Interviewed By Foo Boon Ping
Senior executives in the financial services industry discussed best practices and their preparedness to compete in the post-COVID digital world.
As digital capabilities advance, industry players are expected to provide seamless customer experience and innovative products and services through AI and advanced analytics. Banks can keep up with the multi-cloud environment through the incorporation of the right strategy to drive real-time capabilities and flexible, secure and scalable operations.
Bryan Carroll of TNEX Digital Bank, Chung Ho of TigerGraph, Deepak Sharma of Kotak Mahindra Bank Ltd., Dennis Khoo, author of “Driving Digital Transformation”, Dinesh Babu Krishnan of AmBank, Ganesh Mahendranathan of RHB Group, Lito Villanueva of RCBC, Riddhi Dutta of Backbase and Sumit Gupta of YES BANK shared their insights on adapting their digital journeys post COVID-19 and maintaining a competitive edge.
Khoo pointed that digital banks represent a return to a mono-channel world. As digital banks revolve around the experience model, it requires a bank’s customer-centric culture to be successful. Sharma shared that while integrating AI/ML, industry players must take personalisation to the next level. Ho noted that the accuracy of the successful implementation of the AI process requires massive data collection.
Gupta discussed that using cloud is a one-way street that industry players and consumers cannot turn back from. Krishnan shared the need for multi-level security in the AI/ML process to prevent fraud and minimise cybersecurity risks. Carroll argued that players must be transformative and take the embedded rather than product-led approach in their cloud strategy.
Villanueva shared that strongly promoting open finance makes customisation and highly personalised services possible. Mahendranathan pointed that banks can transform into agile architecture by being outcome driven. Dutta noted that the entire value chain must be simplified to have an agile service.
The following key points were discussed:
Foo Boon Ping (FBP): Good afternoon and welcome to the Asian Banker Retail Finance and Technology Conference 2021. The theme as our announcer has just mentioned for the conference is “Embracing disruption and creating the future”. And it's such a fitting encapsulation of the tremendous changes that the financial services industry has faced in the last decade or so, since the global financial crisis that led to the fintech and big tech boom, and there is no sign of it awaiting if anything COVID-19 has accelerated that pace of change. The emergence of fintech and big tech players has accelerated the integration of digital and mobile channels with third party ecosystems enable to open APIs to provide consumers more personalised financial services, and streamline experiences. The feared disintermediation of financial services providers, however, has not materialised because regulators have levelled out the playing field and these players now face increasing scrutiny over the use of data and technology. Instead of being competitors, they have become collaborators and technology enablers to the incumbent players.
Nevertheless, the widespread adoption of open APIs of mobile internet and the cloud have created a highly scalable level of person to person connectivity that was not possible before, enabling the creation of ecosystems that are able to bring product and service providers together to serve the different needs of consumers. They also create supply chains and value networks into which financial services providers are able to embed and deliver basic payments and other financial services, to the agile and intelligent use of data. In addition, new AI innovative banking-as-a-service and embedded finance solutions, offering traditional institutions the opportunity to tap into alternative revenue streams, while delivering more seamless customer experience. The use of artificial intelligence, big data analytics, and edge or high performance computing will enter a new dimension with the introduction of 5G and so will the migration to the cloud and adoption of open banking and ecosystem. And the mainstreaming of blockchain and distributed ledger technology will make central bank digital currencies, stablecoins a reality, and decentralised finance more prevalent as we hurtle towards Web 3.0, the age of the decentralised internet, decentralised platform and zero trust.
Consumers, regulators and the society at large are increasingly pushing back on the apparent concentration of power that big institutions have over consumers and their personal data, our financial institution maintaining consumer trust and operational resilience in this increasingly digitalised environment. As a result of this push towards this digitisation, financial institutions have increased a digital footprint, exposing new vulnerabilities and gaps in their system as they face increased fraud, and other cyber related risks and threats. As institutions shift to social distancing and remote work to maintain business continuity during the pandemic, they exposed the weaknesses in their system, the outage of service of a bank in Singapore just a couple of days, was one such incident. There is need for more robust control, compliance and governance framework to increase operational resilience. The increasing number of remote or work from home workers, internet of things and other connected devices have also led to a proliferation of access points, making the environment ever more vulnerable to different forms of cyber attacks and threats. In order to deal with this challenge, financial institutions find themselves shifting the fundamentals or the paradigm from one base on open networks and centralised security to one that is increasingly zero trust base. At the same time, criminals and bad actors are targeting digital channels and IP systems and increasingly to social engineering, scam and account takeovers. Financial institutions are strengthening and securing their core system and capability to mitigate the risks of such potential cyber attacks. They're investing in solution to detect and prevent fraud and reduce losses while minimising customer friction. Would the future be based on zero trust and increasingly new technologies such as blockchain? We shall see.
What will the roles of banks and banking be in this future where blockchain, cryptocurrency and decentralised finance disruption will be more prevalent? How will banks architect technology and operations to try to answer this and many more questions that incumbent financial institutions need to address in order to stay competitive in this highly digitalised world? We are excited and pleased to have with us today. Dennis Khoo, author of a new book “Driving digital transformation” as our keynote speaker and to share his views on how incumbent banks can thrive, disrupt yourself before you are disrupted. Dennis Khoo is the managing partner at digital consulting firm, All Digital Future and he is the former managing director and group head of UOB’s digital banking division TMRW. He has been involved in retail financial services and digital banking for the past 20 years. The most recent when he was CEO designate of a digital wholesale bank in Singapore. For most of his financial services experience, he ran the retail and digital banking business of UOB and Standard Chartered and we're very pleased to have Dennis with us. So over to you, Dennis.
Dennis Khoo (DK): Good afternoon, ladies and gentlemen. My keynote for the 2021 Asian Banker Retail Finance and Technology Conference is about disrupting yourself before the future disrupts you. I will answer the question how can incumbent banks triumph in the future by posing 12 pivotal questions that all incumbent banks must be able to ask and answer. The first question may puzzle many of you. Question one. What business are you in? If you say banking for this question, well, then you would be right, but wrong. Allow me to first orientate you to this chart. On the vertical axis, you have singular performance impact. This means you have an outsized usually 5x advantage in one to two areas. This could be speed, or cost, or quality of a price. On the horizontal axis is the ease of adoption and use by customers here, learning curves, migration requirements, etc. become important. You don't want to be in the blue square, there isn't sufficient value generated. Here, you don't have one to two things that can give you a 5x advantage, but you also have very easy defection. In other words, your product or service is undifferentiated. On the upper left, you have industries that have a large singular breakthrough in Netflix, his videos on tap without penalties with the LED light bulb and eight watt LED outputs as much light as a 60 watt ordinary incandescent light bulb, a 7x saving in your power bill annually for 5x the price but lasting three times longer. Companies in this quadrant usually find it very easy to describe the advantage as I have just done on the upper right. You have industries that also have a similar breakthrough. But they need to worry about ease of adoption and use because of complexity. Electric cars meet charging stations is not as convenient as pumping petrol. Finally, our first question what business are you in? Well banks ID experienced business. There isn't any singular performance impact you can find the is 5x large and adoption is more difficult because it is starting a new relationship, new interface or redoing existing payments. The Apple iMac is a prize that occupies this space. Apple is a design experience company obsessed with detail. Every experience company must be similarly obsessed with detail. Is your bank obsessed?
Digital banks represent a return to a mono-channel world
DK: Question two is digital banking the same as digital bank? Digital banking is part of an omni channel network, like branches. ATM, call centres are part of a repertoire of channels created to displace the branch and cultivate self service. Digital banks, on the other hand represent a return to a mono-channel world. In the very near future, all transactional banking will be done on the phone. But the digital bank also represents a new experience model, producing great frictionless service and experience at very low costs, and powered by data driven engagement. Experience so good that it requires an entire bank's customer centric culture to make it work. Clearly not possible to do if it's just a channel like digital banking. The term disruptive innovation was coined by the late Clayton Christensen. It represents an attack from the bottom of the pyramid. Incumbents protect the best customers in such an attack and see the bottom to the attacker. When mini mills first arrived, they attacked the rebar segment. Steel bars embedded within concrete as initially, that's all they were good for. The integrated mills were glad to give up a 7% gross margin segment that they deem too low and unprofitable. However, over a 15-year period, the technological core of the minimal improved significantly. And they succeeded in higher and higher margin segments today, meaning meals together ship most new tonnage, then all integrated mills put together the same story in many industries across this drives, automobiles and cameras, and it will be the same story in banks. In large countries with a large, unbanked and underbanked segment, the trend of a disruptive innovation attack from the bottom is a foregone conclusion. The attack will manifest itself as embedded finance to buy now pay later or combining a no interest digital wallet with an interest paying digital bank or as an attack on young professionals, which are underserved and underserved segment versus their potential. A young professional segment is present in many countries that are well banked and pass. A lean, well designed digital bank could use this as a disguised attack from the bottom to eventually take on all unbanked customers. Is a move all bank incumbents must watch carefully as Kakaobank has already shown that is possible. Which brings us to question five. In this new world, how must your DNA change from competing on six Ps － people, place, product, price, promotion and process. People and place are gone in the digital world product in transactional banking is fairly commoditised and pricing promotion. Given such compressed margins and low interest rates are a weapon not to be used. You are now left with only one key. So the real question is how do you know whether you can compete with this one p and what does it take? Your KPIs will also look different. Contrasting the digital bank with a traditional bank across net promoter scores. Customer growth rates, operating cost per customer and customer to staff ratio is an eye opener for most. These are your new KPI and the incumbents appear to be no match. In building tomorrow, I was frequently asked, “How can a digital bank differentiate itself?” Banking has been around a long time. It's an old world business. One that is very commoditised and yet totally based on trust. How do you differentiate the business like this in a digital world? Well in hygiene you focus on a frictionless and intuitive onboarding, granting credit and transactional banking. As the lighter, you focus on great service, something that is still very hard to come by. And as a differentiator, you focus on data driven engagement, to anticipate and resolve problems, customer problems, even before they happen. After hygiene and the lighters are equally good across leading incumbents and challengers, I believe data driven engagement will become the key differentiator. Are you ready for this? Let's take a deeper look at the data inputs and outputs that drive data driven engagement. The answer to question eight is data is everywhere. Transactional banking produces lots of transactional and navigational data.
Credit assessment consumes lots of alternative accounting data, behavioural and transactional data, phrases, words in sentiment, input to service, for example, training chat bots, but also generate satisfaction data complaints and feedback used to improve service. Transactional navigation, budgeting data feeds data driven engagement, whose output in turn provides engagement data about customers. Here are three general use cases. For data in any business banks included data to personalise and tailor the experience. The prior slide on data driven engagement has showcased this data that can teach chatbots to be smarter and smarter over time. And experience from leading digital banks like WeBank and TMRW by UOB. Indicate consistent improvements in understanding and first call resolution that will definitely produce great service at low cost. And finally, data about how customers use your products and services. The navigational data that can be used to help customers that are struggling to find certain functions, or even tailor and personalise menus to the user, or dynamically change the order or appearance of case options or accounts within the user interface. The answer to question 10 is no. When you are building a great building, you don't first showcase the builder. Similarly, building a digital bank is not mostly about technology. To build a great building, you first engage the best architect. The equivalent in a bank is the designer. Your chief designer is pivotal to success. Then you have the civil engineer who ensures that the building can stand on its own, the equivalent the bank is your process team. Then, of course, the builder. Things often go wrong because the process is overlooked and not robust. Process is crucial in translating your requirements into well written stories for development. Something badly done in most implementations today. And if you don't master this, it is virtually impossible for you to create a great concept to code software factory, which is something you must do. Your path to profit will have three broad stages. Stage one is about positive marginal contribution. Here, you must launch at twice the net promoter score versus the competition. Otherwise, there is not much rationale to start using and stay active in your new digital bank.
And you have to exit stage one higher than the NPS at launch, as the higher NPS is needed in stage two together even more customers to negate your annual fixed costs. To get from entrance to exit you must achieve three criteria, your revenue per customer must be larger than your total variable costs per customer. This will give you positive marginal contribution, you need to reduce service costs significantly, and continue to scale at ever reducing costs of acquisition. This usually takes at least two to three years. Stage two is about total cost recovery. Here, you exit when your total revenue per customer exceeds your total cost per customer. To do so, you must recover your annual fixed costs from the positive marginal contribution you obtained in stage one, and continue to bring your service costs down. This will take four to five years from launch. If you execute well. In stage three, your revenue will then start to rise faster than costs, because your fixed costs have been recovered. Here, your EBITA turns positive, and you achieve the efficiencies you need to become profitable. This will usually take more than five years. So, as you can see, the path to profit is not easy. But once you can achieve the first two stages, it beckons a stage three where your costs will not rise as far as your revenue, and therefore you build a bank that can produce a good stream of annuity in the years to come.
Our last question. So, what should you do? Well, it really depends on where you are now. On the vertical axis, you will see current operating costs per customer. And whether you are lower than most of your competitors, or higher than most of your competitors. On the horizontal axis, you see current NPS net promoter score as a proxy for how good your experience is. And again, whether you are higher than most others or lower than most others. If you are competitive, you have a lower-cost and a higher net promoter score, then you have a lot of options. You can initiate a new call to lower cost substantially or spin off a JV with the appropriate partners to serve the unbanked or underbanked or a new digital bank unit to dramatically improve both costs and NPS. If, however, you are uncompetitive, then you don't have many choices. You need to start a daughter digital bank unit and eventually let the daughter grow to be the parent. If you are a low-cost product centric player, you will need to change the culture with a new digital bank from within. And you potentially if you have the resources have the option to spin off a JV again to serve the unbanked and underbanked if there's a large contribution of such representation in your country. Finally, if you are customer centric, but high costs, a new car and very importantly simplifying and streamlining all existing products. Improving process efficiency and enhancements should be your focus.
Good keynotes leave the audience pondering. They should provide further and provoke further thoughts and questions. I hope I have achieved that today. But if you need more details, we don't have the opportunity for question and answer. But you can read more from my book driving digital transformation lessons from building the first ASEAN digital bank. Thank you very much and enjoy the conference.
FBP: Thank you Mr. Khoo, for the insightful briefing. Ladies and gentlemen, let's move on to the next exciting presentation on accelerating digital transformation, fraud and financial crime mitigation. Allow me to introduce Mr. Chung Ho, vice president, solution engineering at Tiger Graph.
