Cybersecurity Should Keep Bank Leaders Up at Night


cybersecurity-6-11-18.pngTwo years in a row, Mike Morris and his team at the consulting firm Porter Keadle Moore dinged a client bank for what the firm saw as a potential security threat by allowing access to personal email accounts while using company equipment.

Then about a month ago, on a Friday afternoon, Morris, a partner and cybersecurity expert at PKM, got a call. The bank they had written up two straight years for the same potential security lapse had, in fact, been breached by someone using personal email on company equipment, exactly what they had identified as the possible threat.

Such cybersecurity threats are among the most serious for any institution for a multitude of reasons, from fiduciary responsibilities to reputation and beyond. Cybersecurity will be a common topic at the Bank Director’s 2018 Bank Audit & Risk Committees Conference, held June 12-13 in Chicago.

Morris has multiple stories about hacks and phishing scams that have in some way compromised personal data or a customer’s own money.

Another recent case: A customer fell victim to a phishing scam, and the source in China managed to wire $150,000 through another bank before they “got lazy” and tried to draw another $150,000 directly from the customer’s bank. The second transaction, thankfully, was caught by the bank’s compliance team in review.

“That’s happening on a regular basis, and it’s not a new trend, but yeah, it’s happening all the time,” Morris says.

Some of the financial services industry’s most experienced experts paint a dark picture about how prepared—or not—banks generally are for cyberattacks, or perhaps more generally, just threats to customer information that could ultimately pose a risk to the bank.

It’s not a new challenge for the industry. Banks have had training along with regulator attention and oversight for at least a decade on this topic, but with an increasingly vast digital footprint, troves of data and relationships outside the walls of the bank with vendors, the potential threats grow in parity.

“Firms that successfully introduce cutting-edge technologies need to infuse cybersecurity risk management practices throughout the entire development life cycle to identify and mitigate new risks as they emerge,” said Bob Sydow, a principal at Ernst & Young, in testifying before the Senate Banking Committee in late May. “This shift in mindset from thinking about cybersecurity as a cost of doing business to seeing it as a growth enabler is not easy, but it is the only viable path forward.”

The data about cyber threats—not to mention what seems like weekly headlines about data breaches—doesn’t help dissuade any worry that bank leaders or risk officers might have. The 2017-18 Global Information Security Survey by Ernst & Young found nearly 90 percent of some 1,200 bankers around the world said their cybersecurity function doesn’t fully meet their organization’s need. More than a third said their data protection policies were ad hoc or nonexistent, Sydow told senators, just weeks after Facebook CEO Mark Zuckerberg was on Capitol Hill testifying about Cambridge Analytica’s use of the social network’s user data.

“As banks and other financial services firms define their digital strategies, their operations are becoming ever more integrated into an evolving and, at times, poorly understood cyber ecosystem,” Sydow said.

That integration Sydow talked about is an area where there’s considerable risk, Morris says, that should be reviewed and understood by audit committees, risk committees, boards and other bank leaders. Financial institutions are working with an increasing number of third-party vendors for specific services or products, some of which require that vendor to access the data of the bank’s customers. That itself presents a risk, and boards should be especially careful when negotiating contracts that in early draft stages tend to favor the interests of the vendor but are often revised through the negotiation process.

Morris says it should be a top priority for banks to have a right-to-audit clause or confidentiality clause in those agreements, which gives the bank some authority to ensure the data to which they are allowing access is treated properly and kept secure. Boards should also take the opportunity to update or revise long-standing contractual agreements, like those with core system providers, when they come up for renewal.

Many institutions have lengthy contracts with their core technology providers, and with data security a preeminent concern, those renewals should be taken seriously.

“You have that moment of power when you haven’t signed an updated agreement that you can get some of these clauses put in there,” Morris says.

More Than Your Average AI


artificial-intelliegence-6-6-18.pngUSAA was looking for a financial technology firm to tell them they were dead wrong.

They found that candid firm in the summer of 2017, and the resulting partnership has generated one of the first technologies the large financial services provider has rolled out that allows its members, active military personnel, veterans and their families, to interact with USAA on Amazon’s home devices that feature the digital assistant Alexa. USAA wanted to solve a problem: “How do we create a scalable conversation engine that can talk about something as sensitive as personal finances?” says Darrius Jones, assistant vice president for enterprise innovation at USAA, in describing what led them to their partner, Clinc.

Working together, Clinc, an Ann Arbor, Michigan based fintech that has grabbed the attention of national outlets like CNNMoney, and USAA developed a “scalable conversation engine,” as Jones describes it, that goes far beyond a binary question-answer interaction between a human and a “talking silo.” The two companies formally announced their partnership to create a conversational artificial intelligence solution in August 2017. USAA was the first major national bank to partner with Clinc, which had raised nearly $8 million in multiple funding rounds before the announcement.

