Annual Planning in Banking IT

It's the same every year. During the annual budget planning, every bank I know faces an overwhelming number of IT project requests. I've often heard senior managers proudly proclaim, "As part of this year's budget planning, we've reduced IT project requests by 50%." This is frequently touted as a success, which always surprises me. Additionally, false hopes are often raised about what IT can deliver during the planning phase, when in reality, fulfilling all requests is neither feasible nor desirable.

The annual struggle of IT project planning in the banking sector highlights a fundamental challenge: the disconnect between ambition and reality. This ritual is flawed for several reasons. Firstly, it assumes that all IT projects are created equal. In reality, some projects yield significant benefits for the bank and its customers, while others may offer only marginal improvements or even prove detrimental. Secondly, it overlooks the crucial role of IT in driving innovation and competitive advantage. Banks that fail to invest strategically in IT risk falling behind their rivals, losing market share, and ultimately jeopardizing their long-term viability.

The key to overcoming this challenge lies in proper prioritization. This involves not just reducing the number of IT projects, but selecting the right ones. Desirable projects are those that create tangible and measurable benefits for the bank and its customers, such as faster payment processing, more reliable and accessible account services, or enhanced security features. By focusing on such projects, banks can ensure that their IT investments deliver maximum value and contribute to their overall strategic goals.

Moreover, proper prioritization requires a clear understanding of the bank's overall business objectives and the role of IT in achieving them. This means aligning IT projects with the bank's strategic priorities, ensuring that they support the bank's core business functions, and delivering a clear return on investment. It also involves involving key stakeholders in the prioritization process, including business leaders, IT experts, and customer representatives, to ensure that all perspectives are considered and that the chosen projects have broad support.

http://www.FrankSchwab.de

Published in SundayThoughts, banking, technology on 01.09.2024 9:30 Uhr. 0 comments • Comment here

From Oversight to Architects of Digital Resilience - DORA Reshapes the Board's Role

The financial sector faces escalating cyber threats in its digital evolution, prompting the introduction of DORA, the Digital Operational Resilience Act, aimed at fortifying defenses. DORA requires supervisory boards to pivot from mere compliance to becoming architects of digital resilience, orchestrating robust risk management strategies. It emphasizes the importance of understanding and addressing third-party dependencies while fostering a culture where resilience is ingrained, enabling boards to navigate digital disruption with strength and agility.

The accelerating pace of digital transformation in the financial sector has fundamentally altered the landscape of risks faced by banks. Operational disruptions caused by cyberattacks, technology failures, or third-party dependencies have the potential to trigger systemic crises across the interconnected financial system. In response to these evolving threats, the European Union's Digital Operational Resilience Act (DORA) represents a watershed moment, establishing a harmonized framework to enhance the sector's ability to withstand and recover from digital disruptions. For supervisory board members of banks, DORA signifies a call to action, demanding a renewed focus on digital operational resilience and a comprehensive oversight approach.

DORA goes beyond existing cybersecurity regulations by mandating in-depth ICT (Information and Communication Technology) risk management across the entire financial ecosystem. Supervisory boards hold the primary responsibility for ensuring their institutions are adequately prepared for the challenges posed by DORA. This entails a profound understanding of the regulation's core principles, a strategic recalibration of risk management approaches, and a commitment to fostering a culture of resilience across all organizational levels.

One of the most critical functions of supervisory boards in the wake of DORA is the implementation of a robust ICT risk management framework. Board members must not only approve ICT-related policies and procedures but also actively monitor their effectiveness. This requires a shift in mindset, recognizing that ICT risk is not a purely technical issue but a fundamental business risk. Boards need to ensure a holistic view of the institution's digital footprint, mapping critical business functions and identifying potential vulnerabilities stemming from internal systems, external dependencies, and the ever-evolving threat landscape.

Effective ICT incident management is another cornerstone of DORA compliance. Supervisory boards must play a crucial role in defining incident reporting thresholds, escalation procedures, and communication protocols with both internal and external stakeholders. DORA emphasizes the need for swift and decisive action in the face of disruptions, as well as thorough analysis of root causes to prevent future recurrences. Board oversight in this area helps drive continuous improvement in the institution's ability to manage operational crises.

