Tech transition proves a tough act for banks

– By Supratim Adhikari

Westpac chief executive Brian Hartzer’s carefully laid out plans to leverage new technology to cut costs and transform the bank’s processes now lie in tatters, as the bank’s management digs in to contain the fallout from the allegations levelled against it by Austrac.

Less than two weeks ago, Hartzer was touting the use of real-time data and artificial intelligence to boost services at an IBM event in Sydney.

“I am incredibly excited about how our business is going to look dramatically different in the next three, five, seven years as we go through and re-architect the whole thing,” he said.

Modernising the IT infrastructure is an absolute must and all the banks are spending big. Westpac alone spent $2.3bn on technology in the 2019 full year as it digitises its services. However, the cost of compliance is also rising for the banks and, as the banking royal commission highlighted, there are gaps in record keeping, monitoring of transactions and processing of data as banks scramble to allocate stretched resources.

May Lam, former head of technology at AMP and chief information officer at fintech Assembly Payments, says technology transformation at the big four major banks are a multi-year endeavour, with an intense focus on cost.

“IT transformation usually runs as a multi-year program with various levels of governing bodies for decision forum, which involves a large group of stakeholders,” she says. “Each year, it typically starts off with an annual business strategy and investment prioritisation process across the business, where spend on IT is weighed up against spend in other key business areas.”

Speed of action, according to Lam, is the major challenge.

“All major banks operate in a very structured and hierarchical governance structure, and this may slow down the decision-making processes,” she says. “There are many other factors at play that slow down change, such as aged infrastructure, shifting operation costs and thinning margins.”

Despite most IT transformational projects taking multiple years, funding for IT projects is not guaranteed and allocated annually.

When it comes to payments, the banks have traditionally focused on the back end of the systems and have only recently started to assert themselves in a bid to build a direct relationship between them and their customers. Melding the back-end systems with the customer-facing online products is another severe pain point, according to Lam.

“The back-end systems are mostly aged and heavily depending on the internal limited subject matter experts to maintain the systems,” she says. “Such tech stacks are hard to attract talents; modernisation can be costly and risky.”

Competition for funding internally and shifting priorities (cost vs compliance) remain a major challenge for the big banks and the issues at Westpac, and at Commonwealth Bank in 2017, highlight how easily things can go south, especially when it comes to risk management.

One example of this is borne out in Austrac’s statement of claims against Westpac. Rather than use the existing Society for Worldwide Interbank Financial Telecommunication (SWIFT) network, which provides more transparency on payments, including information about the payer and the payee, Westpac decided to take a different route.

“Westpac considered that the SWIFT payment network was costly and not an efficient means of sending low-value, large-volume payments for clients of global banks that need to make and receive payments around the world,” Austrac said.

The bank opted to use Australasian Cash Management (ACM) arrangements, which allow correspondent banks to use Westpac’s infrastructure to process payments for their overseas customers through the Australian payments system. It may have been a more cost-efficient solution, but it came at a cost.

“Instructions sent through the non-SWIFT ACM arrangements do not contain the full information required by the SWIFT guidelines and involve lower costs than instructions sent through SWIFT,” Austrac said.

Financial crime audit, risk and compliance software provider Arctic Intelligence’s founder, Anthony Quinn, says Westpac’s troubles highlight the need for Australia to implement mandated independent audits of AML/CTF programs, at least every two years, or for systemically important or high-risk businesses every year, to reduce the chance of major compliance breaches going undetected or undisclosed for years on end.

“In Australia, there is currently no mandated independent audit review requirement to assess the design and operational effectiveness of the control environment and that is a massive flaw,” Quinn says. “We should not be surprised that without these checks and balances that major compliance failings can be festering away undetected for years”.

He says regulators in Australia seem reluctant to introduce mandated independent audit requirements every two years, like many other countries including New Zealand, which has in turn bred complacency and general apathy towards complying with AML laws in many of the 14,700 regulated businesses in Australia.

In a race to modernise IT systems so as to beat rivals to the punch on new services, Westpac and its peers have left themselves exposed on compliance.

Read the original article at here.