Blog

A joint paper by Accenture and Chartis Research advising that operational risk management and cyber security  processes should align to better cope with the increasing cyber threat and improve resilience.

 

Cyber security has jumped to the top of companies’ risk agenda
after a number of high profile data breaches, ransom demands,
distributed denial of service (DDoS) attacks and other hacks. In
an increasingly digitized world, where data resides in the cloud,
on mobiles and devices connected to the “Internet of Things”
threat vectors are multiplying, threatening firms’ operations,
customer and bank details and future financial stability.
Firms should develop a strategy to cope with this cyber threat
emanating from online criminals, hacktivists or nation states
looking to destabilize payment and financial systems such as
Russia’s alleged 2007 cyber-attack against Estonia’s financial
services ecosystem. 1 The need is most pressing at large scale
financial services institutions as many of these sit at the apex
of the financial system.
This is a report by Accenture and Chartis analyzing the benefits of
better alignment across operational risk management procedures
with cyber security in an enterprise risk management (ERM)
framework. The objective for leading firms should be to focus on
increasing the resilience of the organization, and despite the best
efforts it is highly unlikely that any firm can completely avoid security
issues in the digitally-connected world we all operate within.
Cooperation is an essential starting point in the organization—
a DDoS attack or data breach impacts people, processes and
technology across the business. As well as getting IT systems
back up and running financial institutions (FIs) should write
to customers and regulators, activate back-up facilities, and
compensate any losses. Operational and cyber security employees
need lines of communications and a coordinated pre-planned
response. Firms should take this opportunity to review their existing
risk management processes, departments and responsibilities
with respect to cyber security, re-aligning them into an overall
operational and ERM strategy with boardroom backing.

Scope of the Problem: The Cyber Security Threat

In September 2015, for instance, the Securities and Exchange
Commission (SEC) fined R.T. Jones Capital Equities Management, a
St. Louis-based investment adviser, $75,000 for failing to establish
the required cyber security policies and procedures in advance of
a breach that occurred in July 2013. An unknown hacker gained
access to data and compromised the personally identifiable
information (PII) of approximately 100,000 individuals, including
thousands of the firm’s clients, after infiltrating its third-party
hosted web server. The attack left R.T. Jones’ clients, vulnerable
to fraud theft and prompted the SEC’s action for violating Rule
30(a) of Regulation S-P under the US Securities Act of 1933. 2
As Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s
Asset Management Unit, said in the ruling: 3 “Firms must adopt
written policies to protect their clients’ private information and
they need to anticipate potential cyber security events and have
clear procedures in place rather than waiting to react once a
breach occurs.”
Other examples illustrating the scope of the problem include:
• Interpol and Kaspersky Lab revealed in February 2015 4 that about
$1bn had been stolen over a two year period from financial
institutions worldwide by a cybercriminal gang comprising
members from Russia, Ukraine, other parts of Europe and China.
The Moscow-based security firm dubbed the criminal gang
“Carbanak” and Interpol was in pursuit. The criminal case proves
that FIs are just as susceptible to cyber-attacks as retailers that
hold card details or telcos and utilities among others. They are
also at the top of the tree for any fraud-related attack.
• The Ponemon Institute LLC has calculated that cyber risk translates
to a mean annualized cost, for every company, of $7.7 million. 5
• In a recent “2015 Cyber Security Global Survey” conducted
by Chartis Research, 6 which questioned 103 risk professionals,
69% of them said they expect their cyber security expenditure
to increase next year by more than 10%.
• The World Economic Forum (WEF) again identified technological
risks, in the form of data fraud, cyber-attacks among the top ten
risks in terms of likelihood while critical information infrastructure
breakdown is among its top ten risks in terms of impact. 7 The
threats are real and growing.

