Navigating a New Frontier for Financial Services

Introduction

In every industry, the organizations that are leading the market have one thing in common: they’ve doubled down on digital transformation and innovation, offering customers low-touch, highly customized services through their personal devices. This is as true for online retail as it is for your favorite coffee chain—and it’s increasingly true for banking and financial services.

Digital transformation in the financial services sector is no longer disruptive. Many market leaders have already made strides—as have small, agile fintech innovators— which means organizations that want to stay competitive need to be decisive and strategic in modernizing the customer experience. First and foremost, this requires ease of access and personalization: one study shows that 91% of consumers are more likely to maintain relationships with brands that recognize them and reward their loyalty. However, security must also be top of mind.

The financial services space is frequently targeted by bad actors, incurring the highest cost of any industry—approximately $18.3 million annually. On top of that, research shows that while 59% of customers will think twice before choosing an organization that has suffered a breach, their tolerance is even lower for financial services companies. Two-thirds of consumers would take their business straight to a competitor if a cyber attack caused issues for more than three days. As more customers conduct banking and transactions online (a trend accelerated by the global pandemic), and more bad actors target the financial services sector, organizations are under pressure to step up their cyber security initiatives.

But user experience and the need for data security don’t just apply to customers. The workforce can also benefit from enhanced digital touchpoints, processes, and services—especially now that there has been a significant shift to remote work. With employees and contractors logging on anytime, from anywhere, ensuring seamless access to tools and applications is table stakes. It also has to be secure, with centralized control for IT teams.

Two-thirds of financial services companies have over 1,000 sensitive files open to every employee—making each of them a potential target for hackers. Research by Forrester shows that accidental exposure is responsible for 36% of lost data, and a survey from Kaspersky found that 52% of businesses consider their workforce to be the weakest link in their IT security. As a result, CIOs often feel forced to choose between frictionless workflows and tighter security. But there is a way to have both.

Identity is the common denominator

Modernizing identity and access management (IAM) for workforces and customers— CIAM for the latter—is what will enable businesses to meet the needs of both their employees and consumers. This is particularly important for major incumbent players who face potential disruption by fintech newcomers.

Some of these companies will choose to compete, others to collaborate. Regardless, inorganic growth is going to play a major role for many large and medium-sized financial services companies as they acquire the digital businesses they need to differentiate themselves or build them from scratch. To make these projects a success, organizations need to ensure strong logins, secure APIs, and centralized user management.

The process of ensuring seamless and secure experiences for consumer-facing apps is equally essential for financial services providers. Protecting customer logins, credentials, data, and privacy is critical, and many financial services organizations are reorienting their focus and their consumer offerings in that direction.

As financial services brands continue to drive on their digital transformation initiatives, there are three priorities that should be top of mind—and identity and access management adds immense value to all of them.

In the following sections, we’ll examine each of these priorities in detail.

New expectations for customer experiences

The accelerating demand for digital banking and contactless payments has already had a transformative effect on how customers transact, and has redefined their experiences with and expectations of financial services companies. But that’s really just the beginning.

We’ve entered the era of open banking, where customers are no longer satisfied with having a single provider for all their financial services needs. They want to be able to access products and services—and data—from whichever provider offers them the most competitive solutions. There were 18 million open banking users in 2019, and research suggests that could more than double to 40 million this year. This opens new revenue opportunities for financial services organizations that are ready to take advantage.

So what does it take to deliver these new digital experiences?

• Build tailored, personalized services that delight customers, and then empower them with autonomy—that means enabling self-service options that let them manage their own accounts.

• Collaborate with emerging fintech players to provide customers with cutting- edge products and services.

• Invest in modern API access management and security. Providing customers with open banking options is entirely based on an organization’s ability to participate in the API economy. Financial services companies can also invest in mobile SDKs to build and launch applications faster.

• Monitor, manage, protect, and unify customer identities across multiple apps and channels. Even better, facilitate seamless experiences across these channels through frictionless—and for the true leaders, passwordless—authentication so that users can access a provider’s services regardless of app or device.

Maximize regulatory compliance, minimize risk

Mitigating risk and remaining compliant are two sides of the same coin—because if there’s a data breach, there will also be penalties from regulators, along with a loss of consumer confidence. In just the first half of 2020, there were 1.1 billion digital fraud attacks, and more in two out of every ten Americans have been targeted by malicious actors over the course of the COVID-19 pandemic. There’s no end in sight either, with account takeover attacks expected to exceed $200 billion in losses by 2024.

Besides account takeover attacks, identity theft, card-not-present fraud, authorized push payment attacks, insecure APIs, and ordinary phishing attacks are among the many methods financial services companies need to be on the lookout for. Therefore, robust cyber security and data privacy are becoming high-value differentiators for businesses in this sector. It’s also worth bearing in mind that even as customers diversify their accounts and services across different financial services and fintech providers, the burden of compliance remains the responsibility of banks.

For CIOs, it’s imperative to keep track of a regulatory landscape that continues to grow more comprehensive and complex. The Bank Secrecy Act and anti-money laundering (AML) rules are increasingly top of mind, as the United Nations estimates that illicit transactions total somewhere between $1.6 and $4 trillion per year—approximately 2% to 5% of the global GDP—despite the strict international frameworks in place to guard against them.

