Banking On The Cloud
John Bensalhia speaks to Welcome Chan, Security Manager of Wing Lung Bank Ltd, to look at how the Cloud and other digital services can benefit the financial and banking sectors...
Pullout quote: “I believe that with the evolution of FinTech and innovation atmospheres, the developments of the digital banking services will be growing rapidly. More innovative services will be available in the foreseeable future...”
As the Cloud continues to grow in popularity, it becomes more of a familiar presence not only in households but in businesses. And as Welcome Chan, Security Manager of Wing Lung Bank Ltd explains, the Cloud has become a greater element in the worlds of finance and banking.
“With increasing popularity of the use of Cloud services, the Cloud platform is more familiar not just in home use but also business use. In such, the consequence usages related to the Cloud (such as Big Data, Virtualisation with Network Function Virtualisation (NFV), FinTech, and Internet of Things) have been introduced, driving the Cloud to be more critical in our daily life in the foreseeable future.”
“Recently, there was a discussion regarding the introduction of the use of Cloud service in banking and financial domains, particularly the promotion and increasing importance of Innovation Banking.”
With that in mind, Welcome's forthcoming session at Cloud Expo Asia Hong Kong 2017 (at the Cloud Security Compliance & Regulation Theatre), entitled “Potentials of Cloud Implementations and Usages in Financial Infrastructures” will discuss some of the possible consideration points and areas when justifying the use of Cloud with balancing of security and organisation/IT cultures.
Welcome's current role is to lead the information security team at Wing Lung Bank where he oversees its information security policies, procedures and guidelines to ensure the adherence of regulatory and compliance requirements. “I play a key role in the cyber security protection of the bank and provide security advice to businesses, projects, IT infrastructures and application reviews to alleviate the potential security risks. I focus on the areas of infrastructure, application security technologies, technology risk management, vulnerability risk assessment and cyber security protections.”
Wing Lung Bank was founded in 1933, and is among the oldest local Chinese banks in Hong Kong. “Following its motto of 'Progress with prudence, service with sincerity', Wing Lung Bank provides comprehensive retail and commercial banking services,” says Welcome. “It has become a member of China Merchants Bank Group since 2008. China Merchants Bank, the 6th largest commercial bank by total assets in China, is currently among the top 100 banks in the world.”
Welcome says that digital banking is the digitalisation of the traditional banking services available for the customers inside the branches of the bank, including deposits, withdrawals, transfers of money, banking account services, loan services, billings, and wealth managements. “Recently, digital banking would be the next era of the banking and financial industries. Some of the remarkable digital banking services are e-Cheque payments and Virtual Teller Machines (VTM), experiencing the transformations of the uses of digital technologies from the traditional branch services. I also believe that with the evolution of FinTech and innovation atmospheres, the developments of the digital banking services will be growing rapidly. More innovative services will be available in the foreseeable future.”
A key benefit of digital banking is that it improves the customer's experiences when he or she enjoys the banking services inside the branches. “This brings up a brand new on-boarding experience to the customer and saves the lining up time.” Another major benefit is that the branch operation costs can be reduced to a certain extent - “assuming that the maturity and popularity could reach a certain level so that the human talents could be able to focus on exploring the new products or services.”
From a customer's point of view, however, a notable challenge of digital banking is looking at how to make it accessible to all generations. “While it is possible to explore other customer segments – such as teenagers by making use of the digital banking – there is no doubt that the customers from middle-aged group occupy the most significant portions of the customer base among the branch service segments in general. The adoption of the digital banking by this group would be a key indicator on the success of the digital banking.”
Another challenge is the complexity and difficultly of the re-engineering of the traditional branch services to that in online and digital form, or even transformed into Internet world. “The success of digital banking relies on the maturity and capability on thoroughly understandings of the banking business processes, technologies, security and regulatory requirements.” says Welcome. “Those elements are vital when designing and implementing the security controls, with balancing of the business processes and customer experiences.”
To achieve higher assurance on the success of the translation process from the traditional branch services to digital banking services, Welcome says that the key concerns are the engagement of human talents. “It is not an easy task to engage the people having comprehensive and all-round knowledge across technical, business, security and regulatory domains. Huge resources on training and knowledge managements are also necessary to train up and maintain the staff members accordingly.”
“Innovative, FinTech and creative ideas will also be involved into this process in conjunction with the Cyber Security requirements so as to protect such sort of initiatives. Hence, with complex integration of all mentioned elements, this approach poses a lot of difficulties and challenges to security professionals in this generation,” Welcome supplemented. “The digital banking initiatives, including FinTech and Innovations, are new in this era. Due to the natures of the initiatives, they may deviate with some existing policies, procedures and guidelines and controls, or even not applicable. In such, it may be required to have exemption by management or to derive other sets of documents to cater such sort of initiatives.”
Welcome also believes that security reviews of the digital banking initiatives are also challenging to security professionals. “Unexpected scenarios will possibly in place anytime, anywhere throughout any phases of project implementations from design to production launch. In such, security reviews, not only focus on design and requirement gathering phases, but also concentrate on other phases, including closely monitoring of the risks and controls to alleviate the potential security impacts of the initiatives.”
“As businesses and technologies are changing all the time, security professionals should also keep abreast of the changing of the security technologies and defence approaches, while business/operation units should also get involved into the security protection domains so as to have in depth contributions, facilitating the businesses as a whole.”
Welcome concludes that digital banking will be the main trend of the banking industries in the new era. “Nowadays we could see that Internet Banking, Mobile Banking, Online Bill Pay, P2P Payments, etc, play a major role and illustrate a positive effect on digital engagements. With this foundation on the digital banking, we should also keep eyes on the developments of Financial Technologies (FinTech) and Internet of Things (IoT) and how they contribute in the digital world. Both of them help make the innovations services to every corner of people's lives.”
The Internet of Things is given by Welcome as a specific example of this, because of the connection between mobile devices and appliances: “They are able to collect and exchange data or even capable to deliver information whenever you need. With this concept, the household devices could act as the billing endpoints for people to manage their billing finances. It is technically possible to check the bills of a water-meter or other household devices such as refrigerator to pay for water bills and to purchase foods automatically.”
“Of course, security and privacy issues are the major challenges because of the focus on the processing on the customer and household device information over the Public Internet, implying that the behaviours of people could be traced and tracked more easily.”