B of A's Bessant on AI, Blockchain, Patents and Swift
NEW YORK — Cathy Bessant, the chief operations and technology officer of Bank of America, says banks shouldn't see themselves as fintech companies.
They use technology, for sure, but they are not pure fintech in her view for one major reason: Their customers have much higher expectations of reliability.
Fintech can be experimental, and it can fail without making much of a difference. Bank of America has no such luxury.
Catherine Bessant, head of global tech and ops at Bank of America, shares updates on her bank-wide IT streamlining project, new technologies the bank is testing, and tech terms she'd like to see eliminated.April 29
Banks used to have almost no involvement with the U.S. patent system, but recently some large institutions, like Bank of America and JPMorgan, have begun locking down intellectual-property rights. The effort appears to be aimed at fending off patent trolls, and it raises fresh questions about which activities are legitimate for financial institutions.July 2
Cathy Bessant, who has a new C-suite title at Bank of America, builds confidence by taking on challenges that scare her. She also takes on technological decluttering and gender equality.September 22
Bank of America's ops and tech chief is looking to discuss the Internet of Things, innovation, diversity and recruitment at this week's global wholesale banking conference.October 10
Bank of America has nearly three dozen patents pending related to blockchains. More banks are expected to seek patents as the technology associated with cryptocurrencies creeps closer to widespread use.February 1
The drumbeat of news about hackers stealing millions of dollars by gaming the Swift interbank messaging system should have been a wake-up call for banking executives, but it's unclear how many of them answered it. Is it too late for them to shore up their defenses?June 1
"The potential cost of failure at scale is something to be avoided," Bessant said Tuesday during a session at the Exponential Finance conference hosted by Singularity University and CNBC.
Banks can still be innovative, she said, pointing out that "not all wine that is great is made in Napa." In other words: Banking innovation happens outside Silicon Valley fintech firms, too.
After her talk she sat down with American Banker to cover a variety of tech-related topics. Here is an edited transcript of that conversation.
Let's start with screen scraping. Wells Fargo announced it has created an application programming interface to replace screen scraping for small business. How's Bank of America tackling this issue?
Clients want to give third parties access to their banking data. The customer demand is not something to be denied. Our stated objective is making our customers' financial lives better, so if a customer wants to give an aggregator access to their financial data, it's our job to figure out how to do that safely and in a way that we can continue to operate.
Screen scraping is low-grade technology. It is not really scalable. The key is an API-based way. That allows third parties to access data in a scalable way without using up all of our bandwidth. That's the best forward-looking thing to say. To do that, we have to work with the individual aggregators. There is no one-size-fits-all. But there are risks associated with the system today. We can't control how often aggregators come in. Sometimes it is hard to tell good traffic from bad traffic.
I wish customers would worry more about safety than they do. There is not enough attention paid to the potential risk from a data-movement perspective.
There is a lot of motivation. Customers want the capability, and we all have a stake in figuring out the future.
Let's talk about blockchain. What's your take on where the distributed-ledger technology currently stands as a disruptive force in banking? Also, why has B of A been so bullish about patenting innovation related to blockchain?
There's no question that blockchain is really interesting as a technological advancement. In banking, an at-scale use case has yet to be made. It is likely that we'll find that faster and cheaper in terms of the digitalization of middle- and back-office functions will be a really good use case, but is yet to be made. As it relates to closed-loop distributed ledgers versus public ledgers, there is a lot left to learn and think through in terms of commercializations and how to protect customers in those arenas.
People say I'm contrarian. I love the technology, but it needs to be directed towards solving a problem or capturing an opportunity.
Our patent work is important to us. Banking is technology, technology is banking. With changes to U.S. patent law, from first to invent or create to first to file. That changed a few years ago. Prior to that, as long as you could prove you were the first inventor you could assert your patent. Now, it is first to file, and it completely changes the dynamic. Focusing on intellectual property protection as a strategy is a must-do.
We said about three or four years ago, "We've got to get good at this." We massively ramped up our intellectual property expertise and discipline. We're focused on capturing internal, early-stage invention into intellectual property that is defendable.
The whole thing about blockchain, intellectual property and patents — while we don't know all the commercial applications, when we find an opportunity related to blockchain, we want to be early and we want to be aggressive about understanding where those advantages might be and protecting them.
Does that strategy put you at odds with the tech community that has embraced open-source software?
The tech community wrote the book on suing each other over intellectual property.
A regulated financial institution that is protecting people's money can, to some extent, use open-source. We are increasing our leveraging of open-source, certainly. But, the requirement that we really, really understand where our source code comes from, we understand its lineage from moment of concept to the moment we deploy it, that is sometimes tough to do in an open-source environment.
