The new payments paradigm with innovation and cybersecurity at its core – Deutsche Bank

July 2018

Uber, Airbnb and the lessons for payments providers. This year’s EBAday was all about the importance of embracing new market entrants and balancing an openness for innovation with safety and security

Rarely does a welcome speech live as long in the memory as the one at this year’s EBAday. The symbolism of Wolfgang Ehrmann, Chairman of the Euro Banking Association (EBA), sharing his traditional opening with Sophia, a “humanoid robot”, was clear: technology is re-shaping normal practice, and we all must evolve and adapt.

The opening speeches made reference to the fact that the world’s largest taxi company, Uber, owns no vehicles; the world’s largest accommodation provider, Airbnb, owns no properties. Will the largest payments providers of the future be banks? Probably, was the consensus, although only if they embrace new market entrants and digitalisation, and invest heavily in IT infrastructure.

While technology was central to the gathering of 1,500 payment practitioners and experts in Munich, the event was, make no mistake about it, all about data. To thrive, banks must organise, analyse and use data to reshape business models, better manage liquidity and improve client service – or open up their data to third-parties that can do exactly that – while also ensuring that it remains safe and secure from outside threats.

In this respect, one saying provided a common thread throughout the two days: “In the past, banks have been the trusted custodians of money, they are now the trusted custodians of data.”

The show gets underway at EBAday 2018
The show gets underway at EBAday 2018

Unlocking the business value in banks’ data

As a former Chief Digital Officer for Tesco and, in his own words, someone who is a “techie rather than a banker”, Deutsche Bank’s Thomas Nielsen, Chief Digital Officer, Global Transaction Banking was the perfect individual to provide a fresh perspective on how banks should unlock the business value in the client data they possess.

“Banks are like any large company – they have a wealth of data, but it is fragmented, organised in different groups, and often hard to find,” asserted Nielsen. “We need to re-think our approach to data and treat it strategically as something that we must govern, protect, nurture and harness.”

“We need to re-think our approach to data and treat it strategically as something that we must govern, protect, nurture and harness.”

Thomas Nielsen 

Thomas Nielsen Panel
Open Banking panel: (from left to right) Krister Billing, Skandinaviska Enskilda Banken; Claus Richter, Nordea; Thomas Nielsen, Deutsche Bank; Paul Horlock, NPSO Ltd.; John Broxis, PRETA

Nielsen, speaking on an Open Banking panel, stressed that while banks need to do lots of thinking around data ownership – especially given General Data Protection Regulation (GDPR) – there is a huge opportunity in using it to drive operational excellence and to “give back to clients”.

Joining him on the panel was Claus Richter, Head of Cash Management Customer Solutions at Nordea, who outlined four stages in the journey towards true Open Banking. He suggested that we are now only implementing Open Banking 1.0, which focuses on regulatory compliance, especially around PSD2. Open Banking 2.0 – which Richter suggested may be reached in the next year – sees banks opening up their platforms to competitors and their products, as Netflix does. Gazing into the future, he described Open Banking 3.0 as an even more open ecosystem where all parties leverage and monetise each other’s data and products (think YouTube), while Open Banking 4.0 would build on this and see the creation of an ecosystem value chain that moves beyond offering just traditional banking products, similar to Amazon’s business model.  

Nielsen agreed completely with this assessment of the journey ahead, although guarded that “the easy part is to have a strategy, the hard part is to implement it”. Doing so would require embracing new technologies and IT infrastructures, establishing defined rules on how data is governed and made secure – especially cross-border – and cultural change. Banks, he said, need to figure out what their new products will be, who their partners are and how to make money in the new data sharing era.

PSD2 is naturally fostering innovation in Europe, with standards and digital identity solutions noted as key enablers of Open Banking. In this respect, the importance of eIDAS certificates for identification – allowing everyone in the ecosystem to identify each other – and PRETA’s directory of third-party providers was noted.

But, said the panel, further work on API standardisation will be required for PSD2 to open up the European payments market, and resemble a first step on the journey towards Open Banking. A forthcoming whitepaper from Deutsche Bank and Innopay will shine further light on the need for industry collaboration to tackle this challenge.

Concluding the panel, Nielsen commented, “The Open Banking journey will be a complex one so we must be focused on security and obtaining knowledge internally. But, together as an industry, we will get it right.”

Nielsen elaborated on how banks could accelerate open banking strategies in a separate interview with Finextra.

