By: Adarsh Recriwal, Adrienne Manns, Edwina Tanios and Guy Charpentier
Published: May 06, 2024 | Updated: May 17, 2024
Read time: 7 minutes
Operational efficiency keeps things moving; compliance keeps things in check. Together, they help financial institutions thrive by improving operational resilience and reducing operational risk.
Recent focuses on operational efficiency & compliance come in the wake of four trends conditioned by the current macroeconomic environment:
- profit maximization
- digital transformation
- partnership-based innovation
- operational security
The success of any financial institution’s target operating model will likely hinge on its ability to deftly accommodate the four.
- Explore more
Managing credit risk during uncertainty
A business is known by the companies it keeps: An ecosystem approach to cyber resilience
Profit maximization
For a while, investors seemed happy to bide their time as fintech startups, particularly digital-only “neobanks” with traditional banks on their backends, focused on growth through customer acquisition. Yet as competition for investor capital tightens, profitability is now stealing growth’s spotlight.
Meanwhile, a core focus for traditional banks is on the “capital buffer” reserves and liquidity requirements outlined in the Basel III regulatory framework. The resiliency is welcome in the present economic and credit cycle, and it bodes well for long-term profitability. But increased liquidity and reserve requirements can impinge on short-term profitability unless it is properly managed.
As competition for investor capital tightens, profitability is now stealing growth’s spotlight.
One way for financial institutions to maximize and preserve profitability is to look at a combination of relatively fixed costs, such as one-off technological upgrades, and variable costs that rise in accordance with business growth, such as transaction reporting or dispute resolution.
Take payment processing for card issuers. A microservices architecture, which breaks up complex software platforms, allows issuers and their processing partners to opt for specific processing components based on need rather than one size fits all.
The hybrid approach of a microservices architecture also goes beyond the binary option of outsourcing everything to a processor or bringing it all in house. Smaller issuers, with limited budgets and fewer requirements, may particularly benefit.
Much of this flexibility, and the effectiveness that results from accommodating variability, comes from application programming interfaces (APIs). They foster digital transformation by allowing disparate applications to securely communicate.
Digital transformation
There is digitization that better serves external customer needs, and there is digitization that better serves internal business needs. Ultimately, they are extensions of each other. Ongoing investment in digital capabilities can boost customer loyalty and provide access to richer data for enhanced decision making.
Take just payments. As customers shift from cash to standalone or wallet-based digital payments, providers need to enable, process and accept those payments.
The payment rails may be card rails, real-time payment rails, and even blockchain rails for central bank digital currencies. The payment acceptance may be click to pay, tap to pay, scan to pay, or simply an embedded payment. The payment may be in full, on credit, or in installments via buy now pay later (BNPL). It may be in-person, online, or automated by a payment initiation service provider (PISP).
Financial institutions face a number of ways to meet customer demand. Often the opportunities pose regulatory challenges. Should a BNPL provider be licensed as a lending institution? Does a PISP meet open banking regulations?
Whatever the nature of digitization, APIs increasingly handle the connections.
These digitization opportunities, and their questions, further extend to all financial accounts and other non-payment transactions. All the data needs storage, which is increasingly handled by efficient and low-cost public cloud computing, and privacy protection to allow for ready access and analytics, which is increasingly handled by machine learning and artificial intelligence. Again, these come with licensing and regulatory requirements of their own.
Whatever the nature of digitization, APIs increasingly handle the connections. The acronym API nowadays usually refers to more open APIs, albeit often restricted to select partners, as opposed to the company-internal private APIs that preceded them. By flexibly allowing applications to communicate, these APIs now allow financial institutions to look outside themselves for revenue-expanding partnerships.
Partnership-based innovation
New opportunities for revenue traditionally come from product-line extensions, regional or global expansion, and mergers & acquisitions. All are still valid approaches, but they reflect a pre-API mindset.
Head-to-head competition has shifted to partnership-based competitiveness.
Open APIs took open banking and banking as a service (BaaS) mainstream by allowing secure and efficient connections between banks and fintech companies or other third parties. As newcomers provided disruptive financial technology and incumbents provided longstanding financial expertise, much of the early talk of head-to-head competition shifted instead to talk of partnership-based competitiveness.
