Before arriving at the Excel Exhibition Centre in London for Sibos 2019 Day 3 on 25th September 2019, a press release detailing some good news from Bottomline Technologies dropped into my inbox.
The press release says that new digital bank Vive is set to deliver real-time payments to its future customers on day one of trading. The faster payments solution is Software-as-a-Service (SaaS) based and was launched in July 2019 in partnership with Starling Bank. It embraces API-led technology, alongside Starling’s banking licence, to create a 24x7 direct connection to the Faster Payments Scheme (FPS). The service will enable Vive to meet customer expectations by delivering a fast, secure, and trouble-free experience. Nick Anthony, CEO at Vive commented “As a new player in financial services, we understand that outstanding customer service is key to our success.”
The innovative technology removes the cost and complexity of direct access projects, the ongoing overhead of managing the Scheme and avoids the challenging development and service inertia. The new service from Bottomline and Starling means that 24/7 instant payments, across different rails, will be included in Vive’s customer proposition from day one, and will deliver a highly competitive service to the market.
It’s a perfect example of bringing open architecture technology and collaborative partnerships together to deliver winning solutions to the market.
With a plan to launch in 2020, Vive will serve customers who currently find it difficult to access affordable credit. This fits into the topic of financial and social inclusion that was discussed across Days 1-3 of Sibos. You can read further details about the deal online.
Technology Innovation and Transformation
Over the course of Day 3 at Sibos, regulatory compliance and standards such as PSD2 and ISO 20022 remained a key topic. In the first panel session: ‘Technology Innovation and Transformation – Friend of Foe?’ panellists from the likes of KPMG, NatWest, RBS and the Reserve Bank of Australia, reminded delegates that payments start and finish with the customer. Oliver Kirby-Johnson, a partner at KPMG, added that this fact is often overlooked to the extent that it is frequently forgotten. With standards in mind, the panel said that payment systems must be configurable to the new rules. There is also a need to provide certainty of investment timelines. With certainty it’s possible to take advantage of transformative technologies and to align with standards. It was argued that central banks have a role to play in this, and that they can help the momentum to adhere to the new standards and encourage the implementation of new, compliant technologies.
Ian Povey, CIO for Payments Technology at RBS, called for clarity on the available payments opportunities across the value chain. He believes this may require a mind-shift to deliver faster and cheaper payments. The basis of this is innovation, which may demand cultural changes to be made – including more openness and data sharing.
This new culture needs to be right from the start, otherwise the change management processes will become difficult to achieve. It may even require a move away from principles-based regulation to consider certain specifics. Given the need for change, the panel stressed that transformation is tough, arguing that the prerequisite of success is to design systems and processes to fail – without which there can be no innovation. This is simply because as humans we tend to learn more from failure than we do from success, and nothing changes without failing first.
The Spy Who Taught Me
Technological and organisational change was also a theme in the Plenary Room’s session, with Dame Stella Rimington – a former Director-General of MI5. She revealed that the core intelligence gathering practices haven’t changed since the 1970s. They involve the interception of communications and eavesdropping. However, surveillance methods have evolved dramatically with advances in technology. The means of surveillance are far broader, and more varied that they were in the 1970s. It is now often based on everything from emails, the web and texting to social media and phone calls.
Although technology offers a faster means of intelligence gathering, she says there is still a need to be careful by fact-checking before making decisions. However, there are times when technology is used to make more instant decisions – such as the threat of an imminent terrorist attack, requiring the intelligence services to act immediately to protect the public. Technology can be used to assist in decision-making, and to provide supporting evidence for decisions that have to be made without the usual high level of due diligence. Speed can therefore be a prerequisite, but in normal circumstance the focus is on “getting the data right.”
The theme of security continued in a cyber-security plenary. Cheri Maguire, Group CISO at Standard Chartered Bank, said that while cyber-criminals are becoming more and more sophisticated, there is still a need to focus on foundational basic hygiene. The security factors involved with protecting banking and payments organisations (as well as their partners and their customers) must be tightly controlled to avoid being compromised. This danger hasn’t gone away.
Security measures go beyond transactions alone. Bottomline tweeted about an incident where “The largest cyber-attack in the US was on Target. It had nothing to do with its employees, it was the air conditioning contractors who hadn’t reset the password on the software.” Managing contractors and partners is as important as training employees to avoid data breaches, or worse.
Sian John, EMEA and APAC Director of Cybersecurity Strategy at Microsoft, claimed that only 3% of her customers have multi-factor authorisation in place. She therefore calls for more training and the implementation of basic controls to fight against cyber-crime. The trouble is that regulations are often used as a reason for putting privacy ahead of security. The European Union’s General Data Protection Regulations (GDPR) were given as an example. With expressed written exemption, personal data can be shared “if it is in the interest of securing the organisation or the broader ecosystem.” Conversely, data breaches can lead to some particularly harsh fines. As closing advice, the panel advised banking and payments organisations to develop partnerships in cyber-security. They were also asked to change their mind-set by putting security first and by seeing cyber-crime as a business risk. It was also emphasised that nobody should use their dog’s name as their password. The trouble is that passwords have become so hard to remember these days that people spend too much time changing them. Biometrics is perhaps therefore the answer.
Moving on, Geoff Tunbridge – Director Solution Consulting for APAC at ACI Worldwide, talked about real-time payments. He discussed the state of play, the lessons that have been learnt and how to make money from real-time payments. He warned that having a real-time payments scheme doesn’t automatically translate into instant success. Clear use cases are essential, with regulatory compliance and the integration of standards being vital. He argued that it is also imperative to have overlay services “to create value that customers will pay for.”
According to VocaLink, “overlay services can be defined as any payment service that connects to a clearing and settlement infrastructure, and in most cases add greater functionality for users. These services are likely to be tailored to particular contexts and/or types of customers.”
Tunbridge said the UK is seeing steady adoption of real-time payments. Yet in many markets the overlay capabilities haven’t been adopted. He therefore calls for a drive towards their adoption. Meanwhile, in Australia he thinks there is a need to de-risk the system by encouraging people to move away from debit and credit cards, although it’s likely to take some time to achieve. In India the focus is on cash, but in terms of faster payments it has developed its own standards. Regardless, the key for change is to understand the use cases for open-banking and real-time payments. The opportunity for them both is potentially huge.