Building better banks

Banks know how to make money - and how to save it. IT is central to both, as delegates to the recent Financial Technology Summit in Dubai discovered. Colin Edwards reviews some of the presentations given on driving growth in the region's banking sector.

  • E-Mail
By  Colin Edwards Published  May 1, 2006

|~|banking-al-yousof-200.jpg|~|Al-Yousof: Outsourcing is paying big dividends at NCB in KSA.|~|On the making money front, when it comes to core IT systems, there is a body of thought that says it is critical for banks to keep development in-house. The argument goes that by doing so they can leverage unique solutions to differentiate themselves in a highly competitive market and create an agile and profitable organisation. It is worth adopting this approach even if it costs a bit more, Dr Fadi Chehayeb, CIO at the National Bank of Kuwait (NBK) told banking CIOs attending the Financial Technology Summit in Dubai last month.

On the saving money side of banking, Hosam Al-Yousof, head of support services at the National Commercial Bank (NCB) in Saudi Arabia, told delegates that his bank believes in outsourcing whatever it can. The strategy, he said, was one which is saving the bank enough to finance its rapid branch expansion throughout the Kingdom.

While the two speakers were talking on very different topics - Dr Chehayeb spoke on implementing a service oriented architecture (SOA) framework to revolutionise core systems development at the Kuwait bank, and Al-Yousof talked about his bank's strategy of outsourcing non-core facilities - there was a common theme: leveraging IT to drive business growth.

In the case of NCB its decision to outsource all of its printing and air conditioning facilities to its new 15,000 sq metre data centre in Jeddah has already saved it enough money to open two new branches in the Kingdom.

"We completely outsource those IT areas that are not important to us. This allows us to focus on our core business, keep control of costs and share risks," Al-Yousof said, adding that the bank was now even outsourcing some of its branches in a bid to effect its rapid expansion across Saudi.

Gartner, he said, estimates that most companies spend between 1% and 3% of revenues on printing, copying, faxing and scanning. That is an alarming figure in its own right, but an even more alarming statistic from research firm IDC was that 90% of companies and organisations cannot identify real costs of document handing because there is no single reference point on which to base figures.

By partnering with Xerox in a five-year document management outsourcing contract, NCB has a totally upgraded print solution at no capital outlay to itself, has eliminated seven machines and the cost of associated management and support, and is realising reduced print volumes and overall costs, he said.

The bank has also been able to make significant cost savings by outsourcing the air conditioning system at its new data centre, NCB. This is saving about US$133,000 in annual electricity costs alone as well as obviating massive capital expenditure on the equipment and operational and support expenses.

Next on the outsourcing list are the bank's desktop PCs and their maintenance and Al-Yousof is also looking to outsource electronic archiving and archive management by the end of the year.

While outsourcing might be fine for non-core activities and has clear bottom line benefits, Dr Chehayeb at the National Bank of Kuwait said that when it comes to creating and maintaining a competitive edge through the development of an SOA framework on which to run existing and future core systems, delegating to a third party was not an option for the bank.

"You have to develop in house and create the knowledge, abilities and strategies to take SOA forward. To do this successfully you have to have the vision in-house and you have to have the architectural capabilities in house,” he said.

“Whatever you get from outside is only as good as just reading white papers and or magazine articles. You need to develop in-house capabilities. Without these you will certainly fail," he said.

Dr Chehayeb was referring to how NBK had set about creating an SOA environment and some of the pitfalls and challenges that other banks could face in transforming their core systems to a web-services based IT delivery model.

Driving his DIY approach to SOA is his belief that the framework will help create a powerful platform on which a company can create a competitive differential. As such an environment assumes a strategic importance to the future of IT within the organisation and its ability to meet business needs, the threat of vendor lock-in should be avoided. In any event, there is no SOA solution per se, he said.

"Maybe by 2010 a vendor will come up with a framework to do everything from A to Z, but it’s still premature and standards have to be put in place before that can happen.”

In approaching SOA companies need to define the relevant services for the specific business. For example: what is the agility the business requires, or how does the business see itself evolving? Then web services that deliver on that agility need to be designed, he said.||**|||~|banking-nbk-200.jpg|~|Chehayeb: NBK realised a bank of its size could not keep changing its IT systems every 10 years.|~|NBK opted to take the SOA route following a study it undertook a few years ago into its existing architecture, systems and IT strategy. During that study it dawned on management that IT was not aligned to the business. The systems were internally developed; were based on legacy code; and needed replacing.

"We embarked on a programme to change the core retail banking system. This took a while as we looked at alternatives and even embarked on a process of selection. However, during that time we said: wait a minute, how long do we want these systems to survive - do we want them to be there for 10 years? Five years? 20 years? What are we talking about? Suddenly we saw we could not continue to do this any more. A bank the size of NBK could not keep changing systems. We had to develop an architecture that would be a backbone to take us on to the future and whatever changes that happen will become business as usual," said Dr Chehayeb.

That was when NBK started to explore the technologies and integration capabilities around SOA and decided it was a strategy that could take the bank into the future with each application comprising web services.

"So we took a step along the SOA path. Today we look at SOA as really the architectural integration process of the future. In our view, SOA is seen as a contributor to business growth. SOA is the best architecture to support agile IT systems integration as we see it today and goes beyond just services. It is a means whereby we can integrate our systems internally," he said.

