gi-Geldinstitute Expert Talk: How banks keep track of IT vulnerabilities

An article by Stefanie Walter, Editor | 01.03.2022 – translated with DeepL.com – Original in German available HERE

Expert Panel: Christian Meusel, Berliner Volksbank – Gerrit von der Hardt, Targobank – Thorsten Demski, Volksbank Bielefeld-Gütersloh – Andreas Meyer, Union IT Services DZ Bank Group – Jochen Werne, Prosegur – Marion Gratenberg, Targobank

The rapidly advancing technological transformation in the banking sector also brings problems. Instead of leading to increased security, labour savings and customer friendliness, different applications can also bring performance problems and even failures.

This must be recognised and averted in good time. Application performance management, performance engineering, software intelligence, overservability or process mining are the new buzzwords here. A holistic overview of all applications is helpful in resolving weaknesses and freeing up capacities for innovations in the business. In the gi-Geldinstitute roundtable discussion, this topic will be examined by experts.

Meusel: As a bank, we must first and foremost provide services for our clients. They are our main drivers. We in the operational organisation are therefore currently investing intensively in usability and direct availability in particular.

Demski: We want to avoid media discontinuities and streamline and improve process transitions in individual departments. The work on process improvement has accelerated a bit due to the pandemic. But it is a fundamental issue that we are dealing with in the context of digitalisation. Our last project focused on the speed of the credit processes. Our goal is not only to bring about decisions quickly, but also to ensure that they are as error-free as possible.

Gratenberg: We are concerned with making processes faster, but also more efficient from the customer’s point of view. In the last two years, we have invested a lot of time and analysis in the automation and optimisation of existing customer processes. An agile squad was also founded for this purpose. In the squad, we analyse where there is further potential to optimise and automate processes.

Werne: The goal of our process automation is to be as customer-friendly as possible. In Germany, we provide about 50 per cent of the total cash logistics. We thus guarantee the cash supply of the population and secure the liquidity cycle of companies, credit institutions and municipalities. In our cooperation with the banks, we want to drive the transformation. In our group, we are driving the optimisation of the IT outsourcing processes of the entire cash management and projects such as crypto custody. With Prosegur Crypto, we have launched a solution for the custody and management of digital assets that works automatically without an internet connection to achieve maximum protection against cyber attacks.

Meyer: Union Investment has two good reasons to optimise processes today – increasing process cost efficiency and regulatory law. As part of regulatory audits, we are required as one of the leading German asset managers to produce a business process map as part of the written order. I like the result: by using modern process intelligence tools, we recognise process weaknesses that need to be optimised. At the same time, we produce process models required by banking supervisory law. The auditing company PricewaterhouseCoopers confirmed an availability of 99 percent (2021) for the 170 applications used in the investment process. As part of the Genossenschaftliche FinanzGruppe (Cooperative Financial Network), we are the expert for the asset management of 4.8 million private and institutional investors with more than 400 billion euros in assets under management. We thus provide the IT required for this to more than 1,100 internal Union users with high availability.

Diener: In my role at Atruvia, the digitalisation partner of the Genossenschaftliche FinanzGruppe, I am responsible for measuring and analysing performance data for around 820 affiliated Volks- und Raiffeisenbanken. Basically, you have to distinguish between two topics in process optimisation: the business management part and the technical part.

When I think back to the early days of my working life in the early 80s, you would enter a short code into the old IBM terminals to support your work and be happy to receive an answer milliseconds later. Over the decades, many things have changed massively here. Business and technical performance moved closer together. IT has become a central core of everyday work and an essential part of overall process optimisation. In addition to dealing with speed, response times or simply checking whether systems are available, more emphasis is now placed on user experience and user behaviour. How is the customer, what are they doing, where are they having problems getting on in the application?

Von der Hardt: Challenges arise above all with very long process routes via different interfaces with channel breaks. Then you have to assemble information from the most diverse systems, databases or process areas. Because it is difficult to optimise something with a sixty percent view without knowing what the one hundred percent end-to-end customer view looks like. The goal is not to think in small puzzle pieces, but to have the entire customer journey in mind.

