Strategic Planning for Technology
by Jimmy Sawyers, BOL Guru
Director of Consulting
Reynolds, Bone & Griesbeck PLC
As we gaze into our crystal ball for 2006, we see an optimistic future for banking technology filled with innovation and improvement at all levels of banking. Managing the incredible regulatory burden remains a challenge, but bankers appear up to the task by applying technology where needed and reviewing old systems for much-needed upgrades and redesigns.
To jump start banks' strategic planning efforts for 2006 and beyond, we offer ten predictions:
- Distributed item capture will help banks offer innovative services to customers while improving back office item processing and clearing operations
- A bandwidth explosion changes the networking paradigm and increases online activity
- Wireless takes hold in the home and in the office
- Business continuity will be the top regulatory hot button
- Anti-money laundering compliance gets tougher
- Bankers will be expected to prevent and detect fraud across all business lines and transaction channels
- The federal government continues to do what it does best -- grow and spend while increasing the banking industry's compliance burden
- Network and Internet security remains a critical issue
- The winning Customer Relationship Management program is discovered
- Data becomes more mobile driving demand for better encryption
Prediction #1 -- Distributed item capture will help banks offer innovative services to customers while improving back office item processing and clearing operations
Much of the hype surrounding Check 21 legislation has focused on image exchange that is being driven by large banks that have the volumes to dictate the pace of innovation. While image exchange slowly gains ground in 2006 as standards are established and more banks get on board, banks of all sizes are realizing the significant impact of remote deposit/merchant capture services. By allowing customers to scan their deposited items in the comfort and convenience of their office, without having to make a trip to the bank, bankers are expanding their geographic footprint while attracting and securing commercial deposits and improving item processing workflows.
Bankers will dissect their image item processing strategies into?
Branch capture and teller capture implementations will force bankers to review workflows and network design. Combined with CAR/LAR (Courtesy Amount Recognition/Legal Amount Recognition) image processing, banks will enjoy increased efficiencies and lower processing costs long-term. CAR/LAR read rates will continue to improve, topping 80 percent accuracy on average and allowing bankers to reduce FTE in the item processing area. The need for large, high volume item processing transports will be diminished as item capture volumes are distributed across the enterprise.
Image cash letters and true image exchange slowly become reality as standards are set and new systems are implemented. Don't expect a smooth flow in this arena. The "land grab" for item processing dominance will pit providers against each other and interoperability problems will abound.
Check volumes will decline by at least 20 percent in 2006; however, total transaction volumes per account will continue to increase, driven largely by more electronic transactions. ARC (accounts receivable conversion), POP (point of purchase), direct deposit, ATM and debit card, credit card, and online banking will all impact the rapidly changing payments system.
Prediction #2 -- A bandwidth explosion changes the networking paradigm and increases online activity
Bob Metcalfe, the father of the Ethernet networking protocol, coined what has become known at Metcalfe's Law - "The power of the network increases exponentially by the number of computers connected to it. Therefore, every computer added to the network both uses it as a resource while adding resources in a spiral of increasing value and choice." We have seen Metcalfe's Law applied locally as banks' wide area networks have grown in users with more server-based and web-based applications. Metcalfe's Law will continue to be applied globally as the number of Internet users continues to grow, further interconnecting and flattening our world.
Advances in telecommunications infrastructures now offer bankers reliable choices for more robust networks. Metro Ethernet services now offered in some areas give banks local area network speeds, across their wide area networks, at affordable prices. The old bottlenecks of low-speed, high cost, leased lines will disappear. Voice over IP will allow bankers to get more bandwidth for their buck and run data and voice over the same channels. VPNs and point-to-point wireless combined with broadband services will help bankers link branches over high-speed connections and enjoy the benefits of high performance, redesigned networks. Bankers will revisit and renegotiate their telecommunications contracts for better deals with significant cost savings.
IP telephony and other formerly bleeding edge applications will come of age with increased reliability and better performance. Voice, data and images will finally converge on reliable networks equipped with adequate bandwidth and sound designs.
The expansion of broadband services to consumers will result in sharp increases in the number of online banking customers. A survey conducted between February and June 2005 by the Pew Internet and American Life Project found that only 35 percent of dial-up users bank online. However, that number increases to 59 percent of broadband users who bank online, illustrating how broadband influences and increases online activity.
While online banking activity will increase in 2006, online bill pay services will continue to be a tough sell for bankers. In 2004, consumer households paid 11.2 billion bills via the mail, versus only 1.1 billion that were paid online. The direct biller model, where the service provider presents bills directly to the consumer via their web site or e-mail, will continue to be the model of choice as 60 percent of the bills presented electronically in the U.S. now use this model. (Source: Pitney Bowes, July 13, 2005, Bill Presentment & Payment: Electronic vs. Mail.)
Prediction #3 -- Wireless takes hold in the home and in the office
Many technologies find their way into the workplace as users experience the technology first in their homes and become irreversibly hooked. Such is the case with wireless networking. Many consumers have more reliable and secure wireless networks at home than at work. Most CIOs are now getting the message, "Control your bank's wireless strategy or your users will control it for you."
