preserved benefits into funds, will now represent a 7% of the market activities of banks or credit. In order to force banks to comply with these new requirements, the Basel 3 plan, to limit the distribution of dividends and bonuses as the capital ratio, does not account for 7% of their commitments. More expensive and unstable In this context, financial institutions have two options to settle down with this reform. Either they resort to the market or they stock up on the needed capital due to the potential benefits they will be able to generate. In order to effectively control their capital requirements, banks will have to learn to referee the most of their equity allocation according to market opportunities. They should also put under close supervision changes in their risk-weighted assets so that decisions taken in this area set up a new spur of action as potent as the one that carried out in terms of income and costs. Specifically, this approach leads to the implementation of tools for valuation of assets by type of activity and the development of specific deferred. Strategically, in terms of image, a poor assessment of risk-weighted assets is highly detrimental to the financial institution, because it reflects a failure of the BANKING SOLUTIONS 2011
Banking solutions ok.indd 13
23/09/11 16:56
14
Topical of Regulation
Capitals that banks should have % of assets (calculated on basis of risk)
Since the beginning of 2011, some banks have already anticipated liquidity constraints proposed by European regulators, tightening up significantly their constraint liquidity in dollars and euros on volumes in the medium term. Meanwhile, a number of banks have implemented volume indicators of liquidity by job. The purpose of these ratios is to calculate the net balance of funding, that is to say, the difference between assets on the balance sheet and liabilities established according to rules set by the bank. In addition, steering and surveillance committees have been implemented by some stakeholders to define and control their managing capital and liquidity polices for each of their activities. Thus commercial teams are beginning to be aware of these issues and guide their actions in order to be fully consistent with this new strategy. An opportunity for banks
1 - See the graph 2 - LCR: Ratio to one month designed to enable banks withstanding severe liquidity crises over a period of a month. 3 - NSFR: Ratio of one year designed to enable banks withstanding during a year to a specific situation of crisis to the organization. Its principle is: the amount of the required stable funding must be less than the available stable funding.
bank to provide the market with an objective anticipation and justified by results of the future exercises. Consequently and inevitably, investors who abhor uncertainty will surely punish the securities market. The second part of Basel 3 agreement provides the establishment of two new liquidity ratios (Liquidity Coverage Ratio “LCR”2 and Net Stable Funding Ratios “NSFR”3). Since the crisis of 2008, the refinancing terms of financial institutions in the markets have become more expensive and unstable. Thus the liquidity risk has become a very important parameter to manage market or credit risks. The aim of these new ratios is imposing on banks a more conservative management of their liquidity. Even though national and European regulators recommend an observation phase, banks are preparing, from now on, the introduction of these new indicators, on the one hand, for being fully operational within the time limits imposed by regulators and, on the other hand, for demonstrating to their clients, counterparties, and shareholders, the ability of the establishment to adapt and effectively manage regulatory constraints and external events.
Some institutions are even considering, in their investment banking activities, to be separated from important historical and too greedy customers in terms of capital allocation and without having a decent “Allocated capital/ Net Profitability” ratio. The deployment of this device offers those banks that have adopted it the opportunity to integrate a recently introduced constraint in their “business model”, which is undoubtedly destined to be perpetuated over time: liquidity risk. In a context where issues of liquidity and capital lead to a reorganization and improvements in the areas of activity by country and jobs, control and cost control within each activity is the basic trend detected in the present among the major European banks. Levers operated by banks to manage their costs can be materialized in different ways: • A new strategic estimation in jobs like financial engineering, marketing and innovation. • An improvement of process and industrialization of the computer tools at the best price/ quality ratio. • A complete reorganization of back office and middle offices structures. For example, the growing increase of liquidity costs encourages more and more banks and businesses to diversify their risks and limit the financial strength invested in each deal. In this context, the number of syndicated loans and their complexity grows with the number of participants and with the increasingly significant phases. Departments in charge of processing these services must be reorganized accordingly and adapted to this changing market. • An evolution of the recruitment policy that aims to optimize the redeployment. The emphasis is on the management and allocation of expenditure related to external resources. The implementation of the cost management, liquidity control and capital adequacy is an opportunity for banks to apply as soon as possible. This will allow them to enjoy a decisive competitive advantage in a complex and challenging economic environment.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 14
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page9
16
New Tools of strategic Management
Any new trend in Banking BPO in Switzerland?
François Jeannet Partner, Management Advisory Services Ltd
@ francois.jeannet@mas-ltd.ch 2011-08-16 - If we take a picture of the landscape today, no major changes have occurred lately. But we are convinced that we are on the verge of the third major pattern change in banking logistics, after the creation of associations like Unicible, AGI and RTC, and the second wave that led to the standard platform wave, dominated by Avaloq, Finnova and Ambit.
T The three Banking Logistics waves
© management & advisory services ltd
he frame conditions have evolved in favor of a structural change, but when will it happen? Since our first BPO Delphi study in 2005 industrialization of banking logistics has been discussed extensively. Even if it seems clear that banks also will have to industrialize their production like most of the other industries did, we are still waiting. If we carefully assess the different decisive parameters, one could come to the conclusion that indeed the third wave is nearer than we think. (fig.1 The three banking logistic waves)
A market calling for consolidation: Today the most relevant dozen BPO providers fight for a market potential of about CHF 1 Billion. There is hardly any larger IT or BPO provider, including international ones, that is not considering entering the Swiss market. The reality is that the Swiss market is very scattered in relation to its size, which does not make economy of scale any easier; different languages, different economic environments, different sizes and, as a consequence different business models. The conclusion would be that after some “trial and error”, only a few platform based and industrialized providers probably Swiss ones, will establish themselves. A new generation of top-level bank managers has a better understanding: At CEO and Board level the «managed evolution» (further development of the proprietary banking solution) option is no longer acceptable for the new generation of CEOs, without a thorough comparison to a standard platform or even directly to an outsourcing solution. The question of focusing on the core business and freeing up means to strengthen the differentiation at the front becomes a postulate. It becomes more and more clear that the differentiation in the area of production is, at best, a negative one if you are not up to the quality benchmark. What is required is the use of state-ofthe-art solutions to cope with the bank’s clients needs. Editors have reassessed their positions towards BPO: It becomes clear to editors like Avaloq, Finnova, Sungard and Temenos that they can only have access to the large portion of the small- and mid-sized banks or new market entrants with a lean BPO offering, such as banks are not willing to bear the cost of their own infrastructure. How they are concretely going to respond to this may be object of some speculation. While Avaloq, Finnova and Sungard can pretend to have more or less formal communities around their platforms, others like Olympic and Temenos are far from it. Another challenge is to provide the clients with a platform and migration path from a proprietary parameterization to a BPO set-up, a “pay as you go” concept. BPO providers understand that they need to generate an economy of scale and be profitable: It seems
BANKING SOLUTIONS 2011
Banking solutions ok.indd 16
23/09/11 16:56
17
New Tools of strategic Management
trivial, but this is not the predominant logic of former captive businesses. Many players increasingly understand that there are limits to growth, an adequate governance and an industrialized production platform being two of them. Still the majority of providers has the first generation carve-out governance, giving the sales department a hard time to overcome the market perception of a captive business. Being a BPO provider also requires market skills like productizing and selling, not the core competences of a former bank back-office. These are competences that should be brought in by new shareholders, like Finnova did in 2006 when it opened its capital to MSG, the German technology company. As for the production platform, the current predominant pattern of custom parameterization is a limit to profitability for a service provider, which has to cope with the banks’ expectations of substantially lowering the back-office costs. Increasingly, providers are considering putting in place model banks as their production base, like B-Source on Avaloq. What about cost as a driver? Yes, cost reduction is a driver, but not the single most important obviously! The smaller the bank, the more other aspects like focusing on the business side, lack of skills in the domains of IT, logistics, compliance, taxation, and time-to-market are predominant decision criteria for a BPO solution. In general banks have been worried about the erosion of their margins, but obviously the pain has not been big enough so far to place more emphasis on industrialization. Has this changed? Not really, but in conjunction with the other patterns described above, movement will take place in the BPO market.
What are the latest evolutions and what can we anticipate in the near future? Still waiting for the big moves of large banks on proprietary solutions: Large banks like Julius Bär, UBP or Banque Cantonale Vaudoise still operate on platforms that will have to evolve sooner rather than later. Their moves will no doubt have a large impact; will it be an established BPO market leader or a new entrant? Whether they decide for a BPO approach or not is difficult to say. It would, however, not be surprising if such a move entailed substantial changes at the level of the governance, not only of their own logistics but also of the chosen provider’s one. Meanwhile clear signs of consolidation along the main platforms make themselves felt: The successful migration of BSI to B-Source’s «B-Source Master» based on Avaloq beginning of July is a clear step into the direction of industrialization, as B-Source intends to implement all the clients on this same platform, also abroad. This could be attractive to a number of banks that were waiting for the successful migration to see if this approach succeeds. On the Finnova side, a similar though less integrated offer is available with different providers for Application Management, IT Outsourcing and BPO like Swisscom IT Services, Sobaco, Finanz-Logistik and Finnova. Credit Agricole PBS continues to consolidate its position with small banks and new market entrants, but also with foreign branches of Swiss banks, like UBP in Singapore. It will be interesting to see to what extent Avaloq and Finnova take a clear position regarding the BPO market, also in the light of the increasing activities of
Sungard on the Swiss market targeting small Banks and a direct BPO offering. At the same time, many small moves take place and new BPO offerings emerge: Lombard Odier, Private Bank Espirito Santo, Neue Helvetische Bank and SFB (Services for Banks) have redefined their set-ups and ambitions. Their rationale seem mainly driven by the banks’ wish to lower their own cost base. The sustainability of such an approach has yet to be proven. To summarize, the market leaders B-Source and Credit Agricole have improved their competitive position, while others have kept a slightly improved or unchanged position like Swisscom IT Services and Wegelin. InCore Bank, Finaclear and SFB have lost ground due to problems with projects or restructuring. Increased competitivity of Swiss Banking: We must hope that the Swiss banking community realizes that BPO could be one of the measures to improve the competitiveness of the whole Swiss banking industry by freeing up means and investing in added value added such as client facing solutions. Today Switzerland is, according to Gardner, at the lower end in Europe regarding the BPO rate. In order to have a sound situation, the market should however be consolidated to allow critical mass resulting in lower cost for the banks and profitability for the providers. It is essential for banks to be able to count on a limited number of strong BPO service providers rather than have a large choice of unsustainable providers fighting for survival.
On August 31st BSI and Avaloq communicated that Avaloq has acquired 51% of B-Source from BSI After a long period of small moves in the area of Banking BPO in Switzerland, BSI and Avaloq undertake a major step that may be the sign, that the long expected restructuring and consolidation of this industry has begun. This is good news for Banks looking to outsource their IT and back offices, as it is preferable to have a smaller number of solid service providers on the market, but larger ones, capable of leveraging economies of scale allowing for cost advantages for their clients and for own profitability, the condition for sustainability on the long run.
mas’ Delphi study (2010) pointed out a number of challenges service providers would have to tackle; many of them are addressed by this deal improving B-Source’s competitive position Improved governance: By letting the majority to a nonbank shareholder, BSI clearly demonstrates the will to establish a more neutral governance for B-Source, reducing the risk of conflicts of interests (real or perceived) with other banking clients of B-Source. Banking know-how remains at hand: The credibility of
B-Source’s banking skills remains untouched by the fact that BSI remains as shareholder and as large client. Credibility in Banking and execution quality are Key Factors of Success for a BPO provider in Banking. This will for sure be closely monitored by the Bank. Another important aspect of the closeness of the Bank is its function as initiator, contributor and β-client for new functions. Technical skills added: The choice of Avaloq as new shareholder is a clear commitment to an increased weight of technology supporting several aspects. In the constant strive
for lower operating cost, higher STP rates on one side (cost side) and the exploitation of state-ofthe-art technology (e.g. mobile and direct banking, security) to better address the needs of the clients of the banks (revenue side), technology plays a key role. Productizing skills added : As most of the existing BPO service providers are carve-outs of banks, state of the art industrialization, especially the packaging of a model bank as key element of the industrialization becomes key. The skills of an experienced actor on the “third party” software industry is crucial here. BANKING SOLUTIONS 2011
Banking solutions ok.indd 17
23/09/11 16:56
18
New Tools of strategic Management
IT Outsourcing
A Panacea for Swiss Private Banks
Enzo Giannini Head of Managed Systems and Client Support Services, SunGard AMBIT Private Banking
@ enzo.giannini@sungard.com
For many Swiss private banks, the challenge today is not just about maintaining margins while meeting client expectations, but also about ensuring that their business model is scalable and sustainable in an increasingly regulated and competitive market. Outsourcing can enable flexibility, enhance cost-effectiveness, and sharpen the focus on core competencies.
P
rivate banking represents the oldest form of Swiss banking establishment and there are many private banks today that can retrace their origins to the 18th century. It is in the last 70 to 80 years, however that Switzerland has truly established itself as a global center for private banking and wealth management. With a global market share of 27%1, Swiss private banks are market leaders in cross-border private banking and account for about US$ 2.1 trillion in international private banking2. The headline reason why Switzerland is such an important global hub for private banking is very simple; it provides unmatched excellence in service, coupled with Switzerland’s international culture, stable economy and political system, independent currency, and statutorily enforced confidentiality of client identity. But while the underlying market dynamics are fundamentally promising for Swiss private banks, the industry still needs to navigate through a number of significant changes as a result of the financial crisis.
The Changing Private Banking Landscape In the aftermath of the financial crisis, the traditional model and thus the supremacy of the Swiss private banks is being challenged. The prime reasons for this change are:
The Changing Private Banking Landscape
BANKING SOLUTIONS 2011
Banking solutions ok.indd 18
23/09/11 16:56
19
New Tools of strategic Management
Outsourcing: The Path to Agile Banking
• Loss in Fee Income: In the aftermath of the global financial crisis, international pressures are rising due to popular belief that client secrecy is being misused for tax evasion. As a result, withholding taxes has been negotiated and has been or will be introduced shortly. This has the effect of weakening one of the value points of the Swiss private banking industry, thus reducing the ability to charge premium fees. • Increasing costs of operations: Rapid technology innovation – the Internet, social media, rise of smartphones and tablets, is significantly influencing the way clients and employees communicate and collaborate. In addition, the industry is moving towards diverse investment products and a customer base that is more and more varied and increasingly demanding. These factors are creating immense pressure on in-house IT teams to try and keep pace with client demands for more innovative products and services, and global, full-time access, while budgets are simultaneously being constrained. • Rising Competition: In recent years, Asia-Pacific has seen the strongest rise in the HNWI population (+25.8% in 20093) with estimates that HNWI assets in Asia-Pacific will exceed those of wealthy North Americans as early as 2013. This is stoking the growth of Hong Kong and Singapore as major offshore hubs for managing wealth of Asia-Pacific HNWIs. In order to service this new client base and effectively complete with these centers, Swiss private banks first need to improve their price-competitiveness. Second, they need to expand their local presence in these countries, which has cost implications owing to additional administrative and regulatory costs. • Increasing costs of compliance: The increasing level of regulation in wealth management is a major challenge. For each target market, institutions must define a service model that meets the legal requirements (e.g. the planned introduction of the US Foreign Account Tax Compliance Act) which imposes new costs on banks thus increasing the costs of service. These pressures have translated into a loss in profitability for the banks. The operating margin of many private banks has fallen by around forty percent over the past 18 months, based on independent studies. What banks need is a model that is flexible, scalable, delivers smart cost management and enables them to win even when it boils down to price-competitiveness.
In the midst of this challenging and rapidly evolving environment, technology can work as a business enabler. Information Technology can help banks increase operational efficiency, boost connectedness, while allowing banks to easily and quickly introduce new products and services to respond to client demands. Even though technology is a major business enabler, however it is not the core business of a bank. A bank is not in the business of building or creating technology solutions – it’s a technology consumer. Why should a bank, therefore, be the one building and maintaining its IT infrastructure? This simple concept has resulted in the evolution of “outsourcing” as a business model. The logic is simple – transfer the onus of IT infrastructure creation, management, and upgrade to companies whose core business is IT creation, management and enhancement. While outsourcing as a business enabler has been a common practice in many industries, Swiss private banks have been late adopters of outsourcing models. In fact, the first form of the use of IT outsourcing by Swiss private banks only dates back 15 odd years when some private banks started to acquire standard IT packages from vendors. Slowly, banks then looked to buy smaller modules, such as a loan origination module, or perhaps a card management solution from technology vendors to integrate with their legacy systems. Even then, all systems were still deployed onsite. Outsourcing was taboo in this industry because it was perceived to undermine the safety and security of confidential client data. Within an outsourced environment, banks need to be able to manage their customer data, isolating confidential client data from operational data. Stringent security is required to safeguard their private client data, while at the same time capturing important demographic data to help optimize future product offerings. Multiple security layers and audit trail features options are needed to guarantee complete security, protecting both the bank and sensitive client information while improving operational efficiency throughout the entire client account lifecycle. In addition, most Swiss private banks have had limited, if any exposure to managing outsourcing relationships. Hence, for a bank to embrace this approach, they need a partner they can trust, and that understands the nuances of the private banking industry, yet which is experienced enough to handle the complexities of an outsourcing relationship. With more than 30 years in the business, SunGard is globally recognized for its expertise in the area of availability services. SunGard pioneered technology outsourcing and today manages more than 3,600 services customer worldwide, providing fully-managed, end-to-end infrastructure including the skilled personnel, the 24x7 support, and the space and power required to run customers’ physical and virtualized environments. Leveraging its expertise in providing managed services and bringing together best-of-breed solutions from the complete financial systems’ portfolio, SunGard launched Ambit Private Banking solution suite in October 2010. The solution suite
1 - The Economic Significance of the Swiss Financial Center July 2011. 2 - 2011 Global Wealth Report, The Boston Consulting Group. 3 - Wealth Management in Switzerland – SBA – February 2011.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 19
23/09/11 16:56
20
New Tools of strategic Management consists of solutions for core banking, portfolio management, client information management, analysis and control, asset management and alternative investment management and can be deployed onsite or via SunGard’s certified ASP center. This model provides the private banks in Switzerland with the security of an established core banking system along with the cost benefits of outsourcing IT infrastructure. Since its launch, SunGard has contracted with four private banks to deploy their technology infrastructure via its ASP center. Two of the four banks are already live on the Ambit Private Banking solution suite.
SunGard’s Ambit Private Banking ASP Centre
is easy to plan and manage over time. This converts fixed costs into variable costs and releases capital for investment elsewhere in the business. • Reduce labor costs: The ASP takes care of all staffing issues which means the bank can focus its attention on building human capital focused on its core business. • Increase efficiency: An ASP deployment model allows a firm to take advantage of the economies of scale of the ASP provider which is an added competitive advantage. • Rapid Time-to-Market: Handling integration project in-house might involve taking months to hire the right people, train them, and provide the investments and the support they need. With an ASP, all these steps can be skipped. • Level the Playing Field: An ASP can help small firms act «big» by giving them access to the same economies of scale, efficiency, and expertise that large firms enjoy. • Flexibility and Scalability: An ASP can help private banks to quickly scale up to larger hardware when needed (but not before), and also allows for the more cost-efficient provision of backup operational capabilities. • Innovate: An ASP-based model allows the bank to introduce new products and services on a trial basis without a significant upfront investment. • IT Expertise: With an ASP partner, private banks can access the expertise they require as and when they need it. • Reduce risk: An ASP provider would offer state-of-the-art software solutions, infrastructure and expertise which can help to distinctly reduce operational risk. • Increase company focus: In an ASP-based partnership, the bank is focused on its core business and the ASP is focused on its core business.
