IBSi Blogs

By David LaFalce, Managing Director, Global Head of Business Continuity & Resilience at the Depository Trust & Clearing Corporation (DTCC)

Planning for operational resilience will unquestionably be a strategic priority for firms over the course of 2021 and beyond. In an increasingly interconnected and digitalised world, organisations can be vulnerable to disruptive events related to technology-based failures, system outages and cyber-attacks. This has been further highlighted by the Covid-19 pandemic, with organisations needing to adjust their operational resilience plans to take into account not only the health impact to employees, but also the effects such as the shift to remote working. At the same time, because of climate change, firms also need to consider the increased likelihood of natural disasters threatening significant operational disruption.

Such a diverse risk landscape requires firms to continuously evaluate how they operate, communicate and safeguard against threats – some known, and some not yet known. While predicting a disruption can be challenging, there are measures organisations can adopt to further evolve and enhance their operational planning and response. This is even more pressing in light of the growing attention from global regulators and government agencies who have been gradually increasing their focus and oversight of firms’ operational resilience plans.

In the US, recently, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) released an interagency paper outlining sound practices drawn from existing regulations, guidance, statements, and common industry standards, designed to help large banks increase operational resilience.

In the UK, the Bank of England, the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have proposed a regulatory framework to promote operational resilience of firms and financial market infrastructures (FMIs). This has culminated in the three UK supervisory authorities publishing a shared policy summary and coordinated consultation papers aimed at prompting a dialogue with the financial services industry on new requirements to strengthen operational resilience across the sector.

In Europe, policymakers are also addressing this topic, with the European Commission adopting the Digital Finance Package (DFP) in September 2020. This includes the Digital Operational Resilience Act (DORA), which requires participants in the financial system to have the necessary safeguards in place to mitigate cyber-attacks and other risks around the use of information and communications technology (ICT).

Until recently, operational resilience was typically developed with a risk-avoidance mindset focused on the end goal: full recovery. However, given the increased regulatory focus in this area, and with organisations facing a greater variety of operational threats than ever before, businesses must widen their planning scope to ensure the continued delivery of critical services, even with some systems becoming unavailable. In response, firms must consider evolving their operational resilience practices while focusing on three key areas:

1. Tailored approach
Firms must assess and develop long-term business continuity plans and operational resilience strategies in accordance with their specific needs and those of the clients they serve.

Developing maturity matrices – a “checklist” intended to evaluate how well-developed a particular process or program is – can be beneficial to establishing resilience program goals, as well as to managing expectations and measuring a firm’s performance against those predefined goals. It is no longer sufficient to have an optimum system of risk identification, evaluation, and assessment; companies must now be able to predict potential disruptions and be agile, adaptable, and resilient to continue to thrive. This premise has driven firms’ shift from a pure risk focus to a risk and resilience approach.

2. Know your assets
Firms and FMIs can identify relevant risks by mapping important business services to their operational dependencies, including locations, systems, suppliers, and people. For example, organisations need to ensure they know where the critical workforce, such as subject matter experts, key decision-makers and employees with critical skills are located and ensure that the risks associated with geographical locations are understood. A crucial part of an efficient operational resilience strategy is conducting a thorough “bench-strength” analysis, assessing critical processes and the depth of people who are able to provide support. This should include an estimate of the timeframe required for peers to take over the responsibilities of those who are not able to perform them.

3. Supply chain disruption
The use of third, fourth and even fifth-party suppliers to deliver a firm’s services, specifically those related to critical operations, has risen in recent years. As such, organisations are increasingly required to establish detailed processes to measure, monitor and control the potential risk exposures associated with outsourcing these services. This includes consideration for testing and availability of backup providers and failover procedures.

One of the crucial issues that requires thorough evaluation is how far back in the supply chain organisations are able to go to assess risk threats, particularly for third-party suppliers providing critical services. While opting for supply chain restrictions may be challenging in today’s interconnected operational environment, it is important for firms to realise that it might be more difficult to achieve operational resilience if they rely heavily on vendors with whom they don’t have direct contact.

