Bankers discuss branch vs digitisation, security, AML and fraud

Regulation is stalling digitisation amongst Philippine banks.

Whilst some may argue that the branch will remain relevant to customers over the next few years, it is undeniable that the digital phenomenon is revolutionising the way customers do banking. The Asian Banking and Finance team did quite a few forums in the Asian region this year, and based on what we hear from the bankers themselves, there’s not one country where banks aren’t looking to reduce their number of branches.

One banker from Malaysia revealed that 85% of all their transactions are already digital. Another banker said they shut almost half of their branches in Indonesia, but managed to not lose a single customer as their digital transaction level in the country is at 92%. Clearly, the topic of branch vs digitisation is an overriding theme in the region.

This was one of the topics covered at the recent roundtable discussion organised by Asian Banking and Finance in partnership with Fiserv, held at the Makati Shangri-La Hotel last 20th of October 2016. Entitled “The Digital Challenge: Adapting Seamless Customer Experience, Risk Management and Digital Adoption into the Banking Ecosystem,” the event gathered around 15 bankers and industry experts who engaged in an insightful discussion on digitisation, as well as security, AML and fraud.

The digital phenomenon
In the past few years, banks have been launching various initiatives in an effort to provide customers with a seamless experience - voice biometric authentication technologies, video banking, digital bank branches, e-payment options and more. But Rajiv Madane, director, products and strategy, core banking, risk and compliance and payment networks at Fiserv, warned that whilst almost all banks want to embark on a digital transformation, a bank’s digital strategy requires more than just installing a mobile banking system.

“I’ve had conversations with at least seven banks from different countries in the region - Philippines, Thailand, Indonesia, Malaysia - and there is a perception that once you install a mobile banking system, your digital strategy is already covered. It’s not that. The strategy has to be all encompassing,” Madane said.

He added that the most important starting point for the transformation strategy is the whole life cycle, and that all these life cycle stages require a different digital strategy. For instance, young customers are more likely to adopt digital while older ones aged 50 and above are more likely to stick to traditional banking.

“So you need a little bit of your physical infrastructure as well because they are used to that. One of the things we are seeing is that depending on your customer segmentation, you have to provide the right access to banking services. For the young generation, provide them with digital options. For the middle generation, you can do both, and for the older generation, you still need the physical channel. You need what we call a “digical” strategy, that is, digital and physical. You need to have digital for certain segments of your customers and physical for others. But the most important thing when you’re looking at digital transformation is how do you allow these two worlds to coexist? How can you provide the most optimum service level to your customers? That’s the market trend we are seeing,” said Madane.

For continuous innovation in the digital space, he added that banks need to have a team monitoring the market and the entire customer base because digital involves social media. Banks must keep everything in check in the whole ecosystem of servicing their customers.

Digital transformation
Indeed, the digital phenomenon has spurred demand for a dedicated digital team within the bank. In Hong Kong, one bank has leased two floors comprising 400 desks down in Causeway Bay, a most unusual location for a bank, for its entire digital team. So what are other banks in the region doing to support their digital transformation?

A Malaysian banker revealed that they have a dedicated team comprised of four to five people looking into digital transformation and it’s separate from the IT team.

One banker present at the roundtable said they just hired a new person as head of operations and head of digital banking, who oversees a team handling the social media aspect of the bank’s products. Another banker revealed that they underwent an organisational change recently, part of which is having a new chief transformation officer, who takes care of an innovation team. “There’s a lot more millennials in that team and a few older ones but they are critical in how we move forward,” she said.

Amidst all the talk about digitisation, one banker highlighted the importance of segmentation as there are still specific segments that are still used to a particular way of banking. “We feel that we are still going to exploit our branches and our ATMs,” he said.

But whilst all the bankers in the room expressed interest in expanding more into mobile and digital banking, one major holdup in the country is regulation. “Our basic problem is really the regulatory issues or requirements. Sometimes you want to go digital but the regulation requires you to have the customer’s physical signature.”

Philippine banks are moving slowly in the digital space, wary that their movements might get ahead of the regulations that they are trying to propose to the Bangko Sentral ng Pilipinas (BSP). In the meantime, they are adding more brick and mortar branches in contrast to the trend of cutting down on physical space. According to them, there is still a huge demand for the physical branch in the Philippines, especially since plenty of Filipinos in the rural areas remain unbanked.

