Opportunity: a holistic approach to bank technology

By Kelly Trammel, Sheshunoff Management Services

A steady unrelenting reliance on technology has been part of the bank industry since some unknown marketplace merchant first used an abacus to calculate transactions. With the advent of business machines in the late 19th and early 20th century, followed by computers in the 1950s, banks have continued to build bigger, faster and more flexible technologies to process transactions, manage assets and conduct business.

Speed and efficiency create a constant customer demand for even more speed and efficiency. Internet banking is merely the tip of the iceberg as the customer’s access to bank accounts proliferates (customers now access their accounts from blackberries and cell phones). As banking is the most regulated industry in the nation, this proliferation of access and expanding capabilities has compliance examiners digging deep into automated systems to find deficiencies that could cause serious problems.

It’s not easy to work through all the regulatory checklists and advisories, and the effort to maintain and document compliance consumes most of the tech staff’s time and attention. Months are spent preparing for an IT audit. If faults are found, a flurry of activity follows to patch the holes. Finally, the bank may be compliant and operating safely.

If you stop there, you’re missing a chance to turn expense into profit. A wealth of information is flowing through the system. As processors click through their transactions, the system can contribute to revenue enhancement and marketing strategies. The opportunity is irresistible; bank management demands core processor utilities to realize the potential. There’s gold in those chips, and a well-utilized IT function will not only process and record transactions, it will deliver a healthy financial return.

There has always been a break point between large banks and small banks. Both use technology for transaction processing, but the large banks have always seemed to have a greater ability to invest wisely in technology as a way to capture more market share. The larger banks have been able to do more innovative things as a way of keeping and managing customers relationships. When you look at the alternative channels that have developed, such as Internet banking, the big banks have captured more of those customers. That’s because smaller banks treat IT as an expense, and most larger banks have used it as a way to manage and enhance customer relationships.

Technology that makes good use of the data flowing through your system is no longer cost prohibitive. Many of the functions that once required custom programming have been packaged into products that function as utilities, interfacing with the core processor to achieve specific results. Those system add-ons or “plug-ins” are now as available to small and medium banks as they are to the huge institutions corporations.

To realize maximum results, you need to look at bank technology in holistic terms. Technology development turns in an iterative lifecycle, revolving through: 1.) governance, 2.) opportunity, 3.) risk mitigation and 4.) compliance. No matter where your system is in this lifecycle, you will find your way around the four bases as time and work, passes. At each base, through each phase of the lifecycle, opportunities to assess and modify your system arise. The lifecycle begins with governance.

GOVERNANCE
The IT function rests on governance, a foundation of policies and rules embedded as instructions in the system that direct its operations. Operations staff apply the bank’s strategies for growth, customer service philosophies and business goals to immediate and long-range plans for technology developments. Before a bank can clearly negotiate provider agreements, adopt interface designs or determine operating budgets, it needs to establish a technology governance statement defining policies, procedures, and goals. Certain elements of the bank’s governance are specified in regulations and must be documented according to law. Other elements, however, are dictated solely by the bank’s plan for growth strategies that employ the information flowing through the system to effectively manage assets, generate revenue and capture market share.

Understanding the links between governance and technology often falls beyond a senior operations officer’s scope, requiring a chief information officer or chief information security officer to oversee the administration of technology strategies. Some small to medium-size banks, including at least one regional institution based in New York, retain a “virtual CIO” that oversees development of the bank’s technology action plan and consults on a part-time basis throughout the year. The bank benefits from the counsel of a professional technologist who is fully apprised of its environment without the expense of a full-time senior executive.

Governance extends into a technology action plan that looks through your system into the future. Your core system needs to grow along with the bank –your contract with transaction processing providers needs to reflect the bank’s projected growth.

Technology development evolves according to a systems requirement specification. This specification extends policies and governance into both the hardware and software that drives the bank’s IT function. The bank’s long-term plans are given real components, the strategies that produce bottom-line results get utilities and programming. Some creativity may be involved in the bridge between plans and promise, but most of the programming required to realize efficiency and effective marketing exploitation is usually available from a bank technology vendor.

When choosing a new utility for the system, make sure the software is compatible with your particular core processor. The banking industry relies on a dozen core processing providers, and dozens of companies that create utilities for those systems. Programming languages, platforms, and requirements vary between the providers. Implementation may also require training for users and support staff. All of these factors apply in the business case for systems acquisition, but generally, the benefits contribute to revenue enhancement through technology.

The core processor itself requires periodic upgrades. Most core processor contracts extend across five to seven years, with a specified service level agreement (SLA). Sometimes, the scope of the SLA fails to keep up with bank growth or does not include enhancements to the system that could produce market growth, generate new revenues or contribute to asset management. In that case, you need to start shopping.