“From the beginning, our teams worked together to create a very different experience for delivering content that is complex … and trending,” Jones says.

Those interactions propelled the work USAA and Clinc have done to be named in March as a finalist for Bank Director’s FinXTech Innovative Solution of the Year, an award presented at the FinXTech Annual Summit, held this year in Phoenix.

The truth is, several banks have worked with fintechs or internally developed some version of conversation capabilities with in-home devices like the Amazon Echo, Apple HomePod or Google Home. But most of these interactions are basic, limited to rudimentary questions about account balances and other simple, mostly binary, inquiries. But $155 billion asset USAA uses Clinc’s technology to offer broader conversations and analysis than just binary sort of answers. Jones calls it “three-dimensional” because of its ability to infer intent from interrogatory statements based on contextual evidence proposed in the interaction with its human counterpart.

“Our Alexa skill really has the ability to disseminate what you’re saying and, in some cases, answer a question most humans wouldn’t answer without proper context,” Jones says. So instead of just getting simple responses, the engine can analyze spending trends at specific places, for example, and aggregate data across several accounts, making the responses more holistic in nature. The technology can also be predictive at times when the user asks questions in a vague way, according to Jones, and can respond with a suggested prompt with a perceived answer, a capability that is so far rare in other similar AI interfaces.

USAA had wanted to wade into the AI and conversation engine area before signing on with Clinc, Jones says, and had developed a strategy they thought would have been effective, efficient and competitive, but then Clinc’s CEO, University of Michigan Professor Jason Mars, chimed in when they met at a conference. As Jones recalls, he told the team at USAA, “I think you guys have a great idea, but I think you’re doing it wrong.” It was exactly the assessment USAA was looking for. “We love partners who are willing to challenge us and make us better,” Jones says.

The conversational technology is still a ways off from administering payments or other products that might add to the bank’s bottom line, according to Jones. But USAA has already identified opportunities to leverage the technology to increase member loyalty, and potentially work in soft pitches for other products the bank offers and advise members of possible risks.

Jones says USAA has “really struggled with the success” of the pilot programs, so much so that they had to check and recheck the data and reporting to ensure it was accurate. Eventually, he says they hope to continue the scaling of the technology, which he expects to involve additional updates later this year.

“I have a belief that the days of typing or touching as your primary method of interaction are numbered,” Jones says.

Regulatory Issues to Watch In 2018


regulation-5-22-18.pngAs 2018 unfolds, all eyes in the financial services industry continue to look to Washington,D.C. In addition to monitoring legislative moves toward regulatory reform and leadership changes at federal regulatory agencies, bank executives also are looking for indications of expected areas of regulatory focus in the near term.

Regulatory Relief and Leadership Changes
Both the U.S. House of Representatives and the Senate began 2018 with a renewed focus on regulatory reform, which includes rollbacks of some of the more controversial provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the sweeping reform passed after the 2008 financial crisis. These legislative actions are ongoing, and the final outcomes remain uncertain. Moreover, even after a final bill is signed, regulatory agencies will need time to incorporate the results into their supervisory efforts and exam processes.

Meanwhile, the federal financial institution regulatory agencies are adjusting to recent leadership changes. The Federal Reserve (Fed), Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and Consumer Financial Protection Bureau (CFPB) have new leaders in place or forthcoming, some of whom have been vocal supporters of a more “common sense” approach to financial regulation and who generally are supportive of regulatory relief. In the case of the CFPB, the ultimate direction of the agency could remain uncertain until a permanent director is appointed later in 2018.

Regulators’ Priorities in 2018
Notwithstanding the regulatory reform efforts, following are some areas likely to draw the most intense scrutiny from regulatory agencies during 2018 examination cycles:

Credit-related issues. While asset quality continues to be generally sound industrywide, concerns over deteriorating underwriting standards and credit concentrations continue to attract significant regulatory attention, accounting for the largest share of matters requiring attention (MRAs) and matters requiring board attention (MRBAs).

The federal banking regulators have encouraged banks in recent months to maintain sound credit standards within risk tolerances, understand the potential credit risks that might be exposed if the economy weakens, and generally strengthen their credit risk management systems by incorporating forward-looking risk indicators and establishing a sound governance framework. At the portfolio level, regulators are particularly alert to high concentrations in commercial real estate, commercial and industrial, agriculture, and auto loans, according to the FDIC.

Information technology and cybersecurity risk. The Federal Financial Institutions Examination Council (FFIEC) updated its Cybersecurity Assessment Tool in May 2017. Although its use is voluntary, federal and state banking regulators typically consider a bank’s use of the FFIEC tool or some other recognized assessment or framework as part of their assessment of an organization’s cybersecurity risk management, controls, and resilience.