As a result of the challenges revealed by the Covid-19 pandemic and increased regulatory focus, operational resilience will continue to be a high priority for financial services organisations in the coming months and years. Building a robust operational resilience model is critical to ensure the continued delivery of services. By moving away from a “one size fits all” resilience approach to each firm knowing their unique assets and understanding the implications of a potential supply chain disruption, organisations can tackle key issues head-on and better prepare themselves against future threats.

David LaFalce
Managing Director, Global Head of Business Continuity & Resilience
DTCC

The Covid 19 pandemic has made a profound impact on people and industry worldwide. In the case of banks, in addition to managing their own businesses, banks have had to assume a social responsibility to help customers and communities get through the crisis. Be it transmitting massive government relief packages, deferring loan repayments, or encouraging digital consumption, banks have had to rise to the occasion, even while having to manage their own challenges around rising NPAs, shrinking growth rates, and declining valuations.

The pandemic has essentially accelerated the multi-dimensional disruption banks have been facing due to a confluence of several forces. On the economic front, banks have had to operate amidst shrinking GDPs, low to negative interest rate regimes, unemployment, and a slowdown in private investments, among others. On the political front, geopolitics, protectionism, and uncertain global trade dynamics have impacted the trade finance business. On the regulatory front, things haven’t been easier for banks either, with higher capital adequacy norms, new Open Banking regulations (such as PSD2), and a host of other laws covering consumer rights, data privacy, security, anti-money laundering, and terror financing, which imply massive rise in cost and compliance burdens on banks.

Further, new digital technologies such as Cloud, API, AI, and Blockchain are enabling new competitors to enter with innovative, low-cost, disruptive models to threaten incumbent banks that are still on legacy technology. As a result, banks are facing increased competition, especially from non-traditional players such as challenger banks, FinTechs and technology giants like Apple, Google, Alibaba. From a social perspective, the dynamism of customer expectations, their access to information, and ability to vocalise demand is unprecedented; add to this varying demographic and population shifts across markets, which present challenges and opportunities to banks.

Clearly, things are poised to get more challenging, as the Covid-19 led economic contraction aggravates many of these forces. And, banks have to do a delicate balancing act between customers’ credit needs, employees’ safety concerns, government directives, and societal expectations. At the same time, they are required to keep their costs under control while providing for future investments. In fact, McKinsey¹ estimates that the banking industry will lose cumulative revenues worth US$ 1.5 trillion to US$ 4.7 trillion between 2020-24 and may take up to 5 years to recover to pre-pandemic ROE levels.

These conditions are making it exceedingly difficult for bank executives to take decisions with conviction. Leading consulting firms have recommended several frameworks to guide action in these times. But banks will need to consider these frameworks in their unique context before expecting any value from the frameworks. They need to embrace first principles thinking, which helps to break a complex problem into its basic elements to achieve clarity and remain certain, amid all the uncertainty. Every bank should apply this thinking in its own context, a context that is defined by its purpose. Revisiting and aligning closely with the organization’s original purpose, thus, would be a more sound way to guide a bank’s decisions.

Interestingly, a recent KPMG CEO survey conducted in the pandemic period supports this view. As per the survey², 79 percent of CEOs said they felt a stronger emotional connection to their corporate purpose since the crisis began. So, what then, should be a bank’s ideal purpose?

Consider, for a moment, the purpose of three banks from three different regions. ANZ Bank states, “Our purpose is to shape a world where people and communities thrive.” The NatWest Group states, “Our purpose is to champion the potential of people, families, and businesses.” And Bank of America says, “Our purpose is to help make financial lives better through the power of every connection.”

Clearly, most banks have rather similar purposes across the world, at the core of which is a genuine intention to improve the way their customers and communities manage their financial lives. That is, to enable their customers to bank better or to save, pay, borrow, invest, and insure better.

