The digitalisation of banking – supervisory implications

Speech by Pentti Hakkarainen, Member of the Supervisory Board of the ECB, at the Lisbon Research Centre on Regulation and Supervision of the Financial Sector Conference, Lisbon, 6 June 2018

When in May 1997, world chess champion Garry Kasparov lost 4-1 in his match to IBM’s “Deep Blue” computer – humans could at least remain content that we still had the edge on the machines when it comes to the ancient Chinese game of Go. Human superiority in “Go” was able to continue as a result of the game’s far greater set of possible moves, and the perceived need for a high degree of intuition to win. Unfortunately, in May 2017, humanity’s Go crown also fell. Ke Jie, the world’s best Go player, lost 3-0 to Google’s “AlphaGo” artificial-intelligence fuelled machine.

So, should we feel threatened by the rise of technology, or should we feel excited that we humans can now collaborate with ever more sophisticated machines to improve our existence?

Today I will explore this question in reference to the ongoing technological transformation of the banking sector. Overall, I will seek to provide an optimistic view – that technology offers more opportunities than threats in this context. Yes, there will be disruption – and some firms that can’t keep up will lose a role and will exit the market. However, this disruption to bank business models will in the end work in the interest of customers. I believe that market forces will lead banks to deploy new technology to improve the quality, pricing, and convenience of products.

Notwithstanding this positive perspective, I recognise that these swift changes also entail some risks. I will explore in the second part of the speech what some of the most relevant new risks might be. It is not the role of supervisors to lead technological change in any specific direction – as this process must remain market-driven. However, regulators and supervisors must remain up to date – and we must also stay on top of any new emerging risks.

Of course, opportunities for beneficial technological innovation do not belong to the private sector alone. Supervisors can also benefit from deploying new technological firepower. In the last part of my remarks, I will reflect upon how we supervisors could make more advantageous use of innovative technology to further enhance our ability to detect and address banking risks.

“Digitalisation” – how is the banking industry changing?

There has always been plenty of room for technological innovation within the banking sector.

This potential for change has recently been energised largely in response to the shifting demands of bank customers. These customers are increasingly comfortable in organising their lives online, increasingly via the use of our smartphones which allow us to do our business whilst on the move.

We are fine to buy clothes online, book our holidays online, I understand we are even now finding our romantic partners online! Given this general trend, it is no surprise that banking is moving in the same direction – away from physical interactions between humans and towards remote service provision.

Across Europe, 59% of internet users now do their banking online[1], and this number is on the rise.

Our expectations as online bank customers are high. We are used to getting user-friendly and round-the-clock service from our online providers – and we naturally expect banks to be able to keep up.

So, how are banks responding to this challenge?

First, banks have recognised that their core infrastructure no longer consists of physical branch structures. In 2015, banks’ digital servicing overtook branch servicing in most European countries.[2] As branches are being used less intensively, the return on these physical assets is declining – and banks are therefore choosing to invest their money elsewhere. European banks closed down over 9000 branches in 2016 – which was a 4.6% reduction in a single year.[3] Change is happening fast.

Conversely, the benefits to investment in IT are currently increasing. Annual global IT spending in the financial sector has risen to around 20% of the total €3 trillion.[4] I am optimistic that such investments will drive improvements in banks’ digital systems, and that those banks who invest smartly in this area will be rewarded.

The move towards a more technologically driven banking sector implies that banks need a completely different type of workforce. There is less and less need for people to do manual and repetitive tasks, as these can increasingly be digitised. Big lay-offs are already being announced on a regular basis due to banks’ movement towards more digitally focussed business models. On the other hand, banks are becoming increasingly reliant on heavily skilled technologists – to instruct IT systems on what is needed, and to ensure that humans remain in control and on top of the risks.

One of the key digital areas that banks are competing with one another upon is security. The need to combine convenience with rigour in customer verification procedures is one of many areas where innovators can find an advantage. This is particularly crucial in light of banks’ “Know Your Customer” (KYC) obligations, and the related responsibility to protect the system against money laundering risks.

There is plenty of room for progress in this area. Today, customers still complain that banks’ online verification processes are somewhat painful.[5] Many interesting options are available for banks to fix this. Biometrics, Optical Character Recognition (OCR), cryptography, secure video links, and distributed ledger technology (DLT) – could each play a role. I encourage banks to think creatively and boldly in this area.

A special area of innovation – Artificial Intelligence and Machine Learning

Perhaps the most promising upcoming technology that banks will take use of in future is Artificial Intelligence (AI) and machine learning. These techniques are very powerful for analysing big data sets.

