Frank Schwab

I help navigate digital transformation

From Oversight to Architects of Digital Resilience - DORA Reshapes the Board's Role

The financial sector faces escalating cyber threats in its digital evolution, prompting the introduction of DORA, the Digital Operational Resilience Act, aimed at fortifying defenses. DORA requires supervisory boards to pivot from mere compliance to becoming architects of digital resilience, orchestrating robust risk management strategies. It emphasizes the importance of understanding and addressing third-party dependencies while fostering a culture where resilience is ingrained, enabling boards to navigate digital disruption with strength and agility.


The accelerating pace of digital transformation in the financial sector has fundamentally altered the landscape of risks faced by banks. Operational disruptions caused by cyberattacks, technology failures, or third-party dependencies have the potential to trigger systemic crises across the interconnected financial system. In response to these evolving threats, the European Union's Digital Operational Resilience Act (DORA) represents a watershed moment, establishing a harmonized framework to enhance the sector's ability to withstand and recover from digital disruptions. For supervisory board members of banks, DORA signifies a call to action, demanding a renewed focus on digital operational resilience and a comprehensive oversight approach.


DORA goes beyond existing cybersecurity regulations by mandating in-depth ICT (Information and Communication Technology) risk management across the entire financial ecosystem. Supervisory boards hold the primary responsibility for ensuring their institutions are adequately prepared for the challenges posed by DORA. This entails a profound understanding of the regulation's core principles, a strategic recalibration of risk management approaches, and a commitment to fostering a culture of resilience across all organizational levels.





One of the most critical functions of supervisory boards in the wake of DORA is the implementation of a robust ICT risk management framework. Board members must not only approve ICT-related policies and procedures but also actively monitor their effectiveness. This requires a shift in mindset, recognizing that ICT risk is not a purely technical issue but a fundamental business risk. Boards need to ensure a holistic view of the institution's digital footprint, mapping critical business functions and identifying potential vulnerabilities stemming from internal systems, external dependencies, and the ever-evolving threat landscape.




Effective ICT incident management is another cornerstone of DORA compliance. Supervisory boards must play a crucial role in defining incident reporting thresholds, escalation procedures, and communication protocols with both internal and external stakeholders. DORA emphasizes the need for swift and decisive action in the face of disruptions, as well as thorough analysis of root causes to prevent future recurrences. Board oversight in this area helps drive continuous improvement in the institution's ability to manage operational crises.




Furthermore, DORA spotlights the interconnected nature of risk within the digital financial ecosystem. The reliance of banks on a complex web of third-party ICT service providers introduces a unique dimension to risk management. Supervisory boards must ensure that meticulous due diligence processes are in place for the onboarding of new third-party providers and that contractual agreements explicitly address issues of ICT risk and operational resilience. The oversight role must extend beyond initial contracting, demanding the institution maintains continuous monitoring of its third-party relationships.




The implementation of DORA goes beyond technical compliance; it necessitates a culture where digital operational resilience is a top priority. Supervisory boards are best positioned to lead this cultural transformation. Through communication, incentives, and accountability mechanisms, board members can promote resilience-focused behavior across the organization. This translates into investing in robust technologies, proactively identifying and mitigating risks, and emphasizing the importance of effective incident reporting and response.





Effectively navigating the requirements of DORA requires board members to expand their knowledge and expertise. This may mean including individuals with deeper technical backgrounds in cybersecurity or digital risk management or seeking external advisors to support the board's decision-making. Additionally, remaining abreast of evolving regulatory expectations, industry best practices, and the changing threat landscape is essential for informed and proactive oversight.




In conclusion, the Digital Operational Resilience Act (DORA) marks a significant milestone in the evolution of the European financial regulatory landscape. For supervisory boards of banks, it demands a shift in focus and strategy. By embracing the core principles of DORA, fostering a culture of resilience, and driving the development of robust ICT risk management frameworks, supervisory boards can safeguard their institutions and contribute to the overall stability of the financial system.





Published in DORA, regulation, technology, DigitalBanking, BoardMember  on 15.04.2024 19:07 Uhr. 0 commentsComment here

Beyond Gut Feeling - 25 KPIs as the Board's Roadmap for Digital Transformation in Banking

Discover how board members wield 25 Key Performance Indicators (KPIs) as their compass, guiding the institution towards digital excellence. Dive deep into the themes of Customer Experience & Adoption, Innovation, Financial Performance, Operational Efficiency, Cybersecurity, and Regulatory Compliance, unlocking insights crucial for navigating the complexities of modern banking. As the landscape evolves, so too must the metrics; witness the evolution from adoption to revenue generation, ensuring adaptive oversight at every turn.


