Frank Schwab

I help navigate digital transformation


A fool with a tool is still a fool


"A fool with a tool is still a fool" captures the current AI hype, where many believe AI can solve all problems. Just like a person with a hammer sees every problem as a nail, some misuse AI inappropriately, leading to flawed systems that may provide inaccurate insights or perpetuate biases. This overreliance on AI can create a false sense of security, diminishing the role of human judgment and accountability. AI is often treated as infallible, overlooking its limitations, biases, and the need for critical thinking. To truly harness AI’s potential, it's crucial to understand its strengths and weaknesses, and apply it thoughtfully, not indiscriminately. This requires education, training, and a balanced approach that values human oversight alongside technological tools. AI's real power is in augmenting human capabilities, not replacing them. By recognizing AI as one tool among many, we can avoid the pitfalls of misuse and truly benefit from its potential.








Published in SundayThoughts, technology, AI, all on 15.09.2024 9:30 Uhr. 0 commentsComment here

Annual Planning in Banking IT


It's the same every year. During the annual budget planning, every bank I know faces an overwhelming number of IT project requests. I've often heard senior managers proudly proclaim, "As part of this year's budget planning, we've reduced IT project requests by 50%." This is frequently touted as a success, which always surprises me. Additionally, false hopes are often raised about what IT can deliver during the planning phase, when in reality, fulfilling all requests is neither feasible nor desirable.


The annual struggle of IT project planning in the banking sector highlights a fundamental challenge: the disconnect between ambition and reality. This ritual is flawed for several reasons. Firstly, it assumes that all IT projects are created equal. In reality, some projects yield significant benefits for the bank and its customers, while others may offer only marginal improvements or even prove detrimental. Secondly, it overlooks the crucial role of IT in driving innovation and competitive advantage. Banks that fail to invest strategically in IT risk falling behind their rivals, losing market share, and ultimately jeopardizing their long-term viability.


The key to overcoming this challenge lies in proper prioritization. This involves not just reducing the number of IT projects, but selecting the right ones. Desirable projects are those that create tangible and measurable benefits for the bank and its customers, such as faster payment processing, more reliable and accessible account services, or enhanced security features. By focusing on such projects, banks can ensure that their IT investments deliver maximum value and contribute to their overall strategic goals.


Moreover, proper prioritization requires a clear understanding of the bank's overall business objectives and the role of IT in achieving them. This means aligning IT projects with the bank's strategic priorities, ensuring that they support the bank's core business functions, and delivering a clear return on investment. It also involves involving key stakeholders in the prioritization process, including business leaders, IT experts, and customer representatives, to ensure that all perspectives are considered and that the chosen projects have broad support.






Published in SundayThoughts, banking, technology, planning, all on 01.09.2024 9:30 Uhr. 0 commentsComment here

Mitigating the Risks of Shadow IT: Empowering Users with the Right Tools and Training




It's not a common occurrence, but last week, I engaged in a heated discussion regarding the IT department's responsibility to provide the appropriate tools to all business users. Whether it's analytic tools or AI solutions, preventing shadow IT hinges on IT's ability to deliver these resources and training promptly.


In my experience within the banking sector, the proliferation of shadow IT and shadow AI has emerged as a significant challenge. These practices, where employees utilize unauthorized IT resources or AI solutions, often arise from a need to fill gaps in the official offerings of the financial institution. A 2021 Gartner report indicates that shadow IT can account for 30% to 40% of IT spending in large enterprises, underscoring the scale of the issue.


I recall several instances where ambitious teams deployed new functionalities from external vendors to improve, e.g., customer profiling or risk assessment. While the results were positive, the lack of integration with core systems led to inconsistencies in data handling and reporting. This mirrors findings from a McKinsey study, which noted that shadow AI efforts often misalign with a company's overall IT strategy, leading to fragmented implementations.


To address these issues, any IT department must proactively enable all users with appropriate tools and platforms. By providing robust, flexible, and secure IT solutions that meet diverse departmental needs, reliance on shadow IT and shadow AI must be reduced. This approach not only enhances productivity but also ensures adherence to data governance, security, and compliance standards.

Furthermore, investing in user training and support across the organization for these tools ensures that employees can fully utilize the provided resources without seeking unsanctioned alternatives.


In conclusion, by equipping users with the right tools and fostering collaboration between departments and IT, the risks associated with shadow IT and shadow AI must be mitigated. This not only enhances operational efficiency but also strengthens security and compliance posture, aligning with industry best practices and regulatory requirements.








https://FrankSchwab.de



Published in SundayThoughts, technology, risk, all on 18.08.2024 9:40 Uhr. 0 commentsComment here

Does the Future Hold a Place for Traditional Core Banking Systems (CBS)?



This week, I reconnected with a dear friend from the business world. We collaborated on Deutsche Bank's core banking transformation between 2007 and 2010—the "famous" EUR 1.5 billion Project Magellan. Back then, I served as Deutsche Bank's chief IT architect.


