Google and IBM are intensifying their efforts to make cloud-based software available to banks.
Google is currently in the process of supplying banks with software. This week the company launched its first software product for the financial services industry, a mortgage program called Lending DocAI. The company suggests there will be more financial services-specific releases. Google recently hired high profile executives from the US bank and Citigroup to lead this effort.
IBM has been selling technology to banks for decades. The mainframes are still in use at most of the major banks. The company, which announced financial services cloud technology last year, plans to release new security and compliance controls for its financial services cloud offering later this month. These are intended to support banks in the development and provision of applications that can be securely executed in any cloud.
Both companies acknowledge that this year banks are feeling additional pressure to adopt lower-cost cloud solutions. For one thing, they had to work digitally for the most part during the pandemic and therefore have to modernize and adapt quickly in order to offer new services and cope with peak volumes. On the other hand, the net interest margins continue to decrease, which leads to greater efficiency. Cloud-based software can cost around 30% less than software used in a bank's own data center.
"The pandemic has exposed what banks always knew," said Mike Abbott, Senior Managing Director at Accenture, who consults with banks on cloud projects. "They knew they were going to get into the cloud at some point, but they all look at each other, how do you make 2025 happen now?"
A major driver now is the need for flexibility, Abbott said. By using a cloud, companies can quickly add capacity to easily meet demand peaks without having to start up new servers.
"It makes a lot of sense when you see voltage spikes – think about all incoming phone calls," Abbott said. Thanks to the introduction of the cloud, banks were able to set up a virtual call center in just a few days.
Google's entry into mortgage technology
The new mortgage technology from Google, Lending DocAI, takes over the mapping and extraction of information from mortgage documents.
With this product, the company is taking over providers of mortgage origination software such as Blend (with 250 bank customers on its digital credit platform) as well as software for image processing and extraction of entities such as the popular Ocrolus, which many banks use to process documents and workflows for lending, invoicing, fraud detection and other tasks.
"DocAI borrowing supports every aspect of the mortgage business by reducing mortgage turnaround time, streamlining data collection, and supporting regulatory and compliance requirements," said Derek White, former chief digital officer at US Bank who is now vice president of global is financial services at Google. He was hired in September, three months after Google hired former Citi FinTech CEO Yolande Piazza to lead Google Cloud's North American financial services and customer development team.
The software uses artificial intelligence to analyze the data in documents and verify that it is correct and linked to the person applying for the loan. It runs on Google Cloud. This is in part the result of a collaboration with Roostify, the provider of a point-of-sale digital credit platform.
According to White, Google decided to develop its first product for banks through mortgages because "when you look at a home buyer's mortgage experience, this is the biggest investment decision in many people's lives."
The company uses artificial intelligence to "simplify what is a big and potentially stressful experience for them," said White.
It is not uncommon for a buyer to provide up to 10 documents as part of the mortgage process. That can be the equivalent of about 300 pieces of paper that can cost about $ 10,000 to process, White said.
Google's technology converts the paper into computer-readable text that can be fed into workflows.
Then the company could move on to other, similar use cases in banks.
"We're seeing massive demand," said White. “One of the great lessons learned from COVID in financial services is the ability to shred paper and turn documents into data. This applies to every institutional business in banking. We're starting with mortgages, but we intend to expand it to all document types in financial services and other industries in the US and worldwide. "
IBM Cloud controls for banks
IBM has been working on its Financial Services Cloud software for more than a year.
Last November, she announced she was working with Bank of America to develop what Chief Operating and Technology Officer Cathy Bessant called the “cocoon” of controls the bank would need to run critical applications into In the cloud.
In July, BNP Paribas announced that it had started deploying IBM's Financial Services Cloud. Around the same time, IBM also announced the formation of a Banker Advisory Council and the IBM Research Cloud Innovation Lab.
This week, Gosia Steinder, IBM colleague and research scientist who leads IBM's cloud efforts for the financial sector, said in an interview that the company plans to implement a range of security and compliance controls for banks later this month, want to run applications in a cloud environment. This includes technologies developed by IBM Research that enable developers to automatically identify and, in some cases, automatically correct security and compliance issues.
"What's new is the type of controls we built and how we built them," said Steinder. "This is motivated by what we consider to be the main problems organizations face when moving to the cloud."
Problem # 1 is backing up a workload on a computer owned and managed by someone else, she said.
"That changes the security situation fundamentally," emphasized Steinder. "There is a risk that you will want to mitigate in some way."
The second problem is that as companies move to the cloud, they're also changing development processes and shifting more responsibility for security and compliance to development teams, she said.
"You need to think from the perspective of how the development teams are implementing security and compliance controls in a way that doesn't affect productivity," said Steinder. This is sometimes called DevSecOps or Shift Left, she said.
The third problem that IBM researchers have identified is the challenge of managing the compliance process yourself.
"That also has to change when you move to the cloud, as rigid Word documents, spreadsheets and checklist-based processes don't work with agile development methods," said Steinder. "We have invested a lot of time and effort in these three areas to offer more innovative solutions."
For example, some of the new controls detect weaknesses in the software. Others check the configuration of software and containers that a bank is using.
Still others fall under the category of “compliance infrastructure as code”.
"This is a big trend in coding your entire application deployment topology," said Steinder.
IBM recommends that customers use Terraform, an open source tool for deploying and managing the infrastructure. IBM's Cloud Risk Advisor controls then analyze everything in Terraform to identify security and compliance issues.
"That way, we can identify problems before applications are even deployed to the cloud and let developers know about those problems and have them fixed," said Steinder. "It's a very strong prevention mechanism for application delivery in the cloud."
For example, when a hacker breached Capital One Amazon Web Services data, it took advantage of a misconfiguration in a web firewall created by the bank's developers.
"That's the kind of problem you can tell by configuring a Terraform template," said Steinder. These controls can also find errors in login configuration and data storage.