If banks fail to take advantage of the potential that innovative technology provides, financial ecosystems risk remaining fragmented, heterogeneous and gaps could form in the infrastructure for criminals to infiltrate. However, today, post-financial crisis and amid the Covid-19 pandemic, financial institutions are utilising a variety of applications to formulate a holistic strategy. Which digital accessibility measures ushered in during the pandemic will remain, and which ones will go? How has the pandemic spawned a wave of innovation, and how will it develop?
As banks aim to differentiate themselves in this scaled digital economy, Finextra spoke to
Andy Renshaw, SVP of product management, Feedzai;
Andrew McKibben, international head of technology and operations, and global markets operations technology executive, Bank of America;
Tammy McKinnon, SVP of global fraud management, Scotiabank; and
Shawn Rose, EVP and chief digital officer at Scotiabank
about innovation around advanced security in the wake of increased digital fraud during the pandemic.
Are current risk management platforms sustainable and secure enough?
In conversation with Finextra, Renshaw described the current state of risk management as “lumpy.” While he noted that advancements in anti-money laundering (AML) regulation have taken over 10 years and digital fraud prevention, around 15 years, progress is being made on both fronts. However, what is fundamentally missing is “a cohesive risk management strategy that identifies the risks at a threat level and then works out how to address those as they arise.”
Instead of waiting for issues or business cases to emerge, global banks have been investing in technology to prevent the ongoing reoccurrence of fraud and digital crime. In other words, rather than attempt to reverse it, it pays to have a preventative approach.
McKibben highlighted that banks have strong technology measures in place for risk management, and this dependence focus came to the fore during the Covid-19 pandemic. “We are and have been deeply committed to the protection of client information for a long time. We’ve taken cybersecurity seriously long before it was a part of the common lexicon or because of any shifts due to incidents like the pandemic.” He added that as a “trust business, we protect our clients regardless of what’s going on in the world.”
“Operational resilience is critical and is a core part of a global bank’s strategy – much like financial resilience following the financial crisis in 2007 and 2008.”
What will stay and what will go in terms of digital accessibility measures?
The Covid-19 pandemic has proven that digital accessibility and digital provisioning must be seamless, and services must be able to scale rapidly. However, as Renshaw elucidated, servicing must not be at the expense of security, and risk-based decisions must always be made, even in times of economic volatility. However, he does appreciate that speed and priorities are dependent on risk appetite.
According to Renshaw: “If the pandemic wasn’t around, speed would lead you to take riskier decisions, which, by definition, would result in less secure or more risky outcomes overall. That’s certainly a concern that now needs to be addressed and monitored as we move into a more sustainable world where digital accessibility is expected as almost a reaction.” He added that Feedzai data has revealed that it is more of a “one plus one effect, rather than a swap set.”
“All activity that moved into digital seems to be remaining, but what we’re seeing is those traditional type activities are returning at the same time. What’s interesting is that it seems to be additive. Rather than people swapping out and going back to the way they used to do things, they seem to be now operating in a multi-channel way, rather than relying on a single channel.”
Rose had a similar perspective and said: “We don’t intend to turn back the clock. If anything, we intend to accelerate many of the key learnings of the pandemic and deliver an even better, more inclusive customer experience as a result. We know the pandemic exposed a technology divide — one that’s existed for decades — and it’s our job to deliver barrier-free banking for everyone. Education, technology, and tools that are fully accessible for all of our customers will be critical for that.”
What technologies will remain post-Covid?
McKibben agreed and listed some of the technologies that would remain and continue to expand to serve a wider audience. He called out the following:
Video conferencing will remain but will also evolve to better simulate a work environment,
Mobile technology that allows people to do more securely and, on the move,
Collaboration tools that simplify live review processes such as editing documents and code in virtual settings,
Distribution technologies that better facilitate the movement of work, and
Distributed ledger technology, machine learning and quantum computing that have more practical use cases than ever before.