Furthermore, DORA spotlights the interconnected nature of risk within the digital financial ecosystem. The reliance of banks on a complex web of third-party ICT service providers introduces a unique dimension to risk management. Supervisory boards must ensure that meticulous due diligence processes are in place for the onboarding of new third-party providers and that contractual agreements explicitly address issues of ICT risk and operational resilience. The oversight role must extend beyond initial contracting, demanding the institution maintains continuous monitoring of its third-party relationships.

The implementation of DORA goes beyond technical compliance; it necessitates a culture where digital operational resilience is a top priority. Supervisory boards are best positioned to lead this cultural transformation. Through communication, incentives, and accountability mechanisms, board members can promote resilience-focused behavior across the organization. This translates into investing in robust technologies, proactively identifying and mitigating risks, and emphasizing the importance of effective incident reporting and response.

Effectively navigating the requirements of DORA requires board members to expand their knowledge and expertise. This may mean including individuals with deeper technical backgrounds in cybersecurity or digital risk management or seeking external advisors to support the board's decision-making. Additionally, remaining abreast of evolving regulatory expectations, industry best practices, and the changing threat landscape is essential for informed and proactive oversight.

In conclusion, the Digital Operational Resilience Act (DORA) marks a significant milestone in the evolution of the European financial regulatory landscape. For supervisory boards of banks, it demands a shift in focus and strategy. By embracing the core principles of DORA, fostering a culture of resilience, and driving the development of robust ICT risk management frameworks, supervisory boards can safeguard their institutions and contribute to the overall stability of the financial system.

https://FrankSchwabSpeaks.com

Published in DORA, regulation, technology, DigitalBanking, BoardMember on 15.04.2024 19:07 Uhr. 0 comments • Comment here

Navigating the Maze of Legacy IT Landscape of Banks - Exploring Four Approaches

Banks struggle to balance modernization with the limitations of legacy systems. While no single approach dominates, considerations like a bank's size, goals, and risk tolerance will shape their transformation strategy. Success hinges on not just technology, but also effective change management and adaptability within the organization.

Banks today face a critical challenge: how to evolve and thrive in a rapidly digitizing landscape while grappling with the inertia of their often aging, complex legacy systems.

In a recent LinkedIn poll, I asked my community about the best approaches for banks to handle legacy technologies. While none of the three options (gradual modernization, complete overhaul, or ecosystem integration) emerged as a clear favorite, there was a general dislike for the idea of a complete overhaul. This article reflects the valuable insights shared by several contributors, with special thanks to Ewan MacLeod for suggesting the Greenfield Approach.

Charting the Course: Considerations for a Successful Transformation

The optimal approach for each bank depends on a unique blend of factors, including size, risk appetite, budget, strategic goals, and the complexity of their legacy system. Careful consideration of the benefits, challenges, and pitfalls presented by each approach is crucial for informed decision-making. While gradual modernization might suit larger banks prioritizing stability, smaller, more agile players might favor greenfield development. Ecosystem integration offers a collaborative avenue, but complete overhauls require meticulous planning and significant resources.

Let’s have a look at the 4 approaches

1️⃣ Gradual Modernization - Minimizing Disruption with Measured Steps

The gradual modernization approach prioritizes a measured climb, tackling key areas like customer-facing applications or core processes in stages. This strategy offers the advantage of minimizing disruption to ongoing operations and the customer experience. It leverages existing investments in legacy systems, allowing for targeted improvements in areas with demonstrably high impact. However, this measured approach can be a slow and piecemeal process, potentially hindering overall effectiveness. Integration issues may arise between new and old systems, and perpetuating outdated functionalities can hinder the adoption of truly innovative solutions. The pitfalls of this approach lie in a lack of a clear long-term vision, leading to a patchwork of solutions without synergy, and delaying crucial upgrades, which can render the bank less competitive in the long run.

Many incumbent banks are following the path of gradual modernization, such as Deutsche Bank, Barclays Bank, or Citibank.