Chung Ho (CH): Hi, good afternoon, everyone. This is Chung Ho, just give me a second to share my screen here. Okay, let's get started. So, thank you, everyone. And thank you for the opportunity for me to present at this forum. Again, my name is Chung Ho. I'm with Tiger Graph located out in Singapore as our headquarters. So today, I will talk a little bit about how Tiger Graph and the technology of Graph in general is impacting the business around the world and also the financial industry as well. Before I get started, I kind of want to give you guys a little bit of some brief anecdotes of where global problems that we have, and perhaps maybe how Graph is taking the approach to solve it. So let me start by talking about, you know, for the last 50 years, you would think billions of dollars invested R & D and building most complex ERP systems, advancements in operation management, we would have solved the supply chain problem, right. And we got things like MRP, just in time optimised production technology, FMS, it's just flexible manufacturing system, and put aside any of the academic approaches that we have today. And why can I go to Ikea today and get my shelf and not see the no supply sign at the particular IKEA store? Right? Why is that? Can we just blame it on COVID? As an easy excuse? Is it just really the pandemic alone that's causing the big global supply chain issue? Well, if you remember, back in March, there was a ship, a Taiwan ship called Evergreen that just simply got stuck in the Suez Canal, and literally caused havoc were shipments all over the world doesn't matter what it was got delayed over almost two months, right? And then you look at America today, biggest attrition workforce in the history of America, they call it a great resignation. Not enough people anywhere from the docks to warehouse to anywhere in the supply chain to be able to fill the workforce. You got border fluctuations where it's still open and closed due to COVID issues, global warming, causing weather pattern changes, and diverting ships and flights itself they're optimising. So companies today are trying to optimise traditional shipment from ships and land to air freight, and then trying to maximise and quickly calculate costs changes. Well, to tell you the truth, right? All this data that I've just mentioned, all these issues, we have those data points, it's nothing anything different. That's that we've seen just you know, five years ago, or even 10 years ago, yes, we may have incremental changes in some new data types, such as from IoT devices, etc. That's advanced in the technology of those kinds of specific behaviour. But the data is really much the same. And the only difference is, the data is just growing growing more exponentially. So is there a technology today that we can take to basically come closer to solving a use case like this? Let me take a step further and get a little closer to something that's more relevant into our topic today. I came across this where Price Waterhouse published this report last year based on a survey conducted over 5,000 correspondence between 2019, 2020 Basically they found out that over $42 billion was lost in financial fraud alone, and the top four of that fraud came from customer fraud, cybercrime, asset misappropriation, bribery and corruption. And then there's other frauds that they found such as accounting, fraud, procurement, deception, business practices, AML, anti-money laundering and sanctions, tax, IP theft, antitrust, such as price fixing, pick fixing, and etc, right? 47 of percent of these correspond experience at least one of these frauds within the same time period, six frauds, per instance, per company, on average experience one of these fonts for financial services. The number one fraud type is customer fraud, and this incident type itself, but these numbers are just staggering, right? You could tell me that these companies today, either they continue to lack the right tools or technology to combat fraud, or is it these fraudsters are basically smarter than us to stay ahead of us or is it both? Well, again, is there a technology today that will come closer to solving something like this?
Let's take a look It's something that's more interesting into the future and also the hardest debated topic. In the financial circuit that we have today. I kind of came across this headline news by accident. When I looked at it CNN basically said, literally, criminals have made off with over $10 billion, and defi scams this year alone. What is DeFi, well, without going to too much technical details, DeFi in the crypto world is the acronym for decentralised finance or layman's term, the next generation financial platform products and services then enabled open and transparent exchange of digital currency. This new way of transacting removes all the obstacles caused by traditional centralised authorities such as payment blogs, access denial, human inner action, or review transactions, and then also hidden charges as well. Well, the beauty of such a system now allows you to have true control of your own money writes that stored in some Bank Institute transfers almost real time transaction activity is what they call synonymous, transparent because of the blockchain technology. And markets always open. You don't have to wait for somebody. And with such a system, here's what the problem is, right? It's a fairly new technology. It's very unrelated, right, unregulated at this point. And that becomes a breeding ground for criminals and hackers to exploit the system. So let me give an example. You may heard just three months back in August Poly Network, a very well established DeFi platform company lost more than $600 million. And what was at that time, the biggest cryptocurrency death of all time. And luckily, it was a white hack. And most of that money was actually returned. But again, is there a technology today that can get us closer to solving a problem like this? So let me take a look and kind of show you guys a little bit about more of the companies around us today. So for example, if you see LinkedIn there, what's LinkedIn, able to take information all the people contacts in the world, and joining them together with some type of relationship. We look at Google search today, Google's best that is the epitome of a basically the massive internet knowledge store, you type in something, it will come back with something that's relevant. And that's the key word relevant to you. Okay, we look at Netflix, Netflix is, you know, by far the biggest provider of digital entertainment, right? And what do they do best, they provide recommendations and movies or TV shows or any digital content, entertainment content to you and specifically tailored to you.
You look at a map like this on the fourth part here, and you see that we're doing some type of route optimisation, able to find the shortest or best way of routing from one particular location to the other. And what is all these four things and also, the problems that I mentioned in the first three slides have in common? Well, this is something where all these four companies are taking a technology called Graph, and basically using that to solve that key problem itself there. Okay. So before I go further, I want to post a quick survey to the audience here. You just see a question that pop up in probably the next several seconds to ask you a question. So please go ahead and take a moment to review the question itself and answer that it should pop up on your screen. And then once you click the answer, it will go away. Okay. So what is Graph? What is it that actually makes Graph so unique, and why it's so relevant and related to some of the key problems that I just mentioned previously, and to these large companies that you see out there doing those unique type of service offering out there. So before I go into further explanation, I just want to give you guys a background, what Graph really is, graph is not something where we use for charts or two dimensional way of looking at information, which you see in reports that you do today. Graph is actually a technology or actually a science, as you say that is actually existed probably more than 100 years, or what we little know about is that, you know, we use it every day that you saw on the previous slides or companies like that everyday sense. And Graph is the science that allows you to take information and looking at joining them in a relationship type of way that you see. So these circles, these lines that you see here in this example, basically tells us and shows us how we can correlate and relate and show the relationship amongst them. So if I look at the example Eiffel Tower, and the person who drew Mona Lisa, Mr. Leonardo da Vinci, how is that related all the way back to the Eiffel Tower? Well, technically speaking, you don't see that connection. But if you look at how the information is flowing, somehow Alice, who visited the Eiffel Tower is a friend of Bob. Bob is interested in Mona Lisa and Mona Lisa obviously was created by Leonardo himself. So that's how we join that connection here. And that's the science behind Graph itself in the power graph. Okay. Now, how does that relate to, in a sense of what we're doing today, and the technologies being used? Well, if we look at the industry experts who's tracking this technology today, Gartner has basically made a very bold statement to say that by 2025, Graph technology will be using 80% of the data analytics that you see. Okay. So that's only a few almost a few years from now, right that you see this technology being used. So what they're also saying is that if you're not using Graph today, I think you're going to be behind the eight ball, because that is going to be a very defining technology. To further that statement of Gartner for the last couple of years have put out the top 10 technology trend that's impacting the business. Guess what?
Graph sits number eight in that trend yet last year, it was number 10 in this one and went up two notches. So you'll see that of all the other technologies that look very relevant that you see here from big data, AI to data, fabric, etc. Graph continues to be one of those technologies that you want to see that to see as a very impactful technology itself. Now, let's go into the next layer to understand Graph a little bit differently, right, what is graph I was Graph stored and how is it relate to and looking at information. So we compare this to traditional database Graph database of today's technology is slightly different. So traditional database for those of you who are more on the technical side are very aware that things come in in so called row in tabular format. And IBM did a great job back 50 years ago to invent this kind of construct to store information very nicely, neatly. And create something called a star schema where data is stored to the respective column store holds itself, Graph is very different graph is something where you actually take the way the natural way of how humans think and store information and put it in as such with the relationships. So we talk about things we call vertices and edges, vertices and edges, in a sense, where you look at this information to say, hey, this particular circle is a non object, a tangible object or vertex. The relationship that it sends it to is basically a what we call an edge that's represented by this blue line that you see here. Okay, so for us, for us to find relationships, information, do something, what we call deep link analytics. This is where we first connect all that data point into this Graph database format that you see. So if you look at the human anatomy today, if you look at how your brain functions, or how your brain stores information, memory, brain cells, from synapses, to axons, and all that, it's very much similar what you see here, so maybe, perhaps we are in a breakthrough of revolutionising the way we store data as a next generation, going away from this traditional database. Of course, there's still lots of value from traditional database from a transactional basis. But as far as analytics concerned, I think the way graph is taking this approach and sweeping the market is something that shouldn't be ignored. So, let me take an example, and talk about how Tiger Graph today is using our graph database technology to solve some of the more difficult problems as you see in the banking industry. So, Tiger Graph is been around for close to 10 years now, we went into the market to actually open our product into the world about four or five years ago only. And so we're quite young, but very impactful because the product focuses on enterprise customers and solving enterprise problem. Things like large datasets, super large datasets and terabytes of range from solving Graph problems, self care and providing the graph algorithms available to everybody. It's open source to use to tackling these very tough problems. Eight of the largest banks in the world already using Tiger Graph, the largest banks in US and China, for example, use higher rep to solve some of the more complex fraud type of use cases. So this particular one here is the second largest bank in the world and the largest in the US without having to name names, but they use Tiger Graph today on top of their legacy and existing fraud detection type of tools that they have in place to provide at least over 35% uplift into the actual use case of being able to fight fraud. Within the first year alone, they were able to save over $15 million in fraud detection that they couldn't have done without Tiger Graph and Graph technology specifically alone itself out their implementation was very quick. From six weeks, we were able to build a POC to prove out how Graph can quickly find hidden paths and fraud that they weren't able to find from their existing system. In three months, they were production, processing over 10 terabytes of data at a time to look at these kinds of fraud use cases alone. So, there are some details around you know, what they use them with unique Graph algorithms such as page ranking Levain, which I won't go into too much detail. But the point is using Graph technology, they were able to basically enhance their system to be ahead of their community and fraudsters that we're trying to defraud them. Now, let's look at another wonderful use case. This is actually a customer that's more closer to home a company in Singapore called Merkel Science. They actually are a blockchain analytics company. For cryptocurrency, they take all the content and data available open in the blockchain crypto world and use hydrograph as the backend database to find criminals fraudulent behaviour, using the system and using blockchain to do and, you know, money laundering itself there. So let me give you a really basic easy example, as you guys may all know, already blockchain is a very well proven technology that allows any transaction to be permanently registered. Anything that you do with cryptocurrency, that sort of blockchain it's visible and observable in, in any form, right. So that being said, what they were able to do is take that information and trace the money to find fraudulent behaviour across that being able to identify people who were trying to buy illegal products in the dark web, for example, and taking that information to drive the result out of that they sell their data to, to the authorities and also to the financial institutes who are interested in understanding if there's any fraudulent transactions that are current. And so again, this company uses graph technology as the entire basis of business and using Tiger Graph as the basis of driving that technology with him specifically. Now, some more interesting and bigger types of customers, ATO the Australian tax authority, basically, the IRS or tax department of Australia, recently acquired Tiger Graph. Now, the reason they acquired Tiger graph is because they previously prior to taking in the graph type of technology, they were using traditional ways of looking at finding entities that are doing tax avoidance and tax evasions specifically, they were using Hadoop and Teradata, large traditional data warehouse systems to actually look at tracing where the fraud can happen. And where people are hiding their money or entities, companies hiding their money, right, they found that with these traditional systems, you could only go to certain hubs, when I say hubs get into the transaction, before the system was not capable of finding any more connections. And so ATO came to us and say, Hey, we need a platform that can drive that deeper level analytics to go into and identify those kinds of culprits. And they're being able to go into what they called 15 to 20 plus hops to find that information. So let me give you a quick example what I mean by that. So, we take a particular transaction, this is what we call an example of finding where the transaction was occurring. And this one particularly applies to one of the banks that uses a product knew this. So, you have a transaction where you have a user setting account, the account has email addresses and credit card information, and a phone that's registered with a phone number, title. And all this is basic information, right? The user makes a payment, the payment flows through a particular account, and it's stored in a particular thing. So what you see in this information is a couple of hubs able to go from a counter payment to another account from a regular traditional database. That's easy as well, you do a couple of joins of your transaction table be able to find that. But here's where the fun begins and where we start deviating from where traditional platforms we relational database database, big data databases, compared to where Tiger graph Graph database comes in. So let's say you want to follow this money further. You take this and you say Okay, this account is tied to this particular user, this user has a particular phone number tied to another device here, this vise made a payment, and through this payment that went through to actually tied to a particular account. And somehow, through the course of time, we found out that discount was registered with a stolen credit part. Now to be able to find this, we have to traverse into that data set 3,4,5,6 hops deep into that dataset to actually find the culprit where there was some type of fraudulent behaviour that happened. So think about this, if you were a user here and trying to make a payment. If we if you didn't have a graph database, like Tiger Graph, you would have allow this payment to go through and perhaps benefited this process here, from being able to take another payment out of this account, as opposed to using Graph technology as the transaction happening in real time we find the culprit stop the transaction from happening. And that's the power of graph entire graph coming along, to put this together for you. Okay. So that being said, let me kind of show you a little bit about some of the tools available in a Graph technology. Graph is all about algorithms, right? Being able to run a mathematical algorithm to use to look at relationships out there. So what you're seeing are these various ones that are commonly used in font today, if you're, if you have some data science background, you absolutely know this dependencies following the chain of events, looking at clusters, where you look at certain clusters of events to happen. That could be your anti money laundering right there. That's doing some fraudulent behaviour, things, similarities, looking at interests of behaviour, that may provide you with some type of recommendation, matching patterns. So fraud is based on a pattern, can we identify the same pattern other users and transactions out there, itself. And this is the most easiest one to understand, right? Follow the money. That's what I just previously did, in that particular example outfit. And it's in trouble to search a little bit more complex to be able to identify particular adjacencies in the whole ring of relationships out there. So before I finish off, there is one more polling question that I want to pose to the audience here. And again, you should see that question come up in the next couple of seconds there, just go ahead and read through that, and then put your answer to basically finish off the pop up screen there. So as you guys are doing that, let me finalise with some comments that I have. So, you know, today, you as the audience, many of the industry leaders on this call today, I'm sure you guys have some type of system or technology in place to tackle financial crime in your business. Well, I definitely hopefully with this presentation, open your mind a little bit more to look at new technology, relevant technology out there, technologies that's already been used by the largest banks in the world, to tackle fraud and be head of the game basically. And a couple of points that I want to express is that as you look at technology, you know, make sure that this technology provides additional accuracy, that uplift that we're talking about right, reducing that false positive out there, reducing the resource and the possibility to churn when customers get upset that you falsely stop their credit card from being used, able to increase efficiency and speed, you know, making the fraudulent detection in much more real time as possible. We were adopted change a lot of the systems out there that are available today. They're basically a black box type of system. So when you want to have a change in the algorithm, you have to be at the beck and call of the vendor who provided you that and then wait for them to make the change. So Graph technology, Tiger Graph doesn't, doesn't do any of the black box, everything's open source, you have an own those algorithms are self outright, a ability to have continuous improvement, be able to learn, does it have machine learning AI capability that you could actually control yourself, right. And then of course, at the end, the ability to integrate very nicely with your existing environment. Everybody's, you know, a brownfield environment where you have many sources of data and integration points, how easy it is to integrate with the proper API to get it up and running. So that's what I have for today as an intro to Graph technology provided by Tiger Graph.
FBP: Thank you, Mr. Ho for the informative presentation. Now ladies and gentlemen, our next session is on “Fulfilling the promise of seamless customer experience through AI advanced analytics”. Please welcome Miss Neeti Aggarwal, senior research manager at the Asian Banker. Hi, good afternoon.
Neeti Aggarwal (NA): So we now had the panel session on fulfilling the promise of seamless customer experience through AI and advanced analytics. I am Neeti Aggarwal, senior research manager at the Asian Banker, and I will be your host for next 45 minutes. So, we have with us a distinguished group of senior executives in digital banking data and technology from some of the leading financial institutions in Asia, and they will share their perspective on how they are transforming customer experience using analytics and technology to drive business value. So the session will focus on how does AI transform the way in which we talk to customers, invent products and services and organise ourselves for competition? How do we productise the use of data and analytics for better customer insights and informed decision making, and how we can operationalise a real time analytics and AI on integrated data to drive customer journey and contextualised experience. So let me introduce our guests today. We've got Deepak Sharma. he is Chief Digital Officer at Kotak Mahindra Bank, and we've got Chung Ho, he's vice president solution engineering a Tiger Graph, and we just heard his presentation too. And so thank you so much for joining us today, and I look forward to a lively and engaging discussion. So customers expect a high degree of consistency, convenience and personalisation from their financial institutions. Today, transformative AI and machine learning solutions offer banks new opportunities to strengthen customer service and drive business value.
