05-04-2018 | POINT OF VIEW
Banking on risk in the digital age

Banks face a seismic technological upheaval
The banking sector now finds itself between two seismic events: it is post-financial crisis but pre-digital revolution. Over the past decade, the overriding focus for many firms has been on coping with more stringent capital requirements. Prudential regulatory reforms have resulted in a more liquid and well capitalised banking sector, but it has hit shareholder returns and profitability.

The banking sector now faces an inflection point, in part as a response to the industry economics created post-financial crisis. In the UK, banks’ struggle with poor profitability continues. The Big Four UK banks averaged a return on equity of 5.7% in 2017 – shy of their own financial targets and their Wall Street rivals. Investors are getting impatient. The banking sector’s price to earnings multiple – a measure of investor confidence – has bared shifted since 2010 and is now nearly 50% below those of other industries.

Banks’ performance will come under further pressure as a range of competitors enter the market in an era of Open Banking. The European Union’s Second Payments Directive (PSD2) and Open Banking in the UK both came in force in January 2018, opening access to customer data and relationships currently held by incumbent banks to third-party players, be that FinTech, BigTech, or incumbents from adjacent industries such as retail and telecom. Already, FinTech players and challenger banks enjoy lower cost to serve (of up to 400-basis points) over incumbents, more refined customer segmentation, and the ability to provide ‘over-the-top’ services without incurring the costs of running banking infrastructures.

More profoundly, a different banking model is expected in the Open Banking era. Banks will need to evolve from one-stop shops for financial products to platforms hosting a range of financial service providers – perhaps like the Apple app store or eBay equivalent for the sector. This requires a different set of banking activities: on top of financial intermediation, banks may need to define rules of how they engage with FinTech players in the ecosystem and explore strategies to monetise proprietary IP and data. The technology infrastructure required to capitalise on “bank exports” – customer data, bank-owned algorithms or business processes – will also be radically different from those of today.

Risk symbiosis in FinTech
Accelerating and sustaining digital transformation is key to realising a new world order of banking activities. Incumbent banks are well aware of this. Lloyds Banking Group, for example, allocated £3 billion strategic investment over the next three years to enhance the development of digital banking products and to upskill its staff for the digital age. Other banks’ digital ambitions may be greater still: Deutsche Bank spends over $4 billion each year on information technology while this number for JP Morgan is around $7.4 billion. The aim is to not only stay on the front foot when it comes to digital innovation but also to weave digital technologies and capabilities through existing business activities, processes and models.

The future relationship between “Fin” and “Tech” will be one of symbiosis. But this symbiotic relationship between financial and technology sectors will bring to the fore non-financial risks, such as technology risk, cybersecurity, data privacy and digital conduct.

The major stumbling block for digital transformation is often within banks’ legacy IT estates. Legacy systems and infrastructures are expensive to maintain, not agile enough to underpin new technologies or compete in terms of cost. They cannot be transformed into digital platforms easily. Not only do these create silos of data and computing power which prevent banks from realising the benefits of digital banking, but the existing banking systems are also ill-prepared to cope with the increasingly sophisticated cyber challenges. The sector is in the firing line as professional cyber criminals are after high-value targets such as banks while state-sponsored activities are now adding to the growing array of cybercrimes. At the same time, banks’ supply chains, which have grown more complex over the past years, pose further challenges to the capability and integrity of banks’ controls and oversight.

Financial stability concerns are now emerging from the technology sector. The speed of technology advancement and the market concentration among technology providers pose systemic threats to the financial industry. Technology advancement accelerates the speed at which risks could spread across the financial system. The Flash Crash in 2010 was an example of this: triggered by an automated algorithmic trade, US stocks and futures markets saw a 10% fall in market value in a matter of minutes, only to recover hours later. The speed of trading in markets has been ramped up significantly since 2010 driven by a quantum shift in the computing power used in automated trading operations. The prospect for algorithms to cause market volatility or to crash markets has become far more significant.

The Financial Stability Board (FSB) highlighted in a recent report that the lack of transparency and auditability of AI algorithms in trading poses macro-level risks, particularly as many AI models are being trained during a period of low market volatility. Applications of AI could also result in new and unexpected forms of interconnectedness between financial markets, for instance, based on the use of previously unrelated data sources in designing trading and hedging strategies. Monitoring macro-financial risks that emerge from FinTech activities is therefore a priority for both financial firms and their regulators.

Perhaps an even greater potential threat to financial stability relates to market concentration among technology providers. A strong network effect and first-mover advantage common in the technology sector reinforces a winner-takes-all dynamic. ‘Word of mouth’ and scalability of new technologies mean that solutions are increasingly being offered by a few large technology firms. This could heighten third-party dependencies already prevalent in the financial sector and trigger systemic risks if a large technology provider were to face a major disruption or insolvency. In Cloud, this financial stability concern is particularly prominent: the three largest Cloud infrastructure providers occupy nearly two-thirds of the Infrastructure as a Service market; Amazon Web Services alone have a share of 40%.

So where next?
There is little doubt that technology is re-setting banking economics. New technologies offer exponential gains in computing power at a fraction of the cost associated with running earlier generations of IT. The business case for embracing technologies such as the Cloud, artificial intelligence and blockchain are clear: on-demand scalability at speed, enhanced decision-making, safer and cheaper financial intermediation frameworks – the list goes on.

But as banks embark on rapid and fundamental digital transformation, non-financial risks come to the fore. Banks need to understand how future regulations around data and technology could affect their digital transformation strategies, how new technologies can be safely adopted within their operating model, and how their risk frameworks can be adapted to take account of new risks and threat vectors arising from cyber and technology risk, as well as data privacy and protection considerations amplified by PSD2 and GDPR.

To safeguard their organisations through the digital transformation journey, incumbent banks need to, as a first step, close the gap between their digital banking aspirations and the reality of their legacy IT estates. There are some no-regret moves: reducing reliance on legacy systems; de-cluttering and decommissioning redundant systems; and using analytics to provide modelling on key non-financial risks.

But to fully harness the power of digital, incumbents may need to re-build the technology architecture and re-design their operating models. Launching an entirely new, digital bank alongside the legacy bank may be necessary, so might be the integration of global scalability in operating models to harness the benefits of implementing key technologies such as the Cloud on a supranational basis.

Opportunities and risks brought about by FinTech also call for a rethink of financial regulations. Greater global coordination and standardisation are required, particularly in overcoming hurdles to data sharing across jurisdictions and solving the contradictions between existing regulations. The former is key to sustaining the digital reinvention in banking and to enabling global banks to harness the power of technologies that are borderless in nature. The latter should focus on the compatibility between regulations on the prudent use of data (e.g. GDPR) and those promoting competition and market entry (e.g. PSD2, Open Banking).

There is no doubt that we stand on the brink of a digital banking revolution. The forces at play, driven by the significant benefits for customers and the institutions that serve them will only ensure a rapid transformation. In order to fully realise the benefits over the longer term, the transformation must be matched by a significant maturing in the understanding and management of risk at both an institutional level and a systemic level.

You can read our report; Safeguarding Digital Transformation: Understanding the Digital Impact on Banking Business Models and Risk Management here.

For more information contact:

Kuangyi Wei
Associate Director
Email: kwei@pfg.uk.com
Phone: +44 (0) 207 100 7575

@p_f_g - Parker Fitzgerald