As a next step in the evolution of outsourcing, this aggressive cycle of providing services to the business that are cheaper to run, faster to access, and more relevant to driving productivity and growth will continue. Swiss private banks will continue to shed the burden of IT to technology partners and become true consumers of technology – agnostic to the internal implementation but focused on the depth of services, usability, and feature-functionality. Application Service Provider Today, Swiss private banks are looking to explore the different IT infrastructure deployment models such as Application Service Providers (ASP) that can help them match revenues with costs while improving operational efficiency, mitigating risks and sharpening the focus on the client. An ASP provides essential IT applications, integrates third party applications and operates them in its own data centers. It offers individuals or enterprises access over the Internet to applications and related services that would otherwise have to be located in their own personal or enterprise computers. The main advantages of such an approach are: • Control capital costs: An ASP can turn upfront investment in hardware and software into a recurrent cost that
Benefits of ASP To sum up, an ASP provides a “pay-as-you-go” pricing model that can help Swiss private banks transition to competitive banking services providers offering a greater variety of banking services, neutralize the associated investment costs, and allow it to test new products and services with less risk. This strategy allows a bank to match variable product usage with variable cost structure, since the bank only has to pay for its technology consumption. It provides economies of scale as well as economies of skill.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 20
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page10
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page11
23
New Tools of strategic Management
Moving from silo matching to global enterprise wide reconciliation Reconciliation has often be viewed merely as matching engines where in fact it comprises financial control systems involving a wider range of functions and serving a higher purpose. An effective reconciliation strategy will lead to the implementation of an enterprise-wide reconciliation in order to get a consolidated view of all business lines and reduce operational risks.
Etienne Savatier Associate Director, Sterci SA
@ etienne.savatier@sterci.com
STP and reconciliation ?
E
very time two systems (internal or external) record the same financial transaction in a different way, a reconciliation process must be implemented as a final check point to ensure global consistency. The most basic example is that of bank account reconciliation. The reconciliation of the bank statement confirms that the amount of cash reported by the company’s books is consistent with the amount of cash shown in the bank’s records. Reconciliation therefore constitutes a fundamental component of an administration’s internal control system. Reconciliation applies to more than just bank account statements, however. Back office operations involve internal reconciliation processes when handling multiple lines of business involving multiple systems and also external reconciliation with banks, customers, counterparties, brokers, and suppliers – among others. In the current economy, a greater focus on risk is driving the need to streamline recurrent and transparent reconciliation. This is only possible through automation and Straight Through Processing (STP).
A key role The reconciliation of an organisation’s finances is time consuming, costly and prone to human error with reconciliation errors having potentially major consequences on a company’s financial well-being. High transaction volumes, multiple bank accounts, different transaction types, multiple currencies, and various bank file formats exacerbate the problem. In peak traffic scenarios, late reconciliation may lead to significant financial losses. If an error is detected a day late, it can be remedied but detected a month late will undoubtedly BANKING SOLUTIONS 2011
Banking solutions ok.indd 23
23/09/11 16:56
24
New Tools of strategic Management
expose the organisation to financial losses. These losses include those resulting from failed transaction processing, or from a break down in relationships with trade counterparties, custodians or banks. Errors emanate from numerous and diverse sources, and include data entry errors, maintenance or data loading errors, missed deadlines, accounting errors, failed mandatory reporting, inaccurate external reports, missing/incomplete legal documents, unauthorized access given to accounts, and erroneous settlement instructions. The combination of these errors, if undetected, may constitute a significant end of the year loss for the organization. Reconciliation tools play a key role in this framework, with two separate process controls to be implemented at transaction level and account level. Transaction matching is an automated reconciliation process that compares internal source data, typically from portfolio management systems or treasury FX confirmations, to incoming external data. While transaction matching is the process that de-risks each individual transaction, account reconciliation is required to de-risk the entire account or position. Account reconciliation ensures the integrity and completeness of the transaction flow through comparison of opening balances with previous closing balances, validation of closing balances against the opening balance plus the sum of any new transactions, proof of internal and external balances, and unapplied transaction. If it is easy to reconcile SWIFT format against SWIFT format, it is certainly not the case with multiple sources of data extracted from various systems and received via various channels. To address this, a data acquisition and normalization tool is required, which focuses on translating the data received by the organisation into a consistent format so that it can be efficiently analyzed, matched, reconciled, and stored. Such a tool can also perform a pre-calculation process on certain types of balances. During the mapping and transformation processes, this tool should be able to filter, enrich, modify or transform values (e.g. b = buy) and aggregate data (e.g. individual transactions into one block position) as appropriate. Simple or complex business rules can be constructed and executed during pre-calculation, in advance of the matching and reconciliation phase. Another “matching engine” Of course despite everybody’s dream that everything should be matched at 100% during a reconciliation phase, this is never the case and hence reconciliation tools need to be combined with an investigation and exceptional management system. Usually reconciliation staff is not the transaction owner. So should the former detect an exception, it is the latter who processes and resolves the transaction. The system must therefore incorporate an integrated collaborative case management tool in order to open an investigation case and to assign it to the department that is the transac-
tion owner. Outstanding cases can subsequently be assigned, escalated, or force-matched by authorized individuals. To aid in the resolution of breaks and exceptions, the system typically offers templates for use in communicating record adjustment instructions to counter-parties via email or SWIFT messages. In cases where source data is incorrect, some reconciliation systems can push an update to the portfolio accounting system. This level of automation can deliver huge cost savings relative to manual activity, and reduce losses through a more timely resolution of breaks. Given that most banks, financial institutions and corporations already employ a solution for bank account reconciliation, the first recourse, when there is a new reconciliation requirement for another business line, is to implement an additional solution, be it internally developed or vendor supplied. This trend results in the acquisition of a new system or the use of another “matching engine” for each new reconciliation requirement, which in turn significantly increases the system maintenance overhead for the numerous reconciliation systems with multiple data flows and different user interfaces as below.
Multiple different reconciliations
The principal disadvantages of this silo reconciliation approach are: • Separate solutions for each individual reconciliation process (developed in excel, as an in-house product, or as an outsourced solution such as external matching engines) • Multiple systems to operate and maintain, involving high running costs • No link between transaction matching and account matching The other way to implement an enterprise-wide reconciliation system is a strategic approach that can simplify drastically the architecture. In a multi entity and multi location organization and based a single user interface, it offers a real time reconciliation for all business lines and market instruments, including cash, general ledger, bank accounts, securities transactions, custodians holdings, funds, treasury, foreign exchange, money markets, and precious metals.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 24
23/09/11 16:56
25
New Tools of strategic Management
Global enterprise-wide reconciliation
The main advantages of an enterprise-wide reconciliation approach are given here below: • Single user interface for all reconciliation process • Simple query and investigation from a single data base • Single exception management workflow for all business lines
• Link between transaction matching and account reconciliation • Easy to implement dashboard to follow key risk indicators and to monitor the activity • Fewer interfaces to be maintained • Greater automation and STP • Efficient real-time reconciliation • Chase automatically the biggest breaks through active risk evaluation and weight • Reduction in the Total Cost of Ownership The global enterprise-wide reconciliation approach improves operational efficiency while reducing risk exposure. In today’s new regulatory environment, reconciliation and exception management automation has escalated from being a substantial business concern to being both a business and a compliance issue. Sterci is active in the reconciliation market since more than 15 years and we can help Financial institutions and Banks to migrate from fragmented silo reconciliation systems to a global enterprise-wide consolidated approach. The target system may be either installed “In house” or outsourced in a Software as a Service mode (SaaS) in the cloud.
When Disaster Strikes, Make the Right Move
Safe Host Business Recovery Services
• Dedicated Business Recovery Centre • Fully-Equipped Recovery Positions • Fully-Programmable Voice Profiles and Data Connectivity • Mutualised or Shared Positions Available • Regular Tests for Disaster Recovery Platforms
ann_200x85_safehost_2.indd 1
Banking solutions ok.indd 25
• FINMA Compliant Tier-III Data Centre Facility • Multiple Connectivity Options • Complex Air-Conditioning and Cooling Systems • Online Standby Power Supply Generation • 24/7 Monitoring and Control Systems
For more information about Business Continuity, or any other Safe Host service, please contact Sales at + 41 22 884 50 20 / sales@safehost.net
Your Continuity is Our Priority™ 16.08.11 14:40
BANKING SOLUTIONS 2011
23/09/11 16:56
26
New Tools of strategic Management
Modern technology
David Sikorsky COO, New Access group
@ david@newaccess.ch
Relationship Managers facing new challenges The banking software industry is challenged by fast changing markets and the constant evolution of Relationship Managers roles and requirements. The response addressed by market leaders is to propose multi-channel capability, processes and workflows, real time consolidated client 360° views as, part of the standard offering.
I
n the past decade, the profession of relationship manager in a private bank has become increasingly complex and difficult. Obviously, regulations that are becoming more and more constraining and sophisticated every year have played a key role in the increased burden of the banker, often deviating his initial function into one closer to a compliance officer. Investment products and special asset classes (private equity, derivatives, structured products, hedge funds, CDS, etc.) have become too numerous and too complicated to be mastered by all. At the same time, client sophistication has also been greatly enhanced and they are now much more demanding than they were ten years ago. On the reporting side, for example, it is now imperative to be able to show – and explain – key performance and risk metrics such as contribution, attribution or value-at-risk. All these factors have put a serious strain to individual productivity, and, as a result, margins generated by relationship managers can suffer. Coping with change by addressing functional silos Unfortunately, the banking software industry has been slow to provide solutions to the new challenges of private bankers. To understand why, one needs to look back at the history of tech-
nology within the banking sector. Banks have always invested massively in their back-office systems, the heart of the banks’ IT, where all transactions and positions are recorded. In fact, the investments were often so massive, that budgets left-overs for front and middle-office software were inadequate. The result is that banks – and software editors – have often treated front office issues on a vertical basis, without looking at the big picture, addressing individual requirements one at a time. They have purchased – or developed – ad hoc systems for each specific functional silo: a portfolio management system here, a CRM there, a compliance tool over there, etc. The resulting picture is often a very fragmented nest of front office applications that relationship managers find difficult to navigate on a daily basis. The learning curve of each tool is often steep and the concepts while navigating from one to the other can be drastically different. Even the terminology between each system is sometimes not standardized. An account might mean something different in the back office system, the CRM and the portfolio management system. It’s all very confusing and time consuming for the banker. On top of it, this fragmentation of the tool set is also a tremendous headache for the banks’ IT departments. It can be costly to maintain and strenuous to have each product or solution evolve in an organized manner. The build vs. buy model To alleviate all these difficulties, many banks have built their own integrated platforms for the front office. While this approach has one key advantage, a tool tailor-made for each bank, it also faces the traditional hurdles of the build vs. buy model. Massive, uncontrolled costs, for one, are the typical results of such efforts. Often starting as small projects, proprie-
BANKING SOLUTIONS 2011
Banking solutions ok.indd 26
23/09/11 16:56
27
New Tools of strategic Management tary portals regularly become a mess of functionalities glued together and the typical ongoing nature of the implementations often mean that maintaining the product becomes a formidable burden. On top of it, IT people tend to change jobs often, which means that it may be difficult to keep historical knowledge in-house. In some cases, the departure of a key staff member can create a disastrous situation. The packaged way More recently, software editors have not been completely passive. Back office companies have entered the front office game, by developing their own solutions – or through acquisitions – to add on top of their products. Front office companies have gone horizontal: banking CRMs have added portfolio functionalities and portfolio management companies have developed or integrated KYC and CRM blocks. However, the market for integrated front office solutions is still very young. Few companies are able today to deliver a complete and standardized package that will address most of the relationship manager’s needs. In order to do that successfully, software editors need to have a deep understanding of each of the crafts required to handle a client relationship, from suggesting adequate investments to well defined client segments, to rebalancing portfolios, all the way to handling the enormous document sets needed to be signed by the client on a regular basis. The new paradigm of increased regulations, intense pressure on productivity, sophisticated clients, and immensely complex investment products, have transformed the private banker into a new beast, part compliance officer, part asset manager, part advisor.Now more than ever, private bankers need to access their clients’ information in real time and to be able to put that information in the right context. That means that software packages are now built to provide a quick overview of the key data – such as the size of the portfolio, its asset allocation, last trades, last contacts with the client, current phone number, YTD performance, etc. – as well a detailed drilled-down view of the relationship. They also take into account the multiple roles a person might have in a bank. A bank client is not such a simple notion to identify. John Smith may be beneficial owner of his private account, which may have multiple portfolios, as well as a proxy holder for another, an attorney on a third and beneficial owner again for a joint-account. Typically, backoffices do not manage these roles, considering each account as a client.
accounts where he has a decision-making role. Quickly accessing relevant client and portfolio information is clearly important, but the relationship manager then needs to manipulate that data in order to process client requests and manage the bank’s processes. This is answered through workflows. They include many of the daily activities of a banker. Simple examples include orders input while taking into account the client’s, or the bank’s, restrictions, changing the legal address of a client, or entering and submitting a contact report. More complex workflows may include opening a new account, batch ordering, position swaps, etc. All these take into account the operational structure of the bank, with approval from managers, four-eyes validation and so on. The same packages are also designed to handle the complexity of dealing with external asset managers, with multiple clients and account deposited within the bank. This implies also that the package is able to properly calculate the fees categories to be applied to each account, including fees retroceded to external parties. Finally, these integrated solutions are adapted for several different user segments: internal relationship managers, team leaders, compliance officers, bank management, external managers, and even clients. The same platform can be used to provide them with access to their portfolios (e-banking) and even to their detailed account information (performance reports, holdings report, bankers’ information, etc.). Our role, as software editors, is to provide easy to use, easy to implement integrated solutions that allow banks to answer the current challenges with enhanced efficiency and to keep track of fast changing markets, clients and regulations. With these tools, the banks will gain in productivity, showcase a better image for their external managers and clients, while reducing costs. More importantly, they will allow banks to offer better service to their clients.
Complexity of dealing New front office packages change the point of view of the relationship by focusing on the person, or the party, instead of just looking at the contract with the bank, which is what an account actually is. This is, of course, much more suited to the actual job of the banker, which is to provide services and advice to people. These solutions are therefore moving from an accountcentric view of the relationship to a person-centric view. When John Smith phones to inform his banker that he does not want to invest in alcohol-related stocks, for example, that restriction may need to be populated automatically to all his accounts or BANKING SOLUTIONS 2011
Banking solutions ok.indd 27
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page12
29
New Tools of strategic Management
Can the Banks take advantage of the Cloud? Didier Assandri
Cloud Computing is getting very popular nowadays. Is it really THE solution many companies were waiting for? Can banks take advantage of it without endangering their security? I explain why this can be a really good business opportunity for smaller banks. Major banks may find they already have better service on their own.
T
he IT News for the last twelve months has been mostly populated with one single biz expression “Cloud Computing”. From all the noise made around it, I can conclude that many speak about it and few really know what it means. Before going further with this article, let’s have a look at the definition of Cloud Computing. I selected two from the many available. “Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” is what you can find on Wikipedia: it means many things and nothing at the same time in my opinion. More interesting is the definition found on SearchCloudComputing.com: Cloud Computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-aService (IaaS), Platform-as-a-Service (PaaS) and Software-asa-Service (SaaS). The name Cloud Computing was inspired by the cloud symbol that’s often used to represent the Internet in flowcharts and diagrams.” In fact, we all do Cloud Computing without knowing it! But is this concept really new? Here is a definition found on pcmag.com of what used to be called
“Timesharing Computing”: “A computer environment that supports multiple users simultaneously. The term originated in the 1960s when multiple terminals were first connected to a single mainframe, allowing programmers and students simultaneous access to computing resources. Today’s networks of servers within the enterprise or throughout the Internet provide a similar computing model, with hundreds or thousands of users accessing the same server or cluster of servers at the same time.” Now the picture might be clearer for the more seasoned managers: Cloud Computing is very similar to what used to be called Timesharing Computing in the old days of mainframes. The main difference, apart from the technologies, is that nowadays we are connected through the Internet, available to everybody and in the old days the connection was done thru a proprietary network like Tymnet, Datapac, Transpac, Ipsanet or General Electric. At that time, the better known companies providing such services were called IBM, Control Data Corporation or Univac.
Managing Director, Solvis Ltd.
@ didier.assandri@solvis.ch
Banks always used Cloud Computing Timesharing Computing and Banks have always interacted closely. Whether it was to provide backup facilities or simply to provide banking applications to remote offices, banks always used these kinds of services, and nowadays there are still banks using legacy systems which rely on these technologies from the 1980s. So, what is it all about nowadays on Cloud Computing? In the first place I should mention a big marketing momentum, then comes the real added-value for certain banks and finally the economical part of it. The marketing part. With revenues in constant regression, software vendors try to find other sources of income. BANKING SOLUTIONS 2011
Banking solutions ok.indd 29
23/09/11 16:56
30
New Tools of strategic Management
© AA+W - Fotolia
Cloud Computing is billed on usage and ensures a constant source of revenue, better than software maintenance which can be cancelled at any time. Furthermore, CIO’s are nowadays seasoned IT personnel and aren’t easily fooled by a salesperson. The Cloud Computing solution is often addressed to a business manager with little IT know-how or those who are “unhappy” with their IT Department. At this point, I should stress that such a decision should always been taken in coordination with the IT Department and/or the Security Officer. The danger of not understanding exactly all the consequences of putting the data in the Cloud is too high to be ignored. Certain banks can really profit from Cloud Computing. Notwithstanding with the above warning, certain banks and financial institutions can really profit a lot from Cloud Computing. You have first to differentiate between what I call “Services” and “Applications”. What are “Services”? Everything which nowadays constitutes the basic operations of an Office: emails, data and voice communication, data repository, process automation, collaborative platforms. So what are “Applications”? I would say this is what is commonly called legacy applications; the applications developed or customized by the company. If you consider that legacy applications represent the “Intellectual property” of a company, the IT department should concentrate on these applications ensuring redundancy of systems and data security as well as availability as close as possible to 100%. On the other hand, so-called “Services” like email or data repository are getting more and more complex to manage and maintain; they are very useful and most of the
time at the front-row of IT disruption but if you look more closely at these applications, they are very similar across the board and provide the foundation of current office applications. These are exactly the kind of services where smaller to medium banks can profit from Cloud Computing. They will never achieve internally the same level of reliability or security. Upgrade of software is no longer necessary since it is provided by the supplier and, in choosing a proper offer with redundant servers, service disruption will be close to zero. Additionally some providers will supply functionalities too complex to be hosted on its own, such as video conferencing – something like Skype, but more suited for real business or collaborative environments. Also obsolete are the many discs necessary to backup all this data: for a small additional fee backups will be kept for many years to comply with regulation, and the data restore will be faster than before thanks to fully automated processes. So, yes, small and medium banks can really take great advantage of Cloud Computing offering. They will get better and cheaper service as they currently have, and free their IT resources to take care of their legacy applications. Bigger banks will find it more expensive than running their own servers, but additional facilities might be a trigger to run hybrid platform: part onsite and part in the Cloud. But there is some caution to take with this approach, which I will discuss later. Economical viewpoint. Using external facilities and paying just the service can bring huge economies of scale. Let’s take the example of an email server. To host such a service you need one server with the appropriate opera-
BANKING SOLUTIONS 2011
Banking solutions ok.indd 30
23/09/11 16:56
31
New Tools of strategic Management
ting system, the email server software, and the appropriate licenses per user. Add to this proper firewall and antivirus software, an effective backup solution, and lots of discs to store the backups, cooling and electricity costs and your bill will already be at least 5 digits. If you want to be safe, you will duplicate the infrastructure, get at least 2 engineers to look after it and eventually have two physical locations to tamper the risks. For less than CHF 10 per user and per month, you can get the same service from Cloud Computing suppliers. The arithmetic is quickly done: how many users do I need to run a cheaper email server on site? Savings can be calculated with even greater accuracy, since most suppliers allow monthly charges, so if your business suddenly cuts his employees by two, your next month bill will be halved, something you can hardly achieve if you host the service yourself: some costs cannot be compressed. Benefits may be different depending on your current solution and the country in which your business is located, but for the little price asked by the many suppliers you get a lot of professional IT services. The caveats you need to know If you intend to make use of Cloud Computing, there are a few recommendations you should bear in mind. The first one is security, security and again security. Leaders and managers should remember that governance has to be a means to increase data security within a company, but it should not define the entire company security, because often governance recommendations are only the minimum standards, and some industries require a higher level of protection. Banks and financial institutions belong to this category. Therefore, take great care to protect your data. End-to-end encryption is a must for sensitive data, no matter what the Cloud Computing supplier claims. End-to-end means you encrypt your data locally; the data is transmitted and remotely stored with your own encryption mechanism. If the supplier encrypts the data as well, then it is a plus, but you should own the encryption algorithm. If your supplier do not allow for this, then forget about him and look for alternatives. The second recommendation is that you should be able at any time to host back the services or applications you are running in the Cloud into your own datacentre without any conversion need. This is what I call doing business with a return ticket. Your supplier may go bankrupt, he may increase the monthly costs drastically, you may need to make sure the data is stored in your country,... There are many reasons why you should want to come back, therefore it is important the supplier you choose uses standard components, namely servers, operating systems, and application software – anything you can purchase on your own and run at your own location should you need to. Ignoring this very basic principle will result in you being tight on your supplier and
may eventually lead to very high conversion costs. There are no magic here and the decision to use Cloud Computing is a strategic one, which needs to be evaluated and discussed before making a decision. It is not only a question of economies on IT Services but also that of creating additional values to the company, which needs effective structural solutions in order to protect its business. This is what banks and financial institutes have to do anyway to complete the duty of due diligence they have towards their customers. Finally don’t forget to read the small print in the contracts. Here are some examples which may remind you of my first recommendation: security.