2️⃣ Bold Overhaul - Embracing a Future Unburdened by the Past

The complete overhaul approach takes a more audacious path, aiming for a clean slate by replacing the entire technology stack with modern, integrated systems. This bold move unlocks several benefits, including fostering agility, scalability, and future-proof technology. Streamlined operations and potential long-term cost reductions are alluring prospects. However, this disruptive and resource-intensive process carries significant implementation risks, with high upfront costs and the potential for delays and budget overruns. The loss of institutional knowledge and expertise embedded in legacy systems also presents a challenge. Poor planning and execution can lead to chaos and operational downtime, while neglecting employee training and change management can breed resistance and hamper adoption.

Some incumbent banks, such as the Commonwealth Bank of Australia, are known for successful bold overhauls, albeit at very high costs, while others, like Deutsche Bank, didn’t succeed.

3️⃣ Collaboration for Innovation: Harnessing the Power of the Ecosystem

Instead of a complete overhaul, the ecosystem integration approach focuses on weaving legacy systems into a broader digital tapestry. This strategy leverages the expertise and innovative solutions of fintech partners, enabling faster time-to-market for new features and functionalities. It allows banks to utilize their existing legacy systems while adding modern capabilities. However, finding compatible partners with secure and reliable solutions is crucial. Managing data security and privacy concerns when integrating with external systems presents another challenge. Potential vendor lock-in and dependence on external partners must also be carefully considered. This approach can stumble if clear governance and collaboration frameworks are not established, leading to confusion and inefficiencies. Overreliance on external solutions can weaken internal development capabilities.

Spanish BBVA and Singaporean DBS are well-known banks pursuing an ecosystem strategy.

BBVA is recognized as a pioneer in open banking and boasts a successful ecosystem approach. Their robust API platform has spurred numerous fintech partnerships, fostering innovation in their customer offerings. While specifics may evolve, BBVA's commitment to collaboration positions them as a driving force in shaping the future of finance.

DBS boasts one of the most comprehensive and accessible API platforms in the banking industry, with over 200 APIs spanning various financial services. Their dedicated focus on collaboration and developer enablement has made them a leader in open banking, particularly within the Asia-Pacific region.

4️⃣ Building a Greenfield Bank: Unburdened by History, Empowered by the Future

The greenfield development approach takes the most radical path, starting from scratch to build a new technology infrastructure, free from the constraints of legacy systems. This offers unparalleled flexibility and scalability, allowing banks to design systems tailored to their specific needs. It fosters a culture of innovation and agility from the ground up. However, this significant undertaking requires substantial upfront investments and carries the risk of abandoning past investments. Banks may lack the institutional knowledge and expertise needed to build and maintain complex systems, and this approach often carries a longer implementation timeframe compared to others. Ignoring lessons learned from legacy systems can lead to repeating past mistakes, and underestimating the complexity of building and integrating entirely new systems from scratch is a significant pitfall.

When I consider examples like Revolut, Starling, J.P. Morgan's Marcus, Commerzbank's ComDirect, or Deutsche Bank's Bank 24, among others, my takeaway is this: a Greenfield approach works well for startups, but there's no track record for incumbents.

Beyond Technology: The Human Factor in Transformation

It is vital to remember that transformation is not solely about technology. Effective change management, cultural shifts, and employee training are essential for the successful adoption of any approach. By addressing these human factors alongside the technological considerations, banks can ensure a smooth and successful journey towards a future-proofed financial institution.

A Dynamic Journey

Transforming a bank with legacy technology is a complex and multifaceted endeavor. Each approach offers unique advantages and drawbacks, and the ideal path depends on individual circumstances. By carefully considering their specific needs and resources, banks can navigate the maze of transformation and emerge as agile, future-proof institutions in the ever-evolving financial landscape. Remember, the journey is dynamic, and continuous evaluation and adaptation are crucial for navigating the twists and turns towards a successful future.

🔗 LinkedIn poll: https://bit.ly/3UhV6RM

https://FrankSchwabSpeaks.com

Published in DigitalTransformation, CoreBanking, banking, transformation, technology, legacy on 09.02.2024 11:33 Uhr. 0 comments • Comment here

3 key strategies how APIs support the digital transformation of a bank

In general Application Programming Interfaces (APIs) can play a key role in enabling banks to become more competitive and customer-centric, while also reducing costs and improving their bottom line. Essentially there are three strategies how API support the digital transformation of a bank.