For instance, it can enable them to contextualise and hyper personalised customer engagement, understand and predict customer needs and manage risks in real time, all with higher speed and cost efficiency. They are propelling banks to an unprecedented speed of innovation. And as AI technology evolves, the cost and technology barriers to implement and integrated within the organisation are reducing. Many banks have implemented this on selected use case basis. But now they need to move beyond the hype and strategies for more practical and mainstream adoption. But there are challenges that they need to address, such as legacy technology, fragmented processes, data silos to name a few. And there are also growing concerns regarding ethics in AI, especially with regards to lack of transparency, fairness and biased outcomes. So, regulators as well as organisations are now increasingly coming up with ethics framework to ensure transparency and accountability. Now, as banks look to scale and optimise AI adoption, how do they do that? How do they scale this emerging technology? Use AI more responsibly? How do they need to rethink that data and technology frameworks? So let us deep dive into some of these topical issues. So at the start, I would actually like to get a perspective on how the how your respective institutions are rethinking customer experience and undertaking AI based initiatives to build the next generation of customer experience. So Deepak perhaps we can hear your views first as to how Kotak Mahindra Bank has implemented AI. So I understand you've implemented both in front end as well as back end. So what are some of the areas where you've prioritised implementation of AI and share with us some of your use cases where this implementation resulted in significant upswing for you know.
Human intervention and AI/ML models maximise potential in conversational AI
Deepak Sharma (DS): Sure, thanks, Neeti, thanks for inviting me over. And I think last 18 to 24 months, in many ways brought more of AI in the front. And some of the learning we had during this process was amazing about how we are able to not just mined a lot more data, as more and more digital footprint got created through various conversations, various data points, both structured and unstructured data that we capture, but largely, the whole AI outcome. And I'll talk more about outcome first, and we can talk about probably the infra and the building blocks, maybe later. We divided it in what AI can do at the front for customers and businesses. And see how some of these can take a rapid adoption curve on measurable value and outcomes for the firm. And that's where we started to use it more on the whole conversational AI because what happened post pandemic when a lot of contact centre employees could not turn up to work, a lot of assisted customer handling could not happen the way it used to happen in the pre pandemic time. We had to leap frog on our conversational AI engine to help and support customer during this whole pandemic. Because there were a lot of changes that was happening. For example, in India, we had a moratorium on loans. So, so due to pandemic, the government deferred repayment of loan for those who are probably getting impacted by pandemic, small businesses, or retail individual consumers.
Now, a lot of customers wanted to get this information, am I eligible for moratorium? How do I apply? Should I take it? Or not take it? What are the pros and cons if I choose not to pay my loan instalment for six months? And we realise this, this is not a very easy conversation? Because there are too many questions of permutation. For example, what's the rate of interest? What if I don't pay my credit card outstanding for six months, it probably can move you up very high on the interest on this revolver, versus say if I choose not to pay my home loan for a period of six months. So we started building a lot more of these conversational AI use cases around context around content. And around these conversations. We moved to this whole bit of knowledge and AI learning to our employees, which we don't call it crowdsourcing, but employee sourcing, to almost 200,000 skill sets in a period of less than 60 days. It helped us leap frog the whole knowledge base, the conversation engine. And we could not just divert a lot of customers from contact centre onto a chatbot. But a lot of these conversations were more personalised with the context and data that we knew about. Because when you reach out, I know what kind of loan you have? What is your rate of interest? What's the tenure, on top of it, when you build a conversational AI layer, it starts to look more contextual, and not just a very, very basic chatbot as we used to run. So I think we also took this from the personalisation level to the next. The second part of AI for us was what we call AI at the back AI and the back is what obviously are the invisible layers of mining data. Largely it was around fraud risk prevention, because as we do the transaction scoring and predicting a transaction to be a fraud, or a genuine transaction, depending on your device, IP location, amount, pattern of transaction that you had in the past, have, we have to take a split second decision of either to allow or not to allow a transaction to go through or allow with an additional level of authentication or security. So these are all the split second decision that we built on our FRM engine of credit risk management engine, as we call. Similarly, a lot of data around the credit risk assessment, in terms of allowing customer a top up loan versus reducing the limits, or providing new customer a load in the marketplace scenario for what kind of consumption and purchase is eligible for financing versus not. So the whole model started to become more of embedded finance with credit at checkout. That means the decision was not happening necessarily the bank's front end. But this was embedded along with various marketplace those like your shopping on Amazon, or Flipkart. Depending on the purchase that you are making, we decide real time whether to allow credit on checkout or not. So that's where we started to look at a third-party data, or integrating it with the data that we had, and started to build this as a real time decision engine. So I think these are some of the examples. Obviously, there are many more, I just don't want to go on and on. But this gives you a flavour of how AI has come to use and create value for the firm.
NA: Okay, great. So that gives us a very good understanding, you know, so both frontend conversation are as well as the backend. A quick question about the conversational part. So, you know, we've been seeing AI models are still developing. So, there's a lot of this still has some limitations with regards to, you know, security enable the ability to understand the entire context of conversation, the training of models, especially, you know, like the voice bots and chatbots that, that you've talked about. And so there is that element of human versus AI in that interaction, because I'm both have certain amount of advantages and limitations. How are you integrating the two models together so human and AI integrated models in a way to maximise the potential, especially in your conversationally AI layer.
DS: You're right. So I think in my mind, we cannot be completely mission led, because a lot of emotion or context and in a country like India, where we have a multilingual society in each language in the country, there is a very different context and meaning to how you express certain things. So, right now, what we have solved and not solved fully, still is in English. And as we start moving to the other languages, the complexity only increases. So, I think what we have done is apart from the language experts and crowdsourcing that I told you, our model is not a blackbox AI model for anything based on conversation or credit, or risk, because you always know that there are biases that creeps in, or you probably have a certain wrong data. And if you keep running more of that, it just becomes the core part of it and then correcting it becomes even more difficult. So, one of the things we do is every transaction or interaction we score, and as we get the score of every interaction, it helps us mine that information a lot better to say that where AI broke. So for example, if I asked three different things in a single sentence, to say, hey, what's my last outstanding balance, and also tells me how much I need to pay for this particular month. Now, AI will break, okay, because what I'm doing is I'm asking too many things, and you have to logically break it into. And not everybody speaks the same way. Moment we get onto the voice versus text, voice becomes even more difficult. Because when you get on to typing, you will normally type a key word, you will not type long sentence. But when it comes on to the voice base, I think people go on and on and then not just sentences, and it probably ends up becoming phrases and slants and stuff like that. So understanding that context, you need a human intelligence and insight. And that's why we have a handoff from a conversational AI engine to a human bot, wherever customer says, Hey, listen, this is not what I wanted, or I want something more. So you don't break the journey. And it moves on. And as human resolves that issue or probably query, that information goes back into training the AI engine. So next time a similar query can get detected and handled better through the machine. So this will continue to be a what we call a bionic model where men and machine will co exist and more rudimentary stuff will get trained, more intellectual and intelligent stuff will continue to be when humans get involved. But then you don't need to run a lot of basic query through humans. And I think that is what we are achieving in the phase one. And now moving to the next level of transactions, service, straight through processes in phase two, I think the most complex query, which is 5% of all that we get, I think still is human led, and human supported. Okay, perfect
NA: So that, I'll come back to a couple of those points later. Let me first hear from Chung about, you know, he got he comes from the other side of the table, which is, which is a technology company and they are providing analytics AI based solutions to financial institutions. Share with us how you think the banks need to enable this next generation of customer service through the use of AI? And what are some of the best practices you're seeing in the industry right now in the region? Okay.
CH: Thanks, Neeti, for asking that question. So definitely, we've seen a collage of different ways on how companies are approaching and use of technologies like Tiger Graph and Graph technology and in general to approach in solving this AI problem. Absolutely. What Deepak said is very true, you know, how do we find that balance? How do we take the human and the technology and the bots and work together better and more efficiently as such as well, right. And so Tiger Graph, I think, in the most part, does contribute to helping that cause? Definitely. Okay. There are several factors that we found that makes it quite successful where customers do see that value. So number one, I think, first, I want to establish a baseline that Graph itself has had a big impact with banks and in financial service institutes around the world. They have, it's proven very well, in terms of being able to use this technology to solve financial crime, taking it to look at you know, AML, finding hidden areas where people are laundering money to sanction entities around the world, perhaps and be able to uncover that right? So all these kinds of things come in some type and form a of a pattern. And I kind of mentioned that in my presentation, Graph is more of a various algorithms to form these unique patterns. And then you apply these patterns to the dataset itself to find a deep hidden relationship that you don't obviously see from a non graphic standpoint than we have, right. So what we do then is take these patterns and then we train them. We use machine learning, we use AI, we even have the capability to do deep learning, a lot of these capabilities are pretty much actual Graph problems itself. Okay, like neural network deep learning, or things like NLP, which is to understand and support natural language processing, right to be better at answering questions using a bot, that kind of example that you guys were talking about earlier. All these are basically Graph problems in general, in transitioning from a traditional platform, like using relational database, pulling that data, pulling that data into what they call a data frame and applying, you know, models to look at it can only get you so far, that's kind of where the limitation is. So what I mean by that is, as you talk to data scientists around the world, those who worked in larger datasets, and be able to take these mature models, they are actually coming back and telling us that they're reaching a plateau, when I say a plateau is taking them out on finding more insights out of that has reached a certain limit, they cannot find any more features around that. So more and more of them actually turning into turning to graph as a way to finding more features to extract that information. We call it feature extraction in the AI, ML world, right, and then taking that information and furthering the study of that, and then be able to find that deeper insight out there. So coming back to your point, you know, what is the best practice around that? Well, first off, you know, I think what you first have to realise is that two things, number one, what's the size of the data that you have, that becomes a very critical part, how you're going to run your training in that size of data. So you have to have a platform or system that's efficient enough to drive that in database learning, okay, you can't be taking data out putting into another system, and then taking that data out of that system driving that computation and working to put it back in all that's very inefficient, because at the end of the day, you'll be very much tied down to the limited amount of data that you can use. And the more limited data you have, obviously, your level of accuracy would decrease as well, right. So having a platform that can basically take your data, be able to ingest pretty much all that data, the entirety of it, and then be able to run your train directly within that platform. And then of course, the algorithms that go along with it, that's just the that's the easy part. You know, you have data science background, you have the propensity to be able to use models available, the only additional training that you would need is how to use the Graph language, Tiger Graph has its own specific Graph language that we provide. And we're making that as part of the general ISO standard coming next year. So all that comes into play into building, you know, a next generation solution that could further your ability to, you know, investigate or apply the technology that we're talking about, hopefully gives you some context into some of the key best practices that we instil with our customers and customers are coming to us as challenges in their in their AI journey as we speak.
NA: Yes, certainly. So, yeah, and data is actually probably the, you know, the most critical piece because you know, what kind of data you put in the way you put in the, the accuracy of data will finally decide how good your results are, the output is out of your AI in any in analytics capability. So and you know, banks have challenges with regards to legacy framework, data frameworks that they have. So now to implement this AI at scale, it needs to be ingrained with operational processes. It needs to be supported by integrated data, and also a scalable technology infrastructure. So perhaps, Deepak you could tell us about how you envision the strategic use of AI and how you plan to build this implementation at scale in your bank. So and what kind of changes it means at your backend data framework and technology framework to be able to support this AI at scale.
DS: I think that's a transition or a journey that banks are undertaking because traditionally, banks had all their applications send data on prem. And it was in different source systems. For example, a credit card data would sit in a credit card system, while a core receiving or laboratory data would be in a core banking and so would be for different products, loan data would be sitting somewhere else. What we have started to do, and I think it's a journey in making is that we have started to move towards. So what we call is a hybrid architecture, where all new applications are moving to cloud, or that's cloud first for us. At the same time, there is an application modernisation happening to ensure existing legacy application are cloud enabled, even if we don't migrate them to cloud in phase one. Keeping that in mind, we have now started to build more of a hybrid architecture for all our customer front end journeys. So for example, if we are building a new mobile app, it's completely built on cloud, but I still have certain core systems which are on prem. Now to run that we have started to build what we call is a cloud data box. Now this box basically runs like with a technology term, it runs from a Golden Gate kind of framework into a Kafka, which is streaming CQRS. And then it starts to build what we call is an in memory database. And then you start profiling and store a lot of data, which comes from the transaction platform right on the cloud. And a lot of source system data also starts to get replicated. So gradually, you start to build a whole data structure, away from the traditional data warehouse and data lake that everybody was building. So what we call now the data lake house, which is more on the cloud, it's fungible. So you now have a 360 profile of what customers are doing, both within the banking ecosystem across different products, or different channels, but also bring in what they're doing on social media, if there is a negative post from those customers, if there is a rating on the Play Store or App Store, with comments that they have been putting up. If there is additional data about their their past known behaviour from bureau that we get a now we have a new account aggregator of framework in India that's going live, where basic consent, you can bring in the non bank data from other ecosystem participants. So as we start getting richer and richer, and a lot of this, I think our ability to mine and build use cases on top of it becomes a lot more simple. So I think the core is now to make sure the data aggregation and the framework and obviously running both data as a centre of excellence and API as a centre. And I think we have started to integrate both of these to, to see to it that all our system API's are integrated, and data as an asset is brought in at one place. I think once this side of governance is sorted, then for the rest of the AI and ML teams, or the use cases, it becomes a lot easier. Because so often you realise you have a use case, but you don't have all the data in a manner that you will like to all in terms of volume, velocity, and veracity of data. And I think this is what we are solving through this 3D model now as we go ahead
NA: Yeah, certainly. So it's, it's going to be a journey of obviously or whatever. It's an unending journey. It's a constant process of evolution. Probably this also, this is not just your back end technology and your integration of data this is also means that there are a lot of processes, which often in banks are fragmented. So they would need to be integrated to actually operationalise and be able to have a more holistic effect on customer journey as such, right. So what if you can also highlight people? What are some of the biggest challenges you face in this entire process of building AI to scale? And, you know, how are you addressing those challenges?
DS: Well, there are many challenges that are easy journey to traverse just the top ones, maybe you could highlight the first thing I just highlighted. That's more about building this framework, which is hybrid, that is real time your ability to aggregate a lot of this data and link it to use cases. The second is the prioritisation and ROI of these use cases. Because there are many things you can build. Question is where do you start? How do you fast track and wait, what do you prioritise? Because the success out of this gets more confidence to build a lot more around it. So like the personalisation, great use case but how much of that personalisation is really can you can validate we are Diamonds see whether customers do really find what is served to them is of value, it gets converted into a transaction or, or a value to customer as well as to the fore. So a lot of these ROI is the second thing. The third challenge I face. And I think that is a universal challenge. It's not for us, is the talent. Because I think while everybody is becoming a data for right, so it doesn't matter which business are you in. So it's not that banks compete against banks, but banks are competing against big tech, and fintechs. And finally, it's there's a limited pool of data scientists. And I'm saying we don't even need data scientists necessarily at a stage one, because what you need initially is data genius. Those who can just make sense of data, forget about moving higher up the value chain in this. And I think these are the places that still requires scale, talent and skill. And I think each of these is an ongoing battle that we are all trying to win every day. But I think it's no silver bullet.