When it comes to overseeing a bank's digital transformation, board members play a critical role in setting strategic direction and ensuring that the organization achieves its objectives effectively. Key Performance Indicators (KPIs) are essential tools for board members to monitor progress, assess the impact of digital initiatives, and make informed decisions. 


Beyond mere tracking, KPIs serve as litmus tests for evaluating the success or need for course correction in transformation efforts. They provide evidence of ROI for significant digital investments, aligning with boards' fiduciary duty to shareholders. Moreover, KPIs aid in risk management by tracking potential threats like cybersecurity, enabling proactive measures to address vulnerabilities. By benchmarking against industry standards, boards gain insight into the competitive landscape, shaping strategies for maintaining competitiveness.


Enclosed 25 KPIs are indispensable for board members during a bank's digital transformation:


I) Customer Experience & Adoption KPIs provide insights into how well the bank is meeting customer expectations and adapting to changing preferences. Board members need to understand the level of digital channel usage, Net Promoter Score (NPS) for digital channels, Digital Adoption Rate, Customer Effort Score (CES), and Self-Service Completion Rate to gauge the success of digital initiatives in enhancing customer experience and driving adoption. By tracking these metrics, board members can ensure that the bank remains customer-centric and competitive in the digital age.




II) Innovation KPIs help board members evaluate the bank's ability to innovate and adapt to a rapidly changing digital landscape. Metrics such as Time-to-Market for New Digital Products, Number of New Digital Partnerships, and Rate of Experimentation reflect the bank's agility, creativity, and willingness to embrace innovation. By tracking these KPIs, board members can assess the bank's competitive positioning, identify emerging opportunities, and ensure that the organization remains at the forefront of industry innovation.





III) Financial Performance KPIs offer board members valuable insights into the financial implications of digital transformation. Metrics such as Return on Investment (ROI) of Digital Initiatives, Customer Acquisition Cost (CAC), Customer Lifetime Value (LTV), and Revenue Generated from Digital Channels enable board members to assess the profitability and sustainability of digital initiatives. Understanding these KPIs allows board members to make informed decisions regarding resource allocation, investment prioritization, and revenue generation strategies.




IV) Operational Efficiency KPIs are vital for board members to assess the operational impact of digital transformation. Metrics such as Cost-to-Income Ratio, Process Automation Rate, Time-to-Resolution for support tickets, and Operational Cost per Transaction help board members evaluate the efficiency gains achieved through digitalization efforts. By monitoring these KPIs, board members can identify areas for optimization, cost reduction, and process improvement, ultimately driving operational excellence across the organization.




V) Cybersecurity KPIs offer critical insights into the bank's resilience against digital threats and its ability to protect sensitive data and systems from malicious actors. Metrics such as Number of Cybersecurity Incidents, Mean Time to Detection (MTD), Mean Time to Resolution (MTTR), Percentage of Successful Phishing Simulations, and Compliance with Cybersecurity Frameworks provide board members with a comprehensive view of the bank's cybersecurity posture. It's important to balance security with customer experience. Overly stringent security measures might frustrate users. By monitoring these KPIs, board members can assess the effectiveness of the bank's security measures, identify potential vulnerabilities, and prioritize investments in cybersecurity infrastructure and employee training. 




VI) Finally, regulatory compliance is another area of paramount importance for board members during a bank's digital transformation. Regulatory KPIs help board members assess the bank's adherence to legal and regulatory requirements, mitigate compliance-related risks, and maintain the organization's reputation and trustworthiness. Metrics such as Number of Regulatory Fines, Percentage of Audits Passed, Number of Regulatory Change Orders Required for New Digital Products, and Customer Data Privacy Breach Rate offer valuable insights into the bank's compliance efforts.




⚡️Important to note: the best KPIs evolve with the transformation's phases. Early on, focus may be on adoption, and later, the emphasis could shift to revenue generation. Boards need adaptable oversight.




