Protecting the bank involves more than keeping money safe and preventing financial crime; it touches upon all parts of the bank and the banking industry. Protection today involves securing the entire banking ecosystem and the massive amounts of customer data that banks have.
We know from this year’s CGI Client Global Insights and our annual bank consumer survey that trust is the most critical aspect of the relationship between customers and their banks. Trust also is a key attribute in the digital world. Protection, therefore, is all about banks maintaining trust with their customers, and this is especially important when it comes to digital banking. When a bank loses trust, it loses business, and we’ve seen many recent instances of this in the press.
Other key aspects of protection include loss prevention and regulatory compliance. Fraud can result in huge financial losses, not to mention reputational loss. Regulations such as the General Data Protection Regulation also add pressure. Effective protection addresses the challenges of each.
Key protection challenges facing banks
As banks become increasingly complex digital businesses, there’s a need to protect their entire organization and ecosystem, which, in turn, impacts all of their customer interactions, employees, ways of working and, of course, IT applications and technologies. Additionally, the need for speed is a challenge, requiring scale and processing capacity. Customers want to make payments and decisions immediately, and legacy systems simply can’t cope.
Automation can be a challenge in disguise. Banks are well through the basic process automation journey and are now seeking to integrate machine learning and artificial intelligence. Some managers may think automation doesn’t impact their control; but, even so, giving decision-making over to an algorithm doesn’t avoid responsibility for the outcome. An un-auditable decision by a machine or a piece of malware could make a mockery of protection, and of data protection in particular.
Of course, protection also comes with a cost. The daily cost for protecting the bank is increasing every year and is something for which the CEO may see little direct return. Estimates vary, but when you look at it from the top and across the bank’s entire organization, the cost of protection can be as high as 30% of the total IT budget. Banks are asking how they can control these costs or at least optimize them?
Strategies and technologies to address these challenges
Banks traditionally have analyzed data for anti-financial crime and sanctions processing in subsets, but today there’s a clear need for a holistic view of data, whether it’s related to customers or transactions. Once a large pool of data is collected, machine learning and artificial intelligence offer the potential to identify difficult patterns, check for false positives, improve hit rates and even proactively spot unusual activity.
Identity, on-boarding and “know your customer” (KYC) functions also are open to protection improvements. Having effective security checks in each area when the first contact occurs with the bank will prevent bad actors from the start. Of course, this isn’t just about your own customers. There also are issues involved in accepting payments from other banks and networks, as well as those from outside the bank’s domestic market. The bank has to understand the full history of a payment and the customer.
This raises an important point—protection is not an area in which banks are competing against one another. In fact, by sharing experiences, insights and patterns, they can only benefit. It’s a win-win situation. There is huge value in collaborating to protect the industry and in taking a collective stand against suspicious activities.
However, there also needs to be regulatory constraint. In general, regulators are wary of shared services, believing they let banks off the responsibility hook. Years ago, for example, CGI worked with a government to implement a protection-based shared service. Technically, it worked, and, through this shared service, useful insights emerged when looking at data sets across multiple entities. However, in this instance, the regulator didn’t allow the work to go forward due to accountability concerns.
In conclusion, banks need a protection architecture that views and manages customer data holistically across all transaction streams. This is a big challenge, but, once properly implemented, it generates equally big opportunities.
On a similar note, the silver bullet, in my view, is for banks to consolidate all protect-the-bank activities. Having multiple departments responsible for these activities is ineffective. Without a 360-degree view, banks cannot see everything and deal with the continuous threats that come at them from all sides.
CGI experts are helping banks to evaluate their current protection architecture, understand where there are issues, and implement changes that lead to more effective enterprise-wide protection. If you’d like to learn more about our work in this area and discuss your organization’s protection challenges, feel free to contact me.