3 Approaches to Shaping a Bank’s Digital Future

  • To compete in this new era of heightened digital competition, it is more important than ever for banks of all sizes to stay committed to the quest of constant improvement.

WASHINGTON, DC — How should you position your bank for the future — or, for that matter, the present?  This is one of the most perplexing questions challenging leadership teams right now.  It is not a new consideration; indeed, the industry has been in a constant state of evolution for as long as anyone on our team can remember. Yet lately, it has taken on a new, possibly more existential sense of urgency.

Fortunately, there are examples of banks, of different sizes and a variety of business models, keeping pace with changing consumer expectations and commercial clients’ needs. The industry seems to be responding to the ongoing digital revolution in banking in three ways.

#1: Forge Your Own Digital Frontier

The biggest banks—those like JPMorgan Chase & Co., Bank of America Corp. and Wells Fargo & Co.—have the resources to forge their own paths on the digital frontier. These banks spend as much as $11 billion a year each on technology. Each hires thousands of programmers to conceptualize digital solutions for customers. And you know what? Their results are impressive.

As many as three-quarters of deposit transactions are completed digitally at these banks (take a minute and let that number sink in).  A growing share of sales, account openings and money transfers take place over these banks’ digital channels as well. This allows these banks to winnow down their branch networks meaningfully while still gaining retail deposit market share.

*IMO, the next step in their evolution is to combine digital delivery channels with insights gleaned from data. It’s by marrying the two, I believe, that banks can gain a competitive advantage by improving the financial lives of their customers.

#2: Look Outside For Tailored Solutions

Just below the biggest banks are super-regional and regional banks.  They too are fully embracing technology, although they tend to look outside their organizations for tailored solutions that will help them compete in this new era (rather than develop the solutions themselves).

These banks talk about integration as a competitive advantage. They argue that they can quickly and nimbly integrate digital solutions developed elsewhere—growing without a burdensome branch network while also benefiting from the latest technologies without bearing the risk and cost of developing many of those solutions themselves. It is a way, in other words, for them to have their cake and eat it too.

U.S. Bancorp and PNC Financial Services Group fall into this category. Both are reconfiguring their delivery channels, reallocating funds that would be spent on expanding and updating their branch networks to digital investments.

In theory, this makes it possible for these banks to expand into new geographic markets with far fewer branches. Indeed, U.S. Bancorp announced recently that it will use a combination of digital channels and new branches to establish a physical retail beachhead in Charlotte, North Carolina. PNC Financial is doing the same in Dallas, Texas, among other markets.

#3: Go Off-the-Shelf

Finally, smaller community banks are adopting off-the-shelf solutions offered by their core providers—Fidelity National Information Services (FIS), Fiserv and Jack Henry & Associates.

This approach can be both a blessing and a curse. It is a blessing because these solutions have enabled upwards of 90 percent of community banks to offer mobile banking applications—table stakes nowadays in the industry. It is a curse because it further concentrates the reliance of community banks on a triumvirate of service providers.

In the final analysis, however, it is important to appreciate that smaller banks based outside of major metropolitan areas still have a leg up when it comes to tried-and-true relationship banking. Their share of loans and deposits in their local markets could even grow if the major money-center banks continue fleeing smaller markets in favor of big cities.

Smaller regional and community banks dominate small business loans in their markets—a fact that was recently underscored by LendingClub Corp.’s decision to close its small business lending unit. These loans still require local expertise—the type of expertise that resides in their hometown banks. The same is true of agriculture loans.

Let’s Not Forget: Banks Are Still Banks

Trust is still the top factor cited by customers in the selection process. And loans must still be underwritten in a responsible way if a bank wants to survive the irregular, but not infrequent, cycles that define our economy. The net result is that some community banks are not only surviving in this new digital era, they are thriving.

But this isn’t a call to complacency—far from it.

About That Elephant Coming Out of the Corner (*hello cyber security & banking)

Last summer, a cyberattack on JPMorgan Chase by Russian hackers compromised the accounts of 83 million households and seven million small businesses.  While the New York Times reports the crime did not result in the loss of customer money or the theft of personal information, it was one of the largest such attacks against a bank.  A data breach like this illustrates the clear and present danger cyber criminals pose to the safety and soundness of the financial system.  In my opinion, there can be nothing more damaging to the reputation of, and confidence in, the industry as a whole than major security breaches.

Yesterday, Bank Director released its annual Risk Practices Survey, sponsored by FIS, the world’s largest global provider dedicated to banking and payments technologies. As I read through the results, it became immediately apparent that cyber security is the most alarming risk issue for individuals today.  So while I layout the demographics surveyed at the end of this piece, it is worth noting that 80% of those directors and officers polled represent institutions with between $500 million and $5 billion in assets — banks that are, in my opinion, more vulnerable than their larger counterparts as their investment in cyber protection pales to what JPMorgan Chase, Wells Fargo, etc are spending.  In fact, the banks we surveyed allocated less than 1% of revenues to cybersecurity in 2014.  Accordingly, I’m gearing my biggest takeaway to community bankers since those individuals most frequently cited cyber attacks as a top concern.

Interestingly, individual concern hasn’t yet translated into more focus by bank boards. Indeed, less than 20% say cybersecurity is reviewed at every board meeting — and 51% of risk committees do not review the bank’s cybersecurity plan.  As I read through our report, this has to be a wakeup call for bank boards. While a number of retailers have made the news because of hacks and data thefts, this remains an emerging, nuanced and constantly evolving issue.

It would not surprise me if bank boards start spending more time on this topic as they are more concerned than they were last year. But I do see the need to start requiring management to brief them regularly on this issue, and start educating themselves on the topic.  In terms of where to focus early conversations if you’re not already, let me suggest bank boards focus on:

  • The detection of cyber breaches and penetration testing;
  • Corporate governance related to cyber security;
  • The bank’s current (not planned) defenses against breaches; and
  • The security of third-party vendors.