So, it will be part of our mix. It will likely not be the dominant part of our mix.
Streamlining the technology and operations of Bank of America has been a major theme of yours since you took on the job in 2010. Where does that effort stand?
We continue to drive for simplification. Any place where we can take nine business-intelligence capabilities and mold that into two or three — those opportunities to simplify are important to us. It makes us better, it lowers risk and it is cheaper. It is a triple-whammy win.
We still have two or three places where we'd like our platforms to be more modern and contemporary. In large part, we've brought the company to contemporary standards and in some places, like software-defined infrastructure, we're are pushing the edges.
So, we're a large part of the way through our simplification, but not by any stretch done. It's the kind of thing where you'll never be done.
Something that is discussed a lot these days is the two speeds of banking — the fast speed is customer demand in a digital world, while legacy technology is the slow speed. Does the simplification help you bridge those two speeds?
Part of our modernization effort is figuring out how to build the company we would have built if we were built now. Every time we approach a re-platforming or the solving of a business problem, we think about how to match the pace of demand with the ability to meet it or exceed it.
What can you share about B of A's reaction to the recent news of hackers gaining access to the payments-related messaging system Swift?
It underscores the growing sophistication of cyberthreats. It underscores the importance of understanding everyone in the value chain and the potential vulnerabilities they have. I think we've always been focused on the risks that come with financial market utilities and central clearing parties. Because they are systemically important by definition, they need to be the epitome of safety. We are all going to be pressing for the level of investment in information security for everyone because we are only as strong as the weakest link.
How much can you really do when that weakest link factor exists?
There are lots of techniques — segmentations of systems, for instance.
Prevention is one thing. In a multiplayer environment, prevention is hard. But that's where detection and mitigation come in. The tougher it is to prevent, the better detection and mitigation has to be.
Can you share any specific things that your team did following the news of the cyberheists?
On purpose, none of us talk very much about specifics. But the best thing I can say is that anytime we see something in the market that we haven't seen before we examine our own potential vulnerability and we work to be part of the solution.
Your customers will soon be able to get cash from the ATM via their phones. In that regard, mobile switches from a channel to the glue, right?
Mobile is the branch.
How does that shift the revenue model then? Isn't a lot of the revenue model tied to the legacy branch network?
I don't think it is tied to the branches as much as it is tied to the capabilities. For instance, it is tied to the deposit, to the provision of bill-pay services, to getting investment assets. It is less tied physically than ever before and more driven by the capabilities, and technology brings capabilities closer to our clients.
Done well, it is an enhancement to the revenue model, not something that backs us away from it.
This is a place where we could be disrupted if we simply said we have a place-based revenue model and we are going to defend it. Because if we weren't figuring out the revenue model in a mobile world, someone else would. That is the model people want; the failure to figure that economic model out is unthinkable.
What are your thoughts on using artificial intelligence to replicate human interactions?
Sometimes we as technologists get it backwards. We talk about AI or blockchain and how to apply those technologies. Our strategy at B of A is to understand the customer need and then figure out what the technology is to get us there.
If what I'm after is a human experience, what are my options?
We announced recently that we are going to use the Facebook Messenger bot. That is a way of letting technology solve the issue of people wanting to have a closer, human connection.
As a large bank, how do you grapple with the shortening of the innovation window? Testing something for two years before rolling it out is likely not viable anymore, is it?
We do have to shorten it, but there is such a thing as too short. Think about mobile check deposit. We were not the first to deploy it. We were probably slower to the marketplace than some others. But in the marketplace, error rates were out-of-this-world high initially. It was a problematic customer experience. We stayed in a testing mode longer, so we may have appeared less agile, but by the time we deployed our error rates were half of what the industry was seeing.
It is the constant push and pull — customer experience, speed to market and protection of the firm. Those are the three points of intersection that are important. Fintech companies or emerging tech companies can afford a high failure rate. In our case, if we fail with something tiny we fail in front of our 30 million consumer customers.
Anything else you'd like to add?
In the old days, we used to talk about front office and back office. I try not to use those words. Then we talked about technology and the business partnering. I've completely changed my thinking about that. Technology and banking are one. (Points to iPhone) You can argue with me if this is a channel, a product, a capability, what is it?
An extension of my hand.
It is you. That's right. But is this the business or the technology? It doesn't matter. It is your hand. So the distinctions we make in banking, don't really have relevance in the go-forward environment. I like that. It plays to our ability to attract talent in the technology space. It plays to our ability to have great business people think as great technologists because they have to. It's the future organizing principles — how we are going to think about talent, risk management? You can't separate big data from great risk management. You can't separate big data from a great client experience. In a world of filing [comprehensive capital analysis and review plans], you can't separate big data from stress testing.