Definitely so and you highlight some very key points here. I will touch upon the talent part a bit later. But a quick question about what you shared regarding ROI and the impact of AI. So are you measuring the impact of AI implementation on a use case basis? Or how are you measuring the actual you know, return per AI implementation? Or is it done on a on a more holistic across the bank basis? Curious to know that.
So there are three buckets? Okay, I think two, I spoke about AI, the front and AI the back. So each of this there is a measurable ROI. For example, there is another area that we are now working on, which is handwriting recognition. Now, handwriting recognition is a great use case. But where do you deploy this handwriting recognition? I think that's an important choice. So we said we will build and deploy it on the check, and instruments recognition for signature and whether is a fraud, lend check, and can help in faster clearing, can it reduce the human dependency to verify these instruments? So there is definitely a productivity gain in terms of your ability to process those volumes, with less manpower and with better accuracy. You can use the same handwriting recognition property for a property document. But question there is, where am I seeing the volume and the value to prioritise even within that technology. And I think that's how prioritisation will become always important, because there are many use cases chasing. And as I mentioned, the bandwidth is limited in terms of resources, and the skill, so you have to optimise. However, there is also a third horizon that we work on, that's more on emerging use cases of here. Now, there is no ROI there. But these are more of experimental phase of testing certain things out and seeing whether this becomes the way. For example, one of the things that we are testing is the multilingual voice interaction. Now, as I mentioned, getting first voice and then sometimes 10 different Indian languages is extremely complex. But I think building that whole journey of testing it out on the voice and interactivity on the real time, is the area worth going into because that's where customers are. Similarly, I think the whole facial recognition today, while we all rely on, you know, the Apple or Samsung facial tech for authentication or access to banking app, but our focus is to build our own facial stack. Now, I do know that likes of Maxwell and Sense Time, they have built great at scale, facial apps, sort of China and Hong Kong, but they're not designed for the Indian faces. So I cannot use that technology and put it here. Nor can I use a device facial into my authentication, because I don't get an audit trail in case there is a dispute a transaction. So as we realise these are some of the challenges, you have no choice but to build. And these are no easy solution that you can crack it over. So but you have to pick even those bets carefully. It's not that you can go and run some 20 such experiments at scale. But but you have to mix you have to put your bed set to saying that 70 to 80% would be more immediate to short term beds versus 20 to 25% would be more experimental and a medium to long term and that's how we divide our priorities in these three buckets.
NA: Okay, perfect. So, Chung, if you could share your perspective also on this. So we've seen a depot talked about various bottlenecks and challenges that banks face in AI adoption at scale. So if your perspective on on how banks can build the right data and Tech Foundation for AI, and how they can address all these various challenges with regards to scale, and, you know, skill as well into the AI adoption.
CH: Yeah, sure, let me help comment on a couple of key points. So, you know, as far as how Tiger Graph approach and help customers ease that adoption, there's several areas that we help them focus on. Number one is making sure the infrastructure itself is very easily integratable. In that sense, what that means is that, you know, having a new platform like Tiger Graph coming in, we're not there to put more work on to the IT or the data team, right, that's, that's the last thing we want to kind of do, or make them feel and perceive that's the case. So one thing that's very important is the ability to very quickly integrate into their existing architecture. So Deepak mentioned, you know, the combination of hybrid and on prem kind of architecture. So Tiger Graph, also needs to support or any Graph technology today, and to apply something like that, you got to make sure that that technology is supportive of that type of hybrid environment, or even to the point of cloud native, right? How do you get to the point where suddenly you need lots of compute and storage power, can you easily, you know, extend out in elastic wise to be able to do that, you know, you require some level of cloud native to do that. So part of that is to have that capability to support that scaling out to a level where you don't have to worry about that architecture. So we could do it automatically. So the distributed scaling of that capability is there. Okay. And number two, you know, you guys mentioned and talked about skill set. Well, obviously, you know, we want to do our best to also minimise having heavy touch points of data science every time when you either build a model or make changes to it or improve against it, right. So one thing that we strive on is to make sure that the Graph data is explainable. We call that in our coin term explainable AI, how do you take information that's output from a graph and visually see that and even a non-technical person can actually take that information, and easily make sense out of it. You know, keep in mind that what I introduced today, is still a fairly new paradigm shift in number one, how we store data. And number two, how we look at data, right? Even though as I mentioned, the science behind it exists, you know, well over the century already, right. So it's still a journey for folks to kind of learn and adapt to it. But it's important to identify technology, allows them to adapt very quickly. One thing that, you know, we also focus on is something called democratisation of that data itself there, what that basically means that, whatever we do from the result, the output of giving you all the available API's to interact with that data, and as real time as you can display that information to every facet of your user community. So, from you know, people who are investigating a fraud, another team in the marketing team and product managers looking at the data to see who's, who is the high value customer that's about to churn, and how do we quickly approach that person? What kind of offers that, from an AI perspective that will generate to say, these are the recommendations. So, one thing that we do the approach, you know, taking the baseline of fraud information, the same type of data set, and then now applying over doing full end to end customer 360 view, right? Because it's really the same data set that we're talking about, especially in banks, you know, we're talking to transaction products, and then your customers, etc, right? And so that is very valuable, because, you know, you start building on that, finding that relationship deeper, and then transitioning that to that level, where, let's say, today, I'm a customer, I'm calling in immediately you have access to data, regardless if it's AI or not, but AI will be important because when you call in that information is run they pull up the customer information in front of that call centre person who has zero experience or knowledge about AI or technology, but they can look at and say, oh, this person has personal banking. It has he has a corporate account. He has a wealth management plan that we propose. And below are all these recommendations that itself would come from that AI driven capability itself there.
NA: Okay, perfect. So now at this point I, I pivot a bit and Deepak earlier talked about it also about, you know, using AI more responsibly. So, while the benefits of AI are clear, there are also potential unintended consequences like, you know, biases, ethics, several regulators, they've come up with new guidelines and frameworks around it. And also the banks are building their own ethics framework to make it more transparent, accountable and explainable. So Deepak perhaps you can share, what are your biggest concerns around this? And how are you addressing this issue of bias and ethics and accountability in your organisation's? What are some of the initiatives that you've undertaken in that direction?
DS: When we talk of responsible AI, there are quite a few blocks, while banks have largely been very, very concerned around the data privacy, and what data do you capture? And how do you use but you still see a lot of apps and a lot of places where the data from your microphones to your SMS to your device location is freely used and gets fed into AI. So, I think one of the things that we are seeing, and hopefully, through the law that is going to come out soon, it will become imperative on all kinds of institutions. But first, how do they use a customer data? What consent do they obtain when they store or capture data. And so that customer is fully aware of what data or digital footprint he or she is leaving behind and how's that getting used by firms. I think banks to that extent, never went beyond looking at the financial or transaction data. So as to say that's probably one reason banks are relatively in a better position being a regulated entity than probably a lot of tech firms, where their core business model is on top of the data overlay. However, I think from AI perspective, I would still say that ensuring that the biases do not creep in becomes a very, very important part of it. So, as the training data set, at times when we do not have a full data set, and you start training with a limited data set, or the training data set itself as inherent or inbuilt kind of biases, which can be at times towards a particular location towards community towards a certain set of socio economic categories of people, or certain kinds of professions or employment sections. As all these biases come in, and the training, it's imperative that a lot of this will also get into the outputs and how you start scoring. For example, a credit scoring can get very, very easily, severely biased if you look at probably a data of defaulters, but not look at data of defaulters as a percentage of total default as a percentage of good customers versus bad customers of a certain type and basis that that one may start denying loan or properly credit facility to certain segments. So I think a lot of this is what I call is the responsible AI where at the data set and the training set itself, one needs to keep looking at what are the outputs. And if that is showing any kind of bias in the model. That also brings to the next point is AI cannot be a black box in my mind. And I think a lot of models that typically started as a black box has failed, because you really do not know how some of these algorithm over a period of time trains itself and creates an output, especially in financial service. I still believe that it's a machine and human. One needs to continuously vet out the logic with the with the actual things on the ground, go back and trade this rather than machine train machine itself to build a more accurate model. I think this hybrid structure in my mind will continue to be the way to build are responsible.
NA: Perfect. So yeah, so blackbox and being explained, having explainable model is is quite critical. Should probably a comment from you as well on this. You know, what are the emerging best practices in using AI more responsibly and building it to be more fair and inclusive?
CH: Yeah, I think to be honest, Deepak has touched pretty much on all the points that I would touch and also what we've experienced this Well, I think the key thing for us is the blackbox part, and one thing that we strive very, very openly with the community as well because to some Graph is still like it separately new. So all the algorithms that we use, it's open source that it's exposed in GitHub, for example, that you could download as a framework to start using. And then as banks adopt to it, it's not something that we didn't charge extra for them, they develop on their own, they keep it, they keep it in a safe place, so that they're ahead of the game when it comes to detection, etc, from all that as well, the bias part in terms of the data set itself, I think that part we could tackle with more just science around that, you know, to be able to run various types of algorithms, to be able to do checkpoints around that. So that's not too difficult. But at the end of the day, you know, the whole explainable AI part becomes one that you could then validate if the data is truly saying what it's saying, you know, is, for example, you know, the AI say, this is a bicycle is a really a bicycle, right? You know, those kinds of data points, you know, be explained that, but at the end of day, yeah, those are the compensation comments that I have. Thank you.
NA: Great, perfect, so quite, quite insightful. So I'm, we're running out of time. So I, I would have loved to talk a lot more on this topic. It's such an interesting topic with so much of emerging technologies and innovations happening around AI and its use. But as, as Deepak pointed, there is a lot of innovations happening in the industry. We heard around how AI and advanced analytics can be utilised to strengthen the customer experience, and better understand the customers not just have a better interaction with them, using AI and human integrated models at the front end, but also have a stronger analytics at back end, to be able to understand them better. And then there are a lot of moving and critical parts into the adoption of AI at scale, that primarily being the data integration, the technology, the processes, and of course, moving on to a more scalable architecture like cloud. So, those are some of the key challenges of banks have to address. And then. So scale skill and talent, as we heard from our panellists, and then the probably the part that is getting a lot more of critical and regulatory supervision around is building a greater transparency, fairness and accountability in future use of AI, how the banks need to build a framework around it going forward from where they are today to optimise it for future. So great. It was quite an insightful discussion. Thank you so much, Deepak and Chung, thank you so much for sharing your insights with us. And thanks to all our audience for joining us for this session, I hope by everyone learned benefited from your insights and your experience. Thank you so much. Thank you to all our speakers and our moderator, ladies and gentlemen, to lead us in the next exciting session on multi cloud environment and how to keep business safe. Please help welcome Mr. Mobasher Zein Kazmi, the head of research at The Asian Banker.
Mobasher Kazmi (MK): Great, we now have a panel discussion on the multi cloud environment and how to keep business safe. I'm Mobasher Kazmi, head of research at the Asian Banker and I'll be your host for the next 45 minutes with us as a distinguished group of senior executives across technology risk and security from some of the leading financial institutions in the region. And they'll be sharing their perspectives with us in terms of how they're enabling a safer banking environment as we transition to a multi cloud paradigm in a very fast evolving digital banking landscape. So in this session, we will be focusing on how technologies such as machine learning and advanced analytics is facilitating banks to prevent fraud on a real time basis. We'll also be looking at compliance as a service framework in terms of its adoption across different regulatory jurisdictions. Then we'll delve into in terms of the centre of gravity, which is shifting currently from internal data networks and onto the cloud. And to wrap up, we'll be looking at designing the right cloud strategy, which is flexible, secure and scalable in terms of driving real time capabilities. With that I would like to introduce our esteemed guests joining us today is Sumit Gupta who is the Chief Risk Officer at Yes Bank. We also have with us Brian Carroll, the founder and CEO of TNEX digital bank. And we also have with us Dinesh Babu Krishnan, the senior vice president enterprise, data architecture at AmBank. So, thank you all really for joining us today, and I look forward to a very lively and engaging session and discussion. As we've seen, and has been quite demonstrably established, FIs are certainly quite vulnerable to the attacks, given the size and the sensitive customer data that they're privy to, which is currently sitting in a multi cloud environment. So, this makes FIs particularly susceptible to attacks from malicious actors, where we can see potential breaches and digital fraud in the offing. And given this rapid shift to digital by established banks in the APAC region, which is which we're seeing has outpaced in terms of their capacity to adequately protect themselves from these emerging threats. In 2021, we had we saw third party risks ransomware, which really dominated the cyber threat environment, we also see, we also saw rather a resurgence in terms of the distributed denial of service or DDoS and Trojans, that have also emerged. There's a recent industry report, suggesting in fact, indicating 75%, or three quarters of server surveyed, FIs have reported that the security of their public cloud infrastructure is a serious concern. And we do see that many institutions are still grappling in terms of really addressing some of the different security challenges associated with cloud based technologies. So given this recent trend in financial services, especially this wholesale move towards the cloud, banks across the region, and in fact, world over have rapidly upgraded their IT security instruction infrastructure are looking to do so in order to prevent their institution from being attacked by potential bad actors. You know, as we've mentioned, those from ransomware supply chain attacks those Trojans and DDoS threats. So with that said, I'd like to begin and perhaps I can invite Sumit to look at the role in terms of the application of advanced analytics, such as machine learning AI, to help strengthen the cyber risk defence in this new multi cloud environment, so Sumit your thoughts on this.
Sumit Gupta (SG): So thanks for the invitation, Mobasher, and you know, it would be my pleasure to be part of this esteemed panel. Let me share a little macro view. And then we come down to more specifics, frankly, the, the cloud has been very steadily getting adapted by regulated and non regulated entities. Over the last maybe five, seven years more for the pieces only increasing, frankly, and a lot of these paces is driven by cost cutting cost, structures, efficiencies, scalability in the likes of it yesterday, and the cloud technologies itself has also been developing at a breakneck speed, and the tools they are about. So I guess it's a it's an evolving space, which is evolving at a ferocious speed and the applicability or the other way around the convenience of adopting cloud into your mainstream business is becoming very compelling for a large number of organisations. The more it's, of course, the new startups, the startups for them starting afresh is like, you know, the easiest part is to start and native itself is in cloud. But for regulated entities and legacy institutions, you know, it's not switch on switch off, right? So it's like, can you replace the engine of a moving ship, you cant, it can be that much tougher, right. So you need to possibly do bit by bit, at the same time making sure the ship is running ship, you cannot afford the ship to stall at all. So and making sure that you are on top of it on both sides as well. So it's not that you know, you can only look at cloud with certain tools, you can only look at on prem legacy data centres, on prem activities. On second part, you need to be able to look at the combined part of it to understand is somebody trying to, to wedge to drive a wedge in the two monitoring mechanisms and look at monitoring arbitrage. It could be time of the day, it could be the way logs are captured in cloud, whether the logs are captured in in the data centres and network assets. So that is one, you know, and frankly, cloud itself is also you know, I was just listening to the previous panel. Cloud has also more evolved, right, and you had cloud pure cloud, then you have private cloud, public cloud, now you have hybrid cloud, and you have now on prem cloud, off prem cloud, you know It's either the terminologies is also idly evolving. And so are the uses. And so are the pipes correcting each of those versions of the cloud. So thankfully, there are tools now, which, which help you monitor multi cloud setups. Sure enough, there are new tools also available have to be able to track multi cloud as well as on prem infrastructure assets. You know, and, you know, my colleagues may, may want to agree with me on that as well, the execution of these tools, deployment of these tools in your operations, that itself is also a task by, you know, it's not that you know, you buy a washing machine or put in a house and go tomorrow morning, you start using it, it doesn't work like that, right, there is a huge amount of effort, which goes in implementation itself, so long and short. So that is definitely an opportunity. I don't think it's something that we can go back to what we used to do. Life is almost like a one way street. Yes, we have to very, very intensively work on making sure our processes, our privacy, our safety is paramount. Otherwise, you know, just to only to reduce costs may not be the best way to adopt cloud. I mean, there has to be a fair bit of groundwork done to look at that. And what everybody looks at AI, ML is pernicious for everything in life. No, it's like, you know, how many of us can have the blind confidence of looking at driverless cars can go on a highway, or a driverless car sitting quietly, you know, no problem. AI, ML is driving my car. So I'm pretty safe. I mean, every single person, the car is going to be wanting to bail out, jump out of the car at the first moment. opportunity available, right?