Therefore, as banks revisit or strengthen their purpose to drive balance across stakeholder expectations, there are four evergreen priorities that they would do well to focus on. These are –

• Engage customers and employees constantly, to drive purposeful growth for their customers and themselves
• Maximize operational efficiencies, to reduce costs of servicing and be more sustainable
• Innovate continuously, to create new value and be competitive
• Drive continuous transformation, to stay relevant to evolving dynamics

Banks would be best positioned to achieve the above by – leveraging the power of modern technologies to unlock new possibilities and leveraging talented teams and purpose-driven culture to unlock true potential.

The pandemic has no doubt, deepened an array of challenges that banks have been facing prior to the crisis – depressed economics, uncertain geopolitics, tightening regulation, threat from new digital-attacker models, and changing customer expectations. But a black swan event of this magnitude also provides opportunities to clear obstacles like normal times cannot. Banks that have a clear focus and strategy built around the above priorities will be better able to manage diverse stakeholders’ expectations and will be on the road to recovery and growth, much earlier than others.

In summary, these are difficult times, but by adopting a purpose-driven path to transformation, banks will be able to recover in the short-term, thrive in the long run, and help create value for the communities they serve.

Sources:
1. https://www.mckinsey.com/industries/financial-services/our-insights/global-banking-annual-review
2. https://home.kpmg/content/dam/kpmg/xx/pdf/2020/09/kpmg-2020-ceo-outlook.pdf

By Ian Yates, CTO of treasury management FinTech Neo

Relentless phishing emails, fraudsters impersonating healthcare officials and organisations, exposed networks – the rapid pivot to home working and the resulting cybersecurity threats continue to be a headache for small businesses. Yet, while the pandemic exacerbated a number of these vulnerabilities, most have been present long before the COVID-19 era.

Setting the scene: Cybersecurity before Covid-19

Even in the years before the pandemic, SMEs were often just one click away from a cybersecurity breach, largely as a result of their often-weak technological defences. This is due to a combination of a smaller awareness of the threat as well as limited resources to put into cybersecurity. Consequently, cybercriminals and would-be fraudsters are able to take advantage relentlessly – a recent report suggests that small businesses are the target of over 40% of cyber-attacks with an average loss per attack of more than US$ 188,000.

The often-limited cybersecurity tools many SMEs use to protect their operations mean they are the “weakest link”, and criminals can use this to exploit their connections to larger companies in the supply chain.

In 2019, it was estimated that one out of five SMEs had fallen victim to a ransomware attack. Phishing attacks have also reached their highest level in three years with small organisations receiving malicious emails at a higher rate. While SMEs are juggling a number of issues and priorities, they cannot afford to cheap out on cybersecurity.

The perfect storm: Covid-19

There’s a common assumption among small business owners that their company is too small to be targeted by a cyber-attack. Unfortunately, this is not the case. The pandemic has provided cybercriminals with an unprecedented opportunity to exploit confusion, uncertainty and hastily put together security measures as the workforces hastily pivot to remote working.

A recent study from the legal firm Hayes Connor Solicitors shows that many firms are not doing enough to protect their businesses. For example, one in five UK home workers has received no training on cyber-security, and two out of three employees who printed potentially sensitive work documents at home admitted to putting the papers in their bins without shredding them first.

With hundreds of millions of people around the world forced into managing sensitive data while working remotely, 2020 has proven to be a turning point in terms of attitudes to cybersecurity. Most technology and software systems were built to be accessed primarily on-site, so their security systems are geared accordingly.

But the shift to remote working has led to workers increasingly using personal devices to ensure business continuity and many communications are now taking place outside company firewalls on novel applications. This can significantly increase cybersecurity risks for SMEs as applications for remote working are often the target of malicious actors.

In 2020, there was a 400% increase in cyber fraud in the USA alone, with statistics reflecting that small businesses – and especially the sole traders, and self-employed – were the most vulnerable and while also lacking good access to relevant security services.

It goes without saying that the pandemic has strained the finances of most businesses and increasing investment into security can be difficult for SMEs at a time when many struggle to keep their cash flowing.

