One out of two is OK. Two out of two is definitely better. How about three out of two? A 150 per cent return? Now we’re talking.
It happened at the National Bank of Canada. This 140 year-old institution, the sixth-largest chartered bank in the nation, undertook two technology projects recently: one aimed at improving its communication infrastructure, and the other for regulatory readiness.
Two tech endeavours, three lessons learned — take-home advice for other financing enterprises that are about to embark on their own ventures in IT.
Lesson one: communication is key. The National Bank learned this while implementing Internet Protocol (IP) technology to better correspond with other financial companies around the world.
The Montreal-based bank, with more than $75 billion in assets, 546 branches, and an increasing presence on the international scene, belongs to the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a global messaging system by which money-minded institutions send and receive account information, letters of credit and notes on other funding matters.
“Most banks in Canada have to be 100 per cent compliant with most of the payment systems across the world,” says Guy Morneau, the bank’s manager of international payment operations. “Because we are a commercial bank, we need this environment.”
When SWIFT cranked up an IP alternative to its decidedly established X.25 service, the National Bank jumped at the opportunity to try the new offering. X.25 is a 30-year-old electronic communication protocol that is somewhat difficult to work with, according to Morneau.
With X.25, “we were limited to bring corporate clients onto the network,” Morneau says, adding that IP, a more open communication medium than X.25, could alleviate the problem — make interconnection between the bank’s systems and those of its clients somewhat less taxing. But switching from X.25 to IP was no cakewalk. The National Bank faced plenty of changes to succeed with the new service.
The firm had to toss its communication and validation platform. The infrastructure, a Hewlett-Packard Co. VAX system, was not IP-capable. The bank replaced it with a Sun Microsystems Inc. Solaris system running Unix. The firm also had to improve network security. IP exposes companies to vulnerabilities that are less of a concern in X.25 environments, Morneau says. Virtual Private Network (VPN) technology, firewalls and other protective measures were required.
“It was a big project for us,” Morneau says. “It’s more complicated to handle the new network than the last one.”
One of the bank’s biggest challenges, however, had to do with supplier synchronization.
“For at least six months, we had one person in charge of coordination between the telecommunications suppliers,” Morneau says. “It was quite difficult. We really were the first implementation of SWIFT IP in North America. Many of the hardware systems were made for a European environment.”
For instance, the first VPN appliance that the National Bank received for its new IP communication platform simply wouldn’t cooperate with the company’s existing electrical infrastructure. Read: the plugs didn’t fit. They were meant for European-style outlets, rather than the North American versions. “We had to send it back,” Morneau says of the European VPN box.
It took 18 months (parts of 2002 and 2003) to get up and running on IP. The bank seems satisfied with the service. “It’s very resilient,” Morneau says, adding that although the firm maintains its X.25 connections just in case the IP link goes down, the company hasn’t used the old circuits very much.
Morneau says the National Bank came away from the process with suggestions for others contemplating an IT overhaul. For example, one of the defining measures of success for this communication-minded undertaking was, well, communication. Morneau joins representatives of other financial institutions each month by teleconference to discuss IP migration issues.
“Most of the questions are around the coordination problem between SWIFT, suppliers of telecommunications, security people inside the bank and so on,” Morneau says, adding that the monthly meeting of minds is helpful.
Morneau says it’s important to choose a telecom service provider that knows your business. Otherwise the project could turn out to be “a real mess when you try to make it work. We really need a good level of service when we do the installation, to make sure everything is well configured.”
The National Bank decided on AT&T Corp.’s Enhanced Virtual Private Network offering instead of products from two other SWIFT network partners up for the job. AT&T seemed to have a deeper understanding of SWIFT than did the other contenders. On top of installing a new communication and validation system, as well as new security appliances, the National Bank probably didn’t want to educate service providers about SWIFT.
In another part of the bank, Nicolas Delisle is getting something of an education himself. He’s learning — as if he didn’t know it already — how difficult it can be for financial firms to keep up with regulatory requirements. Call it lesson two.
Delisle, a National Bank manager, is part of the team in charge of making the company fully Basel II compliant by 2006. The Basel II Accord ensures that financial services firms can back up the funds they lend to others.
It’s no simple task, meeting this regulatory obligation. Basel II requires banks to have a deep understanding of their support funds and their customers. The National Bank needs to know the size and scope of the companies to which it lends money. How long has the borrower been in business? How big is the firm? How quickly do similar companies pay off their debts? How many of those similar firms are in default?
Answers to questions like these go towards a risk assessment, which in turn leads to an idea of how much cash the bank must have on hand in order to lend money to a particular company. The result depends on the borrower’s profile. An enterprise as large and established as General Electric (GE) would carry a different level of risk than would, say, a new restaurant chain looking to expand.
“You need analytic tools to calculate the probability that a company like GE would go into default,” Delisle says. He visited with one analytic software provider recently, SAS Institute Inc., although the National Bank has not yet decided which vendor to go with.
Delisle says the bank faces a boatload of work before it’s ready to bring in the analytics. The firm is building a data warehouse to serve information to the SAS-style software. Then the company has to make sure the data store connects seamlessly with various accounting systems and the bank’s general ledger, the ultimate bottom line.
Will the National Bank be Basel II ready by the 2006 deadline? Delisle sighs.
“There are a lot of challenges to get there. IT integration is a big challenge. Reconciliation with the general ledger is a very big challenge. It all needs calculations afterwards in the accounting department. I guess we’ll be there for our major portfolios, but for our smaller portfolios, well, we’ll be ready with 80 per cent of our portfolios.”
Delisle says he can’t justify IT spending on looming regulation — at least, not anymore. That’s lesson three.
“We used the regulatory hammer at the beginning,” Delisle recalls, reiterating the mantra that underpinned many a previous tech venture: ‘We have to do it for Basel.’
“But top management was fed up with it,” Delisle says. “Finally my CEO said, ‘I don’t want to hear the word Basel anymore. If you’re coming to me for a new project, a new initiative, tell me how it will improve the top line, improve the bottom line, improve risk management, reduce my losses, something other than Basel.’”
Now Delisle and his crew use a different line of reasoning for funding high-tech projects. They talk about improving operational efficiency, or raising revenue. They don’t mention regulations.
When it comes to buying analytic software, for instance, the new mindset means showing the CEO that the applications address not only Basel II. They also provide customer info: who’s likely to default on payments; who’s up for a new marketing campaign; which customer segments remain untapped, et cetera. “We use that argument now with the business line,” Delisle says, “and it’s been much easier to sell projects.”