In summary, these 25 KPIs are essential for board members during a bank's digital transformation because they provide valuable insights into customer experience, innovation, financial performance, operational efficiency, cybersecurity, and regulatory compliance. By monitoring these KPIs closely, board members can effectively oversee the digital transformation process, drive strategic decision-making, and ensure the long-term success of the organization in an increasingly digital-centric world.






https://FrankSchwabSpeaks.com





Published in Digital, Transformation, Banking, KPIs, leadership, innovation, BoardMember, DigitalBanking,  DigitalTransformation  on 09.04.2024 10:24 Uhr. 0 commentsComment here

5 Imperatives for Board Leadership in Digital Banking Transformation 

In an era where digital transformation in banking is non-negotiable for survival, board leadership faces unprecedented challenges and opportunities. Discover five crucial imperatives shaping the future of financial institutions, from embedding digital strategy at the core to fortifying cybersecurity defenses.



„Digital banking transformation is not a choice—it's imperative for survival.“


The banking sector stands at the precipice of unprecedented change, driven by the inexorable march of digital transformation. In this era, where adaptation is synonymous with survival, the role of board leadership in steering financial institutions towards a digitally empowered future cannot be overstated. Proactive board leadership is crucial to help financial institutions not only keep pace but lead the way in crafting the bank of the future.


In my experience the following five imperatives for board members are crucial for effectively navigating the digital landscape, ensuring not only the relevance but also the leadership of their institutions in shaping the bank of the future.





1️⃣ Digital as Core Strategy


In the digital age, strategy cannot afford to treat transformation as an ancillary endeavor but must integrate it as the very essence of the institution's trajectory. Board members must be the vanguards in this endeavor, asking pertinent questions, driving alignment, and identifying requisite digital talent. Key performance indicators (KPIs) such as Digital Channel Adoption Rate, Digital Sales Percentage, and Cost-to-Income Ratio serve as crucial barometers in assessing the efficacy of digital strategies.





2️⃣ Cultivating a Culture of Innovation


The ethos of innovation must permeate every facet of traditional banking institutions, necessitating a cultural metamorphosis. Board members play a pivotal role in championing agility and collaboration, fostering an environment conducive to rapid experimentation and cross-functional partnerships. KPIs such as Time-to-Market for New Products/Features, Employee Engagement with Innovation Initiatives, and Customer Feedback on New Features are instrumental in gauging the institution's innovation quotient.




3️⃣ Evolving the Customer Experience


In the digital realm, customer experience reigns supreme, and board members must prioritize its enhancement. Advocating for the voice of the customer, championing seamless journeys, and tracking KPIs such as Net Promoter Score, Digital Self-Service Resolution Rate, and Channel Abandonment Rate are imperative in ensuring that the institution remains attuned to evolving customer expectations.






4️⃣ Leveraging Data as a Strategic Asset


Data emerges as the linchpin in the digital banking paradigm, necessitating a strategic approach guided by board leadership. Establishing robust data governance policies, fostering insights-driven decision-making, and tracking KPIs such as Data Quality Index, Insights-to-Action Time, and Customer Personalization Effectiveness are pivotal in harnessing the transformative power of data.




5️⃣ The Cybersecurity Imperative


As banking operations traverse the digital realm, cybersecurity assumes paramount importance, demanding unwavering vigilance from board members. Oversight, a proactive stance, and adherence to compliance standards become non-negotiable imperatives. Tracking KPIs such as Number of Security Incidents, Incident Response and Recovery Time, and Compliance with Security Standards are indispensable in safeguarding the institution against cyber threats.


Conclusion


In conclusion, the digital revolution presents both unparalleled opportunities and formidable challenges for the banking sector. Board leadership, armed with a keen understanding of the imperatives outlined herein, holds the key to navigating this tumultuous terrain successfully. By embracing digital transformation as a core strategy, fostering a culture of innovation, prioritizing customer experience, leveraging data strategically, and fortifying cybersecurity measures, board members can chart a course towards a future where their institutions not only survive but thrive in the digital age.



Published in DigitalTransformation, DigitalBanking, KPIs, CustomerSatisfaction, innovation, BoardMember on 25.03.2024 19:31 Uhr. 0 commentsComment here

Navigating the Maze of Legacy IT Landscape of Banks - Exploring Four Approaches

Banks struggle to balance modernization with the limitations of legacy systems. While no single approach dominates, considerations like a bank's size, goals, and risk tolerance will shape their transformation strategy. Success hinges on not just technology, but also effective change management and adaptability within the organization.



