A secure, streamlined process for the right price: at a time when customers are increasingly demanding and unpredictable, innovation has become a guiding light for banks. This is a major challenge that involves balancing product development, process security, data protection and regulatory compliance. Erwan Brouder, Deputy Head of Cybersecurity at Sopra Steria, gives us his analysis.
The top priorities are creativity, user experience and cost control. Over the last 20 years and more, the rise of digital technology and changing patterns of use have changed the paradigm for the banking sector, forcing market participants to dedicate considerable resources to digital-first strategies. Banks have thus found themselves on a par with tech firms, engaged in a never-ending quest for new services as they seek to anticipate market trends. “The sudden emergence of PayPal in 2004 was a shock: banks hadn’t anticipated the shift in usage patterns when it came to payments,” says Erwan Brouder, Deputy Head of Cybersecurity at Sopra Steria. “To avoid falling into the same trap again, they’re now making every effort to lead the way in innovation, including by hosting incubators within their own networks.”
Stringent regulations
While customers might want to treat financial products and services as just another consumer good, like in any other market sector, it’s important to remember that banks play a special role in the economy. They are therefore subject to regulations that are both stringent and constantly evolving, directly affecting their ability to innovate. “There’s a delay between the point when a bank comes up with an innovative solution and the point when it can actually bring that solution to market while complying with various sector-specific, national and European regulations,” points out Erwan Brouder.
“While being the first to offer an innovation gives a bank a serious competitive edge, the current race is more regulatory than technological. The key is to anticipate regulatory changes so as to be the first to bring to market new services and solutions that are both innovative and compliant.”
Steering clear of systemic risks
Another hurdle to overcome is the need to manage new risks arising from technological change. “All innovation has the potential to create new areas of vulnerability and thus new risks,” warns Brouder. “It’s essential to very quickly upgrade security systems to ensure the institution remains resilient and maintains its status as a trusted third party.” Indeed, banks face a dual challenge: as well as protecting their customers from fraud and the theft of personal data by ensuring that transactions are secure and confidential, they have to protect themselves against the risk of systemic failure.
In an age of hyperconnectivity, banks’ resilience is being put to the test as never before – especially with many partners, and even customers themselves, sometimes prioritising ease of use over security. One example is the way some e-commerce websites store bank card numbers. [As noted in Sopra Steria’s “Innovation and resilience: do we have to choose?” white paper,] pursuing innovation within a framework of trust means being willing to call into question the workings of the financial ecosystem as a whole. European regulators took up the issue by passing the Digital Operational Resilience Act (DORA). “This regulation, which entered into force in January 2024, helps safeguard against systemic risks by requiring banks, in particular, to monitor security measures adopted by their partners,” explains Erwan Brouder. At the same time, banking-sector players are investing massively in digital security training and awareness-raising for their staff.
Countering the rise of the tech giants
What makes the issue of trust – the cornerstone of the relationship between a bank and its customers – even more critical is that non-bank operators like the tech giants are eager to capture market share by launching payment and financing services essentially focused on ease of use. “If banks want to stay ahead, they have no choice but to remain at the cutting edge of not only innovation but also security,” comments Erwan Brouder.
Sopra Steria’s team of dedicated financial-sector experts is helping banks build their future business models. “The first step is to be constantly monitoring the regulatory environment so as to anticipate future changes,” explains Brouder. “We also assess banks’ current compliance status and help them run projects to transform their information systems and put in place control processes for financial institutions and their partners.” The aim is to enable banks to continue to enhance the services and solutions they offer while also making them more resilient.