The course to switch core processing providers needs to begin at least 24 months before the current contract expires. Most contracts require formal notice at some period before expiration, and it takes six to nine months to transition between providers. Before any of that happens, you need to know what your bank needs and wants from its core processing in the upcoming contract period. This is more than surmising possibilities – you need to establish a system specification that forecasts the bank’s plans for growth (including acquisition or merger), determines which fee revenue and asset management utilities may be desired, and fully outlines the demand and flexibility required to fully meet the bank’s needs.

You may not need to change core providers at all – you could merely renegotiate the SLAs that define your relationship with your current provider. That does not preclude the need for independent investigation and systems requirement specification. Pricing, for example, is extremely dynamic in the core processing industry. Your provider’s current capacity, competition, and development cycle heavily influences the price you pay for transaction and operations processing. You need capacity and flexibility, but you don’t want to pay more than peer institutions are paying for the same service.

OPPORTUNITY
Transactions move through your processor at the speed of light. Customers access their accounts from home, at ATMs, point-of-purchase debit machines, drive-through tellers and cell phones. Opportunity flows from the stream of information moving through the system.

One of the most productive functions a system can perform is automated customer communications. The system can be programmed to detect changes in a customer’s account patterns and respond appropriately, delivering helpful messages in a timely manner that maintain a good relationship with the customer. Customers can subscribe to various alerts. The communications can play a significant role in advising customers in accordance with regulations that require full disclosure.

In addition to automating communications, processor utilities can monitor asset valuations on an intraday basis, perform market analyses, reinforce risk management, and maintain robust, interactive Internet presence for any size bank or institution. It’s a matter of knowing what’s in the technology marketplace and how to implement the programs in your institution.

When enhancing the IT function with additional utilities, it’s important to acquire programs that fit. The utilities need to be compatible with your core system, they need to be implemented properly and sometimes customized to fit your operating environment on both sides of the computer. Often, an outside consultant can combine a detailed awareness of the technology software market with a high-level assessment of your systems to objectively assemble utilities that work well for your bank.

RISK MANAGEMENT
While risk is inevitable, managing exposure is a matter of balance. The lower the risk tolerance, the higher the risk management cost. This is where a senior bank officer must review whole systems for overall vulnerability, as well as examine specific elements for their potential to damage the bank. You have to discover and assess risk, then develop mitigating strategies to achieve maximum protection. Risk assessment must be done within realistic limits – a certain system may have minimal access, but the potential for failure could cause significant damage to the bank.

Compliance regulations require system testing and security, but the most critical motivation for managing risk is maintaining your bank’s reputation and profitability. The unfortunate truth is that the greatest exposure to risk comes from users with authorized access to the database. Most banks work hard to hire good, honest people, thoroughly vetting employees and following effective management practices. You need to survey your system for holes, conduct deep penetration testing, and assess your Internet security routines. Technology can be employed to monitor systems for anomalies and potential fraud. Systems can also detect and block improper operations, such as an attempt to download large amounts of protected information (e.g., social security numbers, and account data).

COMPLIANCE
The overwhelming acceleration of banking technologies in recent years has been matched by increasing regulatory demands. Bank technologists must maintain current awareness of the latest requirements, audit trends, and pending legislation. We identify areas of concern and make recommendations to remediate the issues. You can’t just test and remediate, you must also prepare required documentation and provide detailed reports that prove proper compliance.

If the bank has followed good practices in the other three phases of the technology lifecycle, system compliance is nearly automatic. When it comes time for an IT exam, you merely document your attention to the details, your knowledge and maintenance of a well-functioning, compliant system.

However, systems are only as compliant as their operators. The people who deliver your banking services must know and administer current regulations. One outsource company offers sophisticated software that helps your staff write and maintain policies, track readership, and assess employee understanding. This educational tool clarifies policies for your team and demonstrates person-by-person compliance.

YOU DON’T HAVE TO DO IT ALL BY YOURSELF
Where are you in the technology lifecycle? You can begin the process of enhancing your systems for greater opportunity at nearly any point in the cycle. It just takes a thorough analysis of your system and experienced, knowledgeable planning. Understand that you need to develop governance based on solid principles. Choose a solid core processor that can reliably handle today’s traffic and expand as the bank grows. Select utilities and programming that makes good use of the data in the system, and examine the system as a whole, as well as each of its elements, for potential risk If you follow the whole lifecycle, then compliance is built in by good practice.

The technology lifecycle is iterative. Whether your institution is facing an audit, repairing deficiencies or seeking better profitability, you need complete system analysis – operational performance, technology investment, risk assessment and policy compliance. You don’t have to do this on your own. By retaining a comprehensive consultancy, you can partner with an intelligent, objective third party who knows the marketplace, who works with banks similar to yours, and who’s in touch with the various regulatory agencies and best practices in the industry. We know the business, we know the technology, and we can help.