Personally, I don’t doubt that boards will spend considerably more time on this issue — but things have changed a lot in the last year in terms of news on data breaches.  If bankers want to start assessing the cybersecurity plan in the same way they look at the bank’s credit policies and business plan, well, I’d sleep a lot sounder.

So I’ll go on record and predict that boards will become more aware and take on a more active role in the coming months — and also expect that regulators will start demanding that boards review cybersecurity plans, and that all banks have a cybersecurity plans.  To take this a step further, check out this piece by the law firm Arnold & Porter: Cybersecurity Risk Preparedness: Practical Steps for Financial Firms in the Face of Threats.

About this report

Bank Director’s research team surveyed 149 independent directors and senior executives of U.S. banks with more than $500 million in assets to examine risk management practices and governance trends, as well as how banks govern and manage cybersecurity risk. 43% of participants serve as an independent director or chairmen at their bank. 21% are CEOs, and 17% serve as the bank’s chief risk officer.

The Bank Audit & Risk Committees Conference – Day One Wrap Up

Fundamentally, risk oversight is a responsibility of the board.  One big takeaway from yesterday’s Bank Audit and Risk Committees conference (#BDAudit14 via @bankdirector): the regulatory framework has changed considerably over the past 12 to 18 months — with less focus being placed on things like asset quality and more on operational risks and new product offerings.  To this end, I get the sense officers and directors cannot always wait for the Federal Reserve or other agencies to release guidance to get a sense of the potential impact on their institution.

photo-13
Frank Gehry’s Chicago masterpiece

Trending Topics

Overall, the issues I took note of were, in no particular order: (a) when it comes to formulating a risk appetite, no one size fits all; (b) a bank’s CEO and/or Chairman should establish a formal, ongoing training program for independent directors that provides training on complex products, services, lines of business and risks that have a significant impact on the institution; (c) bank examiners are increasingly asking more probing questions regarding new products and services & third-party vendor risk; (d) the DOJ’s “Operation Chokepoint” use of the banking system to identify fraud and criminal activity in certain areas perceived as high risk was mentioned in three different general sessions; and (e) cyber security is the hot topic.

A Two and a Half Minute Recap

##

To comment on this piece, click on the green circle with the white plus (+) sign on the bottom right. More from the Palmer House in Chicago, IL later today on twitter (@aldominick) and again tomorrow on this site.

Three Thoughts on Banks and Risk

I’m heading out to Chicago and Bank Director’s annual Bank Audit & Risk Committees Conference.  The agenda — focused on accounting, risk and regulatory issues — aligns with the information needs of a Chairman of the Board, Audit and/or Risk Committee Chair and Members, Internal Auditors, Chief Financial Officers and Chief Risk Officers.  Before I welcome some 300 attendees (representing over 150 financial institutions from 39 states) to the Palmer House, I thought to share three things that would keep me up at night if I traded roles with our attendees.

The Bean

(1) The Risk of New Competition

For bank executives and board members, competition takes many forms.  Not only are banks burdened with regulation, capital requirements and stress testing, they now have the added pressure of competition from non-financial institutions.  Companies such as Paypal, as well as traditional consumer brands such as Walmart, are aggressively chipping away at the bank’s customer base and threatening many financial institutions’ core business — a fact made clear by Jamie Dimon, the CEO of JPMorgan Chase, at a shareholder meeting this February.

“You’d be an idiot not to think that the Googles and Apples  .  .  .  they all want to eat our lunch.  I mean, every single one of them.  And they’re going to try.”

To this end, I find myself agreeing with Accenture’s Steve Culp, Accenture’s senior managing director of Finance & Risk Services, when he writes “banks need to keep developing their risk capabilities, skills and talents, and align these skills with their agenda around future growth. If they don’t align their growth agenda with their risk capabilities—building a safe path toward growth opportunities—they will miss out on those growth opportunities.”  While I plan on diving much deeper into this topic following the conference, I definitely welcome feedback on the issue below.

(2) The Risk to A Reputation

While the Dodd-Frank Act requires publicly traded banks with more than $10 billion in assets to establish separate risk committees of the board, and banks over $50 billion to additionally hire chief risk officers, I’m seeing smaller banks proactively following suit.  Such additions, however, does not absolve directors and senior managers of financial institutions from preparing for the worst… which is easier said then done.   In some ways, a bank’s reputation is a hard-to-quantify risk.  Anyone can post negative comments online about an institution’s products, services or staff, but one only needs to look at Target’s financial performance post-cyber hack to realize that revenue and reputation goes hand-in-hand.

(3) The Risk of Cyber Criminals

Speaking of Target, earlier this year, Bank Director and FIS collaborated on a risk survey to pinpoint struggles and concerns within the boardrooms of financial institutions.  As we found, tying risk management to a strategic plan and measuring its impact on the organization proves difficult for many institutions, although those that have tried to measure their risk management program’s impact report a positive effect on financial performance.  What jumps out at me in the results of this research are the concerns over cyber and operational security.  Clearly, the number of “bad actors” who want to penetrate the bank’s defenses has increased exponentially, their tools have become remarkably sophisticated, and they learn quickly.  I read an interesting piece by an attorney at Dechert (sorry, registration required) that shows the analytical framework for cyber security is very similar to what most directors have focused on in their successful business careers: people, process and technology.  But theory is one thing, putting into practice a plan to protect your assets, entirely different.

##

To comment on today’s column, please click on the green circle with the white plus sign on the bottom right. If you are on twitter, I’m @aldominick. Aloha Friday!