Updates from user Toggle Comment Threads | Keyboard Shortcuts

  • user 6:00 am on August 4, 2016 Permalink | Reply
    Tags: , cro, , open banking,   

    Where are the likely “banana skins” for bank CROs from PSD2 and Open Banking? 

    AAEAAQAAAAAAAAd7AAAAJDA0MDdmMjdlLWRjNTItNDRhZC1hOGJjLWY0Nzk0YzI3NGIxYw

    In general, Chief Risk Officers (CROs) and Boards of Directors of traditional probably lose a lot more sleep over the health of bank balance sheets rather than the security and agility of daily payments and accounts processes.   A failure to control the quality of loans on the balance sheet is an existential risk for a credit institution.  A failure to maintain depositor confidence, leading to a cataclysmic outflow of funds from the liabilities side of the balance sheet, is also an existential threat.  While significant frauds, security failures and data privacy breaches may tarnish bank brands, slow business growth and lead to very large regulatory fines, these events have to be incredibly large and systemic to suddenly wipe out a bank’s equity or cause a loss of a banking license.

    Although banks may have ultimately adopted progressive API Strategies over time, banks are being compelled by to adopt API-driven business objectives and processes against a fixed deadline.   Without regulatory intervention, the timing of this change would have been commercially driven.  In more normal circumstances, the Boards of these banks could have approved new API Strategies (covering API provision and consumption) with a defined appetite for risk.    This is the level of risk that a bank is willing to accept in order to deliver these business objectives.   It will be important that the mandatory nature of PSD2 does not inhibit banks from carrying out these important disciplines.  Even a “comply only” API business strategy prompted by PSD2 does not mean that bank Boards are not ultimately responsible for the risk profile of these business activities. 

    To try to avoid adverse outcomes, bank management and Boards of Directors spend much time defining their appetite for risk.  To inform the process of defining risk appetite, banks invest much time and effort in developing risk models.  Many of these risk models are devised and prescribed from the “top down” by Regulators and prescribed to a class of banks, in order to compare risk profiles.  Risk models are also devised and implemented from the “top down” by and specialist risk management staff.     For example, banks model the adequacy of capital levels and loan loss provisions in adverse economic conditions (often under regulatory supervision, such as the recent Stress Tests conducted by the European Banking Authority). These models help inform CRO responses – can and should risks be avoided, reduced, shared or accepted? 

     [linkedinbadge URL=”https://www.linkedin.com/in/paulrohan” connections=”off” mode=”icon” liname=”Paul Rohan”] , the author of this post, is also author of “PSD2 in Plain English”.

    PSD2 in Plain English (Payments Landscape
    for Non-Specialists) (Volume 1)

    PSD2 and is not a matter of a faster growth rate or a diversification into new market segments, using established business processes and risk models.   In broad terms, PSD2 is extending and blurring the boundaries of a bank.  With PSD2 and Open Banking, there are now new risks to a bank’s risk profile outside of contractual arrangements that the bank has chosen to enter.   It could be difficult for bank CROs to fully understand and fully embrace the lessons from risk management problems inside PSD2’s “Third Party Providers (TPPs)”.

    Does a bank’s CRO have a big blind spot in this new Open Banking environment?  As the layer of overlay Payment Initiation and Account Information services grows into an ecosystem, the capability of the CRO to quickly identify where a fraud could happen or how a fraud was executed will fall.  The possible points of weakness increase as more and more payment initiation is captured by the risk management and security of TPPs.   There may be many TPPs for a certain type of payment or a certain device or security protocol that is breached across many TPPs.   Calls from puzzled customers to a bank’s Call Centres will have many more scenarios to plan for and many more scenarios to try to understand. Call Centres will ideally have to know exactly the TPPs, current and lapsed, that a customer has granted PSD2 access to.  Call Centres and Client Education will probably have to prepare and plan for the emergence of imposter TPPs.  The normal patterns of API calls on a bank’s payments hub will have to be tracked as accurately as the normal pattern of customer instructions through proprietary channels,

    The initial risk model prepared for PSD2 and Open Banking will have to come from the “bottom up”.   Staff managing business units with expert knowledge of a certain set of products and processes can model their risk profiles from the “bottom up”.   These models are used across a range of risks to help banks identify and manage the risks that they are running.  A very common model is a “Risk Matrix”.  It is a simple mechanism to increase visibility of risks and assist management decision making.  The severity of an event could be classified as Catastrophic, Critical, Marginal or Negligible.  The probability of an event occurring might be categorised as ‘Certain’, ‘Likely’, ‘Possible’, ‘Unlikely’ or ‘Rare’.  It is likely that the technical function that physically manages the Private, Partner and Public APIs will be documenting new risks from newly published APIs on their unit Risk Matrix.  The commercial function or functions that have line of business responsibility for API Monetisation and PSD2 compliance will probably be documenting different PSD2 risks a different Risk Matrix from a commercial perspective.  

