Sibos 2017: Disrupting the Disruptors

Robotics, artificial intelligence, cybersecurity and blockchain—from a capital markets perspective, these were the big four topics of the annual Sibos conference this year, hosted for the second time in Toronto. The use-cases for these technologies stretched across the middle and back offices, where some larger banks debated the benefits of robotic process automation (RPA) when it came to legacy architecture, through to the applications of machine learning and cognitive technology in fraud detection, know-your-customer (KYC) processes and anti-money laundering (AML). These technologies, while remaining on the cutting-edge, appear to be increasingly critical for banks, which means that those without the financial and technical resources to invest in them are increasingly at risk when it comes to detecting fraud.

“If you’re a financial institution, unless you’ve got the software, you’re not going to be able to do it,” says Chris Mathers, a former undercover officer with the Royal Canadian Mounted Police (RCMP), who spent his career infiltrating money-laundering gangs. “There’s too much going on, and you need to have it. The problem is that a lot of these banks are almost big enough to get it, but not yet, and those, I believe, are the most vulnerable.”

On the cybersecurity front, the tenor was somewhat different from previous years, as the proliferation of cyber incidents in recent months seemed to have finally spurred the industry into action. But far from easing the problem, it only seemed to get worse—experts warned of nation-states attacking US banks, while law enforcement and military officials spoke about persistent and advanced threats from a fusion of state and criminal enterprises, all with access to intelligence tools that were once developed by Western intelligence, and are now freely available. The dark side of open source was an idea mentioned by more than one executive.

Conspicuous Absence 

One theme that seemed conspicuous by its absence this year was disruption—far from the heady heights of four to five years ago, when payments providers, capital markets tech firms and anyone else who wanted to start a company and call themselves “fintech” were threatening to destroy the banks, the tone was far different at this year’s event. Instead, the disruptors have themselves been disrupted, a theme which will be explored in more depth in a future issue of Waters. 

Far from launching coups d’état, many fintech firms are now willing partners in alliances that help to strengthen the position of the industry’s incumbents. The language is one of collaboration, rather than confrontation. “Some of the hot air has left the room, and we’re now talking about working together,” says Michael McGovern, head of investor services fintech at Brown Brothers Harriman. Others, like Mathieu Maurier, a managing director at Societe Generale Securities Services, say this phenomenon isn’t specific to finance. “I liken it to biotech,” Maurier says. “You haven’t seen a biotech firm replace a single big pharmaceutical company—they work together now. It’s the same with us and the fintechs.”

From the perspective of Sibos, at least, the short-lived phase of “disruption” is clearly over. But the new challenges that it helped introduce and popularize—emerging technology, cybersecurity, distributed-ledger technology—are all very much still active. They just have a new—or perhaps, an old—home, now.

Building Blocks: Blockchain Creeps Forward

Of the aforementioned four technologies, blockchain was the one that dominated discussions at Sibos this year. If you’re a believer in blockchain and distributed-ledger technologies (DLT) as a whole, then while 2016 might have been the year of blockchain discussion, 2017 has been a year of progression, edging into live implementations. Most banks have taken a two-path approach toward blockchain experimentation: internal blockchains to automate largely manual middle- and back-office processes; and working with consortia and industry groups for industry-driven projects. For all the talk of the revolutionary powers of DLT, there’s little evidence of fully live implementations that are disrupting finance—as yet, anyway. Yes, there are large numbers of test projects currently on the go, the vast majority of which have produced impressive results (based on participants’ claims), but none so far as Waters can ascertain has made it into a live, production environment.         

What has become clear is that blockchain is not right for all. While speaking on a panel at the event, Dirk Bullman, an advisor to the director general, payment systems and market infrastructure at the European Central Bank (ECB), said that while the ECB is exploring the technology, it’s “not an option” currently for the institution. “What we offer, as a service in Europe, is the backbone of the financial sector, and the implementation of monetary policy,” Bullman said. “It has to meet high security standards, high efficiency standards, and we quickly came to conclude that blockchain technology is not as mature as we had maybe hoped.” 

Alexis Thompson, head of global securities services at BBVA, noted that the industry has dumped “billions” of dollars into large-scale projects like Target2-Securities. “And now they’ve got to dump more money into this? If I go back now to my firm and say, ‘we’ve spent millions and now we’re going to throw it all away because we’re moving to blockchain,’ I think they’re going to look at me as if I’m a bit of a madman,” he said. “We’ve made an investment—it was a huge investment—and now we have to make that work.” 