How technology can help – if used strategically

There’s a number of simple things businesses can do to protect themselves by taking advantage of available technology. It is widely known that human error is the weakest link when it comes to cybersecurity, so the bigger challenge for companies is to prevent unauthorised access, hacking or fraud arising from multiple access points that now exist.

An achievable starting point is simply setting out a clear cybersecurity policy and ensuring everyone in the business is well aware of protocols and best practises. This would also involve establishing clear rules on how devices are used, how teams share documents and so on.

Tailored and controlled access can be another effective way of improving cybersecurity. By making this as granular as possible, senior managers can control the features their team members can access. If unauthorised access were to occur, it would make it easier for the security team to identify and address the source without the risk of system-wide contagion.

Any system needs to incorporate the latest security and encryption protocols, even if a business feels it is too small to be worth a cybercriminal’s time. This can include multi-channel two-factor authentication, four-eyes checks, a complete audit trail of all activity, continuous backups and much more. These protocols need to be reviewed thoroughly, tested, challenged, and updated regularly to ensure SMEs are less likely to become easy pickings.

Ian Yates
CTO
Neo

A webinar in partnership with Infosys Finacle, held on February 11, 2021, with 150+ participants.

The blurring difference between retail and wholesale banking

The digital transformation journey for corporate banks has been in some ways similar to that of retail banks. In the last 4 years, the one factor that has really helped retail banking to scale on the digital transformation journey is the emergence of FinTechs, RegTechs, and InsurTechs trying to get into the banking business. At one particular time, they were gobbling up 30% of the banking deposits, 25% of the banks’ revenue and in cases such as niche payments or peer-to-peer wallet-based transactions, they were taking away almost 50% of the transactions. In India alone, more than 2 billion transactions in the retail space happen through the Unified Payment Interface, of which, over 60% of transactions are carried out by non-banks like Google pay, WhatsApp, PhonePe and Paytm. While this is happening in retail banking, BigTechs like Amazon have begun unbundling corporate banking as well.

Amazon has started to offer corporate banking services to its partners, including lending, insurance, extending revolving credit lines for vendors, and end-to-end supply chain financing for its network. It has already granted over $10 billion in loans to more than 20,000 SMBs but this is just the start. It is seeking to take the challenge to banks with better user experience, simplicity and ease of doing business. In different pockets of the world, Amazon has started creating a marketplace with their seller network, targeting almost 340,000 SMBs tying up with organizations like Flexiloans. They plan to scale this globally, through their access to the supplier network, which speeds up loan approvals. Amazon will soon lend at 150 to 250 basis points lesser than market rate because they don’t have infrastructure investment or branch network and everything is digitized, which are very attractive terms for SMBs.

In parallel, the debilitating impact of the pandemic from last year, is taking its toll on revenues for corporate banks. This is forcing banks to look for newer sources of income, while dealing with shrinking profitability and rising bad loans. The biggest risk, however, lies in the unprecedented twin challenges of liquidity and solvency due to the pandemic. The impact from all these challenges is forcing a business model reimagination in banks, making them accelerate their digital transformation agendas on an urgent basis, at scale.

The differences between retail and wholesale banking are blurring, except for the clientele that they service, in the sense of both moving towards a marketplace model. By setting up digital marketplaces or platforms, banks can be far more involved in client journeys that put them in a better place to service their customers in multiple ways. An overwhelming majority of unicorn companies across the world have platform business models, and it is time for banks to move from pipeline-based models to platform-based ones, like DBS Bank in Singapore.

EXCERPTS FROM THE PANEL DISCUSSION

Speaker 1: Manish Dhameja, Chief Wholesale Banking Officer, Sohar International

Speaker 2: Raju Buddhiraju, EGM, Chief of Wholesale Banking, Commercial Bank of Qatar

Speaker 3: Rajashekara V. Maiya, Global Head of Business Consulting Group, Infosys Finacle

Moderator: V. Ramkumar, Senior Partner, Cedar Management Consulting International

Effect of pandemic on the accelerated of digitization in Corporate Banks

Manish: The pandemic had indeed accelerated the digital agenda, both for imbibing technology by individuals, and corporates. This has also actually helped banks to use this opportunity to partner with FinTechs, to try and create a much more convenient value-added experience for the client in such a way it becomes cost effective, as well as value accretive.