    The initial risk model will have to correctly identify and maintain the correct number of Payment Accounts that must be exposed by law. Banks will need to ensure that new controls are designed and effectively implemented so that TPP Permissions can be revoked by End Users who hold accounts at the bank. API Related Complaints by End Users or by API Developers will need to be monitored as potential indicators of risk.   Managing data and privacy (both of customers and API Developers) appropriately in an Open Banking environment is a risk.  If an API is temporarily or permanently withdrawn, a bank will need to understand the implications of that action.    When significant actions or first-time processes are triggered by the end users, banks will need to be sure that Out of Band Challenges will go to End Users.  API Permissions with an expiry date will need to expire on the time limit. If there is a dispute over a potentially unauthorised payment through a Payment Initiation Service, banks will need to be sure that PSD2 is being observed and an immediate refund is triggered.  In the early days after PSD2, there is no “typical” or “average” number of risk events to guide a bank’s risk responses or risk appetites.  Banks will also be required under PSD2 to share information on security threats.   There will be guidelines for managing security incidents and the EBA will set guidelines on how to handle complaints.

    In the early stages of Open Banking, volumes will be low.  A key driver of the “severity” weighting that bank staff will use on a “Bottom Up” Risk Matrix will be both the volume and the value of the transactions that are traveling through this process.  Relative to the volumes that currently travel through a bank’s proprietary channels and the enormous values of payments through a bank’s Treasury function, the initial Open Banking traffic is likely to be initially classified as “Marginal”.  CROs may not see Amazon, Apple, Google, Facebook and Microsoft appear in the Overlay layer of TPPs in the first few months of the PSD2 and Open Banking regime.  However, it is probably a mistake to assume that all “Fintechs” are small and undercapitalised, thus unlikely to trouble a bank’s infrastructure with a surge of volume.  “Silicon Valley” TPPs will have pan-EU ambitions and have potentially large appetites for API consumption.  Crucially, EU banks could find that 80% of their installed base of customers already trust and actively use services from these giants. 

    We can reasonably speculate that the crooks and fraudsters that exploit opportunities in digital services could have their own “PSD2 projects”.  What sort of new attack vectors for fraudsters could exist in this new, more complex environment?  Fraudsters can read the new PSD2 legislation just as well as anyone else.  The fraudster knows that a bank has only one working day after a disputed payment to refund any unauthorised payment transactions generated by a TPP.    Fraudsters will know that banks will have to deal with potential payment reversals within the TPP process while an impatient customer has launched a fresh effort at the same payment through a traditional channel.   eCommerce or Mobile Commerce transactions that historically only appeared as Card transactions will start to appear as Faster Payment Scheme Credit Transfers, disrupting and confusing customer payment profiles held by banks. Fraudsters could start to watch for authentication and control differences between TPP processes and traditional processes, building up a trusted profile for subsequent exploitation on the other process.  Fraudsters will know that sensitive personal or authentication data extracted from unsuspecting TPP customers could later be used in a bank’s proprietary channels without the account servicing bank being aware of the initial breach.    