Defining the Problem

A necessity for establishing control is to first set a good
definition of the problem. Many firms produce their own
cyber security definition. A common starting point is with
the International Standards Organization’s ISO 27k series
on IT risk, which includes a cyber security component,
under ISO/IEC 27032. It reads as follows:
Officially, ISO/IEC 27032 addresses “Cybersecurity” or “Cyberspace
security,” defined as the “preservation of confidentiality, integrity
and availability of information in the Cyberspace.” 8
In turn “Cyberspace” is defined as the “complex environment
resulting from the interaction of people, software and services
on the internet by means of technology devices and networks
connected to it, and which does not exist in any physical form.” 9
In the US, the National Institute of Standards and
Technology (NIST) can also provide useful definitions and
guidelines. Both external frameworks should be examined
as part of an early stage project to align operational risk
management (ORM) and cyber security procedures.
The main definition problem that FIs encounter is around scope.
Broad and narrow definitions of cyber security both have strengths
and weaknesses. A broad definition provides wide coverage
and lends itself to a cross-silo approach. However, it can lead
to confusion over responsibilities and cause significant overlap
with other areas like IT security. A narrow definition can result in
the creation of another tactical risk management silo, which is
undesirable. The aim must be to develop an open definition that
covers all of the threat vectors, but clearly assigns responsibilities.

Expanding Operational Risk to Include Cyber Security

Cyber-attacks from external criminals or internally disgruntled
employees can fit this definition. They become a problem only
if the processes and people elements in an FI’s strategy are not
sufficiently developed. If the chief risk officer (CRO) is talking
to the chief information security officer (CISO) and both are
aware of their specific responsibilities, and how they align with
the wider ERM strategy, then a data loss event, DDoS attack or
hack needn’t be catastrophic. Joining the dots and aligning a
strategy is key. The challenge is that cyber security is traditionally
managed through its own set of internal controls within IT,
which are separate from the duties and processes required for
operational risk management or compliance. Bringing cyber
security into a common framework is necessary in our view.
In addition, the Basel Committee’s 2014 report on operational
risk includes cyber-attacks as a scenario. This illustrates the
nature of the operational risk that can result from cyber security
breaches, ranging from continuity to credit and market risk.
“…some banks have developed scenarios related to earthquakes
and other catastrophic events such as a cyber-attack to assess not
only the operational risk exposures (i.e. business continuity, costs,
fraud losses, lawsuits, etc.) but also other risks such as credit
risk (i.e. increased defaults, devaluations of collateral), market
risk and general economic conditions (i.e. lower revenues).” 11
The expansion of operational risk to include cyber threats
is being driven by a number of trends:
1) The rising number and complexity of cyber-attacks
now represents a real threat to an FI’s profitable
existence. Reputational damage and regulatory fines
await FIs that cannot prove a coordinated response,
communication and back-up plan is in place.
2) Boards and senior leadership increasingly recognize that
the solution lies beyond the technology layer and in the
broader people and processes of the institution.
3) Poor cost-to-income ratios are driving banks to consolidate
their silo-based risk management.
The “new normal” of expanded operational risk management (ORM)
strategies that align with cyber security, fraud and anti-money
laundering (AML) disciplines is illustrated in Figure 1. For example,
cyber security events such as the “Carbanak” $1bn loss from
financial institutions worldwide and this year’s Dyre Wolf malware
attack against banks 12 show that phishing, malware, fraud, money
laundering and business disruption all go together. A cyber risk
response and ORM strategy should be similarly coordinated.

Chartis Research has seen operational frameworks and
methodologies expanding into full governance, risk and
compliance (GRC) initiatives at FIs. The three lines of defense
– inputs such as risk events arising from malware; your
monitoring and coping mechanisms; and auditing of the strategy
(see Figure 2) – mean that a firm should be able to prove a
boardroom-backed governance and risk structure is in place
and reinforced by training and testing from the bottom-up.
Regulators and partners in the financial supply chain will be
reassured by strong managerial oversight and the presence
of a cyber risk-aware culture. In addition, the near-immediate
dissemination of negative news through social media and the
internet has increased the threat of reputational risk. Loss of
reputation could lead to a loss of customer and stakeholder
trust, loss of revenue, and a higher level of regulatory
scrutiny in future, posing a direct threat to executives
and the C-suite, who can potentially lose their jobs.

 

Source: ACCENTURE

In talking about global payment technology, emerging markets are an area of keen interest.

