We’ve all been there – waiting for an elevator amongst a crowd of strangers, all absorbed in their smartphones, checking their email, Facebook, Twitter or Instagram.</p> That’s the scenario that Commerzbank group chief information officer Stephan Mueller asked delegates to consider at the packed Technology Forum on the opening morning of Sibos 2015 Singapore. It’s the acid test of relevance in a digital age, and a question Commerzbank has studied closely: How to penetrate the small group of apps that consumers access on a daily basis?</p> “It’s very important that we become really relevant to the consumer on mobile devices – we have to be part of that space and deliver indispensable information and tools. When our customers wake in the morning, we need to be one of the apps they check first,” said Mueller.</p> For most banks, this is a work in progress and it requires a multi-disciplinary approach that brings together innovative content and functionality with efficient and secure back-office processes and identification mechanisms.</p> The first step for both users and providers may be to become more comfortable with the basic concept of digital identification. This extends beyond the use of usernames and passwords to access apps and websites, and into the more psychological domain of creating an online identity. </p> As noted by Sean Gilchrist, managing director of commercial digital at Lloyds Banking Group, many of us use multiple identity documents for different processes in the physical world, which typically allow us to maintain a clear distinction between our social and professional lives. That distinction doesn’t exist online.</p> “In the digital world, everything is much more accessible by everyone, and you can’t compartmentalise life as easily as in the physical world. People are becoming much more protective of their data, and that’s where the challenge of digital identity really starts,” said Gilchrist.</p> From innovation to invention</strong></p> Inside many of the world’s largest banks, the rise of blockchain now consumes the attention of technologists as the industry begins to explore the potential security and efficiency benefits that might be afforded by distributed ledger technology.</p> While many banks have been conducting their own research, it’s widely agreed that banks need to work together to identify and develop specific use cases for distributed ledgers. New explorative consortia such as R3, which counts 22 banks as its members, highlight the industry’s growing commitment to blockchain. </p> “The key question is how to get from innovation to invention. We have been looking at use cases for distributed ledgers, but they need to come with business cases. That’s quite challenging and it’s better to do it together as an industry rather than in isolation,” said Mueller of Commerzbank, one of the R3 banks.</p> That view was shared by Rashik Parmar, lead cloud advisor for Europe at IBM, who argued that the centrally distributed nature of blockchain could allow banks to rebuild the transparency and trust that has been eroded from the banking sector in recent years.</p> “Blockchain is really about taking any process that spans multiple organisational boundaries and creating a transparent, trust-based ledger with a high level of security. But this won’t evolve in a sustainable way through a single entity; it has to be a collaborative venture,” said Parmar.</p> As game-changing as blockchain may ultimately turn out to be in the evolution of financial technology, few Sibos delegates will have left the two-day Technology Forum in a wholly optimistic mood, as its agenda balanced discussion of opportunities offered by technology innovation with a sobering analysis of current threats.</p> In particular, a number of sessions touched on the difficulties of maintaining constant availability for users, as well as the impact of cyber-crime.</p> While the need for 24/7 availability is now widely recognised, preventing downtime isn’t straightforward, as incidents are an inevitable consequence of rapid change to technology and infrastructure, which is one of the few constants in the digital world. Creating a culture that focuses on building resilience into applications from the outset is seen to be critical, as is managing capacity.</p> “An important part of resiliency is capacity and scalability. Moving away from dedicated physical hardware for applications into a more virtualised environment is therefore essential. Banks need an elastic infrastructure that allows them to scale without compromising availability,” said Torsten Pull, CIO of core component technology for global transaction banking at Deutsche Bank.</p> Existential threat</strong></p> The prevalence of cyber-attack poses an even more menacing threat to system availability. Banks and financial market infrastructures operate as part of large and complex networks, so if cyber-crime can compromise those networks by intercepting payments and transactions, it poses a risk to financial stability, warned Coen Voormeulen, director of the cash and payment systems division at De Nederlandsche Bank.</p> “It’s very important that financial institutions gather proper intelligence about cyber-threats, enhance their internal testing and make sure they are in a position to recover from integrity attacks quickly and safely. In many cases, this needs more attention at the board level than it is getting,” said Voormeulen.</p> Here again, there could be benefits in greater collaboration and information-sharing to combat the threat of cyber-attack. Speakers and delegates shared the view that there is no competitive advantage to be gained from building stronger defences than rivals – and that sharing details of even minor threats could pave the way to their elimination.</p> Cyber-risk has risen fast up the industry’s agenda in recent years to keep pace with evolving threats. An international group of regulators chaired by Voormeulen will publish detailed guidance on cyber-resilience for financial market infrastructures in the coming weeks. But speakers at the Technology Forum in Singapore suggested that the industry still has a long way to go to properly deal with the threat.</p> Cyber-resilience is not just about securing systems and sharing intelligence; nor is it only about testing recovery mechanisms and making sure business can’t be stalled for longer than a few hours. It also requires new ways of thinking about technology and business, and the recruitment of experts who can come up with mechanisms to properly price and model cyber-risk.</p> “We are the first generation of bankers to deal with this threat category and it’s an existential threat if we don’t get it right. If financial stability and customer confidence are eroded, and if the integrity of our channels cannot be fully trusted, then our industry becomes something less than it has always been,” concluded Murray Walton, chief risk officer at technology vendor Fiserv.</p>