The panellists include Voranuch Dejakaisaya, chief information and operations officer at Siam Commercial Bank (SCB) in Thailand; Yvonne Chong, head of digital risk - digital business at OCBC in Singapore; Colin Dinn, head of enterprise technology and operations at Security Bank in the Philippines; David Chan, chief information security officer at Hang Seng Bank in Hong Kong; Dick Ho, deputy general manager in charge of customer management  at Bank of China (Hong Kong); Kitti Kosavisuttee, chief information security officer at Bangkok Bank in Thailand; Lito Villanueva, chief innovation and inclusion officer at RCBC in the Philippines; Matthew Talbot, head of financial services in Asia Pacific and Japan at ServiceNow; Tobias Gondrom, group chief information security officer at United Overseas Bank (UOB) Singapore and Graeme James Milroy, risk advisory partner of Deloitte Hong Kong.

Dinn said value management is the key to change process and it must be based on sustainable value created for customers and the bank. He said sales and distribution strategy should adapt to the hyper-digitised environment and should be dynamic and customer-centric. Tobias said to balance the risk and compliance in an increasingly digitalised environment, automation requires stringent control to avoid failing at scale.

Ho said the pandemic is driving change in customer’s online behaviours. The core strategy should focus on leveraging digital customer experience with mobile as the primary channel. Chong talked about empowering customers who are sceptical about using digital platforms because of cybersecurity concerns by giving them greater control over the process.

They shared their insights on the necessity of streamlining digital platforms and accelerating digital transformation to advance financial inclusion. Meeting the needs of the underbanked and unbanked through technology and innovation especially during turbulent times is about breaking barriers.

The following key points were discussed:

• The bank’s digital transformation helped attain better customer journey
• The core strategy for more financial inclusion approach should centre around digitalisation
• Creating effective plans to balance cybersecurity risk and compliance
• Automation needs stringent control to avoid failure
• Leveraging digital transformation for customer-centricity
• Providing customer-centric solutions should come with managing risks

Below is the transcript of the dialogue:

Foo Boon Ping (FBP):  Welcome to this RadioFinance virtual roundtable on how financial institutions are ensuring operational resilience in a hyper digitised environment. I am Foo Boon Ping, the managing editor at The Asian Banker. We've gathered a fantastic group of expert practitioners to share their thoughts on this topic. 

We have C-Suite executives, head of technology and operations, chief information and security officers from some of the leading institutions across Asia to debate the key issues impacting digital and customer experience transformation within the industry. Specifically, we want to discuss how and what our guests are doing to create or reinvent product processes and workflows that create a seamless and frictionless customer experience and at the same time, meet compliance and regulatory reporting requirements, operational resilience, convergence around these key areas. How well we are meeting customer needs, whether they're external consumers or internal employees, operational risk management, and regulatory compliance enabled by data, technology and systems.  

We want to bring this discussion as practical as possible and focus on your different perspectives. What you are doing and the challenges that you face and how do you overcome them? We hope that this discussion will offer some clear insights into digital transformation initiatives that our guests are implementing. 

Are they adopting technologies such as application programming interface (APIs) over banking and cloud to enable new business models and enhance customers’ and employee experience? How they are automating and digitising end-to-end workflows and processes for greater efficiency, control and resilience. How they are ensuring the security, stability and robustness of IT processes and services as part of integrated risk management. It is great that we have some of the most diverse, competitive, developed, as well as well-supported banking markets in financial infrastructure represented today.  

Now, let me introduce our guests. First, we have Voranuch Dejakaisaya, chief information and operations officer at Siam Commercial Bank (SCB) in Thailand; Yvonne Chong, head of digital risk - digital business at OCBC in Singapore; Colinn Dinn, head of enterprise technology and operations at Security Bank in the Philippines; David Chan, chief information security officer at Hang Seng Bank in Hong Kong and his counterpart Dick Ho, deputy general manager in charge of customer management at Bank of China in Hong Kong; Kitti Kosavisuttee, chief information security officer at Bangkok Bank in Thailand; Lito Villanueva, chief innovation and inclusion officer at RCBC in the Philippines; Matthew Talbot, head of financial services in Asia Pacific and Japan at the financial technology company, ServiceNow; Tobias Gondrom group chief information security officer at United Overseas Bank (UOB) Singapore, although Tobias is calling us from Munich today. Lastly, Graeme Milroy, risk advisory partner from Deloitte in Hong Kong.  

Welcome, ladies and gentlemen. I look forward to a lively and very exciting discussion with you. The industry has seen an acceleration in digitisation since the outbreak of COVID-19. As consumers have shifted to using digital channels and online tools in many aspects of their daily lives from work, business, shopping, attending classes, dining to even entertainment. As a result, they have also received and are starting to expect a more differentiated experience from what they were used to: faster, completely digital mode of delivery and real-time transactions. Amid this transition, financial institutions are focused on increasing operational excellence and resilience, turning to end-to-end automation of workflows to integrate risk management and control into digitised processes that deliver better customer experience. Changing operating environment and customer behaviour have also cost regulators to heighten and revised their IT risk management and outsourcing guidelines, especially around third-party providers in so far as vulnerabilities and gaps in the system that may lead to increase fraud, cyber-related risks and threats, especially with the prevalent shift to digital and remote work. 

