Sizing Up Amazon Web Services


cloud-4-17-18.pngFintech is prominent in today’s business lexicon, having migrated from the back office to a prominent position in both consumer and commercial finance. Its core functionality on mobile devices and wide application in artificial intelligence (AI) spans blockchain, smart contracts, banking, insurance, regulation and cybersecurity. And Amazon Web Services (AWS), a major cloud player, is the go-to provider for small and mid-sized businesses.

AWS delivers internet-based, on-demand computing, servers, storage, remote computing, mobile development and security, and a host of other information technology (IT) resources, all on a pay-as-you-go basis. Companies can gain unfettered, rapid access to low-cost, flexible services, with no up-front investment in hardware, software consulting and design, or expensive-to-maintain data centers. Companies can operate faster, more securely and less expensively, preserving their most valuable resources: time and money. And it is user-friendly—the AWS Management Console is simple, intuitive and accessible on the web or through the AWS Console mobile app. Wide adoption means lower costs from economies of scale.

AWS has mushroomed since its introduction a decade ago—posting $5.1 billion in revenue for fourth quarter 2017 and a 44.6 percent increase in year-over-year sales. AWS’ business model enables financial services firms and banks to scale up and down with increasing speed and agility. They can target new market segments, such as millennials—the fastest-growing consumer base—instantly, and easily offer an uncomplicated, compelling and accessible banking experience, appealing to a broad range of customers anywhere in the world.

Users’ traditional security concerns are assuaged with the AWS infrastructure, which aligns with best security practices, including SOC 1 and SOC 2 assurances. Third-party attestations and helpful white papers are available at its AWS Security Center at aws.amazon.com. AWS’ reliable development environment supports establishing a firewall via separate accounts for development and production. Thus, companies can try new features, conduct product experiments and perform user acceptance testing (UAT) without compromising the integrity of existing applications or disrupting active operations.

Although AWS offers quick, easy and simple solutions, users need assurance of adequate controls to protect the underlying database. Company decision makers must clarify who controls the data and how security is managed before migrating their data. Minimum precautionary measures include encrypting data, limiting the amount of data stored and insisting on multifactor authentication. Data ownership is a murky issue with AWS, and companies’ data could be mined to gain a competitive advantage.

AWS fintech customers should understand that segregation of duties is paramount. Oftentimes, small organizations have a chief technology officer who is also responsible for development, design and support. These multiple duties can create a control issue. Additionally, fintech companies may not have clearly defined production schedules, so they often make changes during the day. Segregating the production from the development environment mitigates the risk of unauthorized changes.

The overarching issue of regulation is major. The Financial Stability Board, an international body that monitors the global financial system, highlights 10 issues that supervisors and regulators must heed, and three have top priority. First is an oversight structure to govern third-party service providers, including cloud computing and data services. Second is mitigating cyber risks by maintaining contingency plans for cyberattacks and focusing on cybersecurity when designing IT systems. Third is monitoring macro financial risks against undue concentration and large and unstable funding flows.

These top issues have particular application to fintech, where traditional risk management functions may not suffice. Blockchain and robotics technologies demand a risk management framework that examines underlying assumptions, revises risk tolerance levels and acceptable risks, and increases stress testing and simulations.

AWS has earned a solid reputation in the marketplace—it is more than 10 times the size of its nearest competitor—and its prominence will increase. Small and medium-sized businesses have championed its ease of use, cost savings and scalability. However, they must protect data and avert potential operational risk.

Six Best Practices to Help Customers Achieve True Data Privacy


data-7-24-17.pngWith today’s constant news stream of ransomware threats, denial of service attacks and data breaches, data privacy is more of a concern than ever. But, what exactly do we mean by data privacy, and how can we convey its importance to customers?

At its root, data privacy is the concept of implementing appropriate controls related to the sensitivity of data. There are two key components of data privacy: data classification and data protection.

Data classification simply means understanding the sensitivity level of data. There are three main categories: public, sensitive and confidential. Any data, even that which is publically available, can be collected and used by a criminal to profile their prey. The numbers tell the story: Through July 6, 2017, according to the nonprofit Identify Theft Resource Center, we’ve seen a total of 791 breaches and 12.39 million compromised records across all major industries.

