Bank 4.0 Page 10

  One of the key attractions of this architecture—and I’m sure that I am not the only person who thinks this—is that it gives an expectation of redress in the event of inevitable failure. Things always go wrong. What’s important is what the structures, mechanisms and processes for dealing with those failures is. If some fraudsters take over my bank account and use my identity to create a fake profile on a dating site, then I’d expect the bank to have mechanisms in place to revoke the tokens and inform both the dating site and me that such revocation has taken place, without disclosing any of my personal identifiable information. This is important, because PII is in essence a kind of toxic waste that no companies really want to deal with unless they absolutely have to. Under the new provisions of the General Data Protection Regulation (GDPR), the potential fines for disclosing personally-identifiable information (PII) without the consent of the data subject are astronomical. Hence the complete cycle needs to be thought through, because it will be crazy to have an infrastructure that protects my personal data when the system is operating normally but gives it up when the system fails, or when we attempt recovery from failure.

  To see how banks are beginning to take advantage of the new opportunities in this space, let’s have a quick world tour to examine what Barclays are doing in the UK, what itsme is doing in Belgium, what Toronto Dominion are doing in Canada and what the Commonwealth Bank of Australia (CBA) is up to down under.

  Barclays are one of the “identity providers” for the British government’s identity service. In order to use this service to access a variety of government services online, you have to first create an online identity. To do this, you can choose one of a number of private sector organisations to validate your personal details and bind them to the online identity. Barclays is one of these organisations. To date, this scheme has met with limited success, since there are few places to use the government identity, but Sarah Munro (Director of Information Propositions at Barclays) says that it is a model that will develop.

  In Belgium, the itsme service3 launched in 2017 shows a very different approach. It’s a very interesting collaboration between the Belgian banks and Belgian mobile operators: Belfius, BNP Paribas, KBC/CBC and ING working with Orange, Proximus and Telenet. To use this, you download the itsme app and verify your identity (which is easy in Belgium, since everyone already has an eID card), then use it to log-in to participating websites. To begin with these sites are (as usual!) tax filings, but insurance companies and retailers are joining the program. Soon, users will be able sign official documents using their mobile phones and have secure remote access to a wide variety of systems. The combination of the identity, the SIM and the app delivers a very secure and reliable environment. To be completely honest, I don’t understand why banks and mobile operators were not co-operating in this way a decade ago!

  The leading Canadian banks (including BMO, CIBC, RBC, National Bank, Scotiabank and Toronto Dominion) are part of a nationwide consortium4 developing a sophisticated digital identity infrastructure to bring security and convenience to their marketplace. As in the case of itsme, customers will use the service via an app, but in the Canadian scheme the trusted credentials are stored on a shared ledger built using IBM’s blockchain service (implementing Hyperledger Fabric). The scheme uses a “triple blinding” implementation so that the people relying on the trusted credentials and the people providing these credentials never see each others’ identity.

  CBA have begun a pilot service with Airtasker to provide verification services. In the growing “gig economy” it is a significant step, because providing identity infrastructure to these marketplaces is a way for banks to be involved in the transactions. Airtasker is an Australian online community, similar to Task Rabbit in the US, where people and businesses can outsource tasks (eg, build my IKEA furniture for me!). If you have an Airtasker profile you can go through the CBA verification process and the system will add a badge to your profile. The badge tells people that CBA know who you are. It does not give away any personal information, it merely tells prospective users of your skills and time. This simple expression of reputation gives comfort to these prospective users and illustrates a central point about the coming collaborative economy, which is that reputation is much more important than identity (and it is much harder to counterfeit). Banks ought to obtain significant advantage as infrastructure providers here, because the collaborative economy stakeholders do not want to have to create their own identification, authentication and authorisation infrastructures. This not a purely technological perspective. As the Financial Times reported way back in 2014, British banks believe that they have a future role as repositories of digital identities (Davies, S.: “Banks want to keep your digital ID in their vaults”, Financial Times, 2nd September 2014).

  I hope these examples illustrate the potential market for bank services in the digital identity field, but it isn’t all about profits. One of the reasons why we should want regulated financial institutions to provide the digital infrastructure is because that infrastructure will form an essential element of a sound strategy for the financial sector as a whole. Right now, we don’t want criminals and terrorists obtaining bank accounts, we don’t want drug dealers and corrupt politicians to be able to shuffle money around the system, and we don’t want our institutions to be subverted by dirty money. Therefore we let the banks have certain privileges, but in return we ask them to shoulder the burden of knowing your customer (KYC), anti-money laundering (AML), counterterrorist financing (CTF) and the exclusion of politically exposed persons (PEPs).

