BB&T Corp. has more than survived the industry’s latest financial crisis. Relatively speaking, it has thrived.
The Winston-Salem, North Carolina banking company reported a profit of $271 million, or 48 cents per share, in the first quarter. That was down 38% from a year earlier. But hey, BB&T made money and maintained its dividendu2013both heady achievements in an environment beset by falling housing prices, credit woes, and recession.
Technology is playing an ever-larger role in BB&T’s profit picture. Once considered a necessary evil, today the folks in its IT unit have their fingers in everything from regulatory compliance to aiding cross-selling efforts, as the bank, historically a big acquirer, seeks to get more of its growth organically.
Paul Johnson, BB&T’s chief information officer, is moving the process along by spearheading an overhaul of the company’s entire approach to technologyu2013one that treats IT as a business line unto itself and aims to transform it into a strategic “value creation center” capable of generating bottom-line results, even in a recession.
While other large banks are content to scale back their IT investments as part of a broader belt-tightening, BB&T’s board feels confident enough in the so-called “transformation program” to boost Johnson’s budget at a double-digit rate, despite the economic conditions.
“I don’t want to leave you with the impression that we aren’t feeling an expense crunch like everyone else,” Johnson says. “But we feel well positioned to use IT to take extreme advantage of the opportunities that will exist once the economy starts recovering. … This is an organization that knows when to attack, and now is the time.” Strategic technology planning is a highly specialized talent for bank management and is often uncomfortable territory for many bank directors. If you’re not a techie, the gadgets, terminology, and numbers can seem intimidating.
Johnson, who has been working in bank IT departments-at the likes of Bank of America Corp., the Federal Reserve Bank of Atlanta, and the old First Union Corp.-for nearly 30 years, says it’s not necessary for top executives and directors to get bogged down in jargon and details. But they do need to grasp technology’s strategic importance. “IT is simply too important in today’s environment for bank leaders not to understand its impact,” he explains.
Johnson recently sat down with Bank Director to talk about BB&T’s technology strategy, and how bank board members can be sure they’re getting the most bang for their IT investment buck. Below is an edited transcript of that conversation.
What’s your big-picture vision of the IT department’s role in BB&T’s strategy?
The idea is to change the role of IT from being order takers to value partners. The concept is “a third, a third, a third.” We want to spend one-third of our energy and effort keeping the lights on and the doors open, another third dealing with the demands that are brought to IT-line of business requests, new strategic projects-and a third on newer initiatives, where we create and implement value on our own.
That last piece is the most energizing. We can bring something to the table that wasn’t there before. In an expense-constrained environment, we can actually generate higher rates of value than most other business lines.
Does that mean making sure you get out front on emerging technologies?
No. Our approach has not been about being on the leading edge. We try to be what I call a “fast follower.” We’ll play on the fringes (of emerging technologies), but only when there’s enough of a business need to do it.
Good technology strategy isn’t about the next greatest technology. The real game is taking proven technologies and applying them in innovative ways to generate additional value.
You’ve embarked on a big transformation program. Talk a little about what led you in this direction.
When I got here 10 years ago, IT was viewed as a necessary evil-something that you didn’t want to know a whole lot about or spend a whole lot of money on. BB&T was a very acquisitive organization, and the role of IT was really to integrate acquisitions and absorb volume. We were an order taker: “Here’s the next thing, go do it.”
In 2004, BB&T shifted its business strategy from one that got most of its growth via merger and acquisition activity to more of an organic growth model. It was extremely complex, because we [found ourselves] competing customer-to-customer against some very strong companies that were utilizing technology to differentiate themselves.
Our IT organization was built for a different purpose, and needed to evolve. The business climate was accelerating too quickly, and there was no way we could just continue tweaking our existing technologies and capabilities incrementally to get up to speed. We needed to make a significant and fairly radical shift in how we viewed technology.
So in early 2007, I presented to the executive management group the idea of a multiyear transformation program. At its core, the idea was to transform IT from an expense-focused organization to a value center that would be viewed and managed like any other line of business in BB&T.
That’s a pretty big departure from how most banks think about IT. How do you go about making that kind of transformation?
Our approach is based on four pillars that reflect the company’s evolving business needs and the type of IT organization we need to become. The first is creating an always-on and available infrastructure. Second is an increased focus on risk management. The last two are what I call “value acceleration” and running IT like a business.
Let’s take those pillars one at a time. What’s the ‘always-on’ infrastructure about?
We’ve seen an accelerated rate of technology adoption by clients, and those clients now expect what I call ‘anywhere, anytime, any way, and fast.’
So we’ve focused on creating very high availability levels for all of our external, client-facing applications-the online banking platform, the call centers, the ATM platforms-enhancing them, putting in new business capabilities, and raising performance levels.
A few years ago, for example, we had a very limited ability to open accounts online. Today, our system is touted by Forrester (Research) as a model for others to follow. We built it internally and have moved from having less than what we needed to leapfrogging the competition.
Everyone is concerned about risk management. What’s your focus?
Using more technology creates additional opportunities for risk-people hacking into accounts or whatever. Instead of just putting out policies and procedures about information security, we’re employing stronger monitoring and prevention mechanisms to ensure that we’re appropriately protecting BB&T’s assets.
An example would be data-loss prevention. We’re encrypting all of our laptop devices. If an employee leaves a computer in an airport, we don’t have to worry about losing that information.
Value acceleration sounds interesting. What’s the concept and what have you done?
We’ve created two centers of excellence. They have to generate an exponential amount of value above and beyond their costs. One is focused on IT optimization, which is about leveraging and optimizing the technology itself. The other is [focused on] business optimization, where we work with different lines of business to generate additional value.