There are many factors driving the transformation that is taking place that we see today. Perhaps one of the biggest enablers is regulation and regulators that are making financial services perhaps one of the most open and connected industries today. It has increased connectivity or connectedness between consumers and the service provider that they work with, or they interact with, through ecosystem and supply chains. It has allowed new business models to evolve because customers and businesses are no longer defined or confined by the segments and silos that we put them into, or by the relationship that we define them, such as business to consumers (B2C) or consumers to consumers (C2C), downstream or upstream. But they can now be business to business as part of an interconnected supply chain and the silos that are being broken because we can no longer define the customers according to segments or silos that we have predetermined. They are now connected in many ways that we can no longer control and how banks are set up needs to reflect that. It is quite fundamental because the ability to receive and make payments with money is fundamental to any human economic activity. 

Regulators are pushing that as part of a financial innovation and inclusion agenda. The power of connectivity and data has democratised finance. So now we are not thinking of finance to the underbanked or unbanked, it's just microfinance or microlending, but also micro investment or micro wealth management with investment portfolio and insurance are becoming available too.  

In Hong Kong, virtual banks have been operating since March 2020. In the Philippines, standalone digital banks are starting to operate and we see other digital-only banks starting to operate around the region very soon, as well as regulators start to allow them licence to operate. We see local banks beefing up their digital capabilities, their digital banking apps to catch up. Digital-only banks will operate in other countries in the near future. The other big role that regulators had played is to enable financial infrastructure across the region. We find real-time retail payment systems everywhere; Faster Payment System (FPS) in Hong Kong, PromptPay in Thailand, InstaPay in  the Philippines and PayNow in Singapore and national ID system employing some of the latest technology even distributed ledger technology (DLT) technology such as national digital ID (NDID) in Thailand, Singapore Personal Access (Singpass) as well as open banking or financial data exchange platforms such as Singapore Financial Data Exchange (SGFinDex) in Singapore and digital trade platform, for example, eTradeConnect in Hong Kong. 

There are so many of these ingredients for banks to use to innovate and compete. One of the biggest challenges is to update one's siloed and manual processes and workflows into digital ones that can interface and interact with new partners and collaborators that we work with today. 

Let us discuss our first topic, the digital transformation initiative and technologies that are enabling you to shift to new business models and enhance customer and employee experience. What are the products and processes that you are prioritising with the greatest impact on customer and employee engagement? I want to focus this question on the technology and operations executive practitioners here, first. The most important initiative you're working on is to improve and transform customer experience and to scale your operations.  

Let's start with a conventional bank by definition, but no less a challenger or disruptor, Security Bank’s Colin Dinn, who’s got experience in Thailand, in one of the leading banks there and then now here at Security Bank. Colin, tell us about the initiative that you're working on. There are interesting things that you're working on in Security Bank, for example, an all-access account that combines different products that give customers a range of products and services at the same time.  

Colin Dinn (CD): When the pandemic happened, we took a step back and decided what to do and want to do, what to do and want to do differently? We wanted to be truly customer-centric. We stepped back and asked ourselves a very serious question. Why and how do our customers want to interact? Not how we want to interact with them, but why and how they want to interact. We undertook a fairly big survey and assessment. 

We came back with two real big findings. One is, we're going to restructure our distribution strategy. Second, we're going to create something which we've labelled contact framework, which is very much driven by what the customer wants. One of the things that is fundamental to both of these components is that neither of them is static anymore. The way in which our customers are going to interact, the distribution strategy has to be very dynamic. It also has to be very changeable. You can't be locked into old processes or old technologies. You've got to be doing something different. It was to build, if you will, a common sales and service. What do I mean by common sales and service? It's something that we can expose through a load desk in a branch, a contact centre through a chatbot, mobile and the same sales and service functionality and experience. It's not just about technology. It's about the journey. We're plotting and designing all these around the customer journey. It's making sure that all this conversation is independent of our legacy. Nothing on our legacy influences. It's about the same business, audit and control processes. It's about the structure of providing knowledge to our bank and staff and our customers.  

The bank’s digital transformation helped attain better customer journey

CD: Content management is a big driver in this new platform capability. Yes, there is technology, microservices, application programming interfaces (APIs), cloud native, all of those things are going to be in place. It's more about building value management so that we can change the processes, channels, the way we interact based on the value to our customer and the value to the bank. Now, this has been an easy journey. Technologically, it's a challenge, but that's the minor of the challenge. Changing the mindset of a bank, because in this model, you don't limit people by their respective channels. We organised by channels, branch, contact centre, and digital. Now we're organising by what our customers want, what our customer segments are and specific skills set. It doesn't matter where you sit. You could be then involved in a conversation face to face, live chat, or on the telephone. We're really changing the dynamic and that is really fundamental. The harder part of it is this whole cultural change about how we're going to do it. The other thing that we're targeting within this model is we're going to really focus on resolving a single point of contact. Go into the right person when you're doing it. Building that complexity of skills and understanding route through the organisation has been a fundamental part of what we've built. It's really building something which is customer-centric. We have not looked at a product. We have not looked at which products we want to sell, and products we should be doing this with. We have taken all from “this is where, why a customer wants to call us or talk to us” and “this is when they want to do it” and “this is how”. We have to make it more flexible. The other thing is we have to adjust this dynamically year on year, or even quarter by quarter so that we will distribute the processes and the structure of how we interact differently across the branches, the contact centre, and the digital as we go along and as our customers change, so that's the major initiative that we're driving. I'm very excited about it. I'm very pleased. It's a big challenge and a fundamental change in the way the bank is looking at the customer. 