“However, by submitting or posting such Content on areas of the Service that are accessible by the public, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available….” (Apple iWorks) “[Y]ou acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications” (Amazon Web Services) “...all Content and other information you provide to IBM in connection with this Agreement will be considered non-confidential. You agree that IBM has no responsibility for Content, including if Content is modified or lost.” (IBM Smart Business Cloud) “Personal information collected on Microsoft sites and services may be stored and processed in the United States…. Microsoft abides by the safe harbour framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of data from the European Union.” (Microsoft .NET) “Dropbox uses Amazon S3 for data storage. Amazon stores its data over several large-scale data centers. According to Amazon, they use military grade perimeter control berms, video surveillance, and professional security staff to keep their data centers physically secure.” (Dropbox website terms)
BANKING SOLUTIONS 2011
Banking solutions ok.indd 31
23/09/11 16:56
32
Tendencies of financial Applications
Lower costs counteract reduced margins Charlie Matter CEO, Finnova AG Bankware
@ Charlie.Matter@finnova.ch
Most banks, whatever their individual business models, are facing increased pressure on costs and margins. Sources of that pressure are significant losses in earnings, brought on by downward and sideways movements in financial and capital markets. With regulators tightening the rules on capital adequacy as well, returns on invested capital are decreasing and the cost of capital resources could well go up.
I
n this situation, an increasingly important aspect of achieving a low total cost of ownership (TCO) in the banking sector is a more efficient structuring of processes and their technical implementation. Low vertical integration is established practice in other industrialized sectors, and the recipe for sustainable success in banking looks quite similar: highly standardized and automated, with straight-through processing and integrated workflows. Finnova offers a standard software solution with maximum flexibility in structuring the overall system and its functionalities, as well as the relatively lowest TCO in the banking industry. Both of those aspects bear positively on cost-income ratio, as well as the cost per transaction. Then again, in times of inexorably eroding margins and profits, integrated bank management has a key role to play. Finnova Control® provides bank executives with aggregated controlling data on overall business development, risk structure in proportion to equity, degree of funding, and developments in costs and earnings. This way, strategic and operational management has the information necessary for keeping their institution on track for sustainable growth. Concomitant with the decline in earnings, major investments are imminent at many banking institutions: the march of globalization and rising demands from private banking clientele calls for massive investments in on-shoring by banks that cater to private wealth. Thus the onus is on IT to provide the supranational systems and automated processes needed to provide consistent data to strategic and operational management, relationship management, bank clients, and regulatory authorities alike, accessible from anywhere and at any time. For this to happen, there need to be functional, regulatory and locale-specific extensions and adaptations to the solutions currently in operation – an undertaking that is both invest-
ment-intensive and fraught with risk. The move away from heterogeneous modular and homespun systems is about to begin, and is likely to accelerate massively over the coming years. Not least among the drivers are further increases in the demands of regulatory authorities, such that compliance will require more end-to-end process controls and tracking. So there will be demand for a ‘new generation’ of fully integrated banking IT solutions – like the one Finnova offers. New models emerge Considering the continual changes in baseline conditions, there are many prospects for success in segmenting the value chain, as well as focusing on sub-areas of banking business and specific target groups of clientele. Hence, banks will be intensively engaging issues of organisation, processes and infrastructure, and evaluating such adaptations as will be necessary. The instrument for realizing a bank’s particular strategies and business model is a modern, highly flexible IT system. This is where banks in general stand to benefit from the Finnova software’s great functional breadth and depth, its high scalability (e.g. for accommodating business acquisitions at home and abroad), and the standard solution’s simple, yet extensive and flexible customizability to a financial institution’s specific needs (such as countries or business units with differing requirements). ‘Parameterization instead of programming’ is the Finnova way, and it saves both time and money. Then there is the system’s openness, fully consistent with the software’s service-oriented architecture (SOA), which includes predefined, standard interfaces for integrating third-party systems. Central to implementing new banking models are open architecture layers and Finnova OPAL, both of which underline the flexibility of the software architecture. Sourcing concepts and options have increasingly important roles to play in executing innovative business strategies. Banks can concentrate on their core competences by outsourcing peripheral services such as software development and systems operating, or delegating specific tasks and/or applications, and may realise cost savings as a result. Unburdening the banking organization of business-neutral functions such as those just mentioned also enables a stronger focus on looking after clients and making the most of their potential. Client care indeed remains the most potent
BANKING SOLUTIONS 2011
Banking solutions ok.indd 32
23/09/11 16:56
33
Tendencies of financial Applications
differentiator in the marketplace where private banks are concerned.
Expected M&A activity in the swiss banking market place
A consolidated view of fragmented client relationships Clients are increasingly on the move, and that leads to their banking relationships also becoming globalized and fragmented. Client points of contact – ‘touchpoints’ – are multiplying considerably, along with the effort of managing them. HNWI families often live scattered between various locations: the children are studying abroad, the parents shuttle at irregular intervals between workplaces, vacation homes and their domicile, as the situation demands. Existing in parallel with such private circumstances are very heterogeneous business structures, subject to highly disparate regulatory conditions. Yet even with increasing atomisation, bank clients still want ready access to a consolidated and up-to-date overview of their transactions and financial circumstances. So the bank, its client advisors, and hence its underlying systems all face a changing set of client demands. Those give rise to tough requirements for availability, quality of service (e.g. language, forms, bank statements, etc.), legal compliance, and security. All of that in turn burdens the cost ratio. The Finnova multi-tenant tower provides an answer in the form of a technical concept that addresses the needs of internationally active institutions and/or divisional business units, as well as the regulatory and security angles. With mobility on the rise, technical and communication networks are also factors of growing significance. This is where banks must address issues of increasing transparency and comparability of services, products and prices. Networking opens additional channels for dialogue, as well as new sales channels and possibilities for providing a service. All of these are to be rigorously exploited, with unique differentiation in line with the bank’s business strategy. A fullfunction, integrated CRM solution – like that provided by Finnova – is therefore a must. Banking software indeed plays a key role here: from the information it models and analyses, it becomes possible to further sharpen the focus when targeting clients and drawing their attention to specific services and/or products. The information for doing this is consolidated and available from a central point. No longer tied up with individual client advisors, it becomes a resource to be used throughout the banking enterprise.
Change of market shares
Competitive edges of the swiss financial market place (in %)
Maximum independence and availability Mobile applications are a growing force in the private banking sector, too. To meet the trend, those applications need to provide wide-ranging functionalities. Passively displaying a selection of data is no longer enough for demanding clients, who are also increasingly clued-up on technology. This group seeks much more active involvement in processes; they want to see themselves as participants. And so
Source: Accenture, Swiss Banking Study 2015
BANKING SOLUTIONS 2011
Banking solutions ok.indd 33
23/09/11 16:56
34
Tendencies of financial Applications
they demand e-banking with private banking functionalities. «Anywhere and anytime» is therefore the vision that Finnova pursues for giving maximum independence to users in a globalized environment. Advisors and bank clients alike can conduct all aspects of banking business unconstrained by time, location, or the interactive device in use. The objective is for transactions and correspondence to be handled as electronically as possible – Finnova guarantees data and process consistency, whatever the media involved. Such developments add further to the importance of user interface design and operability. Moving forward, the e-banking front end will become an even greater source of active support to advisors working with and on behalf of clients. Finnova continues to pay very strong attention to the manmachine interface, which is why they have declared support
Compliance Act (FATCA), EU countries such as France and Germany are making similar efforts to raise the pressure – and their tax receipts. FATCA makes a good example of how Finnova assists banks with implementing legal stipulations: when the US authorities issued notice in the first quarter of 2011, Finnova analysed the volume of new and existing clients who would be affected, the Act’s impact on products and services, FATCA reporting options, and the withholding tax collection possibilities. An outline concept based on the findings was in place by mid-2011, then a detailed concept by the end of the third quarter. Following acceptance, development and technical implementation in the areas of information on clients, reporting and withholding tax is beginning in early 2012. Finnova is paying great attention to the overall process and ensuring a
Adoption patterns are emerging for successfully beginning and progressing cloud initiatives
Source: IBM
for a variety of technologies that give banks a maximum of flexibility and options for differentiating the design of their respective e-banking front ends. Next to the user interface, the technology focus at present is on developments in the private cloud arena. Finnova’s multi-tenant tower is a tried-and-true technical concept that is in use by private as well as universal banks – in some cases on shared installations. Legal adjustments with minimum effort – thanks to a helpful community Timely implementation of regulatory requirements is a major challenge faced by the financial sector. Next to adoption of the new Basel III guidelines for capital adequacy requirements stand further legal aspects, especially concerning the taxation of nationals abroad. With the USA having taken the offensive in the truest sense of the word with the Foreign Account Tax
through-and-through implementation. In implementing such measures, banks benefit from the breadth of know-how within the Finnova community. At the same time, there are multiple entities to shoulder the financial and personnel burden and – last but not least – an intensified exchange of experience and opinions takes place between them. Given such openness, in the community and the system alike, institutions find it easier to adopt legal changes with minimum effort. In this way they can keep pace with the dynamics of regulation and maintain the necessary business flexibility. In summary, it is apparent that banks will find themselves facing some highly diverse challenges on multiple fronts in the foreseeable future. A new generation of integrated banking solutions – like Finnova’s – is providing financial institutions with the security and flexibility they will need to adequately meet upcoming business challenges, strategies and concepts at technical and application level, sustainably and cost-effectively.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 34
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page13
36
Tendencies of financial Applications
Wallet 2.0 Reto Marti Strategic Program Manager Front, Avaloq Evolution Ltd
@ mre@avaloq.com
Banking anywhere, anytime: Financial planning goes digital.
Digital society is feeling the increasing need to stay continually up to date. Digital natives have grown up: they’re adults now—and they’re well off. Banks are among the most interested in this development. After all, this new target group is a potentially lucrative one. Modern banks must change the way they provide services to their clients. Retail banks are amongst the most affected, as well as banks serving the affluent and private banking segments. This paradigm shift is not only giving rise to new types of financial services, but banks are additionally being forced to rethink the workflow of their personal bankers.
T
he growing need of the digital generation to define themselves and control their own affairs is putting increasing pressure on banks. Clients no longer want to step up to the counter to handle their payments—they don’t even want to use an ATM. They want self-service banking so they have direct control over their finances and can bank at any time, from anywhere. Thanks to the evolution of the internet and mobile computing, this is now possible. Despite this, established financial services that are tailored directly to this newly defined target group are few and far between. This is surprising since both the target group and the technological possibilities are promising. An estimated 940 million people worldwide use 3G data services, which equates to 13 percent of the global population. The ITU (International Telecommunication Union) states that 1,390 million mobile phones were sold last year, along with around 55 million tablet computers. These devices are used when out and about to watch movies, shop, and surf the Web, and the number of possible uses is growing daily. Smartphones are no longer used just for communication, but also as video and music players, GPS devices, and exercise trackers. This versatility makes smartphones the “Swiss army knife” of the 21st century. Banks must accept this development and leverage the flexibility of smartphones—and mobile technology in general—to their advantage. After all, clients who manage their accounts via mobile access are an extremely promising target group. And, according to Nielsen Wire, mobile banking clients generate greater business volume than other clients.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 36
23/09/11 16:56
37
Tendencies of financial Applications Bank Wegelin can expect stepped-up competition for their existing services in the near future. Along with specific banking services aimed at the massmarket retail customers and affluent segments, the evolution of the internet and mobile technology has also required banks to rethink their private banking processes. Wealthy clients are increasingly obtaining financial advice from the cloud. For private banks, this poses an additional challenge - competition from those providing financial advice at a lower cost. Banks are now being forced to offer new advice concepts. Private banking clients do not want to have control over their investments. They delegate this task to the bank. Nevertheless, they want to have more transparency on the bank’s performance and services. The key to improving and further modernizing private banking services is found in the financial advisor. Banks must evaluate how they can improve the advisory experience for their private banking clients. This is where the banks (and banking IT providers) currently have the greatest room to innovate. Mobile technology could be used along the entire digital advisory chain, e.g. with tablet computers possible investment strategies could be visualized on the spot, and private banking clients could use mobile channels to stay in constant contact with their advisors by text, voice, or even video. Bankers must learn to speak digital
A new advisory experience: private banking customers at a digital advisory table.
Digitization in all banking segments The needs of bank clients are the same whatever the banking segment: they want banking anytime, anywhere. Retail banking could probably meet this desire for anytime, anywhere banking most quickly. The technology already exists, and mobile banking is the logical next step after e-banking. Essentially this means porting banking services from home computers to smartphones or tablets. In the future, payments as well as account and credit card management will no longer be handled only on home computers, but directly from mobile devices—by the clients themselves, wherever they happen to be. The digitization of banking services for the affluent segment is the next big challenge facing modern banks. Because more affluent clients want to conduct their bank business via all channels, bank branches and counters are becoming less attractive in this segment as well. The channels are the same, but the services requested in the affluent segment differ fundamentally. Account management and reporting are not enough for affluent clients. They require trading functions and investment advice—in essence, self-service online wealth management. This could include assessing risks, defining investment targets, managing mortgages, or even generating and executing investment strategies automatically. Attempts to digitize banking services for affluent clients have already been made in Switzerland by several financial institutions. Swissquote and
If banking clients in all segments communicate digitally using mobile technologies, banks, and therefore their personal bankers, must do so as well. This is a process, and one that will take place organically to some extent, because most banks are hiring more and more digital natives with each new generation of employees. On the other hand, those involved in conceptualisation and implementation in particular will have some serious rethinking to do, above all in the upper echelons of financial institutions. The management of banks must ensure that their financial advisors are equipped with the right userfriendly tools to be able to communicate digitally. Banks must evaluate how their advisors can contact clients. What applications and channels can they use? What data can reach the clients directly (e.g. to their smartphones/tablets)? The job of technology suppliers will then be to provide the required information and data at the right time and to the right location, all in line with the relevant market and bank guidelines. In the long term, most banks will have fewer financial advisors on the front lines. Conversely, a greater number of advisors will have to work through digital channels to answer support questions and other client enquiries. The retail segment is not the only one where this will be true. Due to the growing need of clients to define themselves and control their own affairs, personal bankers in the retail, affluent, and private banking segments will generally have less face-to-face client contact. At the same time, interaction through digital means will become more important. Thus regardless of the segment in which a bank operates, it must face up to the challenges of ongoing developments in mobile technology. Bank counters, branches, and ATMs are losing significance as a business channel. Online services, especially mobile technologies, are the banking channels of the future. BANKING SOLUTIONS 2011
Banking solutions ok.indd 37
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page14
Look after clients, not IT! At many banks, client advisers are still spending almost two thirds of their time on administrative matters. This is inefficient, because administration is not their core competency. This is therefore detrimental to client relations: private banking clients are demanding - and rightly so. After all, private banking prides itself on its client care, its respectability and discretion, along with its efficiency in processing client transactions. And this is exactly what transaction banking is all about, as provided by InCore Bank AG under the 'SWISS BANKING SERVICES' label. Over the past few years, large companies have had to spend more on their IT operating costs than intended. The causes of this have included increasingly complex infrastructures and application requirements, rising energy costs and compliance obligations. According to surveys, growth and transformation continue to be high on the list of the chief concerns of these companies. However, the IT investments of these large companies are suffering due to increasing IT operating costs. If large companies are facing difficulties in sustaining their high level of investment and coping with rising operating costs, then how do things look for small and medium-sized businesses? The days of the 'standing desk' are long gone, even in private banking. However, the client's need for comprehensive support remains. And this demand for service has increased still further since the financial crisis. The client does not simply want to be treasured and nurtured: he wants performance. He places value on cost-efficient transactions and cost-efficient handling of his orders. He is not afraid of turning to competitors and getting price comparisons. This in turn puts pressure on margins, while IT operating costs and investment outlay in the infrastructure continue to grow.
As a result of this development, the critical mass of private banks is growing, reinforcing the trend towards concentration and ultimately impeding competition. This Gordian knot can be cut by outsourcing comprehensive standardised business processes to a transaction bank that specialises in this area. It takes over the business, processing and reporting from several other banks, dealing with it efficiently and independently, without any conflict of interest. As this is the transaction bank's core business, it ensures the steady ongoing development of its infrastructure and the maintenance of its interfaces at all times. Economies of scale increase with increasing volumes of insourcing, which attenuates the outsourcing costs. The outsourcing bank can then turn its attentions fully to client care once again, and critical mass is no longer an issue. Burdensome investments in continuous renewal of the IT infrastructure cease, as do increasing IT operating costs. This money can once again be invested in client care, client acquisition and in the improvement of the quality of products and services, generating direct added value. The important issue for the transaction bank operating in the B2B sector is, and
remains, its independence. Only an independent bank with its own banking licence can guarantee its clients complete neutrality without any kind of conflict of interest, and can offer them a comprehensive range of services. When it comes to foreign banks, the data protection argument also comes into play. The use of a transaction bank enables certain compliance restrictions to be elegantly outsourced, e.g. with regard to operational risks as defined by the Basel II banking regulations. Any business that concentrates on its core competencies no longer makes mistakes in peripheral areas. In this way, the risk of any damage to the bank's reputation is reduced. An independent transaction bank concentrates on its core business and has no intention of rounding off its product portfolio by taking over client banks. This promotes the client-supplier relationship, good understanding and also efficiency between the outsourcing and insourcing partners.
