You could forgive Andres Wolberg-Stok for sounding a bit gleeful about his new role at Citigroup.

In a newly created position, the 14-year company veteran is setting the bank's strategy for mobile devices, wearable devices, and the Internet of things. He's integrating voice and facial recognition, wallets and digital payments into Citi's consumer platforms. And perhaps most importantly, Wolberg-Stok is overseeing a wholesale shift to an application programming interface model for all Citi consumer channels. This change will let software developers quickly create new apps for the bank.

"It's just a lot of fun, with the potential to really move the needle," Wolberg-Stok said in a recent interview.

These projects address several challenges faced by most U.S. banks today, especially the large banks: the increasingly high bar consumers set for mobile apps, the oncoming tsunami of Internet-connected "things" to which banks need to adapt, and the wave of new payments solutions, most from nonbanks, with which they need to learn to work.

The API project answers an especially thorny problem for large banks with legacy systems: how to quickly offer innovative apps that work with core systems that in some cases are 20 to 40 years old. The new APIs under development will let new apps easily work with existing code as simply as Lego blocks, Wolberg-Stok says.

In his new job as global head of emerging platforms and services, he reports to Melissa Stevens, the head of digital for Citi's global consumer bank (who in turn reports to Heather Cox, the consumer bank's chief client experience, digital and marketing officer).

In a wide-ranging conversation, American Banker spoke with Wolberg-Stok about his new job, how the bank plans to use APIs to open up its core data to new applications, and how banks like Citi might take advantage of wearables and the Internet of things.

The number of banking customer touch points keeps growing: you had branches and phones, now you have smartphones, tablets, self-service kiosks, wearables.
Exactly. Now come TVs and refrigerators. Everything ends up becoming a client channel. We're facing an atomization of channels.

If we had any notion that we'd be making decisions on behalf of the customer about where and how they access their data, that's totally out the window now. Instead we just have to figure out how to make that data available to them everywhere and let them choose the time and manner in which they use it. There's no way you could manage this explosion of channels or microchannels in the same way that you could manage your digital channels when you had one or two or three.

How does the growing number of consumer touch points and the "atomization of channels" change what the bank is doing?
First, the idea of managing channels as more or less verticals, as most of us have been doing, needs to be changed.

The way to tackle and manage that atomization of channels is by atomizing your services, and that means decoupling as quickly as possible from long data center cycles and point-to-point coding, where you need a particular piece of data and have to go get it from this or that service. This is why moving to a much clearer contract between channels and your backend systems, for instance through APIs, is necessary. You have to decouple. 

When you talk about atomizing your services, what does that mean —  breaking them down into components you can reuse in different places?
Yes. You can no longer assume that in every channel you'll have the same linear experience and want to do the same things. Increasingly, on mobile everybody wants to do everything. Just a couple of years ago, it might have been acceptable to say, "to do this or that,please visit our website." This is increasingly not ok. But when you start to deal with little pieces of data, it has to be the right data, the right transaction in the right place at the right time. That is no longer a linear experience that is contained within a channel. It could be a segment of data or a transaction on a wearable, but it also has to be a cohesive experience across channels, all different from the way we're used to looking at things. 

Are you rewriting a lot of your basic core code to create these APIs?
No. I don't think you have to rewrite all the back ends, you just have to make it a lot easier for existing and front end channels to plug into those and get the services and the data they need in simple, predictable ways. It has to form like Lego blocks, so simple a child can put it together, where figuratively you have these services and types of data on the shelf, and you look up and grab the ones you need and put them together and you don't have to spend a lot of time figuring out ways to communicate with those services.

Is it going to be like the Apple Store, where Apple puts out its basic code, developers create apps for it and Apple vets the apps?
Yes, under controlled circumstances. This is what we started to do with the Citi Mobile Challenge, letting third-party companies access certain data sources under very controlled conditions. They don't ever get access to customer information, but they could build interesting new services using our data and services. Obviously that's not something you open up to just anyone, but to select partners. The main customer for these new, simple, easy to use, elegant services will be our own channels. They need to move faster. 

What will you be able to do when all of that is in place?
Oh, it will be a different world. I think decoupling is necessary to be able to meet customer expectations with our increasingly rapid evolution of channels. It's essential to pursue rapid partnerships with third parties. Whether it's putting your data and services elsewhere or bringing in services and useful new features, it has to be plug-and-play in both directions, with speed to market and ultimately costs as well. 

A lot of banks are still wary of wearables. How do you look at that? are you actively building apps?
We're actively experimenting, we think we have to get ahead of the curve. Wearables are going to be part of our lives. I don't think that's in question any more. The only question is, why would you wait to prepare for that and ensure that your customers' data is available to them on whatever type of device they choose to live their digital lives? 

