What about something like two-factor authentication (2FA) for Internet banking? Who's in charge?
For two-factor authentication--because it kind of started in Singapore with the Monetary Authority of Singapore (MAS) making it a requirement--that came through me, and I ran the project steering committee. I initiated the project with our Internet banking applications team, and we interfaced with the regulator and the business team, to understand what we needed in order to comply with the regulatory requirements, and what we needed to support the business.
The information security team was also roped in as well to look at the way in which we could implement 2FA. They determined and confirmed that the solution we put in place complied with their requirements as well as the requirements stated by the MAS. So then the development was the responsibility of the applications team, which reported back to me because I ran the project steering committee for 2FA.
How big is your technology team?
The operations team, about 500 people, report directly to me. But in the technology world, it's structured differently. Because Standard Chartered is a global bank, our technologies, infrastructure and applications are all global in nature. As a result, in Singapore or any country for that matter, the CIOs do not have a big technology team. They have a big operations team, but not a big technology team. So I have only eight people in my technology team, and they do not develop anything. They will work with the business to understand the requirements and then liaise with the different application leaders, who each has a team.
Likewise, if there's a technical issue like the network is down, there are procedures on how the issue will be escalated to the relevant parties. So these eight people that I have are primarily risk or service managers. They manage service, they manage risk and they manage change.
What are your IT priorities for 2007?
The priority for IT and operations is to support business growth. Standard Chartered has grown significantly over the last five years. Our consumer and wholesale bank businesses are growing at a significant pace and that is through: one, the sheer increase in business volumes and; two, the new streams of businesses. So launching new products is in line with our strategy for growth and to deepen the customer relationship. But it's also not just from a product angle, but a volume angle. It's about speed to market, it's about creating new capabilities to support the business, and I think scalability is really a key word in the operations and technology agenda at this stage.
Is scalability about cutting costs?
That's important because of two things. First, scalability helps us become more efficient from a unit cost perspective. Imagine doubling my volume and likewise doubling my cost. That's not a sustainable business model, and the challenge is in doubling the volume without proportionately increasing my costs.
Second, it is not just about costs but really from a whole sensibility, sustainability front. If my volumes double, it's not possible to keep throwing bodies at it. Where are we going to find people trained in time? So it's really about unit cost and speed to market.
So where is the organization at with respect to this? Are you happy with the current situation?
It's an evolution. I don't believe we'll ever be at a stage where we say we've done everything that we can do. But if we look at what Standard Chartered has gone through in the last few years, we've built a pretty scalable and robust model, and that's how we've done so well in terms of profitability and revenue. But if you ask me if we've room to grow, I say definitely.
Let me give you a flavor of what we've done and where else we can go forward to. When we look at the evolution of the entire technology and operations model over the last 10 to 15 years, there've been significant changes. One is really about centralization, process reengineering, simplification, outsourcing and hubbing. Leveraging our network and hubs is not just to leverage on the lower cost arbitrage, but more importantly, to create scale. So these are some of the things that we've done over the years and have quite successfully helped us get to a reasonably efficient model.
How automated are the processes right now?
We have begun to automate some areas, and I believe automation is the way to go to build a scalable model. But we're at a different stage of automation for different products. Take the global markets products, for example, which is quite scalable. The sheer amount of trades that go through the dealing rooms is supported by two processing hubs. All the trades and data get captured in the front-office, and are automatically pumped through to our back-office systems and also processed straight-through to our counterparties, with exceptions of certain transactions. So we have achieved a higher throughput, with only a team of two hubs, managing and handling only exceptions of the world's FX (forex) volumes.
Compare this with 20 years ago, where people ran around with dealing slips and manually keyed in data, today it's all automated. But there are some processes that are semi-automated, and there are extreme cases of some pretty manual processes, too. So we are still evolving, and if we want to create a more scalable model, we'll have to think how to automate more of these processes.
Interestingly, technology has progressed. I had ideas 10 years ago, which couldn't work because the technology was just not advanced enough to support it. But 10 years down the road now, I've seen things that didn't work in the past but are working pretty well now.