Latin America is a land of opportunity, but it also presents challenges that demand an on-the-ground understanding of commerce and transacting within the various countries and cultures that it comprises.

MPD CEO Karen Webster recently hosted a live digital discussion with Martin Schrimpff, Co-Founder of PayU, during which they addressed the necessity for a unique approach to payments in the region, and how to turn challenges into opportunities across the continent.

As Schrimpff notes, PayU — which also has a presence in India, Eastern Europe, and some parts of Africa — was “the first to see the need [for electronic payments] in Latin America,” where the offering had not previously existed.

“We are very different than your usual payments providers in the fact that we act locally in those markets,” says Schrimpff. “We have more than 250 payment options, and we don’t use any third part PSPs. The amount of work to build those local connections has been incredible. In all these markets we have local offices, local people to give us real local expertise.”

For example, of the company’s 1400 employees, only about 20 of them are based in the company’s headquarters in Amsterdam. The rest, according to Schrimpff, are all based in local markets.

 

WHY GOING LOCAL MAKES A DIFFERENCE

Operating locally can give a payments service provider a distinct advantage. As Schrimpff — who, despite his British accent, is 100 percent Colombian, having grown up in that country — remarks, “There are some things that are really hard to grasp if you’re not from the region.” Among the advantages are the ability to offer installments, offering local-based credit cards (that don’t even use the Visa or MasterCard brand), the option to offer better approval ratings locally, avoiding international charges for the consumer, and superior fraud management.

Schrimpff points out that PayU offers installments in all 7 of the Latin American countries it operates in. But how these installments work varies dramatically from country to country. It’s important to understand, says Schrimpff, that the banks assume all of the risk in these transactions. Another key factor is that over 60 percent of eCommerce in Latin America is done via installments.

“If you don’t understand that,” says Schrimpff, “you won’t succeed.”

What’s the difference between a revolving balance and a credit card? As Schrimpff explains, the major difference is the fixed amount of time in which a sum is paid back. Beneficial in that regard is that the consumer knows exactly how much they’ll be paying and the payment installments are split evenly across the time frame.

In other cases, installments are used for promotions — something Schrimpff remarks is “very powerful.” In those situations, the merchant will very often assume the interest owed on the installment plan in order to attract a higher volume of sales. This varies from country to country, but installments are popular throughout the region. In Brazil, 80 percent of all transactions involve installments. “That’s how big of an opportunity it is,” says Schrimpff.

In order to make it easier for local merchants to start processing faster PayU acts as the merchant of record.

The other part that is important to understand about payments in Latin America the concept of local credit cards. These cards represent close to 10 percent of all the transactions in the region. Furthermore, there are commonly used by consumers who may not have been approved by Visa or MasterCard, and that is important for a payment provider to broaden its reach.

“By going local,” attests Schrimpff, “you are gaining access to these cards and have an advantage in reaching more consumers via your payment network.”

Approval rates can also improve when a provider operate locally. Some countries, like Columbia or Nigeria, are monitored for fraud in untraditional ways and, as a result, cards will often be flagged. Local payment operators, unlike global ones, have more access to the local databases and therefore have more working knowledge or what’s going on, and can access the end user to understand if that user is actually a fraudster or not.

Banks and issuers in general, notes Schrimpff, are often more comfortable if the transaction is being done locally, because a lot of fraud happens in international transactions. If an acquirer sees that a transaction is happening locally they tend to put less rules on those. In countries such as Mexico and Peru, where debit cards are prevalent, this local connection to payments players can be even more important since debit transactions — because they directly impact a consumer’s bank account — are often scrutinized more stringently than credit cards.

 

IMPORTANCE OF ALTERNATIVE PAYMENTS

“Cash, in Latin America, is still king,” says Schrimpff, noting that credit card penetration is still relatively low in the region. It’s still very common for consumers to transact in cash, and even keep their money in their own homes versus paying for a bank account. People are also wary to put their credit card information online to make eCommerce purchases. Another disincentive, notes Schrimpff, are additional fees that some merchants tack onto credit card transactions – which is in violation of Visa and MasterCard rules, and actually illegal.