Data classification helps determine the level of protection warranted, with confidential data justifying the most:

  • Confidential data, such as social security numbers, bank details, or other personally identifiable information—whether in transmission or storage—should be encrypted, and devices used to store and transmit it should be secured as well. When disposing of this data, whether electronically or in a tangible format, the data records should be fully destroyed through shredding (electronic or physically). In some cases, entire storage devices should be destroyed.
  • Sensitive data, such as religious or relationship information, or private business plans, is similar to confidential data in that the owner does not wish to share it with others. As such, sensitive data often is protected similarly to confidential data. The only differentiator is the amount spent to protect it.
  • Public data is that which is publically available, like where a person attended high school.

With greater access to information, coupled with the increased rate and publicity of compromise, many consumers are numb to the severity of a data breach, even though strengthening the environments in which they store or transmit data should be top of mind.

Below are six best practices you can convey to your customers to help them achieve real data privacy:

  • Employ data encryption for both storage and transmission. One advantage of encrypting all data is that a decision doesn’t have to be made regarding classification when it comes to encryption. A second benefit is that a criminal doesn’t know what to target when all data is encrypted.
  • Avoid accessing data such as emails, cloud storage, and the like on a public computer or network, which are easily compromised. If a public network must be used, virtual private network (VPN) encryption is necessary when sensitive or confidential data is being accessed. Keep in mind, passwords aren’t always transmitted in an encrypted format, so a criminal could intercept the password. Public computers should be used only as a last resort, and never to access confidential or sensitive data.
  • Ensure your computer is patched and protected with a firewall and up-to-date anti-malware solution. Further, even careful users should periodically have their machine inspected for malware and cleaned by a trusted technician; with the sophistication of malware today, even the most cautious and educated can still end up compromised.
  • When possible, implement multi-factor authentication, which entails using more than one means of authentication, such as passwords and authentication codes. This is one of the most promising ways to ensure data and accounts remain secure, yet even these systems aren’t foolproof. Avoid receiving texts of access codes when possible, as this is a weaker form of multi-factor authentication. Use authentication applications, phone calls or a secure email account instead, and remember that codes sent to a device are only as secure as the device itself.
  • Use strong passwords that are changed at least every 90 days. Passwords should, when allowed, be at least 15 characters in length and complex in nature, including letters, numbers and symbols. Also, password safes like KeyPass are useful for storing them. And remember, treat your password like your toothbrush: never share it and change it often.
  • Consider the sensitivity of the data you store in the cloud. Utilizing a cloud service means entrusting a company to protect your data, so ensure the provider is equipped to protect the data to the same degree that you would. Another alternative is encrypting the data with your own encryption key before storing it in the cloud, which helps mitigate risk.

While one of banks’ most important tasks is protecting customer data, educating customers to respond in kind goes a long way toward a common goal.

Banking on the Cloud: Why Banks Should Embrace Cloud Technology


cloud-technology.png

Cloud adoption has reached critical mass, with roughly 90 percent of businesses employing its technology in some facet of their organization. The cloud presents opportunities for enhanced efficiencies and flexibility—without any security trade-offs—so it’s no surprise that we’re seeing more organizations shift to the software as a service (SaaS) model. But while we’ve seen the healthcare, legal and insurance industries evolve, banks have been more reluctant to adopt new technologies built outside of their own walls.

Why Banks Lag at Cloud Adoption
The banking industry is not known for being nimble. As one of the oldest, largest and most vital industries in the U.S. economy, banking has, in some ways, fallen victim to inertia—relying on traditional technologies and internal networks to disseminate its services. This is in large part due to the widely-held belief that on-premise solutions are inherently more secure than the cloud because data lives in proprietary servers and systems, rather than a service provider’s environment. However, research shows that cyber attacks affect both environments, with on-premise users experiencing over twice as many web application attacks as service provider customers, on average.

Still, for many banks, the perceived risks of the cloud outweigh its forecasted benefits. In fact, 73 percent identified security concerns as the main reason for avoiding it, while 63 percent listed privacy issues as their top worry. That perception is beginning to change, as the cloud’s business advantages have become too significant to ignore. A recent study found big banks are expected to grow from as little as zero percent public cloud adoption to 30 percent by 2019—a dizzying adoption rate for an industry that still relies on legacy systems from the 1960s.

For those still wary of making the switch, here are three of the biggest benefits of moving to the cloud:

Security
Cloud technologies boost your security in ways that on-premise systems are unable to. Traditionally, to use a new offering, you install an on-premise server in your datacenter. Then you must configure network, firewall and secure access to the server. This stretches resources by increasing training requirements, which ultimately detracts from the goal of the offering. Due to economies of scale, cloud companies can own the server, the networks and the processes making the entire offering more complete and secure.