On a broader scale, in February 2018, the Department of Justice announced a new cybersecurity task force. Although the task force is not directed specifically at the financial services industry, its first report, expected to be released this summer, could provide useful insight into the scope of the task force’s activities and potential guidance into what types of regulatory actions and controls to expect in the coming years.

Bank Secrecy Act and anti-money laundering (BSA/AML) compliance. The industry has seen a steady increase in enforcement actions—some of which have included severe sanctions— when regulators perceived banks had pared back resources in this area too severely. Compliance with Office of Foreign Assets Controls (OFAC) requirements and efforts to prevent terrorist financing are also continuing to draw regulatory scrutiny.

Consumer lending practices. Regulatory priorities in this area are likely to remain somewhat fluid given the leadership changes occurring at the CFPB, where a permanent director is to be appointed by September. Additionally, legislative efforts that could affect the structure and authority of the bureau also are underway.

Third-party and vendor risk management. It has been nearly five years since the OCC released OCC Bulletin 2013-29, which expanded the scope of banks’ third-party risk management responsibilities and established the expectation for a formal, enterprise-wide third-party risk management effort. Since then, regulatory agencies have issued several follow-up publications, such as OCC Bulletin 2017-7, which spells out supplemental exam procedures. Also in 2017, the FDIC’s Office of Inspector General issued a report with guidance regarding third-party contract terms, business continuity planning, and incident response provisions, and the Fed published an article, “The Importance of Third-Party Vendor Risk Management Programs,” which includes a useful overview of third-party risk issues.

Despite the industry’s hopes for regulatory relief in some areas, all financial services organizations should continue to focus on maintaining sound risk management policies and practices that reflect today’s environment of continuing change and growing competitive pressures.

Why Improving the Customer Experience is the Latest Industry Trend


technology-5-9-18.pngPerhaps you’ve noticed a driving theme across the financial services industry to innovate and improve the customer experience. While the path to achieving the goal varies greatly—from using artificial intelligence to personalize the experience to implementing a single platform—winning the experience and efficiency game comes down to one simple mission: create an enjoyable customer experience.

Everyone watched as this transformation, led by user experience, disrupted industries like e-commerce and entertainment. Companies like Amazon and Netflix have been ahead of the curve in delivering superior experiences to their customers, which often has not just been because they offer a great user experience, but also because of logistical excellence. Today, offering a personalized experience and real-time services across any device is the new normal.

In fact, recent data confirms this expectation even in financial services, according to Barlow Research Associates Inc. Customers cite that a primary driver for working with a bank is often based on how easy the bank is to do business with. Furthermore, customers expect the same seamless and easy-to-use digital interaction with their bank as they do while ordering an Uber, for instance.

The Single Platform Difference
With the rise of financial technology (fintech), there is no shortage of vendors providing an assortment of solutions to help financial institutions offer an improved customer experience. Unfortunately, some banks and credit unions have found themselves with more headaches than enhancements when multiple vendor solutions are implemented across the institution.

Disparate systems often lead to data siloes, expensive integration projects and increased overhead in due diligence and security monitoring. The seamless, multi-channel experience customers want is thrown out the window when multiple, separate systems are implemented and expected to work together, and rarely do.

A single-platform solution has become a strategic imperative to overcome many of the issues associated with disparate systems. With one system managing all channels, banks and credit unions can deliver a unified experience while reducing operational inefficiencies. This is a clear need as more than half of financial institutions customers don’t believe that the digital channel of a bank can service all their needs, recent research data shows.

However, transforming the customer experience doesn’t just mean introducing a slick user interface; back-office processes must also be efficient and meet the real-time demands of customers. There is almost a 50 percent abandonment rate of banking customers starting a process online and then finishing at a branch, according to the 2017 Account Opening and Onboarding Benchmarking Study. This is likely due to another fact: less than 20 percent of financial institutions have implemented an end-to-end process to date.

Streamlining customer and employee interactions within a financial institution to drive increased efficiency, transparency, profitability and regulatory compliance across all lines of business is essential in order to drive a superior customer experience. Regardless of the originating channel, a customer should receive:

  • Transparency into banking processes
  • Convenient access to status updates and document sharing
  • Personalized, seamless customer experience
  • Digital/mobile-enabled access

Where to Begin
Consider these three areas for ensuring a successful transformation.

  1. Plan the journey before you begin. In order to establish a vision to guide the entire organization (or even a line of business), it’s imperative to first understand the journey customers go through when interacting with the institution. This involves considering customers’ emotions, and the cause for those emotions. Dig into these areas while exploring the customer journey to improve the experience.
  2. Pick one product or line of business and take it end-to-end. Many institutions, while taking the correct path of not just implementing a slick user interface, end up trying to take on more digital transformation than they are ready for. Instead of trying to transform the whole bank or department all at once, greater success is often met by starting with a single product, like a secured small business loan, and transforming that experience end-to-end.
  3. Finally, release then iterate. Starting with a single product or a particular line of business provides the opportunity to test and perfect. The iterative process is important not just to improving the customer experience, but also to ensuring that any needed operating model adjustments can be properly vetted.

