When it comes to information technology, speed, agility, and reliability are paramount, and generally go hand-in-hand with increased performance and productivity. But, in the financial services industry, the formula is a little bit different. Yes, speed, agility, and reliability are key to boosting performance and productivity, but banks and other financial institutions must also operate within the context of very strict security and privacy concerns — not to mention regulatory mandates. Striking a balance between agility and security can be very challenging — especially for small and mid-size institutions, and especially in an age when users willingly engage in potentially risky online behavior because the rewards are greater than the perceived risks.
Indeed, the underlying technology behind mobile, cloud computing, and social media have combined to challenge the resources of IT departments at banks — and their legacy infrastructures--to their very core. To be agile, banks need to deploy technology that supports their innovative products and services that differentiate, create customer loyalty and increase business growth. This requires banks to build secure platforms to support new technology such as mobile and social. But their legacy infrastructure is generally not up to these tasks, so upgrades or new capital expenditures are required. The trouble is, even if a bank has the money and in-house skills to upgrade legacy infrastructure to securely meet today’s needs, those needs are very likely to change quickly as new technologies and client demands emerge.
Investing in capital-intensive IT, then maintaining and supporting that infrastructure and the facilities required to house it, often puts banks at a competitive disadvantage. It siphons off discretionary funds that would be better spent on developing new products and services to remain competitive. IT consumes significant capital and operating overhead. In fact, after human resources costs, IT is the largest line item expense for banks, says Roji Oommen, Managing Director of Financial Services at CenturyLink, a managed services and network provider.
“Today, some 80 percent of the bank’s IT budget is used for the care and maintenance of the current IT infrastructure, leaving only a small amount for improving the customer experience through
technology,” Oommen explains.
So, what’s a bank — especially a smaller bank, with relatively constrained resources available — to do? The answer is certainly not “nothing.” The IT world has changed, and the historic approach of investing heavily in corporate data centers as part of a 10-year IT plan no longer is viable. Technology is changing too fast, and customers are more demanding than ever.
One of the biggest challenges for banks today is security. The landscape is changing, with sophisticated new threats and players adding to the complexity seemingly every day. “Online banking has become a prime target for cyber criminals and nation states trying to steal confidential information”, Oommen says. Keeping up can seem overwhelming, but banks that don’t risk losing, well, everything. Just one breach is often all it takes for consumers to take their business elsewhere, and the damage to a bank’s reputation is often irreparable.
To protect customer data and meet or exceed regulatory
requirements, there are several steps banks can take:
Easy, right? Unfortunately, no.
The trouble with these best practices is that they are out of reach for many financial institutions, especially small and mid-size banks that don’t have the budget or the manpower required to make it all happen. Rather, today’s retail banks are in a period of transformation, particularly regional banks that must meet the same stringent regulatory requirements as top tier banks but rarely have the technical in-house expertise or the deep pockets to compete.
Rather than building a monolithic data center that requires specially trained engineers and massive investments in support and services, today’s successful mid-size, regional and community banks may consider a hybrid IT approach — a combination of services including colocation, cloud and managed services to scale and continue to meet future requirements.
Transferring some of the burden to a managed service provider enables financial institutions to channel their energy into developing applications, products and services that will help build brands and increase revenue — rather than just closing existing security holes and girding for security threats that haven’t made themselves known yet.
Of course, when it comes to financial institutions, government regulations and compliance are very serious business. It can be difficult for banks to meet regulatory demands — a challenge exacerbated as banks try to achieve compliance using out-dated systems and as regulations shift and grow more complex.
“Bank regulations change often,” says CenturyLink’s Oommen, “and
how regulators interpret privacy and security changes over time.”
All U.S. banks, regardless of size, are required by the Federal Deposit Insurance Corporation Improvement Act of 1991 to maintain a percentage of overall capital in liquid assets based on size and the types of investments made.
The purpose of this act was to reduce the number of bank failures by ensuring banks have sufficient assets; it also means that for smaller banks to meet this requirement, they will have fewer assets available for IT investment than their larger counterparts. More recently, banks have had to meet new liquidity standards set by the Basel Committee in response to this decade’s severe economic crisis.
In addition to the mandates addressing asset liquidity, regulators also have rules about data privacy, security and the ability of customers to access their accounts — taller and taller orders these days given the 24/7 nature of computing and the number of platforms and devices customers are using.
The bottom line is that it typically costs banks more to keep up with all of these changes than it would to partner with an Infrastructure-as-a-Service provider — one that works with financial institutions of all sizes and has a staff of security professionals that provide 24/7 monitoring against potential breaches. “Even smaller banks can compete as peers with larger banks that have significantly larger budgets,” says Oommen.