With strict protocols and security certifications like SOC2 and ISO27001 built into many services, banks can ensure that the cloud is accessed and enabled securely for any solution provider they work with.

Understanding the value of security and the benefits that cloud technology brings to banks, a handful of institutions are leading the shift and others are expected to follow. Capital One Financial Corp., an early adopter of Amazon Web Services (AWS), has steadily built its infrastructure in the cloud over the past two years. The company continues to work closely with AWS on specific security and data protocols, allowing the company to operate more securely in the public cloud than it could have in its own data centers, according to Capital One CIO Rob Alexander.

Efficiency and Scalability
The cloud enables teams to be more agile than ever. The SaaS model gives teams the ability to be flexible and enable new interations on-demand. This access to real-time commentary empowers teams to ship updates more quickly and frequently and to push the envelope so they’re constantly improving products to align with what customers are looking for.

By leveraging the cloud to store complex data, organizations can meet ever-evolving regulatory compliance and governance rules mandating data protection. A recent example would be financial institutions working to comply with the EU’s General Data Protection Regulation. The ability to meet regulations can be sped up by a number of the cloud’s features, including built-in auditability for more clarity around your compliance status, and virtual infrastructure that reduces room for error.

On top of addressing infrastructure models, the cloud allows businesses to be elastic. For instance, being able to address the mass amount of credit card purchases on Cyber Monday and expand for that specific demand, rather than having to buy new servers to address the one day-per-year demand.

Overhead Cost Savings
Switching from on-premise to cloud can mean significant savings on overhead costs.

When you work with a SaaS provider, you no longer need to invest in proprietary infrastructure. Instead, you’re able to access and maintain your data through your partner’s established environment. This cuts down on both the up-front capital costs associated with hardware and the continuous costs that eat up budget to keep hardware and software optimized and refreshed.

Rather than pay a flat fee to keep systems up and running, cloud providers offer a variety of metered, pay-per-use options. These include Salesforce and Microsoft Office 365’s pay-per-seat, AWS’ infrastructure as a service (IAAS) pay-per-hour model, and Oracle’s high integration fees.

By outsourcing services to the data center, you can also realize savings on staffing. On-premise technologies can require a team varying in size from one to dozens, depending on the bank’s size. Because your cloud provider takes on the computing, your internal team no longer has to worry about hardware refreshes or server and software updates, freeing up their time to focus on what matters most: your business. Cost savings can also be reinvested into the business to increase headcount, boost wages and drive product innovation.

Cloud technology has already been embraced by businesses in numerous industries, but banks have been slower to acknowledge its benefits. Now, as cloud’s positive impact on security, efficiency and cost come to the forefront, it’s becoming harder for banks to ignore the advantages. Already, we’re seeing early adopters reap the benefits, from a financial standpoint and innovation perspective, and in the coming years, we can expect to see banking in the cloud transition from a “nice-to-have” to a business-critical approach to moving up in the market.

How to Pick the Right Digital Small Business Lending Tool: Top 10 Must Have Characteristics


lending-4-24-17.pngHaving access to online lending applications has quickly transitioned from a customer convenience to a customer expectation. It’s only a matter of time before all institutions will be providing digital access to small business lending. That much is certain. What isn’t certain is how to find the right fintech partner. Your partner should understand your institution’s lending processes and digital strategy in that space, and provide you with a solution that meets your unique objectives.

Here are the top 10 characteristics you should demand from any digital business lending partner.

1. Friend Not a Foe Business Model
It’s obvious, I know, but find a partner who is not a competitor of yours. There are business lending fintech companies that once had designs on putting banks and credit union lending departments out of business. If the businesses you serve can also go to your partner’s website and apply directly with them for a loan, they’re not a partner. They are a competitor.

2. Timely End-to-End Functionality
Current business lending processes are onerous for both the client and the bank. Applications are submitted incompletely 60 percent of the time, and data is bounced from one party to another and back again. Technology does an amazing job of doing things right the first time every time. The value in your business lending tool resides in its ability to help facilitate everything from the application to closing the loan.

3. Endorsed by a Trusted Source
Most of the financial services industry’s trusted resources and trade associations provide their members with a list of solutions for which they have completed comprehensive due diligence and identified as an endorsed solution. Entities, like the American Bankers Association, Consumer Bankers Association and others, have the resources to conduct due diligence on the companies they recommend. Leverage their expertise.

