Cybersecurity Risk Preparedness: Practical Steps for Financial Firms in the Face of Threats

3-19-15-AP.pngBanks and other financial services firms face increasingly sophisticated threats to their data systems and remote applications. Every system and device—ATMs, point-of-sale terminals, customer access devices, internal wireless networks and routers—can be a source of vulnerability. The risks include system disruption, loss of proprietary data and confidential consumer information, theft of money and securities through unauthorized transfers and account access, class action litigation, and damaged reputation.

Regulators are taking aggressive actions in response. The Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), and the federal banking regulators are engaged in targeted examinations of cyber-security efforts. The New York Department of Financial Services has declared that it will be scrutinizing cybersecurity as an integral part of its bank examinations. Other regulators too are closely examining the depth and comprehensiveness of financial firms’ data security programs. Administrative enforcement actions and civil litigation are the foreseeable consequences of programs that fail to measure up.

So what are the practical steps a financial firm should take to mitigate cybersecurity risks?

Get the Board and Senior Management Involved
Proper oversight starts with the board. Assign cybersecurity and vendor management to a specific board committee with responsibility to appoint senior officers to oversee the cybersecurity program and institute a formal reporting line up from business units and the legal, compliance, audit and technology departments.

Map the Risks
Create an inventory of database, telecommunications, and Internet systems and vendors, and a map of the business units that use them, how the various systems and vendors interact with one another and with customers and counterparties, who has access to them, and who has oversight and control over them. Scrutinize particularly the risks of remote access, transactional and funds transfer systems and devices.

Coordinate Compliance Plans
Various units within a financial institution are generally engaged in simultaneous efforts to assess and control threats though, e.g., anti-money laundering (AML) controls, fraud prevention, and credit and counterparty risk management. Coordinate these efforts with the cybersecurity plan through an enterprise-wide risk-management program.

Test and Audit
Conduct regular internal audits of system security and, at least annually, engage external vendors to do penetration testing.

Train Personnel
Create a formal personnel training program on cyber-security protocols and how to identify potential risks. Document participation in the training. Incorporate external resources and alerts on an on-going basis to address emerging issues.

Manage Vendor Risks
Regulators are expecting banks to oversee vendors. Control risks through both careful vendor selection and subsequent oversight.

  • Selection

    • Require prospective vendors to verify cyber risk-prevention preparedness.
    • Review vendors’ SEC filings.
    • Search for the vendor’s litigation and enforcement history.
  • Contracting
    The vendor contract should specifically provide for:

    • Oversight access: rights to conduct system security audits such as SSAE 16 and to receive reports of vendor internal audits.
    • Specific risk-control tools: e.g., firewalls, anti-virus software, spyware detection, physical security, intrusion detection, network anomaly detection, security information and event management, configuration management; business continuity plans and back-up systems.
    • Internal management:  specification of who has data system access, how that access is controlled, and the means of detecting unauthorized access and patterns of suspicious account activity.
    • Reporting: prompt vendor reporting of any security risk incidents.
    • Data Retention:  periods for maintaining data, methods for data disposal, return or transfer.
    • Liability; Indemnification; Insurance:  limits on liability, indemnification provisions, standards of care and performance, rights of termination, and requirements for vendor insurance.

For vendors outside of the United States, the contract should address applicable legal requirements and protocols for any portions of a system, process or services conducted or accessible by the vendor or its sub-vendors from outside the United States.

Obtain Adequate Insurance
Review your insurance coverage for the scope and carve-outs for cyberattacks and unauthorized access to confidential information and funds and accounts.

Prepare For a Breach
Be ready for a security breach. Prepare now for making prompt disclosures to law enforcement, regulators and affected customers, SAR filings (as applicable), insurance carrier notifications, communications with vendors, and, depending on the nature and magnitude of the event, public or investor disclosures. Line up counsel to handle potential class action litigation and administrative enforcement actions.

Work With Regulators and Peer Groups
Close attention to published regulatory guidance and direct communications with regulators can help identify potential gaps and weaknesses in a cybersecurity plan. Similarly, attention to trade association best practices and guidance (such as the Financial Services Information Sharing and Analysis Center), and participation in industry-wide working groups and conferences can further help identify areas for improvements.