Banks today face a critical challenge: how to evolve and thrive in a rapidly digitizing landscape while grappling with the inertia of their often aging, complex legacy systems.


In a recent LinkedIn poll, I asked my community about the best approaches for banks to handle legacy technologies. While none of the three options (gradual modernization, complete overhaul, or ecosystem integration) emerged as a clear favorite, there was a general dislike for the idea of a complete overhaul. This article reflects the valuable insights shared by several contributors, with special thanks to Ewan MacLeod for suggesting the Greenfield Approach.




Charting the Course: Considerations for a Successful Transformation


The optimal approach for each bank depends on a unique blend of factors, including size, risk appetite, budget, strategic goals, and the complexity of their legacy system. Careful consideration of the benefits, challenges, and pitfalls presented by each approach is crucial for informed decision-making. While gradual modernization might suit larger banks prioritizing stability, smaller, more agile players might favor greenfield development. Ecosystem integration offers a collaborative avenue, but complete overhauls require meticulous planning and significant resources.


Let’s have a look at the 4 approaches




1️⃣ Gradual Modernization - Minimizing Disruption with Measured Steps


The gradual modernization approach prioritizes a measured climb, tackling key areas like customer-facing applications or core processes in stages. This strategy offers the advantage of minimizing disruption to ongoing operations and the customer experience. It leverages existing investments in legacy systems, allowing for targeted improvements in areas with demonstrably high impact. However, this measured approach can be a slow and piecemeal process, potentially hindering overall effectiveness. Integration issues may arise between new and old systems, and perpetuating outdated functionalities can hinder the adoption of truly innovative solutions. The pitfalls of this approach lie in a lack of a clear long-term vision, leading to a patchwork of solutions without synergy, and delaying crucial upgrades, which can render the bank less competitive in the long run.


Many incumbent banks are following the path of gradual modernization, such as Deutsche Bank, Barclays Bank, or Citibank.




2️⃣ Bold Overhaul - Embracing a Future Unburdened by the Past


The complete overhaul approach takes a more audacious path, aiming for a clean slate by replacing the entire technology stack with modern, integrated systems. This bold move unlocks several benefits, including fostering agility, scalability, and future-proof technology. Streamlined operations and potential long-term cost reductions are alluring prospects. However, this disruptive and resource-intensive process carries significant implementation risks, with high upfront costs and the potential for delays and budget overruns. The loss of institutional knowledge and expertise embedded in legacy systems also presents a challenge. Poor planning and execution can lead to chaos and operational downtime, while neglecting employee training and change management can breed resistance and hamper adoption.


Some incumbent banks, such as the Commonwealth Bank of Australia, are known for successful bold overhauls, albeit at very high costs, while others, like Deutsche Bank, didn’t succeed.




3️⃣ Collaboration for Innovation: Harnessing the Power of the Ecosystem


Instead of a complete overhaul, the ecosystem integration approach focuses on weaving legacy systems into a broader digital tapestry. This strategy leverages the expertise and innovative solutions of fintech partners, enabling faster time-to-market for new features and functionalities. It allows banks to utilize their existing legacy systems while adding modern capabilities. However, finding compatible partners with secure and reliable solutions is crucial. Managing data security and privacy concerns when integrating with external systems presents another challenge. Potential vendor lock-in and dependence on external partners must also be carefully considered. This approach can stumble if clear governance and collaboration frameworks are not established, leading to confusion and inefficiencies. Overreliance on external solutions can weaken internal development capabilities.


Spanish BBVA and Singaporean DBS are well-known banks pursuing an ecosystem strategy.


BBVA is recognized as a pioneer in open banking and boasts a successful ecosystem approach. Their robust API platform has spurred numerous fintech partnerships, fostering innovation in their customer offerings. While specifics may evolve, BBVA's commitment to collaboration positions them as a driving force in shaping the future of finance.


DBS boasts one of the most comprehensive and accessible API platforms in the banking industry, with over 200 APIs spanning various financial services. Their dedicated focus on collaboration and developer enablement has made them a leader in open banking, particularly within the Asia-Pacific region.





