A smooth journey at the best price and in complete security: faced with the growing demands of increasingly fickle customers, innovation has become the credo of banks. A major challenge, because it involves reconciling the evolution of the offer, process security, data protection and regulatory compliance. Analysis by Erwan Brouder, Deputy Cybersecurity Director at Sopra Steria.
Priority to creativity, user experience and cost control. For over 20 years, the rise of digital technologies and changing usage patterns have been reshuffling the cards in the banking sector, forcing local players to mobilize considerable resources in digital-first strategies. Banks have thus become real technology companies, constantly looking for new services to anticipate changes in their markets. "The emergence of Paypal in 2004 was a shock, because banks had not anticipated the evolution of payment usage patterns," analyzes Erwan Brouder, Deputy Cybersecurity Director at Sopra Steria. "To avoid experiencing this phenomenon again, they now want to be at the forefront of innovation, including by hosting incubators in their own networks."
A binding regulation
If customers intend to consume financial products and services like those of any other commercial sector, we cannot forget that banks occupy a special place in the economy. As such, they are subject to regulations that are as restrictive as they are changing, which directly impacts their ability to innovate. "There is a gap between the moment when a bank innovates on a solution, and the moment when it can launch it on the market while complying with the various sectoral, national or European regulations," points out Erwan Brouder.
"While being the first bank to offer an innovation offers a choice advantage over the competition, the race today is less technological than regulatory. The challenge is to anticipate changes in the texts to be the first to market innovative and compliant offers."
Avoiding systemic risks
Another pitfall to overcome: controlling the new risks induced by technological developments. "Any innovation is likely to create new attack surfaces, and therefore new risks," warns Erwan Brouder. "It is essential to develop security systems very quickly to guarantee the resilience of the institution and maintain its status as a trusted third party." Banks are indeed subject to a dual challenge: protecting their customers against fraud or theft of personal data by guaranteeing the reliability and secrecy of transactions, but also protecting themselves against risks of systemic failure.
In the era of hyper-connectivity, the necessary resilience of banks is being tested more than ever. Especially since many partners, and even customers themselves, sometimes prioritize ease of use over security. This is demonstrated, for example, by the storage of bank card numbers on e-commerce sites. As noted in the white paper published by Sopra Steria, "Innovation or resilience, should we choose?", the pursuit of innovation in a framework of trust requires a rethinking of the functioning of the entire financial ecosystem. Regulators have taken up the subject by promulgating the Digital Operational Resilience Act (DORA), a European regulation on the digital operational resilience of the sector. "Applicable since January 2024, this regulation helps prevent systemic risks by requiring banks, in particular, to monitor the security measures applied by their partners," explains Erwan Brouder. At the same time, players in the sector are investing massively to train and raise awareness among their teams about digital security issues.
Countering the rise of GAFAM
The question of trust, the keystone of the relationship between banks and their customers, is all the more pressing as extra-banking players such as GAFAM intend to capture market share by launching payment or financing services largely geared towards ease of use. "To stay ahead of the curve, banks have no choice but to stay at the forefront of innovation and security," analyzes Erwan Brouder.
At Sopra Steria, the team of experts dedicated to the financial sector helps banking institutions build their business model of tomorrow. "Starting with constant monitoring of the regulatory environment to anticipate future developments," explains Erwan Brouder. "Our missions also consist of drawing up an inventory of an institution's compliance and supporting it in its projects to transform information systems and set up control processes for financial institutions and their partners." Enough to enable banks to continue to enrich their offering while strengthening their resilience.