You obviously can't do everything. You're probably not creating Pebble, Android, and Apple watch apps. How do you prioritize?
The way to prioritize is to focus at first not on which actual wearable to write for but the capabilities you're going to need to serve wearables in general. That means figuring out which essential services you need to componentize so they become available to whichever wearables or other channels you want to start providing.

You don't begin at the front end. You begin by making sure the right data is available. This is why all of this is tied together neatly from all the way in the data center to the wearable. It is why you have to reconsider channels no longer as verticals, but as venues that need to be consistent across channels in ways they haven't been so far.

Are you thinking about the Internet of things, in which eventually our refrigerators, toasters and washing machines will communicate with us and send us email?
You can look at this through a big data lens and think about your definitions of big data, how does that change when you suddenly throw into the mix the new universe of data that's going to come from all these connected objects?

So it broadens your horizons?
It does. It also increases the challenge of figuring out how to parse the data in ways that are useful from a business perspective. As regards segmentation, customer behaviors, there are several additional dimensions in the universe that are opening up. It's not necessarily about the washing machine involving a transaction, but how much more data does the customer have at their fingertips about their own behavior and what do they choose to share of that with the companies they trust? And what can those companies usefully do with that for that customer? 

Can you think of a scenario where a bank like yours will be able to harness data captured by the Internet of things?
Today you go into a store and browse for stuff and then you have to take it to the register and somebody has to scan it all in. You have to make a payment, you get a paper ticket, and as you are walking out maybe someone checks that what's in the bag corresponds to what is printed on your paper receipt. If everything's connected and aware of everything else, then you should at some point be able to walk out with the things you want and not have to think about making a payment. It's more about whether you have to actively think about that or whether you can delegate that to the smart network around you, and then you're just delegating those low-value-added tasks that smart things can do for you. 

You have to hope you don't have a sticky-fingered child with you.
You also have to think about that today. The idea is that eventually your wearables will radiate a cloak of value around you that pays for you when you perform certain behaviors, so you don't have to stop and pull out of a wallet a token of that value as plastic is today. It's just part of your digital aura.

That digital aura could also make you known to advertisers, merchants and others to the extent you wish, to the extent it enables you to receive better offers, better terms, better promotions, offers that will be of more interest to you. It's a two-way street. 

Some scoff at the Internet of things. When we mentioned the risks of IOT in a recent slideshow, a reader commented, "How many bank data breaches or fraud attempts will actually play out in any IOT scenario?"
I wouldn't scoff at that at all. … I think one of the big questions is, when you're extending these channels, how do you manage identity? And increasingly, passwords are being called into question as a mechanism for authentication. As you replace those with biometrics, there will be more than just banks using biometrics to identify you. And I think new questions will arise that we probably don't think about today. All sorts of devices are meant to be relying on who you are, what you know, something you have. That something that you have could be part of the Internet of things. 

So do you think the internet of things could enhance security as well as bring about new points of vulnerability?
It absolutely could enhance security, because you could imagine a network of things that come together to say "yes, this is you." That network itself could be smarter than a single device. 

Who manages that network?
How to turn new networks of things that belong to you into a further line of digital defense that protects you — that's going to be an emerging pursuit for information security and user experience teams to collaborate on. 

You've been working with mobile wallets for a while. You were one of the first adopters of Google Wallet.
We were. And we were one of the foundation issuers of Apple Pay. We know this is a really important area. Money has gone from being metal to being paper to being plastic to now being an abstraction on your smart phone. If that trend is right and you can delegate chores to the devices that can do these for you, then the payment could get dematerialized.

At the moment these are separate wallets and your app is separate.
We have in the U.S. MasterPass, Apple Pay, and one of the big, big challenges for all banks is going to be figuring out how to bring all these things together in a coherent experience that's clearly understandable and enjoyable for the user and not confusing.

Are you going to have to work with these wallet providers to get them to let you make their technology part of your app?
It depends on the wallet. Some will not be part of any bank's app. That's where a big challenge arises, more in terms of communication and positioning. It's a challenge of user experience and understanding how to bring all these disparate things together in a way that makes sense to the user.

What's the end goal? To make the bank top-of-mind?
The main goal has to be to serve the customer best, because that will pull everything else behind it. If you make it simple and clear, people will gravitate to you naturally. Nobody likes confusion and complexity.

You have to be able to explain crisply to your customers how to make the best use of each of these things. Then you have to step back and consider that there are other banks doing this too. How will the customer make sense of all these things from different banks when they have multiple relationships? There's a lot of discovery ahead.