FBP: Yes, that sounds very exciting, integrating around the customers, putting the app experience and the journey right at the centre of what you do. But that comes with complexity as well as you update your processes and your workflow. Dick Ho, from Bank of China, Hong Kong, what are the initiatives that you have identified, as you're discussing about putting the customer at the centre. 

Dick Ho (DH): Through the pandemic, people are locked down. The physical footprint is not as effective as before. As for the customers, we really looked into what the customers want. They want a different channel, digital channel. This is all well said in many cases. Mobile-first is our core strategy. We identified mobile banking as the way to go with or without the pandemic. It’s the future. What we made of the mobile is more like a transaction platform, because in the past, mobile is a transaction platform. It is quite cold, not warm and plays a one-way kind of communication with the customers. We are thinking from the customer’s point of view on how we can make the mobile livelier and relevant to them. We changed the whole setup of mobile banking.  

Second, we want to introduce new things and new stuff based on technology. Early this year, we launched our live channel on our mobile banking platform. We built this live channel because you can Facebook Live or all sorts of live channels on the social media platform. But what we hear from the customers, particularly when they are thinking about wealth management kind of issues is that some of them are quite sceptical about live streaming for 30 minutes with their phone on a social media platform. Some customers are more conservative. We built our own live channel within our mobile banking, which will give them a more secure place to enjoy different programmes. We rolled out 40 programmes this year and the programme will be about wealth management. How do they manage their wealth? Some tips about how they construct their portfolios in Terminus and like the property market in Greater Bay Area in China, and also the different investment market aspects. This has quite turned out to be responsive to our customers. 

I agree with Colin that this is about the customers. This is about what they want. When we do this, we want our core objective to have a good, warm, engaging relationship with the customer. We are not thinking about the business. It turns out that the business will come when you achieve that. The technology piece is not that high technology but when combined with our existing processes, with our relationship manager (RM), that is something that we create value to the customer that they’re watching our programme and then talk to our RM. Finally, they can make a wise investment transaction. That is about using technology to help us engage with the customer. 

It's an interesting area as well for wealth management. Traditionally, wealth management is done through wealth managers, relationship managers who meet the customers, talk to them and understand what they need. We're moving that to a digital channel that requires a different way for the customers to interact and also interact in a way that they may not be comfortable sharing their financial data through the web. It’s kind of related to the wealth area. I want to get Yvonne Chong’s perspective on this topic on leveraging artificial intelligence (AI) ecosystem open banking. 

In Singapore, there is a financial data-sharing platform. It’s a utility that all banks use, SGFindex. How is OCBC leveraging it to provide a differentiated customer experience? It’s called OneView. Tell us more.

Yvonne Chong (YC): We are in a very easily volatile digitised environment. But within itself, we also present many unique opportunities that we've seen. In Singapore’s context, the SGFinDex is really changing the way how people are managing their finance, so that's Singapore's Financial Data Exchange. It is an open banking platform that aggregates customer data across all financial institutions (FIs).  

When we took a hard look at what are the new opportunities out there, especially in times like this, that's where we looked at from a customer point of view. How can we help him manage his financials much better? We revamped our entire thinking from the products to the technology, processes, all the way to training our people in looking at the new technology that is available. With the integration to SGFinDex, we launched the OCBC Financial OneView, which is a unique one-stop digital dashboard for customers to see and view all the consolidated cash holdings as well as investments across the board. With that, we went deeper. We extended the capability where we introduced an all-inclusive financial planning tool through the OCBC Life Goals, using APIs, data analytics, as well as AI.  

Our tool enables our customers to think about what will be the financial goals, to do simulations, to receive personalised recommendations as well as nudges that are powered by AI to prompt them to think about how they can invest better, how they can safeguard their assets. We even had the chance to launch the first integrated income tax management through the connection using the API from the Inland Revenue Authority of Singapore (IRAS), which is a tax authority in Singapore. Customers could even bring in income tax and property tax management. It's going beyond what a traditional bank used to offer.

FBP: It’s something very new. How are customers adapting to it? How's adaption aggregating all their financial data? Is it something that they're comfortable with? What kind of improvement do you need to do to the existing process to create better comfort for customers to use it? 

YC: Because this is very new, in the beginning, people were a bit sceptical. They're concerned about data security and privacy, especially when we're talking about aggregating all the other banks within one portal, in this case. We did local administrator password solutions (LAPS). We did customer interviews where we did mockups and we realised that if we empower the customers and we give the assurance and the control back to them, they will really let it up.  

We've seen the tick up, the usage has more than doubled in six months.The Life Goals which is the financial planning tool took us by surprise too that we saw a four times increase. What’s more interesting is that the profile of the users was getting much younger, from a typical 50s, we are seeing the 30s. These are a huge group of customers, which is a very good sign because financial planning is not something that people think about. With the pandemic and climate, people have more time at home. They could start to think and that's where the tool helps them in this journey.

FBP: Something emerging and exciting to get adoption, you need to work with partners as well. Get the whole ecosystem involved, anything to do with financial planning and beyond. We’ll get deeper into the discussion. For now, Voranuch Dejakaisaya is back. She was just sharing with us some of the responses she had to make from the technology and operations side during COVID-19. 