InCore Bank AG Dreikรถnigstrasse 8 CH-8022 Zurich www.incorebank.ch
39
Tendencies of financial Applications
Bank IT
Trends and Challenges SAP is on the right track to becoming market leader for banking systems in the international banking sector. In Switzerland, however, banks have fulfilled their needs for the most part with local Swiss-made applications in recent years. Christian Knechtle, Director of Financial Services SAP Switzerland, explains how SAP deals with relevant trends and provides solutions for Swiss banks in the areas of advisory and sales, mobile processes as well as in-depth and swift analyses of investment decisions. Banking Solutions: Christian Knechtle, since most banks in Switzerland have fulfilled their needs with local comprehensive banking systems in recent years, is there still any room at all for SAP in the market? Christian Knechtle: There’s no such thing as a comprehensive banking system. Even small banks today are increasingly utilizing 30 plus systems in order to settle their business transactions. What Swiss banks have achieved in recent years with the update of standard banking software is the changeover of back-office processes from old systems to somewhat more modern ones. These back-office processes are typically static and focused on unit costs. However, we have noticed that the focus of the banks is now shifting towards the advisory and sales process, in addition to addressing overall governance and compliance issue. These advisory and sales processes involve unit costs to a lesser extent, and focus rather on differentiation and dynamics. SAP has developed two solutions in collaboration with banks that precisely address this area of banking. And both these solutions are interesting for Switzerland as well. BS: What makes these solutions interesting for Swiss banks? CK: Our two solutions address the relevant trends and are able to derive from them a specific advantage for the respective bank. Noteworthy here is that either the trends have been discernable already for some time and are now growing more prominent, or they are entirely new trends.
Christian Knechtle Director of Financial Services SAP Switzerland
@ christian.knechtle@sap.com
BS: Can you comment more specifically on these trends? CK: The separation of sales and production ranks among one of the trends already prevailing for some time and has been picking up momentum recently too. In fact, this trend is prompting many banks to recall that their competitiveness and differentiation stems from competent advisory services and sales, and not from back-office or production processes. This trend also affects banks according to their rankings in terms of size. At the present time, small banks are rather likely to outsource their production processes to a “factory,� but larger banks should follow suit on this path in the future as well. When the production process is carried out in the factory, then banks can subsequently focus on their core competence: advisory and sales. Hence, SAP has developed the two aforementioned solutions to systematically and actively organize these processes. New methods and technologies BS: You mentioned other trends relevant for banks. Could you name some? CK: Additional significant trends include the convergence of banking processes with business intelligence - the convergence of business process management or BPM with business intelligence or BI - and mobile processes. BS: To what extent is the convergence of business processes with business intelligence relevant? BANKING SOLUTIONS 2011
Banking solutions ok.indd 39
23/09/11 16:56
40
Tendencies of financial Applications
©
Pe
iL
ing
Ho
o
CK: More and more business-relevant information is emerging inside as well as outside banks, the volume of which is growing tremendously – on the Internet, in social networks – as well as information on client behaviour, which banks are systematically collecting. There are two things we know about this universe of intelligence data: it’s growing at a breakneck pace in nearly infinite dimensions, and it’s absolutely relevant for banks’ core processes such as sales, marketing, and investment management. In the future, there will be two types of banks: banks that are in a position to converge this business intelligence with their processes – and failed banks. BS: That sounds dramatic. When you talk about the tremendous growth of business-relevant information, you probably mean electronic information. Is that something that can be overcome in technical terms? CK: As a worldwide market leader in IT-based core business processes, SAP recognized this challenge early on. We realized that these volumes could not be overcome with traditional IT resources, and concluded that new methods and technologies were required for such a task. We found the solution in so-called in-memory technology. Consequently, we are in a position, for example, to carry out information analyses that previously required hours in just fractions of a second. In fact, an unbelievable volume of three billion datasets can be analyzed in merely 0.2 seconds. BS: Why do you believe that such analysis capabilities could be relevant or even interesting for banks? CK: Advantageous applications for ultra-swift analyses can be found in all core processes of a bank. There are banks that set up totally new sales and marketing processes with our solutions, such as systematically integrating information from social networks into process management. In specific terms, when the marketing department launches a campaign, our BI solutions analyze the perception and attractiveness of the campaign in the social media, incorporating the results directly in the management of the subsequent process. Or take for example an investment decision: banks as well as their clients, in particular, rely on sound decision-making principles when carrying out investment activities. Swifter analyses enable banks and their clients to prepare these decision-making principles ahead of the decision-making process, i.e. prospective analysis. Today, investments are often subsequently analyzed in terms of their compatibility with the desired risk profile and, if necessary, rectified – in this case, retrospective analysis.
Major acquisition BS: You also mentioned a trend toward mobile processes. Can you elaborate further? CK: Yes. More and more banks are providing their clients with important aspects of the advisory and sales processes via mobile devices. What banks have realized to date is still in the initial phase.. Innovative, interactive advisory and reporting solutions pave the way for the bank to achieve a differentiating presence with regard to the interface with its clients. For example, assume that a bank aims to sell a structured product such as a reverse barrier. The product is marketed in the financial press as a brochure. The performance of the product is often not easily comprehensible, even for people who are familiar with options. With our new SWISS Banker’s Advisory and Reporting solution, such a product can be explained with more efficiency and transparency. This also extends to mobile processes, with which the advisor displays the performance of complex products to clients live and online. Hence, the advisor fosters confidence with this transparency. And we all know, confidence forms the basis for any client relationship. BS: What are the challenges that banks face with regards to mobile processes? CK: I’ll mention the two most important challenges: security and device flexibility. Securing information against unauthorized access, falsification or disruption is a prerequisite with mobile processes that banks and their clients generally acknowledge. Furthermore, being able to react swiftly to the considerable dynamics in development of end-devices poses a significant challenge as well. Although iPhone and iPad are currently the standards, we don’t know if other devices will dominate the market in the near future. However, banks want to be positioned so they can quickly and cost-efficiently
BANKING SOLUTIONS 2011
Banking solutions ok.indd 40
23/09/11 16:56
41
Tendencies of financial Applications
react to such changes. In order to provide consistent support to our clients here, SAP carried out a major acquisition in the takeover of the company Sybase. The acquisition of Sybase technology, coupled with SAP’s technology, has paved the way for us to sustainably supply our clients with secure and dynamic mobile processes.
BS: You recently presented the SAP Sales and Marketing Engine for retail banking in Switzerland. What does this solution provide? CK: Many retail banks are compelled to perform in a market that they themselves describe in their financial reports as a “highly competitive” playing field. But when looking at the sales expertise of these banks, for example, in the mortgage loan business, there are no signs of such hard-fought competition. The sales activities of most retail banks in Switzerland can best be described as “unsystematic and passive”. We have analyzed, together with banks, the possibilities for expanding market share in the mortgage business. The result is that the “non-client” base must be specifically and systematically developed. Accordingly, we have developed processes with our tools – such as CRM and Business Intelligence – that enable a bank to specifically and systematically expand its market share. Any bank, regardless of size, can utilize such a system. And the investment pays off already after one year. Interview with Camille d’Ovronnas
PUB
Structured Trade Finance Structured Trade Finance Structured Trade Finance
MIT (MICRO INFORMATIQUE & TECHNOLOGIES SA) Rue de l’Industrie 58 • 1030 Bussigny - Switzerland Tel : +41 (21) 318 81 81 • Fax : + 41 (21) 318 81 99 E-mail : sales@mitsa.ch - URL : www.mitsa.ch
BANKING SOLUTIONS 2011
Banking solutions ok.indd 41
23/09/11 16:56
42
Tendencies of financial Applications
New Trends
Nicholas HACKING Director, Business Development, ERI Bancaire SA
@ nicholas.hacking@gva-eri.ch
A subject that will always be topical Looking at the articles written in the previous special edition of this publication, several of which contained interesting predictions of what banks will require of their systems, it is tempting to try to prove, or disprove, the various proclamations a year later. But the world has moved on, and if there is one thing that is constant it is the need for change, and the increasing speed at which change is required. Be reassured: change will continue to be the norm. The last few years have seen a number of different subjects raised as being “the” topics on which we, as a leading vendor, should focus. Depending on the market segment(s) that a vendor serves the topics have varied, of course, but just as debits and credits are the basis of accounting for banks whatever their sector, so there have been a number of topics common to many or all sectors of banking. The point is that there will always be “new trends”, as the banking industry itself is changing, and will continue to change, in the same way the world it serves and finances continue to change. One reassuring thought, and a constant for us as vendors, is that whether they are called banks or something else, a mechanism for financing the economy will always be needed, as will mechanisms for moving measures of value within and between nations, and that will mean the need for software. Regulations, like taxes, don’t seem to get any simpler. One of the areas of change that has become increasingly important, at least in its impact on IT systems for banks, is of course that of regulation, or should I say regulation and compliance. National regulations, and the reporting that goes with them, have been a subject that systems have needed to take into account for many years. In recent years we have seen the appli-
cation of cross-border regulation in ways that were certainly predictable – an example might be the EU Savings Tax. Create a supra-national space such as the European Union, and you can be sure that sooner or later it will create rules that need to be implemented in the systems that support a key element (banking) of the overall economic system. But, as we all know, the United States has taken that concept even further. Going cross-border like the banking industry. The fact that banks around the world had to ask their vendors to take into account the concept of Qualified Intermediary, and the various other aspects of what was essentially a US law was a new step for the industry. Having achieved QI and everything that went with it, we now have FATCA looming very clearly on the horizon. Even though its implementation has now been pushed a little further down the road, there should be little surprise that it, or something very much like it, will eventually come into force and impact the systems we deliver to our customers the banks. Efficiency, accuracy and speed Be prepared for more of the same – from multiple sources. This trend of increasing regulation is likely to continue, especially as the recent financial and economic
BANKING SOLUTIONS 2011
Banking solutions ok.indd 42
23/09/11 16:56
43
Tendencies of financial Applications
crises have seen greater scrutiny and involvement by politicians in how banks operate and are managed. I would also suggest that, as in so many other areas, there is every chance that where the US has started a trend others will create a fashion. Who is to say that the EU will not in turn introduce rules, regulations, taxes and/or reporting that will apply to all EU quoted securities or all EU citizens, wherever the assets are held or its citizens bank or reside? We as an industry must be ready for yet more of the same – it is certainly something that those of us at ERI are prepared for. The architecture of the Olympic Banking System allows us to cope with such changes at a lower cost and in a more standardised way (so as to productise the roll-out to banks), than many, and especially when compared to those software houses that have separate versions of their product for each customer. But the customer is demanding better service not more regulation. Just as more change is the norm, so at the same time it is interesting to observe those banks that are making a success of a return to a core value: genuine customer service. No bank is going to say that it doesn’t value its customers and the service it provides them, but some seem to have taken this more to heart than others. This split in terms of approach to customer service will also widen, as some institutions become more of a “product factory” where their customer is another institution for whom efficiency, accuracy and speed are of primary importance, whereas others look to take on the role of “distributor” where the type of service, the speed of reaction, and the completeness, transparency, and clarity of information are what will differentiate. We as system providers are at the core of how banks service their customers. It is true that in many sectors of banking what counts, and what some customers would claim is now missing, is that human touch, that face-to-face contact, that voice on the telephone, or that email or social network response, which shows there is another human (we hope) taking care of the customer; but those humans need to be supported by reliable and accurate systems.
ting pressures mean that these requirements will continue and will no doubt change. But many financial institutions, especially in the B2C sectors that involve servicing end customers, such as the private banking sector where the Olympic Banking System is a market leader, will be looking to concentrate a significant part of their resources to adapting their service and communication offerings to meet the demands of the changing customer base. The investments we are continuing to make in the product, in consultation with our user base, reflect this emphasis. But the cost pressure stays. Banks have of course been making investments in systems to serve their customers for many years, and this has been increasing as the customer base changes its requirements, forced or encouraged by changes in technology. But adding an increasing number of disparate systems, with the associated issues of integration, application management, et al., does nothing to alleviate pressure on costs. Centralization is a key, but so is integration. We would therefore argue that with regulatory pressure, both national and cross-border, due to continue for the foreseeable future, combined with the need to manage IT costs effectively a centralized approach to the use of systems is going to be a continuing trend. Combining that with the need to deliver consistent, efficient service to customers also means significant on-going investment in the facilitating systems – this again argues for a centralized approach to IT provision even though delivery needs to be local. I would quickly underline that this undoubtedly has to be combined with a local/ personal approach to the actual delivery of customer service. But beware, building complex centralized data centers which then become uncontrolled systems of increased complexity. When it comes to IT architecture cost control must dictate the motto: Keep it Simple, Keep IT integrated.
Keep it Simple, Keep IT integrated Systems need to be facilitators. Systems such as the Olympic Banking System have been and are helping banks improve the efficiency of their processing, reduce the risk of error and take new products to market more easily and quickly. Pressure on profit margins and regulatory and reporBANKING SOLUTIONS 2011
Banking solutions ok.indd 43
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page15
45
Tendencies of financial Applications
The IT advantage
Why SMBs should use technology to solve the accounting and administrative problem When it comes to accounting and administration, small and medium business operators need to evolve of perish. We see a future where fiduciary companies and entrepreneurs form dynamic partnerships. But for this to happen, ideas and habits are going to have to change.
T
he importance of accounting and administration duties within small and medium sized businesses is greatly underestimated, often requiring specific expertise that entrepreneurs simply do not have, and time commitments they cannot make. To be competitive, not only must each entrepreneur have his own differentiating area of expertise, but now he must keep up with an everchanging fiscal regulatory landscape. In addition to managing sales, marketing, communications, networking, finance and personnel, today’s entrepreneur must also be a Sunday accountant. This all comes at a price. Ask any entrepreneur and he’ll tell you: “There just isn’t enough time to get everything done.” Where there’s a lack of time, there’s stress; and where there’s stress and no time, errors and oversights are sure to follow. How can entrepreneurs keep up with the latest federal and local tax laws and complex regulations while trying to concentrate on running their day-to-day business? Unfortunately, many are struggling to do so. So how are they coping? Do it yourself: This is the most time consuming way to manage what is called “the other side of the business.” While the entrepreneur is struggling to get administration duties under control, he is not growing his business.
Enrico Chincarini CEO, Synergix
@ echincarini@synergix.ch With Richard McErlean Jr.
Hire an assistant: This might be a solution, but in the long run it means having one more person to supervise, motivate, educate, and remunerate. Unless he or she is a dedicated specialist, it’s just one more person who can make costly mistakes. Outsource, rely on service companies: In some situations, outsourcing all of the administrative and accounting functions is the best solution. Transferring a competence the entrepreneur does not feel he has, to a partner, makes sense. The technological advantage Technology provides the modern entrepreneur with tools, speed and access to information like never before. New ways of accessing research and analysis provide depth, and electronic communication provides reach. To ignore the technological advantages now available would be tantamount to ignoring industrial innovation a century ago. When the Sunday accountant makes the leap into the 21st century, he faces the daunting task of choosing the right accounting software. More often than not he gets lost, overwhelmed, and ends up going back to his trusty old spreadsheets. In the end he learns that accounting and administration isn’t just about making on-line payments or printing invoices; it’s a fulltime job. There has to be a solution that frees the entrepreneur to focus on running his business, without relinquishing control over his accounting and administration responsibilities. Leveraging new technology There is a growing industry that provides the solution. In it, business service companies are not only offering outsourcing services related to accounting and administration, but are BANKING SOLUTIONS 2011
Banking solutions ok.indd 45
23/09/11 16:56
46
Tendencies of financial Applications also using Internet technology to actively share information with their clients. By leveraging this technological advantage, they form close partnerships with their clients to deliver the needed expertise with personalized service. The result is an outsourced professional team with an in-house feel. One of those companies is Synergix SA of Nyon. Synergix specializes in outsourced accounting and administration services for small and medium sized businesses. Synergix’s CEO, Enrico Chincarini, believes his clients shouldn’t have to
client company has his own dashboard. At a glance, he can access financial results, receive bank transaction alerts, check outstanding bills receivable and payable, and supervise the cash and liquidity situation. It’s all there, and in real time. With this key information always at their fingertips our clients can anticipate and act rather than react. This gives them the edge.” He adds, “The dashboard view also hosts important day-today elements, such as task tracking, document and expense account management, which, like the financials, are also in real time. For us information alone is worthless; having it ready, pertinent, and reliable? That’s what counts.” Taking the technological leap So who is stepping up and making the change from spreadsheet dependency and paper chasing to partnership technology? Chincarini explains, “In general there are two types of companies who come to us: Those who want to control overhead costs and focus on sales, and those who are in the midst of downsizing or consolidation and need a technologically sophisticated single entry point. More specifically, we have clients who see us as a way to separate themselves completely from the accounting and administrative duties, but value the information flow. We also have clients whose accounting and administrative needs are technically complex. In both cases our ‘service with technology’ approach is the ideal solution.” Technology and the future
waste time searching for information. He asks: “What is the point of having business intelligence if you can’t even use it?” As an experienced entrepreneur, Chincarini understands the needs of small and medium business owners. According to Chincarini, what sets Synergix apart from typical fiduciary companies is the fact that he has a team of “entrepreneurs serving entrepreneurs.” His approach to accounting and administration can best be described as “full-service accounting and administration, combined with cutting-edge technology.” At the heart of Synergix’s technological offering is the “E-platform.” Chincarini explains, “Using our SaaS delivered E-platform, our clients have instant access to their financial and accounting information. It’s about speed, efficiency and service. Our approach isn’t ‘here are your numbers,’ it’s, ‘tell us exactly what you need and when you need it, and we’ll provide it.’” According to Chincarini, “What sets our E-platform apart is its ‘dashboard view.’ Each designated user within a
Chincarini sees it like this: “There is a prevailing dichotomy in the business community that there are either technology companies or service companies. We see ourselves as a ‘technologically-driven service company.’ To say this is the vision of the future would be incorrect, because, it’s not?it’s now. The smart small and medium business owners recognize this, and though change is inherently scary, it’s necessary. Those who embrace this approach are already breaking away from the pack.” How does Chincarini see the future? “The stodgy old-fashioned fiduciary company style has got to go. We work hand-in-hand with our clients. We handle everything. With us, it’s personal, and that’s how it has to be. As more entrepreneurs grow comfortable with technology, close partnerships between business service providers and their clients will become the norm. I look forward to the day when entrepreneurs will have the confidence to push their partners to innovate and improve the information flow. That kind of symbiotic relationship will be the driving force behind bringing information technology and business closer than ever before.” This remains to be seen. In order for it to happen, many old walls of habit and resistance to change must fall. The marriage of service and technology appear mutually beneficial to over extended entrepreneurs and those who can help them. The real question seems to be, will entrepreneurs come to realize this sooner rather than later, and when they do, will there be enough visionary companies like Chincarini’s to go around?
BANKING SOLUTIONS 2011
Banking solutions ok.indd 46
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page16
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page17
49
Tendencies of financial Applications
How should IT architectures change to support a tax-declared asset strategy? The activities of competing banking locations as well as foreign tax offices have been putting increasing pressure on Swiss banking secrecy, which will likely lead to further regulatory measures as well as bilateral negotiations and agreements.
I
t can be assumed that new regulatory measures will give rise to restrictions on business models currently in use, as well as on banks’ client advisory services. These restrictions will require intervention by banks at the strategic, process, and IS/IT level. One way to respond to these changes is to proactively strengthen the strategy currently in place with regard to client orientation and excellence of service. A critical success factor (CSF) will be the systematic alignment of the IS/IT architecture toward the upcoming challenges and the implementation measures that have been derived from that. Future IT application landscapes must provide much more flexible support for a bank’s high-quality services in order to enable the quick, efficient realisation of products and channels that have been optimised for individual countries, for instance, while also effectively meeting the regulatory requirements. Based on this approach, the following paragraphs list a selection of new and altered business requirements, and illustrate the potential impact and consequences these might have on both the application landscape and IT.