However, striking a balance is crucial here. Are fairness and bias being considered? Or is automatic model monitoring being used to create hyper-accurate risk profiles for a frictionless customer experience? According to Renshaw, security will always be expected to be real-time and contextual. “It has to be sensible to what anyone is doing – be that a customer, be that a business, be that a government entity – you cannot simply operate a one-size-fits-all approach. A policy-based outcome is no longer acceptable.”
Using tailored experiences as an example, he discussed the advantages of involving the customer in the process of formulating risk profiles, onboarding, or authentication. “Are you letting them choose their controls in terms of how much they spend, for example? With increasing the contactless limit to £100 in the UK, one of the significant things that came with that was the ability for customers to lower that limit. So straightaway, we’re starting to see that not only does digital provide a tailored experience, but it also enables the customer to configure, toggle, and choose their level of risk appetite.”
On fairness, Renshaw said that with a tremendous amount of data and in turn, scale, AI can generate unfair outcomes. “If you’re not careful, in an AI world, you can wander into a space where fairness and transparency are not being demonstrated. Your models can move gradually, and different parts of an organisation can make good decisions independently, but when you add them up, it looks ridiculous.” Reiterating the importance of demonstrating fairness, removing bias, and increasing transparency, Renshaw stated that any bank working on improving security with digital insights should consider AI fairness a priority.
For McKibben, ensuring innovation makes all customers feel safe when being digitally onboarded is a priority. “Security is at the forefront of all that we do. It’s not an afterthought. When there’s an introduction of new technology or changes to existing technology, we work hard to ensure all software engineers are thinking about security design as part of the process and understand that we’re in the trust business and maintaining that is critical. I think is really important to ensure you’re always focused on delivering something which is reliable, scalable and secure for the end customer.”
McKinnon echoed this sentiment and called out the use of “advanced analytics, robust data architecture and additional insights from across the enterprise by really leveraging synergies across our digital footprints and our functional teams, whether those teams are AML, fraud, compliance, or digital. By breaking silos, we can better establish a holistic view of the customer to help build a consistent and positive user experience. It also helps to ensure good internal models and governance are driving sound risk decisions.”
How can digital trust be built with better risk indicators such as behavioral biometrics, device intelligence, malware patterns, and network data?
With better data, better outcomes can be achieved. McKinnon took her views on bias and fairness further by elaborating on the potential for ethical, governed data. Using features such as biometrics, intelligence, malware, and network data can support and address unusual patterns, prevent fraud, and mitigate risk. “Understanding customer needs and the right to privacy is important while building risk indicators because that ensures that we have the trust of our customers and their authorisation to leverage data for behavioural insights.”
This aligns with Renshaw’s comments on figuring out the good in fraud. As he explained, “often, we will think of fraud as an adversary. There is somebody doing something bad, and you want to stop them doing something bad. Data is used to stop that happening. And digital trust helps that happen more quickly and achieve better outcomes.” However, this variety of applications and tools must be patched together to establish a holistic strategy. By combining them together, fraud can be mitigated after leveraging the actionable insights derived from data.
Therefore, an open, trusted, highly connected ecosystem must be implemented, with digital trust as the cornerstone. For Rose, this means engaging customers, growing their trust in us, and ensuring that services are “open” enough for adjacent customer services to operate in harmony.
“Whether it’s a credit bureau, or a payment toolset, or a fraud system, the whole ecosystem keeps our customers safe and helps them grow their savings for their next life event. To best serve our customers, we need to give them the tools and transparency they need to understand the services we provide, plus best-in-class support — from digital self-service tools to online help and advice — to take full advantage of these services in driving their financial well-being.” McKibben’s perspective is that the “digital economy is a fabric of interconnected components and stakeholders. If any area is compromised, it represents a risk to others.”
Further, McKibben summarised that “we need to be proactive and continuously plan, to protect for privacy and security concerns. And that must be a guiding light for all that we do as a global bank given our clients’ needs, the needs that customers have of us, and the trust they place with us.”
As a concluding comment, Renshaw said, “trust is created through credibility. Most people would say that they’ll go digital because of the ease of use and the value of compelling products, but if you don’t feel safe and secure, the whole essence is undermined. Having a joined ecosystem means that as threats evolve, you can get in front of those – that’s the difference with a RiskOps platform approach.”