06/03/2011

Technology in the Boardroom


Never before in the history of banking has technology played such a pivotal role in the evaluation of performance. Clifford Wilke understands this fact first-hand. A one-time computer whiz kid (his first high school project was a program that matched up buddies with prom dates), he put his talents to work for Mobil Oil Co., Kansas City, and, among other achievements, is credited with inventing the Mobil Speed Pass, a modestly successful smart card-like program, before retiring at age 40. In September 1998, Wilke came out of retirement, and now he oversees industry technology initiatives on behalf of the Office of the Comptroller of the Currency.Wilke takes his job as director of bank technology seriously. Since his arrival in Washington, the OCC has become a veritable font of guidance on technology, from the broadest of issues, like PC banking, to the most intricate, like establishing a bank as a certificate authority, the trusted third party needed to ensure the validity of digital signatures in electronic commerce transactions.Last fall, the agency issued a comprehensive handbook on risks in Internet banking. And in February, the OCC asked for public comment on a range of electronic banking issues and modern practicalities that might be hampered by long-standing regulations.I want to raise awareness of the risks of technology to national banks, says Wilke in discussing his new job. Asked to describe the current state of the industry, Wilke points to the rate of change: The pace of technological change is so rapid, that I think in future generations, historians will look back upon today and describe it as the `exponential technology age`.Whether history bears out Wilke`s prediction is open to conjecture. What is indisputable, however, is the fact that technology is evolving at an incredible clip. Fifteen years ago, a few innovative banks were giving away PCs to their best corporate customers in hopes of converting them to new electronic cash management services, like balance reporting and funds transfer initiation. Today, many companies don`t even need banks to support commercial trade activities-they exchange documents and receivables files electronically with trading partners via the Internet, at times even arranging for loans online, sans banks. And while banks continue to control the payments system, the cracks in that wall are growing wider as more nonbanks get involved in activities like electronic bill payment and presentment.I defy anyone to identify any aspect of banking today where technology is not a crucial link, asserts Wilke. Technology has to be treated as a core competency. A bank that is not attuned to technology, he suggests, runs a high risk of failure.Technology and business strategy today are inseparable, adds Catherine Allen, chief executive officer of the Banking Industry Technology Secretariat (BITS), an arm of the Washington, D.C.-based Financial Services Roundtable. BITS has several technology initiatives under way today, including a project to promote check electronification, an operations buzzword for taking paper out of the check system, and another on Internet security. BITS members include all the largest banks in the country, as well as representatives of several banking trade associations.If you don`t understand where technology is going, you will not understand the value opportunities of this business, how to take costs out, or how to leverage products and services to attract and retain new customers, explains Allen.One key to understanding technology, say Allen and others, is understanding risk. Risk can take many forms in technology. There`s strategic risk-the risk that you make a technology decision that turns out to be dead wrong. There is technology failure risk-that business will be interrupted for a period of time, customers inconvenienced, and income opportunities lost. There`s security risk-where someone with nefarious intent finds a way into your bank`s internal systems and wreaks havoc, possibly tarnishing your reputation and most likely costing you money. Finally, there`s the worst-case security breach, privacy risk-the risk that information provided by customers in confidence and stored in a bank`s internal computer systems is somehow compromised.Imagine the kind of breach that stunned CD Universe late last year occurring at a bank. CD Universe, you may recall, was the music website that had customer credit card account numbers stolen and published by hackers. Or imagine the denial-of-access attacks that plagued many well-known websites such as eBay earlier this year being launched against your bank`s home banking or wire transfer system?Allen believes banks, especially smaller ones, are extremely vulnerable to these types of attacks. This is scary stuff. There are so many hackers-some part of organized crime groups, others who are terrorists-and they all want to get into banks, she says. They`re going to go after the smaller banks first, because they think they aren`t as sophisticated as the big banks. The OCC`s Wilke, meanwhile, warns there`s no escaping the repercussions of poor technology decisions, even among banks that outsource technology operations. Anything your bank is involved with you need to understand in order to ensure it`s being done properly, he says.One way to achieve this understanding at the board level is through an open and continuous dialogue with management. Technology needs to be a part of every bank discussion they [bank directors] are having, insists John Weisel, a partner in the financial services practice at Andersen Consulting. Today, technology and emerging technologies are transforming the way banks manufacture, sell, and distribute products and services.Weisel, for example, advises banks to establish technology committees at the board level. He also suggests a bank`s board of directors schedule time at each meeting to address technology issues. A good starting point might be the effect of emerging technologies on specific business lines.Additionally, Weisel counsels, directors should routinely grade a bank`s management team on its technology savvy. Technology is one of the most significant investments a bank can make, accounting for 12% to 17% of its noninterest expenses, says Weisel. Directors need to understand and ensure that the management of the bank is responding to market demands with the right technology answers.That means, at a minimum, bank directors must understand and embrace the Internet as a technology trend with direct consequences for shareholder value, adds Allen. Even a decision to do nothing with respect to the Internet has consequences for a bank, she notes. Allen, who splits her time between offices in Washington and Santa Fe, says that today none of the local banks in Santa Fe offer Internet banking services. Yet, like most cities, Santa Fe has a high percentage of households with Internet access-about 40%. Santa Fe also boasts a large number of households with adults over the age of 55, and these days, a large share of the personal wealth in America is in the hands of older Americans. So where do these households turn for Internet banking? To the large California banks, suggests Allen. It`s not a stretch, since many people move to New Mexico from Arizona.They`re losing customers they don`t even know they`re losing, Allen says. To the banking industry in general, she warns: Those players who are using the Internet will break down the geographic barriers and they will come after your customers. And it may not even be a direct assault on a particular bank`s customer base. For example, as market makers in areas such as real estate and automobile sales move more activities to the Internet, there will be direct consequences for banks that traditionally have served those customers. You have to be able to question all the old myths about the Internet, Allen says.One topic that is not an issue for debate, however, is the need for sound risk management and security procedures. Risk evaluation needs to go beyond simply asking `Do we have a disaster recovery plan?`, explains Weisel.Banks need to ensure that their security standards are high, and that they don`t make any compromises. The reputation of the bank is what`s at risk, adds Wilke.That means putting in place good risk management procedures, like those that authenticate customers` identities. It also means paying close attention to the privacy concerns of customers in the emerging online marketplace. Privacy is taking on increasing importance today, notes Wilke. Banks that take the right steps will be perceived by customers in a very positive light.Perhaps most important, as recent well-publicized events indicate, it means understanding the potential for and your own bank`s susceptibility to breakdowns or cracks in their infrastructure. Bank directors really need to understand what the potential is for infrastructure threats, says Wilke. It`s the finger on the pulse of what`s going on in the industry today. |BD|

Join OUr Community

Bank Director’s annual Bank Services Membership Program combines Bank Director’s extensive online library of director training materials, conferences, our quarterly publication, and access to FinXTech Connect.

Become a Member

Our commitment to those leaders who believe a strong board makes a strong bank never wavers.