Take for example, OCR (optical character recognition) and ICR (intelligent character recognition) technology. The accuracy of these technologies were not quite acceptable years ago, but they've improved a lot where today I can simply take a single paper document, scan it, and convert it to digital format. Once you convert hard paper documents to digital format, it becomes very flexible and opens up possibilities. So it's interesting how we've seen technology evolved and how we should never have thrown away some ideas because down the track, some breakthrough in technology could allow what couldn't have been done in the past, be possible now. So if you ask me about the direction and where we're going, I'd say well we're not there yet because there are still pockets of areas that are not as automated as I'd like them to be.
With greater automation and everything going digital, how paranoid are you about information security?
For Standard Chartered, we definitely take information security very seriously. We have a dedicated information security team that constantly keeps tabs on the latest threats in the industry. They will also be the ones who come up with standards and tools to guide our technology people. We need their endorsement for every new application or infrastructure that's being built or designed.
So are we paranoid about it? I don't know if paranoid is the right word to use, but we certainly take security very seriously.
What would be your biggest nightmare? What phone call would you not want to get?
Anything that has a customer impact is what will worry me most, and this could come in all shapes and forms. The worst part would be things that happen beyond our expectations or our control, because things that are within our control usually do not take rocket science to iron out. One example is the Taiwan earthquake on Boxing Day last December. A lot of people were not around, and when the earthquake happened... that created a real issue for not just us. The Internet and the trading floor were disrupted, Bloomberg was down, Internet banking was down... So where there is customer impact for whatever reasons, these are the calls I don't want to receive.
What was the first thing that came to mind when you heard about the quake?
When it first happened, it was down to the question of customer impact. How do we help manage our customers' requirements? Therefore, we had to react very quickly and to advise customers what they could do. For example, our e-Saver product allows the customer to transact only on the Web, so they cannot draw money from the branch. But when a disaster like the Taiwan earthquake happens, this is when we need to give them an alternative route to conduct their transactions.
Since then, have you taken additional measures to be better prepared?
Yes, we have, although I'd say that we weren't that badly impacted back then. Our core banking systems and branch counters were not impacted at all. It was primarily Bloomberg and the ISPs that were down, but what we've done since is we've increased our resilience of our international network and gone with alternative service providers. So we now have two international world-class providers and that effectively mitigates the risk from future communication disruptions.
Tell us something that few people know about you.
There's probably a lot [Shee laughs]. When people look at me, the first impression is 'oh he's a CIO, he's probably only got time for science and technology, the latest gadgets, and is constantly looking at risks, etc'. That could be a stereotype.
What many people probably don't know is that I started off as a science student and thought about being a doctor and a lawyer. But in university, I decided to switch to the arts and social sciences and I studied economics and philosophy. What people know very little about is that although on the surface I'm very interested in science and always looking ahead at changes, I actually have a deep interest and passion in history and philosophy.
So if I was not a banker, I could have become an historian or even an archaeologist--reason being that I do find history fascinating. You'll find that I don't have a lot of gadgets in my house--I have gadgets that I need to use--but you'll find a lot of antique clocks. But on a serious note, I am interested in history, because although I believe science is important because it gives us knowledge about what we can do and how to make our lives better, history and philosophy give us a lot of wisdom to decide not what to do, but how to go about it. It's putting context around things.
Play video
» Storage blades for rapid data growth
Full disclosure: Klint Borozan is SVP of Positive Networks.
Everyone agrees the time has come to roll out two factor authentication for on-line banking transactions. The challenge on the part of the bank, on-line payment systems, on-line equity trades, has been the cost, training, acceptance, and logistical nightmare of deploying tokens. In a financial insights article, 80% of survey responses indicated they understood the need for tokens and two 2FA. However, 74% indicated they found it troublesome to use and manage. Thus, the data concluded that tokens were inhibiting on-line banking. Novel ideas such as Phonefactor have simplified the 2FA problem for web transactions, and go farther in feature development to offer real time fraud alerts to immediately lock out violators. Go to phonefactor.net for a demo and free version.
Posted by Klint Borozan on Thursday, January 10 2008 04:36 AM