2009 Business Drivers for BanksInterview With George Tubin, Research Director, TowerGroup
These are among the priorities of banking institutions in 2009, according to a new survey by TowerGroup, "2009 Top 10 Business Drivers, Strategic Responses and IT Initiatives in Retail Banking."
In an exclusive interview, TowerGroup Research Director George Tubin discusses:
Tubin is a senior research director for TowerGroup's Delivery Channels and Financial Information Security research services. His areas of expertise include consumer online banking, online fraud and identity theft prevention, information security strategy, and customer authentication as well as mobile banking and contact center strategies and technologies.
With over 20 years in the banking and high-technology industries, Tubin focuses his research on consumer online banking, fraud and identity theft prevention, information security strategy, and customer authentication as well as mobile banking and contact center strategies and technologies. Before joining TowerGroup, he was a senior consultant with ADS Financial Services Solutions, providing information technology strategy consulting to top-tier US banks. He also held several positions at BayBank, BankBoston, and Fleet (now Bank of America), including director of e-commerce planning and development and vice president of planning and analysis for the consumer and small business banking divisions.
Tubin is frequently quoted in industry periodicals and has appeared in such publications as The Wall Street Journal, Newsweek, CIO Magazine, American Banker, Bank Technology News, CNN Money Online, and Bank Systems and Technology. He has been a chair and featured speaker at dozens of major industry conferences and Webcasts, and has authored articles for numerous media outlets.
Tubin received an M.B.A. from Babson College and holds a B.S. in industrial engineering and operations research from the University of Massachusetts, Amherst.
TOM FIELD: Hi. This is Tom Field, Editorial Director with Information Security Media Group. We're talking today with George Tubin, Senior Research Director with TowerGroup, and we're discussing a new 2009 survey that identifies the top 10 business drivers in retail banking. George, I really appreciate you taking time to share your insight with me today.
GEORGE TUBIN: Oh, my pleasure.
FIELD: So, the survey has just come out. Could you just describe for us what some of the highlights are from this new research?
TUBIN: Absolutely. You know, every year TowerGroup does this type of study, to look at what the important business drivers and strategic implications are going to be for the upcoming year. You know, this year, may be, in a way, may be a little bit easier for us, unfortunately, because of the current economic crisis and how it is going to have a massive impact on what financial institutions are going to be doing into the year 2009. And I guess a very high level summary, 2009 is going to be all about capital conservation, so, not putting out big capital-intensive projects, cutting costs wherever the institution can. And it's going to be a lot about deposit gathering, because retail consumer, or consumer deposits are still extremely important to the retail bank, and may be more important than ever, because of having less access to credit.
So, consumers are going to continue to focus on keeping the customers they have, and keeping them happy, as well as trying to attract new customers and new deposits. Of course, you know, things like regulatory changes, which we all expect, is something that is on top of the mind of financial institutions, but we're still a little bit early to know what the impact is going to be, and what the regulators are going to expect, and frankly, I think the regulators are still trying to figure out what the regulators are going to do. And then, the thing that your readers are probably most interested in, or your listeners are most interested in, is around information security and fraud protection, and that is something that is going to continue to be top of mind. Because, even though we're in an economic crisis, criminals don't really care about that. In fact, they'll look to exploit that in any way they can. So, financial institutions are going to continue to spend, and continue to put resources in the area of information security, fraud prevention, and regulatory compliance.
FIELD: Now, I know we all go into surveys like these with hypotheses and expectations. Based on your expectations, from past surveys, were there any surprises in the results you got this year?
TUBIN: You know, not really, only because, you know, we were becoming aware of the economic crisis as we were doing the survey. So, it went in the direction that we expected. You know, some of the interesting things that we found are that some of us expected across the board cost cuts within financial institutions, but we found that there are a pocket of financial institutions that are extremely effected by the economic crisis, and there are those that are marginally effected, and there are those that feel that they are not very effected at all, except for the fact that they are operating in this changed market. But, depending upon their exposure to the instruments that, you know, that helped cause this decline, different institutions are definitely in different places. And some are severely suffering, and may, you know, completely disappear as a brand through acquisition or through failure )more likely through acquisition, because we don't let banks fail), and others are going to continue to move along and do pretty well. But, you know, I think we're certainly going to see some more consolidation happening in the market.
FIELD: So, you talk broadly about some of the results. What would you say are the top handful of business priorities of banks, as expressed in your survey?
TUBIN: What we had in the survey really, you know, the top business drivers we sort of talk about were the economic climate and what is happening there. The banks continue to be concerned with competitive threats, both inside and outside of the so-called financial services industry, looking at players like PayPal that are coming up with alternative payment methods, that are taking traditional payments, revenues, away from financial institutions; some of the direct banks, these high yield savings accounts that we are seeing more and more online; banks continuing to be concerned with things like changing customer preferences and how consumers are moving more and more towards the Internet; and Internet technologies and doing many more service transactions in the online channel than they are in some of the, you know, offline channels. We're seeing a flattening out of service transactions in the branch, at the ATM's.