Technology: Driver of Profitability or a Big Expense?

How does technology play a role in a bank’s growth and profitability? When asked to rank the importance of certain factors as drivers of their bank’s organic growth plans—culture and people, technology, unique products and services, and brand—technology placed second for 74 attendees who participated in an on-site audience poll at Bank Director’s Acquire or Be Acquired, held in Scottsdale, Arizona, in January, and the Bank Board Training Forum, last week in Nashville, Tennessee. The responses came mostly from bank directors, chairmen and CEOs.

In terms of importance to the organic growth of your bank, rank the following:

  Overall Rank Score*
Culture/people 1 235
Technology 2 157
Unique products/services 3 136
Brand 4 135

*Score is a weighted calculation, with items ranked as first receiving a higher value, or weight, of 4, second weighted as 3, etc… The score is the sum of all weighted values. Source: Bank Director

Technology continues to change the way customers interact with their banks. Respondents were also asked about their biggest fear—an open response about what keeps them up at night—and 10 percent cite non-bank competition. One of the speakers at the Bank Board Training Forum mentioned that Staples plans to begin offering small business loans. The Apples, Googles and retailers of the world are an increasing concern for bank boards, but will a focus on short-term profitability impede a director’s ability to take a long view of the business?

“Technology can move from an expense to a competitive advantage, if you do it right,” says George McGourty, president of the financial services group at Computer Services Inc. Big banks used to have the advantage with a significantly larger branch footprint, but technology can erase this advantage.

Looking at profitability for your bank in 2015, what do you believe will have the most positive impact?



Looking at profitability for your bank in 2015, what do you believe will have the most negative impact?


Sixty-nine percent of survey participants see loan growth as the factor with the most positive impact on the profitability of their financial institution, while no one cites technological innovations. Yet the right use of technology—and the right partnerships—can expand a community bank’s reach and help drive demand. Titan Bank, a $79.4 million asset bank based in Mineral Wells, Texas, partners with San Francisco-based peer-to-peer online lenders Prosper Marketplace and Lending Club to make small business loans, according to a spokesperson at the bank. These relationships help expand the bank’s reach beyond its local markets. (In addition to its Mineral Wells headquarters, the bank has a branch in nearby Graford, Texas, and a loan production office in Dallas, about 90 miles away.)

For Bethesda, Maryland’s Congressional Bank, with $446 million in assets, Lending Club helps the bank diversify its loan portfolio through the purchase of unsecured consumer loans, according to Jeffrey Lipson, the bank’s president and CEO. In February 2015, Lending Club partnered with BancAlliance, giving members of the Chevy Chase, Maryland-based lending platform—roughly 200 community banks—access to Lending Club’s expanded market for consumer loans.

Another technological opportunity is the use of data analytics. Too few banks take advantage of personal financial management tools and even for those that do, few effectively use the valuable customer data it provides, says Bradley Leimer, senior vice president and head of innovation at Santander Bank, N.A., the U.S. subsidiary of Banco Santander, S.A., headquartered in Madrid, Spain. Leimer just joined Santander in September 2014: He previously served as vice president of digital strategy at Richmond, California-based Mechanics Bank, with $3.4 billion in assets, from January 2010 to September 2014. During his tenure, almost 40 percent of Mechanics Bank’s customers used personal financial management tools, with the majority aggregating financial data from external accounts. The bank was able to use that information to target offers to its customers. “There’s money to be had in looking at the data that your customers provide you,” he says.

One-quarter of those polled in Bank Director’s survey view cybersecurity as their biggest fear. Do concerns about cybersecurity turn technology, in the minds of these board members and CEOs, into a potentially disastrous threat? Technology helps fuel growth, but it’s also a big expense. Finding technology’s place in a profitable bank isn’t easy. But bankers that view technology simply as an expense item, and not a way to grow, may find it difficult to get ahead. “If they look at [technology] clearly as an expense, I think they’re going to make some bad strategic decisions,” says McGourty.

The Rise of the Camera in Mobile Banking

2-27-15-Malauzai.pngWhen was the last time you took a picture with your phone or tablet? Probably pretty recently, right? Now, when was the last time you took a photo with a digital camera? You might have to think a little harder about that one. Smartphone and tablet cameras are in fact becoming so advanced that some experts speculate they will surpass the physically larger and now ubiquitous Digital SLR (DSLR) cameras in a few years. No doubt, mobile devices have become our go-to picture-clicking tools.