The right strategy for corporate banks to prioritize and sequence the digitization agenda

Raju: One thing the pandemic has taught businesses across industries and sectors is that you really need to run a very thin cost architecture, if you want to succeed under different conditions. Thin cost structures are only enabled by technology-based solutions. Technology empowers institutions to provide a standardized customer experience to various customers and technologies like the cloud helps companies in moving to an operating expenditure model and scale quickly, which is necessary in disruptive times. With the earlier concerns on moving data to the cloud now cleared even by banking regulators, it is now inevitable that banks move to cloud-based solutions.

Changing expectations from a customer standpoint in corporate banking

Manish: The FinTech revolution has led to increasing customer expectations in a significant way, which has also led to raising the bar for banks to perform in a big way. For corporate banks to be successful, they need to move from a pipeline-based model to a platform-based one, following the principles outlined in SATS – Speed, Accuracy, Transparency and Secure environment. All wholesale banking transactions should pass the SATS test, to have a retail banking like experience. The second principle for corporate banks to consider, is going beyond just lending and being growth partners to their clients, especially in testing times.

This principle can be further extended by providing clients with technology tools, like forecasting tools for liquidity, so that their working capital needs can be reduced. Being a growth partner for a larger customer means not just financing the company, but also financing the company’s ecosystem, including its supply chain and vendors. The final transformation principle would be to become trusted advisors to corporate customers, using the vast storehouse of historical data combined with technology tools available to the bank. Doing all these things would add value to a client and help them leapfrog into actually creating a differential competitive advantage.

Role of blockchain in changing the landscape of corporate banking and digitalization

Raju: International trade is a $16 trillion market per year, but it is mired in bureaucracy, paperwork and multiple other bottlenecks, but the messier the problem, the better chance for disruption. This is where technologies like blockchain and distributed ledgers have potential in speeding up complex transactions, and it also feeds into the need for instant gratification amongst customers.

Getting your corporate customers to walk with you, in your digitalization journey

Manish: How do you align the organisation mindset to the client mindset? I think one first starts with what’s the purpose of the digital agenda and how do I make my business and IT strategy based on the type of client experience I want. For truly successful digital transformation, while employee IQ is important for implementation, employee EQ is more important for servicing client needs.

CLOSING NOTE

Digital transformation in corporate banking has for the most part trailed behind retail banking – but not anymore. It is evolving at an unprecedented pace, thanks to the pandemic catalysing digital transformation across business models, and accelerating technology adoption. The rise of digitally nimble BigTechs and FinTechs offering corporate banking services have further brought in a paradigm shift in digital disruption. Partnerships with FinTechs will remain critical for banks in providing value-added experiences to its corporate clients. Mainstream adoption of advanced technologies such as APIs driven corporate connectivity, Cloud, Blockchain etc. will be crucial to gain flexibility, speed to market, operational efficiencies, and a competitive advantage.

Four ways in which banks can support their corporate customers embrace digital transformation in their treasury operations.

By Rahul Wadhavkar, Head of Product Management – Commercial Banking Products, Infosys Finacle

The treasury is a significant source of value for a corporate. Hence any plan aimed at serving corporate customers better must necessarily factor improving the efficiency of treasury operations and transforming that from a cost center to a value center.

By and large, the corporate treasury function tends to trail most areas on the digital journey vis-à-vis other functions. Hence there is considerable scope for transformation. For banks keen on lending support to corporate customers, digitization of treasury operations is a good place to start.