Voranuch Dejakaisaya (VD): For Thailand, we’re looking at the customer relief programme. The government has subsidised a lot. Online mobile banking is growing significantly. One thing that we need to manage about the customer expectation, like a customer bank account but cannot trade it. This is one thing that we look at, customer enhancement. How?  Normally, a customer will call us, asking, “Where our money go?” We are looking at how we can make our customers happy. We can be committed in transactions like this, wherein we can return your money within this minute or within the hour as compared with the regulator's which require 24 hours. This is something that we also developed for small and medium-sized enterprises (SMEs) or corporate customers. We develop more products that can be applied. 

Normally, if you would like to apply for cash management, you need to fill up our form. You go to the platform, download the application. This is really something new, especially in banking that we entered into the food delivery. 

SCB, last year because of the COVID-19, the CEO found out that when a customer orders food, the merchant will be charged. He thought, why not? We developed a platform called Robinhood. In fact, we don't have a profit at all because we don't charge the merchants.We developed the Robinhood platform for food delivery and it goes to the riders. Last month, we also offered free food and we paid because our customers already suffered from COVID-19. This is something new and we see that immersion increased significantly. Even we don't feel like we’re going to earn an income to mitigate our customer risk. Our customer satisfaction during such a critical time, make our bank last long in the hearts of the customers.

FBP: Your ability to deal with crisis and to support customers during trying times is a litmus test of resilience. We see that you're doing a lot in helping customers doing relief, monitor their transactions, how you can ease onboarding for your SMEs and even support food delivery. Many things have been happening that require operational processes to be really fine-tuned to support that. 

I'd like to hear from Lito Villanueva in the Philippines, the chief innovation and inclusion officer. There are many things that RCBC is working on. One of them is the digital app, but in financial inclusion, there are also programmes like synergy and finance, open finance networks to support rural banking communities. Tell us a bit about some of the priorities that you're working on in meeting those customer needs and priorities.

Lito Villanueva (LV): At RCBC, we believe that meeting the needs of the underbanked and underserved is all about breaking barriers. In the Philippines, I would say, three barriers that would include our geography, being an archipelago with many geographically, isolated and disadvantaged areas. We have various coastal towns and rugged terrain. 

Problems on internet connectivity, which is still at 40% across the country and the good thing is the government through our regulator, the Bangko Sentral ng Pilipinas (BSP) came up with an executive order signed by the Philippine president to push for more satellite broadband across rural towns. The cost of digital banking is time, effort, energy and the money one has to spend for transactions. But, then as digital became the lifeline for many of us during the pandemic, a lifeline that everyone must have access to, we realised we didn’t have to choose which one to prioritise. 

The core strategy for more financial inclusion approach should centre around digitalisation

LV: In the Philippines, the digital acceleration across industry drives financial inclusion. All of us here in this forum would be aiming for financial inclusion, especially for developing markets like the Philippines. It fuels the digital acceleration efforts in the country and the BSP agreed with this. They came up with a very bold vision and they called it, “The digital payments transformation roadmap” targeting about 50% of the financial transactions to migrate to digital, together with a goal of getting about 70% of the adult Filipinos to be onboarded into the formal financial system by end of 2023. That is the time by which the term of our incumbent Governor Benjamin Diokno will end. 

We decided to streamline our digital banking platforms in line with the BSP’s twin goals of digital acceleration and financial inclusion. Since digital is the lifeline, exceeding the expectations of our customers by providing them with a delightful customer experience is the primordial vision or objectives of all the players in the industry.At RCBC, we believe in “contextual banking”. We had to zero in on our customers. Who they are, what they do, what their banking needs are and how we can fulfil those needs? We also supported ongoing measures to ramp up the digital banking security, including the implementation of a national ID system. Our government came up with a very bold vision of trying to register at least 70% of the adult population in the Philippines by end of 2021. We're quite lucky in the Philippines that we have a progressive government through a dynamic regulator in the person of the governor of the BSP. These are some of the good news happening in the Philippines now, amid the pandemic. If there is something positive that COVID-19 brought about, it's the further acceleration of digital transformation in the Philippines. 

FBP: The BSP governor is very enlightened in his view on the use of technology, also the view of how the banking industry needs to work with technology partners, including big tech. They are very open to them playing a more active role in bringing finance to the masses and meeting your financial inclusion goals. It sets a huge target by 2023, 70% adults to be included. You have your work cut out for you. There's a lot to be done.  

We’d like to hear from Matthew Talbot from ServiceNow, who works with financial institutions across the region, on the processes and workflows focusing on balancing both compliance and security requirements as well as delivering customer experience. What are the things that you observe across the industry among the clients that you work with?

Matthew Talbot (MT): During and post-COVID-19, we've seen financial institutions around the world accelerate their digital transformation. For those who are not aware of ServiceNow, we work with over a thousand financial institutions across the world and make cross-functional processes more effective by digitalising workflow. 

Once you've digitalised the workflow, there's an opportunity to insert controls and risk tolerance into those workflows, which starts to protect you in all the areas that are key focuses for the banks, insurance companies and wealth management companies around the world. AI is a big foundation for how we digitalise workflows. We've made four AI acquisitions over the last couple of years, which have integrated into those workflows, including robotic process automation (RPA). Some of those have been companies like Element AI, which uses AI to accelerate onboarding of customers. They've done that with someone like HSBC on cards, or Intellibot on RPA, which uses RPA to accelerate things like credit and anti-money laundering (AML). 

