Reports from four key research firms are consistent in the finding that compliance and security needs loom large — in particular, for the big banks.
Senior executives say that they are striving to meet those needs, while still pursuing more innovative projects aimed at growth. In this story, Bank of America, Fifth Third Bancorp and E-Trade all recount their experiences with these issues, and how they are allocating their budgets.
"Compliance and regulatory requirements are sucking up IT dollars and are placing a noose around the necks of banks as they attempt to innovate and work on new projects," said Jacob Jegher, a senior analyst at Celent LLC.
Investments related to compliance and security are top technology priorities for 55% of banks, according to Celent's most recent examination of bank technology spending patterns. The findings, released last year, reflect Celent's "considered opinions and research of market trends, sizes and participants." Customer relationship initiatives are a top priority for 45% of banks.
Similarly, Financial Insights said in a report released in October that bankers' No. 1 priority for next year will be managing the "explosion" of data that has occurred, "especially in light of Basel II and other compliance initiatives, which have extensively relied on data and information." The report, issued by Jeanne Capachin, the International Data Group unit's vice president of global banking, also cited data security as "arguably the single most important concern for IT professionals in banking."
Financial Insights surveyed 180 bankers about projects planned for next year and then took input from its global analyst team to determine the ranking of priorities.
All these findings are in sync with a TowerGroup report released this year on banking's top 10 business drivers and related technology initiatives. Increased risk of fraud and an aggressive regulatory environment were cited as the top two business drivers.
With compliance near the top of bankers' to-do lists, "resources are being consumed and other initiatives are being delayed," Jim Eckenrode, a global banking research fellow at the independent research firm owned by MasterCard Inc., wrote in the report.
KPMG LLC affirmed heavy spending by bankers on compliance in a survey released in July on global anti-laundering efforts. An independent U.K. research firm commissioned by KPMG conducted telephone interviews with 224 senior executives at banks drawn from the world's top 1,000 by Tier 1 capital.
According to the survey, anti-laundering costs, which typically take up the biggest chunk of compliance spending, have soared over the last three years — particularly in North America, where bankers estimated their anti-laundering costs have increased 71%, compared with the 58% increase reported by all respondents.
Current spending on compliance is a sea change from years past. Charles Bowman, the global compliance executive at Bank of America Corp., did not even have a technology budget when he started in his current position in 1999. "I've learned more about technology in the last five years than I ever would have thought."
At B of A, compliance-technology spending comes out of different budgets, depending on the nature of the project, Mr. Bowman said.
Some major projects that require changes to customer-facing information systems are managed within the budgets of front-line business leaders, he said. Others that require large system changes, such as meeting requirements for the Basel accord or the Sarbanes-Oxley Act, involve heavy collaboration with the global head of technology.
Mr. Bowman also controls a small technology budget of his own that is part of the overall risk management budget. His budget is used to fund "tools of the trade" for tasks such as collecting information and monitoring and analyzing risk.
"The good thing is, there is total transparency around all of those budgets," he said. "The art is in coordinating and maximizing our investments."
Raymond Dury, the chief information officer at Fifth Third Bancorp, said it also tries to coordinate compliance and security expenditures with other ongoing technology initiatives. Rather than considering compliance needs after the fact, Fifth Third seeks to incorporate them into the process of building or buying technology, Mr. Dury said.
Compliance is "not a weight on top," he said. "It's inherent. If you do it correctly to begin with, you don't have as much of a burden."
Bankers agreed that using technology instead of manual methods is critical in keeping compliance costs down.
"We'll invest in hardware and software versus people all day long," said Greg Framke, the chief information officer of E-Trade Financial Corp.
Mr. Bowman echoed that sentiment. "You can't be adding people," he said. "That's always more expensive." B of A, for example, used automation to decrease the time it takes to handle suspicious activity reports from eight hours to two, he said.
One knock against compliance spending is that it cannot be measured using the return-on-investment scenarios typical in other technology areas. Generally, the amount spent on being compliant far exceeds the fines an institution might be forced to pay for not meeting its obligations.
It is the incalculable risk of reputation loss that makes the investments worthwhile. B of A has tried to measure the value of its compliance spending through a score it developed: the compliance program effectiveness indicator. Developed four years ago and still evolving, the score takes into account seven factors — including management accountability, monitoring, and training — to score each business line's effectiveness in meeting compliance obligations.
The scores, compiled every quarter, often give managers ongoing insights about what is happening in their businesses, Mr. Bowman said. For example, the scores might reveal an increase in brokers that are selling investments that are too risky.
Compliance efforts can add value in other ways. When B of A's compliance group started using the Charlotte company's data warehouse for its own customer information requirements, it ended up improving the database, he said.
"The level of quality and precision [of data in the warehouse] required is much higher for our purposes than for marketing," Mr. Bowman said. "Now that data is also available to other parts of the company to service customers."
Not just serving customers, but also strengthening relationships with them, remains a concern.
An emerging trend in banking is to price products according to the specific relationship a customer has with the bank, Mr. Jegher said. Institutions are attempting to do this in two ways: offering discounted prices when multiple products are purchased at the same time and offering dynamic pricing, in which a customer is quoted a particular figure on, say, a certificate of deposit according to information from the application and the kind of relationship the customer already has with the bank.