Falk Kohlmann Senior Consultant, Swisscom IT Services Finance AG
@ falk.kohlmann@swisscom.com
Business requirements and subsequent IS/IT strategies Based on the strategic alignment mentioned above and the associated regulatory framework conditions, the business requirements can be broken down into the topics described below. Front office requirements: Banks can enhance their profiles and implement statutory requirements via new or modified services which are primarily visible to clients through the front office. One reason for this is that the front office is where interaction with clients takes place, for instance regarding the declaration of funds. Consequently, this area offers banks potential for differentiation by giving them an opportunity to fulfill regulatory requirements in the most client-friendly, efficient way possible during the advisory process whereby clients also benefit from comprehensive information about the performance and composition of their portfolios and have the option of initiating transactions themselves, even from abroad. These enhanced performance and transaction functions offer new opportunities to compensate for market advantages previously derived from Swiss banking secrecy. Product requirements: In addition to an appropriately-structured advisory process and new opportunities in the client-bank interface, modified services must be defined. Based on strategic alignment and other regulatory specifications (e.g. FATCA), every bank must examine its products with regard to both their tax impact and applicable regulatory requirements,
Peter Hofmann Manager, Swisscom IT Services Finance AG
@ peter.hofmann3@swisscom.com
BANKING SOLUTIONS 2011
Banking solutions ok.indd 49
23/09/11 16:56
50
Tendencies of financial Applications
Business requirement
Detailed requirement
IT requirement
Application area
Front office Identification of nondeclared funds
• Subsequent request for required explanations
• Flags for each client and account
• Client static data • Client data history
Structured advisory process
• Integration of regulatory specifications
• Control points to ensure compliance with regulatory specifications • Check test upon sale of the product
• Reporting systems • Withholding tax • Data integration services • Financial messaging
eBanking for private banking
• Performance and (overall) portfolio report • Initiate transactions/ trading
• Enhance eBanking to cover the new requirements of private banking clients • Ensure compliant products/transactions
• Security static data • Product configuration
Trust company
• Declaration and taxefficient investment of managed assets
• Establish an interface to the trust company
• Online banking • RM workplace • Sales support systems • Compliance support applications
Products
Product factory
• Identification of compliant products • Products adapted to target • Enhance existing product markets and optimised configurators with regard to tax efficiency
Fee management
• Centrally-maintained pricing models • Online banking • Identification of impact on • Adjustment of price • Compliance support configurators margins applications • Enrich product • Update of the product • Data integration services profitability calculation profitability information (e.g. market data) with additions regarding target market/products
• Fee modules • Data integration services (e.g. market data)
Reporting
Correct tax reporting
• Tax reporting in accordance with the target country • Documentable withholding tax
• Interfaces to relevant sources of information • Withholding tax • Integration of specialised • Data integration services tax applications (e.g. tax services) • Modular and scalable reporting system
BANKING SOLUTIONS 2011
Banking solutions ok.indd 50
23/09/11 16:56
51
Tendencies of financial Applications
and make the results clearly understandable to clients. It is imperative that the products are structured in such a way as to meet the statutory requirements of their respective target market, and are tax optimized for clients (whereby the client’s tax domicile is relevant). For banks, this means that specific products with increased transparency could be added to their product range to better comply with regulatory requirements. Moreover, banks not only have to consider which margin allocation would be interesting for the various products and target markets but also examine the impact on client profitability. These new requirements must be taken into consideration when looking at product profitability. Evaluation requirements: In order to implement the tax-related requirements, tax reports, which are specifically geared toward the various target countries, must be drawn up for clients. Here banks have the potential to differentiate themselves by being able to provide client-friendly support for country-specific tax reports and flexibly implement changed tax specifications. Within the context of withholding tax, for example, the different amounts (e.g. 25% for Germany vs. 35% for the EU) must be indicated correctly and clients must be provided assistance when claiming a refund. To make the most of this opportunity, banks must optimize the transparency of their reports and increase the level of useful information provided. This requires that system updates reflect the changed tax regulations of various countries, and allow the required information to be extracted or purchased via specialized providers. When aggregating data from a variety of different databases and exchanging information with specialized applications, agile interfaces, including those to core banking systems, are necessary in order to systematically implement a modular reporting system.
Action needed All in all, a declared asset strategy will bring about certain shifts and enhancements, yet will not have any fundamental impact on the application landscapes. The IT requirements identified represent challenging individual changes, but do not require any fundamental adjustments to the overall architecture. Compliance Support in the front office, new and altered interfaces between the core banking system and specialized peripheral systems, enhancements to the eBanking system and product development environments as well as access to historic data that is frequently available from diverse sources, will all be of importance. By taking into account the requirements listed above, banks can take advantage of the opportunity to further enhance their existing client focus and excellence of service. Nevertheless, it will be vital to examine the requirements positioned in the generic application architecture in a streamlined, systematic way, for example, by using the modular architecture management approach defined by Swisscom IT Services Finance Ltd. This makes it possible to examine the IT application architecture implemented for each specific client in accordance with the requirements described and also offers a systematic, business-oriented top-down review throughout the various levels of the architecture. The latter ensures that the opportunities and impact of regulatory changes such as a tax-declared asset strategy are implemented ideally in both the organization and IT while pointing out which action areas still need to be taken care of. While an isolated review of the IT application architecture might identify potential action areas in the IT application landscape, it neglects to account for how requirements are met within the business, organizational, process, and service architecture.
Š sorendls
BANKING SOLUTIONS 2011
Banking solutions ok.indd 51
23/09/11 16:56
52
Tendencies of financial Applications
Mobile banking: What is it?
Alain Rubeli Managing Director, APIA SA
@ aru@apiasa.com
Internationally, the number of banks that offer access to their services via smartphones is growing exponentially, while in Switzerland only in the last few months have banks timidly begun to put a toe in the water.
W
hen speaking of “mobile banking”, often we simply mean the optimizing of an online banking site for display using a smartphone browser. Mobile banking is not even merely the checking of an account balance via text-messaging, which is a ten-year-old technology that never really caught on (at least in Switzerland) and is now only of interest to less technologically-advanced countries. In reality, and especially when considering the potential of modern smartphones, a mobile banking service can be thought of as a stand-alone service; a new platform for offering existing customers, and possibly even new ones, access to classic banking services and much more, without just moving customers from one low-cost channel (online banking) to another (mobile banking). Mobile banking: just a passing fad? Morgan Stanley predicts that by 2015 there will be more “mobile” users than “desktop” ones: we are faced with yet another technological leap forward, comparable to the transition from radio to television. In the 1970s, there were many who saw the creation of
The Mobile Internet Report
an ATM network only as a cost. Similarly, in the 1980s few thought it was sensible to invest in building a web site: today, how many banks do not offer an ATM network or have an online presence? To answer our question: No, mobile banking is not a passing fad but the beginning of a new way of relating to banks and using their services. Functions such as mobile payments can only help users and banks to better understand the potential. So, how should banks approach mobile banking? TowerGroup has developed an interesting model for assessing the maturity of a mobile-banking solution: in effect, it ranges from merely making information available, to the possibility of making transactions (payments, trading), to real interactivity between banks and customers. The next step would be to offer features and services not directly connected to the banking world and actually participating in the customer’s social life. Intriguingly, many banks with a presence in App Stores are, in reality, only offering information about their products or branch networks without allowing their customers to check account balances: these Apps have not even reached the first level of the maturity model. It is important for banks to appreciate that the time has come to offer a complete and functional access to their services: if we examine the state of mobile banking in Switzerland, “the home of banks”, compared to the rest of Europe, not to mention the United States, we’re still living in the “Stone Age”. Why are banks waiting on the sidelines? Security, either real or perceived, is certainly one of the concerns that is delaying the offer of mobile access to banking services. “In fact, unlike surfing from one’s home or office, ‘mobile’ is concealing additional hazards”, confirms Prof. Angelo Consoli (Manager of the computer security laboratory of the Department of Innovative Technologies of the University of Applied Sciences and Arts of Southern Switzerland, SUPSI). “Access via public networks, the scant knowledge and awareness of many users or the use of devices that are not properly protected are elements that increase the risk.” APIA, in collaboration with SUPSI, has developed a solution
BANKING SOLUTIONS 2011
Banking solutions ok.indd 52
23/09/11 16:56
53
Tendencies of financial Applications
that reduces these risks to an absolute minimum. Banks are free to determine the level of security to apply when identifying customers and verifying transactions, while APIA’s solution guarantees total security in the transmission of data from smartphones to the bank. “APIA’s solution,” says Consoli, “provides a connection that is even more secure than that commonly used for online banking from the home or office: it offers a data-security and encryption framework that is a step above what is used for HTTPS traffic.” In effect, in addition to securing the communications channel (by using an encrypted SSL connection), APIA goes one step farther by digitally encoding and signing the message; preventing alterations and eliminating the typical risk of “man in the middle” attacks. “APIA did not stop there, but introduced additional technical/ functional strategies that exponentially increase the level of security without sacrificing usability and performance, which is very important considering the limited calculation power of smartphones.” Obviously, the user has to do his part by choosing, for example, a strong password and keeping the programs constantly updated.
Customer behavior is changing: in recent years, customer independence has constantly increased, also due in part, to pressure from the banks themselves. So, banks need to offer their customers a tool which will allow them to perform as many banking operations as possible at the lowest possible cost. To repeat, offering mobile banking doesn’t just mean “moving” customers from one channel to another: it means accessing new customer niches or accessing specific segments before competitors. In this regard, to understand their true potential, one needs only think of the popularity of smartphones with young people. It is precisely the young, the so-called “digital natives”, along with independents and SMEs, that are the users most interested in this technology: firstly, because they already expect that all services should be provided through smartphones and, secondly, because they don’t have time to go to a branch to
Mobile Banking Solutions maturity model
Customer behaviour is changing If banking products are similar, how important (and possible) is it to differentiate oneself from one’s competitors? It is true that, in recent years, we have seen a standardization of core banking systems (systems that, in the most part are invisible to customers), leaving prices and quality of service to differentiate individual banks. It is also true, however, that in mobile banking (a bank branch in the customer’s pocket!) it is almost mandatory to present oneself in a unique way: obviously by providing all basic functions, but also offering a user experience that allows banks to effectively distinguish themselves from each other - not just by the color their logo. Offering a customized solution, especially in the realm of mobile banking, is thus not only possible with a modest investment, but actually very advisable. APIA’s solution, for example, allows banks to offer all basic services e.g. checking balances and transactions, making payments or topping prepaid cards, placing trading orders, authorizing e-invoice payments, accessing account statements and communicating directly and securely with the bank; all with the ability to customize services and navigation. APIA’s solution is an ideal platform: it is highly customizable, flexible and secure, and offers a stable base for the future development of new functions and services. To summarize, why should a bank invest in mobile banking? Because today, offering a mobile channel will give a bank a competitive advantage that should not be underestimated; an advantage that will soon become a clear disadvantage for institutions that are unable to upgrade in time.
Morgan Stanley & Co, 12.2009
make routine transactions and would like to make them any time, anywhere. What will mobile banking be like in the future? Much depends on the possibilities that technological evolution will offer: smartphones and tablets are revolutionising the way we make purchases, the way we converse and interact. Increasing involvement of banks in the everyday lives of their customers is almost inevitable. We can therefore expect to see a greater integration of banking services and social networks; “nonfinancial” services provided by one’s bank; the possibility of interacting directly with a consultant by sharing online information, and much more. To be able to respond to challenges that we face today and will face tomorrow, is precisely the reason why APIA will continue to invest in new functions. Always one step ahead. BANKING SOLUTIONS 2011
Banking solutions ok.indd 53
23/09/11 16:56
54
Tendencies of financial Applications
Improvements in Collateral Management and Supply Chain Finance Trends in Trade Finance technology
Paul Cohen Dumani General Manager, MIT SA
@ pcohen@mitsa.ch
It is true that banks nowadays are more or less well equipped with systems capable of supporting their back-office operations linked to financial instruments, such as letters of credit, guarantees, and collections such as our own flagship product Credoc. It is not obviously the case, however, for more complex financing, the monitoring of its allocated credit limits, and the management of collateral. In this case, the most frequently used tool is an Excel spreadsheet.
T
he spreadsheet offers great flexibility for relationship managers to follow the evolution of their transactions, and establish the global economic position of a customer at a given time. The position is calculated on the spreadsheet by consolidating data manually from heterogeneous sources. The global economic position supports the decision-making process of a relationship manager or a credit committee, when deciding whether or not to finance. Despite its proven flexibility, a spreadsheet has some limitations. It is not sufficiently secure as far as the reliability of the data presented is concerned. Spreadsheets also typically support the decisionmaking process for financing amounts up to seven or eight digits. Therefore, market demand is increasing for innovative dashboard tools that can be easily integrated into a bank’s IT infrastructure and are capable of automating the extraction of data coming from various systems in order to present a reliable, real-time view of a customer’s global economic postion. As introduced above, standard back-office systems, or even loan systems, already include notions of limits, risks, and collaterals nowadays, but bear in mind they are first and foremost designed
to process, book, and follow up the financial instruments they automate, whether it is letters of credit, guarantees, collections, or loans. Yes, you will find in such systems functionalities such as the follow-up of risks, limits, and collateral in such systems but only in the framework of one given operation. I will oppose here two notions: Transaction and Operation. A Transaction consists of several operations of purchases and sales that can sometimes be linked to a documentary instrument such as an LC, but sometimes not. Nowadays, banks are engaged in more complicated financing transactions that involve many operations of purchases and sales, and combine the use of LCs (import or export), open account, or even cash. Therefore, a traditional back office system often cannot give you a complete view of a more complex financing scheme, especially in terms of monitoring collateral and the different risks involved under one transaction. For this reason, banks are increasingly looking for proper Collateral Management systems to monitor their various Trade risks including Counterparty risk, Customer risk, Commodity risk, and Country Risk. Not only can such systems help banks monitor risks and limits, but it can also help them in calculating the amount of capital required for their trade finance operations, to be in line with Basel II and now Basel III regulations, which set even higher standards for banks in terms of capital requirements. Innovations in Supply Chain Finance Trade Finance is an activity still very much based on paper and physical exchange of documents. For over 20 years now, Banks and big Trading companies have invested considerable amounts
BANKING SOLUTIONS 2011
Banking solutions ok.indd 54
23/09/11 16:56
55
Tendencies of financial Applications
in IT development to dematerialize Trade documents such as the Bill of Lading for instance, and automate the exchange of information between the different players in International Trade, whether they are Banks, Exporters, Insurers, Carriers, and even Freight Forwarders. The trend in this area is Multi-banking platforms. Indeed, with such a platform, an Exporter can deal with the operations opened with several banks and consolidate the data under one single window. They are many initiatives in the market these days such as the Trade Services Utility (TSU), initiated by SWIFT to address the Open Account world and even to offer an alternative to traditional Documentary Credits using a new payment method (based on technology) called BPO (Bank Payment Obligation).
In the French part of Switzerland also, the Geneva Trading & Shipping Association (GTSA), which counts among its members the main trading companies and banks providing trade services in the area, launched a multi-banking platform that should go live in the last quarter of this year. The main constraints with these initiatives are that, first of all, none of them have reached sufficient critical mass to impose it as a standard in the market. Furthermore, it is a daunting task to reconcile the various needs and interests of the different actors in the Trade arena. Nevertheless, one can argue that, despite those constraints, this growing tendency towards more automated Supply Chain Finance is becoming more and more inevitable.
Meet Your MBA Match!
ONE-TO-ONE MBA EVENT PUB GENEVE, 22 Octobre
Rencontrez les directeurs d'admission des meilleurs programmes MBA internationaux: Rendez-vous en One-to-One, en duo ou en petits groupes Service d'orientation MBA personnalisé Coaching et préparation aux tests d’admission GMAT
Inscription gratuite et obligatoire sur
www.accessmba.com BANKING SOLUTIONS 2011
Banking solutions ok.indd 55
23/09/11 16:56
56
Stakes of Security
Investing in Corporate Information Security
One of the toughest challenges of the coming years
Nicolas Giannakopoulos Board Member, High-Tech Bridge
Talking about investing in corporate information security seems like it’s going be the same thing over and over again: hackers are everywhere, risks also, from your own employees to the director, information is one of the most important assets of any company and, for some companies, such as those in the banking and finance sectors, a secured information environment is actually mandatory for conducting business…. Well, we can say that in a broad sense, everything mentioned above is true.
@ nicolas.giannakopoulos@htbridge.ch
W
hen talking about investment, one may immediately think about the investment a company should afford to secure its own information system. This is also true, but not the only point. In fact, we are not talking here about securing only data, but the whole information production, storage and especially flow, between internal and external actors. We are speaking about how information can be sensitive in the short and long-term, and we will not touch upon software or systems, but architectures and mainly risks. So if you are reading this document to find some software hints or tricks, I’m afraid you’ll have to revert to your regular sources; you will find no information of this kind here. Speaking about investment, we would also like to emphasize that we are not only thinking about the investments a company should do to secure its own information system, but also how the investment in the sectors can be profitable. Indeed, the term “information security” covers lots of different realities. One of the primary goals of securing your information systems is to make sure that the data and the system you use every day will be available tomorrow, the day after, and every time you need it. The second reality is to avoid any unauthorized third party from accessing your data and information flow, not because you have something to hide, but because some of your data is confidential and out of respect for your client’s privacy. But securing an information system is also very useful for gathering all additional data that will prove very useful, if an external or internal breach of confidentiality leads to a problem. It will then help you to solve the problem more quickly and efficiently, because you will have at your fingertips
BANKING SOLUTIONS 2011
Banking solutions ok.indd 56
23/09/11 16:56
57
Stakes of Security
all the necessary information about how the breach happened. It is difficult to design an information security system. It’s a specialist’s work. Every large company has at least one of them as an employee, if not an entire team, and for smaller businesses, a myriad of consultants and specialized companies can offer the same, meeting the highest quality standard. But as risks multiply and go global, as regulations become more and more complex and sometimes contradictory, as information technology goes faster and faster, and the sector hides in its shell lots of low quality solutions and people, if not crooks, still know that the security of an information system can never stand still. It must always adapt, move, change, improve, sometimes incrementally, sometimes with some major breakthrough. And as systems become more and more complex, involving larger and larger investments, it becomes more and more difficult to initiate, manage and drive these changes. That’s why most information security systems develop in stages. One takes the most advanced technology at the time of its conception, implements it and manages it until there is a critical issue that leads to a major problem within the company, which could turn into a criminal one, or even worse. This evolution in stages seems to be an inevitable burden for most systems, because it involves so much investment by companies, not only in terms of software and computers, but also in practice, with training and the development of habits
that ensure continuous change, which multiplies the risks of wrongdoing, intentionally or not. You’re not a specialist By designing an information security system, one has to cope with three major issues: the risks, the technology and the users. Technology is not simple to handle but basically, it can provide a solution for every problem, even the ones that you couldn’t figure out (with some extras). Technology’s costs also grow exponentially, as one tends to achieve the minor possible risks. But it is also known that there is an inverse relationship between the strength of the information security and the usability of the system. If you have to enter passwords, key dongles, and fingerprints every mail you send, people will soon develop side strategies to avoid what is appearing as a “pain in the ass” and thus lead to major security problems without your knowing about it. One of the bigger challenges of good information security systems providers today, is to design and develop systems that can improve with the technical challenges, without modifying the usability for end-users. But one of the major challenges for designers, which are not always well understood, is the risk factor. In fact, risk factor is often calculated through a matricial environment that classifies every identified risk, BANKING SOLUTIONS 2011
Banking solutions ok.indd 57
23/09/11 16:56
58
Stakes of Security
according to its probability of occurrence and its danger for the company. A lot of systems are growing far too complex, because risks are not evaluated properly. Indeed, risk evaluation begins with the system’s design and goes along the whole life of the system, with some major issues in-between, such as the choice of the security partner you will hire to help or do the entire job. Most of the time, solution providers want to make money, so they tend to push you toward more expenses and features with which they can bill you, without you knowing about it…you’re not a specialist….they are…. And sometimes, as I figured out in Geneva this year, some providers sell security technical solutions, which are outdated and heavily overpriced…Not to mention the backdoor a provider can introduce to your system without your knowing it, because it can prove to be useful for other reasons. The sector’s issues have become so complex and difficult to understand and business has developed so rapidly and successfully in terms of markets and figures, that rumours have it that large companies have been regularly accused of promoting the risks of hacking and disruption by developing and spreading their own worms, viruses and other malwares, in order to boost their own business by providing the solution to their own problem. That is part of the whole risk scheme. Anyone developing the risk matrix should be aware that it is less important first to design “what could happen” (basically everything) than asking the question “what for”. Indeed, what I try to teach my students at the university, is that creating a risk matrix starts not by asking the question “what” could happen, but “why” such risk could happen. By answering this question, you dramatically reduce the range of the “what” question. And the answer to the first “why” question leads to another one, which is “who” can perpetrate an undesired act. By managing the combination of “why” and “who”, you will know about the “what” and you will then be able to identify the undesired risks of wrongdoing. The “who” question is quite simple to answer: its either an inside person (with the due privilege of access to information and system’s rights) or an external entity (which leads to the cost-benefit calculation for completing a hacking scheme for example). The “why” question refers to motivation and here, these are also not very complicated: it can be money, revenge or competition (espionage). Thus you have your risk matrix where you can position the different risks. But according to my experience, the major problem comes from insiders, who know the system by heart and see all its faults. If these people are in a shaky environment (addictions, family problems, personal problems, etc.), they might become at risk.