He also noted that while instant settlement is hypothetically possible with blockchain, “as an industry, we’re not ready for instant settlement.”

Waters’ Take: Distributed ledgers will eventually find their way throughout the industry, but the technology is still in a hammer-looking-for-a-nail phase, and one has to wonder if that’s truly how revolutionary innovation should be born. But it’s not all doom and gloom. While speaking with Waters at Sibos, the Depository Trust and Clearing Corp. (DTCC) confirmed that its Trade Information Warehouse project—a blockchain-based platform for reporting credit derivatives trades—will be fully live by the end of 2018, with a caveat that the deadline might stretch to the beginning of 2019 in a worst-case scenario. 

Additionally, Swift’s DLT pilot for trade finance now has more than 30 participants and it has released a report of lessons learned during the process. The findings make for sober reading among DLT trade-finance enthusiasts. “One thing that was important is that the value you get depends on what type of institution you are,” Damien Vanderveken, head of research and development at SwiftLab, tells Waters. “So, if you are a very large bank and you’ve done a lot of investment already in liquidity management, then the benefits of moving to a DLT solution are not as big as they would be if you had not made those investments. So we clearly need to take that into account in the next steps—to cater for all types of banks, we need to segment our approach.”

The interest and investment in DLT is there. That is plain to see. But just how revolutionary the technology will turn out to be will depend largely on whether there’s some evidence of real-world implementations before Sibos 2018.

AI: Machine Learning Grows Up

As the hype for blockchain has simmered down just a bit, machine learning’s ascent has skyrocketed. The reason for this is that when used effectively, machine-leaning-based algorithms can significantly reduce processing times, allowing traders, risk officers and back-office workers to more effectively do their jobs. The technology has become more viable through increased storage and processing power, and the ability for capital markets firms to consume and digest more varied and complex datasets. Additionally, while DLT projects are largely geared toward industry problems, machine-learning tools can be used in a more targeted fashion internally. 

Take, for example, what Finastra is building when it comes to removing the risk of—and fallout from—“fat-finger” mistakes. Finastra, formed this year through the merger of Misys and D+H, is preparing to sign its first deal for its FusionCapital Detect platform, an algorithm-based offering that uses machine learning to track clearly erroneous trades before they can go through the entire post-trade process, and halt them before they wreak havoc on the broader market. 

While speaking with Waters at Sibos, Nadeem Syed, Finastra’s CEO, said the company deployed this algo for an equity derivatives desk as a proof-of-concept at a tier-one bank and that “out of the box … the algorithm was accurate to 90 percent.” 

Expect to see many more examples of machine learning’s effectiveness for the capital markets over the next 12 months.

Waters’ Take: The caveat with machine learning is that—as with any truly revolutionary technology—everyone wants to jump onto that bandwagon (think cloud in the mid-2000s). There’s a distinct difference between true machine learning and simply using automated technologies to replace manual processes. But give a marketer a chance, and they’re likely going to sprinkle in a few ML and AI references when talking about their product. Much like how regulators are grappling with how to oversee digital currencies, regulators are also going to have to get their heads around the benefits and potential illegalities of true black-box, machine-learning tools.

The other thing that needs to be understood is that while AI will remove numerous low-level jobs at financial institutions, it will also create a large number of high-level jobs. But that’s also more of a long-term issue. In the near term, these tools will prove to be effective augmenters, rather than replacers. The reason that banks are throwing money at engineers with machine-learning expertise is because the technology offers the potential to increase a talented portfolio manager’s or trader’s ability by orders of magnitude. It can also help expand a risk or compliance officer’s understanding of the firm’s various exposures and it can help reduce the likelihood of a massive fine due to a KYC/AML-related infraction. 

For now, the machines are our friends. That said, firms must invest intelligently rather than enter into a boondoggle with no clear goal or oversight.

Unplugged: Robots Not Ready to Take Over

That brings us to robotic process automation (RPA), arguably the one area for some, where AI has taken a backward step. The events of 2008 are still being felt today. Banks are still trying to figure out how to adhere to onerous regulatory reporting requirements, while reducing headcount, all while investing in innovative technologies in order to remain competitive. This three-pronged problem has led to significant investment on the sell side into robotics in recent years. 