1 Better Partnership Banking

APIs enable banks to open up their products and services to their partners. Making use of APIs banking products and services can be seamlessly integrated into the business processes of the partners and, as a result, customer experiences can be significantly improved.

For example, by implementing APIs, BBVA was able to integrate its products and services into partner businesses, resulting in a 20% revenue growth. These partners, especially new FinTechs, had better access to financial information, which allowed them to build better services. Recently, companies like nerdwallet, Spreedly, Cardlytics, Automated Financial Systems, Execupay and Mx technologies have partnered up with BBVA.

By opening up its APIs to third-party developers, Barclays was able to integrate its services with partner businesses and significantly improve customer experiences.

Banks like Barclays also benefit from the adoption of open banking through APIs. Beyond the standard free offerings required by compliance with European Union’s PSD2 regulation, banks can provide Premium APIs. This direct monetisation provides a lower risk and higher returns.

As of the end of 2022 Q4, there were 246 regulated third-party providers in the UK. They all make more than a billion API calls every month.

2 Higher competitiveness through innovation

APIs allow banks to open up their systems and data to third-party developers, enabling the development of new financial products and services. This helps banks continue to innovate and to stay ahead of the competition. Good examples are developer platforms of Capital One and HSBC.

Capital One has launched a developer platform that offers third-party developers APIs, allowing them to integrate Capital One services into their applications. This has resulted in the creation of new financial products and services. An example of these products is the Digital Auto Financing Credit Application, which allows customers to launch a credit application entirely online.

Also, HSBC launched a global developer portal. This portal provides access to APIs for third-party developers to integrate HSBC services into their applications, creating new financial products and services.

Reports in the Open Banking Implementation Entity (OBIE) showed that more than 6.5 million users actively use open banking-backer products in the UK. These products provide end users (individuals and small businesses) with innovative services to support money management.

3 Increased Efficiency

By automating processes and reducing manual intervention, APIs can help banks increase operational efficiency and reduce costs.

By implementing APIs, Wells Fargo was able to automate many of its manual processes and reduce operational costs. Processes such as fraud detection, payments, and data services are well integrated into the API gateways of the bank.

By using APIs to automate its processes, Bank of America was able to reduce its costs and improve the efficiency of its operations. For example, the bank was able to expand its cashPro payment API to give choices of over 350 payment types to customers.

Conclusion

By applying the three strategies APIs can play a crucial role in transforming a bank.

https://FrankSchwabSpeaks.com

Sources/Credits

https://www.bbva.com/en/bbva-recognised-as-a-world-leader-in-open-banking/
https://developer.barclays.com/open-banking

https://developer.capitalone.com/home/

https://develop.hsbc.com

https://developer.wellsfargo.com

https://thepaypers.com/online-mobile-banking/bank-of-america-to-cover-over-350-payment-types-with-cashpro-payment-api--1258728

Presentation is supported by Microsoft Powerpoint, http://www.Microsoft.com

Some text is supported by ChatGTP, http://chat.openai.com

Some pics are supported by Craiyon, https://www.craiyon.com

Published in api, banking, DigitalTransformation, technology, apibanking, openbanking, 3-key-strategies-how-APIs-support-the-digital-transformation-of-a-bank on 23.02.2023 19:35 Uhr. 0 comments • Comment here

6 themes members of the board of directors should know about the crypto currency & blockchain industry

[Updated January 2024] The cryptocurrency and blockchain industry has the potential to transform several industries. Board members are urged to proactively understand key themes, including disruptions, opportunities, legal considerations, risks, and industry dynamics, as the sector evolves.

The cryptocurrency and blockchain industry has the potential to reshape our perspectives on money, ownership, and trust. Cryptocurrencies and blockchain technology facilitate faster, cheaper, and more secure transactions, extending beyond digital currencies to include ICOs, STOs, and NFTs, among others. The current market cap of cryptocurrencies and blockchain tokens is approximately $1.76 trillion, representing nearly 2% of all global money.

As of August 2023, major cryptocurrencies such as Bitcoin, Ethereum, Ripple, Cardano, Dogecoin, and Tron are experiencing over 8 million daily transactions, a significant increase compared to August 2016.