    In crude conclusion, the initial risk profile of PSD2 and Open Banking looks quite benign compared to some of the existential risks that banks face every day.   However, as PSD2 and Open Banking starts to gain market acceptance and volumes start to ramp up, the “banana skins” will come quite quickly.  CROs and Bank Boards will have to recognise that a new business strategy like exposed APIs has to be rigorously scrutinised for risk, whether this new business strategy is enforced by an EU regulation or not.  Banks will have to prepare for the new PSD2 and Open Banking regime without any tested and mature risk models. The blurring boundaries of the organisation make a “top-down” identification of material PSD2 risks a difficult challenge for the CRO.  Risks related to PSD2 and Open Banking will not be confined to one business unit, making the “bottom up” risk profile more blurred. At an industry level, there will be a period of time before a “sensitivity level” is established for the risk profile of Open Banking processes. The addition of 5% of a bank’s total payments volumes through TPPs in immature processes may be a “marginal” change in payments volumes but it probably does not represent a marginal change in the bank’s overall risk profile.  The structure of PSD2 means that Silicon Valley giants could arrive with very large volumes and effectively unannounced, without having any prior relationship with the API publishing bank. Fraudsters will know that the addition of new overlay services managed by TPPs is a radical change in business model and is completely different to the incremental addition a new proprietary bank channel (such as tablet, mobile or kiosk) using the same proven customer profile and control processes.

    In crude conclusion, the primary risk control for banks in this environment can only be a risk-aware culture.   Bank management will have to seize growth opportunities from APIs while managing risk, just as in all other processes.   The immaturity of risk classification models, industry norms and fraud detection models will mean that bank management will have to approach this arena from “first principles”.   As API volumes grow, clear and active communication within banks and within industry bodies about the various “banana skins” will be crucial.   innovators seeking to build partnership relationships with banks in the Open Banking era should also welcome tough questions from banks about their risk control capabilities.  If a bank is asking tough questions and paying good attention to likely risks in the TPP overlay layer, that bank is far more likely to be serious about building an ecosystem out of its payment


    [linkedinbadge URL=”https://www.linkedin.com/in/paulrohan” connections=”off” mode=”icon” liname=”Paul Rohan”] , the author of this post, is also author of “PSD2 in Plain English”.

     

    PSD2 in Plain English (Payments Landscape
    for Non-Specialists) (Volume 1)

     
  • user 12:40 am on August 4, 2016 Permalink | Reply
    Tags: , , , , , , Stocks,   

    Credit Suisse Report Explores Blockchain Impact on 14 Public Stocks 

    Research from financial services giant examines how the stock performance of incumbent financial firms could be impacted by .
    CoinDesk

     
  • user 12:18 am on August 4, 2016 Permalink | Reply
    Tags: Barzahlen, BillGO, , Pleo, ,   

    3 Fintech Startups to Watch: BillGO, Barzahlen, & Pleo 

    It seems like new show up daily, all vying for the top slot in the type of financial service they offer: want to find a P2P lending service? There’s dozens of startups for that. Need help with stock options or expenses? Well, there’s a few dozen startups forRead More
    Bank Innovation

     
  • user 9:40 pm on August 3, 2016 Permalink | Reply
    Tags: , , , Elliptic, LexisNexis,   

    Elliptic Partners With LexisNexis on Bitcoin Analysis 

    analytics startup has integrated with , a move that provides the startup’s clients with access to the vendor’s global money laundering database. The hope, the companies say, is to provide financial services firms with data on bitcoins transactions so that they can avoid interacting with parties tied to money laundering or other perceived to illicit activities. “By [&;]
    CoinDesk

     
  • user 7:40 pm on August 3, 2016 Permalink | Reply
    Tags: 60ae7d0370be, , copetition, , ,   

    Fintech-Banks Partnerships: Fair-Weather Friends? 

    AAEAAQAAAAAAAAelAAAAJGE1ZmU4YWFkLWU4OWMtNDM2Yy05MjlmLWI2ZDQzNTE0Y2Y0MA

    You have probably heard the term co-petition applied to the bank- relationships in which they do not only compete, but also cooperate on providing financial services and a better user experience. But how is this actually being implemented? Are we headed towards a collaborative environment in the near future? And perhaps more importantly, is this a win-win relationship, as it is usually described as? Some of these questions will only be answered as more real examples take off. So, for now, let’s start examining some of the arrangements already in place.

    Sharing the value chain?

    What looks clear is that are trying to fight back in every area in which they are facing disruption by new actors. Unlike some challenger banks (e.g. Number26 or Starling Bank) looking to build “banks as a platform”, traditional banks are used to owning the whole value chain, so they’re not eager to lose revenue from any of their businesses. In the words of Manolo Sanchez, chief executive of BBVA Compass:

     “There’s the much-talked-about discussion of utilities, where you have unbundling of the financial services value chain and banks are just providers of the rails. That would be falling into the low-value execution of this opportunity. We’re not so fond of the unbundling part of the fintech opportunity.”