As firms are taking a step back to examine the ROI of these projects, though, some are finding that they’ve not been worth the expense. While speaking on a panel, Matthew Davey, head of business solutions at Societe Generale Securities Services, said that while machine learning has proven useful, robotics has been a disappointment. “When we talk about AI, most of what we mean is machine learning, but we’ve also done a lot of work with robotics, with RPA recently,” Davey said. “I have to say that we’ve been a bit disillusioned with that experience. When I talk to people internally, there’s been a lot of negative comment about RPA.”

Davey pointed to cost as RPA requires a bank to “parameterize all aspects of a process,” but once new costs are factored in, the sheen fades. The French bank is now pursuing a fusion of RPA with other AI technologies, the results of which, he told Waters on the Sibos sidelines, are more promising. 

Waters’ Take: This one was a bit of a surprise to us. Over the last several years we’ve heard increasingly about firms turning to RPA to help improve middle- and back-office functions as an answer to increased reporting demands. Our guess is that there isn’t a sea change underfoot; rather, capital markets firms are reexamining the technology and their options. As Kirsty Roth, global head of operations at HSBC, noted on a panel, a hybrid approach is probably most beneficial. “We’ve had mixed experiences with RPA. Fundamentally, we still prefer to be mobile-first, proper, good old-fashioned straight-through processing,” she said. “What we’ve learned as an organization is that it’s useful to have both tracks—anyone waiting for a gold-plated solution, given our size and scale, will be waiting for a really long time.”

The key problem here, as with DLT, and other new technologies, is that implementing them on legacy architecture is a no-win situation. Banks still have spaghetti-like technology estates, and implementing RPA technology on top of that is an end-point, rather than a starting block—they have parameterized the processes to fit the existing technology restrictions, and therefore any changes become difficult to implement. As with most things, as the shine comes off emerging technologies, the real guts of the issues are exposed.

No Shelter: Cyber Concerns Threaten Everyone

The evolution of innovations such as blockchain, AI, robotics and numerous other technologies will see twists and turns along the way. Investment will ebb and flow. Newer, more revolutionary products—quantum computing, which is a truly disruptive technology in the real sense of the word—will continue to evolve. The one thing that will remain constant is the worry over cyber threats. 

The recent data leaks at Equifax and the US Securities and Exchange Commission (SEC) have forced large numbers of capital markets firms to reexamine their cybersecurity protocols. Perhaps most worrisome is that nation-states are becoming increasingly sophisticated at targeting financial institutions through cyber-attacks as better hacking tools proliferate. While speaking at Sibos, William Carter, deputy director of the technology policy program at the Center for Strategic International Strategies, said that from 2011 to 2013 the Iranian government started launching distributed denial-of-service (DDoS) attacks on banks and exchanges across the US. That marks the point that cyber-attacks metastasized for financial institutions. “If you’re talking about a change that should make every financial institution absolutely terrified, that should be it,” he said. 

And now North Korea can be added to that list. “North Korea is really the only one we’ve seen doing it at scale for financial gain thus far, but one interesting thing is that there are about 150 countries with less GDP than North Korea, and more connectivity. If any of them are inspired by North Korea and think, ‘Hey, I could use some government revenue, this seems relatively easy,’ it actually can be done,” Carter explained. 

Waters’ Take: It’s easy to throw one’s hands up and say, “What can you do?” but that’s simply not an option. Banks will always be playing a game of technological catch-up with hackers, but to combat that, the industry needs to come together and open up lines for dialogue. And, as always, educating internal employees is vital. But perhaps more important is stripping out the ego from the organization and understanding that you’re never 100 percent secure and there’s always room to learn. After all, the hackers are learning new tricks every day. More than that, they’re evolving, too. Criminal gangs and states, in certain parts of the world, are more or less indistinguishable from one another, says Mathers, the former RCMP officer. The tools that were previously only available to intelligence agencies are now, in this new era, widely available. 

Much of the attention is, of course, focused on commercial banks. But that doesn’t mean your friendly neighborhood stock exchange is safe. “Financial market infrastructures are certainly being targeted, and one of the things that really scares major stock exchanges is DDoS, because denial of access to your data is a real problem for them. Actually, the biggest threat they’re grappling with is data integrity. So, if you’re thinking about something like a stock market, you need to be able to trust the price that you’re being quoted, and trust the order flow, so they’re really concerned about that,” Carter said, in response to a question from Waters.

You can find all of WatersTechnology’s coverage from this year’s Sibos event in one place here.