A classic case of BaaS is BIN sponsorship, which refers to a licensed “sponsor” bank letting partners use its bank identification number (BIN) to conduct card issuing and acceptance activities. The exact nature of the sponsorship involves careful consideration by both parties.
Unlike co-branded partnerships, where banks handle almost all aspects of a card program outside of some marketing and customer acquisition, a white-label BIN sponsorship puts more focus on the recipients, often smaller fintech companies, who can then self-brand their programs.
A sponsor bank might share capabilities, including licenses, without any scale requirements or major investment commitments. Settlement, fraud management, and regulatory and payment network compliance should suffice. A fintech recipient might handle everything else: marketing and customer acquisition, customer onboarding and fulfilment, transaction processing, customer service, and back-office requirements.
Specific approaches are dictated by need and usage. A BNPL provider wanting to open its “closed loop” retailer network to an “open loop” payment network may want to issue pre-paid cards. A neobank or challenger bank wanting to take deposits yet unable to hold the funds may want to issue debit cards. An alternative lender adept at non-traditional credit scoring may want to issue credit cards with defined spending limits.
Both sides will also want to closely watch the evolving nature of their partnership. A growing fintech may want to pursue licensing of its own if it ends up sharing too much revenue with its sponsor bank. Meanwhile, sponsors may not want to retreat too much into the background while recipients build up their own customer-facing brands. At the same time, third-party risk management (TPRM) poses security questions as breaches are liable to extend across partnerships.
Operational security
Financial institutions are used to remaining compliant with industry-specific fraud-prevention rules, such as anti-money laundering (AML), know your customer (KYC) and strong customer authentication (SCA). Solutions range from tokenization, which replaces sensitive card numbers with non-sensitive surrogates, to artificial intelligence, which may be trained on transaction data.
Less familiar are industry-specific cybersecurity considerations couched within operational resilience. They may form part of international frameworks such as Basel III, national regulations such as the UK’s Operational Resilience Instrument 2021, or regional regulations such as the EU’s Digital Operational Resilience Act (DORA).
Despite the relevance of cybersecurity for other industries, an emphasis on financial institutions makes sense: the cost of a data breach to financial institutions between March 2022 and March 2023 was 28% higher than the global average across all industries, according to technology company IBM.
Financial institutions may be tempted to treat fraud and cybersecurity separately, but any distinction is blurred at best. A phishing scam could steal an individual credit card number or steal access to an entire operating system. A holistic approach to both may avoid inefficient overlaps in coverage and benefit from economies of scale. Ecosystem resilience tends to be associated with third-party risk management, but it doesn’t preclude making connections within a financial institution’s walls.
Financial institutions may be tempted to treat fraud and cybersecurity separately, but any distinction is blurred at best.
In the end, a financial institution’s reputation and profitability can be tested as much by a massive data breach as by multiple chargebacks and customer disputes over legitimate transactions.
Conclusion: A network approach
Individual discussions of the four macrotrends conceal the more weblike interactions between profit maximization, digital transformation, partnership-based innovation and operational security. Financial institutions can ensure the smoothness of those interactions in several ways:
- Selecting the right target operating model (TOM). A classic people, process and technology framework, plus an additional data component, should span the four trends. Streamlined workflows, automated processes, updated technology and a robust system architecture can together ensure that costs stay down, APIs come first, partnerships and in-house versus outsourcing decisions are strategic, and security is at the fore.
- Tailoring core operational decisions. Whether a microservices architecture for profitable processor management, omnichannel payments to meet customers’ digital expectations, BIN sponsorship via carefully curated partnerships, or third-party risk and dispute management in accordance with regulations, “O” sits at the heart of TOM for good reason.
- Minimizing unnecessary costs and losses. Some are more obvious: failure to meet digital expectations is inefficient internally and reduces loyalty externally; one-sided partnerships eat into profits. Others may sneak up on you, such as one too many chargebacks and the grinding cost of low automation, or blindside you, such as non-compliance fines and the financial and reputational costs of security breaches. All are predictable and addressable.
Weblike interactions can quickly become tangled. A comprehensive approach to the four trends should span the scope of a global payment network to keep the trends in sync and untangle them when needed.
Learn how Mastercard’s solutions and consulting services for operations and cyber & enterprise risk use a data-driven and risk-based approach to help partners worldwide increase profitability and efficiency while complying with industry and regulatory requirements.