MK: Yeah, thank you. So we may have lost you there, just briefly. But I'll take that opportunity, some very good points that you raised, actually, in terms of how we should be approaching it with the different tools that we have available with us to really enhance the capabilities that institutions have to really strengthen their risk defence app. So I'd like to also invite Dinesh, in terms of what he is thinking is and how he's approaching this, in terms of applying machine learning and AI Ambank.
Incorporate multi-level security
Dinesh Babu Krishnan (DBK): Firstly, thanks so much for having me in this panel. In my view, what Sumit covered is more from the tools, the security tools, which we can deploy in the multi cloud environment. But I believe more than the tools from the application side, also having the AI and machine learning and, bringing the intelligence, by collecting some of the dark data, like, which location the customer must be opening from mobile app or web, typically, what device they use understanding the customer behaviours from the dark data, and keep well prepared, so that when you observe any of the unusual pattern, whenever you see some transaction happening from unusual pattern, you don't 100% rely on tools to react, application themselves has some kind of intelligence to predict that. This seems to be, coming from different networks or, different IPs example. So, if that is the case, application can pose some sort of additional multi-level security, like asking OTP or some of the security questions, like, what Sumit had mentioned. Machine learning needs some training. So it's not like a magic where you of machine learning, it automatically happens. It gets mature over a period of time by learning some data, the data and the pattern of the data, right? So at times, it's also interesting to know that cyber is over smart. So you know, by mimicking the same, the customer pattern, which and a customer always transact at a particular time, the cyber security also takes the same time to mimic and eventually attacks. So when it comes to, you know, the original question multi cloud in or online, I think, when you host the application in various cloud, right, so you need to analyse the traffic logs and keep keep not looking for any potential cyber attacks in particular network, so that you can still run the business in from the non affected cloud environment. So that's how I say, you know, the overall aim is learning it's not purely relying on the tools and technologies but also application side bringing some intelligence. And also in multi cloud side, you kind of diversify the application running. And, you know, keep analysing the law to prevent any attacks and also so that the business can continue as usual. Yeah.
MK: Fair enough. Thank you for that Dinesh. And, Brian, in terms of how you are approaching this and what is really your top of mind concern in terms of ensuring a safe cloud environment? How are you approaching it next?
Brian Carroll (BC): Well, firstly, thank you for the opportunity to speak. And I suppose to really come back to what was said earlier, I'm one of the easy guys. But as you can tell, by the shape of my head, I've been involved for about 30 years in this business. So, I've also done that hard stuff. And it ain't that easy. We're a digitally native bank. Digitally native, designed from the very start with no technical debt. But I'll try and speak from both sides. And the reason I got involved in digital only was I was sick and tired of technical debt. No one likes to pay off debt. It's no fun. First thing? Let's stop for a second, because we're all talking like bankers, and we're all worried and we're all sitting there. How it is an amazing opportunity, guys. It's where we need to be. It will reduce cost of compliance, it will make us safer. We can use behaviourism. as we can use analytics, we can deliver better products to our customers. But of course, it does bring unique challenges. Because going to cloud multi, whatever is actually a cultural change for the organisation. It triggers Conway's Law, where Conway said that organisations are destined to produce solutions that mirror their communication structures. Cloud smashes that all up. Okay, completely. So it's not about IT. It isn't. It's fundamentally more it enables. After I've washed my hair of an evening, what do I think about? What I think about would be cybersecurity and privacy, of course, you know, that has stopped a lot of banks, they're nervous about, but in fact, you're now seeing that 33%. So report yesterday, 33% of total revenue being spent on cloud is banks. So obviously, banks are going there, they're finding ways around it, and they do it by workloads, or my esteemed panellists will be more with that. Okay, the next thing is risk, compliance, and governance. Because this is an organisational change, we're going to manufacture and distribute our product in a completely different way. So shifting and lifting or dropping and praying, and hoping that, you know, by making this a technology or developing on a proof of concept model, no, you've got to step back. And you've got to look at the fundamentals. Because it doesn't matter if your bank is running on a washing machine. Or if it's running on the cloud. We're bankers, and fundamentally, we're in the risk business. That doesn't change. It hasn't changed in 600 years, and it won't change going forward. Our customers want more. And we have an obviously risk challenges are higher. So that talent, let's be very clear. It's a big problem in our industry, okay. I've helped banks across the world and start, you know, and that's the biggest issue. It's not just the talent, it's the culture. I remember sitting at a meeting in a US bank, with the infrastructure guys, deciding how we move to cloud. Turkeys don't vote for Christmas guys.
Or Thanksgiving today, obviously, to our American viewers out there. So that's hard, because this is an organisational change. This is fundamentally Conway's Law playing out. And an operational of course, it scale. It's all those NFTs. So there's no four is non functional requirements, of course, scale, performance, my customer experience, and of course, resilience. And these are all compliance concerns, as well as CEOs concerns. And finally, there are many more, but I'll finish up with this one. You know, cloud has the promise, if you're not on the cloud as a bank in the next five years, you're going to become irrelevant. You're going to become irrelevant. So forget, it's an irrelevant it's a maxim. So cloud does allow us to do things faster so we can keep up with our customer needs, you know, and our customers are demanding more and there's more opportunity for customers to go elsewhere. It does do it better because, you know, it allows us to compliance better, okay. But, you know, that involves the talent to be able to do that and the mindset. And most importantly, and I've seen this, and I'm a bit of a veteran in the cloud cost, guys, we're a business. So the cost of compliance is going up. Why? Because regulators are being more protective of the consumer and the businesses, which is good. And I like that. And you'll have regulars like in Singapore, or your DBA in Europe, that are putting up cloud that are putting out, you know, putting out direction for us. It's not an outsourcing arrangement. But I believe. And, you know, I get asked this on various aspects of our business, I believe that a properly architected governed cloud infrastructure could reduce the cost of compliance significantly, right? Between 50% and 70%, easily, but it's got to be architected, it's got to be governed, you got to have the right people. So as both speakers have said, you know, anything that's worthwhile in life is normally not that easy to achieve, guys, because if it was easy, we'd all be doing. There's great effort involved. And it's not just technology, it's an organisation shift. Yeah.
MK: So thank you for that. Brian. So Summit. So I've been looking at that mindset, change and thinking, as well as having a more holistic approach and not just relying on the technology tools. So where do you see the current gaps? I mean, AI, ML is, of course, quite fascinating and quite helpful for institutions. But in your thoughts, what else is missing, to ensure that you have all the processes and systems in place to mitigate any potential risks for multi-cloud?
SG: Let me agree 150%, with what Brian explained, right, and he really touched upon some of the softer aspects of culture of mindset of availability of talent, you know, each one of them is a very large factor by them. Right. And yet, another fourth one is going to be the local, locally relevant regulations. Now, each regulator, you know, is as you rightly said, is paranoid on the extent of compromise, some of these clouds may just do that me is the operative word here, for any customer, and what PII data or private personal information, or applicability of privacy norms, by different thing and the new variable on data localisation. Now, each of them has a role to play actually has a very big role to play on the way your architecture has to work. Now, so on top of it, at least I can talk about Indian regulator we are the while the cloud adoption has been increasing over the last few years, we don't have a very in black and white, any specific guidelines or approach or policy defined by the regulator yet? It is in the works, as I understand and should be approached paper or policy may just be shared over the next few months. But that's one issue is yet to be there. Because then it also tells you what is gray, what is white and what is black. Currently, you know, everybody is wanting to only move non critical activities on the cloud. Because they also understand everybody understands the movement to cloud, you know, once it happens, it possibly is a one way street. So in case we end up being a little aggressive on the regulatory expectations and asks, it may be difficult to roll back number one. And number two, we see is a very large component of data localisation. It's not an easy one to handle. And maximum cloud operators are offering guys are all international players who would offer their hosting literally all across the world with little oversight by the tenant onto the system other than a dumb certificate, a blind certificate, which should be available for you to try and take them everything at face value. And if the regulator agrees, great. Either it doesn't agree then it's a tough one to head. So I mean, I'm sorry, maybe I'm just telling you and exactly what the situation is. But one thing is evolving in my mind. I honestly there is no easy answers to do that. The insistence on every regulator increasingly in most countries to insist that you know, they need to have absolutely comfort that the data pertaining to the respective countries customers are not being domiciled or hosted overseas so that it cannot be exported overseas is becoming a very important factor. I mean, Europe has already approved their own set of GDPR norms and there are stiff penalties on processors. Likewise, you know, at least in India, there is the PDP which is the Privacy Data Protection Act, a bill is likely to be converting into an act of the parliament in the current winter season of the session right now what shape and form it comes up with anybody's guess yet, but should in some shape and form with some time dies, it will also become that much more onerous. So I agree with Brian, when he says the processing, the cost of compliance over a period of time may get better, but over a period of time is the operative word here, because in the near term, the cost to be deploying new tools, infrastructure itself, to comply with the law of the land may just be quite onerous, frankly. And as I said, for us, newly starting unit entities could be very fine, you can actually do the entire architecture, absolutely prim and proper. But for a running institution, even if it's 10 years old, you have problem at hand. I mean, it's not an easy one to handle.
MK: Absolutely. Thank you. Sumit, and Dinesh, certainly this would be a critical consideration for a lot of institutions, as they, you know, decide what would be the appropriate tools that to ensure their own multi-cloud, safe, multi-cloud environment? Engineer, your thoughts? You know, just looking beyond, you know, the technology.
DBK: Yeah, I think, as I mentioned earlier, right, so yeah, this learning certainly helps in terms of safe cloud environment to some degree, but I would say, you know, that alone cannot be sufficient enough to bridge all the gaps, right. So other than the tools and technology you deploy, to different site, you know, the cyber attacks, I think, like what Brian and Smith said, I think I want to emphasise more on the culture, right? So we need to have a proper culture, you know, understanding of how the data is being handled, you know, how technology works, right? So that understanding has to be there, right? So for example, if if you have a sophisticated all the cybersecurity tools, everything you place, but the end user or the user for handling the systems, keeps the password in open network, and it doesn't help right. So, the tools are there to protect in something, reverse this culture, how to handle it. So that discipline has to be there within everyone, right? I think this culture is should be there across all levels of users, right? So be it application network, or infra. And more interestingly, I would call, I would say the customers also, we need to keep it in this situation, right? So let's say customer also loses their user credentials, their account would be compromised, right? So I think only the size or the scale differs, whether the end user account get leaked, or password to get leaked, or server password late. So the only the scale, you know, the impact differs. So in a nutshell, what I would emphasise, you know, what Brian and Smith said, just put up on faith, I think they need to keep educating all the users on the importance of security. And the potential is not just relying only on tools and technology. Because one side, when you have that other side, you need to make sure that we have the enough skill set and culture in place to use the right tool. Otherwise, you have a powerhouse, but people don’t offer to drive it right or ride it. So I think it has to be balanced. And more focus on the culture part.
MK: I absolutely agree with you, it has to be a balanced approach. Thank you for that Dinesh. So move on to our next area of focus and looking at it at the compliance as a service framework and adoption. So for many banks, I mean, we discussed also the cost of compliance and for many banks, who would like to reduce those risk of fines and as well as the potential of reputational damage. And given how onerous these compliance processes can be, you know, probably asked Brian to get his thoughts in terms of how he views cats as a viable option. And what you know, additional steps can be taken really, in terms of the you know, the ignore institutions, collaboration with your provider with the cloud provider, to ensure that you know, that all those standards are being met on an ongoing basis. And you have a very proactive response to any regulatory change.
BC: Let me preface that. I get really, really nervous with phrases like compliance as a service of risk as a service because I think it's invented by management consultants to sell more business mostly, okay, we're bags, we can outsource risk. We're not allowed to. We've been given a banking licence, and we're allowed being trusted with the money of the people of our various countries. And we're not allowed to do that. And it will not be Amazon, Google on the front page of the local paper. If there's a massive data breach, it'll be our CEOs or my case, me, okay? So you know, from a compliance or a risk or a legal, you know, you need to understand your obligations in the cloud, you're given a set of tools and architecture, which you will then bake the cake, okay, you need to bake the cake, you're responsible, even if you, you figure it out, you are the regulator is going to be staring at you. So when you're going into this, you know, there's a couple of things we did, and I've done some transformation and shifted, lifts. But obviously right now it's native. So I take it from both. For me, shifted lift, guys, let's not, let's not forget the past, you know, one thing we're really really good at is risk. Yeah, we're good at assigning risk and understanding risk and mitigating risk. So when you're getting with a cloud provider, you need to risk assess every single component of their service. Okay, properly risk assessment against whatever risk framework you're using, or whatever for risk ramp is prevalent in your organisation, you may need to enhance that risk framework, particularly around cybersecurity. And remember that for the first time, it's banks very nervous, our data is no longer in our data centre. It's up there in the cloud, who, and arguably, it's safer. But it comes back to keep coming back to this do your risk assessment, the talent side is really important to be able to do the risk assessment. Okay. And then when you've done that risk assessment, you know, you need to compare it against your own governance, but it comes back to this cloud is far safer than on prem, if properly deployed, because most organisations cannot afford to have their own capex. Remember, there's not very little capex, so I don't have a capital flow, I have an OP x. So it allows you access tools that you could. But to finish up, it goes back to this thing that keeps cropping up and banks don't get, which is it's about culture. Okay, it's not about technology, technology is now democratised. You know, I built two banks in nine months. Okay, why? Because it's Lego your Lego it together. But it comes back to talent and culture. And I know it's a bit abrupt, and you some of you know me, Mobasher knows me. But there's a general rule, I told my guys over the years, a fallen with the tool is still at four. So deal with the issue, the tools are readily available. There's no capex involved. We're now in a different world, we're in the world of architecture and risk. We no longer like my first job, the data centre we generated around electricity. Why? Because we had to, now you know, a lot of what we had to do traditionally. And if you look at GDPR, in Europe, you know, that's the biggest use case, trying to achieve GDP or in Europe and an old bag, even a 10 year old bag by moving into the cloud actually increases your risk. Okay, but trying to achieve it, if you architect it, well put the culture do your proper risk assessments, listen to your CRO, listen to your CIO, bring in the talent. I think they're more or less my meandering concerns and an answer to that question,
MK: And Sumit. So on this point, as well, you know, how can institutions really avoid that compliance trap? I mean, for a conventional player, you know, having that dependency on a service provider, you know, for your, for assisting you in terms of meeting your regulatory needs and compliance needs. Is this feasible? Is this doable?