While he added that SOA was not a pre-requisite for banks to operate successfully in the short term, he believed any company wanting to be first to market and to capture opportunities as they arise needs to be considering transforming to an SOA. "Otherwise I believe you will find yourself in a few years time - not overnight - being unable to deliver on a business strategy and you will be playing continuous catch-up," he said.

Having developed a long term SOA vision with total buy-in and understanding from business management, NBK invested in human resources to develop the new framework that initially is to support the core retail systems.

"We did a lot of training and hired new people. To get new people was very, very difficult, but we decided it was an imperative. Without in-house resources, we would not be able to succeed. We might as well be dependent on a vendor and go that route and that's it. So we did this and we invested in excellent people and technology," he added.

It was critical for the development team to understand the bank's enterprise data model and where each application sits in the information consumption chain. Business process modelling was critical and focus continued to be put on enterprise application integration with the IT team opting to use Microsoft's .NET environment to achieve it.

"Again, I don't think we should kid ourselves into thinking that everything within components will come together. There is a lot of work to be done. We equipped ourselves with more and more technology skills. In our case it was .NET. This was our focus for integration."

While application integration is an aspect of an SOA, he warned that it is not the sole purpose as some companies believe. "I suspect that a large number of companies see SOA as an integration project. Some people say it's as high as 90%.That's not proper SOA. Doing EAI (enterprise application integration) via web services is not SOA."

When asked why he thought SOA would be able to deliver on its future-proofing promises when components and object oriented technologies had failed, Dr Chehayeb said that while object orientation and componentisation had some success in the 1990s, they certainly failed at re-usability. The technology was there, but re-usability was not. He said this was because there has been no clear governance deployed around their development and use.

This is why governance around SOA deployments has become a critical focus, he added. Without governance, uncontrolled ad-hoc development of services would undermine the promised benefits of SOA, such as improved productivity through service reuse and better alignment with the business.

NBK has now created a solid platform for SOA for service management, service brokerage, etc. and piloted many of the services developed though they are not deployed yet. But Dr Chehayeb believes it will not be long before NBK will be reaping the benefits of an SOA framework such as IT being able to respond to support new business opportunities much faster than was possible previously.||**|||~||~||~|"The growth of a business is directly related to your ability to capture opportunities. We see SOA as a direct contributor to business growth," he said.

Just as Dr Chehayeb sees the road to SOA being a long and challenging one, so is the road to identity management. But, as with SOA, the business benefits of ID management can be huge, the FT Summit was told by Andrew Johnston, Senior Technology Architect at the Allied Irish Bank (AIB), an international bank employing 23,000 people across 10 geographies.

Gartner’s report on identity and access management says: "ID and access management projects are much more than technology implementation - they have real business value by reducing direct costs, improving operational efficiency and enabling regulatory compliance." According to Johnston, the business drivers for deploying group identity management at AIB were even more compelling. When AIB decided to deploy an identity management solution, it had a very good reason to do so - back in 2001 the company was running 120 directories across the AIB entities.

It was supporting a number of email systems including Lotus Notes, Microsoft Exchange and Sun's Mail Server, which meant poor address book functionality and inefficient internal e-mail exchange.

At that time AIB, previously a holding company with five different businesses, became a unified organisation, which not only needed to unify group directory services, but also its entire IT strategy.

With such a range of drivers and the over-arching needs to ensure data privacy and compliance, the bank, in 2002, selected Novell's identity management suite to build its Group Directory Services (GDS) though its was May 2003 before the project got under way. Six months later the infrastructure had been built and tested and by July 2004 the first systems - human resources - had been delivered, including password self-service.

The GDS is now a key foundation service underpinning AIB's New Banking Platform, which Johnston describes as a service-oriented and multi-channel architecture that is standards based and platform agnostic. It is a centralised Linux-based SUSE system replacing distributed systems and includes J2EE and XML based front-end services. Linux has also been deployed on the desktop. Rollout began with a pilot in head office in October 2004 and the desktop rollout will be completed next year.

"We're using open source technology wherever we can. AIB is not taking sides. We're deploying Fit for Purpose open architecture. If it's manageable, low cost and stable, we'll use it. The objective with the new banking platform is to support the customer-facing aspects of the retail banking business for the next 10 years," he said.

The new ID management system allows new staff to be up and running immediately and permits the bank to immediately remove or alter access privileges if a person leaves or moves department. A role based access model had been implemented which makes it easy to change access rights as personnel move department or get promoted. Specific access rights are assigned to specific roles, explained Johnston.

There has been a marked drop in help desk calls through self-serice, but he warned that people continue to expect and demand single sign-on. This is not always possible, because of legacy systems and other complexities. It is important to manage such expectations and make it clear from the beginning whether or not single sign-on is achievable, necessary or desirable, he said.

Ownership of an ID management project is also key, as are vendor relationships. "Don't underestimate the work involved in deploying an ID management platform. It is quite complex. Not all organisations are the same and solutions have to be made to fit different organisations, so vendors are important," he said.

With the platform now in place, Johnston is looking at new areas to apply identity management. One area under investigation is its use for the management of the physical access to bank buildings, which Johnston described as being a huge administrative overhead.

"We are not anywhere near the finishing line. The organisation is still changing and there is still a lot to do. We still have a lot of applications that need to be enabled on the directory," he concluded.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code