Balancing innovation and security

One of EBA day’s many audience polls confirmed cybersecurity as the biggest challenge to banks being successful in the new payments landscape. 

“The challenge is to innovate while remaining secure,” outlined William Hoffman, Deutsche Bank’s Chief Information Security Officer for EMEA, in one of the event’s stand-out panel discussions. “This requires including security considerations at the very early stages of any project planning – weaving them into the foundations of any strategy – and having people within the cybersecurity team that understand the business intimately, and are able to communicate complicated issues in an understandable way.”

“The challenge is to innovate while remaining secure.”

William Hoffman

Strategic roundtable
Strategic Roundtable: Innovation and Cybersecurity in Transaction Banking: (from left to right) William Hoffman, Deutsche Bank; Gottfried Leibbrandt, SWIFT; Diego Katzeff, HSBC; Conor McGoveran, EY

Picking up this idea of security underpinning innovation, Gottfried Leibbrandt, CEO of SWIFT, announced that as transactions increasingly move to a real-time environment, SWIFT will soon introduce a new "stop and recall" feature via gpi for suspicious payment messages.

The panel agreed that real-time information sharing between banks with respect to cybersecurity represented a huge opportunity. Yet, Hoffman cautioned, it is imperative that this information sharing is “relevant, actionable and conducted among trusted parties.”

Hoffman also lauded the recently launched forum by The Financial Services Information Sharing and Analysis Center (FS-ISAC) – a dedicated environment for central banks and financial supervisors to share best cybersecurity practice, discuss the most effective controls and quickly distribute information on cyber threats and incidents. Hoffman said that it was a global issue which requires partnership and guidance from regulatory authorities – a collaborative approach he explained in more detail in an interview with Finextra.

Of course, while data analysis will help in the prevention of misuse of the financial system, banks – as custodians of a treasure-chest of valuable data – must also guard against more proactive attempts from would-be-cyber-criminals. Hoffman referenced the European Central Bank’s (ECB) TIBER’s framework as an interesting development, and suggested that “red teaming” – getting outside parties to come in and “hack” elements of the organisation – is a useful tool for banks to test their defences.

AI for now, DLT for the future

The debate inevitably turned to distributed ledger technology (DLT), or blockchain. Leibbrandt warned that, as things stand, "it is unlikely that blockchain can scale to replicate capabilities already available in global payments”, referring specifically to SWIFT’s proof-of-concept involving nostro reconciliations. Deutsche Bank’s Andreas Hauser discusses these findings in more detail here.

In another panel, focusing purely on cryptotechnologies, Nicolo Romani, Head of Innovation at SIA, ran attendees through the findings from the Italian Banking Association’s pilot project on blockchain-based interbank reconciliations to a first group of 14 lenders. "The functionality works,” he said “but the question mark is about performance.” However, all panelists agreed that the technology was progressing, and exploratory proof of concepts should continue.

Given the importance of data, it was suggested that AI – described as artificial intelligence or augmented intelligence interchangeably – had more potential to transform payments in the here and now, especially when it comes to client service and real-time fraud forensics to detect suspicious transactions. The AI panel suggested banks should aim for a “true rationalised, consolidated, real-time single view of the customer for customer-intelligent marketing, analysis and service” – although this is still, to date, hindered by legacy systems and siloed views of customers. As such, many banks are using AI sub-optimally.

Innovation in liquidity management

Innovation and technology – along with regulation – were defined as key factors influencing current liquidity management strategies in a panel including Deutsche Bank’s Vanessa Manning, Global Head of Investment & Liquidity.

Indeed, there are currently over 25 instant or real-time payment systems either launched or in development, with EBA Clearing’s RT1 live since November 2017 and Eurosystem’s TARGET Instant Payment Settlement (TIPS) due to go live in November this year.

Manning’s panel described that, as we move to an instant environment, liquidity management will be “turned on its head”. For corporates there will be many challenges – including changing their systems that have been used to working on end-of-day mechanisms.

Banks, meanwhile, will have to move away from a historically predictable and manageable flow of liquidity based on the processing of “batches” of payments at certain times and on certain days. To manage this, the panel suggested they could implement accounting-driven strategies to monitor and forecast liquidity and enable them to report their liquidity position with accuracy at any given time.

It was also noted that the batch world operates on a five-day week, whereas real-time payments require 24/7 availability, meaning the bank and its supporting systems and processes have to radically change.