SG: Oh, let me respond totally differently. So I don't think compliance trap, I would want to use this term, frankly. And let me also speak in some other sessions, a couple of days back. I said, Why does a bank exist? The principle isn't our baggage issues, because you are in the business of managing risk. And whether it's anything to do with and you hold on to the trust of your depositors, these are the two things you just cannot go wrong. If either one of them goes wrong, honestly, you're done with it. So when it comes to compliance, and you know, Brian explained it at length, the cloud could be a safer place. If and it's a bolt on capital, if architected were right, so I don't think honestly, we need to look at compliance as a onerous task. I think it's important to have compliances pretty much in shape. The technology landscape is evolving, and it's evolving, honestly, on a daily basis. So if there is a regulatory asked to do ABC items, it's important for us to get that piece going. So the entire cost benefits what everybody is running after, to looking at saying in the long run I in the long run, maybe it could be three years could be one year could be five years, depending on the horizon of the investment I was talking about. It's important to plug in the compliance costs as part of a cost structure to make sure to tell you rationalise justify to yourself, as it makes sense. And if you don't do that, the implied costs which will go to spring surprising you why because a non compliance is because of maybe ransomware attacks because of data privacy being compromised. And if you can get sued by the customer, you know, that is going to be your reputation goes for a six, which will have a direct effect on your underlying business, besides the regulator's flak and who knows, you know, what kind of penalties and competition, you'll have to pay to the two different customers, right? Look at just one last bit, I don't think I would want to look at looking at compliance as an extremely high burden or a trap, I would want to look at compliances as a critical component of the way we do business and keep strengthening the ways we have up our systems can possibly get compromised, which Kavita, which is also evolving on a daily basis.
MK: Very good. Thank you, Sumit. So Dinesh, we spoke also at length, especially on data and how we're moving from, you know, internal data networks to the cloud. And how important really data protection is, you know, for of course, Smith alluded to the reputational risk that, you know, that institutions could be subject to, should there be some type of breach, Dinesh in your view on what's the right engagement between your cloud provider and the institution to ensure data encryption, oversight and integrity?
DBK: So I think like, what brands and right so my view is also the cybersecurity cloud is a joint responsibility, right? So it cannot be like, you know, you host the application or, you know, brought your data platform into the cloud. It's the responsibility of the cloud service provider, we cannot presume that, right. So, while the physical infrastructure, and then our data centre of the cloud provider, maintaining that, you know, securing that is with the cloud service provider, but the application running, you know, within the cloud is always responsibilities with us, right? So I think, before we get into the cloud journey, right, so before you move out your data outside of your on premise data centre, first, in my opinion, we need to have a clear data governance framework, sometimes what happens, the governance framework, what you have on prem is you try to put it on the cloud, it may not work, right? Or it will not work, because the way the computing, the way that technology use on cloud is entirely different from the compromise, right? So because that the credentials are not very simple username and password, there are various security keys, you know, the, the art of you know, spinning up new instances scaling up, all those are different ways of doing it. So, first thing is, are you ready? You know, you do you have enough data governance framework before you move the data. And second one is, have you done enough for data classification? Have you marked all the data points, you know, which one is since the return is, you know, public contracts are all the data mapping, the groundwork has to be done before you move in? Let's say without having proper classification, you moving more into the cloud and if something gets compromised, you don't know you know, how much of sensitive data you lost. And typically in the architecture wise, when people talk about you know, data masking and flips, and they always talk about the customer PII right, so protecting the customer PII. But I think beyond the customer, I think we need to also protect, you know, some of the unique key differences between two entities, you know, when you're dealing with multiple data set, you should ensure that it's anonymised enough somebody gets control over one data entity, they are not able to traverse to another entity, because you know, that there is no the ability is kind of encapsulated. So that people cannot traverse to multiple or gain control over it right. So, in short, first thing is establish the data security policies, you know, in case an address and most first you have to define for the second one is re-architect the applications to handle the data in a safe and secure manner, right. So, and then third, probably you may want to strategise data residency, where you want to keep the data you know, packetise, PII and sensitive data, and so that you can avoid gaining the complete data access at one point in club. So, I think we all know that cloud provides the agility, right, so quickly help you to set up something hypothesis. So, as Brian also said, you know, sometimes when we have this kind of agility, people will try to do your prototyping, right, or do some experiments on the cloud. So because of the, let's say, the business of digital nature that they need to go to market quickly. So sometimes this prototype becomes a permanent reason, right? So that's something you will kind of oversight this security element of it. So in my view, whether you're controlling from the, you know, prototype to your product, or from the ground, you're implementing something new, so isn't dev sec ops is another important diamonds and to look at every single deployment, you ensure all these controls validated. So hence, I believe, I think, change management in this aspect, right? So it's an important thing to consider. And to look at security is not an afterthought exercise, it should be part of every deployment. That's always.
MK: Thank you, Dinesh. And, Brian, to you as well, you know, having all the data governance structures and processes in place to ensure that it's safe to move this data to the cloud. You know, I mean, what would be top of your consideration when you know, if you were to leave this data migration?
BC: I think that's pretty clear. If you ask most organisations, large organisations to tell you where all the PII is, they have a problem. Okay, you saw how difficult it was for organisations to even do this for GDPR. It was a two to three year project. So every organisation should classify the availability integrity and confidentiality of an audit of an organisation's data. It's so really important acid, of course, organised, we didn't, you know, I had the ID the lock to build something from scratch, but you know, most, if you look across Asia pack, the average age of core banking systems is 17 and a half years. Okay, so, you know, talking about APIs, micro services, data, obfuscation data at rest, encryption, tokenisation, it's just not an option. Okay. So it's always going to be data. So what's the biggest problem in cloud? What's the biggest new thing and the biggest new thing, of course, is the data. And the biggest problems are the security of that data. Okay. So it keeps coming back to that, if I was leading it, you know, what, there would be less action on the cloud, the project would probably be 70-30, or 80-20, would be defining the problem in my existing organisation, fixing and cleaning that problem, and then moving it because clouds easy. Okay. But it's the organisation where we are right now. And, you know, I would suggest, you know, banks that are doing this, and actually, the timeline for most banks to move to the cloud is about five years, on average, that's what they're estimating, okay, between three to five. But doing that, and I would suggest, actually, that you do your most difficult part first, okay, you take your PII. And you sorted out, you take your primary key data, your foreign key data, your main entities, your domains, and build that. And also then take it as an opportunity to start preparing for how that data is going to be consumed. Because the days of ESPs, and all the doggone days, the days of the 2.0, stop. So start preparing your data. So when you're bringing it to the cloud uses an opportunity to map your data and domains, you know, and then domains, of course align to microservice architectures to advance digital architectures, and to API consumption. Okay, so this is a dangerous sea a lot, people just shift what they have onto the cloud. And wonder why putting water in a petrol in the petrol tank of a car breaks the car, you can't do it. So it's more working inside working with the risk guys working with the CISO working with a strong architecture team. And actually the culture admitting what you were doing admitting your technical debt. Most organisations have a massive technical debt. And you have to repay that. And in many cases, in this case, you're actually writing off a technical debt. Okay, you're just writing it off. And you're actually going to where you need to be. So if I was leaving it, it would be a lot of hard work. You're understanding what we have, you know, actually looking at how data flows across the organisation, because we don't have pictures of that, looking at the classification via by sea or by it another framework or ISO framework or whatever, looking at the risk, and then identifying what are the things that we can do to make this more cloud ready cloud native? Okay, you know, how do we make a cloud native, that's technology stack, that use of unstructured data that you use of, you know, real time data propagation with Kafka, Kinesis, or whatever. So they'll be the steps, but most of it will, most of the work will be done before we even went near to
MK: Fair enough. Thank you. Thank you for that, Brian. So we'll move on to our last piece really, and taking a forward looking view in terms of having the architecture, you know, given, this shift towards an effective multi cloud strategy, and making it fit for business. So my question to Sumit and then to Dinesh on this, as well as in terms of how your respective institutions are working to ensure that you have the right cloud strategy that is, you know, capable of both delivering the next generation of banking services, but you also have those safeguards and protections in place. So we think it's sort of a recap of what we've discussed, but also looking forward in terms of some of the new business models that are emerging within banking. So
SG: So let's look at it differently. The worldwide, the three large cloud service providers are Amazon, Google and Microsoft, these three are pretty large cloud providers operating a global scale, and offer a fairly, what they believe are, logically speaking, complying to regulatory requirements and the structure that each regulator will keep coming up with an increasing compliance requirements, but most of them are sensitive because of their stature, their own reputations, like they're also small, I would say smaller, really small, but let's say niche players, which are coming up with niche services, which are possibly could be more suitable at tie to let's say, the financial services could be for telecom guys could be from aviation could be for any other regulated industries. So as far as you know, the each player is concerned, this is a bank. So we are concerned, we are wanting to steadily move our offerings to cloud, whether it is we are using cloud as infrastructure as a service, or platform as a service or application service. And each of them have different control points, you know, to what Dinesh was mentioned earlier, I guess each of them also offer different logging logs available to analyse user behaviour, infrastructure service possibly will give you much better control on the user data points, provided you have those kinds of talent to analysts, who are able to do the analysis on the loss, because the amount of the talent available, the analytical talent to dissect, to predict to create patterns on the logs from different systems is as short as it gets, frankly, it's a long way to go before we come there, I guess the development in the industry has become far faster than some of the ancillary support system to be able to do this work. So too long and short 20. We have a very clear cut mindset to steadily move towards cloud or not compromising at all on the safety part of it. And since we are starting our journey in the cloud, or other initial stages, we are making sure that we are trying to comply as much as we can on the data masking or the data identification components so that we are tagging each data element from a PR standpoint, and wherever the existing requirements are potentially what we believe can be there for data masking, all of that has been created, so that we don't have to rework some of the stuff at a later point in time.
MK: Excellent. All right. Thank you. So certainly makes a lot of sense. Dinesh, and Bryan, perhaps, a quick follow up and being told we're running out of time on this one. But really just with these shifts that we're seeing in terms of the new business models, as well, as you know, as the new type of banking services that you're looking to offer, wanting to get your thoughts on the right multi-cloud strategy that is scalable, that is a job that can deliver. So we'll start with Dinesh and then Brian after.
DBK: Sure, absolutely. I think market is very competitive, as you know. And digital gold also demanding these days and other hand the customers are also well versed with handling digital applications. Right. So I think to keep up this pace, certainly, there is no second doubt. They don't have an option, we have to embark into the cloud journey, right. So I think while looking at the Cloud Station Big, it also equally, you know, it's fact to admit that, you know, most of our core banking, tech stack might continue on premise they're not running on provides, because of the architectural issues that probably, when we look at the cloud journey, we'll focus on the area where we need speed. And we need scale, right. So, for example, the advanced analytics, AI, visible learning, and high traffic, digital applications are integrated with gaping, those are the areas where we want those workloads we want to move into the cloud first, right. And as we mature at the enterprise level, you know, once we know how to handle the systems on cloud, then we'll move more in other workloads to the cloud. So I think, again, touching a little bit on the culture part, you know, understanding of the cloud expenses, or the expenditures, you know, like capex to OPEX model, right? So earlier, all the traditional way is imbiah. Server and within the box, what the server can do, you run your business operation, you know, within that box, or the capacity, but the paradigm has changed now, so you can always start with the lean infrastructure on cloud and prove the case, and you kind of scale up as the demand goes up, right. So I think that that itself is a cultural change, I think, in all aspects of finance has to know, there is something called fee now, ops, right? So how do I manage the expenditure in the cloud, also, it's a new trend, right? Thinner. So it means, when you have something used to not be, you know, misusing the speed, and you kind of provision more than what you need, then also, you will have a big shock later. So I think, when it comes to the multi-cloud, in my opinion, first, you know, you want to do it in a small scale with one cloud provider, do it right, and then do it properly as it is not like a lift and shift, but make use of all the cloud native services like serverless architecture, or don't go with the legacy RDBMS type of reason, and fully utilise what the cloud has to offer some of the setup services, notification services, all those, once you learn and all in one cloud provider, then that various use cases, such as high availability be with that we can probably extend this into the multi-cloud, right? So on day one, you may not want to do all you know, in one go, you know, going with all the three cloud providers first, you may want to do this, and then eventually solve the problem, that's how I see in the cloud strategy can be set up.
MK: Very good. Thank you for that. Tanisha. Brian, last thoughts on this?
Players must be transformative and take the embedded approach
BC: Okay, so how do you know you got the best solution to work to a problem is what you've asked me, okay? It depends on your strategy. So if you're a bank that wants to be transformative, okay, wants to follow an embedded approach to, you know, to customers lives, okay? Raw, you know, rather than, you know, a product level approach, okay? If you want to be transformative, it's going to dictate how you know, the technology you need, and some of that technology, clouds location and a capability. So you know, some of that technology may be solely available in Amazon, maybe it's only available in Google, maybe it's only available wherever. So it's not really that it's a business question. If you're transforming, you're quantifying that, if you're transforming, you're going to find that, you know, you are involved in more multi-cloud type engagements, okay? Because you're going to find the best of breed, or the cheapest, or the fastest, you know, if you're Amazon first, maybe won't be Amazon, first six AWS first, six weeks later, because you need to find an experience or a piece of data science that's not available. Okay. And it's quite interesting. Now, you know, we're an Amazon first bank at the moment. But I'm seeing amazing things happening in Google on data science, particularly on ML, and on supervised mouth. So you know, the reason I'd go into the I never had, I don't think a bank should start out with a multi-cloud strategy, they should start a business proposition, and then match the capabilities that you will find, okay, if you can't find the product on the shelves on Amazon, and there's a business value in going, you know, to find it on the shelves of Google. That's fair enough. But you see, we need to be careful here, guys, hype is all over the place. You know, if someone talks to me about self autonomous green blockchains running on non functional tokens on the cloud, you know, I'm sick of it personally. Find a business case. Find a risk position, which is how you make money or potentially lose money, and then match your technology to it. And the technology you need to use to go quickly and safely is not economically viable, on prem anymore. But that doesn't mean it's easy. As we said, you still have to address the hard part's risk and people and culture.
MK: Thank you for that, Brian, certainly, you hit the nail on the head. So risk compliance people, certainly, on top of mind considerations when we're looking to have the right multi-cloud strategy, and to ensure that, you know, we have data protection and security as well. So with that said, I'd like to thank all our panellists, Sumit, Dennis, and Brian, for a really fantastic, insightful session. We hope the audience has also found it very, very useful. And I would like to encourage all of you to stay tuned for the next discussion. It's all around the implications of bank transformation towards agile and future oriented architectures. So this will begin very shortly, I'll pass it back to Cheryl. So Cheryl, back to you. Thank you. Thank you guys. Keep safe, as well.
Thank you to all our speakers and our moderator. Ladies and gentlemen, please join me in welcoming Mr. Foo Boon Ping, the managing editor at The Asian Banker, who will be hosting our next session on how banks can transform towards an agile and future oriented architecture.
