Banking on the right tools

According to Chu Hong Keong, HSBC Bank Malaysia's chief information officer, the bank's top management understands just how critical it is to have up-to-date systems and how important it is for IT to proactively find the right technologies to support operations and enable innovation.

To date, the bank has supported the introduction of a number of innovative products with Web-enabled service applications, end-to-end processing of customer product applications, as well as enhanced risk management tools. This also involves enhanced functionalities for better customer relationship management, telesales capabilities, and customer and marketing analytics.

This year, its IT budget amounted to RM119 million (US$32.2 million) and is expected to increase to RM150 million (US$40.5 million) in 2006.

"A major portion will be allocated for new or enhanced software, as well as associated implementation costs, such as expertise transfer for the use of sophisticated behavioral and risk management facilities," said Chu. "There will also be significant hardware spending for upgrading and refreshing of all front-end workstations in the branches and operating centers."

Besides beefing up its network and online security, HSBC is busy finalizing its plans to establish an IT Shared Service Organization early next year.

ZDNet Asia caught up with Chu recently to find out more about the bank's plans for next year.

What are your top IT priorities for 2006?
Our top priorities will include replacing our credit card system and associated behavioral credit management and workflow processing facilities to support the continued growth of our credit card business. These new systems will enable us to offer more flexible, innovative products and service capabilities.

And aside from the Basel 2 implementation, another major priority for us is to deliver in a much more integrated way higher levels of service quality and customer satisfaction. At the same time, we are looking at establishing an IT Shared Service Organization with its own profit center.

When is HSBC's IT Shared Service Organization expected to be established?
Our IT unit has been running as a partner to the business for many years, effectively operating like a service organization. This year we have embarked to formalize it, which will be effective Jan. 1, 2006.

It will have its own profit center, issue monthly invoice statements to respective business groups or customers using the IT services, dedicated customer relationship managers for each key customer supported, but most importantly, it will compete with alternative services from external parties.

Customers or business groups will have more choices. This way, it also ensures the IT service organization continuously improves its competitiveness in terms of quality, effectiveness of services provided, as well as cost. Our IT Shared Service Organization, for instance, aims to reduce our service cost to the customer groups by 10 percent year on year.

What are the other key reasons and benefits of setting up this shared service organization?
Being a full-fledged IT service organization, it must operate, compete and continue to exist successfully as a business and service organization. As an example, any solution proposition to a customer group will involve a clear choice proposal, and one of the choices will be to source the service from external competitors or service providers. This will ensure IT is part of the business, or is a business itself. In some part of our group where the IT function is bigger and does not have adverse tax implications, they have been incorporated as a separate company or entity, operating as a full subsidiary of the group.

What's the uptake of Internet banking in Malaysia?
The user take-up rate for Internet banking in Malaysia is good, with many banks having over 20 percent of their customer base signed up. This is despite the relatively lower Internet user penetration in the country, compared to countries like Singapore and Hong Kong.

How safe is Internet banking?
Banks will certainly invest further to introduce second-level authentication for critical banking transactions to enhance protection and to promote greater take-up of Internet banking. Second-level authentication means that a second one-time password will be requested for critical transactions after a customer has already logged on to Internet banking. Very often this second-level password is only valid for one-time use and for a very short duration after generation, i.e. valid only for one critical transaction which will make it extremely difficult to track. HSBC has chosen to implement this to protect our customers and the bank. It will officially be launched by end November.

In addition to having international standard security measures in place, we expend much effort to educate customers on security awareness and discipline, and to encourage them to invest in security protection at their end with the use of antivirus, antispyware and personal firewall.

What security measures has HSBC taken to protect itself from an attack?
Firstly, we have already put in place a strong group security policy and practice. Our policy is to be the least attractive to hackers. There are also clearly defined procedures and controls to manage and respond to any attempt to compromise our security. Security or risk mitigation sometimes requires process improvement further up at the start of the process rather than at the level of fraud detection. It requires greater security awareness education, discipline and integrity cultivation amongst staff, users, customers and business partners.

How do you decide whether to implement a certain technology for the company?
All solution implementation or tech investments have to be justified by the business, not by what we have automated or how much we saved. It is also justified by measuring against the direct bottom line and business growth impact contributions and value creation to customers and the business.

With so many cutting-edge solutions out in the marketplace today, is it more difficult convincing top management to buy into a certain technology?
The business is certainly a lot more demanding today. Therefore, enforcing the financial discipline on greater returns and measurable bottom line contributions from technology investment is still challenging compared to five years ago. Of course, the selection of the type of technology or solution will require greater clear choices evaluation process and more stringent business justification with detailed financial figures to back it up.

It may take much more effort in crafting the initial business proposal, but at the end of the day, it ensures greater success in implementation and in reaping the calculated business value.

What about justifying ROI (returns on investment) today?
I believe that with clear business-centric objectives, it should not be difficult to justify ROI by measurable direct bottom line contributions. It requires clear IT financial performance measurement understanding, appreciation and discipline.

What future technologies are you thinking of deploying?
We are looking towards greater use of neural and mobile technology to enhance our customer relationship management, risk management and value proposition to our customers.

Cordelia Lee is a freelance IT journalist based in Malaysia.