Chong said: “You cannot put customer details outside the country, so what is the best way to reduce costs and secure the environment without a centrally hosted system?”
MSIG’s business is split evenly between its corporate and personal lines and it has established strong partnerships with Asian banks. HP’s Conlin said regulators are currently not allowing financial institutions to have one common application across the region, and consolidation between a few countries is also fuzzy. “There is no simple answer, just a lot of details to grind your way through,” he said.
Kenny Tan, senior vice president and head of IT for Crédit Industriel et Commercial (CIC) in Singapore, replied that like the Bible, regulators’ requirements are interpreted differently by everyone, in response to an observation, guidelines from regulators are never specific. “You have to talk to them when needed to get them to point you in the right direction,” he said.
Privacy of Data
As the group discussed the replacement of applications for banks, the topic turned to privacy of data and WikiLeaks. “The bad news is that institutions have lost all control of the dissemination of information,” HP’s Conlin said.
Moving on to outsourcing, CIC’s Tan revealed that its operations in Singapore, revolving around corporate banking treasury services and private banking, outsourced Web design as it was ‘easier to control’. “For applications, unless it is a vendor-based application, we try to do it in-house,” Tan said. “We only outsource when we need to.”
The Monetary Authority of Singapore (MAS) has directed banks that they need to properly manage their outsourcing vendors, so banks are scrutinising more closely what outsourcers do.
“Now, we have to put in a lot of effort to know what vendors are doing. In that respect, outsourcing now requires a lot more resources,” Tan added.
“In the beginning, it is easy to justify outsourcing, for reasons such as savings,” said Christopher Lim, deputy general manager for Raiffeisen Bank International. “This is what the CEO likes to hear, but, should the relationship with the vendor not work down the line, you should chop it off. This is the painful part because you took a long time to convince management to go ahead.”
Lim compared the lifetimes of CIOs in the company (‘generally short’ at three to five years) to restrictive SLAs that tend to lock companies into contracts for three years or more.
The roundtable also debated cloud computing for banks and whether it would become commonplace. One observation from Kenny Tan was that sensitive data, regulators and other reasons have caused banks not to be that open to the cloud at the moment.
“Banks are conservative and rightfully so,” said HP’s Julian Gordon. “And a better term in the financial services sector for the cloud would be utility computing. The larger global banks are using private cloud data. Public cloud? It’s kind of mixed.”
Sign up for CIO Asia eNewsletters.