“We are still looking into developing and expanding our brick and mortar business because we believe that in the Philippine context, that’s still very important given the number of islands that we have and the digital penetration that the bank now has so it’s a two-pronged approach,” said one banker.

Facing fraud
As Philippine banks keep up with the digital wave and still cater to the demand to keep their physical space accessible, they are also faced with the reality that fraudsters are becoming more cunning and innovative in the way they work. Today’s fraudsters very well know that banks are still grappling with the idea of a digical strategy, and that fraud can easily penetrate such kinds of transition stages.

“With the changing landscape of banking, we are trying to outsource as much as possible to third parties, but that that poses a risk, because then you’ll be empowering the third party vendors to your ATMs. So I guess it’s a big challenge for our IT group to ensure security,” said one banker. Third party vendors have become a double-edged sword for banks in that while they offer highly innovative solutions, they are also highly subject to fraud and can encounter risks on their own.

Meanwhile, another banker emphasised the need to secure their physical space amidst the push to manage and secure third party vendors. Filipinos have a very high demand for ATMs, so she says that banks have to make sure that their ATMs are regularly checked for skimming and fraud devices as well as any forms of penetration to their wireless networks. One of the bankers mentioned that the first thing their banks did was to secure their USB ports, especially after an attack in Thailand where fraudsters entered the system through the ATM’s USB port.

In connection with fraud, banks are also faced with the task of money laundering prevention amidst highly digitised platforms. Robert Chan, principal consultant at Fiserv, said that there is a growing trend in converging fraud management together with anti-money laundering initiatives. Banks are now looking into monitoring the transactions, investigations and reporting and resulting in optimised processes which have online real-time detections and preventions at the same time.

“From a people perspective, AML and fraud are two separate units, however on a monthly basis, for compliance and regulatory reasons, both those things will definitely go together to understand the two environments. One of the things we found was that it’s great that we have the historical viewpoints to be able to build the processes or procedures that may and could happen. From a detection standpoint, we also need to be in compliance, we need to ensure as well that our third parties are also included in that space because there’s also dependencies outside of the environment with VISA, Mastercard, Bancnet, if you have credit card fraud or ATM,” said a banker who is an expert on IT risk.

Third-party management
Banks cannot be complacent even with the overwhelming presence of third party vendors who drop attractive soundbites and appear to offer the best solution for each of the challenges that banks encounter. For instance, a large Singaporean bank discovered that it employed a less-than-competent third party vendor which submitted stellar SLA reports monthly. Since the bank did not have the capacity to double check the data, they could not identify why customer complaints skyrocketed amidst these good reports.

“If you hand over everything to a third party vendor that may have a conflict in terms of keeping your network, versus doing their own work, there are certain pitfalls. What’s the check and balance? How do we get the benefit from the outsourcing? But at the same time banks must retain some control and visibility,” said Will Dale, regional director, cash & logistics at Fiserv. He adds that whilst banks may have various providers maintaining their ATM networks, they still need to be independent to the service providers at some level so they know exactly what’s going on.

In an outsourcing world, it becomes more important for governments and separation of duties. Banks may outsource ATMs, they outsource the monitoring, but the ATMs cannot be with the same companies. It’s very important to pick the right security company, because banks have to admit that it is not their competence to stay ahead of threats and malware. It’s very important to pick a security company that has that vision and hold them accountable to that separate from the other outsourced companies.

Aside from third party vendors, banks are also exposed to third party fraud sites. According to a bank's e-commerce head, banks are now daily exposed to third party phishing sites which masquerade as the bank’s website and steal customer information from clients who cannot tell the difference of the real website from the fake one. Despite efforts to contain these websites, fraudsters can easily create a new phishing site within seconds. “It’s really third party sites that is my biggest concern because you can secure your own ecosystem as much as possible but the Trojan horse would really be the third party sites,” he added.

As banks manage fraud and push for digital transformations, Fiserv's Madane highlighted the importance of an enterprise fraud management strategy where fraud is looked at from a macro perspective. “In the bank, there’s all kinds of fraud and we have seen that there’s ATM fraud, there’s payment fraud, e-commerce fraud, online fraud, branch fraud. Wherever there is a transaction involved, there is fraud. Sometimes it’s detected, sometimes it goes undetected. First of all, monitor, detect, report. How do you do damage control? It’s gonna be a complete strategy across the enterprise,” Madane said.