There's a great opportunity to accelerate that middle office in general and we've seen use cases around improving the customer experience. We've talked about know your customer (KYC), fraud activities, analysing documents. We've mentioned chatbots before like natural language processing, biometrics, etc. There's a great opportunity now,  whether it's across IT, the employee experience or the customer experience, to actually digitalise across the board and take the opportunity once it's digitalised to oversee and insert risk controls into that. 

FBP: It’s a great opportunity, as the pace of digitisation picks up for banks. As they digitise their products, the customer experience is to go at it and the lump of the workflow, as you update those built into them the necessary compliance and risk controls. I’d like to bring in all our information security officers the challenges that you face with digitisation, with more transactions going digital, how are you balancing security and compliance requirements? I’d start with David Chan of Hang Seng Bank.

David Chan (DC): From my years of experience in management, it’s really the people and culture and then a technology that you adopt in how you automate the compliance process. In the end, if something needs to be launched into the market and to enable the customer's usage, it needs to go through a rigorous assurance process. Are we really identifying the correct risks? Are we articulating it correctly to the business? Do we understand the residual risk that we are accepting? It's all about people and how we support these people and the training that we provide them and also the culture of the whole bank. Everyone is willing to support and understand in being more risk averse or do they really understand the risk appetite, balancing the controls, with respect to what the risks that go on tech. We leverage automation and also the data that we obtain from our automation tools in order to strike a very fine balance between what is really required and what is optional.

FBP: How does automation and digitisation of what used to be manual processes do? They reduce the risk somewhat because you're able to better control those processes because they are automated, they are digitalised. It’s much easier than those traditional manual processes. Coupled with COVID-19, has that accelerated this whole programme towards digitisation of workflows and also building in the necessary controls? What have you observed? 

DC: With the automation that we have, we are not automating everything because it's very dangerous. We are a very big organisation and there will always be people trying to bypass some controls. We need a very strong governance framework on this. When we talk about automation, we need to understand the level of automation that we want to achieve. We would like to automate but we do not have a choice in times like this, when we need to reduce our operational costs, increase our efficiency and with automation, the data and the dashboard that it generates, these really have no emotions. 

People are very emotional and if you say, ‘You got a risk and you can't proceed because of this reason’, then people start to get emotional. But with automation and dashboard, there's no emotion involved because that's what the computer is telling you. What the data is telling you. We are trying to automate most of the stuff but we are not 100% there yet and we still have a way to go and how we develop and brush our data national metering identifier (NMI). 

FBP: It's an ongoing process. Let's hear from Kitti Kosavisuttee from Bangkok Bank. How do you look at delivering customer experience? That's the dichotomy, right? Higher compliance and risk control? Does it get in the way of better customer experience? 

Creating effective plans to balance cybersecurity risk and compliance

Kitti Kosavisuttee (KK): When we talk about digitalisation or digital transformation, what had actually changed? What we can see is that the business landscape has changed. As the previous panellists mentioned a lot of innovation, new technology, adoptions to the service, the service pattern or type of service had changed rapidly, especially during the COVID-19 time.  

People tried to adopt technology in order to reach out or improve customer engagement. In security or risk perspective, the risk landscape also changed. During COVID-19, there's phishing, techniques, malware and a linkage to the COVID-19 situations, that is the human factor that they try to penetrate. The most important thing is because of technology adoption, change came really fast. Customers may not really understand what it is, what technology or what service has been adopted and what is a loophole, especially the data that they use in order to get into the service and enjoy the service without knowing what is the risk and this is the key that I see. We are facing risks here.  

When we talk about balance between compliance and risk, I mentioned the risk. Compliance normally comes from regulators or laws that sometimes, somehow, it’s slow because it comes later. But the risks and technology adoptions go very fast. We see the gap between compliance both Repo or regulatory compliance and risks that come from technology adoptions. If you talk about balancing both compliance and risk, it is not balanced by itself because risk will go first, compliance will come later. What we need to balance is not the compliance and risk. It is the expectations balancing between service providers and customers because we’re going fast in order to improve our engagement, adopt the technologies but on the other hand, we need to improve on the customer side as well, for their expectations. That is what I see as the challenge for banking and security. 

FBP: That is a very good point as well, to bring the customer expectation into what you do. It's not what the bank is comfortable with and the regulator is comfortable with, but also the customers. From research, especially in Asia, consumers are more likely to take the greater risk if there is a greater perceived benefit. They are more willing to share data with third parties if they perceive that the benefit that they get from it – whether it is true – a better experience or a shorter waiting time, or highest interest rate, they are more willing to do that trade-off. How do we address that? Does technology play a part to help manage or lessen that on the consumer side or to make it more obvious? During the pandemic, all the scams have gone up because consumers are not as wary as they should be. We would like to get a perspective from Tobias Gondrom who is in Munich, a perspective of UOB in this challenge of measuring customer expectations in the role that you play in ensuring security.