Foo Boon Ping (FBP): And good afternoon, everyone and welcome to this session, where we're moving the conversation forward on this overall conference theme of embracing disruption and for discovering the future, how banks can transform towards an agile and future oriented architecture. The financial services industry has undergone tremendous changes in the last decade or so, especially with the fintech and big tech boom, basically precipitated by the loss of trust in financial institutions. Due to the global financial crisis, the wave of digitisation, and transformation, it started showing no sign of abating. If anything, the current COVID-19 pandemic has accelerated that pace of change. The widespread adoption of open APIs, mobile internet and the cloud have created a highly scalable level of person to person connectivity that was not possible before. Now enabling the creation of ecosystem or embedded services that are able to bring product and service providers together to serve the different needs of consumers. They also create supply chains and value network into which financials of service providers are able to embed and deliver financial services through the agile and intelligent use of data. As we heard, what's the next iteration of the web evolution, web 3.0 of decentralised platform, and zero trust consumers, regulators and society at large are grappling with the concentration of power that big institutions have over consumers and how they access and use that data? How are financial institutions maintaining consumer trust, and as well as maintaining their own operational resilience in this increasingly digitalised environment. At the same time, we are also confronting another risk area from criminals and bad actors that are targeting digital channels. Its system, an increasing rate to social engineering, scams and account takeovers, financial institutions are strengthening and securing the cost system and capabilities to mitigate the risk of potential cyber attacks and trends. What were the role of banks and banking be in this future? Where we see this two data ledger technology blockchain, decentralised finance disruption, and increasing cybersecurity risk? How will banks re-architect your technology and operations to thrive? So in this discussion, we want to offer some clear insights. Some clear insights on investing in APIs and collaborating with ecosystem partners rethinking transformation journey and to capture new growth opportunities and drive revenue streams, how sustainable digital platforms enable small and medium-sized enterprises to grow in the long term, and very pertinent to the discussion. We have and to debate this issues. I'm excited and pleased to be joined by Lito Villanueva, chief innovation and inclusion officer from RCBC Bank in the Philippines and financial inclusion, as far as disrupting the current business model is final what he brings to the bank RCBC is one those meet banks out there looking to disrupt the status quo and very excited to have Lito share his insight and experience later on. And together with Dutta, regional director of Backbase, our technology service providers that are helping many financial institutions across Asia and beyond, come to town and grapple with the challenges of digital transformation and how to meet customer needs and be more customer centric as far as embracing the technology that needs to enable them for this future. So we have one more panellist probably will join us later from our RHB Bank with Ganesh Mahendranathan head of innovation, RHB similar to RCBC is a mid range bank that is looking to disrupt the market and also I especially in the SME segments, and out also in the running for a digital bank licence in Malaysia. I think it's working with one or both the comms partner, CA. Ca CSR group in Malaysia. So as we start our discussion.The emergence of fintech and big tech two years has accelerated the shift of customer behaviour enabled by the integration of digital and mobile channels with third party ecosystem to provide consumers with more personalised services and streamline experiences. Financial institutions, as a result, have had to pivot to become more or become as agile and innovative as the fintech and big tech competitors and challenges. However, this fear this intermediation from such players has not materialised to a big part because regulators have levelled the playing field between the incumbent banks and the new disrupter. They now face the same scrutiny over the use of data technology, many of the areas that allow them to innovate, instead of being competitors. Many of them have become collaborators and technology enablers. Our first topic really is about what Brian in the previous discussion mentioned about what banks want us to do, be transformative, take the embedded approach rather than a product lead approach, right? And you do that to build ecosystem and being hyper customer centric, to personalise and customise products and services, to invest in APIs and collaborate with potential technology partners and so on so forth. So my first question is to the bankers, maybe starting with Lito as we move towards a web 3.0 of decentralised platform and increasingly, zero trust. Tell us about your digital transformation journey, how your key initiative and technology have impacted the customers or are impacted the customers and their relationship with you. Now, and yeah, we know a lot of what you're doing around this time, right, your digital banking app, as well as what you're doing in the financial inclusion space.
Maintaining data security and promoting interoperability
Lito Villanueva (LV): Yes, thank you and again, of course, to our viewers, online viewers right now. Good afternoon to all. Well, to answer your question, I think for RCBC as a challenger and digital centric bank, we have come a long way in embracing fintech and adopting to the warp speed. Digital acceleration in this car has been catalysed by the pandemic disruption. We have largely recalibrated our operations and streamlined our digital banking platforms to similarly accelerate inclusive digital finance, especially at the time when our customers access to it is crucial to their survival. So this new era in digital banking taught us a lot about the importance of maintaining data security, while promoting interoperability for more seamless and frictionless transactions. Contextual banking for highly personalised services for our customers is powered by our safe and secure data management, aggregation and interpretation. This is why we have been strongly promoting open finance in order to make customisation and highly personalised services possible. All the while making only user permission data is used by upgraded entities regulated by a mix of industry players. And of course, our regulator, the Bangko Sentral ng Pilipinas. This is one way of emphasising that the power or over the data belongs to the customer. But with the rise of defi or decentralised finance, as you mentioned, we understand how much the users value their data and security, thinking that entrusting their data to one central entity is a security risk. This concern is definitely very valid. This is why we are working on new fintech strategies that will enable us to address this concern in a timely manner. And with the rise of what you call web 3.0. And the louder call for decentralisation, we believe that banks will still be able to transform in the new set up with a technology enabling a conducive and safe environment for digital banking. Part of that concern is scaling the technology for such decentralisation. And evidently, it is not yet possible today on a larger scale. Given this, we are working on the best possible setup that will cater to the consumers needs. And I think this has been the evolution on how we are also coping up with a massive digitalisation across all industries across all sectors. And I think this is also true for the rest of the other bank, and other fintech players invest. Thanks. Okay, great.
FBP: Thank you, Lito. And I know part of your agenda apart from innovation and digital transformation is financial inclusion in the Philippines as a greater need for financial inclusion because of the substantial underbanked and unbanked. And in order to scale to reach the final financial inclusion objective, how are you approaching the onboarding and the targeting of the segments of customers?
LV: Well, we are very much positive about this, because based on empirical data released by the central bank, or the Bangko Sentral ng Pilipinas, we have seen exponential growth when it comes to transaction value and volume using digital platforms now, so this is an indeed clear indication of how well because the Filipinos have now embraced digital transactions for their daily activities. And in fact, just to cite an example, from the beat from RCBC alone, I think you have also read this in one of these articles that came out in the news is that for DiskarTech alone, we have registered over 19,000% growth in terms of cash in or deposit inflow year on year. So this is just an indication of how consumers from about 70% of our customers coming from the provinces have actually utilise agent banking, using or tapping into our 35,000 cash, cash in touch points, the likes of 711 mom and pop stores, you know, pawn shops and even you know, even drugstores would not be able to be, we'll be able to service our customers in far flung areas in the Philippines. So and of course, even you know, all the banks, for example, or financial services companies or MSPs, or financial service providers are also geared towards embracing or supporting the PSP screen goes when it comes to digital payments transformation roadmap, and that is having a 50% of financial transactions to be part in the digital format, or and also 70% of Filipino adults to be part of the formal financial system and, you know, by the end of 2023. And I'm very pleased to share with you one thing that you know, that goal will be realised sooner and actually sooner than end of 2023. So because of massive accelerated pace of our digital efforts
FBP: Okay, and is setting those goals, those milestone they create the impetus for the entire industry to move ahead. Right. And that is interesting what ISP and the industry in the Philippines is doing. I'm gonna get Ganesh knitted into the conversation as well. I mean, ISP, as I mentioned in the introduction is a bank list. It's disrupting the status quo, especially in SME bank, creating more digital journey for SMEs and increasing access. This usage, while at the same time, I'm sure you're all very busy preparing for your digital banking licence application as well, designing your offering for the future. Tell us a little bit about your priorities in your own digital transformation, especially around being agile and being future.
Ganesh Mahendranathan (GM): Surely, yeah, so I think because of our HP, we embarked on our agile transformation back in 2018. Back then, I think the service centre of excellence, we're about five people. And now we're like a team of 40, are we successful, successfully flipped close to 80% of the bank already. And the next effort, I think that was really to promote the agile way of working in driving cross functional collaboration. But once you've laid the core foundation, I think this has been how we've really amped up on the innovation side of things. And part of that I think, the first step coming in, I joined the bank last year, and part of the mandate was really set up a unified understanding what innovation means, and categorising different types of innovation from a process standpoint, structure, new way of engaging customers profit model and whatnot. And then, basically, what we did after that was, we started focusing on four elements, right? How do we build a proper operating model? So we look at it from, you know, capability, perspective, capacity, processes and incentives. So on the incentives portion, for example, we the first bank in Malaysia to have innovation KPIs, as part of the management committees, balanced scorecard, right, it's also cascaded through a one round in two rounds. And we just introduced a variable bonus, you know, up to nine months bonus. And this is to democratise with bonuses being right, we realised that, hey, we want to really drive innovation and drive this transformation. The incentives need to match the activities right. And so what we learned is most of the people that get most the high paying bonuses are typically your sales folks and the traders, right? And how do we replicate a risk reward that someone gets from working in the startup. So hence, we came up with a six month variable bonus, where, you know, it's three payoffs 20, 30, 50%, for getting an idea funded at our internal dragon's den, you know, bring it to market and delivering results. Right. On the processes side, for example, this is something where we learned that you know, when it comes to product launches, the turnaround time something takes, it's pretty, pretty long. And the reason for that is the issues of compliance, IT security and all of these things, that happens, right. And so we created this forum called a marketplace, which enables product folks to directly talk to compliance audit and risk folks at the early stage of product consumption. And what we've learned is this has reduced the turnaround time product launch time by up to 30%. Just through this, this forum. And we've also run, you know, we've created an innovation repository, where, you know, we MDT submission guidelines. So we have an innovation cape, we have 150 Mbps that we need to hit when the and I shared with everyone and we have submission guidelines, we have customer journey guidelines. So we're really focusing on ensuring that everyone has the capacity and capabilities to actually drive their own innovation journeys. And we give them a forum for them to express and pitch their ideas. So that's the approach we've taken, if I could summarise last year,
FBP: A lot of the efforts that you seem to have focused on is really on preparing the organisation a lot of organisation change with people motivation, right, in terms of the word structure, making it more like a a startup, writing the more entrepreneurial type of organisation. And tell us in terms of the technology itself, we are now living in this time where there is tremendous technology shift, enabling new technology like blockchain, and so on so forth. Now, how are you keeping ahead of all this different technology? Earlier in the session, we talked about the use of AI for better customer experience, we talk about the shift towards cloud, right, or more agile operations at a lower cost and total scalability.
GM: So I think, you know, due to the way I look at it, as you know, it's technology is an enabler, right. So we always start let's start with customer journey maps, and map the priority areas and the problem spaces want to tackle. And from that we can determine what's the best way to address the problem. Does it require technology, does it not? If yes, then what are the technologies available? So it's more it's not about focusing on very specific technology types? I think it has to be very outcome driven, where we can actually see this type of tangible gains in the next 12 months to build confidence right? Because we haven't bought, I think on some innovation initiatives in the past and again, lead to the desired output, which made certain people get sceptical and lose faith. So I think if I were to say 100% of our innovation 70% of very much incremental innovation, you know, I would say, you know, 10 to 15% is disruptive, and the balance is radical architectural innovation. But the plan next year is to really move towards a value chain, driving towards more breakthrough innovations.
FBP: And we mentioned this, we will talk about the building of ecosystem right above the contractual services that meet customer needs that tell us in terms of how you are developing in this area, towards ecosystem, the thinking approach, especially when a lot of your clients are also potential service provider to your retail customers, like your SMEs? How are you linking them all together?
GM: Absolutely. That's a fantastic question, right. So if you look at the border of innovation, you have this strategic matrix, right, where you start with an experimentation, move to explorer, then you go to hunter mode, and build a mode. So that those are different types of approaches to implement innovation. So we spent most of this first year actually focusing on the experimentation side, right, driving POCs. And very quick. And next year is when we're actually in the midst of actually setting up our own sandbox. Right? And, the intention is really to have a very transparent way of how we actually manage our partners, you know, because right now, if you were to talk to the tech ecosystem, right, you say, hey, oh, I spoke to someone at the bank. Two months ago, it was put somewhere else, you know, and once you're tracking this in a transparent manner, and today is something we've created criteria, and we've categorised the types of partnerships, right? Does it require full on integration? Or does it require a simple collaboration agreement where we can run a small pilot test? Right? So is looking at a complexity of requirements is not complex requirements, it should be very quick to the turnaround time to improve it should be faster as well. Right? So I think categorising the partnerships, that is something we're in the midst of creating a framework, we'll be testing it, and we've identified like a pipeline of about close to 30 partners for a sandbox implementation. Right now we're just defining the scope of work. And of course, the parameters of these, what are the customer journeys you want to start? Right? Is it and that's based on the strategic requirements, which I can't disclose?
FBP: Okay, great. I mean, there are many questions to ask around your choice of partners or whatever the ones that you're looking for on either Wednesday or evening.
GM: So I have a lot of, yeah, in that sense. I was, I mean, we have a huge funnel, right? I mean, because my prior role to this was and we were a corporate innovation firm, we had access to Amazon to Amazon comes to a saying, hey, we've got 40 partners here, you know, just tell us who you want to talk to. So I think in terms of defining who you want to talk to you define, it comes back to the problem that you have identified from your customer journey maps, right? What are the typical pain points that we need to address? And is it how fast can we actually onboard these fintech partners? And that is also been a challenge, right. So that's why I think it's imperative that we actually have, you know, a sandbox environment where we can speed up the onboarding of fintechs. And not only direct, you know, actually drive POCs through the different hackathon initiatives that we've run as well.
FBP: Okay, quick thing. Thank you, Ganesh. And perspective, I want to also bring Riddhi into the discussion. You work with different banks across the region, many of them are digital enabled banks and digital banks. How do you see if I focus on meeting customers connection me keeping at the same time keeping consumer trust in this increasingly digitalised and connected world?
Balancing security trust and personalised experience
Riddhi Dutta (RD): Yeah, thank you. Lito and Ganesh, lead to some very interesting thoughts from you guys that I was listening to and making some notes as well. You know, to the first point, one thing that you mentioned, right that how are banks and FIS sort of doing that contextual experience? I think Lito also mentioned about it contextual experience personalised experience and what we really need to think is to simplify the entire value chain. Why do people come to a financial institution because they are looking for some basic help, you know, how do I save my money? How do I grow my money? How do I invest better? That's all they are not looking at any rocket science or probably how do I ensure my family is taken care of right very simple things that they have in mind. And then as you start plotting a particular person's life cycle, you know, probably there will be a point in time when he or she would like to buy a home will be a point in time when they would like to go for a holiday somewhere, you know, abroad. Can a financial institution or a bank embed themselves in their entire life cycle, you know, and if you can do that bit from a process perspective, from an offering perspective, technology will always come in and as an enabler, although I go out and sell technology. And I've told this multiple times that as long as the process is simplified as long as the operating model is simplified technology is always there to help amplify that. And a classic example of that is what we do and the folks are doing with the Scottish Rite. I mean, RCBC is such a big name, but then launching the Scottish looking at financial inclusion and the sort of innovation discotheque has been able to bring to the table has been fantastic. And all it took was thinking out of the box, right. And I have been following Lito’s journey for a while I've been talking to Lito on and off as well, you know, all it took was thinking out of the box, look at that segment that was untapped. Everybody knows that in the Philippines, there is a very big, you know, underbanked population. But what was being done not to be fair to everybody, not a lot. But here you had a completely different way of looking at things. And now it has taken up you heard the data and the volume that Lito was talking about in terms of the uptake phenomenon. So I think in terms of the contextual experience, as I said, again, going back to it, map a customer's life journey, look at where does the bank or your financial institution come in? Again, at the same time, good point that you mentioned, one thing that we are working with multiple types of financial institutions today, across the region, there are the more traditional institutions, you know, RSP, the likes of HP, the likes of RCBC, and we have customers of similar types across the region. And then there are the NEOs the challenges, the Greenfield banks that are taking a lot of there's a lot of you know, interest around them. In countries like Malaysia and countries like Philippines, there are central bank PRP or guidelines now, nowadays and framework around it. What we are seeing is that, and this is just from our perspective, is that when it comes to still depositing your savings, when it comes to still depositing your hard earned money, people have a tendency to go back to the traditional banks, because that is where the trust still lies. When it comes to, you know, millennials, and the Gen Zs trying to experiment with things like you know, I'll give you a couple of examples with things like saving pots, it's coming up very, nowadays that four or five friends, or four or five family members are saving towards one particular goal, splitting bills between themselves and they have gone out and had a dinner. That's where they're looking at the news, the challenger banks, because those are the ones who are probably offering that, but are they going to open up a deposit account with them? Are they going to invest a large sum of money? Probably not yet. I think it's still a very thin line of balance between the security trust as well as offering that type of personalised experience that I think Lito was also talking about. But as we, as we are seeing more and more, I think the NEOs and the challengers are also realising that it's not only about the jazz and the cool thing that they can offer, right? They will lose out if they're just going to focus on that they have to and probably going back to what you asked Ganesh a little bit back probably partnerships, ecosystem, and coexistence is the way forward where the contextual experience the first personalisation, security and trust can all, you know, sit together. That's just coming from somebody who is outside the industry, but looking at the industry very continuously without the changes that is happening.