Banks are beginning to use these techniques to manage and mine the increasing amounts of high frequency data that their digital business models are capturing. This can allow banks to enhance their ability to make accurate predictions – and thereby to price products more efficiently, as well as to generally better avoid future problems.[6]

Machine learning is capable of identifying patterns in very large data samples, and is able to create a model that incorporates the patterns that have been recognised – thereby creating very powerful prediction capacity. Subsamples of the data are analysed to identify what the most powerful predictors are for certain outcomes, for example whether a loan will default or not. The most powerful predictors are then automatically incorporated into the model, and the new model then tests itself on other parts of the data to evaluate how well it performs. This process repeats itself thousands of times so that the model can “learn” the data and improve its predictive performance.

Empirical testing from the application of AI in other areas of the economy is by now beginning to show real evidence of the increased predictive capacity that can be created with these techniques. To name but one example, AI is being used in healthcare to more accurately spot patterns in hospital data to detect patients’ vulnerability to liver cancer.[7]

These new analytical techniques clearly fit well within the banking sector. For example, it could play a useful role in the task of analysing the credit risk of potential borrowers[8] – harnessing the large amounts of digital data that exists on loan applicants. Similarly, these techniques could play a role in sifting large data sets to detect money laundering, or signs of internal conduct risk amongst banks’ own traders.

Implications for market structure

Digitalisation is helping to make the provision of cross-border banking services far easier for banks. This follows a similar logic that has led to an increase in the cross-border trade of various services, e.g. software development, video-gaming, and the outputs of the music and film industries.

New technology has changed the foundations upon which the banking industry is built. Traditionally, banks have relied on their own self-sufficient IT hardware to run their systems and have required a physical branch structure to access clients. It is now much more possible for banks to offer their services without geographical limits. IT infrastructure can be drawn from remote external providers via the use of cloud computing, and branches are no longer required.

This is good news for those of us, such as myself, who see benefits from increasing competition in the banking sector. Barriers to market entry are falling as the need for large free-standing IT investments are receding. Likewise, the ability for new cross-border providers to quickly penetrate domestic markets by attracting customers via user-friendly digital products is increasing. These trends will enhance contestation of markets, and will thereby help to keep incumbent firms sharply incentivised to provide the best possible services to customers at the best possible prices.

I note that big incumbent banks in the market are working from a position of relative strength, given the long-standing trust relationships they have with a wide customer base. These strong relationships perhaps provide a degree of protection against very quick losses of customer volume. However, big incumbent banks’ place in the market is not sustainable unless they invest in the systems needed to provide the high quality user-friendly services that modern customers require.

To a large degree, this competition on the user-friendliness and trustworthiness of banks’ digital offerings will determine which firms succeed and which fail in coming years. We are already seeing to some extent a de-coupling in the market – where certain leading technological banks are taking a much bigger share of digitalised banking transactions. In the Nordics, for example, the leading online banks have over 20% more digital sales than the average of their competitors.[9]

Even though we already face a period of consolidation, technology will serve to enhance this trend. Banks that are too slow or ineffective in their adoption of technology will end up exiting the market. Only those firms that quickly and safely harness technology in a value-adding way will survive and thrive going forwards.

This is all part of the natural functioning of the market – and in the end this process of adjustment will work in the interests of banks’ customers.

Risks arising from digitalisation

Let me now move on to speak briefly about some of the risks that all this swift technological change could imply.

Before discussing these risks, I should begin by reassuring you that my overall assessment is that these emerging risks are not at alarming levels. My view on this point is shared by the Financial Stability Board who reported in 2017 that there are currently “no compelling financial stability risks arising” as a result of the adoption of financial technology.[10]

Nonetheless, various risks are becoming more relevant upon which banks, regulators and supervisors should each remain vigilant.

First, it is important to keep a close eye on how banks outsource their IT services to external parties. Banks are not “technological houses” – so they must rely to a great extent upon third party providers to help them move towards more advanced IT platforms. From a governance perspective, the fragmentation of banks’ services across a range of external providers creates a challenge for banks’ leaders. They retain responsibility for the risks generated by the bank as a whole – and so they must master the contingent parts, and keep all elements under control.

It is also a potential concern if many banks are outsourcing core elements of their digital banking business to a single provider – for example systems for processing payments. In effect, such arrangements can create a concentration risk for the industry as a whole. If a monopoly provider has a problem in delivering their services – then this could impair the functioning of the whole sector. This is an operational risk that supervisors and regulators need to be aware of. It also implies that we supervisors must be strong in our scrutiny of the robustness of banks’ key third party IT providers.

I have already mentioned my view on the potential benefits that AI and machine learning offer for enhancing the management of bank credit risk, amongst other things. However, it should also be emphasised that these techniques must be used in the right way – otherwise they can also become a source of risk.

The algorithms underlying AI must be carefully designed – and the decisions embedded within these algorithms must remain well understood – both by banks’ leaders, and by supervisors. Mistakes have been made too many times in the past when financiers have become too excited about some new complex way of doing things. AI and machine learning must not be added to the list of financial crazes where executives have allowed the risks taken by their “quants” to run ahead of their ability to understand and control what is going on.