4. Control…Control…Control
The institution must be able to retain control over every aspect of the process. Your clients should never even know the tech partner exists. The brand, the credit policy, pricing, scoring, decisions, and all aspects of the customer relationship must be fully owned and controlled by the institution.

5. Customer Experience
Find a tech partner that shares your philosophy of putting the borrower at the center of the process. Look for a tool that creates an engaging, simple, and even fun environment for the application portion of the process, and results in a speedier, more efficient and convenient end-to-end process.

6. Enhances Productivity
Find tech that frees up your sales staff to sell, and allows your back office to spend minutes—not hours—making a decision on a business loan. Sales teams should spend their time growing relationships and sourcing new deals as opposed to shepherding deals through the process or chasing documentation. With the right tool, back office can analyze deals quickly and spend more time on second look processes or inspecting larger deals.

7. Builds the Loan Portfolio
Find a tech solution so good that it will draw new opportunities into your shop—even those folks who would never think about walking into a branch. And make sure the application process can accommodate both the borrower who is online and independent, as well as the borrower who wants to sit next to a banker and complete the application together.

8. The Human Touch
The most important relationship is the one between banker and customer. Don’t lose the personal touch by using technology that cuts out the value the banker brings to the relationship. Instead, find a tool that engages the relationship managers and facilitates their trusted advisor status.

9. Positive Impact on Profitability
By finding a tool that enhances productivity across the board, you should be able to reduce cost-per-loan booked by as much as two-thirds. That means even the smallest business loans should be processed profitably.

10. Cloud-Based Model
The best way to keep pace with innovation in a cost-effective manner is to find a partner that uses the latest technology, development processes and a cloud-based model, which enhances storage capabilities. Your partner should update and enhance often, and not nickel and dime you for every enhancement or upgrade.

Stick to these guidelines and you’ll be sure to find the right tool for your unique institution.

Community Banks to Fintech: We Need You


fintech-2-1-17.pngWhen Terry Earley, the chief financial officer of Yadkin Bank, a $7.5 billion asset bank in Raleigh, North Carolina, gets to work each morning, he sees an online dashboard showing him all the details of the loans in his bank’s pipeline, what is closing and when, and more. “If you don’t know the information, you can’t manage your company,’’ he says.

Upgrading from cumbersome Excel spreadsheets, he can easily see which lenders are pricing loans lower than others, and quickly react in terms of lender training and managing the bank’s loan portfolio. “A lot of times we try to manage [by] anecdote,’’ he says. “But what does the data tell you? The information is key.”

Like a lot of other community banks, Yadkin is increasingly using partnerships with technology companies to improve its operations and better meet customer needs. At Bank Director’s Acquire or Be Acquired Conference in Phoenix, Arizona, which wrapped up yesterday, Earley and other bankers talked about M&A and growth strategies, as well as how they were using technology to improve profitability and efficiency. In Yadkin’s case, the bank signed up with PrecisionLender, a pricing and profitability management platform, when it became a $1 billion bank several years ago. Then, it partnered with technology company nCino, which operates a secure cloud-based operating system, when it became a $4.5 billion bank, to get access to a quicker commercial lending origination platform. [For more on how banks are using the cloud, see Bank Director digital magazine’s Tech Issue story, “Banks Sail Straight Into the Cloud.”]

Even investors are getting excited about the plethora of off-the-shelf software available to help smaller banks become more competitive with larger institutions. Joshua Siegel, CEO of asset manager StoneCastle Partners, said he thinks banks have a lot of room to improve efficiencies with technology and take out back office costs, as well as offer better customer service. The software to do this is becoming increasingly available and affordable to do so. Siegel was happy to see banks as small as $150 million in assets offering online personal financial management tools superior to what regional banks are offering, because the regional banks are sometimes held up trying to develop their own software in-house.

While some financial technology companies are directly competing with banks for small business loans or payments, such as payments provider PayPal or online lender Kabbage, other financial technology companies want to sell their technology to banks.

Instead of only seeing the potential threats, there are reasons for the industry to see financial technology as a tool that can help them compete with bigger banks, which control most of the nation’s deposits. Small banks can use software to speed up their lending operations and the time it takes to open an account, and make the entire experience of doing business with a bank easier and simpler.