Werne: In the pandemic, our process management faces the additional challenge that, for example, retailers or bank branches that we supply with cash close here today and reopen somewhere else tomorrow. Against the backdrop of our current modernisation programme, we are also moving everything to the cloud. Since we operate globally, coordination between the different countries and standardisation play an additional role.

Von der Hardt: Challenges arise especially with very long process paths via different interfaces with channel breaks. Then you have to bring together information from the most diverse systems, databases or process areas. Because it is difficult to optimise something with a sixty percent view without knowing what the one hundred percent end-to-end customer view looks like. The goal is not to think in small puzzle pieces, but to have the entire customer journey in mind.

Werne: In the pandemic, our process management faces the additional challenge that, for example, retailers or bank branches that we supply with cash close here today and reopen somewhere else tomorrow. Against the backdrop of our current modernisation programme, we are also moving everything to the cloud. Since we operate globally, coordination between the different countries and standardisation play an additional role.

Meusel: The back office is an extreme driver of efficiency potential. With consistent optimisations and consolidations, we have been able to significantly reduce the resources tied up in recent years, not only through Atruvia’s solutions, but also through the broad use of technical innovations from other partners in the area of automation. Nevertheless, we still see topics with great potential, for example in the passive market succession, keyword probate, garnishment processing and other payment transaction services. As is well known, the active back office is currently experiencing high growth in the lending business. At the same time, the margins are melting away. We must therefore continue to look very intensively at how the balancing act of resource optimisation and business growth can be made possible, for example by means of process management. Here, of course, we use the analysis possibilities of Atruvia at our process times and try to achieve the necessary benchmarks through continuous process development.

Demski: We have also started in the back office. In the new year, we will take another look at customer service in the process analysis. This is where we can make the most profit. The procedure is first of all a precise recording of the processes and their interfaces. Based on this, we then evaluate which optimisation and/or automation steps make sense. Examples of automation for us are the processing of estates and processes related to online banking.

Von der Hardt: Targobank belongs to the cooperative Crédit Mutuel Alliance Fédérale Group from France. We are a retail and commercial bank with a focus on financing. Our process optimisation relates to these core processes. With Targo Dienstleistung we have a high-performance customer centre in Duisburg, which emerged from an industrialisation initiative at the end of the 1990s. Targobank has more than 20 years of expertise in digitalisation and process automation. It benefits from a large IT service provider and sees itself well equipped for the future in the highly competitive financial services market.

Gratenberg: In existing customer management, for example, we have automated large parts of the account closure process. This has been working very well for us for over a year now.

Werne: With regard to cash, the banking world has been in a transformation process for quite some time. Various credit institutions are already completely outsourcing their cash management for process optimisation and cost reasons. With smart machines, which Prosegur installs at its customers’ premises, cash can be disposed of directly and credited on the same day. The smart infrastructure, including dynamic monitoring and forecasting, optimises cash logistics and reduces costs.

Meyer: We already very successfully implemented a group-wide digitalisation initiative in the period from 2007 to 2010. Together with the central institutions of the DZ

Bank Group, more than 18 custodian banks and almost 90 securities trading houses, we were able to achieve a dark processing rate of 95 percent for transaction management and accounting across all countries and locations – both areas where the factors of mass and standard processing matched. Challenging in this context was the unification of message standards in the networks for financial transactions such as SWIFT and FIX and the first use of machine learning-based applications for the processing of still paper-based bookings. Today, the focus is on examining the use of AI in the context of feasibility and profitability considerations and thus realising further efficiency potential.

Diener: Processes are organised very differently at banks. We see our task in providing tools with which our customers can map, optimise and monitor the processes. It is no longer enough to look at individual use cases, from the click to the information expected by the customer on the screen. Business processes are viewed as a whole. The question is, what can be automated? Of course, this always takes into account the regulatory framework. A lot has happened in recent years in terms of technical performance. New technologies such as virtualisation, containerisation, self-healing systems – systems that manage themselves – have taken hold. The processing of a request in the data centre has become more complex and dynamic. It is important to make these new possibilities tangible for the customer and to support him in process optimisation.

Von der Hardt: There are cross-departmental and cross-bank teams/squads both in operational process management and in process optimisation initiatives. Especially in the case of RPA automation, departments and IT work together across the board.

