Amsterdam, 2017

A SEAMLESS CUSTOMER JOURNEYDigital transformation, a necessity for banks to survive

Sylvain Slieker

WHITEPAPER SUMMARY• 01: Introduction• 02: Digital banking• 03: Marketplace banking• 04: How Levi9 can help

SUBJECT

And just like any other industry, the financial industry is not immune to digital transformation. Whereas in the past, banks faced relatively little competion apart from other banks, nowadays the competion is growing fast and - in some cases - comes from unexpected areas.

1.1 Emerging competitionPayPal is already the number one online payment method in some countries, while startups like Square and Stripe are earning multi-billion dollar valuations. Nearly one-third of domestic Starbucks revenues are paid through its own loyalty cards. And fully 10% of all payments in China are made with Alipay: Alibaba became a $16 billion lender in less than three years, and China’s largest seller of money market funds in only seven months.

Figure 1: emerging competition

For traditional banks, the competition will be hotting up even more over the coming years. In 2016, global investment in fintechventures reached $5.3 billion, a 67% increase year-on-year.

The message is clear: In order to survive, banks need to take nothing for granted, re-evaluating their position and how they serve their customers. Especially as digital channels become the primary method of delivering services, and the public demands ever easier access to financial services.

Digital transformation is all around us. In some cases hidden in the background, in others, there for all to see. Either way, it can result in the disruption of entire industries. Just ask taxi companies about Uber, hotels about Airbnb or any type of merchant about Amazon.

1. INTRODUCTION

December-2017

Seamless Customer Journey

2

SUBJECT

2.1 ChallengesSome of the challenges that banks are facing in keeping their customers loyal and ensuring continued use of their financial services are as follows:• Lack of entirely online and mobile process

support;• Unsupported multichannel digital opening of

accounts;• Requiring branch-based verification;• Unstructured, manual onboarding processes

needing significant level of communication;• Falling behind competition in digitization of the

customer journey.

Less time should be spent on infrastructure. Instead, banks should concentrate more on new business initiatives and dedicate more resources to innovation, to realize their goal of a seamless customer journey, whether in house or via third parties.

2.2 Digital-first banksBy transforming into digital-first businesses, banks should be able to offer a more innovative and modern set of services. Their focus should be on making every stage of the customer journey easier, more personalized and more highly suited to its context. Processes should be streamlined and manual intervention reduced.

2. DIGITAL BANKING

First, banks are recognizing that digital transformation is taking place, alongside a growing, ever more urgent need to adapt to it. Consumers have increasingly high demands across all areas, and with increased competition on the horizon, financial services are no exception.

From opening a bank account, to making payments and getting a loan, the public demands the minimum effort; and they expect a simple and seamless end-to-end digital experience. Ultimately, what they want is a seamless customer journey, just as they get from Uber, Amazon or Airbnb.

Key factors in the success of a bank’s digital transformation are:• Seamless onboarding process;• Digitized KYC/AML checks;• Measuring and improving financial health;• Personalized service offering;• Omni-channel offering: web, mobile apps,

branch / ATM integrations;• Internal opposition to new tools processes.

2.2.1 On-boardingA seamless customer journey starts with the seamless onboarding of the customer. This requires straight-through processing, which is processing where transactions are conducted electronically, without the need for manual intervention, and executed within only a matter of seconds. The less effort needed for onboarding, the more likely you will be to acquire new customers.

2.3 Know your customerFrom the start, customers must be recognized and analyzed. Real-time analytics are necessary to be able to fight fraud in what is after all a real-time system of payments. However, analyzing a huge amount of data is just the beginning. One must understand the types of risk, how to learn from past data to determine ongoing risk, and how to monitor continuously to prevent suspicious activity in future.

KYC is the first step in preventing identity theft, financial fraud, money laundering and terrorist financing.Customer due diligence (CDD) should be a part of everyday business. That means obtaining customer information, gathered through the KYC process, and to use it in detecting, monitoring, and reporting suspicious activities. For higher-risk customers and transactions, more detailed analysis and due diligence needs to be performed.