FBP: Thank you, Riddhi. Our net perspective in terms of how players need to kind of think out of the box right from what they do traditionally, from products to increasingly embedded services on virtualised services to ecosystem and and how are you moving from, you know, traditionally being part of focus to being an ecosystem or embedded service focus? Lito, what are the criteria that you have set up? When looking at potential partners? Are you looking for certain technology capability? Certain USB, all that and have they already operate in a potential customer reach environment that they will add to your customer acquisition objective? Maybe with Lito.
LV: Thank you. Thank you for being I think I also following what Riddhi said about the things that are developing or happening in the Philippines, that question of yours won't be in terms of selecting the partnerships or the partners or having to have collaboration with entities. I think what is really critical in this ecosystem building is really having to create that massive collaborative effort across all industries. Right. So because the question that you had was there any, is there any criteria to be getting with as to which of this, so many entities may be NGOs, government agencies, or your what have you, but the thing here is on how you could now determine which to prioritise in terms of having to engage them, right. So I think one thing is having to engage, for example, potential fintech players who may actually provide you with that strength or with that capabilities, for example, because right now, there is no, there's so much there is a surplus of fintech platforms out there, right, that you could actually tap that you could actually avail of, without you having to develop it yourself, right having to hire so many developers in your own team, etc. Because what you're trying to do is speed and scale, right? These are the two imperatives that you need to really have embedded in the organisation, so that we will be able to effectively and efficiently and quickly deploy your products and services because that is a way by which you could actually test the sustainability or how the consumers or your target consumers would practically embrace it or not, right. But on the other hand, there are also partners that you also need to be part of your ecosystem building such as, for example, various industries or various sectors, say, for example, for the unbanked or underserved market, the Philippines, having to collaborate on a wholesale basis, such as having put up say, the farmers or official cooperatives, for example, or mom and pop store, organisations, etc. Because it is more of a strategy. It's more of a hybrid retail wholesale type of engagement, right? Instead of while you are trying to do retail, you're also doing it on a whole scale method, right? So instead of you having to deal with individual farmers, you're not dealing with the entire farmers cooperatives, or fisherfolks cooperatives, or a labour group. So it's now instead of you having to deal with, instead of you having to have just maybe one or two or three or 1000. You know, individuals at any given point, you are practically there's a ripple effect are a multiplier effect in terms of having to generate more activations or acquisitions, insofar as customer generation concern. So new to bank onboarding, is also critical. And one thing also that I would like to share with you is that this card, or RCBC, is the first bank in the Philippines to work to expand the number of IDs being accepted for new to bank onboarding, because currently, across all banks, and across all wallets that are now present in the Philippines, on average, about seven primary IDs will only be accepted. So any one of the seven primary IDs would only be accepted for eKYC in the digitalised world, right. But now we have expanded that to 18 IDs. So any one of the 18 IDs could now be used by any Filipino in any part of the Philippines to be able to open a savings account interest bearing savings account, which is at 3.25% annually, in matter of minutes in a matter of few clicks. So this is one way of how we are imbibing how we are trying to really personify what inclusion really means because at the end of the day, customer centricity is not just about words, not just about having you to include that phrase in your mission vision, but it's actually acted out.
FBP: So it has to be demonstrated through your partnership at the end of the day must be tangible to your customers and potential customers. Ganesh tell us what you are doing in this area. I know you're spending a lot of time on onboarding or making that onboarding experience more frictionless, more seamless, especially for SMEs.
GM: Yeah, I said in terms of our measurements, the high level measurement is your number one is transaction via digital channels, right. Second is digitally are originating new business. And third is revenue uplift from ecosystem partnerships. I think these are striving towards 80% of transaction right digital channels. And we are currently at 88%. And we are on track to, we're really moving up. And the revenue from because it's a partnership is something we plan to really amplify, we're around the 1% - 2% level and we want to increase that by eight to 10. Right so that is were in terms of, to earlier point on what are the key areas of focus, right, the ecosystem partnership? How would you service, whatever criteria would you put in place? So to answer this, I think for us is like four key aspects. Number one is, customer fit right. This is directly impacting customer experience. Second as a strategic way, is we evaluate compatibility with our goals, products, services, digital strategy. Third, is the maturity initiative, right, in how mature are these? These companies? You know, what scale of when does it require? What does it want like a small, small scale POC? Or does it require a really proper significant partnership, right. And lastly, most importantly, is ROI. Right. So that's where we'll estimate a potential financial revenue and business impact. So that's pretty much the criteria.
LV: I’d like to say a rejoinder to what Ganesh said, I like what you said. Even in the previous, comments, or replies, or answers that we had a while ago. But I think you're right. I mean, the thinking right now, especially for challenger banks, like RCBC, because remember, RCBC has been in existence for over 60 years now, right. And you have a more progressive, more aggressive new players in the industry, especially in the Philippines, now that we have six digital bank licences, right, and of the six, only two are operating now. And other four will start operating by Q1 or Q2 next year, right. So definitely next year or year 2022, would be the year of massive competition, right. So you have the new digital bank players operating or starting their operations on top of your incumbents who will practically level up further or up the ante in a very competitive environment. And you have also the other banking players who would also be you know, who practically equip themselves with more sophisticated tools or platforms that would really compel their customers, not just to maintain their customers, but also to acquire more customers, right? Because the thing that will happen next year will be market share, right, in terms of acquisition of customers, right. So, and that is the name of the game right now. And, of course, while you are doing that, you are also mindful of your ROI, or your revenues being generated out of that, but I'm also pleased to share with you that good thing for Diskartech, but it being a new platform, we were able to meet our targets are nothing new targets, and actually, and you know triple digit growth in terms of our revenues. And we were quite surprised about it, because I think this is really the thing that is really critical in coming up with innovations. And that is how you listen, you keep on how you listen to your customers, because at the end of the day, the customers will be the one to dictate what you know, what platform they want to have, and to and how you could actually sustain their interest to make use of that platform. Okay,
FBP: Great. Thank you for that additional comments on what you're working on in terms of having a return on investment on your different initiative. And I want to get Riddhi back into the conversation in terms of what we've been hearing from both Lito and Ganesh talking about building ecosystems, and how banks across the region are leveraging their newfound all of these capabilities, then they are developing and creating new business and new business models and how they're measuring the success of those new initiative. Give us some insight. Some examples of what you see are exciting development in this area, internal banks, incumbent banks transforming the business and business model away from traditional products, traditional interest income to increasingly more ecosystem, more fee base income to embedded services.
RD: And again, I think both Lito and Ganesh made some very interesting points. Lito was alluding to the thing point about that platforms, allowing banks to do things more efficiently and more quickly. Right. And what I would like to allude to on taking cue from that is that quite often in the past, and this is banks of different size, different shape, have had the propensity that I want to build everything from scratch. Right and while it is a very good thought, because it allows banks that amount of flexibility that they want to keep it themselves. I think bank, this is coming from our lens banks really need to look out for platforms, which allows you that flexibility. But at the same time as Lito mentioned, gives you that quick time to market that speed, that flick that initial acceleration that you're looking for. And that initial acceleration briefing is not only required for the new age banks, and Lito spoke about what is happening in the Philippines with the BSP. Malaysia next year is going to be equally interesting with the five banks coming up there as well. I think the traditional banks need to do it even more, compared to the news. You know, the traditional banks have been sitting way too long. And again, this is, from our perspective, way too long and a lot of legacy, not only in terms of technology, but also in terms of processes. And I'll give you a very small example of a very large tier one bank that we work with in Asia without naming the country or the bank. You know, when we were about to sign up with them, and we were analysing one of their processes, okay. And I think Ganesh was talking about onboarding customers, right. And this was about how existing customers of the bank need to sign up for their digital banking channel, you won't believe it one thing, and if I, if I talk about it, I think later, we'll probably take a guess at it. The customers of this bank had to go to an ATM machine to verify their credentials before they could be onboarded to the digital platform. Okay, and you are trying to onboard customers to a digital platform, but you're asking them to walk to the next ATM to verify. So you're breaking the experience, then they're right. Now, going back to your question, how do you judge and how do you measure the metrics? I think this is how you measure the metrics that how many customers are you falling through that the churn rate, how many customers were falling out of the process, just because they had to go to the ATM and they were like, I'm not going to do that right. And now if you have revamped that entire process, where it's entirely digital, the signing up process, the registration process, the onboarding process, what has been the number of customers that you have been able to onboard and then sign up for your digital channels? Ganesh mentioned that they wanted to achieve 80%, they are already at 88%. Now, those are the sort of metrics banks are measuring today. Very, very minute. That how many have been onboarded? How many transactions are they doing digitally? One of our customers in the Philippines, obviously, the pandemic feared all of it. But one of our larger customers in the Philippines saw around 250% growth in the digital transactions. Because, obviously, one the customers did not have a choice to go down to the branches. And to this particular bank was at the right place at the right time with the right platform and the technology to help their customers scale up and do the transactions on them. So I think, you know, long story short, one thing there are these and if I keep talking, there are so many examples that I can keep thinking about. But there are a lot of these initial initiatives where banks are doing nowadays to really track these metrics and track the investment that they're making on these platforms that what is the ROI? What is it that I'm going to get for customer acquisition, for customer servicing, for dispute management, and they're looking at ROI individually across these individual areas.
FBP: Okay, and one of those big areas, or opportunities for both, and our banks in the Philippines and Malaysia is in this whole SME space. Right, a lot of unmet needs. Really, in the SME space, we talk about financing gap for SMEs. And they actually in the Philippines and in Malaysia, and that digital platform is a great avenue to get more to better serve SMEs. Now, how sustainable are digital platforms to enable the SME segments to grow in the long term? And, we know the life cycle of SMEs to grow from small, medium, to large. And, of course, to that journey, the role of the banks to enable the growth is very important. How can you leverage? How are you leveraging your digital capability to help these SMEs along the journey? Maybe starting with Ganesh.
GM: so when it comes to helping, I mean, on the SME side again, that is something we're actively looking across the board. And definitely when it comes to credit evaluation, that's an area that was one of our problem statements during our last hackathon. And because from an SME standpoint, they were like, you know, when we are small and not successful, you don't come calling in the morning and grow to a certain size, that's when everyone is rushing in. So I think that is why we very, very much focused on the community side with a belief started testing different types of micro SME solutions as well, catching them at the different stages of the growth, right, will be different value propositions. So that's typically how we structure, we look at it from the lifecycle of the startups and what are the different kinds of offerings that they will need at each stage and craft up solutions.
FBP: Okay and with the SMEs, right, this growing trend or this growing focus on sustainability, financial on sustainability, how do you see that relationship with SMEs? How they operate and also bring them to this whole new area of sustainability?
GM: Yeah, so that is something we're doing in pockets right now. We do have, for different verticals of different types of strategies, like, for example, one would be within the farming industry, that is where potentially, working with let's say, the agro bank to co-create solutions for the smallholder farmers, and next year, for example, a first batch of innovation app cohorts is going to be focused pretty much on sustainability. That's a team, we're doing a full, and we've tested that actually, during our last, like demo day, we had a four, there was a paperless thing, the judges didn't need any physical scarring. There was no plastic cups you search and that is what's also driving. A lot of the young millennials that are joining the bank is this. So having that emphasis on impact and sustainability is definitely on our priority.
FBP: And more importantly, increasingly helping SMEs also be sustainable in how they operate their business for the future, right. Lito, your insights?
LV: Yes, well, your question, financial institutions like RCBC is able to create value through its products and services. So the ability to offer and continually develop this product is anchored on the bank's financial capacity to recover from the impact disruptions, like of course, like this global pandemic. And, of course, we are very much into ensuring that our operations, I mean, the bank itself is also resilient amidst all of these disruptions, and of course, efficiency in terms of providing that supply chain. And as I've said, coopetition will thrive in this industry, and being aligned with the national goals of the regulators. It is imperative that we collectively push for sustainable financial services across the supply chain.
FBP: Great. And Riddhi, also in terms of banks, helping create sustainable platform for SMEs to grow. You are also in terms of the bank that you're working with looking at financial wellness of SMEs in the growth lifecycle. Could you also tell us about that?
RD: Yeah. So I think one thing, the point here is that we are also looking at the entire SME market as probably the area where digitisation and experimentation are going to happen next, because retail banking has been done and dusted with the retail consumers. There's a lot of innovation that has happened, SMEs really underserved market as well right now. And if you again, go back to the same point that I mentioned earlier, a lifecycle of a customer, whether it's a retail customer, an SME customer, what are SMEs looking at today, based on whatever research we have done, SMEs want to get onboarded easily, they want to open accounts more seamlessly with less paperwork. SMEs want to do things like make payment for their paid for their staff. So payroll solutions, SMEs are looking for direct integration with their ERP so that the cash flow forecasting for them can be done in a better manner. SMEs are looking for bulk payments. Now, again, if banks start thinking about what do SMEs want, what helps are they looking at and then start mapping the solution. And obviously technology will follow. I think there's a very simple shortcut recipe for success. And the good part is that we are seeing a lot of banks in the region really focusing on that area nowadays, because as I said, right, there is on one spectrum, you have the personal banking on the other spectrum, you have the large corporates, and then you have the SME somewhere in between, which has been ignored for a while. Now, banks are really looking at that segment as Lito was talking about in the Philippines, I am also seeing a lot of banks looking at what is called as a community banking, you know, either you reach out to the farming segment, the school teachers, the farmers, or whatever it is, right. And those are SMEs. And there is a lot of initiative that I'm seeing across region across countries of banks trying to prioritise their digital platforms and offerings around SMEs and their financial wellness. So yeah, there is a right shift happening at the right time.
FBP: Okay, great. And it's a great conversation that we can continue. And we hear how from the example of RCBC and RHB, how you are thinking your digital transformation. It is not just technology, but it is in terms of how you are re-architecting not only technology, but around the organisation, changing the lens in which you see the customers, as we mentioned, that focus on not just your retail customers, but increasingly a larger community of SMEs servicing personal banking customers as well. More importantly, is to be really customer focused and learning about the customers, even as you transform your organisation with it within ISB in terms of how you are changing reward or incentive structure, to how you're bringing ideas, thinking of the customer journey in a different way, looking at developing and delivering more contextualised services, and working with fintech and technology partners to enable that digital platform to serve the customers, the thinking needs to change from how incumbent kind of thing. We're in existing processes. Earlier in the day, we heard Dennis Khoo about driving digital transformation on the importance of having a digital transformation, be service focused, delivering high service, to attract customers, to attract customer advocacy, and a lot of that rests in improving processes, right. You can deliver better service without that focus on processes and working with your partners as you develop and deliver new customer experience to changes to your business and business model. So thank you, Lito, Ganesh and Riddhi for those very interesting and thought provoking comments and the many examples that you shared. I hope our audience has benefited from your insights that you shared. Thank you. Thanks, everybody.