Back in 2015, the World Economic Forum predicted that by 2027, around 10% of the global gross domestic product (GDP) would be stored on blockchain technology. Current trends indicate that this projection is on track. Notably, recent SEC approvals for cryptocurrency ETFs and new regulations like the European MiCA (Markets in Crypto-Assets) regulation are expected to further propel the crypto industry.

While the cryptocurrency and blockchain industry is still in its infancy, it is crucial for members of the board of directors to delve into key themes before these factors impact a company’s business model. It is recommended to gain insights into potential disruptions, new business opportunities, basic concepts and technologies, relevant laws and regulations, potential risks, and the dynamics of an emerging industry.

1. Potential disruption of several industries

There are several industries that are potentially disrupted by cryptocurrencies and blockchain technologies. Members of the board of directors should observe the following industries and look for signs of disruption.

Supply chain management: Blockchain technology can enable increased transparency and security in supply chain management, allowing for more efficient tracking of goods and materials.

Real estate: Blockchain technology can be used to create a more efficient and transparent system for buying and selling property, as well as for tracking and managing property ownership.

Healthcare: Blockchain technology can be used to securely store and share medical records, as well as to facilitate more efficient and secure communication between healthcare providers.

Gaming & entertainment: Cryptocurrencies and blockchain technology can be used to enable new forms of digital ownership and monetization of in-game assets.

Retail: Cryptocurrencies and blockchain technology can be used to enable secure and transparent transactions between retailers and customers, as well as to improve supply chain management and inventory tracking.

Financial services: Cryptocurrencies and blockchain technology have the potential to disrupt traditional financial services by providing a more inclusive and accessible way for individuals and businesses to access financial services, such as banking and payments.

2. New business opportunities

Cryptocurrencies & blockchain technologies have the potential to enable a wide range of new business opportunities. Some of the most relevant examples include:

Supply Chain Management: Blockchain can be used to create transparent and tamper-proof records of transactions in supply chain management, allowing for increased trust and efficiency.

Digital Identity: Blockchain can be used to create secure and decentralized digital identities, allowing for greater privacy and control over personal information.

Gaming: Blockchain can be used to create decentralized and transparent in-game economies, allowing for true ownership of virtual assets.

Tokenization: Blockchain can be used to tokenize assets such as real estate, art, and other collectibles, making it possible to buy and sell fractions of these assets.

Payment: The use of cryptocurrency as a form of payment enables faster and cheaper transactions, especially cross-border transactions.

Crowdfunding: Blockchain can be used to create decentralized crowdfunding platforms, allowing for more transparent and efficient fundraising for projects.

Internet of Things: Blockchain technology can be used to create secure and decentralized networks for the Internet of Things (IoT), allowing for greater trust and control over the exchange of data.

Decentralized finance (DeFi): Blockchain technology can be used to create decentralized financial services, such as lending and borrowing platforms, that operate independently of traditional financial institutions.

3. Basic concepts & technologies

It is recommended to introduce the basic concepts and technologies behind cryptocurrencies and blockchain to the members of the board of directors. Decentralization, immutability, transparency, cryptography, smart contracts, distributed ledger, limited supply, anonymity, borderless and digital are the most central ones.

Decentralization: Blockchain technologies and respective cryptocurrencies are decentralized, meaning they are not controlled by any single entity or organization. Crypto currencies are not controlled by any central authority such as a government or central bank. This allows for increased autonomy and control for users over their own funds.

Immutability: Once a transaction is added to a block and the block is added to the blockchain, the information in that block cannot be altered. This ensures the integrity and immutability of the data and crypto currency transactions stored on the blockchain.

Transparency: Blockchain technology allows for increased transparency by providing a public, tamper-proof record of all crypto currency transactions.

Cryptography: Blockchain and crypto currencies use cryptography to secure and protect transactions, making it a secure technology for storing and sharing sensitive information. This also ensures the integrity and security of crypto currencies.

Smart Contracts: Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. These contracts can be stored and replicated on the blockchain network.

Distributed Ledger: A distributed ledger is a database that is spread across a network of computers. Each copy of the database is identical and is updated simultaneously.

Limited supply: The total supply of most cryptocurrencies is limited, meaning that there is a maximum number of units that can be created. This can help to prevent inflation and ensure the value of the currency remains stable.