As technology giants like Amazon continue to push the bounds of customer expectations, it can at times feel daunting to try to make these shifts at your own institution. However, as customer demands for seamless digital experiences grow and become even more a part of the buying decision, the emphasis on a single platform to help deliver both an exceptional experience and logistical excellence is even more pronounced. This growing demand marks the importance and urgency of employing a strategy that focuses on delivering a delightful customer experience from the first interaction all the way to the back office.

Risk/Reward: Can Insurtech Build Better Relationships With Your Bank Customers?


insurtech-5-8-18.pngThe rise of financial technology, or fintech, has not disrupted banks to the extent that many predicted it would. What it has done, however, is chip away at the number of services a given customer will seek from their bank. Instead of using their banking app to check balances and transfer funds, many use third party personal budgeting tools like Mint and peer-to-peer (P2P) payment apps like Venmo. Instead of seeking credit at their local branch, many consumers are turning to online lenders like SoFi. As customers spend less and less time engaging with their banks, brand loyalty is at risk, which is at a higher premium in today’s market.

So how can banks recapture engagement or retain loyalty? Adding an insurance offering could be an option for creating a new touchpoint with bank customers. To many bankers, this is not a new idea. The concept of bancassurance—where a bank serves as an insurance broker and directly offers products to its customers—has been around for a long time. But there is a wave of technological transformation taking place in the insurance space that could breathe new life into bank/insurance partnerships: insurtech.

Insurtech is very similar to fintech. At the core, these firms are about utilizing technology and data to shake up an incumbent industry. The end goal of insurtech is offering more targeted, consumer-centric insurance products and ways of accessing those products. Insurtech is still in the early stages of development but, according to customer experience technology firm, Quadient, most incumbent insurance firms now have a “strong plan or strategy for how they will deal with onboarding innovative technologies and channels” that they did not have just two or three years ago.

Banks utilize a few key models for incorporating insurance into their customer offerings:

Building a marketplace: The marketplace model is being pioneered by many digital-only challenger banks. For example, U.K.-based challenger banks Starling Bank and Monzo have rolled out in-app marketplaces that augment their basic checking accounts by linking customers to a bevy of outside partners, from insurance and pension providers to mortgage lenders. While it’s possible to generate referral fee income from this type of arrangement, this model has not proven to be a major revenue driver, as the banks have yet to see a month without losses.

The marketplace model does allow digital banks to offer services beyond their basic online consumer accounts without the stress of integrations and new partnerships, but that’s a challenge that most traditional banks do not face because they can typically offer payment transfers, loans, and more. While a marketplace would move incumbents closer to the Amazon-like platform model in vogue today, it doesn’t seem to offer a major value add for traditional banks.

Using white-label products: Taking the idea of an insurance marketplace a bit further, banks can also consider incorporating white-label products to help consumers access insurance or compare policies in the bank’s existing online platform. Fidor Bank, a digital institution out of Germany, created an online marketplace that allows customers to access curated fintech and insurtech products. The Fidor product, FinanceBay, is now available as a white-label product to other banks.

Many digital-first insurance providers offer ready-made affinity programs with white-label capability as well. With this increased connection between the bank and the third party insurance providers, though, liability becomes a much larger concern.

“Bancassurance,” or partnering to establish an insurance brokerage: A step even further than incorporating a white-label product to help customers find insurance would be to engage in a bancassurance model, where the bank would serve as an insurance broker actively selling insurance products to its banking clients. This form of partnership has been utilized heavily in countries such as France and Spain.

When Glass Steagal was repealed in 1999, those bank/nonbank commerce barriers were largely removed, but regulations, complicated corporate structuring questions and mixed results have largely kept the model out of the U.S. However, the recent partnership announced between Germany’s largest bank, Deutsche, and Berlin-based Friendsurance is bringing interest in this model back to the forefront.

By mid-2018, Deutsche plans to offer coverage from over 170 German insurers through its in-app insurance manager function, according to Insurance Journal. Friendsurance uses artificial intelligence to evaluate potential plans based not only on price but also on “the question of how financially stable the insurer is or how good its customer service is,” Friendsurance co-founder Tim Kunde told Handelsblatt Global in January. Deutsche will be establishing its own insurance brokerage firm run by Friendsurance as opposed to a simple referral program or marketplace tool. This differentiation, the bank hopes, will reinvigorate the bancassurance concept thanks to the added value the insurtech brings to the insurance buying experience.