The banks have to really start thinking about their investments and their positions in some of the more traditional, higher cost channels. Banks continue to look for revenue growth, operational efficiencies. It is becoming extremely important. It's going to be a very strong focus on customer satisfaction and customer retention because in this market, banks, frankly, can't afford to lose customers, and their competitors are going to be trying harder than ever to steal those customers away. So, we are going to start to see a lot of price competition, and a lot more messaging and marketing for banks trying to get new customers. And that is certainly the whole area of information security and reducing fraud and financial crime, is going to continue to be top of mind, as it has been over the past couple of years.
FIELD: Well, George, that's where I wanted to dig down a little bit with you, and talk about some of the information security priorities. What do you see as sort of the top two or three things on the hit list there?
TUBIN: Well, for information security, it's a whole bunch of things. You know, banks will continue down the path that they've been on. The area of fraud detection and moving into a more enterprise fraud detection capability is going to be important, especially for the larger institutions. We're finding that much more financial fraud happens in a multichannel type of method, where a criminal won't simply get information and then try to commit fraud in a single channel, but they'll exploit the fact that banks work in silos and there is not a lot of communication between channels.
So, in other words, they may get some access about an individual that has been stolen through the Internet, and then use that information to call the contact center, and try to use a social engineering approach to get the contact center agent to divulge, you know, maybe a little bit more information that that individual may be able to use to go into a branch, perhaps, and withdraw funds. So, criminals are really getting very intelligent and inventive about how they go about trying to commit financial crimes. So, that whole area of staying on top of the new attack factors and what is happening, and trying to share information across the enterprise and through the various channels, so institutions are much better able to detect and prevent financial crime, I think, is where we are going to continue to see most of the focus.
FIELD: Well, last question for you, George, I've gone through the report that you folks have sent out, and there's great information there, but I wanted to ask you, what do you see is the main message to banking and security leaders? In other words, how should they act on the information they gain from your survey?
TUBIN: Well, I think we talk about this word "enterprise," and a lot of times, when I hear the word "enterprise," I kind of shudder, because "enterprise" to me starts to mean something that is very big, very unwieldy, something that takes a long time, something that is going to cost a lot of money, and at the end of the day is going to get whoever recommended it into hot water, because these types of projects always have a way of running away and becoming over budget and overtime and everything.
So, what we are looking at is the fact that we need to look at fraud prevention and security from more of an enterprise level. But we have to approach the building out of an enterprise capability, for more bite-sized projects. So, I think people in the fraud security compliance space, within an institution, really have to start from an organizational standpoint, and look at governance, and look at sort of the internal fraud, you know, financial crime committee, where individuals from different parts of the bank, from different lines of business, and from different aspects of the bank, you know, sort of the consumers, small business, deposits, from the lending side, you know, people from the product lines, from the technology lines, from the security lines, come together and work as a council and a committee, to start sharing information, and start figuring out what the institution as a whole really needs to do and then on an ongoing basis work together to implement the right technologies and processes in order to make sure that we are starting to build out this enterprise view of fraud. And then start on a project by project basis to put elements of an enterprise fraud prevention system in place.
And, you know, we see some institutions starting off with just simply having a common case management system across the enterprise that is shared by all the different fraud prevention applications that are out there, so that the case managers are working on the same application, and can share cases, and share information across the enterprise in a better way. And then, perhaps, after that, start building out the capabilities of maybe a single fraud application, and gather information from other systems, and other channels, and maybe other fraud applications, and use that to get their insight, you know, into what's happening.
So, for example, if you have a fraud detection system in the online environment, it's just, it's looking at online behaviors and online transactions, to try to detect anomalies and areas of potential fraud. If the system knows that the individual that it is monitoring had called the call center five times the day before and 10 times the day before that, that information may be pertinent, and may be indicative of somebody that is trying to commit some type of financial crime, so that additional information that could be used by the analytics engine, becomes extremely important, rather than only looking at what an individual is doing within, you know, that individual silo channel or system. So, you know, we could start in a, again, project by project basis, building that out, and building towards this vision of enterprise fraud prevention. And I know that's an extremely, probably a longer answer than you wanted, but, um, you know, that sort of lays it out for you.
FIELD: Yeah, we've got big problems these days, and they require long answers.
TUBIN: Yeah, that's a very good point.
FIELD: Well, George, I'd ask you to speculate on next year's survey, but these days, it's hard to, to even imagine what's going to happen on Monday.
TUBIN: You're absolutely right. You know, our strategic planning time horizon shrunk from years down to months, and, you know, this certainly is a very strange time in the financial services space. So, you know, I think we're going to be working our way out of this hole for, you know, for sometime to come.
FIELD: Well, George, I appreciate your time and your insights today, and I'll look forward to what the Tower Group brings us in the coming year.
TUBIN: That sounds great. It was great talking to you.
FIELD: We've been talking with George Tubin, Senior Research Director with TowerGroup. For Information Security Media Group, I'm Tom Field. Thank you very much.