Vanessa Manning
Liquidity Management panel: (from left to right) Henrik Lang, Bank of America; Vanessa Manning, Deutsche Bank; Sergio Dalla Riva, Intesa Sanpaolo; Mario Mendia, TAS Group; Johannes Sackmann, CGI

Panellists agreed that effective management of liquidity will only be possible through the deep integration of business transactions into corporates’ ERP systems. Manning outlined that, as a next step, banks should “educate institutional and corporate customers about the technology, the treasury processes and the front-to-back redesign and re-engineering that they should be considering in a 24/7 environment.” Here, the panellists talked about how APIs could be used to help. 

Manning concluded by describing an increasing corporate focus on virtual cash management. “The next generation of solutions for liquidity and investment management is here – liquidity velocity will improve through use of APIs, robotic process and rules-based automation,” asserted Manning. “Most corporate treasuries have long had a very stable operating structure – using hybrid, physical notional, or multicurrency notional pools – yet there is now a desire for greater simplification, cost transparency and self-determination.”

“The next generation of solutions for liquidity and investment management is here – liquidity velocity will improve through use of APIs, robotic process and rules-based automation.”

Vanessa Manning

Can correspondent banking keep pace?

So, in a digital world, with new competition and a desire for speed, innovation and instant information, one question loomed large: can the age-old business of correspondent banking keep up? That was the question posed to Deutsche Bank’s Global Head of Institutional Market Management, Marc Recker, who was joined on a panel by representatives from JPMorgan, UniCredit, HSBC and Ripple.

Yes, answered Recker: “Given the complexity of cross-border payments, being able to transact in mere seconds is more than satisfactory for most business needs.”

The panel agreed that SWIFT gpi has addressed many of the pain points of users of correspondent banking networks, bringing faster-cross border payments and transparency, even between countries such as China and the US where gpi already accounts for more than 40% of payment traffic.

“Given the complexity of cross-border payments, being able to transact in mere seconds is more than satisfactory for most business needs.”

Marc Recker

SWIFT has also joined forces with a group of SWIFT gpi banks from Australia, China, Singapore and Thailand to develop a unique cross-border real-time payments service in the Asia-Pacific region, while RT1, TIPS and various other domestic real-time solutions are providing speed in Europe. Looking ahead, Recker suggested that AI has the potential to “bring down the noise in the system” by reducing the number of false positives in compliance checks and increasing speed of transactions.
Marc Recker Panel
Correspondent banking panel: (from left to right) Marjan Delatinne, Ripple; Simone Del Guerra, UniCredit; Nadine Lagermitte, HSBC; Marc Recker, Deutsche Bank.

In a poll, two thirds of the audience offered no viable alternative to correspondent banking in terms of what it can provide in reach, network quality, and certainty. Recker explained that, while a corporate may want to make a transfer within the EU in a cheap and efficient way, they may also want to concurrently make a payment in US dollars to Puerto Rico, for example. Today, only the correspondent banking network can satisfy both these needs. On the contrary, Marjan Delatinne, Global Head of Banking at Ripple, argued that Google or another technology giant could perhaps provide an equivalent global system – if they were focused on doing so.

What about the prospects for the creation of a global real-time cross-border payments system in the next five years? Two-thirds of delegates believe this to be feasible, buoyed perhaps by the speed of establishment of RT1 in Europe.

Recker, however, was more cautious: “Technology and standards wise, the system will get closer with the adoption of ISO 20022, but it is also about the rules of the game. The complexity we have in correspondent banking to solve the issue of cross-border payments – in terms of transaction monitoring, transaction filtering and reliance on KYC processes – is not solved by simply inter-connecting real-time payments systems.”

In another panel, it was noted that existing High Value Payments systems are being upgraded to offer easier access, better services and lower transaction costs. At the same time, the market faces the challenge of implementing new ISO 20022 standards. While panellists accepted that the cost of implementation is quite high, they saw a clear business case for doing so, and urged banks to make the most of the opportunities it brings in terms of data that can deliver value to businesses.

Hubertus von Poser, Member of the Management Board, PPI, noted that, “we have reached a tipping point, and the industry as a whole must now invest in ISO 20022. It will be the next big project for banks, bringing significant efficiencies.”

After two days of engaging speeches and lively debate, EBA’s Chairman, Ehrmann, summarised perfectly the industry’s approach to tackling the changing payments landscape: “We will not do it fast, we will do it right”.

You might be interested in

This website uses cookies in order to improve user experience. If you close this box or continue browsing, we will assume you agree with this. For more information about the cookies we use or to find out how you can disable cookies, click here.