The electronic bank account management (eBAM) space reminds me of a blues song, full of sad riffs about lost opportunities and confused communication.
To quote the American singer Dondria:
Is it something I did, or is it something I said?
Is it something you heard, is it something that I’m missing?
Tell me what’s going on, baby, where did we go wrong.
Tell me what’s up baby, don’t give up, can you just hear my song?
Given the hype and excitement that currently surrounds everything electronic bank account management (eBAM), you might find my position puzzling or perhaps even eccentric. Yet therein lies the story, so humour me as I explain why.
Seven years ago, in Fall 2005, I had the wonderful opportunity to part of a corporate version of the ‘Arab Spring’. I saw a small group of corporate treasurers and finance professionals engage in frank, innovative and, at times, brutal discussions about their frustrations with the entire bank account experience. They talked about the lack of consistency, the endless and unco-ordinated repetitious demands for the same documents and materials, and their dissatisfaction with the often-wild disparity between country requirements and the bank interpretation of those same requirements.
Most of all, they talked about how concerned they were, as individuals and as representatives of their corporate employers, with the exposure each of them faced from potential inappropriate use of personal identifiable details and sensitive corporate information given to banks as part of the banks’ required processes.
These conversations formed the backbone of the eBAM movement. They introduced a ground-breaking, corporate-centric concept, one that allowed corporates to control the use of their own information in a way that protected them, while allowing their trading partners (i.e. the banks, governments, and regulators) to protect against global nastiness and crime. The concept was fresh and bold, and it aimed to follow in the footsteps of arguably one of the most successful corporate/bank joint efforts ever: the ISO 20022 standard.
The momentum from those conversations gained strength in Spring 2006, with teams and resources dedicated to small, agile pilots involving both corporates and banks, and software providers dipping their toes into the space. The energy was high, the innovation innovative and the focus was corporate-centric, with banks as the consumers of this new construct.
Fast forward to Fall 2012 and the story is completely different. The focus is no longer the corporate, now it is bank-centric. It is driven by the banks, their supporting industry utilities and their partners in the software space. The initial innovative structure is now corralled, tamed, and codified into a set of messaging standards.
To be clear, I have no issue with standards; indeed, I consider messaging standards to be a beautiful and powerful thing. They are definitely better than the mass of smoke signals and secret handshakes combined with mystic decoder rings that were the traditional hallmarks. However, the resulting ISO 20022 eBAM standards completely ignore the original problem: the need for corporates to protect themselves against the risk and exposure of having their most private information controlled by other entities.
In the grand scheme of the broader challenges facing corporates and banks today, does any of this matter? Is not the hype around eBAM a good thing in and of itself? Moreover, having said the ISO eBAM standards are such a big improvement, is that not enough? The answers to the three questions are, in order, yes, maybe and no. I will say more about the first question and the importance of the overall dialogue later, but first I want to address the second and third questions.
Hype is good because it raises awareness. It makes it easier for a treasurer to ask their boss for more resources or budget to help control the problem. It makes the space look more interesting to software firms, analysts, investors and venture capitalists which, in turn, can drive innovation. However, as often happens with hype, there is a negative side. In this case, the downside comes from the fact that the hype focuses on something that does not fundamentally solve the issue that led corporates to start this journey in the first place. As a result, the longer the hype continues, each sentence, presentation and quote drives another nail into the coffin of the original vision.
Moving to the question of standards and why the ISO eBAM standards in and of themselves are not enough, the most important point is this: standards, by their very nature, are an end, not a beginning. Once a standard has been established and implemented, movement around that standard becomes glacial. Standards allow other things to build on their foundations. By doing so, they fundamentally limit what can be built simply because their stability is crucial for everything that follows. Good standards incorporate that paradox in their construction. The current ISO eBAM standards assume a bank-centric view of the universe. That assumption undermines the original premise and limits the flexibility of the overall solution. That challenge highlights why this topic is so important, and points to my next question.
Should Banks Control eBAM?