PayU differentiates itself by offering vouchers for cash payments to be made online for eCommerce transactions. The user is able to find what they want to buy online, they create a voucher then walk to a local store and make the payment for the voucher, that merchant let’s the network know the payment has been received and then the system reports back to the online merchant that the product or service can be distributed to the purchaser.

“We don’t see cash taking away from our credit card transaction business,” says Schrimpff. It actually enables them to transact with consumers who are averse to using cards. PayU is also currently beta testing a cash on delivery service, focused on products sold via eCommerce. This is important in that it enables wary consumers to build trust with merchants — and that trust, in Schrimpff’s perspective, is “what makes these transactions so powerful”

 

CASE STUDIES

Schrimpff and Webster walked the webinar attendees through a number of case studies that highlight PayU’s ability to accommodate various preferences.

Cash on Delivery: PayU has done pilots integrating cash on delivery into its platform. Schrimpff shares the example of a small merchant (a logistics company) whose sales, following a soft launch, increased by 15 times within eight months.

“Basically, 90 percent of [all the business the company] was doing was cash on delivery,” says Schrimpff, who adds that the offering is “a very interesting proposition” for small startups or new companies in the region.

Importance of Cash / Alternative Payments: Open English, an online English course, despite being a completely online product that operates on recurring payments, still decided to offer a cash payment option facilitated by PayU. 37 percent of all of its payments are now done with cash.

It “goes to show,” remarks Schrimpff, that even an online subscription business model can benefit from opening up to more than credit card payments.

Recurring Cash Payments: Schrimpff additionally illustrates that, in its work in Latin America with Amway, PayU provided the company with a special “collection card” that facilitates cash payments. Currently, 85 percent of all of Amway’s payments are processed using those cards.

 

FRAUD AND CHARGEBACK INSIGHTS

Just as operating payments in general from a local level is beneficial, Schrimpff shares examples of how the same goes for fraud management.

For one thing, there is the provider’s access to local websites and local credit bureaus. During manual reviews, this allows detailed information about the specific user that “would be very hard for other players to get a hold of,” notes Schrimpff.

Additionally, a company like PayU has good relationship with local acquirers. “When we see something strange,” explains the Co-Founder, “we have direct communication with them.”

Having that “local know-how” also lends an understanding that would be more difficult for someone that is not from the region — knowing the zones in a city, for example.

Lastly, Schrimpff explains that doing so many local transactions leads to PayU having “huge amounts of information” on various merchants — such as the main airlines and retailers, and a resultant familiarity with the trends of their businesses in the region.

Diving into some resultant numbers, Schrimpff shares that PayU’s fraud average in Latin America is between 0.6 and 0.7 percent, with approval rate of “about 75 to 80 percent.” That’s the standard they want to keep it at, as he remarks: “You don’t want fraud to be at zero, because then you’re killing your approval rate; but you don’t want approval rate at 90 and fraud at 10.” PayU tries to keep fraud below one percent.

The reason that total rates of fraud in Latin America shows (in the related slide) as 1.39 percent, explains Schrimpff, is Mexico. Mexico has a three times higher fraud levels than other countries in the Latin American market, due to market complexities such as high level of “friendly fraud” (whereby people know how much they can buy and still claim a chargeback even though they keep product). There is also less access for PayU to credit bureaus in Mexico than it has in other countries.

When it comes to chargebacks, Schrimpff provides the data point that less than 10 percent of disputes in the region are actually won by merchants, “so the merchant’s usually on the losing end.” In an effort to put merchants in a better position in that regard, PayU provides them with a module that “simplifies the back and forth with an acquirer” to help merchants automate the chargeback side.

Wrapping up the digital discussion with Webster, Schrimpff offers one last case study: this one related to PayU’s relationship with Cuponatic in Mexico (a company that Schrimpff describes as sort of lie Groupon). Cuponatic was experiencing a “huge amount of fraud rate” when handling it directly, says Schrimpff. But PayU got it down from 8 percent to about 1.5 percent — “which in Mexico is actually really good,” he notes.