He inquired about my perspective on the future of traditional Core Banking Systems (CBS). This topic has come up in discussions with over a dozen CEOs and CIOs across Europe and MENA in the past two years.

Here's what I believe:

Traditional CBS face a challenging future. They'll either be stripped down to their core with minimal customization or replaced by fourth or fifth-generation CBS. These newer systems are real-time, AI-powered, and focused on essential functions like account and customer management. Other major functions, like credit and payments, will be handled by specialized, flexible vendor products using the latest software technology stacks.

My conclusion: CBS as we know it is nearing its end.



Published in SundayThoughts, CoreBanking, technology, banking, all on 13.07.2024 9:30 Uhr. 0 commentsComment here

From Oversight to Architects of Digital Resilience - DORA Reshapes the Board's Role

The financial sector faces escalating cyber threats in its digital evolution, prompting the introduction of DORA, the Digital Operational Resilience Act, aimed at fortifying defenses. DORA requires supervisory boards to pivot from mere compliance to becoming architects of digital resilience, orchestrating robust risk management strategies. It emphasizes the importance of understanding and addressing third-party dependencies while fostering a culture where resilience is ingrained, enabling boards to navigate digital disruption with strength and agility.


The accelerating pace of digital transformation in the financial sector has fundamentally altered the landscape of risks faced by banks. Operational disruptions caused by cyberattacks, technology failures, or third-party dependencies have the potential to trigger systemic crises across the interconnected financial system. In response to these evolving threats, the European Union's Digital Operational Resilience Act (DORA) represents a watershed moment, establishing a harmonized framework to enhance the sector's ability to withstand and recover from digital disruptions. For supervisory board members of banks, DORA signifies a call to action, demanding a renewed focus on digital operational resilience and a comprehensive oversight approach.


DORA goes beyond existing cybersecurity regulations by mandating in-depth ICT (Information and Communication Technology) risk management across the entire financial ecosystem. Supervisory boards hold the primary responsibility for ensuring their institutions are adequately prepared for the challenges posed by DORA. This entails a profound understanding of the regulation's core principles, a strategic recalibration of risk management approaches, and a commitment to fostering a culture of resilience across all organizational levels.



One of the most critical functions of supervisory boards in the wake of DORA is the implementation of a robust ICT risk management framework. Board members must not only approve ICT-related policies and procedures but also actively monitor their effectiveness. This requires a shift in mindset, recognizing that ICT risk is not a purely technical issue but a fundamental business risk. Boards need to ensure a holistic view of the institution's digital footprint, mapping critical business functions and identifying potential vulnerabilities stemming from internal systems, external dependencies, and the ever-evolving threat landscape.


Effective ICT incident management is another cornerstone of DORA compliance. Supervisory boards must play a crucial role in defining incident reporting thresholds, escalation procedures, and communication protocols with both internal and external stakeholders. DORA emphasizes the need for swift and decisive action in the face of disruptions, as well as thorough analysis of root causes to prevent future recurrences. Board oversight in this area helps drive continuous improvement in the institution's ability to manage operational crises.




Furthermore, DORA spotlights the interconnected nature of risk within the digital financial ecosystem. The reliance of banks on a complex web of third-party ICT service providers introduces a unique dimension to risk management. Supervisory boards must ensure that meticulous due diligence processes are in place for the onboarding of new third-party providers and that contractual agreements explicitly address issues of ICT risk and operational resilience. The oversight role must extend beyond initial contracting, demanding the institution maintains continuous monitoring of its third-party relationships.


The implementation of DORA goes beyond technical compliance; it necessitates a culture where digital operational resilience is a top priority. Supervisory boards are best positioned to lead this cultural transformation. Through communication, incentives, and accountability mechanisms, board members can promote resilience-focused behavior across the organization. This translates into investing in robust technologies, proactively identifying and mitigating risks, and emphasizing the importance of effective incident reporting and response.



Effectively navigating the requirements of DORA requires board members to expand their knowledge and expertise. This may mean including individuals with deeper technical backgrounds in cybersecurity or digital risk management or seeking external advisors to support the board's decision-making. Additionally, remaining abreast of evolving regulatory expectations, industry best practices, and the changing threat landscape is essential for informed and proactive oversight.


In conclusion, the Digital Operational Resilience Act (DORA) marks a significant milestone in the evolution of the European financial regulatory landscape. For supervisory boards of banks, it demands a shift in focus and strategy. By embracing the core principles of DORA, fostering a culture of resilience, and driving the development of robust ICT risk management frameworks, supervisory boards can safeguard their institutions and contribute to the overall stability of the financial system.









Published in DORA, regulation, technology, DigitalBanking, BoardMember, DigitalTransformation, all on 15.04.2024 19:00 Uhr. 0 commentsComment here

More entries

© Frank Schwab 2024