    I guess it is true that banks are scared of Fintech firms that can escalate and challenge their revenue sources (let alone the potential competition posed by the huge tech giants). But this won’t keep them from cooperating with them in different business areas if they can extract some positive outcomes from such a relationship.                  

    So why would banks and Fintechs be interested in such cooperation?

    On the banks’ side, many of them are trapped in their own legacy structure. Although, as Chris Skinner describes it, “in reality, the problem isn’t just the [banks’] legacy system. It’s the legacy people and legacy customer.” But even more relevant is the fact that they “were built around products, rather than customers”, as Tom Groenfeldt puts it. 

    Under such a scenario, some of the characteristics of Fintech become very attractive since they are not easily replicable, for instance: the innovation culture, the ability to connect to millennials and the faster development cycle. That’s why Jamie Dimon, chief executive officer of JPMorgan Chase & Co., described the cooperation between banks and Fintech as “the kind of stuff we don’t want to do or can’t do, but there’s somebody else who can do it and do it probably well. So this is going to be collaborative”.

    On the Fintech side, these firms may find opportunities in leveraging banks’ customer base, deep pockets, trust and reputation.

    From acquisitions to partnerships

    Like many firms from different industries, banks also face the build, borrow, or buy growth dilemma. We’ve seen several banks acquiring Fintechs (e.g. Simple, Holvi, Fidor, etc.); taking stakes or injecting capital (e.g. Atom Bank, iZettle, Ripple, etc.); creating labs for developing their own products in-house; or staging competitions and hackathons that could foster similar kinds of interactions. However, although there has been some buzz around direct collaborations between Fintechs and banks, we actually find few examples of this sort of partnerships among these players.

    Focusing on the latter, we may find heterogeneous terms and conditions in place under the “” label, which implies that neither the goal nor the outcome of the collaboration are identical. We could classify them as follows:

    1. Cross-referral agreements: Both the Fintech firm and the bank refer their customers directly to each other’s platforms depending on the client’s profile.
    2. White label agreements: Banks use the Fintech firm’s and offer its product through their own platform (without disclosing the Fintech company’s name in the whole process).
    3. Full integration agreements: Banks offer a Fintech platform and product, fully integrating them into their own platform. 

    Moreover, beyond the differences and specificities of each type, there is a clear trend towards a prominent role played by APIs in such agreements. But let’s examine some real examples to grasp better how this is being implemented.

     J.P. Morgan – OnDeck

    J.P. Morgan is the largest US bank (Q3 Revenue ‘15 $23.5 billion) and OnDeck is a US Fintech (Q3 Revenue ‘15 $67 million) that provides loans to SMEs through an automated lending platform.

    This “David and Goliath” deal could be categorised as a white label agreement, since J.P. Morgan is using OnDeck’s technology to give quick approvals and funding for small-dollar business loans, while the loans are J.P. Morgan-branded and appear on its balance sheet. So, OnDeck, which is invisible to J.P. Morgan customers, receives origination and servicing fees on each loan.

    Through OnDeck’s technology, the bank gathers data about a business’s operations and SME customers are pre-screened by an algorithm that determines loan eligibility (OnDeck is prevented from pitching its loans to borrowers that J.P. Morgan rejects). In the end, some of them are invited to apply for loans of up to $250K.

    This adds value for both partners. J.P. Morgan expands its share with business clients who want smaller loans while OnDeck could benefit from a huge revenue boost (and use data from the partnership to improve its lending models). 

    Santander UK – Kabbage

    Kabbage is a US Fintech that provides loans to SMEs through an automated lending platform and Santander UK is the British subsidiary of the Spanish Santander Group. One of the distinctive features of this partnership is that Kabbage was previously invested in by Santander through a $135-million Series E round in October via its fund InnoVentures.

    Although they are still in the pilot phase (they started in April 2016 and we still don’t know how exactly it will crystallise), this seems yet another type of white label agreement. What we know is that Santander will offer working capital loans of up to $100,000 within a matter of hours to its SME customers in the UK through Kabbage’s platform. Right now, they are fine-tuning the platform’s lending algorithms before Santander’s pilot customers are tested.                        

    Whereas Kabbage offers the technology, i.e. real-time risk modelling, and cross-reference data against multiple external sources (the approval times vary from 20 minutes to 13 hours and the interest ranges from 8%-20%), Santander provides its large SME customer base, its trusted reputation, its UK payments infrastructure and its understanding of the requirements of UK businesses. 