Schrimpff additionally provides evidence showing how PayU is lowering the amount Cuponatic’s rejections — which less than 5 percent, now. The approval rate is close to 85 percent, “which is incredibly high for Mexico,” he adds.

Tying this last case study into the overarching perspective of the digital discussion, Schrimpff shows how a payment provider that offers local fraud tools and local know-how — be it Latin America or any other region — can “really control [all of a merchant’s operations] in a better way.”

 

Source: PYMNTS

 

• Companies have entered into a business combination agreement in which Diebold will launch a voluntary public tender offer for all of Wincor Nixdorf’s outstanding shares
  
• Brings together leading global innovators in banking and retail technologies in rapidly transforming industries
  
• Combined company will deliver fully integrated and transformative solutions in value-added services, branch automation and omnichannel experiences
  
• Both companies share a common strategic focus on growing services and software, and have highly complementary offerings, geographic presence and customer bases
  
• Diebold will offer Wincor Nixdorf shareholders €38.98 in cash plus 0.434 Diebold common shares per Wincor Nixdorf share1
  
• Transaction values Wincor Nixdorf, including net debt, at approximately $1.8 billion, or €1.7 billion
  
• Transaction expected to yield approximately $160 million of annual cost synergies, and the combined company will target non-GAAP operating margin in excess of 9 percent by the end of the third full year following completion of the transaction

 

NORTH CANTON, Ohio and PADERBORN, Germany – Diebold, Incorporated (NYSE:DBD), a global leader in providing self-service delivery, value-added services and software primarily to the financial industry, and Wincor Nixdorf AG (FWB: WIN), a leading provider of IT solutions and services to banks and the retail industry, today announced that the companies have entered into a business combination agreement. Pursuant to the business combination agreement, Diebold will launch a voluntary public tender offer to all shareholders of Wincor Nixdorf. Under the terms of the agreement, Diebold will offer Wincor Nixdorf shareholders €38.98 in cash plus 0.434 Diebold common shares per Wincor Nixdorf share. This transaction values Wincor Nixdorf, including net debt, at approximately $1.8 billion, or €1.7 billion.

The combined company had pro forma revenue of approximately $5.2 billion, or €4.8 billion4, for the trailing 12 months ended Sept. 30, 2015, excluding revenue attributable to Diebold’s North America electronic security business, which it recently agreed to divest. Following completion of the offer and subject to certain approvals, the combined company will be named Diebold Nixdorf, with common shares publicly listed on the New York Stock Exchange and the Frankfurt Stock Exchange. The combined company will have registered offices in North Canton, Ohio, U.S. and will be operated from headquarters in North Canton and Paderborn, Germany.

The combination brings together leading innovators in value-added services, branch automation and omnichannel experiences to create an industry leader focused on the entire value chain — consult, design, build and operate — to help financial institutions and retailers succeed in their business transformation journey. The combined company will build upon the two companies’ shared vision that services and software drive the consumer experience and enable customers to differentiate themselves in an evolving industry. The combined company will pursue a growing total addressable market of approximately $60 billion, according to independent market estimates and Diebold internal analysis.

Combined Company to Deliver More Services and Innovation to the Market

“The rate of change we see in our industry is unprecedented, and by leveraging innovative solutions and talent from both organizations we will have the scale, strength and flexibility to help our customers through their own business transformation,” said Andy W. Mattes, Diebold president and chief executive officer (CEO). “Our new company will be well positioned for growth in high-value services and software — particularly in the areas of managed services, branch automation, mobile and omnichannel solutions — across a broader customer base. This combination was made possible through the successes we have had and continue to create in the Diebold 2.0 transformation plan. We have a history of collaboration with Wincor Nixdorf, and our shared approach will help drive a successful integration and minimize disruption. I am very excited about the many opportunities we will create together.”