Automation needs stringent control to avoid failure 

Tobias Gondrom (TG): On how we balance security with this new customer journey, here are a few observations. I’m trying to go back to what the chief information officer (CIO) and others said before about the journey that we are on. We were on that journey already for quite a number of years. It hastened significantly due to COVID-19. There were two aspects to this. One was automation. In risk to automation, it’s quite simple. You can enhance things by introducing automated controls, but also, unfortunately, if you automate, that means you can scale. That means you can go big. The problem is if you go wrong, then it's going to get really ugly. Automation also requires a more stringent control because then you also fail at scale, which is not a good thing to do. That's one and that's pretty much internal to the bank. We can manage quite well. 

The second part is the customer journey. In the past, the evolution was from a branch, PC or mobile. What we've seen during the COVID-19 pandemic is that people are actually jumping directly from branch to mobile-only. They may not even have a PC anymore, so that creates a different risk profile. Now to come to the balance of it, I don't think there is much of a balance as my colleagues mentioned before.  

Regulation is normally coming a little slower but that's fine because we are managing risk first. If we do it well then compliance comes automatically because we understand what the risks are. If you look at the latest customer relationship management (CRM) guidelines in Singapore and other countries, in many cases, it's about managing the risks well. If you do that, well then you will have very few problems. However, this new customer journey in this environment and now tying it back to the topic about the ecosystem that Yvonne mentioned before. In ecosystems, the problem is we are dependent on others. 

In the past, we could audit our suppliers. In an ecosystem, this doesn't work like this. In an ecosystem, you have a number of people who are interdependent with each other and there's not one person who holds the pen on everybody. Therefore, we are all in a web of dependency and trust. To ensure the web of dependency and trust, it requires the support of a regulator, as well as new ways of managing risks. How we do this? In our case, we built-in security right from the beginning. We enabled new customer journeys by advising right from the start on the design of that customer journey and ties it back, to the viewpoint from David, ‘it's about people’. Yes, it's exactly about how we design things together and share that knowledge.

FBP: That is a great insight Tobias and we'll get deeper into that in the next section. I would like to get Graeme Milroy in the discussion as well. Graeme is the risk advisory partner at Deloitte in Hong Kong. What are you seeing in banks having to grapple with this new customer journey, as well as the need for compliance and data security? 

Graeme Milroy (GM): What I've seen and the previous panellists commented on this, is that the technology acceleration that's been pushed by the circumstances around the pandemic seems to have led to renewed appetite for automation, simplicity and workflow. Organisations now need automation and they need simplicity in a way that we as employees felt we need them both. So, through that, you’re getting the rise of these local tools like ServiceNow. Then companies are thinking of outsourcing to third parties to build those tools, and do they build in-house capability to build centres of excellence?  The questions that clients are asking themselves is, ‘do we want to build this in-house?’ Will we benefit from having this coding capability within the organisation? I'm thinking not about technology teams but about risk teams, audit teams. It helps with employee retention as well. It makes people's careers more interesting. Folks that are hiring different people into the team or people learn a new skill set. That's really what I'm seeing. It's been a very interesting time throughout the pandemic. It has been one of the silver linings.

FBP: Indeed, it’s an interesting time, the drive towards digitisation adoption of technology that the pandemic has catalysed. To Tobias’ point that we mentioned earlier, also Kitti, and David was talking about the culture for managing the risk during this pandemic as well as new ways of working. We talked about ecosystems where there is a web of dependencies that you can audit or manage because it's external to you. Internally, what you can do is look at the whole customer journey that you have in mind and how you can put the necessary control in place. 

I would like to get inputs from Colin. You're talking about the service and distribution model being very dynamic, customer-centric. As you grapple with this issue, as greater adoption of technology and a greater ability to scale that you don't get into the way of scaling. 

CD: It's not very dissimilar to everybody else. What we do now, is when we look at those end-to-end, we look at the customer journeys. We don't look at just the interaction. We look at the whole thing through to fulfilment and controls. One of the things the panel has highlighted is the controls. How you manage the risk and all of those other aspects. These all have to be built into the solutions that we put in place. When we're looking at the solution that I was discussing before, it is about fulfilment controls. It is about having all those things in place. You build in security through design at the start and you manage that. That's leveraging the skills of the operation staff, whom I have a lot of respect for because they are the backbone of most of the banks, I've worked in. Their knowledge is huge. They're the people who help you shape and make sure that they're very robust, so that's why we're tackling it. 

FBP: As Graeme mentioned, the other banks are considering whether you build that capability, that skill in-house or you're working with a third party or solution provider. 

CD: Everybody's got to look at the resource model. The most critical issue is the skills gap. You've got to look at a blend of internal and external. You've got to grow your core internally. You've got to leverage external skills where you can so it's about having that blended model and it's very critical to every organisation. I've ever come across nowadays, you can't be self-reliant. You can't build isolation and you can't build walls around what you do. 

FBP: The industry is becoming more open in working with partners. You have to because there's only so much that you have internally. Voranuch, I’d like to get your insight as well. 

VD: We’ve set up a tech company. Our main objective is to improve our in-house expertise and to help the partnership with the tech partners that have the highest skills. Because in growing the digital investment, we’ll be looking at what needs to be done, at the operation efficiency, at the process that began in the past. Either, it relies on the platform or relies on the process. We did a lot on RPA, on the workflow. It may not be enough, so we need all ingredients from all these things. With the legacy somehow, it takes time to identify the gap or is more likely to redevelop with a new architecture. That's the way we’ll go. A lot of things will probably end up at a low cost and then we can choose what we want. It’s kind of the future design. That may be better for the customer journey, but that is looking at something new and not just to transform.