Broadly, they can help their clients with the following:

• Make the difficult transition to adopting the latest technology across the treasury business
• Build a digital treasury that can interact seamlessly with the banks’ environment for efficient operations
• Go from a “data approach” to an “information approach”
• Improve risk management

Adopting the latest technology across the treasury business

Even today, a staggering number of businesses use Excel as their primary treasury management tool. A financial services industry analyst firm reported that 51 percent of companies earning annual revenues of less than US$ 250 million primarily (or exclusively) used spreadsheets for managing treasury operations¹. This is inadvisable for several reasons: it takes a huge amount of effort and time to gather and manipulate data in a spreadsheet, which gets worse as the number of banks and bank accounts increases; there’s a greater risk of errors due to “fat finger” typing, breakdown of macros and formulas, or simply, manual oversight; last but not least, spreadsheets are a serious security risk since they lack strong authentication². Migrating to a modern treasury management system may be easier for some firms, and harder for others, but almost all will require their support from their banks’ to see it through. The transition is also desirable from the banks’ perspective, because they will no longer have to struggle to support clients at vastly different levels of technical maturity.

The SME (small and medium enterprises) segment is in focus for most banks globally. Steadily growing in importance, these businesses are demanding treasury solutions suited to their unique needs, for example, tools that can be run on mobile and tablet devices. FinTechs are responding by creating specialised products for SMEs; even as banks help small businesses adopt treasury management solutions, they will themselves have to invest in some of the innovative FinTech offerings in order to align with their clients.

Building a digital treasury that can interact seamlessly with the banks’ environment for efficient operations

Open Banking regulations, such as PSD2, are enabling innovation and interoperability across various banking ecosystems. While open banking action is seen mainly in the consumer context, APIs are finding their way to the corporate side to create an interactive environment between a bank and its clients. It is almost like there is a virtual ecosystem between the bank and its corporate customer, with clear data and information tracks, and everything working seamlessly together. This improves operational efficiency and gives corporate treasurers access to near real-time information that they can use to make better decisions while managing cash flow or risk.  The good news is that a recent survey of 200 treasurers in Europe found that 35 percent were already using, or planning to use, APIs to enable integrations that would allow on-demand or real-time data exchange³. Strong API connectivity would also enable banks to extend traditional liquidity management services with investment analysis – something that only a few sophisticated banks offer at present.

Going from a “data approach” to an “information approach”

The true value of data comes about by turning it into information. A number of leading banks have evolved from offering mere data management services to providing better insights through information management. For example, instead of simply managing a client’s payments data, they are offering structured information reporting enabling the client to reconcile accounts faster and directly impacts the company’s bottom line.  Corporate customers will push their banks to provide better, more competitive solutions in this area in the years to come. The abovementioned survey hints as much with 52 percent of respondents expressing their interest in exchanging information in real-time, and 47 percent being keen on  real-time liquidity and real-time payments and collections⁴.

Improving risk management

Managing risk is another one of the bigger priorities for corporate treasurers. There are many ways in which banks can assist them in this area. For instance, there is an opportunity for banks to help clients manage counterparty credit risk – which they’re largely doing on their own – by enabling better tracking and monitoring of counterparties based on past behaviour, economic conditions, and market news and developments. Banks can leverage technology to convert this data – that in many cases they already have – into actionable information.

In addition, banks can offer specialised liquidity management products to the broader commercial client base but more specifically to the SME segment. With accurate timely liquidity forecasts, complete with investment options they can help these businesses not only avoid a cash crunch, but also explore avenues to earn higher yields on surplus cash.

Endnote

The fundamental goals of corporate treasury have not changed over the years. However, what has changed is that treasurers are able to achieve their objectives more effectively thanks to the treasury management solutions available to them from their banks. Treasury products tend to be very commoditized, but banks can create a competitive advantage for themselves  by building a support structure for clients across a spectrum of technological maturity,  and helping them embrace the tools of digitization faster. Not every client will adopt these changes at the same speed or intensity, but the endeavour should be to take all, big or small, forward in their journey of digital treasury transformation.

Sources:

1) https://treasury-management.com/blog/excel-in-data-management-why-it-still-has-a-role-to-play/

2) https://hazeltree.com/whats-the-big-issue-with-spreadsheet-based-treasury-operations/

3) & 4) https://www.journeystotreasury.com/treasury-insights-2020