Sunday, October 19, 2014

How to have successful Banking Transformation Project?


Some thoughts on how to succeed in Core Banking Transformation Project?




Vendor – Once implemented a core typically stays in place for a long time. It provides a primary support function to any financial institution, so select a vendor like you would select a wife or partner….for the long term :). Good relationship, understanding of each others business, can work through issues (as they will arise), trust and a clear well defined agreement. It must be win-win to be a partnership.

System – Select a system that has a good fit for your current and future needs – the core is a moving, growing system – over time new channels, products, and customers will emerge and the system has to be scalable and flexible enough to change, adapt and accommodate new requirements. No point selecting a system that matches today’s need spot on, that is impossible/expensive to adapt later. There will be change…

Scope - Keep the scope well defined. Having an agreed and proven approach to project change management will ensure the impact of change requests are understood and dealt with appropriately.

Leadership – The Executive team of the bank must understand that this is not a side-project. Don’t underestimate the effort required – it is surprising how many tenders come out with ‘explain how it will be a seamless transition’ – organisational change management is key – recognise that this is the opportunity to change outdated work practices, embrace new work methods, and tighten control – it will need drive from the top. The change of core is a test of leadership – it’s why many try to avoid this …

Processes – Use an industry-standard process reference model – and try and work out why you are not doing your process that way. Many BIAN members (http://www.bian.org ) process millions of actions using a standard process – and there probably is a good reason – work it out, don’t surrender to “the way we do it”

Look – Try and make sure the new system looks ‘better’ than the old one – chances are the green screen or winapp looked ‘old’ or ‘clunky’ to users – spend a little on the look to make people feel it is modern and nice. They are used to the Web 2.0 – at least make it look like it was designed this century…

Training – Ensure that all users receive sufficient training – get buy-in from staff – pick at least 5 things that really grate in current system and solve with the new (regardless of if they have to be developed). Be wary of the parallel run – if not well managed it just delays the moment they realize they have to use the new system – test the users in the dry run leading up to conversion.

Project- There must be a project sponsor who is willing and capable of driving the project through internal roadblocks – and it helps if they represent a key profit center. Have a project team with representation from the whole business. They need to be supported by HR/Training, change/comms, finance/contract and process engineers – not just capable technical and business staff. If need be support this with skilled external consultants with direct relevant experience – but recognize that the those paid by the day have a conflict of priorities…


Commercial terms – Plan well with your vendor/partner and expect the unexpected. Ensure you have sufficient budget and appropriate commercial terms to see the project through to completion


Actually, above facts are applicable to all the projects. But, few things are more specific to Banking Transformation project.

Wednesday, October 01, 2014

Difference between Tokenization and Encryption

What is the difference between tokenization and encryption?

A lot of the time, encryption and tokenization are being used interchangeably to describe the process of protecting data stored in the cloud. Although they both essentially have the same function, they are different processes and have different effects on the data they are protecting.

Tokenization

Tokenization substitutes a value with a random 'Token" value. Each individual value has its own token assigned, so no matter when that value is inserted, the same token will appear. The token values are then stored in the cloud.
To retrieve the original value, the token value is pulled from the cloud through the company's firewall where de-tokenization takes place. A dictionary of tokens is stored behind the firewall to replace the token value with the original value.

Encryption

Encrypted data obscures the value using an approved encryption algorithm. To reveal the original value, the user needs a secret key. This makes it impossible to reveal the true value to any unauthorized user.
There are many different ways to encrypt data, including private keys, public keys, SSL, and TLS. The encrypted data is then stored in the cloud. As the data is pulled from the cloud, the user can access the true data if they can access the secret key to decipher the data