At E-Trade, a major customer-related initiative has been to produce more precise reports about its customers around the world.
"We can do a lot now, but not with the same granularity as with our U.S. customers," Mr. Framke said. The plan is to extend E-Trade's current customer data warehouse globally, and it will be able to do so cost-effectively because the warehouse was revamped a couple of years ago, he said. It replaced its single large database, "a mainframe equivalent," with distributed Linux-based systems running International Business Machines Corp.'s DB2 database software.
The new setup allows E-Trade to "produce a lot more work in the same time," Mr. Framke said, and its flexibility has improved the accuracy and precision of customer data going to the marketing and other departments.
Now E-Trade will extend those benefits globally. Because the database runs on small, Linux-based machines, rather than a big, mainframe-type system, the company can increase the capacity for global use cheaply and easily, he said.
According to Mr. Jegher, even though institutions were supposed to complete their assessments of how to improve online customer authentication by the end of last year, security remains a top priority. Most institutions responded to regulators' requirements for multifactor authentication by implementing a system for their online banking operations, he said, but many have not addressed the regulators' requirements for telephone and mobile banking. "So there's still a lot of work," Mr. Jegher said.
In the short term, banks probably will work to abolish poor practices, such as having customers use their Social Security numbers to identify themselves over the phone, he said. The banks also may require customers to answer questions known only to them, and in cases involving large transactions, bankers may call customers back at telephone numbers they previously provided.
Over the next three to five years voice biometrics will become more prominent as a method of authenticating customers, Mr. Jegher predicted.
E-Trade was one of the first institutions to deploy a way of authenticating online users beyond just a password. It is giving some of its customers tokens featuring an ever-changing string of six digits that they type in along with their passwords.
Now it is looking for ways to make the authentication experience more convenient, Mr. Framke said. "It's a fine line between customer convenience and 100% security. It's easy to build technology, but it's harder to make it work so it's not hitting customers in the face."
One possibility E-Trade is exploring is to build the changing six-digit window directly into a credit or debit card to eliminate the need to carry a separate token, he said. The company also is looking into delivering one-time passwords through text messages.
Technology executives face other pressures besides regulatory and security burdens. Faster payback times, intractable maintenance costs, and a desire by senior managers to drive organic growth are adding to CIOs' challenges.
Celent found that a majority of bankers (57%) seek returns on their technology investments in 12 to 24 months, while 29% are more aggressive, seeking returns in 12 to 18 months. According to Mr. Eckenrode of TowerGroup, some bankers are requiring paybacks in less than a year.
"It's becoming an increasing challenge," he said.
Maintenance costs continue to eat up the bulk of banks' technology budgets. TowerGroup estimates two-thirds of the typical bank's tech budget goes toward maintenance, while Celent puts the figure at 80%. The good news, according to Celent, is that most technology budgets are rising, with increases being put toward new technology rather than maintenance. Seventy-three percent of the banks Celent surveyed said their tech budgets are increasing; 50% said the budgets are rising 4% to 5%, while 25% said the budgets are rising 10% or more.
Mr. Dury said Fifth Third is attacking the maintenance problem by investing progressively in its operations infrastructure. Excluding the Federal Reserve Board, Fifth Third is the fourth-largest processor of check images in the country, according to SVPCO, and it is getting "huge efficiency gains from that."
Next year Fifth Third plans to continue rolling out branch image capture systems, which let bankers convert checks into images as they hit the teller window or soon after. It also will continue installing Web-based remote deposit capture at corporate customer sites. Previously it used a software-based system to let corporate customers send in check images, but that system was more difficult to install and manage, he said. Mr. Dury also meets weekly with Fifth Third's head of operations to discuss projects aimed at company efficiency.
One such project has led to the creation of workout teams in the customer service department. Once a pattern of frustration becomes evident, a team goes to work on remedying the issue, Mr. Dury said. "It's really geared toward not solving the same problem 500 times."
E-Trade also is aiming to improve productivity so it can bring new products to market quickly and cheaply. For example, it recently came up with a software development method that takes advantage of open-source technology and can reduce the time required to write an application from hours to minutes, Mr. Framke said. It also is looking at a "community" software development method that will promote collaboration among all of E-Trade' developers globally.
Mr. Eckenrode wrote in his report that banking companies are continuing to grow through acquisition, but "most banks also trumpet the virtues of organic growth." Mr. Dury said he is familiar with this seeming contradiction, having been put in charge of integrating two recent acquisitions at Fifth Third while supporting organic growth. He addressed the challenge by pulling together a team of employees skilled in integrations and supplementing their efforts with subcontractors. The goal is to ensure resources are not taken away from efforts aimed at supporting organic growth, he said.
At an earlier time Fifth Third was more likely to put all its technology resources toward the integration effort and perhaps let some products be delivered late, Mr. Dury said. "In the past we were willing to make those sacrifices. Now we want to balance both of them and do as much as we can."
Ms. Costanzo, American Banker's technology editor from 1998 to 2002, is a freelance writer in Maplewood, N.J.
