CW500 in the City: Mobility management and regulatory compliance

A CW500 meeting heard how financial services firms, particularly the big banks, are responding to the need to offer customers and staff mobile services to compete for business and talent

Financial services firms, particularly the big banks, have been through troubling times in recent years. And while there is some light at the end of a gloomy tunnel they are also facing new challenges as customer demand changes, new competitors arrive and regulators tighten the leash.

IT professionals and experts in financial services gathered to discuss the challenges of introducing mobility into financial services companies at the latest CW500 in the City event, held in Blackfriars, London.

Alex Kwiatkowski, head of Financial Insights Europe at analyst company IDC, and Jason Scott-Taggart, head of IT service management at Worldpay and a former Barclays IT executive, gave presentations on what mobile means to bank customers and the enterprises themselves.

Kwiatkowski began working for Vodafone in 1995 and in around 1999 started looking at mobile in relation to banks and insurers. “Back then it was in its infancy. Not least in terms of the handset quality and data network speeds and everything else,” he recalled. “In the last 15 years I have seen quite a lot of change where mobile is concerned. I have also heard a lot of extravagant claims and seen a lot of failure.”

He pointed to Paym, the Payment Council-led mobile payment system, as a noteworthy development, with banks working together for “the greater good of the industry”, adding: “One of the reasons we have had so much failure in mobile is because people have not worked together cohesively to make a mobile platform.”

Although payments get the lion’s share of investments there is much more to mobile, Kwiatkowski said. “Mobile is much more than just about payments; it is about ticketing, loyalty, couponing and discounts – a much richer set of features and functions provided by the device.”

He said it is not just finance firms, or the industry collectives they belong to, that are developing mobile apps today. “Rather, such is the ease of development today that customers are developing their own apps.”

He gave the example of a senior executive at a Russian bank who, coming across a mobile app at the organisation, had congratulated the IT team on their splendid work – only to be told that it had been developed by a customer. “It is not just banks in this; it is a broad ecosystem including mobile operators, handset providers and third-party developers.”

There has never been a better time to develop mobile apps but there is also a bad side, he added. “Mobile malware is destabilising customers and employees. There has never been a better time to be a hacker.”

He said this made mobility management and security the biggest challenges for the enterprise. “We have BYOD and the D can stand for device or it could mean disaster.” Risks are greater because mobile is everywhere, whether corporate devices or mobile phones, and they come in many different flavours. “If you look at the amount of malware being created for Android, for example, it is frightening.” The regulators are increasingly looking at mobile financial services when devising regulation.

But Kwiatkowski said that this should not stop businesses developing mobile apps and allowing staff to use mobile devices at work. “We have got to do the simple things well, so don’t trip over the obvious things such as allowing personal devices access to the wrong things.” 

We have BYOD and the D can stand for device or it could mean disaster

Alex Kwiatkowski

In short, said Kwiatkowski, it is important to keep your critical business data secure while allowing your business to function with greater efficiency, greater accuracy, and customers having greater experiences. “My assessment of mobile in financial services is that despite looking at it for 15 years we are still in short trousers.”

One thing is certain, though – the banks do not have the resources to do everything in-house. “Third parties will play a bigger role,” said Kwiatkowski. “There are more technology providers that offer services that banks traditionally do.”

Kwiatkowski warned that banks still face a major challenge to their mobile strategies from their mainframe legacy systems. He said there are great opportunities to introduce digital technologies but finance firms need to understand the systems they have to link to. “We are seeing more technology failure today than ever before because systems are being asked to do things they were not designed for. It would be nice to start again but in the real world it is more about enhancement.”

He added that it is not just about customer services – employees too want to work in different ways and financial services firms will have to give something back by enabling mobility.

BYOD at Barclays 

Jason Scott-Taggart, who recently joined payment processing firm Worldpay, then took the stage. As he has been with Worldpay for only two months he talked principally about his 15 years at Barclays – specifically, its introduction of BYOD to enable staff to work in different ways.

He said the consumerisation of IT and the amount of data available to people can combine to increase productivity if businesses can enable it. “There is a fast change in technology and an explosion of smartphones and tablets. It is a trend that will continue and is all part of a massive shift in the way people use technology.

“This is happening in the corporate environment too. This has been driven from personal choice, but as an internal infrastructure worker supplying services I am seeing demand for different ways of delivering them.” 

Scott-Taggart cited social media as a good example of how people are interacting differently, blurring the distinction between work and home.

He identified the business drivers for BYOD as the desire to increase productivity, to utilise new ways of working and to make employees happier at work. “We can do this with these new technologies. We need to harness it for the good of the company and the individuals,” he said.

Talking about productivity and writing a business case for it is like punching a cloud

Jason Scott-Taggart

But finance firms have their own challenges, he added. “There is infrastructure and cost associated with BYOD. It might seem like you will save money by getting employees to supply their own devices but there is a lot of stuff behind the curtain needed to facilitate that.” He said it is a challenge because it is difficult to put together a business case for investments to support BYOD.

“Talking about productivity and writing a business case for it is like punching a cloud.”

Then, security is a major challenge, with the blurring of the lines between the corporate and private world. “How do we protect ourselves with the changes that this brings?” Just setting rules and ensuring users stick to them to protect the company is difficult, and a non-starter for a bank.

“If you are going to allow data to flow between different environments you need to get into data classification, which can be expensive and complicated. At Barclays we did not go that far as it would have been colossal.

“If you look at BYOD leaders such as Cisco they either did this at a high level or they didn’t worry and set policies to drive it. There is no way you could do this as a bank.”

He said Barclays had supported BYOD through remote access, which the bank controlled, and then introduced containerisation, allowing “a bubble” outside. “This was so controlled but we understand it and we gave access to corporate email. This is what we had at first for quite a long time.”

The technology has evolved and new functionality can be added. “We started black and white; the technology then allowed us to expand. In parallel the security people became more comfortable with the new paradigm. Two years ago we went back to security and asked for more functionality outside the bubble. We had two-factor authentication and a certificate on the device although we did not manage the device.”

But he said that rules are gradually breaking down today in a positive way.

To keep the users happy the bank kept trickling things out. “The ecosystem evolved and we added functionality on devices with the offer for full mobile work through our remote access.”

Scott-Taggart said it was important to keep staff up to date with what was happening as well as with future plans. Barclays branded the strategy My Device and carried out programmes to tell staff what they could do today and tomorrow. “That bought me time because we cannot keep up with what happens externally in giving people [mobile services].”

He said free wireless in the office was a great way of getting staff involved with what was going on.

He has recently moved to payments firm Worldpay, where he faces a different challenge: “At Barclays I had 200,000 users and 1,000 staff, at Worldpay I have 4,000 users and 100 staff, so the scale is different. The IT is much also less complex at Worldpay.

"There were inconsistent rules at Worldpay around mobility before but we are now standardising.”

And external rules set by regulators are coming in, just as in banking. “Regulation is only just beginning to hit the payments industry whereas it has been with banks for a long time. Things like chip and pin are now an essential part of UK plc, like ATMs, so the regulators are now interested.”

The floor was then thrown open to the CW500 audience. The resulting discussion focused on how banks need to change and engage with customers and employees if they are to fend off an increasing number of non-traditional financial service companies such as internet giants Amazon, Facebook and Google.



Read more on Mobile apps and software