It is easy to see why we ended up with a bank-focused eBAM solution. Banks must protect themselves from the massive fines handed out for failing to do the appropriate homework around their customers. They are the ones that actually open and close the bank accounts; they have the internal resources to focus on the process; they have the broadest common podium from which to speak; and they have the clearest regulatory mandate with which to comply. All of these facts are unassailable, and indeed, the actions of the banking community around eBAM derive from good and laudable intentions.
However, even the best of intentions have unintended consequences, some of them severe, for members of an ecosystem. And here is where the blues song builds to a crescendo, because the information that banks use for eBAM does not and should not belong to the bank. The information belongs to the corporate and its employees. Yet the current eBAM model has at its core the assumption that the information is the bank’s property. Its premise is that the bank, at its sole discretion, gets to decide what information is required, how the corporate will provide the information to the bank, how the information will be stored, how the corporate or bank will update the information, who will be able to view it and how all of the associated processes will be audited.
Is there any other example of a business process where corporates abdicate such a level of control around sensitive and critical information? Imagine, if you will, how companies would respond if they were required to provide copies of their trade secrets in order to be able to operate in a country or jurisdiction. The outcry would be deafening, with passionate assertions around how companies cannot operate if they cannot protect their most sensitive information. Yet corporates routinely do just that with the foundations of their identity and, perhaps more horrifying, with the foundations of the individual identities of their most trusted employees.
Charting the Course for a Corporate-centric eBAM
While eBAM as it stands in 2012 has a number of positive attributes, it has lost its original purpose and vision. The question is whether it is possible to chart a course back to the original vision without losing the valid progress. I might be an incurable optimist, but I believe that the possibility exists. It will not be easy, because much of the corporate-led momentum has been lost. But if we look at things through a slightly different lens, there are ways to refine the vision, whether at the level of an individual corporate or on a broader industry basis.
At the individual corporate level
Tell your bank that you want more control and oversight of the information that you are providing to them. If possible, find ways to actually prevent the information from leaving your control at all (for example, give banks the ability to view materials and documents, but not the ability to actually make or take copies). You may be pleasantly surprised to find that some very forward-thinking banks would rather not have your data. They are open to finding ways to avoid holding the data, provided they have some mechanism that demonstrates they have done the necessary review.
Get your house in order, putting in place either manual or electronic processes that store, track, and control the sensitive and/or confidential information that is used and/or requested by banks as part of their Know Your Customer (KYC) processes. Do not depend on the bank or your software provider to do it for you; take ownership and get it done now. Put processes in place and follow them.
Tell your regulators, congressional representatives, industry, lobbyists, and local peer groups to push for the original eBAM vision. Tell them that you are you do not want to continue to bear the exposure risk posed by the current eBAM model.
Do not accept something simply because it is better than doing nothing. If you buy eBAM software or solutions, lobby for changes that are beneficial for the corporate position.
At the industry level
Restart a corporate-centric eBAM group. In the ‘eBAM Spring’, the non-profit industry group TWIST did a fabulous job of fostering the corporate view. In today’s environment, organisations such as the Association for Financial Professionals (AFP) or specific industry groups such as the International Air Transport Association (IATA) routinely engage in similar discussions. Corporates as a group should have equal say in the decision, but have stopped speaking with a single voice; it is time to regain both that voice and the corporate-led momentum.
The original corporate-centric eBAM model did not sing the blues; rather it was a joyful noise. While dancing to it, corporates, banks, and software vendors all benefitted, as did regulators, and ultimately the entire commercial ecosystem. We should recapture that tune. I am guessing that I speak for many of us when I say I am tired of the blues.
Karen Wendel will be joining a roundtable entitled “Making your eBAM Project a Reality: A Journey to Practical Implementation”, with Anita Prasad, Microsoft; Thomas Hunt, AFP; Stacy Rosenthal, SWIFT; and Glen Solimine, JP Morgan Treasury Services, on Monday 15 October at 10.30-11.45am in room D231 at the AFP conference in Miami.
Tim de Knegt, treasurer for the Port of Rotterdam, discusses how he is looking to bring more value to the Port's clients using blockchain.
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.