As the photo-taking abilities of these devices have improved, mobile banking has seen significant benefits. We are all very aware of how successful mobile check deposit has become. In many ways, mobile check deposit is the killer-feature of mobile banking. Based on Malauzai usage data, we know that 25 percent of active mobile banking users make deposits at least once a month. The mobile camera enables this success, supported by image recognition technology that can easily read a document and convert it into data. Now, the camera is driving new innovations for the mobile channel, including using the camera to simplify the onboarding process and to revolutionize how consumers pay bills.

Imagine opening a new bank account by simply taking a picture of your driver’s license. The typical onboarding process that can take up to 45 minutes at a branch can now take only five to 10 minutes inside the branch. Employees are provided with iPads enabled with advanced cameras, making quick onboarding a reality. Employees can even open accounts outside of the branch and pursue new clients in public places, such as a shopping center or company office. The technology is also being used by virtual mobile-only banks to allow direct customers to open accounts in self-service mode. Prospective customers can download an app, take a picture of their licenses and deposit a check in 15 minutes. This process is enabled by advanced mobile cameras.

Lastly, there is bill pay. When the industry set out to provide bill pay, the initial focus was being able to present bills electronically. This proved to be a challenge, and today paper bills are still in circulation based on some consumer preference, as well as billers that still do not make their bills available electronically. Enter the camera. With mobile photo bill pay, a consumer can take a picture of a bill and immediately make a payment. There is no data manipulation involved in the payment process; just point, click and pay. In a single effort, this solves the biggest problem that exists within bill pay. On average, 15 percent of active mobile banking users utilize mobile photo bill pay to pay bills every month when it is integrated in to their mobile banking app. That is four times higher than traditional bill pay when it is offered as a feature in mobile banking.

People enjoy taking pictures. From opening an account to depositing a check and paying bills, the advanced mobile camera is a driver in establishing mobile banking as the channel of choice for both banks and their customers. As the technology continues to mature, it will only improve. Mobile banking is poised to become the channel of choice for bank customers. As Internet banking stagnates in terms of generating additional revenue, clever usage of the camera is making mobile banking not only good for banks, but fun for consumers. Who said banking wasn’t fun?

Becoming an Apple Pay Bank: Should You Do It?

1-30-15-Emily.pngThe leadership team at Fremont Bank, based in Fremont, California, tries to stay on top of financial technology. “We’re directly across from the Silicon Valley,” says Chris Olson, Fremont’s chief operations and enterprise risk officer. Apple Inc. is headquartered just half an hour away in nearby Cupertino, so adoption of Apple products in the San Francisco Bay Area is high, he says. When the bank’s payment processor, Atlanta, Georgia-based First Data Corp., demonstrated Apple Pay to bankers in November 2014, Olson put in Fremont Bank’s application right away. The next month, the $2.7-billion asset bank became the 23rd financial institution to partner with Apple Pay.

Apple Pay launched in October 2014, but its market is limited, for now. It can only be used by iPhone 6 users within retail stores, and within apps for the iPhone 6, iPad Air 2 and iPad mini 3. The process is relatively painless: Consumers add their credit cards to Apple’s Passbook, which stores digital documents like tickets and boarding passes. To pay within a store, the customer holds the iPhone near the retailer’s point-of-sale terminal and authorizes the sale with a secure fingerprint biometric. Apple Pay users surveyed by market research firm Infoscout in December 2014 found paying the Apple way to be more convenient, faster and more secure than swiping a credit card.

As of January 20, 2015, only 54 financial institutions were listed by Apple as participating issuers, representing less than 0.5 percent of the banks and credit unions in the U.S. but 90 percent of credit card purchase volume, according to Apple. In other words, the biggest credit card issuers have signed on. More institutions are expected to follow.

The Apple Pay platform builds on tokenization, which essentially replaces a customer’s credit card number with a more secure identification. Banks and retailers have been working toward this as the industry shifts to EMV standards to address cybercrime. The adoption of Apple Pay at $118-billion asset Regions Financial Corp. was due in part to this shift. “To be able to put tokenized transactions in place in a digital wallet, [Apple Pay] aligns underneath our EMV strategy,” says Tom Brooks, head of retail products at Regions.