Somerset Trust Co. in Somerset, Pennsylvania, is using a fintech company called Bolts Technologies to quickly validate identities and open accounts for new customers. Radius Bank, a $1 billion asset bank in Boston, Massachusetts, is using a variety of partnerships with fintech companies to support its branchless bank, including a robo-advisor software company called Aspiration.

“From a cultural perspective, we look at whether they share our values,’’ said Radius Bank CEO Mike Butler. “It needs to be true partnership. If we’re just in it to try to make money off each other, then it’s not worth it. But if there is a benefit in terms of both of us wanting to create a better customer experience, then you have a great partnership.”

The Future of Banks: Platforms or Pipes?


future-banking-11-9-16.pngMuch has been written about the future of banking. In the end, it all seems to come down to one question: Will banks become platforms or pipes?

In reality, there’s no question at all. Platforms are the winning business model of the 21st century and the banking industry is well aware. In fact, banks have been platforms for decades—fintech companies are merely creating the latest set of bank platform extensions. Earlier incarnations include ATMs and online bill pay for consumers.

That said, what’s happening today is forcing banks to rethink how fast they extend their platform to avoid becoming just the pipes. The advent of the cloud and the software revolution in fintech with billions of capital being invested every quarter has brought more innovation to banking in the past two years than it has seen in the past 20. Still, the current David taking down Goliath narrative surrounding the future of banking and finance ultimately fails to account for the reality of the situation.

While it often goes unnoticed, a great many fintech startups today rely heavily on banks to enable their innovative services. The success of financial innovations like Apple Pay for instance is happening with a great deal of participation and cooperation between technology companies and financial institutions.

This relationship between banks and fintech underscores the reality of the financial services industry’s future. Yes, finance is evolving alongside the accelerating curve of technology, and yes, fintech is driving much of this change, but banks are—and will remain—squarely at the center of the financial universe for quite some time to come.

Why is this? For one, banks have been the backbone of the modern economy since its inception. They are far too ingrained in the financial system to be removed within any foreseeable time frame. Banks also have deep pockets, infrastructure and experience. Large market caps and long track records are clear signals to customers that banks can weather the inevitable downturn. Startups, on the other hand, are more susceptible to turbulence and market volatility—things banking customers, especially business customers, would rather avoid.

Big data is yet another boon to banks’ staying power. Banks have been collecting data on customer transactions and behavior for decades. This creates major advantages for banks. When used in the right way, this data can be leveraged to do things like identify customers that are ripe for new payment services or to mitigate and underwrite risk in innovative ways.

But despite all this, there is one hazard currently menacing banks: disintermediation. Starting with the ATM, technology has been distancing consumers from banks for quite some time. Today, their relationship with the consumer is slimmer than ever.

Meanwhile, fintech is picking up the slack. While traditional banking experiences can feel clunky, fintech products and services are designed to work with people’s lives and deliver value in new and unexpected ways. These upstarts pride themselves on delivering superior customer experiences—banking that is intuitive, mobile, cloud-based, responsive, available 24/7, you name it.

Fintech companies are also agile and built for rapid iteration—skill sets banks don’t yet have internally. This allows fintech companies to focus heavily on usability and keeping their user interfaces modern. At Bill.com, for instance, we upgrade our onboarding experience every two weeks. By comparison, most banks have outsourced many key functions to third-party service providers like Fiserv and Jack Henry, severely limiting their ability to make product changes outside of rigid, long-term release cycles.

The comparative lack of innovation by banks is no surprise. For decades, banks have spent most of their resources driving to meet quarterly earnings targets, delivering consistent results and ensuring compliance—the key objectives most highly-regulated, publicly-traded financial institutions must focus on to meet obligations to shareholders. That leaves fewer resources and funds for experimentation, learning and new product development. This makes it difficult for banks to keep up with shifts in customer preferences and behavior the way that fintech can. Banks know this and it is exactly why they are starting to shift their strategies to reflect being a platform and not just the pipes.

When banks become platforms for their customers and fintech partners, they increase the value of what they have built over the past several decades and disintermediation on the consumer front becomes irrelevant. Instead, as banks fuse their platforms with fintech, innovation will accelerate, creating tremendous value for everyone in the food chain.

Mozido: Friend or Foe


friend-or-foe-3.png

About two billion people are completely unbanked across the globe today. These are individuals with no checking, savings accounts or credit cards. They lack basic financial services that people in developed economies take for granted.