However a bank/insurtech partnership takes shape, liability is a looming issue. The more deeply engrained a partnership is, the more complicated the liability analysis becomes. As with all major technology partnerships, banks should bring their regulators into the conversation early on if they’re considering a partnership with an insurtech provider.

Insurtech is a fast-growing sector, and the distribution of insurance products is becoming more prolific among retailers, utilities, lifestyle brands and more. If banks don’t begin to explore insurance partnership models, they may lose out on yet another opportunity to service their customers.

What Facebook’s Data Debacle Could Mean for Banking


regulation-5-2-18.pngThere was a particular moment on the second day of his most recent testimony Facebook CEO Mark Zuckerberg struck a rare smile.

Zuckerberg, on Capitol Hill to answer pointed questions about the scraping of company’s data on 87 million of its users by U.K.-based Cambridge Analytica—was asked if Facebook was a financial institution.

The odd inquiry came during a string of questions from Rep. Greg Walden, the Oregon Republican who chairs the House Energy and Commerce Committee that grilled Zuckerberg about the massive company’s complex web of operations, which includes a mechanism for users to make payments to each other using popular apps familiar to bankers like PayPal and Venmo, as well as debit cards.

Facebook is not a financial institution in the traditional sense, of course, but it does have a clear position in the financial services space, even if just by its role in providing a platform for various payment options. It has not disclosed how much has been transferred between its 2 billion users, and it certainly has raised questions about how tech companies—especially those with a much narrower focus on financial technology, or fintech—collect, aggregate, use and share data of its platform’s users.

This relationship could soon change as Washington lawmakers discuss possible legislation that would place a regulatory framework around how data is collected. Virtually any industry today is dependent on customer data to market itself and personalize the customer experience, which is predominantly on mobile devices, with fewer personal interactions.

“I think it’s likely something is going to happen here, because we’ve kind of been behind the curve as it relates to [regulation], especially Western Europe,” says David Wallace, global financial services marketing manager at SAS, a global consulting and analytics firm.

While banks are somewhat like doctors and hospitals in the level of trust that consumers historically have had with them, that confidence is finite, Wallace says.

Survey data from SAS released in March shows consumers want their banks to use data to protect them from fraud and identity theft, but they aren’t crazy about getting sales pitches.

At the same time, payments services like Paypal’s Venmo and Zelle, a competing service that was developed by a consortium of banks, also collect data, but have a lower “score” with consumers in trust, according to Wallace.

Where’s the Rub?
The question from Walden barely registered on the national news radar, but it also highlights new areas of concern as banks begin to adopt emerging technologies like artificial intelligence, and market new products that are often driven by the same kind of data that Facebook collects.

The recent SAS survey also asked respondents about their interactions with banks, and how AI might influence those. Most of the survey respondents say they are generally comfortable with their bank collecting their personal data, but primarily in the context of fraud and identity theft protections. Sixty-nine percent of the respondents say they don’t want banks looking into their credit history to pitch products like credit cards and home mortgages.

As the Cambridge Analytica situation demonstrates, there is a fine balance that must be observed giving all companies the opportunity and space to succeed in an increasingly digital environment while protecting consumers from the misuse of their personal data.

Congress tends to be a hammer that treats every problem like a nail—so don’t be surprised if the use of customer data is eventually regulated. Thus far, the only regulatory framework in existence that’s been suggested as a model of what might be established in the U.S. is the GDPR, or General Data Protection Regulation, currently rolling out in Europe. It essentially requires users to opt-in to allowing their data to be shared with individual apps or companies, and is being phased in across the EU.

How that approach might be applied to U.S. banks, and what the impact might be, is still unclear. It could boil down to a “creepy or cool” factor, says Lisa Loftis, a customer intelligence consultant with SAS.

“If you provide your (health) info to a provider or pharmacy, and they use that information to determine positive outcomes for you, like treatments or new meds you might want to try, that might factor into the cool stage,” Loftis explains.

If you walk by a bank branch, whether you go in it or not, [and] you get a message popping up on your phone suggesting that you consider a certain product or come in to talk to someone about your investments without signing up for it, that’s creepy,” she adds.

Any regulation would likely affect banks in some way, but it could be again viewed as a hammer, especially for those fintech firms who currently have a generally regulation-free workspace as compared to their bank counterparts.

Why It’s Never Been Easier to Adopt a Fintech Solution


innovation-4-9-18.pngFor many banks and financial services firms (incumbents), emerging financial technology firms (fintechs) were once viewed in two camps: flash-in-the pan, one-hit wonders or serious threats institutions should avoid. Perhaps the media was partially to blame for this “us vs. them” mentality with its prolific use of words like “disruption” or its positioning of fintechs as the only companies who embraced change or were capable of innovation. Beneath the exuberant headlines espousing the promise of these new technologies and the industries they would revolutionize, there was more than a hint of negativity, a healthy dose of fear mongering, and a pretty clear message, “Dear banks, you are not invited to the party. In fact, we are coming to crash yours.”