December-2017

Seamless Customer Journey

3

SUBJECT

3.1 API BankingApplication programming interfaces (APIs) have been a standard way of connecting small and large systems for many years. However, in the context of financial services, they were still only recently being discussed as the next big thing. Publicly open APIs, which would allow anyone to securely connect and integrate, are becoming a very interesting prospect in the financial world for many reasons.

In order to provide their financial services to consumers via digital channels and allow third parties to integrate with their systems, banks are becoming more open to the idea of a modular API standard. By letting third parties experiment and innovate, new solutions can be developed and offered to consumers more quickly. In effect, APIs are turning the financial world into a marketplace.

With the PSD2 (second Payment Services Directive) being effected in the course of 2018, banks will be faced with having to opening up their - mostly legacy - systems through API’s. The challenge for legacy systems is that APIs present a risk of greater public exposure. That said, technological advancements often adversely affect the business value of legacy systems.

3. MARKETPLACE BANKING

3.2 API technologiesWhen preparing a bank - or any other financial institution - for the API economy, a number of key factors have to be taken into consideration: security, interoperability and performance. There are two dominant technical ways to satisfy those conditions:• The first approach is the more traditional one -

by using the SOAP protocol. OASIS standards like WS-Security are used to extend SOAP, and to define the standard around signing, encrypting and attaching security tokens to ascertain the end-user's identity. In order to effectively exchange authorization and authentication data, the SAML data exchange format is used. SAML is also defined as an OASIS standard, and it is important to note that it effectively addresses Single Sign-On (SSO), so it allows multiple independent systems to use a single user login.

• The second approach is the implementation of services using REST, usually in combination with the OAuth standard for authorization, and JSON as the format for data interchange. REST is considered the de facto standard for writing services that have to be consumed by a broad range of external systems.

December-2017

Seamless Customer Journey

4

Figure 2: transforming to API architecture

SUBJECT

As such, REST is the preferred way of implementing public APIs. On the other hand, SOAP in combination with WS-Security offers confidentiality and integrity protection from the creation of the message to its destination. This approach is traditionally considered as more secure, and despite the fact that it is usually less performant then REST, it is still the preferred API development choice of many financial institutions. This is especially the case for APIs that are not publicly exposed.

That said, it is not uncommon to use both approaches in an implementation, but for different purposes. For instance, a public API layer may be defined in REST, while internal application services are using SOAP. In this way, you can get the best of both worlds.

One of the common challenges in developing a good service layer is maintaining strong and well-defined API contracts for service consumers, while providing flexibility in terms of data sources. It is not uncommon that - in order to provide adequate service responses - data has to be fetched from multiple systems at the same time. Furthermore, for different scenarios or implementations, different source systems have to be used, all the while maintaining stability for your API consumers.

Using a pluggable data source for the API layer may be a solution here. With a well-defined data source interface, it is not hard to develop a custom plugin. For example: fetching account data from a standard data source, while at the same time having a custom implementation for multiple fields, and getting their data from one or more 3rd party systems.

API consumers will not have to modify their interfaces to data source changes. They can continue to use the API layer in the same way as before, honouring the same contract, while the API layer seamlessly adapts to different usage scenarios in today’s interconnected and flexible world of APIs, where a data source is not just a database, but a mesh of databases and/or external systems interfaced with APIs.

December-2017

Seamless Customer Journey

5

SUBJECT

4.1 API BankingIntegrating Fintech services and applications through APIs is what we do on a daily basis. Our development teams are constantly working on developing core products for financial customers, as well as on many client implementation projects. We bring experience, domain knowledge and development power to your financial technology ambitions.

When it comes to working with legacy systems, Levi Nine has considerable experience and expertise getting these systems in shape for the new age and ready for the marketplace. So far, Levi Nine has successfully implemented banking solutions in a number of banks and integrated them with other systems.

We have often integrated applications accounting systems like Themenos or BankMate, using the CRM of the implemented solution to seamlessly expose account data, together with its own customer data to 3rd party apps via services. We are experienced in implementation of PSD2 required services, connection with all modern 3th party systems that new, interconnected banks depend on. Other experiences include identification services like Deutsche Post-POSTIDENT, payments via Stripe, modern communication channels with clients: Moxtra, Facebook, Viber. And we have extensive experience in integrating with different e-banking portals.