FBP: I’d like to get Matthew’s perspective as well on this whole area of creating, designing journeys and workflows, and bringing expertise to make sure that the controls, the compliance requirements are in there and, again, the great ability of technology to automate, to scale.

MT: What we're starting to see on the resource front is the financial institutions taking functionality out of the box as such, minimising, customisation, so they can upgrade, embracing some of the standards that are out there around on other standards. We see our customers building out centres of excellence, as Graeme mentioned. Taking platforms like us that can provide that cross-functional workflow, across the organisation, whether it's the IT, the employee, the customer experience, integrated risk management (IRM) etc., and then using our low-code platform to allow the C-developers and citizen developers to build on top of that and create their own centre of excellence as such and accelerate innovation going forward. That's important. 

On the controls and the monitoring, a customer of ours on the tech controls, we saw them identify 68% of their controls that could be automated then have continuous monitoring around it. If you look at that and the cost savings in relation to testing and so forth around that it's significant. We're seeing more and more of that. It started off very much on the IT but as we've talked about today, we've got the same risks and exposure in relation to onboarding and offboarding employees as they're out of the office. The same with customers because they're using digital tools only. It's becoming critical to embed those controls and those risk tolerance into the workflows. We're seeing customers around the world do that, whether it's in relation to the lines of business in the middle office like loan servicing or payments, operations, card onboarding, wealth onboarding, etc. We're really seeing people not only digitalise now but try and put those controls in to protect that first line of defense. By starting to digitalise across the board, you're starting to see a single view of your risk exposure across the board into your integrated risk management systems. That's critical. One topic that we haven't even talked about is the increase in operational resilience and regulation around the world. If you've automated or started to automate a lot of those risks and controls, it makes it easier to move towards getting to true operational resilience, which is a major theme across the world at the moment. 

FBP: If we can get Dick’s perspective as well from Bank of China (Hong Kong) on how you are addressing that point in minimising or mitigating risk and improving control as you automate your customer journey and the old processes behind those?

DH: First, the digital journey is quite different from the usually manned journey at the branches because in the past, the control is more like how to make sure that our staff behaves as they should be and also control the whole process in a robust way. But moving to digital is more of the customer doing their job within our platform. The control has shifted. It’s not just another operational risk that can happen to our staff but a more cyber-kind of risk that will show the customer that you are using that mobile to do the transactions. How we can protect our customers from having their credentials stolen by some criminal to rob the bank digitally. The control is quite a different kind of approach. How are we going to solve that? 

We employ an expert from outside. There's no point that we do all this stuff inside. We need to have a balance. One thing critical is that we build inside but we also employ external help. Most importantly, it’s about the process of making a new service. Whenever we're doing digital initiatives, we have stringent project management. Before launch, we will go to the risk department to get approval, but we really track them down and bring the rest of the people up front to when we have a live workshop to think about the new ideas on how to make it happen. They sit with us together on a workshop for one or two days so they can understand what we want to do for the customer. Then they immediately think about different kinds of control that we need to have and what sort of risk we need to take care of. Along the way, there is less surprise because in the end, when we do the approval, usually there will be a huge conflict because some of the risks may be overlooked. They are right. We are open because we didn't have that kind of expertise to do that. When we’re serving that upfront at the very beginning, that helps a lot. The collaboration is all around the people, how we work together. It's not the technology part that helped us but the way we worked together in a better way, more averse to risk. That will help us mitigate the risk. 

FBP: Embedding that risk awareness and then the recent version at the front line is one of the three lines of defense. Lito, I want to get your perspective as well. 

LV: For the Philippines or for RCBC, by streamlining our digital banking platforms, we also made much of our processes digital in order to make sure we cater to our customers’ needs 24/7. As any digital bank promising seamless, frictionless transactions, we have seen the empirical data coming from the BSP, from regulators showing that there has been a dramatic reduction or decrease in so far as cash transactions are concerned in the use of automated teller machines (ATM) or cheque encashment. But there has been an exponential growth when it comes to the use of electronic fund transfers, or the use of e-wallets and digital banking products and services. A robust, sustainable and efficient digital ecosystem, is only possible when digital platforms are streamlined and are interoperable with one another. That's why we're also thankful to the BSP for pushing for the national level payment system, which enables all players in the industry to be interoperable.  

Now, given the pandemic, the consumers are the ones benefiting from it. Aside from that, we also focused on having a cloud-based for banking solutions and running our apps on the cloud-enabled us to really launch products the fastest possible time. We have launched more than 20 new features at the height of the pandemic. One of the things that we are also proud of is that we're among the first in participating with the BSP insofar as trying out the QR code, for example, or even supporting the open finance framework of the Philippines encouraging more collaboration among stakeholders in the industry.

FBP: More collaboration and a greater need to put in the necessary risks that may come from those collaborations. Yvonne, you are now also looking at digital risk as part of the digital risk division. Tell us more about what does that entails?

