Brett King

Posts Tagged ‘Policy’

Social Media and Bank Compliance Departments – Eternal Enemies?

In Retail Banking, Social Networking, Strategy, Technology Innovation on July 6, 2010 at 22:50

A consistent theme keeps popping up as I discuss social media innovations with bankers these days. It is increasingly frustrating for innovators who want to use mobile, social media, the web and other such tools to get these past hyper-risk-adverse compliance specialists. It seems as if many of the banker’s I’m meeting are saying that the favorite word of the compliance officer of today is simply “No”.

That needs to change…

Compliance holding up social media adoption

In a recent American Banker’s Association survey they reported that 74% of participating banks confirmed that all ‘social media efforts were to be vetted by compliance first’. In an environment where minutes matter, and the response is key, such a logjam to social media participation is a frustrating mismatch with the realities of dealing with customers in todays uber-connected world.

On Sunday I enjoyed brunch with Matt Dooley who heads up Direct Customer Experience for HSBC’s Commercial team in Asia, and his wife Maria Sit who runs Heath Wallace’s Asia division. Over lunch the issue of culture, compliance, philosophy and the reluctance to experiment to broadly with social media, mobile engagement and other such issues came up.

Matt used a brilliant illustration to identify the problematic compliance hurdles we face today as bank innovators. He asked me whether or not a compliance department of a major financial institution would approve “snail mail” as a new initiative if it was proposed today? Let me explain. If snail mail did not exist today, what would your average compliance officer think if you came along and explained you wanted to use this great new technology for distribution of bank material like statements, new credit cards, PIN #’s, etc. You’d have your PowerPoint deck ready to go explain the process where you stuff an envelope, hand it on to someone you don’t know in the bank (likely a very junior staff member), he then puts it in a bag which is picked up by a truck with another person you don’t know, they take it to a large warehouse and sort it according to Geography, etc, etc…

There just ain’t no way that snail mail would make it through the compliance check list of today’s modern financial institution. The compliance officers would no doubt quote scenarios like this to justify why it would be absolutely impossible for the bank to consider using this new ‘snail mail’ technology.

This is the dilemma. Today there are those of us trying to improve customer experience, knowing full well that compliance departments are citing risk mitigation, regulations and laws, bank policy and procedures, and other such issues as reasons why innovators can’t release a new mobile app, engage in social media conversations in real-time with customers, and so forth. In the meantime, there are existing processes, procedures and systems that are far more riskier than things like social media, but they are immune to the compliance department’s gaze because they are already in place.

Is it riskier to do nothing?

Let’s take Twitter as an example. Today it’s rudimentary to do a Twitter search on major FI brands to see topics trending that in the old days if they were carried by mainstream media would turn a banker’s hair on end. In many cases, however, such interactions are simply ignored because there are no dedicated resources listening and responding to such social media conversations. The processes internally around getting compliance approval for a formal response simply make any such response useless by the time it is approved.

But aren’t social media free form responses risky?

Take for example the very public Twitter faux pas recently committed by a Westpac employee who stated “Oh so very over it today…”. Honestly, this is probably about the worst that it could get on Twitter – and it just isn’t that bad. I hear Compliance departments the world over rejoicing and justifying their stance at the next Social Media strategy review meetings – saying, ‘See, see – we told you so!”. The reality is, that this particular faux pas actually ended up humanizing the Westpac team and probably won them new supporters more than anything else…

It is far more likely that a serious breach of customer trust, a poor service or policy decision, or some other very public social media trending topic could do far worse brand damage if left unanswered out in the social media conversation.

Classic examples are those of Ann Minch with Bank of America and Citibank with the Fabulis debacle. In observing the Facebook and Twitter effect of such PR nightmares, the lack of timely response by the bank across the social media landscape made these issues far more impactful and damaging than they needed to be. So the real risk is in not responding quickly enough.

The reality is that banks are increasingly likely to face a major PR disaster and have it escalated more rapidly than they can every imagine through social media networks. Take the example of BP and the recent Gulf Oil Spill – their lack of maturity in handling PR issues over social media has absolutely punished their brand. The spill is bad enough, but BP’s response to the social media conversation has simply made it much worse than it had to be.

No amount of brand advertising and traditional PR can ever undo the sort of reputation damage that is possible to your brand in the social media landscape.