Demski: We now have a fixed, very broad-based team. Among them are colleagues from organisational development who have always been involved in process management. We recruited the RPA team from this group and supplemented it with colleagues from IT and technology. They are then joined by experts from the specialist departments of the processes concerned. Together, they take a close look at the process side, analyse what can be automated and then enter into the development. The procedure is rather iterative in the sense of agility. A first version of an automated process does not necessarily have to cover 100 per cent of all cases. The best way for the developers to determine the greatest benefit is to work together with the departments.

Meusel: It’s always about giving a voice to as many people as possible who are ultimately users of process flows and results. It is important for us to find the right degree of participation so that we don’t get lost in too broad a grassroots democratic process in the further development. It is clearly about quality, about the return of investment, how much time I have to invest to improve the processes and what the actual effect is. For example, we have defined clear guard rails with the automation team for RPA and OCR solutions. In addition, there is always a comparison with the strategic goals. Often we have to fulfil various parameters with scarce human resources. In addition to involving the right people, we want to make the whole process as transparent as possible in order to make decisions understandable. We work very collaboratively, instead of putting every evaluation on the table and saying this is how we do it now.

Meyer: We have always carried out major changes as part of a project portfolio in cooperation between IT and the business department. We always look at the expenditure plus follow-up costs/benefits over five years. Based on this, we have a ranking and allocate resources to the projects accordingly. We don’t tackle every sub-process that could be automated because it simply doesn’t pay off.

Meusel: We always have evaluation options for our essential applications. What is challenging, however, is the networking and visualisation of the individual systems and analyses. The right degree of considered systems and subsystems plays an important role here. There are certainly promising offers on the market here. Since process mining is an important field for us, we are already in contact with service providers. But our discussions so far have also shown that good advice is expensive.

Werne: Despite several analysis tools that we use, it is sometimes not so easy to manage performance engineering in connection with different systems so that they are scalable and comparable. We haven’t yet found the egg-laughing lizard, where you just click and then know exactly what brings what performance. I doubt that it will ever exist in the level of detail that the theory implies. Do we have an overall view? The answer is, of course, yes. It’s not just banks that need to have it, but all companies with critical infrastructures. And not just because the regulator expects it. With new processes being introduced almost daily, the biggest challenge is to integrate them perfectly in order to continue to perform as usual.

Meyer: The use of such tools with regard to the IT infrastructure is carried out by our IT providers. At Union Investment itself, we successfully use such tools to analyse business processes. We can now load the data required for the analysis from the underlying applications into a process intelligence tool and systematically identify throughput times and routes, quantity structures, manual processing steps and their process effort. Because today almost every processing step leaves a digital footprint in the databases – and the tool generates the entire process model almost independently.

Diener: We have initiated many things in recent years: On the one hand, from a pure tool perspective, but also organisationally. System and application monitoring were to be merged, the entire monitoring process was to be put on a new footing. In particular, we invested in a comprehensive solution from Dynatrace. Their software intelligence platform uses a proprietary form of artificial intelligence to clearly visualise and monitor applications, microservices, container orchestration platforms and IT infrastructures, and offers automated problem detection. Analyses under a highly dynamic platform, such as Openshift, can only be performed in an automated way.

We want one hundred per cent visibility across all 50,000 systems we currently have in use in order to detect faults in advance. With the dynamics of communication between the technologies, it is no longer possible to say exactly which components are used for an individual communication. That’s why it’s so important to have this monitored via AI and to have it signal us when there are deviations from the norm that we need to take action or use automatisms from the outset to heal it accordingly.

Von der Hardt: Our process team has to identify very precisely where the weak points are in the overall process. We don’t yet use any special analysis tools from process mining for this. Personally, I think we first need a general streamlining of some processes. We are so busy changing processes that we no longer have time to optimise them significantly. We are constantly complicating them with new regulatory requirements.

Gratenberg: We can say that we have significantly fewer complaints and improved customer ratings with processes that are very standardised and automated. There are different degrees of automation. Partly, employees are involved in the processes if they are very complex. After reading out customer letters, for example, very different types of processing can become necessary, some of which still require human intervention. In addition to reducing the workload and making it error-free, there are of course still challenges with automation that are just a little different than before. If systems fail, a robot cannot work. An employee can still use a workaround. But there are always solutions. The processing by the robot could be postponed, depending on the urgency. It may also be possible to use a replacement robot, with the help of another licence.