Initial security concerns about wireless are being outweighed by the convenience factor. Users ask, "If I can get wireless in my hotel, at the airport, at Starbucks, and at home, why can't I have wireless at work?"
Driving this trend is the fact that 95 percent of laptop PCs sold in 2005 were equipped with wireless. Combine this with the industry tipping point, which took place in May 2005, as laptops outsold desktops for the first time in history.
Reliable, secure remote access methods such as VPNs are making wireless ready for prime time and much in demand. Once one experiences the untethered pleasure and convenience of accessing broadband Internet access via a laptop equipped with wireless, this genie is out of the bottle and not likely to be restrained.
Prediction #4 -- Business continuity will be the top regulatory hot button
A record hurricane season topped by the tragedy of Hurricane Katrina combined with earthquakes in Pakistan, and the late 2004 tsunami in the Indian Ocean, all have business continuity top of mind with bankers and regulators. Bankers will strive to become more self-sufficient regarding business continuity while building a strong network of partners to provide assurance that all critical applications will function in a disaster. More in-depth, roundtable testing will allow bankers to consider numerous disaster scenarios, minor and major, and map out plans of action.
Business continuity concerns will serve as a catalyst for wireless projects, online data backup, and co-location services. Core processing has long been the focus of disaster recovery plans, and will remain so for 2006, but expect to see bankers carefully review their network disaster recovery plans. The growing number of servers in banks will lead bankers to evaluate server consolidation technology to improve disaster recovery and allow multiple operating systems to function on one platform.
More sophisticated asset management systems will provide bankers with the tools needed to inventory their hardware and software and better plan for disasters. Regulators will expect bank-wide business continuity plans containing the proper risk assessments, business impact analyses, roundtable and physical testing, plus adequate coverage of all systems and business functions.
Prediction #5 -- Anti-money laundering compliance gets tougher
The USA Patriot Act has become the umbrella legislation and driving force for more stringent Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance. In the mid-80's, the BSA was charged primarily with fighting drug trafficking. Today, its main purpose is to detect terrorist financing, and bankers have been enlisted once again to join the front lines of the battle.
Regulators will continue to make examples of non-compliant banks and will get the industry's attention with the simple but strong message- "get your BSA/AML act together or face dire consequences." Independent testing of BSA/AML compliance programs will become an annual exercise. New technology and sophisticated systems will be needed to comply with the growing burden of BSA/AML compliance.
Prediction #6 -- Bankers will be expected to prevent and detect fraud across all business lines and transaction channels
More sophisticated criminals using advanced technology will drive the demand for more sophisticated fraud detection systems. Banks will be expected to detect unusual transactions across all channels (e.g., ATM, ACH, checks, credit cards, wire transfer, online banking, bill pay). Accordingly, bankers will demand more dynamic, universal fraud detection systems that use statistical modeling, neural networks, and artificial intelligence. Expect core processors to open their systems and offer integrated modules to address the need for fraud detection.
To succeed in making systems more open and functional, providers will design such systems using a service-oriented architecture (SOA). Combined with the Microsoft.NET platform and XML-based web services, products will be integrated with third-party solutions to produce more open systems. The most common implementation of SOA will continue to be SOAP (Simple Object Access Protocol), which is used to allow programs running on different operating systems to communicate using http and XML (eXtensible Markup Language) to exchange information.
These technologies will allow bankers to gain a more comprehensive view of the enterprise while fighting fraud.
Prediction #7 -- The federal government continues to do what it does best -- grow and spend while increasing the banking industry's compliance burden
The cost of compliance has bankers reeling. A survey by Financial Executives International found costs to comply with Section 404 of the Sarbanes-Oxley Act (SOX), which requires management to establish sound internal controls and assess the effectiveness of such controls, were 63 percent higher than expected. Another survey of Fortune 1000 firms found these companies spent an average of $7.8 million on SOX compliance in 2004.
A survey by the ICBA from December 1, 2004 to February 25, 2005 showed the average cost of 404 compliance for publicly-traded community banks to average just over $202,000.
A May 2005 article by the ABA Banking Journal estimated that compliance costs for legal, audit, Section 404 consulting, and administrative activities may exceed $500,000 annually for a community bank. The same month, a more dire outlook was published by US Banker which stated the cost of compliance for publicly-traded community banks could reach as high as $2 million.
The SOX experience will motivate bankers to strongly voice their opposition to further burdensome regulations in an already heavily-regulated and controlled industry. Cries of "we're your local community bank, not Enron" will finally be heard by overzealous legislators who were looking for a broad-reaching, quick-fix, law when SOX was enacted. In March 2005, the ICBA urged the SEC and the PCAOB to loosen SOX restrictions specifically related to Section 404 by exempting community banks with total assets less than $1 billion. Expect smaller, publicly-traded community banks to go private to avoid the SOX burden.