Payment processors play a key role in making Apple Pay a reality for community banks. First Data takes partner institutions through the process, working with Apple and other key players—Mastercard, VISA or American Express have to create the tokens for the bank—and reviewing the institution’s policies and parameters for transaction approval, says Stephen Hug, vice president of product management for First Data.

First Data’s role as a facilitator contributed to the speed with which Fremont Bank was able to partner with Apple Pay. For a bank going it alone, “that process will take six months. It took us six weeks,” says Olson.

Will Apple Pay result in a mutually beneficial relationship for the technology giant and its partner banks? Many big retailers are notably absent from Apple’s list of participating merchants, including Wal-Mart and Target Corp. Sporadic adoption by retailers coupled with a limited pool of iPhone 6 users means most consumers still haven’t caught on with Apple Pay. For banks with an expansive customer base or locations in tech-savvy markets, Apple Pay might make sense. At Regions, many customers already used their cards for their iTunes accounts, says Brooks. The Birmingham, Alabama-based bank has not disclosed how many of its customers use Apple Pay.

Fremont Bank’s location near a technology hub meant bank leadership was willing to bet that consumers in its market would be willing to adopt Apple Pay. But adoption has been low, just “a handful of actual transactions,” says Olson. “We’re just babes in the woods on this right now. We’re hoping to continue to talk to our customer base…and try to educate people on the benefits of using Apple Pay.”

Apple keeps a portion of the fee for both debit and credit card transactions, but declined to provide numbers for this story. Zilvinas Bareisis, senior analyst with research firm Celent, estimates those fees to be around 15 basis points for credit transactions and up to 3 cents per transaction for debit. Fremont Bank doesn’t issue credit cards—it partners with First National Bank of Omaha, expected to soon be an Apple Pay partner itself—and costs seem to be low. Fremont Bank paid First Data $5,000 up front to become an Apple Pay bank. Other fees, paid to First Data and Visa, are related to tokenization. Fremont Bank pays Apple half a penny per debit card transaction. Olson estimates that each debit card registered with Apple Pay costs the bank about 13 cents per month, but the bank does not pass those costs on to customers.

One thing’s clear: Banks can’t be on the fence about Apple Pay. If Apple Pay gains traction in the future, banks that are early adopters will likely become the default choice for consumers with multiple credit and debit cards, meaning a big bank credit card will likely trump small banks and their debit cards, if those cards are added to Apple Pay later. For Apple Pay to be successful for banks, it needs to drive more customers to the bank, and banks need to see more transaction volume to make up for the shift from a traditional credit card payment to Apple Pay. Without that increase in volume, income “just moves away from regular plastic cards to mobile and Apple Pay,” says Bareisis. “The bank loses out.”

The Next Frontier in Banking: Big Data and Artificial Intelligence

12-22-14-NarrativeSci.pngTechnological change always precedes understanding of how it will change business. The web was a research tool before we realized it would change commerce and financial transactions. Smartphones flourished as “cool devices” before drawing people away from desktops. From Facebook to wi-fi, technologies have entered the world in one form only to have us discover an unexpected use that completely changes work, life and business.

Right now, we are in the midst of a sea change with regard to three types of technologies: big data, data analytics and artificial intelligence (AI). Each holds promise for banks. The question is, how can banks use them in a way that impacts what they do?

The goal of big data is clear—to enable understanding about what’s happening with a business, with investments and with clients so that better decisions can be made. However, big data conversations tend to focus on technology infrastructures (e.g. Hadoop, MapR, cloud computing) rather than how big data can help achieve business goals. This often happens when business and technology functions work together, but the discord has been amplified in financial services because these big data projects have taken years to design and implement. The result: Lots of technology but very little satisfaction.

Banks at are at a tipping point. They must take a step back and revisit what they want technology to accomplish. I believe there are three major opportunities for big data—understanding, discovery and predictability. Each is different and needs its own focus.