Although those of us who worked in banking and wealth management bristled at the tone and approach of these young companies, none of us could disagree with much of what they were saying: things were broken and radical change was afoot. Yet, there was something about the disruptor’s manifesto that seemed a little naïve, a bit misguided and certainly incomplete.

There was the assumption that financial institutions were resistant to change or opposed to innovation; neither of which, I would argue, were entirely true. For a myriad of reasons companies wanted change. The unspoken matter was how could they realize it in a cost effective and compliant way without disrupting any core processing or custodial technologies. Would these technologies integrate cleanly?

Fast forward to 2018
Much has changed. Many of the disruptive fintechs with their go-it-alone, direct-to-consumer business models have pivoted to business-to-business service models and now service the very companies and industries they set out to upend. Similarly, banks who either ignored the boisterous fintechs or chose to build internally are rethinking their strategies and engaging with start-ups.

What has changed?
The quick answer is everything. The disruptors have not only proven their technologies, but the market has begun demanding their services. Furthermore, the speed of innovation, adoption and deployment has quickened at such a rate that what was once deemed new or disruptive is suddenly table stakes.

Having experienced how difficult it is to create brand identity and how expensive it is to acquire clients, many fintechs have turned their focus to servicing institutional clients. Fintechs have a deeper understanding of the complex business activities and regulatory and compliance processes with which financial services must adhere and are designing their technologies accordingly. The technology is often preconfigured, ready to integrate into existing back-end processes, and deployable at a large scale.

Us vs. Them Becomes We
Fintechs are easier to partner with and their solutions have become easier to adopt. No longer is innovation limited to the banks or organizations with large IT budgets and staffs. FinTechs have made innovation available to all financial firms, with prices and engagement models that meet most budgets.

The nimble nature of fintechs has allowed them to adapt to changes and fine-tune their technology at a much quicker rate, bringing the most scalable solutions to the market. With an emphasis on engagement and a seamless experience for both clients and institutions, fintechs are no longer serious threats but rather trusted partners bringing a necessary business function to institutions.

Lastly, and equally important, the value proposition for incumbents to adopt digital solutions is clearer and far more comprehensive than previously articulated or understood. Fintechs make it easier for institutions to launch new business services such as wealth management or lending solutions to diversify product offerings, deepen client engagement, enhance client acquisition and strengthen loyalty. This not only helps grow the overall business, but many incumbents have realized significant cost savings through the automated processing solutions these new technologies offer and the elimination of manual back-end processes. As a result, businesses are seeing improved efficiency ratios and in some cases, higher valuations.

To conclude, a new breed of fintechs has emerged, many with the same face, most with a new sophistication and a deeper understanding of integration but all with the mission to empower. Transformation through collaboration is an impressive phenomenon, one that every firm should take advantage of and fintechs provide that opportunity.

Successful Change: Managing Human Capital Risk During Implementation


risk-3-26-18.pngMany financial services companies are in the process of implementing significant change initiatives or poised on the brink of doing so. As discussed in our previous article, many such efforts fail to meet expectations because leadership has underestimated the human capital risks that threaten strategy execution. But effective implementations can mitigate critical people-related risks while building employee understanding, commitment and resiliency.

The Typical Transition From the Past to the Future
Regardless of the type of change—for example, a consolidation, acquisition or new business model—employees must go through a process of transition. A transition that is smooth reduces the depth and duration of lost productivity, as well as unwanted turnover, and expands the organization’s capacity for future changes.

Employees often initially focus on change as an ending to what they know as familiar, which can foster uncertainty and negative attitudes, such as assuming the change won’t work. Leadership must help employees move first to a mindset that is more neutral and accepting, so employees are willing to give the change a try. From there, management can help employees begin to see the change as a new beginning and understand that the new organization can do better or more.

With most change initiatives, almost every employee is affected to some degree. Employees might need to adapt to a new technology system or move to a different facility. They could find themselves in a much larger department or with a different level of authority. Some of the changes in employees’ individual experiences will play a greater role in the potential for project success than others and therefore warrant greater change management attention. For example, leadership could expend more energy dealing with how managers react to having their authority altered than on employees who merely need to learn new procedures for approvals.

Note that it is not only reductions in authority that require leadership attention. Managers in a smaller bank where the president made all of the salary and promotion decisions might find it difficult to adjust after being acquired by a larger institution where they are expected to be more actively involved in such matters.