That said, there are also over six billion smartphones in the world. It’s now common even for the unbanked in developing economies to own some kind of mobile device. These individuals represent a huge, ignored opportunity for financial service providers. They’re exactly the people that mobile payments technology provider Mozido aims to serve. Mozido’s core technology is a cloud-based mobile payments platform for both consumers and businesses. Within that are mobile financial services, payments and loyalty programs. All someone needs to make use of the platform is access to a mobile device.

So what does this opportunity look like for banks?

THE GOOD:
One of the best-use scenarios for Mozido is bill bay for the unbanked. These are the people that stand in line at an office or local convenience store to pay their bills with cash. With Mozido’s mobile wallet, consumers can instead “top up” their account through verified merchants. Instead of waiting in line to pay their bills with cash, people can pay through the Mozido mobile wallet. The mobile wallet also functions for a variety of other payments. Think of international money transfers that the unbanked get charged high fees for. Instead of sending an international wire transfer through Western Union, consumers have another option. They can use their Mozido mobile wallet to send money across borders at a fraction of the cost.

THE BAD:
On top of payments, Mozido offers POS and CRM integration for merchants. And an enterprise mobile rewards solution. And a real-time B2B cash-processing solution called mVault. And a cloud-based mobile transaction architecture called MoTEAF.

Get the point?

Mozido has grand ambitions in the payment space, there’s no doubt about that. But is tackling too many aspects all at once taking away from its focus? In the area of mobile payments, strong regional players in developing economies are emerging. They’re servicing the unbanked in localized, efficient and low-cost ways. If you live in Kenya, there’s a mobile payments wallet designed with Kenyans in mind. And so on for Indonesia, Mexico and South Africa. Other areas like POS, CRM and cloud infrastructure are also crowded with superior products. With almost every aspect of Mozido’s suite, you can say almost the exact same thing. Does it work? Yes. Is there a better option out there? Probably.

OUR VERDICT: FOE
Today, Mozido is pursuing a strategy of partnering with and acquiring firms in the mobile payment space. Mozido’s main focus of late has been the Asia-Pacific region, including forays into China and Taiwan. As Mozido continues to push into various areas of mobile payments, we consider Mozido to be a foe, although it is not as much of a threat as many other domestic fintechs, as its focus is not the United States, and the underbanked aren’t necessarily the most sought after (read: profitable) customers a bank could grab. Should Mozido create partnerships here in the states, I might change my tune, but for now it’s positioned closer to the minor nuisance end of the spectrum. For the consumer, Mozido represents an opportunity that many have never had before, and a much needed one—so perhaps there could be a friendly future for all? Time will tell!

Using SaaS to Run a Highly Efficient Board


SaaS-10-28-15.pngHistorically, the preparation of board meeting materials took hours. The organization of board documents was a labor intensive crunch involving several people sifting through, hand collating, binding and manually distributing stacked materials. This process took a tremendous amount of time, and resulted in a significant lag in getting materials to boards, thereby limiting the ability to review materials efficiently. Fortunately, technology has evolved to a point where such marathon sessions are no longer a necessity. By leveraging digital solutions, materials can now be distributed electronically with relative ease and fewer man hours. 

The Convenience
A variety of companies are offering digital board materials, usually as SaaS [Software as a Service], which means the software is delivered remotely via the Internet rather than being purchased and housed on a computer or set of computers. An efficient solution provides a level of convenience to sharing materials that is largely absent from many business processes. You will want to avoid services that pigeonhole technology with proprietary platforms and unnecessary red tape—this does not help the board, and can actually create more problems than it claims to solve.

There are instances where organizations will be sidelined to specific operating systems or specs, but effective offerings will provide wiggle room for platforms and accessibility. Some services are even offering a nearly platform agnostic setup, retrofitting the application to fit with any device worth supporting so directors can access materials from their phone or tablet, regardless of time or location. There are some applications that have circumvented the need for direct Internet access, enabling an access in almost every circumstance.

The implementation must actually save board members the time previously lost to binding and delivery. Any decent SaaS solution will add hours to the boards’ reading time, but some offer to save as much as 95 percent of the time materials once took to create. Simplifying the workflow while delivering a superior product will provide board members with more time to fully understand the materials—thereby translating to a better board meeting.

Of course, all of this is useless if the implementation of the technology opens up debilitating security gaps.

The Security
Banks are responsible for millions of dollars, so it’s understandable that many fear “the cloud,” especially since most news regarding the cloud is rife with breaches. It’s an additional concern that some SaaS products cause more security issues than they solve. As a result, partnering with a product that provides cybersecurity measures is a must.

