The banking sector is caught in the middle of the digital transformation. Under pressure from PSD2, Basel III, Instant Payments, GDPR and wildly spiraling costs for digital infrastructure, banks are having to make major changes. How can these modern requirements be turned into a strategic advantage?
Banks are bracing themselves for the introduction of PSD2. When this directive is implemented in spring 2018, all financial institutions will have to share details of checking accounts with third parties if customers ask them to. These parties will be allowed to see the bank balance or can retrieve bank statements from the consumer’s checking account. The objective is greater transparency, more competition and more freedom of choice for customers.
PSD2 is not a threat, it’s a strategic opportunity
Some banks shy away from these new requirements and are doing the minimum to comply with the directive. By doing so they will probably miss out on an enormous strategic opportunity. By fully investing and innovating, banks can however provide a platform where they can can offer their own and other banking services. If you don’t innovate, you could lose direct contact with the customer and disappear in a sea of other white label providers who compete on price alone.
Bank systems under pressure
Financial institutions must comply with the audit requirements of European and national financial supervisory bodies. Banks must prove they are in control of their operation. If they innovate with their product portfolio, they must demonstrate that they are compliant at every stage. To do this, they might have to update their business logic their business logic and the underlying infrastructure will have to be changed. This is not particularly easy for most banks as their systems are already under enormous pressure.
Basel III (and beyond) requires massive investment from banks
This pressure will only continue to increase. Because of Basel III, banks will have to comply with stricter liquidity and capital requirements. It takes a huge amount of processing power to prove that they have complied with this. New compliance might require up to 20% increase of compute power year after year. Many banks cannot keep up with this type of investment. They are currently still using on-premise data centers. This is expensive, inflexible and potentially inefficient. A challenge to IT support at the banks is that the European Payments Council (EPC) is setting even higher requirements from May 2019.
Instant Payments demands the utmost from systems.
Currently, it often takes just a few days for an amount to be transferred from one account to another. The EPC believes this to be outdated and not customer-friendly. That is why Instant Payments will come into effect in 2019. Within the EU, transfers below € 15,000 must be settled within 10 seconds. Consequently, banks will have to make enormous investments to facilitate these lightning transactions.
GDPR sets higher requirements for data protection
To better protect European citizens and make them the primary concern, the EU General Data Protection Regulation (AVG in Dutch, GDPR in English) will be enforced from May 2018. This directive sets high requirements for protecting the privacy-sensitive information of citizens and makes them the owner of their data. As a result, banks must deal more conscientiously with privacy-sensitive data by training personnel and setting up systems differently. Databases will have to be cleaned and the collection of data will have to change and be strongly protected.
Cloud is the only way out
The need for digital innovation and the new and tightened rules probably demand more than on-premise IT architecture can deliver. Therefore, the migration of data, applications and computing power to the cloud is essential. Storage and computing power can be scaled without limits there and you only pay for what you use. Getting out of their own data centers is not an easy step for financial institutions as there is still perception that public cloud is less secured that on premise infrastructures.
Constant dialog with banks and supervisory bodies
This is all about trust. You can’t build up trust quickly, which is why Microsoft has been investing in a continuous dialog with banks and supervisory bodies since 2013 to guarantee privacy and control, compliance and transparency in the cloud. Microsoft is constantly adjusting the way it works so that banks in the cloud can innovate optimally while the data has the best possible protection. This is not just protection against hackers, but also against government bodies that might ask to get access to personal data from Microsoft’s data centers. Datacenters operated by a data trustee (ie Microsoft Germany Datacenter is currently operated by Deutsche Telekom) protects customers from US law enforcements like Patriot Act.
Data securely under lock and key
The most advanced technologies keep data protected and the property of the rightful owner. You could compare the security of an on-premise data center with a castle’s one and our Azure cloud service security with a prison’s one. If intruders overcome the large castle wall, they can easily get to everything. If they break into a prison, they are in a cell. They only see a very small piece of data that they can’t do anything with, the other part of the information might be hidden in a different cell.
Banks must innovate digitally with their products to survive. At the same time, supervisory bodies are increasing their level of requirements to stay compliant and in control of banks operations and business. These requirements have tremendous impacts on IT systems and budgets are under heavy pressure. Therefore, migration to the cloud might be inevitable if banks want to optimize their operations while serving the customer of the future, and this needs to be done in a secure and compliant way.