Compliance as an enabler

Compliance needs to understand the negative risk of increasing workload on the frontline in respect of customer service perception, and decreasing the ability of the organization to respond to social media events in real time. They need to start thinking about their function as an enabler of the core business with customers, rather than just risk mitigation. They can also be lobbying regulators to help regulators adapt and make their processes more user-friendly, while retaining security of identity and the assets of the customer.

Customer experience is being hampered by compliance heavy processes that look to reduce risk, but make the engagement unnecessarily complex. Translating the Terms and Conditions from a paper application form onto the first 7 pages of a web-based application process might seem legally sound, but is quite ridiculous from a Usability and Customer Experience perspective.

Compliance departments need to learn to stop saying no, and be embedded within social media, customer advocacy and customer experience teams so they understand the implications of ‘risk’ and ‘legal’ decisions that actually hamper the organizations ability to respond to customer needs.

Banks: KYC is Killing Your Customers (Huff Post)

In Retail Banking, Strategy, Technology Innovation on February 23, 2010 at 05:53

See the original blog entry on Huffington Post…

In my discussions with bankers about innovation, I often hear them tell me that perhaps in other industries innovation could be achieved, but due to heavy regulation and the compliance requirements of the banking sector that such is more difficult for financial institutions. This is part of the story, but I’m sure that it is fixable.

I met with a Private Banker from one of the dominant bank brands in Asia this week. In Central Hong Kong this bank has it’s own tower, of which three floors are dedicated to the Private Banking unit, but that’s only half true. Almost half of that office space is taken up by a team that is designed to reduce risk to the bank by ensuring that customers are accurately informed of the risks their investments will carry, and to ensure that the bank does not commit itself or their client to undue risks. The name of this team within the Private Bank – the Business Prevention unit – I jest ye not.

Has it come to this that regulation and risk aversion is such an important part of the bank that we now actively try to prevent business occurring? It would appear so.

This explains a great deal about the current state of our banking sector. If customers are a risky proposition, then how does the bank make money? Well they invest it in stuff where they know they have an element of control, or in the case of sub-prime they try to actively engineer it so that they make profit regardless of the underlying asset risk. Some banks have even been known to borrow money from the government and margin trade on it in recent times…

The point of this is that banks have become so myopic in respect to customer risk that as customer we’ve almost become an anathema. In fact, the compliance workload we as customers have to deal with these days is so offensive, that it is almost not worth engaging a bank for an investment deal or asking for a loan. To illustrate, in the mid 80’s I recall being a student and walking in to open an account with no identification, I filled out two cards with a specimen signature, my address and particulars, and that was it. Now that same bank requires a 100-point identification scorecard to be realized, and the basic current account application form is some 18 pages long. This is progress apparently.

Compliance procedures are Killing customer experience Figure 1 – Internal Compliance Procedures are bad for business

Now, I appreciate we have Anti-Money Laundering, we have identity theft, we have IRS and tax departments eager to know what we’re doing with our money, and we have regulators that are making it their job to ensure we don’t invest in a financial product that we don’t fully understand. Sometimes, just sometimes, however, we just want a decent banking experience. We just want it to work, and the more paperwork you throw at us, the more hoops you make us jump through – the worse our banking experience is.

The thing with this is, that although there are regulations and legal constraints, most of the work we have to do is due to internal bank policy and process. For example, let’s say an existing customer comes to the bank to ask for a loan – this is a customer we’ve known for 5 years, his salary gets paid every month on time, and he’s a low credit risk based on what we already know. Why then is it that this same customer has to fill out an application form with the same details he’s provided us with since day one?

There is absolutely no regulatory or legal requirement for the process to be handled in this way. Right now this is all about making it easier for the bank to mitigate risk for their brand. A customer-focused bank would either allow the customer to sign on with their Internet Banking credentials to agree to the loan, perhaps sign on a tablet or digital form or if absolutely necessary generate a paper application form based on existing customer records where all he had to do was sign. All of these solutions would produce exactly the same result from a regulator’s or compliance perspective as a hefty paper KYC process.

So why as banks don’t we do this way? Firstly, no one senior enough in the bank has sponsored such a move. Secondly, because the internal IT department would probably take 15,000 man days, and $184.63 m to enable this. And lastly, because at the end of the day as bank executives we get rewarded for mitigating bank risk, not for making customer experience better.

Regulators and bankers need to separate ‘customer’ risk from operational risk, and in this way innovation can still occur.