We now have access to years of performance data related to sales, products, divisions and branch activities, as well as customer opinions, which improves our ability to understand, communicate and make informed decisions. AI and cognitive computing have opened up new opportunities for banks, including narratives about performance that are automatically generated by a computer. The ability to transform data into language turns what machines only previously understood into information that humans can now easily understand. In the wealth advisory space, for example, advisors can access on-demand, up-to-date tailored performance summaries for their clients, giving them the knowledge they need to make the best investment recommendations.

Another objective of big data is to find new discoveries. Using statistical techniques or machine learning, data can now be used to discover relationships between separate data points, such as customer engagement, churn, transactions, sales and success likelihood. AI then transforms the discoveries of those correlations into actual explanations of identified relationships. And in its best application, the analysis starts with a business question. For example, knowing what you want to understand (e.g. “What causes us to lose a customer?”) drives the analysis process rather than taking a random walk through the data. By letting business needs drive the process, the resulting discoveries are data relationships that can actually be used.

The third opportunity for big data is to make predictions by leveraging the results of discovery and known business rules. These predictions give financial institutions the ability to recognize and respond to situations before they become problems. This technology has helped banks identify fraudulent behavior while it is happening as well as identify what the next pattern of suspicious behavior will be.

While AI-powered technologies are newer in banking, the impact is already being seen with systems that integrate well with big data applications. For example, IBM’s Watson is already providing financial advice to returning vets. Machine learning systems are automatically learning the rules used to identify fraud and money laundering. And, narrative generation is being used to automatically provide advisors and clients with comprehensive explanations about their investments that go beyond just the numbers. For both employees and consumers, these systems are making banking more efficient by freeing people from tasks that can be handled by computers.

Bridging the gap between what machines calculate and what people can understand, big data analysis and artificial intelligence have the potential to fundamentally change our relationship with computers and data. And in doing so, computers will be able to explain everything they know to anyone who needs to know it, whenever they need to know it.

A Look at what TD Bank is Doing in Mobile Banking

Toronto-Dominion Bank’s (TD) recent partnership with Moven is a material strategic move to help the bank’s customers advance their personal financial fitness. Moven, along with other nontraditional mobile banking providers like Simple and GoBank, are challenging the financial industry’s line of thinking of what a mobile banking app can be. These types of bank apps offer budgeting tools that can help customers prevent overspending and learn how to more effectively save money.

Moven, the New York-based “neobank” founded by Brett King, brings TD the opportunity to offer customers more advanced financial management tools in their mobile app, including instant notifications about spending patterns and a variety of budgeting capabilities for each purchase. It’s a mutually beneficial partnership for Moven, who will now be granted access to three million TD Bank customers in Canada.

“The TD agreement with Moven offers our Canadian customers access to leading-edge technology with a simple, convenient and innovative way to manage day-to-day financial choices alongside long and short-term financial goals,” said Rizwan Khalfan, chief digital officer, TD Bank Group. “The addition of real-time money management capabilities to the TD mobile app demonstrates our commitment to comfort and convenience and to our growing leadership in the digital banking space. Customers will be better informed on how they use their money and empowered to improve their financial wellness with each spending decision they make.”

TD is primarily located in Canada and in the northern U.S., yet consumers outside of these areas may be familiar with the bank because of TD’s #TDThanksYou campaign video that flooded the Internet this past summer, showing that TD Bank is making major advances in communicating its message in the digital age. The tearjerker video shows real TD customers being surprised by an ATM that has been transformed into an “automated thanking machine.” A voice from the ATM surprises different customers with gifts picked out just for them—a Blue Jays fan gets a personalized shirt, is surprised by baseball player Jose Bautista and gets the chance to throw the first pitch at an upcoming game. A mom of two boys is given an all-expense paid trip to Disneyland because she had never been able to take them. These and other heartfelt stories allowed the YouTube video to get over 6 million views in only one week. The video now has over 18 million views, making it one of the most successful viral videos to ever come out of the financial industry.

TD Bank’s most recent announcement about the launch of Moven is also getting the attention of the banking industry, as the majority of banks are still figuring out how to differentiate their mobile banking, while ensuring each move they make is customer-focused.