“The combination of Diebold and Wincor Nixdorf is an exciting opportunity for both companies to shape the future of banking and retail solutions. Together, we can even better leverage the potential of a rapidly changing banking and retail market due to our strong combined R&D expertise. With our complementary geographic presence, we will be even closer to customers worldwide. Our common view of omnichannel software solutions will enable us to create a best-in-class customer experience to support banks and retailers to cope with challenges of digitalization,” said Eckard Heidloff, CEO, Wincor Nixdorf. “Furthermore, we are convinced that our employees will benefit from being part of an even stronger, more global organization that is well positioned for the age of digitalization.”

Highly Complementary Geographies, Customers and Solutions

The two companies share a complementary geographic reach across the Americas, EMEA and within Asia, along with strong, trusted brands backed by best-in-breed engineering. Diebold is a leading player in the Americas, whereas Wincor Nixdorf is a leading player in Europe. These two regions are also key drivers for innovation and digital transformation — both in banking and retail.

The combined company’s collective capabilities and established global market presence will offer a broader range of services and solutions across its customer base. Growth in both the software and services segments is expected to be accelerated by the combined, expanded installed base of nearly one million automated teller machines (ATMs) worldwide to the benefit of the customers. The combined company’s strong service presence will also benefit Wincor Nixdorf’s retail business.

Agreement Approved by Boards of Both Companies

Under the terms of the business combination agreement, which has been approved by Diebold’s board of directors and Wincor Nixdorf’s supervisory board, Diebold will launch a voluntary public tender offer for all outstanding shares of Wincor Nixdorf. The offer consideration will consist of €38.98 in cash plus 0.434 Diebold shares per Wincor Nixdorf share.

Based on the volume-weighted average share price of Diebold shares over the last five trading days prior to Oct. 17, 2015, the day on which the companies confirmed entry into a non-binding term sheet for a proposed business combination, the total offer consideration represented an implied value of €52.50 per Wincor Nixdorf share. This implied value represents a premium of approximately 35 percent over Wincor Nixdorf’s closing share price as of Oct. 16, 2015, and a premium of approximately 42 percent over the volume-weighted average price per share over the last three months preceding that date. The corresponding enterprise value including net debt amounts to approximately $1.8 billion, or €1.7 billion, under these terms.

Under the business combination agreement, the existing transformation program at Wincor Nixdorf will be supported by Diebold and will proceed as planned. The parties have agreed that there will be no material workforce reductions in Germany beyond this existing program as a result of the transaction. Furthermore, all labor-related laws and regulations will be respected and co-determination on the German supervisory board level shall remain unchanged.
Following the completion of the transaction, the combined company plans to deliver approximately $160 million of annual cost synergies and will target a non-GAAP operating margin in excess of 9 percent by the end of the third full year. In addition, the transaction is expected to be accretive to non-GAAP earnings per share5 in the second year, excluding integration costs.

The terms of the voluntary public tender offer were subject to thorough analysis by Wincor Nixdorf’s supervisory board and management board as required by their fiduciary duties. The management board and supervisory board of Wincor Nixdorf consider the offer consideration proposed by Diebold fair for shareholders and the overall agreement in the best interest of Wincor Nixdorf, its shareholders, employees and other stakeholders and therefore intend to recommend the offer.

 

Source: PayX

Today Worldline and Equens jointly announced that they have signed a Memorandum of Understanding (MoU) on a strategic new entity. The strategic aim of the new entity is to be one of the leading and most innovative payment service providers for financial institutions and corporates in Europe.   Under the terms of the agreement this new entity, that will be branded ‘Equens Worldline Company’, will become the largest pan-European financial processor with more than 10 billion payment transfers, 6 billion POS and ATM transactions, 100 million cards under management and office locations in 8 European countries. The transaction is expected to close during the second quarter of 2016.   Under the terms of the MoU agreement, the transaction entails two parts:

Financial Processing: A new entity will be created, branded as Equens Worldline Company. Worldline will receive 63.6% of the newly created Equens Worldline Company shares in exchange for the contribution of its current Financial and Acquiring processing activities in Germany, France and Benelux into Equens. The current Equens shareholders, ABN AMRO Bank, DZ BANK, ICBPI, ING and Rabobank will stay as shareholders and own the remaining 36.4%.