  Incidentally, a major problem for banks is that the costs of the current approach are absolutely unsustainable and with new anti-money laundering regulations on the way, they are going to get worse. Perhaps it is time for some thought experiments around alternatives, exploring where RegTech might create new mechanisms for monitoring money flows. Hence we might reflect on an apparently radical alternative: rather than try to keep people out of the system, we could do everything possible to get everybody into the system. Why? Well, because when people are excluded from the system you have absolutely no idea what they’re doing. This is very evident in the case of the “de-risking” of money transfer services in key remittance corridors. A good example is the UK–Somalia corridor, which was the subject of detailed study and comment in the British Parliament. As part of the de-risking the banks withdrew services. The result was not, of course, that money stopped flowing to Somalia with some of it ending up in questionable destinations. Instead of the money flowing through electronic channels where we could at least monitor what was going on and have some potential to discover what the bad guys might be up to, the cash moves in suitcases out of Stansted Airport—and nobody has any idea what is happening, with no opportunity to track or monitor criminal behaviour.

  But. And this is a big but… There is no inevitability about this bank-centric vision. On the contrary, it is entirely possible to construct an alternative view that is based not on banks and bindings and regulated financial institutions, but on big data, artificial intelligence and a more inclusive view of the world.

  Let’s go back to that internet dating example, because it’s useful to explore. I go to the internet dating site and create an identity. During this process, the internet dating site asks me to validate my identity. I go to Microsoft, Amazon, Facebook, Apple or Google and log in, and get bounced back to the dating site with a cryptographic token that says that (for example) Amazon knows I am over 18 and resident in the UK and, crucially, that Amazon will accept liability to a maximum amount if either of these credentials turns out to be incorrect. Amazon can be pretty sure about these facts because, apart from anything else, Amazon has access to my bank account because of open banking initiatives. Amazon also knows everything I buy, where I am and when my salary gets paid into the account. They can give the dating site a pretty accurate picture of me, without disclosing any PII. And they can allow the dating site to bill against the token if necessary.
>
  There is, as the World Economic Forum made clear, a role for regulated financial institutions here (“A Blueprint for Digital Identity—the Role of Financial Institutions in Building Digital Identity”, World Economic Forum: Geneva, 2016). However, digital identity does not offer the right to banks to exploit it. If banks do not offer digital identity services that are relevant to the post-industrial revolution, they won’t simply miss out on the opportunity to offset some of their costs with some revenue generating (and generally useful) new services. Instead, they will cut themselves off from the sources of data that they need to feed their artificial intelligence engines of the future. They will not be able to do risk analysis or information management of any value, and access the vast quantities of information, relationship and reputation data that are needed to feed the voracious appetites of the machine-learning behemoths that will be at the heart of the next generation of banks. Digital identity should be central to bank and regulatory strategy moving forward. Without it, you’re not just a number, you are nobody in the digital world.

  Endnotes

  1Although recent Facebook problems may lead towards increasing regulation over data usage.

  2Why the police are worried about my dating website is a whole other story.

  3See https://www.itsme.be/en.

  4Called Secure Key (https://securekey.com/).

  Part 02

  Banking re-imagined for a real-time world

  3 ➡ Embedded Banking

  4 ➡ From Products and Channels to Experiences

  5 ➡ DLT, Blockchain, Alt-Currencies, and Distributed Ecosystems

  3 Embedded Banking

  There are better, faster, more convenient, less costly payment methodologies in place, but with those comes the technology-adoption hurdle that a lot of companies just can’t get over … [The United States] have probably the most antiquated payment system in the whole world. It would be much harder to get a mandate to eliminate checks from a cultural standpoint, but also from a central bank standpoint.

  —Tom Hunt, Director of Treasury Services, Association for Financial Professionals

  For many of the approximately 700 million users of WeChat Pay in China, they don’t have a debit card they use regularly—their primary value store or payment vehicle is either cash or their phone. Increasingly in urban China it is only their phone, and even if people do have a bank account, they’re not using it other than for transfers, top-ups and withdrawing cash. The primary challenge for banks is that once money goes into the WeChat or Alipay ecosystem, it rarely leaves—and banks have zero visibility of it once that happens. The battle for mobile payments appears over in China. Soon the battle for deposits will be also.

  This is not just about a chat app that has been adapted for payments. We can see through first principles that the two-and-a-half billion great “unbanked” will more than likely not need so-called “real” bank accounts in the future. In fact, by 2030, the bank account itself is likely to be just a value store on the phone for the vast majority of consumers who have come into the banking system in the 21st century. The fact that you’ll have a wallet or value store on your phone, and the money might be stored in a bank account somewhere, is almost incidental.