Transition Monitoring and Management
Financial services companies should create a change effectiveness scorecard to evaluate the impact, readiness, adoption and benefits realization of each change initiative. Metrics might include the percentage of business results achieved, individual or department change readiness (at project launch and quarterly intervals going forward), training completion rate, key employee retention, client satisfaction, quality of production and employee engagement.

Employee engagement can be measured through responses to pulse surveys conducted on a regular basis to track and improve employee understanding of and buy-in on the change project. These short surveys ask respondents to rank from 1 to 5 the accuracy of statements such as:

  • I understand how this transformation can benefit our employees, customers and community.
  • I believe the communications I receive from the transformation team.
  • I feel that I have enough opportunities to learn about the transformation.
  • I know where to go when I have questions about the transformation process.

When it comes to change projects, individual leaders or employees typically fall into one of four categories based on their level of engagement, performance and impact on project success. Each category calls for different management strategies during project implementation:

  • Advocate (high impact, high engagement): Leadership should recognize and reward high-impact employees who are actively and vocally on board and performing well, and consider increasing their project responsibilities.
  • Supporter (low impact, high engagement): These employees demonstrate their high level of commitment to the project by effectively providing assistance or resources, even though they are not critical to satisfying high-impact project objectives. Leadership should consider increasing their project-related roles and responsibilities.
  • Laggard (high impact, low engagement): These individuals have a low level of commitment to the project—even if they are performing well—but are essential to meeting the project objectives. Leadership should address their low engagement in hopes of moving them to advocate status. For example, the management team could consider demonstrating what’s in it for the employee if the project succeeds. If that effort fails, leadership should consider reassigning these employees from high-impact areas where they could negatively influence others and project success.
  • Bystander (low impact, low engagement): These individuals demonstrate a low commitment level, and their impact is not vital to meeting project objectives. Leadership might consider their potential for greater project impact and address reasons for low engagement.

The human capital risks associated with change initiatives could prove the difference between ultimate success or failure. Particularly when change affects customers, the employee experience has a direct effect on customer experience. By properly managing employees throughout the transition, bank leadership can help employees see change not as a negative ending, but as a positive beginning.

Human Capital: An Underestimated Element of Successful Change


capital-2-26-18.pngFinancial services companies of all sizes are modifying their business models to stay competitive. But managing organizational change is a major business challenge, as evidenced by the fact that 70 percent of critical change initiatives fail to meet management expectations. One reason for the high failure rate is that leadership often underestimates the effort necessary to properly handle the human capital element—that is, the employee awareness, understanding and commitment required to achieve success.

When a change initiative is a bank consolidation, acquisition, turnaround or the implementation of a new competitive business model, there is little margin for error. Directors typically focus on the financial or operational risks associated with the resulting organization, but they would be wise to expand their oversight to the potential effects on people and culture, which in turn affect how well the organization can serve customers, its perception in the community and its sustainability.

The Role of Human Capital in Change Initiatives
It’s understandable that bank directors and management tend to concentrate on the risks that can be expressed in spreadsheets and financial statements, but ultimately, it is the people of the organization that create—or impede—success.

An organization’s staff should be well prepared to use the new business processes and systems going forward, for example. Employees also should be prepared for changes to job roles and responsibilities that frequently occur due to business process improvements and new technology integration. Importantly, staff must understand not just the “how” but also the “why” behind the change if they are going to buy in.

The extent of the risk associated with a change initiative is generally driven by the extent of the impact on employees, and their readiness and ability to change. This risk increases when changes:

  • Affect more employees;
  • Affect more aspects of work;
  • Affect more locations;
  • Represent a large departure from the status quo;
  • Or represent a disruptive change, as opposed to an incremental change.

Common changes may include changes in employee roles, culture, staffing, relationships, competencies, authority, information, training, expectations and facilities. The changes that have a greater potential impact will require more active change management, while those that are less likely to cause significant waves simply can be monitored.

Once a bank’s leaders understand the change risk associated with an initiative, they can devise a plan for managing the change and communicating with employees about it.

Four Critical Transitions
An effective plan for managing business change accounts for several essential staff and culture transitions, each of which comes with its own change risks. Fortunately, each transition can be managed if leaders analyze and address the relevant issues in advance.

  1. Organizational transition: Leadership must determine the strategies, structures, processes, employee reward systems and people tactics (for example, hiring, development and retention) that will be affected or that must change.
  2. Employee transition: What changes will be required of individual employees and departments, and are they ready and able to do so? Changes may involve job roles, responsibilities, workflows and expectations. In times of change, employees naturally wonder, “what’s in it for me, and what’s needed from me?” Leadership must be able to clearly answer these questions.
  3. Cultural transition: Bank leaders need to determine how the current culture (in the case of consolidations, turnarounds or realignments) or the new culture (in a merger or acquisition) will accelerate or delay achievement of the organization’s goals. They also should analyze whether current behaviors in the organization are the optimal behaviors and how the culture will need to change (for example, leadership style, decision making or authority).
  4. Infrastructure transition: Leadership must understand if desired business changes will require changes to the processes and systems that support employees, such as performance reporting or payroll and benefits systems and, if so, the cost, timing and resource implications.