It‘s immediately essential that data be stored on a dedicated server with thorough encryption. Many solutions will haphazardly toss all data into large servers, but the best products will ensure that data is separated from other clients and accounts. While dedicated servers ensure that information cannot be seen by another organization, encryption converts the data to gibberish, so in the event of a breach hackers would be left with nothing but a mess of letters and numbers.

Having the ability to control individual user access can also add an extra layer of security. In the past materials could be lost, forgotten and delivered to incorrect addresses, revealing materials to damaging elements. The option to digitally deliver materials to recipients eliminates that risk entirely.

Support and The Future
Customer support is key to running an efficient system. Selecting partners that respect your time and understand your business needs is an absolute imperative. A successful implementation must come with 24/7 support. Banks are complicated entities, and the value of having a human being answer the phone is immeasurable. It’s an added incentive if that person is assigned to your account, meaning you know that person and have worked with them in the past. As boards and providers work together, there needs to be mutual respect and consistent communication. Solutions can work with the boards that use their technologies to implement new features, satisfying needs as they arise, and creating bonds that serve to help both businesses thrive.

Technology can be a double-edged sword in modern business. Sometimes we find it opening up worlds of information with no cost to the user. But in some cases technology can expose sensitive data to thieves, or crash and eliminate months of work with no warning. As banks continue to become more dependent on technology to save time and money, it’s exponentially more important that boards have access to SaaS solutions that save time and money, while keeping information, and the business, safe.

Banking Compliance and the Cloud: Can They Coexist?


cloud-computing-8-3-15.pngBusinesses large and small are enamored with cloud computing. After all, it promises less information technology expense, delivering cheap, on-demand, and elastic processing power, disk storage and memory, while cutting down on energy use. By meshing their services with the cloud, companies gain social and mobile capabilities that can connect them more closely with their customers. But is it right for financial institutions?

In short, it depends—both on what systems your financial institution is considering and what types of data will be processed, stored or transmitted by the cloud service provider. With careful monitoring and attention to key risk areas, cloud computing can work, and it can be a solid, budget-friendly choice for financial institutions seeking computing power and the ability to scale quickly as business grows.

Cloud Deployment
When considering a cloud solution, you’ll first need to choose a deployment model. Your bank may select from private clouds, which belong to a single organization; public clouds, offered by companies including Amazon and Microsoft; and hybrid clouds, which use a mix of public and private clouds.

Second, consider your service model:

  • Software as a service (SaaS): Your bank uses the provider’s applications and operates them on the provider’s infrastructure.
  • Platform as a service (PaaS): Your bank deploys its own applications onto a cloud infrastructure using the provider’s programming tools—a good choice for banks that develop their own applications.
  • Infrastructure as a service (IaaS): Your bank runs operating systems and applications on the cloud provider’s infrastructure.

Are Cloud Solutions Secure?
For banks, data security is paramount, and you must comply with the Federal Financial Institutions Examination Council (FFIEC)’s Outsourcing Technology Services Booklet, federal and industry protection regulations, and payment card data requirements under the Gramm-Leach-Bliley Act, among others.

Though FFIEC and other guidelines give some clarity on how banks should approach data security, they miss some key nuances of cloud computing. Specifically, banking institutions will also need to consider:

Provider and Data Location
Where your institution’s provider is located and where your data is stored, processed or transmitted can trigger a variety of state, federal or international privacy compliance concerns and issues.

Multiple Levels and Layers of Risk
Cloud providers commonly resell other providers’ services or rely on other subservice providers, which makes risk assessment extremely difficult. Furthermore, data could be backed up and stored by multiple service providers and facilities.

Vendor Risk
Your vendors may use cloud services to store your customers’ information. As a result, you may need to spell out in your contracts what your cloud computing policies are, or at least incorporate questions about cloud computing practices into your vendor risk management program.

Institutions that implement cloud technology will need to address these risks specifically, requiring all parties involved to conform to the security and privacy mandates outlined in their contracts. You’ll also need to develop plans to continually monitor the activities and performance of both service providers and third parties.

Moving to the Cloud
Cloud computing is likely here to stay. And while the shift may be too large for some banks’ tastes, it does come with certain benefits. Keeping compliance and regulations in mind, embracing the cloud may mean increased agility, speed and competitiveness for financial institutions of all sizes.