According to Ovum Research, IT spending for online banking (1)
will increase considerably by 2018 (6.4 percent growth in 2014, reaching $10 billion by 2018), with other channels, such as mobile, growing even faster. This is mainly because the functionality of digital channels is maturing and customers are increasingly able to use them, the firm says.
Today’s retail banking customer is less likely to walk into a branch to conduct a transaction. According to the Consumers and Mobile Financials Services 20142 report from the Federal Reserve, 87 percent of the U.S. adult population has a mobile phone, and 61 percent of those devices are smartphones. More than half of all smartphone owners used mobile banking applications in the past 12 months, and another 12 percent anticipate doing so in the next year. And that’s just mobile banking, which the Federal Reserve defines as access to the bank from a smart phone.
More than half of all smartphone owners used mobile banking applications in the past 12 months, and another 12 percent anticipate doing so in the next year.
The same report says some 72 percent of respondents have used some sort of online banking, from a mobile device, tablet or PC in the past year. Indeed, customers are depending more and more on their mobile devices to conduct bank transactions and track their
accounts. And retail customers expect that their information
will be secure.
Here again, banks have a choice: They can invest heavily in a data center designed to meet the current data security profile of defending against breaches, or they can choose to utilize an outside partner that has the professional staffing and financial resources to address emerging threats.
Banking regulators acknowledge that customers sometimes engage in risky behaviors with their phones and mobile devices, such as checking account information over an insecure wireless network or using weak passwords. “Many banking customers today do not utilize the traditional passbook or check registers to keep track of their bank balance”, adds Tony Kroell, Senior Director of Industry Marketing at CenturyLink. “Banks have to deliver balances to remote locations instantly.”
Ultimately, says CenturyLink’s Oommen, it is the bank’s responsibility to ensure the customer transactions are safe and secure: “It’s the bank’s job to protect its customers.”
But even with some of the nation’s largest banks investing millions of dollars in hardware and software to improve the banking experience for their customers, smaller banks can compete. The key, says Kroell, is to leverage an Infrastructure-asa-Service provider that can put the regional or community bank on the same playing field as the larger banks.
But while incorporating the expertise of an Infrastructure-as-a-Service provider can give regional and smaller banks the ability to compete with larger financial institutions, picking the right provider is crucial. There is no one-size-fits-all, nor is there one approach that fits all. So how can you determine if a services provider is right for you?
Here are some items to look for that can tilt the balance between selecting and rejecting a provider:
In addition, whenever possible the potential customer should tour the Infrastructure-as-a-Service provider’s physical site.
What Operations to Outsource
A successful engagement with an Infrastructure-as-a-Service
provider will allow the bank to concentrate on enhancing its
product offerings and customer service. From an operational
expenditures standpoint, the bank will not only reduce its capital
expenditures, but will also see reduced power consumption for
systems and HVAC; as well as a potential reduction of real estate
costs, insurance expense, and facilities management expenses.
Banks that follow the approach outlined in this paper will be
well-positioned to increase revenues and focus more on the
core business of banking while shifting data center business
expenses to a professional service provider. These capital cost
savings combined with the ability to provide greater customer
satisfaction and generate new revenues will sustain and propel
the bank as it takes advantage of the Infrastructure-as-a-Service
that is transforming the financial services industry.
CenturyLink’s Hybrid Infrastructure solutions infuse agility
into IT infrastructure, whether your business is challenged
with controlling costs, managing performance, or scaling and
expanding into new markets. CenturyLink is recognized as the
No. 2 retail colocation provider, with an extensive global footprint
that includes more than 55 state-of-the-art data centers across
North America, Europe, and Asia, with over 2 million square feet
of raised floor space.
CenturyLink, Inc. is the third largest telecommunications
company in the United States. Headquartered in Monroe, LA,
CenturyLink is an S&P 500 company and is included among the
Fortune 500 list of America’s largest corporations. CenturyLink
Business delivers innovative private and public networking and
managed services for global businesses on virtual, dedicated
and colocation platforms. It is a global leader in data and voice
networks, cloud infrastructure and hosted IT solutions for
enterprise business customers.
1 Ovum Research, Retail banking IT spending to hit US$152.5bn by 2018 in reaction to consumer strength, http://www.ovum.com/press_releases/retailbanking-it-spending-to-hit-us152-5bn-by-2018-in-reaction-to-consumer-strength/
2 Consumers and Mobile Financial Services 2014, Board of Governors Federal Reserve System, March 2014 http://www.federalreserve.gov/econresdata/consumers-and-mobile-financial-servicesreport-201403.pdf
3 The Financial Brand, August 12, 2013, http://thefinancialbrand.com/32428/pew-research-online-banking-users-demographic-trends/