Anonymity: Cryptocurrencies can provide a high level of anonymity for users, as transactions are recorded using a public key rather than a name or personal information.

Borderless: Cryptocurrencies can be sent and received from anywhere in the world, and the transaction can be done almost instantaneously, regardless of geographical boundaries.

Digital: Blockchain & cryptocurrencies exist only in digital form and are stored and transferred electronically.

4. Relevant laws & regulations

Members of the board of directors should consider a number of laws and regulations related to cryptocurrencies and blockchain when developing their policies and procedures. It is important to note that the laws and regulations surrounding cryptocurrencies and blockchain technology vary by jurisdiction.

In June 2023, the European Union implemented one of the most advanced crypto regulations: 'MiCA' - The Markets in Crypto Assets Regulation.

Some of the most relevant general laws are AML, KYC, taxation, securities, GDPR and smart contracts regulations:

Anti-money laundering (AML) laws: These laws aim to prevent the use of cryptocurrencies for illegal activities such as money laundering and terrorist financing.

Know-your-customer (KYC) regulations: These regulations require cryptocurrency exchanges and other companies to verify the identity of their customers.

Taxation laws: Different countries have different tax laws for cryptocurrencies, and it is important for individuals and businesses to comply with these laws to avoid penalties.

Securities laws: Some jurisdictions consider certain cryptocurrencies to be securities, and they are subject to securities laws and regulations.

Data privacy laws: As blockchain technology is used for storing data, it is important for companies to comply with data privacy laws such as the

General Data Protection Regulation (GDPR) in the European Union.

Smart contracts regulations: Smart contracts, which are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code, also fall under scrutiny and regulations.

Given that the crypto & blockchain industry is still at early stage the surrounding laws and regulations are constantly evolving and it is essential to stay informed of updates and changes in order to comply with them.

5. Potential risks

Cryptocurrencies and blockchain technology can bring several potential risks to a company.

Security risks: Cryptocurrencies and blockchain transactions are vulnerable to hacking, fraud, and other types of cyber attacks, which can lead to financial losses for the company.

Compliance risks: Cryptocurrencies and blockchain technology are still largely unregulated, and companies may not be fully aware of the legal and compliance requirements related to their use.

Volatility risks: The value of cryptocurrencies can be highly volatile, which can lead to significant financial losses for a company if they are holding a significant amount of cryptocurrency assets.

Source: CoinMarketCap.com

Operational risks: Implementing and using blockchain technology can be complex and may require significant resources and expertise, which can lead to operational challenges and disruptions for a company.

Reputational risks: Companies that are associated with cryptocurrencies and blockchain technology may be perceived as risky or untrustworthy by some customers, investors, and partners.

6. Dynamics of the early industry

The early cryptocurrency and blockchain industry sometimes feel like Wild West and has several key dynamics that members of the board of directors should be aware of.

High volatility in prices, as the market is still relatively new and uncertain.

A high degree of speculation, as many investors buy cryptocurrencies in the hopes of making a quick profit.

A lack of regulation, which has led to a Wild West atmosphere and a lack of protection for investors.

Innovation and experimentation, as many companies and individuals are working to find new use cases for blockchain technology.

Heavy competition, as there are many different cryptocurrencies and blockchain projects vying for market share.

High growth potential, as the technology is still in its early stages and has the potential to disrupt a wide range of industries.

High speed of technological changes with new crypto currencies and different blockchain versions coming up every now and then.

Finally, it's worth noting that while the crypto-currencies and blockchain industry is still in its early stages, regulations and institutional involvement have been increasing which may change the dynamics of the industry.

https://FrankSchwabSpeaks.com

Credits:

Some icons are created by Freepik – Flaticon, https://www.flaticon.com

Presentation is supported by Microsoft Powerpoint, http://www.Microsoft.com

Some text is supported by ChatGTP, http://chat.openai.com

Some pics are supported by Craiyon, https://www.craiyon.com

Some pics are based on CoinMarketCap, https://CoinMarketCap.com

Published in crypto, cryptocurrency, cryptocurrencies, blockchain, technology, BoardMember, 6-themes-members-of-the-board-of-directors-should-know-about-the-crypto-currency-&-blockchain-industry on 25.01.2023 17:48 Uhr. 0 comments • Comment here