“Can I afford it?” is one of the most important questions people have to answer about their financial lives. That’s why the budgeting categories serve as one of the main features of Moven’s, and now TD’s, mobile banking app, allowing it to become more than just a list of transactions, but instead, a resource for every shopping decision. The categories are used to get people to focus on things they really need and separate that from the luxuries that can tempt people into overspending.

“If you want to get people to save money, you’ve got to stop them spending, so we’re helping them understand where they’re spending money,” said Brett King, founder and CEO of Moven, in a recent interview with The Globe and Mail. “What we start to see, after three to six months [of usage] is that people in certain categories—dining out, catching taxis—start to level off.”

Yet the financial industry may question—is teaching customers not to spend money going against the best interest of the bank? Moven and TD Bank understand that their best interest is helping customers, and one of the most valuable ways to do that is to help people spend money in a smarter way with the type of advanced technology that consumers of today demand.

Succeeding With Mobile Bill Pay

Succeeding-With-Mobile-Bill-Pay.pngWhen James C. Cherry, a banking executive with over 31 years of experience, left his position as chief executive officer for Wachovia Bank’s Mid- Atlantic Banking sector to take over a small community bank in Charlotte, North Carolina, with just a few branches, his goal was to create a competitive niche he could dominate.

“Our company is working to position itself between the small banks and the very large banks as a regional bank,” said Cherry, who is now chief executive officer at Park Sterling Bank Inc., Charlotte, North Carolina. “People don’t feel like they get the personal service they want from the large banks, yet that’s where everybody banks because they offer a broad array of products and services that the smaller banks can’t. Our objective is to exist between the two.”

The strategy is working. Over the past four years, Park Sterling has grown from three humble branches into a 53-branch institution with $2.3 billion in assets. According to Cherry, mobile banking is expected to play a significant role in his bank’s growth plans.

“I think everyone acknowledges that mobile banking is the fastest growing segment of banking services today,” he said. “I think most people believe that eventually your phone will literally be your bank.”

That could be a problem for smaller institutions that have extended online offerings to their customers but that have not yet made the leap to their own smartphone apps, according to Robb Gaynor, chief product officer of Malauzai Software, Inc., Austin, Texas, the firm Park Sterling turned to for its mobile banking platform.

“Community banks may be shrinking in numbers, but there are also community bankers who are growing their institutions,” Gaynor said.

ParkSterling.pngMalauzai works with about 320 community banks and credit unions across the country, providing them with the tools they need to connect to their customers through smartphone applications. According to the company, 55 percent of all banks with less than $15 billion in assets currently have an app. The rest are already behind.

“Being able to distinguish yourself with mobile banking services becomes really important, but it becomes especially important for a company like ours that may have a relatively small footprint in some markets relative to the larger banks,” Cherry said. “Mobile banking can allow us to play larger than our footprint.” One of the solutions Malauzai provided is called PicturePay, a program that lets retail customers take photos of their bills with their smartphones to make a payment. Cherry says that bank customers like the app better than traditional online bill pay functionality offered through the bank’s website. It’s easier to use and doesn’t require the customer to re-enter information about the payment.

PicturePay doesn’t even require the customer to use a computer to pay their bills, Cherry said. “It’s really an extraordinarily user-friendly, attractive product. It positions us very well to deliver on our tagline, which is, providing ‘Answers you can bank on.’’’

According to Malauzai, about 15 percent of the average bank’s customers will use PicturePay to process their monthly bills. That compares to about 4 percent of bank customers who typically use traditional online bill pay functionality.

“The uniqueness of these products, the fact that they’re not offered generally in our marketplace, sets us apart from our competitors in exactly the way we are trying to distinguish ourselves,” Cherry said. “This speaks to the viability of community banks. Today, bankers can get products and capabilities that previously required more scale than the smaller community banks could muster, but that can now allow them to compete very effectively with the larger banks.”

Ralph Marcuccilli is president and CEO of Allied Payment Network, the company that provides the back-end processing for the PicturePay feature. “I think what Malauzai has proven is that community banks can really lead,” he said. “They don’t have to sit back and wait for the big banks to deliver the technology that >customers are adopting. They can really be out in front of them.”

For Cherry and his institution, it’s about providing the tools bank customers want without sacrificing the feel of a community- based bank.