    ING – Kabbage

    But before partnering with Santander, Kabbage had already closed a similar deal with ING Bank. Again, Kabbage brings the technology, while ING brings funds and customers.                                                         

    This is a white label agreement in which ING targets Spanish SMEs, with Kabbage’s participation also invisible to ING customers. The service was launched in November 2015 and is still in place. 

    Under the product name Crédito NEGOCIOS 10’, the potential client needs to fill in a short form on ING’s website (answered within 10 minutes) and may apply for anywhere from €3,000 to €100,000 in financing.

    Santander – Funding Circle

    This older partnership between Santander and Funding Circle (the UKs biggest marketplace lending platform) would fall under the cross-referral agreement category.

    Since 2014, Santander has been referring small business customers looking for a loan to Funding Circle, for those cases in which the Fintech firm is better placed to help. These referrals have taken place on Santander’s website and in letters to customers.

    On Funding Circle‘s side, it has signposted borrowers to Santander “where they require day-to-day relationship banking support or other services that the bank can offer, such as international banking expertise, cash management and support for growth”. 

    BBVA Compass – Dwolla

    BBVA Compass, one of the US leaders in digital banking, has arranged partnerships with different Fintechs (such as FutureAdvisor and eCredable), the most prominent of which is the agreement with Dwolla.

    Dwolla is a US real-time payments processor that bypasses traditional networks through its FiSync protocol. It aims at correcting the fact that the US lacks infrastructure and the rails to provide real-time payments.

    BBVA Compass is the first major bank to have joined Dwolla’s network, directly suggesting its clients sign up with Dwolla so they can make real-time money transfers to other people or businesses through their BBVA checking accounts. 

    In conclusion, we can expect many different kinds of partnerships between banks and financial technology firms to emerge in the following months. Given the different ways in which these may crystallise, establishing a win-win relationship will greatly depend on the details of each of them.

    To go back to Kantox, we are already exploring “Full integration agreements” with different global banks. In a nutshell, we have developed very innovative products like Dynamic Hedging that banks are unable to develop or copy fast. They know that these products bring huge value to clients and that thanks to them we now have a very unique positioning in the market.


    [linkedinbadge URL=”https://www.linkedin.com/in/philippegelis” connections=”off” mode=”icon” liname=”Philippe Gelis”] is CEO at KANTOX, disrupting the financial industry and this article was originally published on linkedin.

     

     
  • user 3:40 pm on August 3, 2016 Permalink | Reply
    Tags: , , Medici, , , ,   

    Overstock Taps New Lead for Medici Blockchain Project 

    chairman of the board Jonathan Johnson will now serve as president of , its division.
    CoinDesk

     
  • user 12:18 pm on August 3, 2016 Permalink | Reply
    Tags: Alps, Birthday, , , , , ,   

    Happy Birthday Switzerland: Searching for Crypto in Valleys and Alps 

    Image courtesy Eiger Hotel Today is Swiss National Day, so although Daily is a global business and we do not take sides in the Fintech Capital of the world debate, today is a day to celebrate all things Swiss. First, a personal note, I chose to live here forRead More
    Bank Innovation

     
  • user 12:40 am on August 3, 2016 Permalink | Reply
    Tags: , , , , ,   

    Microsoft Brings Blockchain to Azure Testing Environment 

    is now making its -as-a-Service (BaaS) offering available to all users of its .
    CoinDesk

     
  • user 12:18 am on August 3, 2016 Permalink | Reply
    Tags: , , , , , ,   

    MasterCard and Visa Join ClearXchange Realtime Payments Network 

    has gone prime time with the addition of and to the . Today, Early Warning, which owns clearXchange, expanded its realtime payments network by adding both the Mastercard Send and Visa Direct platforms, a move that will allow nearly every U.S. debit card holder to send andRead More
    Bank Innovation

     
  • user 9:40 pm on August 2, 2016 Permalink | Reply
    Tags: ‘Federation’, , , , , , ,   

    Bitcoin Smart Contract ‘Federation’ to Launch With 25 Startups 

    25 companies plan to federation to support new applications of the previously dominated by ethereum.
    CoinDesk

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel
Close Bitnami banner
Bitnami