But beyond these measures, there’s a long list of regulations related to data and information security, such as PSD2, MLD4, MiFID, PCI-DSS, GLBA, SOX, and EBA. There are also other frameworks that operate on regional or state-wide levels, as well as those that are national or international in scope.

This complicates processes considerably for financial services organizations looking to deliver new offerings. For example, deploying open APIs to share customer data across providers is carefully scrutinized as a security risk in some jurisdictions while being tolerated in others.

How can a company remain secure and compliant in the midst of such a complex and ever-evolving environment?

• Maintain a single source of truth for customer identities and data. If data is scattered and siloed, it must either be manually found and consolidated by IT admins, or else customers have to complete the same fields or forms multiple times across multiple touchpoints.

• Update access policies to meet regulatory requirements as they emerge and change. Implementing a Zero Trust security model—which includes measures such as adaptive multi-factor authentication (MFA) and secure access controls for apps, servers, and APIs—is the strongest way to prevent fraud and protect against cyber threats.

• Build security into DevOps DNA to better serve the workforce and customers. Developer, operations, and security teams should all be collaboratively involved in the process of building applications, so that they can move from design to launch
  as seamlessly as possible. Done effectively, this is known as DevSecOps. If IT and security aren’t included in the development lifecycle, it can create vulnerabilities in systems and software, which slows velocity down the line—or leads to cyber attacks.

A dynamic approach for a dynamic workforce

It’s natural—and often necessary—to put the customers’ needs first, providing omni- channel touchpoints and seamless access. But don’t forget that employees need this too. As noted earlier, there has been a rapid rise in remote work, and many financial services businesses are establishing a more dynamic work model that enables their teams to sign in from wherever, whenever.

When it comes to DevOps, building and adopting technology tools to improve internal processes is also becoming a central focus for financial services businesses and their CIOs. This takes several forms, and involves company decision makers, IT teams, security admins, developers, and the wider workforce.

With an ever-evolving ecosystem of apps, what can organizations do to enable knowledge workers to simplify tasks and deliver better experiences to customers?

• Provide one-click access to applications for the workforce—and avoid password reset and helpdesk backlogs that are both time consuming and costly for the business. This begins by unifying the entire disparate network of applications and servers in a single, centralized, user-friendly system—a process that can be completed and even automated with a strong IAM solution.

• Enable a hybrid IT environment to support continuous innovation while maintaining legacy technology. After all, many large and medium-sized financial services businesses have on-prem infrastructure that can’t immediately be retired, but that may be incompatible with the newer fintech solutions they partner with or acquire.

• Overcome data silos. This is not only essential for optimizing efficiencies for employees, but for the various partners, contractors, and collaborators that companies work with. It also adds value for customers so that they don’t need to provide the same information in different places at different times.

• Transform internal culture to drive all of these initiatives. Employees need to
  feel empowered by the processes introduced by IT and security admins, not encumbered by them; and leaders need to invest in their employees, as well as their IT, security, and developer teams, so that they’re equipped to do their best work.

The identity piece helps complete the puzzle

On a practical level, where can companies start to set this modernization in motion, reducing their costs and streamlining operations internally? Integrating cloud-based solutions with the on-prem technology stack is a good place to start, with the goal of transitioning to a cloud-first model. With cloud technology, it becomes possible for businesses to simplify and automate basic IT and ops processes so that in-house technology talent can be allocated to high-value tasks; at the same time, they can seamlessly integrate with new solutions and providers acquired via M&A.

Where identity fits in:

Beyond that, IAM and CIAM fulfill multiple critical functions for digital transformation in banking and financial services, from securing mobile banking and partner portals to verifying identities for payments and improving data collection through progressive profiling.

With identity and access management, organizations can accelerate app deployment for the workforce with pre-built integrations and single sign-on (SSO), while allowing developers to focus on building new apps with the support of the authentication, authorization, user management, and API tools they need. They can automate provisioning and deprovisioning for apps and servers across the entire user lifecycle— and this can be extended to employees and B2B partners as well as customers. End users can also take charge of their password resets, helping to significantly lighten the IT burden while enhancing user experience.

A solution like Okta takes human error out of the picture with an out-of-the-box, market-leading identity layer. With built-in, best-in-class security controls and standards-based authorization, Okta ensures regulatory compliance can be met across the board. All identity infrastructure can be unified, helping to break down the needless complexity and information silos that are notoriously common in large financial institutions; with fully customizable and platformized solutions, Okta can deliver that truly differentiated customer experience that sets companies apart in an increasingly competitive marketplace.

Finally, IAM is fundamental to two of the most important best practices mentioned previously: a Zero Trust security model that builds compliance directly into the authentication and authorization processes, and DevSecOps processes that make sure security controls are embedded into the application development journey early and often. From these two benefits alone, it’s clear how identity can help financial services organizations deliver innovative new products and services, streamline and optimize their operations, and stay compliant all at the same time.

Finding the way forward for financial services

The last decade has been a non-stop transformation for financial services businesses, as they move from traditional business models to new modes of digital engagement and delivery. There’s no slowing down this momentum; the coming months and years will only accelerate it, and it’s difficult to ascertain what the industry will look like five or ten years from now. However, forward-thinking organizations can future-proof themselves for any eventuality by embracing innovative technology, security, and identity today.

Contact us today to find out how Okta can help drive your digital transformation initiatives.

About Okta

Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time. With over 6,500 application integrations, Okta customers can easily and securely use the best technologies for their business. To learn more, visit okta.com.