Dhaval Pandya, Corporate CIO, Piramal Enterprises Limited, in an interaction with Sudhakar Singh, Editor, CIOTechOutlook shares his thoughts on how technology is transforming the financial services industry. He elucidates the challenges in digital transformation and how to overcome them, the approach to attain a strong security posture, and more.   

How new technologies can be adopted to enhance the way financial services are delivered?   

There are three levels through which technologies can be adopted to enhance the way financial services are delivered. The first is the identification of the service; the second one is the actual process of trying to avail the service and the third is the service delivery.

On-boarding of the service is one of the biggest pain points. There used to be the KYC part where a lot of time used to be spent on investment, document exchange, and corrections. Moreover, the physical movement was something that was not well appreciated by the consumers. So, a lot of eKYC solutions have been developed today, using either artificial intelligence to study the document that is submitted or even video KYC wherein people are sitting across the table in the comforts of their offices.  

The final delivery option is something that the consumer wishes to have, for example, when people think of how they can squeeze the time to delivery, they are talking about loans in 15 minutes. Although it may not be 15 minutes, the elapsed time is very less compared to what it used to be. So that's where a lot of customer experience-based transformations are happening, where you are using data, which is available largely on Internet, or from certain source databases, and you are leveraging that data to be able to understand the consumer better and make the right offering to them.

What are the major hurdles faced by financial services firms while going digital? How can they be overcome?

There are always three levers that impact transformation. These include the people, process, and technology and some capabilities empower you in each of these areas.  For example, if you talk about people, organizational culture plays a very important role and there is some bit of inertia, especially for companies that have been around for a very long period. And they are used to working in a particular way. In that case, it becomes very difficult for people to adapt to a new way of working altogether because digital is largely talking about augmenting human capabilities.

So, you need to be able to give away a part of what you are doing and trust the technology to be able to do that part and then consume from technology and make that decision. It's largely around decision-making and trying to improve productivity and reduce cost.  Although somewhere it is seen as a threat because of the cultural or the mindset issues.  They can only be proven by deploying the technology and showing the value of the technology. 

The second aspect is around re-skilling people.  You can't keep replacing talent with technological advent, since there will be a point in time where you will have to look at adopting the new technology by Reskilling the people. That's where the cultural aspect comes into the picture as to how open your workforce is to be able to learn something new and at what point in time of their careers, they are to be able to adopt it.

Next comes the process part where you have a set of operational procedures. For example, you always need three levels of approval, or you always need three signatures to be able to pass a particular file that is at your table. Whereas technology can tell you that you possibly need only one level of approval. And the other two can be approvals by exception, where you have present data points to say that this is largely compliant.

And the last part is the technology, where enterprises may have invested in particular technologies, and they find it not so prudent to move away from them. 

Financial service firms are prime targets for cybercrime because of the sensitive data they carry. What should be the approach to attain a strong security posture?

It is important to understand the value of the data that you are holding.   It is also vital to understand the regulatory framework and the compliances and understand the cost of non-compliance more importantly.  So firstly, the definition of the security posture itself is something any financial organization needs to crack and once that security posture is defined, then it defines a grade of security that you are looking at. 

If you were to classify security on various levels, whether it is Grade A, B, or C, then that will tell you what grade of security you need to comply with, and from that grade of security, you need to work backward. To understand what kind of products you need to invest in, what kind of flexibility they will provide, what kind of roadmap they have, and how and what do they think about the way this space is going to grow in the next two to three years and invest in those capabilities, maybe in a modular manner. Very frequently companies define a security posture and then it is left to either annual reviews or maybe bi-annual reviews, and by that time, it becomes obsolete very soon. So, it is important to be able to review it very soon.

And the third and most important part is the need to test that security posture. What is the kind of awareness that your company carries regarding the data breach? For example, you may have the best of the products, but if your people are not educated enough, or they are not aware enough to understand not to click anywhere, malware, email, how to identify whether an email is suspicious in the first place. While you can always augment with tools, you need to understand that the breaches are also augmenting themselves with capabilities to breach those tools. So, at some point in time, you will have to rely on the wisdom of the people who are inside the ecosystem, or inside the enterprise to be able to make a judgment call as to what is the best reaction to a particular situation that comes to the point. So, a lot of investment needs to be made in cyber awareness.

How do you see the future of the financial services domain with regard to the adoption of new technologies?   

Financial services, in the recent past, has been one of the sectors that have been very open to technology. Therefore, you will see a lot of technology interventions, new ideas, unicorns, start-ups in the area of consumer finance, and consumer technology.

Finance is one domain that will see accelerated adoption as far as technology is concerned because a lot of companies in this area are digital-first companies that are adopting the newer ways of working. They are adopting technology as a core offering and are adopting digital as the way they would want to be seen by the consumer. Since these are new-age organizations, a lot of new technology, introduction and adoption are expected to happen in this particular domain.