The “why” and “who” matrix or motivation x perpetrators is also useful when a problem occurs, in its analysis and to understand its dynamics in the search for solutions. This risk analysis should also be conducted on the software and on the providers, as well as on the competitors and internal staff. And risk improving can be incremental, as this analysis can lead to a better understanding of the situation surrounding the company and the impact it can have on its security systems and information. If these elements are well understood, they can be easily explained to other parties without asking all of them to be specialists. One of the main issues in all these sectors of information security should be a major effort in making the critical issues understandable for all and not dressing them up in some “specialists” language. By achieving this, you empower the employees and create a kind of internal “neighbourhood watch”, which can prove to be very efficient. More and more complex Obviously, no one can argue that they can cope with all risks all the time. That’s why, in a continually changing and evolving environment, this risk analysis must be a continuous one, both in relation to external threats and to internal and technical threats. And that’s where a good partnership with a security company is important. That’s also why the ever changing environment offers good investment opportunities. A good third party company will be the one that offers you not only the “state of the art” technical solutions, but also offers you the simplest solution, the one that can be easily understood and the one that can be easily monitored, improved and managed. Too complex systems often improve by layers, making the system more and more complex and dependent on one single provider and leaving or creating backdoors, which cannot be detected or managed, because of the complexity of the whole system. In the information world we all depend on the information system’s management, which is becoming more and more crucial, not only for the company’s day to day business, but also, as a whole, for the preservation and development of knowledge. This leads to further innovation and ideas and the difficult job of ensuring the security level, which in turn involves continuous investments, curiosity, challenges and opportunities. For any company, large or small, it is essential to ensure a relative security level not only for continuity purposes, but also to guarantee our quality of life and development.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 58
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page18
60
Stakes of Security
Christian Marchand Consultant & Administrator, Isys Banking Software
@ c.marchand@isys.ch
New orientation and trends on banking software security Highly secure management and tracking of sensitive data are today the watchwords for banking software. Banks are now facing a double challenge to an equation that may not include the unknown.
O
n the one hand, the recent attacks coming from the institutions, in addition to those increasingly more frequent from hackers (which, paradoxically have seen the emergence of a new phenomenon, the “ethical hacker”!), have greatly increased the need for traceability. On the other hand, the steadily growing need to access sensitive information, which has become increasingly essential and in more frequent demand, to ensure careful management, particularly in matters of taxation, have highlighted the need for a confidential and secure “data management”. Let’s not forget the mobility of clients and managers (see top managers), who require the availability of such data on the latest generation media (smartphones, tables, e-banking, etc...). Finally, very trendy right now, the undeniable success of “cloud computing” leads providers to offer the banks a private and national “cloud”, although not public and global. Here follows a short overview (without mention of providers or product names): Traceability Let’s begin with the traceability of sensitive information in anticipation of malicious activities. Nowadays “niche” solutions can be “plugged” into many banking packages. They allow the identification of sensitive data or vulnerable zones
and the control of access times, in a consolidated and proactive way. A centralized and secure storage of the traces allows an on-going compliance with regulations and individual procedures. Forensic analysis modules are often available. Consolidated management of sensitive data Data management has also evolved. Until recently, the client’s sensitive data have been treated entirely remotely from the central system, however today, confidential data management takes place directly in the central file, using sophisticated cryptographic solutions. This makes it easier for “compliance” tasks and allows the automation of AML procedures (Anti Money Laundering). Thus, it is possible to determine what type of data needs to be encrypted to make authorizations (for example the use of SmartCards) to consult and/or to modify. This will ensure data protection against internal threats, even in case of theft. SmartCards are subject to a highly secure management. It is usually the Card Manager, who configures the cards for the users and generates the public and private keys; the Cipher Manager, who manages the database of secret and personalized keys, and finally the Security Officer who issues operational permissions and verifies traceability. The two first roles are not interchangeable and both have to be authorized by the Security Officer. Furthermore, the same technologies are used in addition to sensitive data management, to manage documents concerning clients, such as application forms (automatically produced by attaching “templates” to the client’s typology), and other confidential documents generated during the life-cycle of relations with a client. We still need to discuss the security aspects needed to handle the explosion of “apps” on mobile media and the growing presence of cloud computing.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 60
23/09/11 16:56
61
Stakes of Security
Mobility and its dangers Smartphones and tablets are easily hacked, both in Wi-Fi areas and in application registration. Today, private banks are already testing new ways of creating «bubbles», which will secure the bank’s own and its clients’ sensitive data. However, they don’t want to generalize this new type of working tool, before the protection solutions have been fully tested. One example is a solution with a highly granular and independent control of the interface on the local data synchronization made between mobile devices and smartphones with computer terminal platforms of the Company (desktops or laptops of employees). With its patented technology for filtering local synchronizations, this solution enables administrators to make a central and granular definition of types of information, which groups or specific users are allowed to synchronize between the company PC and their locally connected mobile devices.
lized «private» applications are directly administered by the company (which manages its infrastructure alone) or pooled (if a trusted provider supports some of the outsourced services). This model is supposed to offer the “public” benefits of cloud computing (i.e. lower cost of application virtualization in the case of a shared infrastructure) without the drawbacks: a focus on data security, on compliance with corporate governance and the reliability of services provided. Applications and infrastructure are available on a hosted «self-service» basis, and
E-banking Banking institutions have made enormous progress in securing transactions generated by their e-banking users. Even techniques, such as the «Man-in-the-Middle» used by hackers to modify the amounts and recipients of payments are now under control, but «Man-in-the-Mobile» techniques are beginning to emerge, confirming that the danger is once again the new media. According to the report of MELANI in the second half of 2010, issued by the Strategy Unit of the Confederation, «in future, users of e-banking will probably do their transactions by mobile phone, which promises new challenges for financial institutions, partly because mobile phones don’t offer the same level of protection that a «normal» computer already does. The two-factor authentication, when the code TAN is sent by SMS, offers a new opportunity to appeal to the e-banking users, as the smartphone is not used as an independent authentication channel. While these dangers are not yet imminent, we still have to include such considerations, when planning the next generation of authentication for e-banking. The «private cloud» still unclear? «White papers» on the subject are not lacking on the web. “Private cloud” (internal or private) is defined as the establishment of a network owner or a data centre providing hosted services for a limited number of users. Specifically, the virtua-
scalable and flexible thanks to the proximity of the Company to its services. For the moment, cloud computing projects in the Company still concern a minority of packages (ERP/CRM) and Business Intelligence solutions. They focus on enterprise messaging, applications of finance/accounting, human resources, storage, collaborative tools, databases and servers. BANKING SOLUTIONS 2011
Banking solutions ok.indd 61
23/09/11 16:56
62
Stakes of Security
Yoann Le Corvic Senior Security Consultant, Netexpert
@ yoann.lecorvic@answersolutions.ch Major technology shifts, projects cost cuttings, lack of consideration of information security in business projects and a false sense of security provided by certifications, irremediably lead to frequent information leakage or theft . Focus on information confidentiality in the banking sector.
B
Ensuring data confidentiality st in the 21 century efore tackling new threats to confidentiality, let’s see how information security should already be managed generally.
Confidential information Banks and financial institutions store and process an important volume of information, but not all require the same attention when it comes to confidentiality. So the primary task to carry out is to inventory corporate information and determine its confidentiality requirements. Many factors will influence information confidentiality levels: • Legislation: most countries require organizations to protect personal information in their legislation (for example LPD in Switzerland). Failure to comply can lead to fines and potentially jail sentences. • International financial regulations: • Basel 2 / Basel 3 : more specifically the operational risks pillar. • PCI/DSS : for all credit card data protection rules. • Country specific financial regulations: • For example Finma in Switzerland sanctions professional secrecy violations, be it intentional or by negligence. • This is a particularly complex subject for banks and financial institutions with subsidiaries spread across the world, as regulations can be very different. • Last but not least, business risk evaluation: complying with legislation and regulation is mandatory, but there is more at stake. The business impact, should personal and financial information be made publicly available, can be serious. Those potential consequences need to be carefully evaluated in order to determine confidentiality requirements. • Information confidentiality requirements must be formalized jointly by business managers and operational risks managers, assisted by the chief information security officer (CISO) as required. This strategic referential, a key element to plan for adequate protection, must be approved by senior management. Ensuring information confidentiality As a preamble, it is important to make an important distinction: information security is not just about information confidentia-
lity. Global information security management must also ensure integrity, availability, non-repudiation, information access audit trails, and possibly more.The global information security management must include a risk analysis methodology, which, to be efficient, should be applied to all business and IT projects involving access, processing, transfer, or any operation on sensitive information. The diagram below is an example of project risk analysis methodology.
Risk analysis in business projects
Focus on new Confidentiality
challenges
for
Information
Protecting sensitive information on internal information systems is the foundation. But his mandatory step is no longer sufficient as IT strategies, technologies and business requirement evolve. Let’s focus on a few new challenges.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 62
23/09/11 16:56
63
Stakes of Security On the move… Roaming is more and more present in organizations today, and usually concerns top management first. This makes the challenge an even bigger one, as this population is also the one manipulating the most sensitive corporate information.. iPhone, iPad, Blackberry, Windows Phone, and others, are progressively replacing traditional laptops. Mobility being the first preoccupation, we clearly see that security aspects are not the main concern. Relying more and more on those devices for business purposes also means storing business applications and information, personal data, customer information, etc. To summarize, confidential information is circulating outside usual boundaries, and is not protected by usual security measures anymore (even most basic ones such as antiviruses). As well as being small, light, and mobile, such equipment is subject to loss and theft (new tablets, new smartphone tend to be much more attractive to thieves that traditional laptops). Recent Ponemon Institute surveys (sponsored by Intel) found that on a panel of 275 European and 329 U.S private and public organizations, nearly 160 000 laptops were lost (~60%) or stolen (~40%). Of those, only around 30% of them had disk encryption. And we are talking only about laptops… There is no way to reverse the trend. Roaming needs will grow. To make sure this does not leave the corporate information exposed, organizations must adapt their security framework and architecture to keep business information secure even out of corporate information system boundaries. In the “cloud” Another “trendy” subject, again linked to corporate boundaries, is the “cloud computing” model, which makes extensive use of virtualization to hide the complexity of underlying infrastructures and provides on-demand resources to achieve the ultimate goal of drastically reducing IT costs. Different implementation approaches exist: private cloud, hybrid cloud, public cloud. In a private cloud, all computing resources remain within control of the organization. In a public cloud all resources are out on the Internet (hosted by cloud providers). A hybrid is a mix of the private and public solutions. Ensuring information confidentiality on public, out-of-control resources is the key challenge in cloud computing. • Shared resources: cloud providers often use common infrastructure to host all their customers. It is then difficult to evaluate the strength of isolation between our environment (with our data) and that of other customers. Some providers do not even allow security audits and intrusion testing. • Information access: the information is on hosted platforms, managed by the cloud provider’s IT team, which will necessarily be able to access your information. • Information storage: information is stored in the cloud. It is close to impossible for a customer to remain in control. What happens to your corporate information when you leave your cloud provider? How can you have the guarantee that all sensitive data is returned to you and that no other copies remain in the cloud? • Legislation: underlying cloud infrastructure can be (and generally is) spread across multiple countries. This means multiple legislations, which can be a real threat to confidentiality.
New challenges for information confidentiality Legislation can become a real problem. Very recently, the U.S. Patriot Act, which extends government’s data gathering powers for suspected terrorist activities, has been identified by E.U. as contrary to their directive on data protection. The outcome of the discussion is still unknown, but the problem is highlighted: corporate information confidentiality can be a collateral victim of investigations in some countries. The problem is that most cloud customers do not even know in which countries their data is hosted. It is even likely that if asked by a customer, the cloud provider himself might not even know! In the U.K., France and Switzerland, for example, some cloud providers decided to host their entire infrastructure within the country’s borders to be subject to local laws only. Needless to say that “cloud” computing can easily become “fog” computing as far as information confidentiality is concerned, unless it is rigorously managed. Data classification and risk analysis (as described above) are your main tools to initiate the study. Then evaluate what information can be trusted to a cloud provider and, when that decision has been made, make sure the contract includes clauses pertaining to information confidentiality guarantees. Outsourced development and support Application development outsourcing, especially when it takes place abroad, also raises issues. This is mainly due to the fact that developers usually request to have “representative” data to perform testing, or troubleshooting. “Representative” data is still too often interpreted as “production” data, meaning that it is really easy to end up with numerous copies of live business data (customers, financial reports, accounting databases…) completely out of control. Organize and enforce Protecting corporate information was, is, and will remain a challenging task, and consequences of breaches will keep making headlines. Be prepared and organized from C-level management to IT engineer. It is a known fact that reducing information security to a technical matter is not appropriate. But reducing it to only policies and standards just to be ISO 27001 (or other) compliant, with no financial, human, and technical means to enforce defined rules is also very dangerous. Some certified institutions suffered data leakage not so long ago. BANKING SOLUTIONS 2011
Banking solutions ok.indd 63
23/09/11 16:56
64
Stakes of Security
Raffael Maio CEO-CFO, NetGuardians SA
@ maio@netguardians.ch
Rationalization of costs in CoreBanking vs Security How to handle confidentiality, integrity and security of your bank’s sensitive information when multiple external companies manage your core banking system and infrastructure? How to ensure or prevent misuse of these data by internal or external contractor’s employees?
A
s part of its IT activities, a bank must be able to demonstrate its level of compliance with various regulations (Basel II, FINMA, CSSF, SOX, etc.) and guidelines (security policies, ISO, COBIT, etc.). These regulations, ensuring good risk management, have many consequences for confidentiality and data integrity. The cases of fraud experienced by the banking sector in recent years demonstrate the need to strengthen security and traceability of operations performed on sensitive data in order to comply with these numerous regulations. Information leakage is no longer only dependent on security holes or vulnerabilities of network or IT components, as the technology in this area has evolved considerably. Today, the “human factor” may pose an even greater risk for data security. It is often authorized users who steal or alter a bank’s or an organization’s critical information, as stated by KPMG in their last “Analysis of Global Patterns of Fraud – Who is the typical fraudster”. Accordingly, it becomes necessary to trace the data access and manipulations to ensure their confidentiality and integrity. KPMG also stated that less robust controls and fewer resources to monitor controls permit greater exploitation by fraudsters, in which 13% of the fraud cases were discovered by
accident. This statistic indicates that internal controls remain too weak to prevent fraud or misuse. Furthermore, nowadays, with the recent economic crisis that hit the financial sectors and the unstable global political economy, the watchword has been “Cost Rationalization” or “Cost Reduction”. This has led to a new wave of outsourcing, sometimes also known as “cloud computing”, in which financial institutions outsource their core business infrastructures, and even their core banking platforms to external contractors. It is now frequent to outsource to numerous different external contractors that can access a bank’s sensitive information, compromising visibility and increasing risk exposure to data leakage. Above all, it becomes increasingly difficult to apply a company’s own recruitment policies or security policy, and to identify exactly who is managing and exploiting sensitive information, when several external contractors may have multiple shifts that cover 24 hours a day and seven days a week. Therefore, how can we combine security and integrity with this new “trend” of outsourcing? Today, most of these issues are dealt with SLAs (Service Level Agreements). However, SLAs do not prevent nor protect institutions from data loss, misuse, or fraud. When these cases arise, it becomes extremely difficult to quickly identify who is responsible and it is obviously already too late. The SLA alone is clearly insufficient. Reactive (SLA) vs. Proactive (Risk Mitigation) In order to fill the gap of SLAs, the underlying mechanism is to establish a system of continuous risk mitigation that effecti-
BANKING SOLUTIONS 2011
Banking solutions ok.indd 64
23/09/11 16:56
65
Stakes of Security
vely targets data access and manipulations at risk (data exportation, printing of client information, administrative rights and databases, etc.). The challenge becomes to reconcile business activities and IT operations such as transaction, user access, databases, and so on. A good approach is to link the information gathered from IT operations and business activities to perform behavioural analysis and continuous monitoring. This drastically reduces the risk of fraud, misuse, or data leakage by combining the two heterogeneous domains together (Business and IT). To give a concrete example, a financial institution relies on an external contractor (as C1) to run and manage the IT infrastructures. Additionally, the institution externalizes to a second contractor (as C2) the exploitation of the core banking application (such as Finnova, Temenos, Avaloq, Sungard, or ERI) It means that, C1 manages the system levels (servers, operating systems, and databases) and C2 (specialized in core banking systems) manages the application that runs on C1 infrastructures. At this point, the financial institution has probably reduced its costs, which is good, spent quite a bit of time establishing and managing SLAs, but is probably weak or lack transparency in terms of who is doing what, when and where (accessing, modifying, exporting and executing information), on their infrastructure and the core banking system, which should be the main concern for any financial institution. In this example, there are clearly two separate entities (C1 and C2) that can access certain sensitive information. For instance, contractor C1, who manages and provides the infrastructures, can access sensitive data from the infrastructure level (as database, files, etc). And contractor C2 who manages the core banking platform, can retrieve information about clients, funds, amount, operations executed using the application interface. Consequently, numerous contractors’ employees may have “direct” access to large amounts of sensitive data. It therefore becomes crucial for the institution to mitigate the risks and possess oversight of who is doing what, when and where by setting-up a strong, automated transversal control. These controls have to covers both the IT infrastructures and the business activities (in our example represented by contractors C1 and C2). These controls would allow the firm to keep an eye on actions performed by the external contractors’ employees (C1 and C2) as well as internal staff. With these automated transversal controls, it becomes effortless to periodically or continuously receive reports or alerts on who accessed or dealt with sensitive information. As the
«Set of Automated Reports» actions are gathered continuously, it is possible to efficiently and effectively identify unusual behavior by users via behavioural analysis. Such analyses are performed in real-time and permit proactive actions to be quickly taken following a case of fraud or data misuse. It becomes then more practicable to comply with the internal security policies and external regulation and point-out what data protection mechanisms have to be enhanced with the external contractors and the internal collaborators. For instance, it would be possible to retrieve a listing of the users who authorized transactions and from which machine, who browsed accounts that do not belong to them, or detect administrator who accessed directly some tables in the certain databases. To understand technically how these automated controls can be achieved, it is important to understand that the activities, IT system or application, and operation of each computer leave footprints (called traces), and inform about the user, actions, etc. The aim is to exploit these natural resources gathered from different areas (business and IT in our example) to sort out security alerts and audit reports relating to current and past activities. With the use of these natural resources, it becomes drastically less complex to set up automated controls. It therefore takes only a few days to get your first results. Known for its risk mitigation solutions, NetGuardians developed an auditing platform based on behavioural analysis tailored to the banking sector. Its solution audits, monitors business operations at risks, and identifies abnormal activities, allowing it to effectively combat the risks of fraud and leakage of confidential information. BANKING SOLUTIONS 2011
Banking solutions ok.indd 65
23/09/11 16:56
66
Stakes of Security
Julien Probst CEO, Sysmosoft SA
@ julien.probst@sysmosoft.com
Can we trust emerging mobile devices’ security and allow access to sensitive data? This article aims to introduce issues and limitations of mobile technologies when handling sensitive data. Mobile devices are exposed to a lot of new threats and traditional security models cannot be applied. Thus, companies have to find a new way to maintain control and secure confidential data.