Commercial Acquiring: Our commercial acquiring subsidiary PaySquare will be acquired by Worldline. The activities of PaySquare will be combined with Worldline’s current activities within their Merchant Services and Terminals Global Business Line.   Worldline and Equens consider this step as a major milestone in the consolidation of the European payments market. Through the combination of Equens and Worldline’s complementary skills and capabilities, our clients will benefit from a substantially enlarged product and service offering, new and innovative business opportunities and also in terms of time-to-market.   Michael Steinbach, Equens CEO: “I am very excited about this step, which consequently follows Equens’ proven strategy since our foundation in 2006. By joining forces with a highly respected, innovative and truly pan-European company in the payments market, economies of scale and scope will be maximised.”

 

Source – Equens

 

The move to immediate payments requires real-time transfer of funds and 24×7 availability.

Accenture has created a new digital IT blueprint for the everyday bank1, mapping out how banks worldwide can leverage digital technologies to take a central role in their customers’ lives. Immediate Payments—the real-time transfer and availability of funds 24×7  is a key element of this blueprint for the future of banking, enabling financial and non-financial activities to be undertaken for customers in real-time at any time of day or night.

Accenture-Banking-Realtime-Payments-Realtime-Bank

 

Worldwide technology budgets continue to rise, with technology spend to reach US$157.6bn in 2019

Today Ovum, the global analyst house, announces that IT budgets in the global retail banking industry will reach US$131bn in 2015, an increase of 4.3% over the previous year*. This will rise to US$157.6bn by 2019. This is driven by improvements in the global macroeconomic outlook, which has caused banks to focus on growth, rather than cost reduction and compliance-centric projects.

In 2015, global spending will be led by Europe and North America, but growth will be most rapid in Asia and MEA. Spending by banks in the US and Canada will reach US$50.5bn in 2015, a 4.7% increase from last year. This is driven specifically by the US’ economic growth. Due to instability issues in the eurozone, budgets in Europe will only rise by 3.1% in 2015, driving total spending to US$42.4bn. This does mask the disparity between different countries in the continent though, as Europe will still account for 32% of global retail bank IT spending.

It will be Asia and the Middle East and Africa (MEA) though that will see the largest growth this year. Total budget in the former will reach US$27.5bn in 2015, a rise of 5.6% from 2015, while MEA will grow by 5.3% reaching US$2.4bn. In Asia, this growth will be driven by the continued development of the banking sector in India and China, with Malaysia being another country on the rise. In the Middle East, the fluctuations in oil prices will act as a brake on the pace of growth, but there will still be solid levels of IT investment.

The trend of investment in digital channels will continue in 2015. Mobile banking will see the largest increase in budgets, with a growth of 7.3% over 2014, seeing total spend reach US$4.2bn this year. Online banking will rise by 7%, but its total spending will be higher than mobile, reaching US$10.8bn in 2015. As the industry’s focus on sales and servicing remains strong, multi-channel integration and customer information systems (MI/CIS) spending will see a global growth rate of 5.6%, pushing this year’s total to US$7.3bn.

“Data and analytics will be key to the developments in digital channels,” says Kieran Hines, Practice Lead, Financial Services Technology, Ovum. “Many markets are witnessing their second or third wave of mobile and online banking platforms, with driving revenue becoming the prime priority. In the next round of major platform developments though, it will be the use of data analytics in real-time that will act as the key differentiator.”

This change will be reflected by the spending growth in core platforms. In 2015, this will remain a critical investment, with retail banks spending US$22bn on core banking projects. This is an increase of 4% from 2014 and it will continue to grow, reaching US$26.2bn in 2019.

Kieran Hines concludes: “In the rush that will undoubtedly occur to deliver front-office innovation to drive growth, banks must resist the temptation of short-term developments for quick revenue wins. Customer expectations will evolve and banks must ensure back-office agility is retained, meaning it’s able to deliver future innovations. This means any new developments must be delivered according the enterprise architecture principles. The benefit of long-term planning, particularly in regards to legacy modernisation, will pay dividends for banks in the coming years.”