Bank leaders must act as influencers and role models during the execution of change, but their effect on results, and employees’ levels of commitment and performance, will vary depending on a few factors. Do the bank’s leaders possess the necessary skills, knowledge and abilities to perform the requisite responsibilities? Do bank leaders have the required level of commitment to perform the necessary roles and responsibilities? And finally, is their management style a cultural fit for their organization?

The ability to accomplish successful change depends on a range of factors, including some that might not traditionally be considered. Bank leaders must identify and manage their people and culture risks to maximize the odds of obtaining the desired results.

Navigating the Difficult Terrain of Money Transmission Laws


regulations-10-20-17.pngState money transmission laws can be difficult to navigate. Fees, surety bond and net worth requirements make it costly to enter, and significant complications arise when determining whether the requirements apply in the first place. As of June 9, 2017, 49 states and the District of Columbia impose registration and licensing requirements on money transmitters, with varying criteria for what constitutes “money transmission” and which entities are subject to regulation. Determining whether a particular financial services-focused business is subject to these regulations requires a careful review of the rules of each particular state.

This is a significant issue in the blockchain and virtual currency space because many states have yet to issue guidance on the application of state money transmitter regimes to these activities. Although most states define “money transmission” broadly to include any business that transfers money or its equivalent, the precise application of this definition to a particular set of activities can vary significantly among the states.

However, four states have taken specific regulatory action:

New Hampshire
The state enacted House Bill 436 on June 2, 2017, which exempts virtual currency transmitters from licensing requirements, reversing an earlier position. The change in course appears to reflect increasing government acceptance of virtual currency activities and recognition of the potential for regulatory arbitrage by market participants. The law became effective in August 2017.

Illinois
On June 13, the Illinois Department of Financial and Professional Regulation issued guidance on the treatment of virtual currency under its money transmission law. Digital currencies are not considered money, so the regulations will only affect transmitters if they also involve transmitting government-backed foreign or domestic currency. Therefore, virtual currency exchanges would likely have to apply for a license while blockchain tokens companies should be able to avoid licensing if they exchange their tokens exclusively for other virtual currencies, and not for fiat currency.

Washington
Conversely, Senate Bill 5031 requires virtual currency transmitters to be licensed and regulated in the state of Washington. Under the new law, the definition of “money transmission” now reads “receiving money or its equivalent value (equivalent value includes virtual currency) to transmit, deliver or instruct to be delivered to another location…” The new law appears to treat real and virtual currencies equally by requiring both classes of firms to register and be regulated as money transmitters. It also requires virtual currency transmitters to disclosure information regarding their business or activities and, for some, to conduct an audit of their security system. The bill became effective in July 2017.

New York
New York appears to have gone further than any other jurisdiction by creating the BitLicense regime, which includes many new requirements, such as cybersecurity and business continuity standards as well as state approval for a merger or acquisition. Moreover, there is no blanket exemption from the separate money transmitter license. Thus, virtual currency businesses may need to navigate both the BitLicense and the money transmission licensing schemes before they can operate in New York.

While the New Hampshire and Washington laws only recently became effective and the Illinois guidance is still new, the New York BitLicense has been in place for about two years, so its effect can already be seen. As a result of the scheme, several virtual currency companies appear to have left New York for more regulatory friendly states. Also, the scheme has been described as slow and tough, with only three licenses granted as of January 2017 despite many applications.

Thus far, the states have pursued disparate and sometimes divergent approaches to the application of regulatory requirements to virtual currency businesses. Recently, however, there has been a push for greater consistency. For example, the Conference of State Bank Supervisors (CSBS ) recently announced its Vision 2020 initiatives, aimed at making the state laws more uniform while still protecting consumers. Recently, the Uniform Law Commission (ULC) issued a model regulation of virtual currency businesses, which seeks to harmonize the varying treatment of virtual currencies by the states. At the federal level, the Office of the Comptroller of the Currency (OCC) is on the path to establishing a federal fintech charter regime which could potentially preempt the application of state money transmitter laws to chartered entities. If the OCC charter does in fact preempt the application of state money transmitter requirements to chartered entities, this may be enough pressure to strengthen state level initiatives to achieve consistent regulatory outcomes across jurisdictions.

Companies engaged in virtual currency transmission face a daunting set of regulatory requirements. However, there appears to be good things on the horizon with the OCC, ULC or the CSBS uniting the requirements under one regime. Until then, any business using virtual currency should carefully scrutinize the requirements in all states where it has customers.