Balance vision and improvisation
Balancing infrastructure planning (or vision) with agility (improvisation) often requires a phased approach, with work around solutions enabling products to get to market quickly, while parallel tracking more long-term strategic investments in future-proofing your technology infrastructure. BancoSol was able to effectively take such a parallel approach. At the onset of their digital transformation journey, senior leadership articulated a vision and an implementation plan for the technology stack and analytics platform capabilities which would be required to execute the bank’s digital strategy for the next five years and beyond. The organization committed to ambitious digital adoption targets to set a north star toward which the team should set its sights. Yet, the team also recognized that it was equally important to start somewhere, to commit to improvising an agile approach to innovation rather than wait for the entire technology infrastructure to be deployed before beginning development of their first digital minimum viable product (MVP). Instead, the MVP was designed to function within the existing technology systems with the minimum modifications necessary in terms of API connections, etc., while planning to rollout additional functionality in line with the broader technology roadmap.
Balancing vision and improvisation also requires careful consideration of what to build in house versus what to outsource. As technology evolves, that question becomes increasingly complex. It may be easier to outsource key functions, but institutions need to be careful about protecting their core value-add to the market and not concentrating risk by relying too heavily on one vendor. Sub-K’s digital marketplace, SARTHI, was initially planned for in-house development, as they felt their IT team had the needed capabilities. However, after some deliberation, they realized that it would not be worth the time or effort to develop all of the capabilities needed internally, especially solutions that have already been commoditized in India. The organization decided to partner with several vendors to get access to their existing solutions, with necessary customizations. Sub-K knew that their core value-add was their unique methodology and agility to add new products and partners to the platform, so they needed to work with a technology partner to build a platform that enabled this flexibility.
Finally, a strong and coherent technology team is critical to delivering on the vision. The challenge confronting this team during a digital transformation is: how do we balance new digital initiatives with the tasks of business as usual? And how should we determine what to focus on? Digital transformation requires that IT departments are clear on the organization’s transformation priorities and can effectively prioritize incoming projects. Sub-K, for example, has established a “change control board” tasked with assessing the business value of each request to prioritize the change requests. This board governs the process for required sign-offs and cross-checks with all affected product owners when a change is requested to the IT work stack. This helps IT manage delivery by prioritizing feasibility and strategic importance of various initiatives and continually reevaluating the current backlog.
Likewise, our partner Bina Artha Ventura in Indonesia had three standalone initiatives they wanted to pursue at the outset of their digital transformation journey: ecommerce, digital identity, and digital lending. In an effort to combine all three into a logical technical architecture, they made the strategic decision to prioritize development of an overarching customer engagement platform, which would support and ultimately be able to deliver their other key initiatives.
Think strategically about APIs to modernize legacy systems
The movement toward open-banking, or the system of allowing access and control of consumer banking and financial accounts through third-party applications, has generated a need for FSPs to be able to consume and produce data for third parties to reap the benefits that partnerships can provide. APIs play an important role in ensuring that a company can access, interact, and engage with a third party’s data and functions. They can also be an effective tool to modernize legacy systems in a way that is low-cost, efficient, and does not require a complete (and expensive) upheaval of the existing core system.
At Accion Microfinance Bank, for example, the team needed to find the right partner to support their ambitions to create a digital loan product. After finding the right partner, the organization quickly realized that to deliver the digital loan capability, it would need to build APIs to connect with the partner’s systems. To evaluate the feasibility of this, the team conducted an API inventory — or an evaluation of how various systems should connect and where vulnerabilities may lie.
Though this process, they examined:
- the various integration points required for the organization’s systems to be able to communicate with various partners or vendors to meet the requirements of the digital lending product,
- whether these integration points already existed,
- whether they had the capabilities needed to manage the data, and
- handoffs that may be required between the technology and operations teams.
This inventory helped them to understand the steps they would need to take to develop the capabilities required to manage the data exchanged through the new APIs.
As you go digital, ensure you are resilient
Digital transformation requires great reliance on the external and internal technological environment. The external environment includes the availability of mobile connectivity in the region, the ability to connect with others over the internet, and the technological readiness of potential partners. The internal environment includes the systems such as the core banking system, data warehouses, document management systems, and office automation systems. As an FSP begins to digitize, through greater process automation or through new business models, the more vulnerable their systems may be to system failures or cyber-attacks, and the more resilient its internal environment needs to be to avoid these challenges.
Ezeh, a client of Accion Microfinance Bank in Lagos, Nigeria
To build resiliency, it is important to have well thought out and structured disaster recovery plans with remote disaster recovery sites set up with the appropriate failover and switch back parameters in place. These can include both on-premises (in physical server rooms) and on-cloud architecture. Cloud technologies, particularly, can improve technology resilience through greater regional autonomy (not dependent on other regions to run), data backups, and automated insights for decision-making.
However, regulators often perceive cloud infrastructure for financial services to be risky in terms of its suitability to safeguard customer’s personal and financial information. Financial regulators have a more comfortable view of carefully designed cloud-based architecture held within the country’s borders. Given the low cost of using cloud architecture and the benefits they offer, institutions can and should explore their use.
Finally, as FSPs digitize, cybersecurity is critical to ensure that the organization can reach its digital vision and the technology stack continues to be future proof. Cyber threats and attacks have increased since the start of the pandemic, particularly ransomware and COVID-themed phishing attacks, and organizations in the midst of digital transformation are very vulnerable. Effective mitigation against cyber risks requires developing layers of governance, accountability, policies, and procedures, all while creating and adhering to new norms of data protection and guidelines.
We worked with Accion AMfB, Sub-K, BancoSol, and Annapurna to recommend the necessary systems for greater resilience. This included suggestions for finetuning their disaster recovery plans, assessing cyber-risk solutions, regular testing, and the cultural changes needed for staff and partners to proactively address cyber risks and ensure business resilience and continuity planning.