W
ith the spread of mobile technologies, more and more people are using Smartphones or tablets in their daily lives. The easy access to numerous web services as well as the massive diffusion of mobile applications through the convenience of application stores have greatly contributed to this success, enabling users to access information any time, any place. Other than their purely fun aspect, these
devices also offer professionals a great deal of potential. First, these applications enable company executives to carry out their work at all times, even on business trips. Second, they enable clients to have a direct link with the company, including privileged access to certain types of information. Finally, they present a dynamic image of the corporation. At the moment, many companies already propose a range of applications for various types of mobile platforms. In a majority of cases, these applications offer excellent ergonomic designs, and unfortunately sometimes trade-off a cumbersome but good security system, which is then all too often overlooked or relegated to the operating systems. For companies transmitting sensitive data, however, this modus operandi should not be tolerated, as security is a key element which deserves special attention. Indeed, it is important for these business entities to protect the whole information chain, from the heart of the company to communication transmissions, all the way to the outside on distant devices. Protection mechanisms should therefore be well mastered and meet high standards. In practice, unfortunately, Smartphone type technologies are still not well grasped, and the built-in security measures should not be considered sufficient to transmit sensitive data. Furthermore, companies need to bear in mind that end-users are handling their private devices to access sensitive information. In such cases, enterprises have no way of controlling the good usage of mobile tools, and therefore cannot enforce their specific security policies. Traditional security
BANKING SOLUTIONS 2011
Banking solutions ok.indd 66
23/09/11 16:56
67
Stakes of Security
models, based on infrastructure and operating system configuration, simply cannot be applied to a vast range of heterogeneous mobile devices. Security of the devices The main problem resides in the fact that these personal mobile devices operate in potentially hostile external environments, out of the company’s control, and therefore are subject to different attacks. If endusers apply a relatively lightweight security policy, mostly out of ease of use considerations, the information stored on their devices, or even that of the company itself, is more likely to become compromised by an ill-intentioned person. Other than inadequate security systems, one should also consider the risk brought on by users themselves, who sometimes unlock their Smartphones in order to install applications from alternative application stores, or to enjoy new functions on their devices. While this dangerous practice might seem appealing in some respects, it does constitute a grave risk since it purely and simply removes all the security mechanisms in place and leaves the device completely unprotected. Furthermore, some applications from alternative application stores might present inherent risks that can compromise the data stored on the device by transmitting them to third parties. Furthermore, even official application stores can be a source of potential attacks, as was illustrated in a December 2010 article of the Wall Street Journal. The newspaper analyzed about a hundred commonly used mobile applications to obtain more details about their behavior. The results were quite worrisome since sensitive data, such as contacts, passwords, telephone numbers and other information, were transmitted by some of these applications to third party servers, outside any control. Operating systems also present others vectors for attack. Indeed, some interesting assaults have already been staged that illustrate this point. The Fraunhofer Institute for Secure Information Technology carried out such an attack on 9 February 2011 to obtain digital identities such as passwords or private keys encrypted on a locked iPhone. It only took a few minutes to obtain the information. Even though regular specific updates are available to plug these weaknesses, it is impossible to ensure that users are correctly installing or applying them. Some of the issues addressed here serve to illustrate the
problems of using private devices to access sensitive data. For companies, it is crucial to understand the questions related to the security of devices. What should be done if they are lost? Can hackers compromise the information? Can applications access sensitive data? It is therefore crucial to think of alternative solutions to regain control of information without compromising the ease of use of the device or altering the configuration of the Smartphone. Potential solution One solution should be the obligatory integration of all the security aspects within sensitive applications instead of relying only on the infrastructure and device security. This solution would add another layer of protection at the application level to preserve the confidentiality and integrity of the information. Its main advantage is that it enables the company to benefit from better control of the mobile device by integrating protection and prevention mechanisms adapted to the requirements. For example, instead of using a simple 4-digit pin number, it would be possible to authenticate the user through a stronger security setting, with a password as well as another complementary factor, to ensure the user’s identity when accessing a sensitive application. The data can also be encrypted with keys managed independently from the application and controlled only by the enterprise. It would therefore become harder for a hacker or a malicious application to access the information. Thanks to this solution, companies can put in place a specific application layer security policy for each application, and do not have to rely entirely on the one proposed by the operating system. For the end-users, this solution is also less intrusive, and therefore has a greater chance of being accepted since it enables them to maintain their habits and a low security for non-critical applications, but have an increased security for the critical ones. Other than a trusted security mechanism directly included within the exploitation system, implementing security at the application layer is, at present, the only viable alternative to enable access to sensitive information. During the development or the integration of such a solution, it is therefore vital for companies to ensure that efficient protection and control mechanisms are implemented in the application itself and that a secured development process is used. BANKING SOLUTIONS 2011
Banking solutions ok.indd 67
23/09/11 16:56
68
Stakes of Security The Trojan Horse Attack
The technique mythically used by the Greek army to invade the ancient city of Troy has a strong parallel in modern hacking, which often doesn’t seek to break down perimeter walls using a battering ram. Source: Sinon brought to Priam, folio 101r of the Roman Vergil (Wikimedia Commons)
Marco Ricca CEO, Satorys
A New Computer Security Gold Standard
@ marco.ricca@satorys.com The financial and IT security industries have one thing in common: they are both undergoing a major paradigm shift. Have mainstream beliefs been wrong after all? Have supposedly unshakable edifices been standing on clay feet? Both communities are looking for their 21st century gold standard.
L
ately, it seems as if the world has been experiencing a marked uptrend in criminal computer activity. In dozens of instances, prominent organizations were breached, and sensitive data was leaked. Lockheed Martin, Sony, Google, RSA, Citigroup, the IMF – just to name a few protagonists of recent high-profile hacking stories – have experienced the news as profound humiliations. The turning point seems to have been the WikiLeaks episode of US diplomatic cables being released for everyone to look at. Ever since, security vendors have been scrambling to explain why the supposed fortresses they have helped their customers build suddenly seem as vulnerable against hackers as the ancient city of Troy ended-up being against the Greek army. The analogy is actually not as far-fetched as it may seem. To understand what most of these recent high-profile computer breaches have in common, it is important to understand what the buzz expression Advanced Persistent Threat means exactly. But first, and to stick with the fortress analogy, consider the following: for an invading army that aims to kidnap the princess, two sets of techniques exist. First, it can try to enter by knocking down the walls with a battering ram. This is usually the first approach one thinks of. It may work, but presents a number of downsides; not only does it lack discretion, but it also happens to be the one against which defences are the strongest. Therefore, it requires
large resources and lacks effectiveness. In computer hacking, the same kind of approach exists; a “frontal attack” consists in targeting outward-facing servers, i.e. the ones that provide services on the Internet – Web or email servers are typical targets. This approach, even if successful, rarely gives access to the sensitive data a hacker might typically be looking for. The second set of methods, more discrete, is only limited by the attackers’ imagination. In the fortress example, they consist in offering a wooden horse to the king, digging a tunnel under the ramparts (or catapulting oneself above them) – or even seducing the princess and convincing her to voluntarily surrender. In computer hacking, these methods are called “client-side” hacking approaches. They involve targeting end-user platforms (desktops, laptops, smartphones) rather than servers, leveraging social and human components (convincing users to involuntarily adopt a dangerous behaviour), and, if successful, they readily give access to the prime target. To come back to the definition, an Advanced Persistent Threat most of the time means a targeted, client-side attack. Human behaviour is often part of the vulnerability; perimeter walls are utterly useless and prized data is immediately available after the network has been breached. Pragmatic approach As the general public has recently established for itself, supposedly impregnable fortresses are apparently blatantly unprotected, because their builders have assumed invaders will attack them frontally using battering rams. They have built high walls, made of indestructible brick, which attackers don’t even notice. They have focused on piling-up security technology, while the vulnerability is often behavioural. They have segregated the internal area from the outside world, while hackers
BANKING SOLUTIONS 2011
Banking solutions ok.indd 68
23/09/11 16:56
69
Stakes of Security
can roam freely once they’re in. The irrelevance of these classic protection schemes is well illustrated by the very way end-user platforms are still protected against client-side attacks. Namely, so-called “anti-virus” software. In a nutshell, such software relies on a pre-established list of known signatures. These signatures are individual DNAs of the threats they are supposed to counter. Each one of them is uncovered, understood and registered by anti-virus vendors; new signature entries are then regularly downloaded by antivirus software worldwide. In the nineties, when most hacking attacks were carried-out frontally, and when the quantity of new client-side signatures was a mere hundred per year, high perimeter walls and anti-virus software on laptops and desktops worked well enough. In 2011, few attacks are frontal anymore, and the quantity of signatures amounts to more than 70,000 per day. The protection paradigm has, however, hardly evolved since the nineties. This explains the overall vulnerability, and the recent streak of incidents that has rendered it obvious. So what does the new IT security paradigm look like? What solutions must security officers consider to protect their organizations’ information assets, given this newfound reality? For starters, the philosophical approach needs to finish changing; it is not technology that provides safety – it rather supports an underlying set of policies that are necessarily devised high-up in the organization. Furthermore, the approach needs to be holistic, as technology alone cannot prevent all risks; user awareness training, security constraint minimization, impact mitigation through data segregation, prevention rather than reaction, are all necessary principles, part of a required pragmatic approach. Additionally, organizations have to stop focusing on building higher walls and stronger drawbridges; in parallel, they need to renounce the dream that a significant number of threats will be registered before they hit them. For client-side protection, they indeed need to embrace the preferred alternative – behavioural-based, systemic detection. A very good illustration The decision to rely on identifying the threats’ behaviours, rather than their signatures, rests upon a stark reality: the quantity of possible signatures is infinite. For example, it is possible nowadays to download the source code of ZeuS, probably among the most sophisticated computer Trojan horses ever devised, and thus to easily generate a cyber-weapon bearing a totally unique signature – therefore, it is naïve to hope that a targeted client-side attack may be countered through advance
DNA enumeration. To devise a payload that bares a new behaviour is, however, much more difficult; there is not an infinite number of ways to propagate, to leak data, or to communicate with an Internet-based “Command Centre”. Therefore, beha-
Undetected Samples
Source: av-test.org
viour-based detection has a much better chance of countering Advanced Persistent Threat attacks. Although technologies that work in such a way are highly innovative, the principle in itself is not. Actually, the financial industry provides a very good illustration of how it has been effectively leveraged for a long time, albeit for a different purpose. That example applies to how stolen or copied credit cards are detected and blocked: rather than relying on a hopeful list of stolen card numbers, purchasing behaviour is correlated, and malicious activity thus detected. If, for example, you pay for lunch in Zürich, and dinner in Melbourne on the same day, your card will be blocked, because it is unlikely you have teleported. Similarly, by comparing different events across a large network segment, infection, propagation, data leakage or malicious communication can be uncovered. In conclusion, thanks to recent news, sensitive organizations worldwide, and Swiss financial institutions for that matter, have borne witness to the anachronistic nature of the traditional computer security approach. Fortunately, a better alternative exists, and innovators that have foreseen this paradigm shift are already providing them with the preferred alternative.
The quantity of undetected malicious client-side samples using traditional anti-virus software is already unmanageable and growing exponentially, thus illustrating the profoundly anachronistic nature of such approaches.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 69
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page19
71
Evolution of Trading online & financial Informations
Trading technology: the next challenges?
© Choucas - Fotolia
Joseph Kuettel
Outsourcing is the buzzword at the moment. Can you outsource everything? As High Frequency Trading (H.F.T.) hits a natural limit, market players are going after pre-trade latency gains. Algorithms are there to stay.
Director Sales & Marketing, Teleinvest
@ joseph.kuettel@teleinvest.com
Regulators reposition broker’s DMA service and force the buy-side to rethink order execution, among some other MiFID II consequences. Outsourcing is in everybody’s mouth at the moment, but can you outsource everything? Technology in the form of trading platforms is a crucial element when assessing the performance of financial institutions, be they predominantly proprietary trading units, sellside, or buy-side firms. Platforms can be outsourced and this can make sense too, e.g. when a group of banks invests in a common infrastructure for sharing an important cost item. In many cases, however, trading technology is simply too closely linked to certain business strategies that are highly proprietary and considered a core asset. Rather
than calling it a trend or a new challenge, I think outsourcing has always been there and is a classic reflex during phases of restricted budgets or increased pressure on margins and unprofitable activities. H.F.T. and low latency go together The latency race has been pushed to the limit in recent years, the limit being the speed of light (not everybody knows that a good part of today’s buy and sell orders are being sent at close to 300’000 km per second!). It is useless, albeit not completely void of any sense, to debate the merits of lightening BANKING SOLUTIONS 2011
Banking solutions ok.indd 71
23/09/11 16:56
72
Evolution of Trading online & financial Informations
fast-order execution, because the technology is there and already being profitably exploited by the tech savvy and cash rich players. So what’s next? First, the catch-up game by market participants who feel disadvantaged compared to the H.F.T. cracks is still in full swing. The cost of ultra low latency is steadily declining, although from very high levels. But in the not too distant future it will be almost “standard fare”, and more or less level the playing field. Second, judging by the prevailing logic, the traders will want to seek other ways and means to be ahead of the game. So, naturally you have to think outside the box and look at the whole chain of trading, from decision making to order execution. The next target seems to be the area of pre-trade risk checks. To beat the crowd, if you can no longer do it with the speed of order execution, people will shave fractions of a second off risk management procedures by investing heavily again. And so the game of “catch me if you can” goes on and on. Shall we celebrate or fear the prospect of later generations letting the computer make investment decisions on the micro level? Will software replace brain ware?
Adoption rates of Algorithms (by Region)
To make this happen, H.F.T. needs to crunch numbers, absorb enormous mountains of historical and hypothetical data, and run exhaustive scenarios on simulators in order to validate new and old theories as well as smart strategies. Call it a vast ‘site under construction’ – but this is the trend and it is certainly a definite challenge! For once, regulators are not asleep Let’s turn back to the present and mention a specific item in trading technology, namely the regulatory vagaries concerning Direct Market Access (DMA). The financial watchdogs of this world are active these days, courtesy of the financial crisis unfolding since 2008. They want to improve, among other things, the competitiveness of markets. Competitiveness aims at lowering the cost of trading, one would hope. Brokers have contributed in some ways, e.g. by offering algorithms and DMA, to rationalize the process. Now the regulators are reminding brokers that in case of trouble or errors, they are the legal counterparty of the exchange and therefore are obliged to exercise a minimum of checking before releasing an order directly to the market. We are facing here at least one example where rules intended to increase competitiveness in the end lead to higher cost, not lower cost. After all, brokers cannot indefinitely absorb cost factors like the considerable technology investments involved in lower latency and sophisticated software for automation, so they inevitably pass it on. What will be the likely consequences? As with MiFID I, the buy-side, in particular, will once more have to judge whether to continue using brokers or pursue membership themselves in markets, where they are regularly active. It also follows that algorithmic trading and SOR (Smart Order Routing) will increasingly become a must, whether bought in a package of services from the broker or managed internally, including the possibility to choose between different brokers and not only between different markets (not a bad idea I would think). At the end SOR should be programmed and integrated at every trading desk, because it has become more than a simple routing instruction. MiFID II keeps you busy
Source: TABB group
New regulation also wants to limit dark pools for reasons of transparency and level playing fields. But the buy-side likes to
BANKING SOLUTIONS 2011
Banking solutions ok.indd 72
23/09/11 16:56
73
Evolution of Trading online & financial Informations
use dark pools in order to avoid interaction with H.F.T. Brussels would like to shorten delays (close to real time) for reporting large positions but this could play into the hands of H.F.T. who are quick to exploit more transparency. If the buy-side must report large open positions it fears higher market impact and therefore uses dark pools. It seems difficult to arbiter such opposing concepts.
Rapid evolution of Algorithms
Another MiFID II target is less controversial. OTC markets for derivatives and other less liquid instruments will be more concentrated on officially regulated markets or MTF-like venues. This should lead to higher transparency and concentrate more liquidity for these widespread types of instruments. The buy-side certainly welcomes this trend but faces the prospect of being forced to put in place expensive multiple electronic access to all relevant systems. Why use algorithms and Smart Order Routing? In today’s fragmented public markets, lit and dark liquidity pools and internal matching engines by the sell-side, the decision of where to execute your orders becomes crucial. After all, there is a ‘Best Execution’ requirement increasingly claimed by the investors. Unlike in the old days with centralized public order books on national exchanges, now there are several parameters to take into account for routing an order to the right place at the right time and in the right fashion. What to do if several market venues advertise the same price for a specific security? How to know which exchange offers the possibility of lower impact for a certain quantity and where are you likely to get the faster execution or even certainty of a complete fill? Taking all the relevant parameters into account, price alone is no longer the only criteria. Algorithms can do the job on condition that all the ‘ifs’ and ‘whens’ are carefully integrated into mathematical formulas, which ultimately trigger the various order types. Only the computer is able to do this fast enough in today’s low latency environment. There is no limit to designing algorithms according to specific scenarios and trading strategies. Standard algos are more and more replaced or complemented by myriad specific instruction sets reflecting predictive signals intended to outsmart the other players. Traders use algos as their weapon, like soldiers in a high tech war.