In the IT optimization space, we’ve consolidated and integrated multiple IT infrastructure areas into a central data center-pulling affiliates and subsidiaries that were running their own IT into the central house. You reduce the risk profile, because you’re running them in the big data center with security and 24/7 monitoring. And you can get rid of some [redundant] technologies and get the benefit of cost reductions.
Along the same lines, we’ve also been looking at virtualization, which allows you to create, on a single server, the capability to run multiple systems on a single platform. Cost savings are a big benefit, but you also reduce the complexity.
On the business optimization side, we tagged a couple of the lines of business to use as a proving ground for the overall mechanisms we use to do business-process improvements. One we concentrated on most was the treasury management area, reducing the cycle time associated with bringing new clients onto our products.
We just established the optimization functions last year, and we’ve already identified savings opportunities of more than $100 million over the next five years.
You’ve also indicated you want to run IT more like a business. Does that mean having your own P&L statement?
That’s what we’re evolving into. The concept is to change the role of IT from being order takers to value partners. IT is no different from any other business line; it just happens to be that technology is our product.
We’re focused on three different things. First, we put in an enterprise-prioritization mechanism. Before, the prioritization was within an executive manager’s purview. Now, it’s brought to all of executive management so they can make centralized tradeoffs across the organization.
Second, we created an IT funding model that would better align itself to value creation. In 2008, for instance, we concentrated on expanding the chargebacks for services we were providing to business lines that benefited from the work done.
And we now put all the work we’re given into a central system and have our employees track their time to those different initiatives. It gives us a much clearer view of all the work we’re doing, and for what purpose.
I know IT is playing a bigger role in compliance, as well. What sort of changes have you seen there?
I’ve been in the banking industry nearly 30 years, and I’ve never seen a regulatory climate like we’ve seen over the last three-plus years. Before, regulators were much more silo-focused-they looked down through pieces of the organization, and not so much across the organization. Today, they’re looking much more broadly across the whole organization. Meeting those needs requires differing levels and layers of technology. We have to be able to get at the horizontal information they want.
Can you give an example of what you’re talking about?
BB&T is a centralized banking institution with a number of subsidiaries and affiliate organizations that provide everything from investments to asset management to insurance. When the Bank Secrecy Act came out, we had to create a centralized customer capability-we call it the centralized customer file-to aggregate all that information and know all of the products and services that our clients had, no matter which part of the organization they were a part of.
Is that merely a cost, or can you get a return from it?
If you know more about the clients you serve and what products and services they have, it gives you more opportunities for referrals to another part of the organization.
So you can turn a regulatory mandate into a cross-selling tool?
That’s exactly right.
BB&T has done better than most banks during the crisis, but investing more in technology must be a tough sell. How has the board responded?
In times like these, value generation and the time horizon are the only things that matter. We come to the leadership with business cases and justifications as to what we think we can do, how we will do it, how long it will take, and what it will cost. Those are put up against other proposals in the organization. Projects that can generate value-and generate it in the shorter run-are often selected.
The good news for us is that we established the program in 2007, just before a lot of the bad stuff hit, and there’s a lot of low-hanging fruit for us to grab that can generate that value.
What role does BB&T’s board play on the technology front?
Directors approve expenditures and provide oversight, but really, my primary interaction is with the executive management group. They approve the profit plan and initiatives and have a good understanding of what we do day in, day out. I also chair the IT steering committee, which includes the entire IT executive management group. We meet officially six times a year.
Board members without technology backgrounds often get intimidated talking about technology strategy. How can directors assure themselves that their bank is on the right track?
Ask yourself this: As a board member, what’s most important? Is it that you understand the technology itself, or that you understand what the technology can do?
An effective approach to IT can increase your revenue, reduce your expenses, and ensure that risk is being handled appropriately. So there are a lot of indicators that a good, savvy businessperson can look at to see if the IT department is doing what it’s supposed to be doing: your regulatory ratings, your internal audit ratings, your overall profitability. My contention is if you can’t perform at a high level in those areas, you’re in trouble.
How do those same board members assess the effectiveness of their technology leadership?
The CIO or CTO shouldn’t be judged differently from any other business line head. We have products and services that we create that are supposed to deliver value. At BB&T, I’m not really treated as a technologist, I’m treated as a business leader.
So look at the person’s business results and ask smart questions: What’s the IT strategy and how does it support the broader organization’s strategy and bottom line? Where are you going? How much, and where, are you investing? What are you getting for what you’re investing?
It’s fair to compare. Someone may say to me, “Why is U.S. Bank or Fifth Third [Bancorp] making so much more in this area than you are?” That’s an appropriate question for a board member to ask. But remember, answers might vary based on individual situations.
People are always interested in the next big thing. What technologies do you believe look poised to take off over the next few years?
One area I’m concentrating on is cloud computing, which is the next extension on the ASP provider. Some of the underlying technologies are a little different. It’s really about services provided by someone else in what we call a “cloud.” What’s promised is lower costs. It’s not ready for prime time for us yet, but it’s inevitable.
The shift from paper to electronics is accelerating. An example of that would be Check 21 and all the activities that have occurred around that. It’s spawned a lot of interest in continued digitization and workflow improvements.
We’re also taking our entire telecommunications network and evolving it to the next generation-it’s about network speed, the flexibility in going to VoIP (Voice over u2013Internet Protocol); technologies that are much more cost-effective to run and have more flexibility when it comes to doing different types of business activity.
Beyond that, mobile banking will continue to accelerate. It’s just a matter of time before mobile payments become fairly big. Remote deposit capture is another area that will continue to grow. We’ve put out a product called Supply Chain 360, which provides real-time capabilities for invoicing and payments that has gotten a lot of interest from our clients.
It sounds like there’s never a dull moment.
That’s what makes the job so exciting. There is always something new and always something to work on.