“We don’t market ourselves as a community bank, nor do we market ourselves as a large bank,” Cherry said. “We market ourselves as a bank that is large enough to provide customers with the solutions they need and small enough to deliver those in a personal way. We think (PicturePay) will result in increased interest in our company, which always translates into increased business.”

Leaders In Bank Innovation

Banks of all sizes are implementing innovative technologies to grow their organizations but which ones are doing it right? Filmed during Bank Director and NASDAQ OMX’s inaugural FinTech Day in New York City, four financial technology providers offer their perspectives on which financial institutions are leading the way with the latest technologies.

Saving Money on IT Contracts

Saving-Money-on-IT-Contracts.pngPreparing for a successful merger or acquisition is complicated enough without the additional burden that comes from poorly managed core services and information technology (IT) contracts. Unfortunately for many banks and credit unions, an existing oligopoly enjoyed by only five major core IT vendors nationwide has led to these contracts having an unnecessarily negative impact on mergers and acquisitions (M&A) in the financial services industry. In many cases, mergers can simply fail or cost shareholders dearly as a result.

According to a recently issued annual report by the Business Performance Innovation Network (BPI Network), “continued vendor consolidation into an oligopoly within the core processing and IT services industry has made it increasingly difficult for community banks and credit unions to negotiate fair market pricing from vendors.”

Paladin fs, LLC takes it a step further, suggesting that few existing agreements are M&A ready, and when institutions attempt to negotiate their own core IT contacts alone, they’re playing a game they are very unlikely to win. There is no efficiency in contract pricing and fair market value cannot be determined hard market intelligence and pricing data. In fact, a Paladin fs survey reveals that most institutions are paying too much for these contracts, sometimes by as much as 40.2 percent. Further, the overpayment amount varies by region.

CommunityBank.pngThe only way to overcome this risk in advance of M&A is to be better informed before opening a negotiation with these critical vendors—positioning contracts now to help with a merger strategy later. To that end, Paladin has created the industry’s only knowledge base of core IT services contract costs and favorable business and legal terms designed to protect shareholders before and during a merger. Called the Paladin Blue Book, the company leverages this intelligence to renegotiate and restructure core IT contracts for clients, saving them, on average, between $960,000 and $1.2 million over the course of a standard five-year term—without the reputational risk that comes from having to reduce staff. Additional profit improves shareholder equity and the future merger position.

“Getting the numbers right can be exceedingly difficult for an institution,” said Aaron Silva, president of Paladin fs, LLC. “Vendor sales teams are meticulouslytrained at advancing complicated contracts and are expert at delaying the contract phase until the institution has lost most of its bargaining power. Paladin has been very successful at short-circuiting this process and putting the institution back in control.”

Silva points out that timing is critical. Most institutions should begin investigating core IT options 24 to 30 months before their contracts expire. The sweet spot for signing the best deal generally falls 18 to 24 months before the existing contract ends. With less than 18 months until the contract renews, bank and credit union leaders find that their switching leverage erodes rapidly should their negotiation fail with the incumbent provider as little time remains to find another vendor, negotiate a new contract or convert services in time.

One common scenario that Paladin’s clients face is a contract that auto-renews unknowingly, saddling the buyer with an early termination fee. These fees can range in the millions of dollars. Another problem occurs when an acquiring bank learns of hidden fees and onerous terms buried in the 150+ page contract that ambush deals at great expense. For example, one recent institution acquired another to learn later that costs to recover archived item processing images exceeded $640,000.

Vendors know that each time one financial institution is acquired by another, one of the core IT vendor contracts will be abandoned. Existing contract language in 90 percent of agreements reviewed by Paladin ensures any exit from services will be as expensive as possible for the institution and even more expensive to acquire. It’s important that banks reposition or renegotiate these contracts in advance of an acquisition with these concerns in mind.

Silva says his company offers an M&A readiness assessment for any institution contemplating a merger in the future. This process has uncovered a number of these scenarios, any one of which could have doomed an M&A transaction.

There are a number of trends currently serving to drive the financial services industry toward more M&A activity. These include market contraction, a flat economy, integration demand and historically high compliance costs. But as firms are driven together, they must first ensure that the contracts governing their most important technology platforms are not positioned to negatively impact the merger. Doing this in advance of a merger has been shown to benefit both the seller and the acquirer.