Mind the unknowns: on the future of banking The German-Singaporean Financial Forum (GSFF) "The Future of Banking – Evolution, Revolution or Big Bang" at Management University

1 Introduction

Ladies and gentlemen

Thank you for your kind invitation. It was easy for today’s organisers to convince me of giving a keynote at this seminar, because today’s topic, the future of banking, is currently among the most exciting fields not only for financial actors, but also from a central banker’s point of view.

And the big question of today – evolution, revolution or big bang - is certainly not just a marketing trick to lure you to this seminar.

We have witnessed major digital transformations in other sectors already:

Small start-up companies with innovative ideas have quickly gained a share of the market, previous "top dog" companies have been brought to their knees, and completely new process chains and work environments have come into being.

What does this mean for the banking sector, which is currently undergoing a wave of digitalisation?

Pretty much everyone involved in banking is currently asking this question, and I’m sure that you here today are no exception.

People want to know where things will be in three, five or ten years’ time – and they want to know in as much detail and as soon as possible.

In the 20 minutes I have been allocated, I would like to talk about a few recently discussed scenarios on the future of banking and then – from the perspective of a central bank and a supervisory authority – offer a somewhat more conservative perspective.

2 Can we know where things are heading?

When looking at the future of banking, it naturally makes sense to begin with the technological and societal changes that digitalisation is bringing about – changes which have an impact on the way banking is organised and the value it creates.

A recently published study entitled "Digital Banking 2025" has done just that.

The authors conclude, for example, it will be necessary for the "client journey" to be the prime consideration when developing new services.

Customers are becoming more discerning and can click their way to the competition faster than before.

So-called application programming interfaces (or APIs) and a trend towards specialisation will atomise the value chain – which is the very opposite of the previous trend to offer as many banking services as possible under one roof.

Banking could also be reshaped by big data, whereby banks’ financial knowledge of their customers could feed into a comprehensive, very powerful customer profile enabling value to be created via interfaces with completely different sectors.

There are still other far-reaching scenarios under discussion, but I will not be able to fully explore with you all of these nor their underlying economic theories, as my time is limited.

However, even though these economic considerations are important, things can also be shaped in a decisive way by the course of day-to-day developments. This is why we speak of path dependence.

I would like to illustrate this point with the topic of disruption, which has often been discussed in connection with the path taken by banking.

Disruption means the fear that fintechs, and especially tech giants, might offer far more innovative financial services much more cheaply, which would very quickly transform them into overpowering rivals for traditional institutions.

That is not as far-fetched as it may sound – we have already seen disruption in other sectors. And there have already been disruptive developments in the financial sector. Just take stock market trading, for example, much of which left the trading floor quite some time ago.

But thus far, disruption has only affected individual components of banking. No technological innovation has been able to fully replace the economic functions of banks.

From our experiences with banking transformation in Germany, I don’t see widespread disruption happening today or in the foreseeable future. Right now, day-to-day relations between fintechs and banks in Germany can best be described as "complicated".

We are currently seeing almost every model conceivable in the business world, from traditional fintech takeovers and white label banking to the idea of the bank as a digital ecosystem.

While fintechs started off being quite feisty towards the established institutions, we are now seeing a diverse coexistence based on competition, cooperation and expanding the service offering.

The takeaway from what I have said so far is that that the story of digitalisation is still being written, paragraph for paragraph.

Much depends on external events: What payment methods will play a role in future? How much personal contact will customers need in matters that require a high level of trust? How relevant is the wish to receive all services from a single provider? How much of a given technology is simply hype?

Therefore it is not a surprise, that many questions about the future of banking remain unanswered. For example, what impact will digitalisation have on banks’ earnings?

To what extent will profits be skimmed by new market entrants? And how many institutions with similar services will be necessary at all in a digital financial sector?

From my perspective, a wide range of needs and lively competition are likely to be permanent fixtures in the future banking landscape.

One thing is clear, however – competition with new and fast-moving rivals, the ease with which customers can switch providers, and the agility that this will call for will almost inevitably increase the pressure on market participants – and this may prove too much for some. So if you ask for my opinion on which business model will survive, I am inclined to say: the best business models of many.

Whether you share this view or not: we must be careful that we ourselves do not contribute to the hype cycle through the forecasts we provide, and that we continue to analyse what is happening with the required degree of openness and curiosity.

3 In the digital age, risks won’t disappear: the supervisory perspective

We supervisors, too, are grappling with the question of where banking is headed.

For example, in a working group of the Basel Committee on Banking Supervision, scenarios have been drawn up which are plausible in light of technological developments.

But it was less the changing business opportunities that we were interested in than the associated risks which these entail.

