Google and IBM are stepping up their efforts to provide cloud-based software to banks.
Google is just getting into the business of supplying software to banks. It launched its first-ever software product for the financial services industry this week, a mortgage program called Lending DocAI. The company hints there will be more financial services-specific releases to come. Google has also recently hired high-profile executives away from U.S. Bank and Citigroup to lead this effort.
IBM has been selling technology to banks for decades. Its mainframes are still in use at most large banks. The company, which announced cloud technology for financial services last year, plans to release new security and compliance controls to its Financial Services Cloud offering later this month. These are designed to help banks develop and deploy applications that can run safely on any cloud.
Both companies recognize that banks feel added pressure to adopt lower-cost cloud solutions this year. For one thing, they’ve been forced to go mostly digital during the pandemic and therefore need to quickly modernize and adapt to offer new services and to handle spikes in volume. For another, net interest margins continue to diminish, creating a need for greater efficiency. Cloud-based software can cost around 30% less to run than software used in a bank's own data center.
“The pandemic has laid bare what banks always knew,” said Mike Abbott, senior managing director at Accenture, which consults with banks on cloud projects. “They knew they were going to get to the cloud at some point, but they're all looking at, how do you make 2025 happen now?”
A major driver now is the need for flexibility, Abbott said. Use of a cloud lets companies quickly add capacity to easily meet spikes in demand without having to spin up new servers.
“It makes a lot of sense when you see surges — think of all the phone calls that came in,” Abbott said. Cloud adoption has allowed banks to do things like set up a virtual call center in a matter of days, he said.
Google's entree into mortgage tech
Google’s new mortgage technology, Lending DocAI, handles the imaging and extraction of information from mortgage documents.
With this product, the company is taking on mortgage origination software providers like Blend (which has 250 bank customers of its digital lending platform) and document-imaging and entity-extraction software like the popular Ocrolus, which many banks use to handle document and workflow in lending, invoicing, fraud detection and other tasks.
“Lending DocAI helps every aspect of the mortgage business by reducing the process time for mortgages, by streamlining data capture and by supporting regulatory and compliance requirements,” said Derek White, a former chief digital officer at U.S. Bank who is now vice president of global financial services at Google. He was hired in September, three months after Google recruited former Citi FinTech CEO Yolande Piazza to lead Google Cloud’s North American financial services sales and customer engineering teams.
The software uses artificial intelligence to parse the data in documents, and verify that it is accurate and ties back to the person applying for the loan. It runs in Google Cloud. It's partly the result of a collaboration with Roostify, provider of a point-of-sale digital lending platform.
White said Google chose to make its first product for banks about mortgages because “when you look at the mortgage experience for a homebuyer, that's the biggest investment decision of many people’s lives.”
The company is using artificial intelligence to “simplify what is a big and potentially stressful experience for them,” White said.
It's not uncommon for a homebuyer to provide up to 10 documents in the mortgage process. That can equate to about 300 pieces of paper, which can cost about $10,000 to process, White said.
Google’s technology will convert the paper to computer-readable text that can be fed into workflows.
Then the company could turn to other, similar use cases in banks.
“We're seeing massive demand,” White said. “One of the big learnings out of COVID in financial services is the opportunity to crush paper and to convert documents into data. That carries across every institutional business in banking. We're starting with mortgages, but have the intent of extending it to all document types across financial services and other industries in the United States and across the globe.”
IBM's cloud controls for banks
IBM has been working on its Financial Services Cloud software for more than a year.
Last November, it announced that it was working with Bank of America to develop what Chief Operating and Technology Officer Cathy Bessant has called a “cocoon” of controls that the bank would need to have in place before it would put critical applications in the cloud.
In July, BNP Paribas said it had begun to deploy IBM’s Financial Services Cloud. Around the same time, IBM also announced the formation of a banker advisory council and of IBM Research Cloud Innovation Lab.
This week, Gosia Steinder, IBM fellow and research scientist leading IBM's cloud efforts for the finance sector, said in an interview that later this month the company plans to launch a set of security and compliance controls for banks that want to run applications in a cloud environment. These will include technologies created by IBM Research to help developers automatically identify security and compliance problems and in some cases remediate these problems automatically.
“What is new is the kinds of controls we built and how we built them,” Steinder said. “This is motivated by what we see as key problems companies face when they move to cloud.”
Problem No. 1 is securing a workload on a computer that’s owned and managed by someone else, she said.
“That fundamentally changes the security posture,” Steinder pointed out. “That comes with risk that you want to mitigate in some way.”
The second issue is that as enterprises move to the cloud, they are also changing development processes and shifting more responsibility for security and compliance to development teams, she said.
“You need to think from the perspective of how the development teams are going to implement security and compliance controls in a way that doesn't affect productivity,” Steinder said. This is sometimes called DevSecOps or Shift Left, she said.
The third problem IBM researchers have identified is the challenge of managing the compliance process itself.
“That’s also something that needs to change as you move to cloud, because rigid Word documents, spreadsheets and checklist-based processes do not work with agile development methodology,” Steinder said. “So in these three areas, we have invested a lot of time and effort to provide some more innovative solutions.”
For instance, some of the new controls will discover vulnerabilities in software. Others will check the configuration of software and containers a bank is using.
Still others will fall under the category of “compliance infrastructure as code.”
“This is a big trend of codifying your entire deployment topology of applications,” Steinder said.
IBM recommends that clients use Terraform, an open-source tool for provisioning and managing infrastructure. IBM’s Cloud Risk Advisor controls will then analyze everything within Terraform to discover security and compliance issues.
“As a result of doing this, we can discover problems before applications are even deployed to the cloud and inform developers about these problems and have them fix them,” Steinder said. “It's a very strong preventative mechanism for application deployment in cloud.”
For example, in the Capital One-Amazon Web Services data breach, a hacker took advantage of a misconfiguration in a web firewall the bank’s developers had built.
“That's the type of problem that one can identify by looking at the configuration of a Terraform template,” Steinder said. These controls could also find mistakes in login configuration and data storage.