How can performance engineering help to increase safety?

Diener: When customers report faults, we have to identify very quickly whether it is an isolated incident or a large-scale problem. Furthermore, in the past it was often difficult to recognise whether a system was the cause of a malfunction or was only suffering from a malfunction of a different origin. However, the central goal is to detect malfunctions or weaknesses preventively. In 2018, we had over 60 monitoring tools. With the Dynatrace platform, we now have a holistic performance data warehouse as a central component of our monitoring strategy. The number of tools has been reduced through consolidation. When a malfunction is reported, we can thus quickly determine which groups of users and exact functions it affects. We are able to quickly narrow down possible causes in order to fix the problem permanently. Incidents are specifically forwarded to the person who can solve them.

Meyer: Around 500 servers are operated for us in the data centres of our IT provider Atruvia for about 170 applications. These are permanently monitored using more than 20,000 measuring points. If a fan fails somewhere and a server gets too warm, expected data transfers do not take place and the like, the responsible application managers or the Atruvia control centre are informed immediately. Our service-oriented organisation has regulated standard processes for this. In such cases, incident or problem management is immediately active. Depending on the type of fault, either at Atruvia and/or at Union IT Service.

Meusel: The smaller or more individual a bank is, the more challenging it is to have its own process engineering. We are grateful that we work closely with Atruvia on this. When it comes to regulatory requirements, innovations, availability and performance monitoring, we can handle the complexity much better together with our central service providers. Often, our internal control centre can be quickly provided with centralised information and focus on communication with customers and employees. The central lever of Performance Engineering is the reduction of own applications and their monitoring.

Demski: We largely rely on Atruvia for the IT infrastructure and thus naturally benefit directly or indirectly from their monitoring systems. At the same time, we also operate our own monitoring for critical parameters of the decentralised or self-operated systems. In addition to the short-term disruptions already mentioned, the measured values are of course also indications of the utilisation and performance of systems and possible problems, for example, the runtimes for data backups or loading processes in the nightly maintenance windows provide information.

Do you have a concrete example from practice for vulnerability management?

Von der Hardt: Sometimes we first hear from the customer that we have a problem. If there is one, the customer looks for a way. Then you realise how many contact channels you have, some of which were not intended for this purpose. IT problems can usually be found and solved quickly. It becomes more difficult with failures of other companies. External business failures during the Corona period or the insolvency of a travel provider are examples here, where many customers with personal and financial concerns contact you via several channels and payment processes have to be checked at short notice. Then speed and good networking of the information channels within the company as well as to other third-party service providers is crucial. We still have homework to do here. We have to ensure the flow of information around the customer in such a way that we can give him satisfactory feedback at short notice.

Meyer: One example was the critical vulnerability called Log4Shell in the widely used Java logging library Log4j, which became known at the beginning of December. Through this vulnerability, attackers were able to execute arbitrary code. Together with our IT provider, we deployed crisis teams, used vulnerability scanning tools immediately and effectively, and where necessary, applied the appropriate security patches within a very short time.

Hot off the press AIRWA

Hot off the press: AIRWA-Journal published

HOT OFF THE PRESS

It was a inspiring holding in hand the first edition of the JOURNAL OF AI, ROBOTICS & WORKPLACE AUTOMATION published by Henry Stewart Publications

We are pleased to give everyone the opportunity to download the entire article POINT OF NO RETURN by Jochen Werne & Johannes Winter here: https://lnkd.in/dmi9i9aB

The inspiring articles and case studies published in Volume 1 Number 1 are:

Editorial
Tom Davenport, Distinguished Professor, Babson College, Research Fellow, MIT Center for Digital Business and Senior Advisor, Deloitte Institute for Research and Practice in Analytics

Practice papers:

  • The path to AI in procurement by Phil Morgan, Senior Director, Electronic Arts (EA)
  • How to kickstart an AI venture without proprietary data: AI start-ups have a chicken and egg problem — here is how to solve it by Kartik Hosanagar, Professor, The Wharton School of University of Pennsylvania and Monisha Gulabani, Research Assistant, Wharton UK AI Studio
  • Towards a capability assessment model for the comprehension and adoption of AI in organisations by Tom Butler PhD MSc, Professor, Angelina Espinoza-Limón, Research Fellow and Selja Seppälä, Research Fellow, University College Cork, Ireland
  • The path to autonomous driving by Sudha Jamthe, Technology Futurist and Ananya Sen, Product Manager and Software Engineer
  • Point of no return: Turning data into value by Jochen Werne, Chief Visionary Officer, Prosegur Germany and Johannes Winter, Managing Director, Plattform Lernende Systeme – Germany’s AI Platform
  • Robotic process automation and the power of automation in the workplace by Raj Samra, Senior Manager, PwC
  • Difficult decisions in uncertain times: AI and automation in commercial lending by Sean Hunter, Chief Information Officer and Onur Güzey, Head of Artificial Intelligence, OakNorth
  • The intelligent, experiential and competitive workplace: Part 1 by Peter Miscovich, Managing Director, Strategy + Innovation, JLL Technologies
  • Responding to ethics being a data protection building block for AI by Henry Chang, Adjunct Associate Professor, The University of Hong Kong
  • Legal issues arising from the use of artificial intelligence in government tax administration and decision making by Liz Bishop Barrister, Ground Floor Wentworth Chambers

MONEY IN THE DIGITAL AGE

Reflections by Jochen Werne, Chief Development & Chief Visionary Officer Prosegur Germany (published in Prosegur Express 02/2021)

In all debates on analogue and digital means of payment, “trust” is always at the centre of the discussion: trust in the state-social order, which stands as a guarantor for stability and security of the fiat money issued. In this respect, some would almost like to marvel at how Bitcoin & Co. have managed to gain such trust in such a short time that a market capitalisation in the billions has been achieved. One of the points is certainly the technological confidence in the non-manipulability of the blockchain.
But is the blockchain really not manipulable, or is it rather a question of time before an attack will succeed? And what conclusions are central banks around the world drawing from this as they look at creating central bank digital currencies? Currencies designed to bridge the gap between the stability of analogue central bank money and the demands of our digital age.

Perhaps the solution for a trustworthy and generally accepted today and now lies in a hybrid model: in a cryptocurrency, in form of a stablecoin, that is 100 per cent backed by physical central bank money. This means that every digital token has a unique physical counterpart (euro). Due to the tradability of the tokens, the flexibility of book money is paired with the guarantee of physical central bank money. Last but not least, a regulated trustee function guarantees that the existing and securely stored central bank money is always paired with its digital twin. Thus. the best of both worlds is firmly united.

Jochen Werne - acatech Webtalk Clean-up batter comments

Clean-up Batter Comments from the acatech Webtalk „WAYS OUT OF THE CRISIS“

It has been a great pleasure being the clean-up batter for moderator Michael Dowling (University Regensburg) in the Webtalk hosted by Dr. Johannes Winter and the prestigious National Academy of Science and Engineering (acatech). The esteemed experts Olga Mordvinova, CEO of incontext.technology; Franz Gruber, founder of Forcam, Kai-Uwe Weiß, Manager at Leser and Wolfgang Faisst, founder of value.works.ai discussed about how digital transformation and artificial intelligence helps SME‘s to find a positive way out of the crisis, about GAIA-X, digital twins and best-practice experiences. It was an honour rounding-up the event together with Prof. Dowling.

Follow the Clean-up Batter comments in this summary

acatech Webtalk – Wege aus der Krise

Details from the webtalk in German HERE . Translation below made with DeepL.com

Munich, March 9, 2021

Digital technologies have proven their worth, especially in the Corona pandemic: Thanks to them, companies were and are more adaptable during the crisis and can respond more quickly to customer requirements. But what role do digital technologies now play in finding a way out of the crisis? And what framework conditions need to be created so that SMEs in particular give up their reluctance to digitize? Experts from business and research discussed this at an acatech Webtalk on March 5.

Many globally operating, medium-sized companies in Germany had a problem during the Corona pandemic: Since business trips were not possible, customers could not take delivery of an ordered product on site at the plant. However, digital technologies provided a remedy: the safety valve manufacturer Leser GmbH, for example, as Leser manager Kai-Uwe Weiß reported in his presentation, offers customers the service of a “remote inspection”, in which customers are guided through the plant via a virtual reality application and can thus carry out the acceptance.