After all, it needs to be clearly understood that risks do not disappear just because files and processes are digitalised. In fact, new risks actually emerge.

The physical files we used to have were not at risk of cyberattack – but today’s digital files are.

In the second part of my speech, I would therefore like to address the risks of digital banking and what that should mean to us.

From our supervisory experience we can say that too many senior managers are still not treating operational risks – and especially IT related risks - with the same care and attention as traditional banking risks.

Maybe this is because IT risks are rather unintuitive. They materialise rarely or very rarely, but when they do, their impact can be colossal. But every player in the digital financial sector needs to be fully aware that digital services also require trust.

Whether this trust is earned through years of reliable service or is given in good faith to a new enterprise upfront, in both cases it is one of the most valuable assets and should be protected.

Supervisors are, in any case, working day in and day out to ensure that these risks are recognised and limited. After all, as IT is part of the financial infrastructure, it cannot afford weaknesses that might be acceptable elsewhere, as even short disruptions can be expensive.

Outsourcing is a key topic here. It certainly enables significant savings, but the risks shouldn’t be underestimated.

In Germany, this means that banks cannot use outsourcing as a pretext for not accepting the responsibility for losses incurred by customers or within their own organisations.

It is therefore all the more important to keep risks under control when outsourcing. Is this guaranteed if the servers are located on a different continent?

Generally speaking, when value chains are broken up, it must be ensured that end-products are reliable, and that not everyone can simply pass the buck if something goes wrong. Banks have a particular duty in this regard.

Another challenge that has become hugely more significant in recent years is cyber risks. And let us bear in mind that cyber defence is not a trivial matter – and you cannot rely upon defence strategies from the analogue world.

Back in the Middle Ages, it may have been relatively easy to defend castles: by building moats and fortresses.

And it was mostly clear from what direction the enemy – often the same enemy – would advance. The reality of IT is a different matter altogether:

Enemies are unknown and almost never come out into the open. In some cases, professional hackers hide for months on end within a company’s fortress walls.

This was for example the case with the Carbanak gang which invaded the IT of banks across the planet.

And even if a company has detected a system breach, this does not mean for one moment that the assailant has been driven out of the system – this requires, in some cases, top-of-the-line criminology techniques.

We should therefore think of a company’s IT security as being more like an immune system rather than a simple wall. And you can very well imagine that it takes more than a good antivirus scanner and a firewall to provide this immune system with adequate protection.

Very often, the weakest link in the chain when it comes to security measures are people.

At the Bundesbank, a Bank-wide awareness project on cyber security was recently launched that took employees on a journey through the "cyber jungle".

This might seem a bit gimmicky to some employees, but it is absolutely crucial that they know what to do, and what not to do, as they navigate the digital world each day.

This brings me to another topic: the risks not only affect existing institutions, but also newcomers.

They are not immune to problems. Let us briefly look at the story of fintechs so far. The wave of digitalisation coincided with a great deal of dissatisfaction among customers with "banks".

That is why fintechs presented themselves as a counterpoint to traditional institutions, dressed in hoodies rather than a suit and tie, and claiming to be "small, no-frills outfits" rather than "too big to fail".

But does a sense of a new dawn breaking and a customer-centric culture alone really make such a huge difference? Does the image which fintechs have of themselves really justify supervising them less strictly?

In my view, it is concrete evidence of safety and reliability that counts. There have been news of problems and failures at fintechs companies, combined with isolated cases of fraud at fintechs around the world. They show that mishaps and misconduct cannot be eliminated through technology and a fresh appearance alone.

That is why, in Germany, we have so far had good experiences with the principle of "same business, same risks, same rules".

If, for example, you’re engaged in banking business – that is, you take in deposits and grant loans – you’re going to be treated as a bank by supervisors. You’ll need a licence and be expected to satisfy supervisory standards.

It doesn’t matter whether a bank only appears on a smartphone screen and most of the standardised processes run automatically, or whether it is a well-established high street bank.

So if a fintech in Germany remains exempt from supervision, that is simply because its business model contains nothing which, from today’s perspective, presents a risk that must be regulated and supervised.

4 Conclusion

Ladies and gentlemen

What, then, can we say today about the future of banking?

My speech has hopefully made clear that we can’t just look at simplistic scenarios.

The future of banking is not only about innovation, it is also about doing things right.

Therefore, in my view, digitalisation will reward not those who "reinvent the wheel" but those who are generally more competent at what they do.

This also means keeping the risks of digitalisation in check, what should also be the benchmark for institutions.

It is not individual ideas we are talking about, but a bank’s overall package – including risk management.

Thank you.