Supervisory oversight will be vigilant in this area, but this can only provide a certain degree of reassurance that the humans remain in charge! To be really safe against the machines we must rely on banks’ leaders to own their responsibilities in this area. For the good of all of us, I’m sure you’ll join me in urging them to take this task seriously.

The final area of risk to mention is on cyber security. In general, I am pleased to report that European banks are well aware of the risks in this area and are constantly improving and reacting to new threats as they emerge. However, this does not mean our banks are immune to cyber risk. In our onsite inspections we still often find information security vulnerabilities that could be used by determined cyber criminals to obtain unauthorised access or wreak havoc. Our continuing message to banks is that they themselves are solely responsible for taking the appropriate measures to protect themselves from cyber risk and the negative impacts such threats pose.

I assure you that ECB supervisors will be keeping a close eye on all of these matters in the coming years. Through our regular Supervisory Review and Evaluation Process (SREP) and on-site inspection methodologies we are increasingly integrating the most up to date concerns that arise from the move to digitalisation. Over time, these themes will become more and more central to the way we supervise and test banks’ governance, risk management, and IT architecture.

Opportunities for digitalisation in the SSM

As supervisors and regulators, we must not get in the way of market forces. We are not here to lead the sector in one particular technological direction or another. Our role is to keep a close eye to ensure prudential safety remains high, including through periods of swift technological change. Further, we must supervise in a fair way that maintains a level playing field across the market – including for any new entrants operating in unfamiliar and innovative ways.

To pursue these tasks efficiently, we must ourselves become smart adopters of new technology. Routine tasks can increasingly be automated, and we can take advantage of this trend to free up the resources of our staff to focus more on the sophisticated and strategic tasks required to deeply scrutinise bank risk-taking.

Let me mention a couple of specific examples where I see technology can help us make progress in future.

Over time, I envisage that we can become more efficient in the way that data is shared between banks and supervisors. We are aware that the bespoke data requests we make to banks can generate a substantial burden. With collaboration between the industry and supervisors, it could be possible to improve our data sharing systems via automation. This could make data provision increasingly timely and accurate for us supervisors, whilst at the same time making things increasingly painless for bankers.

Such improvements in our data handling will anyway be necessary, as digitalisation means that the amount of relevant data that the banking sector is generating is vastly expanding. We need to embed ourselves within the “big data” that the industry is now creating – and use this to our advantage. In particular, we need to build systems that allow our analysis to be updated in real time as the market is moving. This is particularly important given that digitalisation has increased the speed with which transactions are processed – thereby increasing the speed with which market reality can change. We can no longer rely on 3-monthly snapshots in such an environment.

Supervisors should also begin taking advantage of AI and machine learning. For example, such techniques can be potentially used to improve the way we analyse the credit risks being taken by the banks we supervise. Done right, we can harness AI to help us spot excessive bank risk-taking early on in its gestation. In turn, this can support us to intervene early to cut such episodes short – before big potential problems become reality.

Conclusion

Let me now conclude.

The major ongoing developments that I have described in my remarks today represent a speed and scale of change that goes above and beyond what I would call “normal”. We should be aware of the risks that such a high pace of change generates – and seek to seek to stay on top of those risks.

However, principally this special moment of swift change should be seen as an opportunity to be welcomed. We are all lucky – bankers, regulators, and supervisors alike – to work in a time where such great possibilities to improve the way we do our day-to-day work exist.

It is also a good time for consumers, as technology pushes us towards the possibility of having smoother service provision. Straight-through digitalised processes potentially allow us to quickly access and purchase the services we want, without the need for manual inputs that can slow things down.

Amongst this background of change, we should recall that our fundamental goals are not really shifting. Banks must continue to provide good value for money and high quality services to their clients. Regulators and supervisors must continue focussing on maintaining the stability of banks and the banking system.

Let us therefore embrace technological change where it helps us achieve these stable long-term objectives. I believe we are already making on all sides significant progress in this work. If we continue with the right attitude, we have an exciting time ahead – and together we can help generate a better banking system for customers and citizens into the future.

[2]Finalta 2016 Digital and Multicultural benchmark.
[3]2017 EBF Facts & Figures.
[4]Aleksi Grym, Bank of Finland, slides presented to ASBANC Business Innovation Summit, 28.11.17 – citing analysis of data from Gartner.
[5]How banks are using new identity verification methods to boost conversions and keep customers loyal, Business Insider, 23 Feb 2018.
[6]Machine Learning: A revolution in Risk Management and Compliance, Bart van Liebergen, IIF.
[8]Predicting bank insolvencies using machine learning techniques, Petropoulos, Siakoulis, Stravroulakis, and Vlachogiannakis, 2017
[9]The future of customer-led retail banking distribution, McKinsey, September 2017.
[10]Financial Stability Implications from FinTech, FSB, 27 June 2017

Media contacts