Earlier, Wolfgang Faisst, a member of the Learning Systems Platform and founder of value.works.ai, had already recommended a “Digital Business Framework” to medium-sized companies in his introductory impulse in order to emerge better from the Corona crisis. For this, technological and organizational requirements would have to be optimally harmonized with digital ambitions (e.g. reconfiguration of business processes or digital refinement of products). Wolfgang Faisst referred to the offerings of the Learning Systems Platform, which provides target images, implementation examples and roadmaps for AI introduction and application.

The panel discussion following the presentations, moderated by acatech member Michael Dowling (University of Regensburg), emphasized that the success of Industrie 4.0 must be measured in terms of entrepreneurial results and the customer benefits generated. Olga Mordvinova, member of the Learning Systems Platform and CEO of incontext.technology GmbH, emphasized that Germany has an excellent position both on the technology provider side and in the area of domain knowledge. However, in order for the potential of digitization to be better exploited – especially in SMEs – a secure and sovereign digital infrastructure is needed in Germany and Europe, said Franz Gruber, founder and advisory board member of Forcam GmbH. Only then would companies abandon their reluctance, which is due in part to their dependence on large platform companies. Jochen Werne, member of the Learning Systems Platform and board member of Prosegur Germany, agreed: Fundamental for the near future and the time after Corona is a clear European vision and implementation strategy for digital transformation.

Find the full acatech webtalk here

PODCAST: Poledify host Felix Gehm is discussing Business Transformation with Jochen Werne

HOT OFF THE TAPE: Business Transformation in the Digital Age – Insight into Practice from an Expert’s Perspective

It was a great pleasure being invited as guest to the brand new podcast format POLEDIFY. With Poledify, Felix Gehm offers insights into the routines, mindsets and habits of experts and thought leaders from a wide range of disciplines.

Find the POLEDIFY podcast HERE

POLEDIFY EPISODE #3 – DIGITAL TRANSFORMATION

Listen to the Interview HERE

CONTENT & LINKS (posted by Poledify)

Jochen Werne is Chief Development Officer and Chief Visionary Officer of Prosegur Germany. Prosegur Group is one of the leading security service providers worldwide with over 175,000 employees on five continents. Jochen Werne is, among other things, a member of the Learning Systems Platform, which advises the German government on artificial intelligence, and of the Royal Institute of International Affairs Chatham House, one of the most important think tanks in the world. Jochen was listed as one of the AI experts in Germany by Focus magazine. He is also an author, keynote speaker, internationally awarded NGO founder and specialist in business development and transformation, and international diplomacy. In 2020, the Tyto Tech Power List named him one of the 50 most influential people in the tech scene in Germany.

Topics of this episode:

What does digital transformation mean for “traditional” business sectors?
How Prosegur plans to master digital transformation
How not to be deterred by big challenges
The most important characteristics of a leader in the face of such challenges

Links and other things from the episode:
The interview between Bill Gates and Warren Buffet: shorturl.at/mGPYZ
Books:
Utopias for Realists by Rutger Bregman
Mordern Monopolies by Alex Moazed and Nicholas L. Johnson
Here you can find Jochen Werne and everything about Prosegur:
Jochen Werne LinkedIn: https://www.linkedin.com/in/jochenwerne/
Jochen Werne Website: http://jochenwerne.com/
Prosegur LinkedIn: https://www.linkedin.com/company/prosegur/
Prosegur website: https://www.prosegur.com/en/jobs
Platform Learning Systems: https://www.plattform-lernende-systeme.de/home-en.html

Questions, criticism, suggestions or anything else? Write to me!
Instagram: https://www.instagram.com/poledify/
Twitter: https://twitter.com/ThisIsFelixGehm
or simply send an email to poledify@gmail.com
Where does the fine music (intro & outro) come from?
The fine music in the intro and outro is produced by pads. Behind the artist name is Patrick, who has finally decided to record all his little songs. You can find it all here:
YouTube: bit.ly/33TOFcN
Instagram: https://bit.ly/2XWFDIm
Soundcloud: https://bit.ly/3oYQA8k