  In 2000, financial inclusion in Bangladesh was just 14 percent; today almost 40 percent of the adult population is on bKash and doing their day-to-day payments via mobile1, and increasingly people are simply getting paid to their mobile phone. When the central bank put restrictions on mobile financial service providers (MFS), then people in Bangladesh just got more SIM cards so they could continue to store cash on their phones.

  In 2000, financial inclusion in Kenya was 27 percent and today almost 100 percent of the adult population is using M-Pesa mobile money regularly, saving 20 percent more than they did prior to M-Pesa. In 2011, India had 557 million unbanked, and by 2015 that had halved to 233 million due to mobile access2 and the new Aadhaar identity card scheme. Paytm, India’s leading mobile wallet, now has 280 million users3 and is aiming for 500 million within three years, and has teamed up with both Softbank from Japan and Alipay from China.

  More interestingly, consider the way Uber, Alibaba and Amazon are innovating around banking. Uber launched its own debit card, not to become a bank, but so that they could onboard drivers faster to grow their business4. However, by embedding banking in the driver onboarding process they circumvented the friction of having to have an unbanked driver visit a bank branch to get a piece of plastic. Today, Uber can pay their drivers up to three times per day using their new “instant pay” capability, which is only possible through the Uber driver debit card. By issuing their own debit card, Uber instantly became one of the largest acquirers of new SME bank accounts in the USA, but that wasn’t their goal—they just wanted to accelerate the growth of their business, which banks were slowing down.

  Alibaba and Amazon have increasingly started to offer business banking services to entrepreneurs on their platform. Whether that is a store front through their platform, small business loans, foreign exchange, capital management, taxation and other operational elements, increasingly these platforms will enable business users to do more of their banking and finance integrated into their platforms. They want businesses running all of their operations on their platform and not needing to go to a bank branch for functions they can provide.

  The 21st century bank account is not a physical artifact that consumers or small businesses will need to get from a branch, it’s just a piece of utility that will be engineered into their world through technology. The physical card, books and statements of the 19th century banking system will be relics of a time long past when it comes to banking for our children and their children. The developing world will get there first, as already emphasized by Chris Skinner’s coverage of Ant Financial, because these newly “banked” consumers don’t have legacy behaviour built around traditional banking and commerce. The fact that some people still write cheques in the United States is not evidence that bank accounts will survive in their current form5, and this is evidenced by the fact that cheque use has declined almost 70 percent in the US since 2000 alone.

  Figure 1: The fall of cheques worldwide (Image credit: Bloomberg).

  Behaviour is switching to mobile and digital payments globally, and will be almost exclusively digital by 2030. Voice-based commerce and mixed reality technologies will speed up the shift away from physical artifacts.

  The nature of the bank account will have to change significantly in this environment to stay relevant. In the 19th and 20th Century the value of a bank account was primarily that it “kept your money safe”, that you could save money securely, and you could pay for stuff based on the authority of the bank—when you wrote a cheque people would trust it as a mechanism of value exchange because a bank was behind it. The value in a 21st century bank account will be in how it provides utility in context, how it adapts to your financial life and your behaviour. The bank account is transitioning to a smart money artifact—bank utility embedded in our world enhanced by artificial intelligence that responds to your financial needs as and when they present themselves.

  Let’s examine the principles behind a 21st century embedded, smart bank account and how it will change the way you live with your money.

  Friction isn’t valuable in the new world

  If you examine challenger and FinTech banks around the world, you’ll see a consistent theme. See if you can guess what the message is…

  Simple was started out of frustration with banks. We’re positive, passionate people who are serious about creating an experience for our customers that’s unlike any personal finance product you’ve ever used.

  —Simple

  Get Moven with Smart Banking and take control of your finances. Whether you’re buying groceries, dining out, or saving for something on your wish-list, Moven automatically analyzes your spending and gives you instant receipts and insights so you can spend, save & live smarter.

  —Moven


  Life doesn’t have boundaries, so why should your banking? We’re making banking easier, intuitive and there whenever you need it, all on your mobile.

  —Atom Bank

  Monzo is a bank that makes life easier, not harder. We are building a smart bank on your smartphone.

  —Monzo

  For incumbent banks, the message consistently promoted when you visit a bank is essentially “our bank has the best product”.

  Figure 2: Sample homepages of banks around the world (emphasis on product).

  At the core of the difference between challenger/FinTech banks and incumbents is their mission: challenger/FinTechs want to radically simplify the banking experience, but incumbents seem much more intent on wanting you to choose their bank products over their competitors.