Leveraging digital transformation for customer-centricity 

YC: The acceleration of our digital and consumer adoption, as well as internally, the organisation is also evolving, bringing along our staff in this digitisation journey. We really see that there is an increasing need to take a hard look at how we're managing the risk, balancing it with the business in our agenda, as well as where the customer-centricity comes in. We start to relook at how we're organising our people by our processes and the use of the technology as well as staff training. It's really amazing, because it's the entire bank that is going through digitisation. It's not just purely our IT colleagues that is looking at the use of technology, but the entire bank. 

The entire bank is moving forward in this and we are taking a hard look in our internal processes. Can we do this without compromising the risk? But do it faster, do it smarter, leveraging on some AIs and lots of data. Because even in the area of anti-money laundering (AML), customer monitoring, investments and so forth, we are seeing an increasing need in managing the digital risk very tightly. We have seen how within Singapore, the regulators are also heightening the new guidelines. The winning formula would really be in balancing how the business agenda move forward, coupled with priority on customer-centricity and balancing with a very robust risk management framework. 

FBP: The Monetary Authority of Singapore (MAS) in the past year has revised its risk management guidelines for operational resilience, as well as for third-party outsourcing. More recently, the Bank of England reiterated the concerns about third-party service providers especially on cloud and the concentration of cloud. All this new risk dimension is coming into play. Just a few final comments maybe from Colin, Tobias, Graeme and Matthew, in what we've discussed so far.

CD: I find it very interesting that the discussion by all the esteemed colleagues, we’re looking and we've traversed from customer-centricity to risk management, to the changes that we have to make within our product sets, and how we're all responding. The one thing that it tells everybody listening to this discussion is the diversity of challenges that the financial institutions now have grown quite complex. We've all got to manage all of those in relation to how we're going to be successful not only within our marketplace but with our customers. That's the interesting thing I’ve taken out of this discussion.

FBP: Yes, in the complexity of the different perspectives from customer-centricity to managing risk and compliance and doing it dynamically, because there are so many governmental changes that we are seeing as we go.

Providing customer-centric solutions should come with managing risk

TG: I don't think that the journey has changed. We are still on the same journey of digitalisation where we were three years ago. The only thing is, we are moving much faster now in the short term because of COVID-19. That brings the risks with it because every time you move fast into a new land,  new land means new opportunities, but also new risks that you never thought about.  

Our mind needs to catch up with where we are today. What that means for us is that we are moving towards this more integrated way but our minds haven't really thought about the integration part so much. We always thought about how do we secure or design the individual parts, but now it's about putting everything together in a secure way. That's a great opportunity for our industry as well because it creates new products, new solutions for our customers.

FBP: We’re kind of used to working at a silo at a time. Now it's bringing everything together. Matthew, your perspective. 

MT: That's exactly what I was going to say. Risk generally inside these organisations is very much siloed, so financial services. But now every area of the business has different risks that they need to address. Having that common view of bringing all those risks together, the levels of where they are, the exposures into one system is something that we're seeing frequently today and then being able to show that to the different personas, so that the different levels of management, lines of defense can see what they actually have to see. 

Seeing in real-time is what we're seeing and working with businesses every day. The more we can insert these controls and risks into workflows and digitalise them, the faster we can bring that data to the right personas. It's a very interesting time, but risk is probably the major topic on everyone's agenda. Financial institutions need to grow and that's all about the customer experience, so it's a balance.  

FBP: Thank you, Matthew. Yes, it is a balance and that’s the core business of banks, managing the risks over time, but as we focus on customer journey and centricity, we should move too far away from this core responsibility as bankers, and as banks always put the risk at the forefront. We have Graeme to round up from a risk perspective. 

GM: The recent ransomware incidents that have been happening around the world, just show me that organisations, the people, still struggle to understand theoretical risks that haven't happened yet, a scale to themselves or to their peers. It’s kind of like a human nature thing that we need to see a familiar horse bolting from that stable or barn, before we start fixing the security on the stable doors. We're now seeing this theoretical discussion that third-party risk is not actually being looked at carefully. The practitioners are seeing it and going, ‘Well, I've been saying that for a while. This is how we should be managing it. We should be managing the controls and risks of third parties in the same way that we manage them for our own organisations’. What Matthew said, a common view of risks you’ve been able to see across your partner organisations in real-time and then been able to show that to your senior leadership so that they've got that comfort in having those controls built-in and monitoring them. They're just happening and you're not really thinking about it. That's my thoughts from the discussion as well as all the various other avenues we went to. 

FBP: Would that be the nature of the risk that makes it harder to look at from a centralised basis? This whole nature of operational risk, IT security and fraud risks as opposed to the other risk types; credit, market and liquidity risks where they are more quantifiable. Operational risks take all forms, fraud or an employee getting data access and passing it on someone's calendars causing some of these risks. It is less defined as a construct operational risk but something to think about how to better centralise and have an enterprise view of all the operational risks that banks deal with, as they move on to increase digitalisation and confront new requirements, whether from regulators or from consumers or even from ecosystem partners that they've not encountered before. It's an ongoing challenge that we face as this whole pace of digitisation will only increase, as we proceed forward and financial institutions really need to look at the opportunities, as they design their processes around the customers to identify where the opportunities to put in the controls and to centralise that risk so that they have a view of it. As Tobias said, what we are facing is not new. It's just accelerated.

On that note, I'd like to thank all our esteemed guests for joining us today. We wish our guests a good day ahead. We really appreciate you for joining and spending time with us today. Have a good day, everyone.