4️⃣ Building a Greenfield Bank: Unburdened by History, Empowered by the Future


The greenfield development approach takes the most radical path, starting from scratch to build a new technology infrastructure, free from the constraints of legacy systems. This offers unparalleled flexibility and scalability, allowing banks to design systems tailored to their specific needs. It fosters a culture of innovation and agility from the ground up. However, this significant undertaking requires substantial upfront investments and carries the risk of abandoning past investments. Banks may lack the institutional knowledge and expertise needed to build and maintain complex systems, and this approach often carries a longer implementation timeframe compared to others. Ignoring lessons learned from legacy systems can lead to repeating past mistakes, and underestimating the complexity of building and integrating entirely new systems from scratch is a significant pitfall.


When I consider examples like Revolut, Starling, J.P. Morgan's Marcus, Commerzbank's ComDirect, or Deutsche Bank's Bank 24, among others, my takeaway is this: a Greenfield approach works well for startups, but there's no track record for incumbents.



Beyond Technology: The Human Factor in Transformation


It is vital to remember that transformation is not solely about technology. Effective change management, cultural shifts, and employee training are essential for the successful adoption of any approach. By addressing these human factors alongside the technological considerations, banks can ensure a smooth and successful journey towards a future-proofed financial institution.



A Dynamic Journey


Transforming a bank with legacy technology is a complex and multifaceted endeavor. Each approach offers unique advantages and drawbacks, and the ideal path depends on individual circumstances. By carefully considering their specific needs and resources, banks can navigate the maze of transformation and emerge as agile, future-proof institutions in the ever-evolving financial landscape. Remember, the journey is dynamic, and continuous evaluation and adaptation are crucial for navigating the twists and turns towards a successful future.





Published in DigitalTransformation, CoreBanking, banking, transformation, technology, legacy on 09.02.2024 11:33 Uhr. 0 commentsComment here

8 key considerations for Board of Directors on Artificial Intelligence in Banking

Summary: There are several key considerations for boards of directors when it comes to artificial intelligence (AI) in the banking industry. Eight of the most important ones include integrated into business strategy, established governance and oversight, well-trained talent & skills, legal & regulatory compliance, data privacy, ethical considerations, risk management and transparency.


1) Business strategy: Boards should consider how AI can be used to support the bank's business strategy and goals, and how it can be integrated into existing processes and systems, like customer service chatbots, fraud detection, credit risk assessment or personalized service offering

2) Governance and oversight: Banking Boards should establish clear governance structures and processes to oversee the development and deployment of AI, including defining roles and responsibilities, setting performance metrics, and establishing risk management procedures. Given the dynamics of AI and the need for constant calibration and validation of AI models boards need to establish a frequent model oversight process.  

3) Talent and skills: AI requires specialized skills and knowledge, and boards should ensure that the bank has the necessary talent and resources trained in both banking and AI to develop and implement AI initiatives.

4) Legal and regulatory compliance: It is important for the board to ensure that the use of AI in the banking industry complies with all relevant laws and regulations. This includes data protection laws, consumer protection laws, digital operational resilience act, and any other laws that may be relevant to the use of AI in the banking industry.

5) Data and data privacy: The use of AI in the banking industry often involves the collection and processing of large amounts of sensitive data. The board should consider how this data is collected, stored, and used, and ensure that appropriate measures are in place to protect the privacy of customers and other stakeholders. All AI models are dependent on high quality data. There is the risk of garbage in, garbage out. Therefore, boards must provide framework conditions that ensure robust and high data quality.

6) Ethical considerations: The use of AI in the banking industry can raise ethical concerns, such as the potential for bias in decision-making or the impact on employment. The board should consider these ethical concerns and ensure that the use of AI is consistent with the values and mission of the organization.

7) Risk management: The use of AI can introduce new risks to the banking industry, such as the risk of biased decision-making or the risk of data breaches. The board should consider these risks and ensure that appropriate measures are in place to mitigate them.

8) Transparency: It is important for the board to be transparent about the use of AI in the banking industry and to ensure that customers and other stakeholders are informed about how AI is being used. This may include providing information about how decisions are made and what data is being collected and used.

Finally, AI training for board members is recommended to make them knowledgable about the concepts, methods, needs, challenges and risks.




Published in BoardMember, governance, AI, technology, 8-key-considerations-for-Board-of-Directors-on-Artificial-Intelligence-in-Banking  on 31.12.2022 11:16 Uhr. 0 commentsComment here

More entries

© Frank Schwab 2024