Modern state of the art trading platforms integrate different ways to take advantage of algorithms. There is the possibility of using preset, standard algos like VWAP, TWAP, etc. Next, firms can send orders to brokers together with an instruction as to which type of the broker’s algo must be applied. Finally, such platforms are able to offer an option to conceive individual algos, with the help of very powerful calculation modules, allowing the design of complex formulas. Newer generation algorithms are, as an example, combining portfolio constraints with price correlations to achieve the most efficient scheduling of the orders. Computers are now also being used to generate trades from news stories about company earnings results or economic statistics fed directly into other computers which trade on the news. The race goes on, no time to relax in the trading room! BANKING SOLUTIONS 2011
Banking solutions ok.indd 73
23/09/11 16:56
74
Evolution of Trading online & financial Informations
Michael Heijmeijer CEO, Cfinancials.com
From “Financial Information” to “Financial Intelligence”
@ michael.heijmeijer@cfinancials.com
The industry produces so much information that for an average investor it becomes overwhelming. It is then difficult to understand the meaning behind the information unless one could compare or test it easily. The internet is in the process of improving the quality of information beyond our expectations. What is the future information on the Internet? The notion of “financial information” is being seriously challenged by new technologies and services. So much of the available data lacks structure, organization or transparency, rendering it both subjective and misleading. Since information is free and made readily available by product issuers to optimise their marketing communications and strategy, the investor is left with an information black hole. The trend today is that product information must provide a perspective or an objective point of view when products are grouped together. There is always an improvement in quality when information can be tested, controlled or compared. For product information to become meaningful it must be challenged – and leaders in the information technology are making this possible.
The problem with information today: Investors face a highly fragmented market place, which makes the quality of information difficult to measure and evaluate. Investors can also be presented with subjective information since revenue models in the industry are usually transaction- or analysisbased and rarely rely on transparency. Yet several IT leaders are helping us move towards the consolidation and harmonisation of financial product information. Towards full transparency: The financial industry is heading towards full transparency on all financial products, thanks to technology and entrepreneurial leadership from other sectors. The world is about to see financial product information in a structured, organised and transparent manner in the era of cloud computing and cfinancials.com. The trend is towards total access for all products, with instant display and comparisons from any digital network. Leaders in their respective industries have helped upgrade the financial services industry to meet the latest information technology. Google Inc., Amazon Inc. and Cfinancials Inc. are turning cloud computing for financial products into reality today. The solution: Cloud computing, financial information and entrepreneurial leadership – it is already here.
BANKING SOLUTIONS 2011
Banking solutions ok.indd 74
23/09/11 16:56
75
Evolution of Trading online & financial Informations
“Only” as an interface What is cloud computing? Cloud computing can provide free, instant access to all financial products using a huge processing and database capacity, i.e., for comparison or data mining purposes. This free tool is accessible to all and will finally present financial products in a common language. Cloud computing means using multiple server computers over a digital network, effectively as though they were a single computer. In layman’s terms it means allowing information to be accessed from any digital network (i.e. smartphones, tablets, laptops or desktops), harnessing exceptional processing power and phenomenal database capacity. The digital network is then used “only» as an interface. Instant access to the entire universe of financial products becomes possible, with fast, free comparisons. And financial transparency for the average individual then becomes easy. Why is cloud computing needed for financial transparency? Companies around the world issue over a million financial instruments every year in addition to the already existing 9.5 million and all these products are traded every day, creating a massive amount of information. Prices with all their derivatives (ratios, volatility, Greeks and more) must be tracked, compared, graphed, correlated, and processed in an instant from a universal database. The resulting information will be structured, organized and transparent, adding to the quality of information. The technical advantages of cloud computing: To be able to obtain full financial transparency in an instant for an average Internet user is effectively unachievable; it would require phenomenal computing power and capacity on the local network. The requirements would considerably limit accessibility to financial information for most if not all Internet users. However, in cloud computing the processing and database is shared and made available for free by the service provider. The advantages for users: An average Internet user can now access, process, compare, graph, correlate and perform
data mining and much more for all financial products, from any digital network, in an instant. “Financial product intelligence” Entrepreneurial leadership: Google, a global leader in information technology, has set the trend that all information on the net should be free, accessible and fast. Amazon Web Services provides processing power and database capacity on a cloud with almost unlimited capacity. Cfinancials.com, with the largest financial product database, allows products to be structured, transparent and organized, making this powerful service accessible to any Internet user. Financial information continues to flood the Internet. Product issuers are aware of the importance of being visible on the Net, which greatly assists their marketing and communication strategies. As a result, Cfinancials.com has experienced an explosion in demand for direct feeds by both issuers and exchanges. Cfinancials reports a general increase in products and issuers, especially from emerging markets such as Brazil, Russia, India and China. The market place is becoming increasingly crowded with issuers, with their high tech trading systems letting the average individual be an active investor in products from around the world. This major increase in the volume of financial products combined with easy access to all these products has rendered the traditional structure of financial information obsolete. With cloud computing and the leadership of IT companies, the concept “financial information” will soon be obsolete, to be replaced by “financial product intelligence”. This new form of financial intelligence gives any Internet user the opportunity to assess the quality of a product in an instant from any digital network when comparing it against the market, peers, or issuers. A powerful future for investors. BANKING SOLUTIONS 2011
Banking solutions ok.indd 75
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:50 Page20
77
Finance Forum
The 21st Finance Forum: Banking meets IT Tradition meets Innovation The new, one-day format of the 21st Finance Forum provides a highly focused offering of information for Swiss bankers and ICT service providers, allowing them to share ideas and be informed about the newest developments at the highest level of the industry. Are Swiss bankers and IT solution providers equipped to handle the regulations in the new tax agreement with Germany? How will an improved market presence of German financial service providers change the Swiss financial arena? What impact have turbulent financial markets had on Switzerland? These are only a few of the topics for discussion among experts and participants on 9 November 2011 at the Kongresshaus in Zurich.
"Banking meets IT – Tradition meets Innovation": the motto sets the tone for this year's Finance Forum in Zurich. The "Who's Who" in the Swiss financial marketplace, ICT sector, academic community and political arena will have the chance to hear top speakers' ideas and insights on current issues facing the financial industry, including topics such as risk management in the Euro-Zone and the upcoming bilateral tax agreement between Germany and Switzerland. Our speakers include:
■ Prof. Dr. Wolfgang Gerke, Market and Financial Expert ■ Christoph Schelling, Member of the Leadership Team for the Swiss State Secretariat of International Financial Matters (SIF) (part of the Federal Department of Finance) ■ Beat Bernet, Professor of Banking at the University of St. Gallen/HSG, Partner of the Banking Consulting Center St. Gallen/Zug. Continued on the next page
Themeworlds and Conference Tracks
Targetgroups
Business Process Outsourcing
Management in Expertise Areas
ICT & Sourcing
IT- and Security Specialists
Wealth Management
Wealth- and PortfolioManagement Specialists
Risk & Regulation
Riskmanagers and Compliance Officers
Sales & CRM
Salers and Channel Management, Front Managers
Financial Sector Infrastructure
Experts in Monetary Trans-actions, Stocks, Clearing & Settlement, Cards
Erik Neumann, Managing Partner Finance Forum Finance Forum Zurich enters its third decade in 2011 and continues the tradition of offering decision-makers from the financial and ICT industries a platform for meaningful interaction. More than twenty years ago, the Finance Forum began to make its mark on the Swiss ICT financial industry through a close observation of its activities, innovations and trends. The global financial crisis, whose effects are still being overcome today, as well as the European debt crisis have undermined the trust of market participants. We face tough challenges in the future. In addition to this, a proposed agreement with the European Union will include new requirements and regulations for the ICT financial sector. In preparation, the Finance Forum community wants to open the discussion today, helping our members discover ways to meet these challenges head on and to provide technical solutions. This year's Forum will implement a new, more efficient concept, combining relevant topics and competent speakers with traditionally successful networking opportunities where knowledge-transfer is promoted. All this takes place according to the theme: "Banking Meets IT: Tradition Meets Innovation". Don't miss this outstanding community event and join us in Zurich! Erik Neumann
BANKING SOLUTIONS 2011
Banking solutions ok.indd 77
23/09/11 16:56
78
Finance Forum 21st Finance Forum, November 9,2011 Register now! ADMISSION FOR BANKING EMPLOYEES: Ticket A – Admission Apéro (after 5pm) – free of charge! Free admission > to the exhibiton after 5pm > to the keynote presentation at 5:30pm > to the Finance Forum Reception (sponsored by Finance Forum partners) Ticket E – Admission Exhibiton – CHF 75.-* Additional services to Ticket A: > Participation in official welcome ceremony and keynote address at 10:30am. Free admission > to exhibition after11am > to Speakers' Corners Presentations with lunch and free drinks all day > to the exhibiton (for bankers who have arranged at least one 'one2one' meeting with a service provider) Ticket K – Admission Experts Conference – CHF 290.–* Additional services (beyond Tickets A and E) Free admission > to the Experts' Conference > to Guided Tours > to exhibiton (for bankers who have arranged at least one 'one2one' meeting with a service provider) ADMISSION FOR NON-BANKING EMPLOYEES: Ticket T – daypass for all events – CHF 750.–* not including the Networking Dinner Ticket TN – daypass for all events – CHF 1'100.–* including the Networking Dinner – limited seating available. * all prices plus VAT Location: Kongresshaus Zürich Opening Hours: Wednesday, November 9, 2011 from 10:30am until 6pm Conference Program and Registration: www.finance-forum.com
Relevant, Focused and Innovative
21ST FINANCE FORUM – 9 NOVEMBER 2011, ZURICH BANKING MEETS IT TRADITION MEETS INNOVATION
www.finance-forum.com
Over the past 20 years, the Finance Forum has become a leader in the field, hosting the largest information and networking platform for the ICT and financial sector. Now is the time to set the right course for the future of the Finance Forum. "Our past success is as much a responsibility as a motivation for me to offer bankers and ICT service providers the best possible information and communication opportunities, allowing them to share ideas across industry borders," says Erik Neumann, new Managing Partner of the Finance Forum, describing his personal strategy, "there are certainly more than enough exciting topics to talk about on the Swiss market scene. Risk Management in the Euro-Zone is also an important issue in the Swiss context. The proposed flat-rate withholding tax agreement between Germany and Switzerland, set to take effect in 2013, raises many questions. How can banks and IT service providers prepare themselves to meet the new requirements? What do we need to do today to get ready? It is crucial for us to begin a cross-border dialogue on this matter!"
Bring your Knowledge Level Up to Par: Attend the Experts' Conference Focusing on Today's Hottest Topics In today's knowledge-based society, expert knowledge and general know-how have an ever-diminishing shelf-life. The volatile financial market and its global consequences have shown in recent years how important it is to have firsthand access to the highest quality information and know-how. Being in contact with trusted experts and hearing about the newest developments directly from them presents a significant advantage. The 2011 Finance Forum will once again bring together top experts and bankers to discuss important issues in the Zurich financial
marketplace. Knowledge updates, sharing of ideas and expanding your own network with the experts are the most valuable assets that bring our visitors and forum exhibitors together at this event.
Highlight: Keynote Address by Prof. Wolfgang Gerke, Stock Market and Financial Expert A highly current topic will be explored in the opening address of the 2011 Finance Forum. The renowned stock market and financial expert Prof. Dr. Wolfgang Gerke. The title, "Crisis in the Financial Markets – Who Will Protect Us from the Bail Out?", alludes to the on-going debt crises in Greece, Ireland and Portugal and the various bail out attempts around the globe. Additionally, the valuation of the Euro will be discussed. The unique position of Switzerland as a "safe port in the storm" and the consequences of new regulations promise a lively introduction to an exciting conference day. There will certainly be many things to discuss during the networking breaks!
Specialist Information in the Conference Tracks Are you interested in the most current information in a particular area? This is the place to look! Conference Track Asset Management ■ Bank Julius Bär: Adjustments in Production and Sales at an International Private Bank, Yves-Robert Charrue, CEO Bank Julius Bär Switzerland
BANKING SOLUTIONS 2011
Banking solutions ok.indd 78
23/09/11 16:56
79
Finance Forum ■ Bank Wegelin: Adjustments in Cross-border Business Activities at a Switzerland-based Private Bank, David Zollinger, Co-Leader for International Private Banks, Limited Partner, Wegelin & Co. Privatbankiers ■ Annual Sales Report 2010 and a Position Paper on Legal Risk: Current Conditions, On-going Consultation and Forecast, Dr. Oliver Wünsch, Leader for Strategic Basic Principles and International FINMA Business Process Outsourcing
■ Client-focused and Service-oriented Design for Banking Networks, Thomas Puschmann; Oliver Kutsch ■ Using Comprehensive Media in Client Interactions, Andreas Staub, ZKB ■ New Technologies and the Future Direction of Core Banking Solutions and a Clientfocused Approach in Back Office Administration, Christoph Erb, Finnova; Benjamin Stähli, B-Source Financial Marketplace Infrastructure ■ The Flat-Rate Withholding Tax Agreement with GER/UK. What changes can deposit banks expect in the handling of securities and what role will the SIX Group play?, Thomas Gross, CEO SIX Telekurs ■ The Flat-Rate Withholding Tax: An Analysis of the Approach, the Negotiations and the Implementation from the Governmental Perspective, Christoph Schelling, Ambassador and Member of the leadership Team of the SIF ■ Next Steps Toward a Flat-Rate Withholding Tax: Opportunities and Risks for Banks and the Swiss Financial Marketplace, Prof. Beat Bernet, Professor of Banking at the University of St. Gallen / HSG ICT & Sourcing ■ In the Next Two Years, 50 Outsourcing Contracts from Swiss Banks will Come to an End, Stefan Regniet, Active Sourcing ■ Changing Outsourcing Partners for Infrastructure Services with Finnova Banking Software, Bruno Thürig, Director of the Cantonal Bank of Obwalden ■ The Global Network Outsourcing Contract of UBS with CSC, Douglas Rennie, Managing Director of Infrastructure Shared Services, UBS AG
Risk & Regulation
■ Risk Governance, Patricia Jackson, Ernst & Young ■ Risk Infrastructure, Dr. Urs Bischof, FINMA ■ Global Hot Topic Consumer Protection Thomas Grotzer, Credit Suisse AG; Iqbal Khan, Ernst & Young Sales & CRM ■ From Social Media to Social CRM – Customer Engagement versus Customer Management, Carolyn Heller Baird, CMO Study Director, IBM Schweiz AG ■ How Game Changers and Challengers are Recreating the Industry – Five Theories About Banking in the Future, Prof. Dr. Bernhard Koye, Axel Liebetrau (continued on the next page) Guided Tours of the different Theme Worlds are available this year as a new addition to our offerings for the Exhibition and Networking Zones. Bankers, experts and ICT service providers can experience talks given by experts and engage in thought-provoking discussions afterward. Interesting Panel Discussions conclude the Conference Tracks before the community gathers at the traditional Finance Forum Reception. Information and Registration at: www.finance-forum.com
About the Finance Forum Finance Forum is organized by the Community Building Company AG and has taken place annually since 1990 in Zürich and in Geneva since 2008. The event targets members of the financial and IT sectors, offering them a conference on current topics, a high-quality professional exhibition as well as numerous networking opportunities. The Community Building Company AG, located in Dübendorf, Switzerland, is owned by private individuals from the banking and IT industries. Managing Partner Erik Neumann is responsible for the organization of the event. The organizer is supported by an Advisory Council made up of CEOs and leaders of Swiss banks and insurance companies. Partners of the Finance Forum are Canon, Ernst & Young, Finnova, HP, IBM, Six Group, SunGard and Swisscom.
Register now!
11th Finance Forum Charity Fun Run 6 November 2011 10:30–12:30 Bürkliplatz Zürich
Running for a good cause
Running to Benefit the "hiki" – Association for Children with Head Injuries Within only a few years, the Finance Forum Charity Fun Run has become a tradition for runners from the finance and IT sectors as well as celebrity guests. The goal of this event is not to prove athletic prowess, but to collect money for a good cause. This year donations collected by the runners according to the number of laps they run will benefit the "hiki – Association for Children with Head Injuries". The Course Each lap is 800 m long, and the course runs through downtown Zurich, beginning at Bürkliplatz. Information and Registration at: www.finance-forum.com/sponsorenlauf The registration deadline is 1 November 2011.
Sponsors
Partners
BANKING SOLUTIONS 2011
Banking solutions ok.indd 79
23/09/11 16:56
80
Finance Forum
Service and Solution Design: A True Game Changer in the Banking Industry Industrialization of the banking industry is a must in order to keep pace in a changing banking world. Increased informatization and open innovation are also essential for future success.
Although other industries have already undergone fundamental restructuring, the banking industry is currently in the midst of radical transformation. Profit margins are lower, regulation costs and income ratios are rising; underlying forces behind the transformation include Prof. Dr. Bernhard Koye , information technology, Managing Director, Swiss deregulation and new Institute for Financial Eduregulatory standards cation (SIF), Fachhochschule as well as a better-inKalaidos, Zurich formed client base. These changes have led to heightened competition among service providers, faster-paced product and process innovation and globalization of the market. Services and Solution Design are crucial for future success.
Industrialization Value chains will continue to disintegrate over time. Multiple cooperation models can already be observed in all areas of the market. The expected consolidation process will not consist primarily of mergers of entire bank institutes, but come instead through the outsourcing or the sale of single links in the value chain, ultimately making scaled economies essential. The key will be defining who controls the distribution of the margin among network partners in the future. While larger providers prefer to be the main provider in a network, smaller providers must
search for their unique market niche using their own outsourcing partners in order to maintain independence while keeping a long-term perspective on their established goals.
Informatization and open Innovation With increased availability of information, clients are becoming more and more savvy, expecting tailor-made solutions for their needs. At the same time, advances in technology are opening up new horizons for potential differentiation. Today's private banking clients have a clear understanding of the relationship between income, risk and costs, and they are only willing to pay for integrated solutions. Against the backdrop of saturated markets, the pressure to innovate service solutions and business models is key. Business models should focus on designing the optimal service solution for the client and at the same time offer high efficiency in all other areas. Open innovation, the capability to strategically internalize external know-how when appropriate, has become an essential member of the strategic toolkit. Whether a customer, supplier, partner or even competitor, all roles need to become idea providers in the innovation process. The advantages for organizations include being able to maximize employee creativity and gaining access to ideas from the public forum. Open innovation can make banks more successful in their informatization process; however, it is not a "fountain of youth" or a universal remedy for organizations lacking in creativity or innovation skills; such organizations will not improve with open innovation. An extension of an insufficient innovation culture or strategy
by means of open innovation will rarely be successful. The willingness to participate depends greatly on the attractiveness of the task and the organization. Attractiveness is being redefined in the creative economy; it exists wherever creative minds find an inspiring environment and Axel Liebetrau, expert in other creative minds; Innovation and Future Mancreative people attract agement, lecturer at the SIF. other creative individuals. Specific tasks and the organizational setting also play an integral role; boring tasks and uninspiring organizations only produce boring ideas. Organizations need to think about their own network and innovation strategies, processes, cultures and capacity. Only when knowledge and information are professionally managed and implemented can creative tasks can be successfully delegated to external agents.
"Gnothi seauton" – "Know thyself" Visitors to the ancient Greek oracle of Delphi, history’s first think tank, were greeted with the inscription "Know Thyself" in the entrance hall. This still holds true today; the future depends to a great extent on our knowledge of our abilities. Therefore, in order to utilize the potential of informatization, clarity with regard to personal or organizational strengths and abilities is key. Only then can open innovation pave the way to successful service and solution design.
Live at Finance Forum Zurich Learn more about Service & Solution Design in the Banking Industry and meet Prof. Dr. oec. publ. Bernhard Koye and Axel Liebetrau live at Finance Forum on 9 November 2011. They will present their theories about the future of banking in the conference track "Sales & CRM" at 2:45pm. Program and Registration at: www.finance-forum.com
BANKING SOLUTIONS 2011
Banking solutions ok.indd 80
23/09/11 16:56
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:49 Page2
Montage Pubs BFHS11:BF 111 Pubs 23.09.11 08:49 Page3