Banks of all sizes will continue to struggle with Gramm-Leach-Bliley Act compliance, which continues to expand and be the blunt instrument of choice for IT examiners. What was acceptable in 2005 may not fly in 2006 as regulators expect more GLBA documentation and better organized compliance efforts. More stringent IT examinations and better-trained, more knowledgeable examiners will force bankers to step up IT compliance efforts.
Prediction #8 -- Network and Internet security remains a critical issue
Bankers will continue to address new network security threats by adding new measures designed to mitigate risk. Expect 24/7 monitoring of bank networks by Managed Security Services Providers (MSSPs) to become commonplace.
Many bankers find they have better spyware and adware protection at home than at the bank. Expect banks to implement enterprise-wide spyware protection to thwart this growing threat. Many antivirus providers will add spyware protection as an added feature of their current offerings.
Banks that have relied on limited scope IT audits and "phoned-in" network security reviews will discover that a more comprehensive approach is required. Full-scope IT audits and in-depth, on-site, Network Vulnerability Assessments will be expected by regulators as IT risk management becomes more complex. These reviews will shine a bright light on banks' security needs resulting in more secure institutions and more efficiently managed information security programs.
IT risk management documentation will be key as regulators rely
on external audit firms' reports and bankers' risk assessments to determine the extent of their examinations. Banks without adequate external reviews and proper documentation will face regulatory enforcement.
As regulators push for multi-factor authentication, expect some pushback from bankers who realize that issuing security tokens (e.g., devices that display a new password every 60 seconds) to all Internet banking customers may not be practical or cost-justifiable. Expect more point-and-click password entry and methods such as Bank of America's SiteKey, which displays an image and message pre-selected by the user. These efforts will reduce the risk of keyloggers obtaining user IDs and passwords from unsuspecting online banking customers.
Most banks have very strong online banking security. The weak link will continue to be the customer PC. Customer education efforts will be stepped up by banks as online banking customers learn about the importance of spyware and adware protection on home PCs. Fighting phishing and pharming on the customer homefront through increased protection and awareness will be the key to preventing ID theft. Within the next two years, almost every bank in the world will experience a phishing or pharming attack. How much damage the attack yields will be a direct function of customer education, customer PC security, and the bank's consideration of this disaster scenario in its business continuity planning and security awareness training.
Prediction #9 -- The winning Customer Relationship Management program is discovered
Bank customers don't want relationships with their bank. Bankers will finally get the message - "customers just aren't that into you." Customers want convenience, trust and responsive, accurate service. Customers don't want more sales pitches ala the annoying "do you want fries with that" fast food pitch. After years of failed Customer Relationship Management (CRM) efforts, bankers will finally realize the CRM winning formula has been there all along. Customer reward programs, long commonplace for airlines, hotels and casinos, will finally catch on in banks as bankers get the systems necessary to track customer loyalty in a meaningful, yet simple way. Instead of fighting the losing battle of customer calculus to see just how small a share of the customer wallet the bank actually has, bankers will get wise and simply encourage customers to bring more of their business to the bank through programs that award points based on certain transaction behavior, size of financial relationship or some combination of the two.
Bankers will issue the equivalent of silver, gold and platinum cards to incent customers to climb the rewards ladder and reap the benefits. When customers are allowed to define the "relationship," customer loyalty and customer profitability will follow.
Prediction #10 -- Data becomes more mobile driving demand for better encryption
As laptops outsell desktops and converged devices like smartphones become more popular, data will become more mobile and more difficult to secure. As more corporate and customer information resides on bank employees' BlackBerrys, Treos, and other handheld devices, bankers will ask: "How do we secure such data and mitigate our risk?"
As data becomes more mobile, bankers will implement better encryption methods to secure data transmissions and data residing on servers and backup media. Encrypting backups will become standard as new legislation requiring customer notification of security breaches forces bankers to disclose incidents such as stolen PCs or lost backup tapes.
Demand for secure email methods will also be strong as bankers realize the dangers of transmitting confidential information and file attachments via unsecure email.
Clearly, the bar has been raised in all areas of banking technology. 2006 will be an exciting year of innovation and progress as bankers plan strategically to implement new technologies made possible by increased availability of affordable bandwidth, better IT risk management, distributed item capture, more electronic payments, and a more mobile, tech-savvy workforce and customer base. Banks in a reactionary mode will suffer greatly as customer expectations exceed the banks' ability to deliver. However, those banks with strong, visionary, engaged management and sound, strategic planning will succeed in this extremely competitive environment.
Reynolds, Bone & Griesbeck PLC, founded in 1916, is a Memphis-based CPA and advisory firm dedicated to providing insight, direction and solutions to its clients through informed opinion and real-world experience. Serving leading financial institutions throughout the South and across the nation, Reynolds, Bone & Griesbeck PLC is committed to the success of their clients. Call 901.682.2431 or email firstname.lastname@example.org for more information.
First published on BankersOnline.com 1/27/06
First published on 01/27/2006