4.2 Customer due diligenceIn general, we automate CDD checks as far as possible. Our approach is to create processes composed of manual steps, together with automated steps triggered by events. Usually, this starts with the UI representation of various different questionnaires. By answering questionnaires, customers are providing basic information about themselves, based on which further risk rating calculations can be performed. We employ well-known global risk management solutions as third party systems.

4. HOW CAN LEVI9 HELP

Levi Nine has the FinTech experience to help.

After all information is collected, calculations are performed and the final risk rate of the customer is determined. To minimise false positive results, a manual step where a financial institution officer can validate and confirm the result is built in. We are familiar with all well-known types of checks and acts: KYC, PEP, AML, FATF, FATCA, as well as some Netherlands-specific checks: VIS and EVA.

For KYC, AML and fraud detection, we use global risk rating providers. Some of the most used providers are:• LexisNexis - one of the leading corporations in

this area, providing global risk management solutions. They own a robust database of high risk individuals and entities, and have multiple types of data analytics. Their solutions help you to understand both your customers and vendors better, to reduce financial and reputational risk by complying with evolving regulations and streamlining due diligence and to prevent various types of fraud, anti-money laundering, etc.

• Accuity provides risk solutions to banks and businesses worldwide. Their data and services are powered by Bankers Almanac. They offer compliance screening solutions, as well as large databases of high risk entities, including all publicity available regulatory and Accuity'senhanced due diligence lists that can help companies minimise their risk, ensuring enhanced protection. They also have solutions that can help you minimize false positives.

• ComplyAdvantage is an AML data and surveillance platform. They provide a global database on AML risk exposures and Transaction Monitoring covering Sanctions, Watchlists, Political Exposed Persons (PEPs) and Adverse Media. They offer AML screening, monitoring and rescreening, depending on relevant and real-time AML data.

Using initial basic information on the customer, these providers perform screening, deep and extensive calculations, and return results, which are customized to specific financial institution needs.

December-2017

Seamless Customer Journey

6

SUBJECT

Other checks that we use in Straight Through Processing processes are:• PEP (politically exposed person) is described as

an individual who is or has been entrusted with a prominent public function, or is related to someone who is. Screening for PEPs is done through due diligence or KYC.

• FATF (Financial Action Task Force) is a government body that has established a series of recommendations as an international standard for fighting AML/CFT (Anti-Money Laundering/Combatting the Financing of Terrorism). The FATF identifies jurisdictions with weak measures to combat AML/CFT and defines high-risk and non-cooperative jurisdictions.

If the customer is or has relatives or a partner from a country that FATF has marked as a high risk country, attention is paid to this person and this information is used when calculating the final risk rate.

Checks specific to the legislation of the Netherlands and used in our projects are: • EVA (Externe Verwijzings Applicatie) checks the

name of a prospect/client against a fraud list maintained by the NVB (Nederlandse Verenigingvan Banken) and VFN (VerenigingFinancieringsondernemingen in Nederland). Persons and organizations involved in fraud or attempted fraud are on this list.

• VIS (Verificatie Informatie Systeem) checks on Government issued documents like passports.

December-2017

Seamless Customer Journey

7

Muiderstraat 1 1011 PZ AmsterdamThe Netherlands

+31(0)20 670 19 47info@levi9.comwww.levi9.com

Levi Nine is a Dutch IT Services company with currently over 850 highly educated and skilled IT professionals in Eastern and Central Europe.

Our teams work remotely on software products and revenue generating systems for Dutch and International clients. We are the technology partner for clients that are looking for reinforcement and a flexible layer of their own IT department, or are looking to co-source or outsource IT development and maintenance.

Levi Nine is strong in the area of common software R&D, software product development and client implementation projects. We strongly believe in DevOps principles, Infrastructure and Test Automation and Continuous Delivery. We work for Fintech leaders Backbase, Five Degrees, Valitor and Exact as well as for a growing number of western European banks and other financial institutions.