Systems that manage a bank's information are critical to its survival, and leaving those systems stagnant for years can put a bank at risk.
Building a secure, lasting infrastructure for a bank's information is like building a house—it requires a solid foundation. An enterprise content management system, which stores and manages all of a bank's data and records, acts as this foundation, ensuring the integrity of everything built upon it. When a crack appears, the entire house is at risk.
Why enterprise content is critical
Enterprise content management (ECM) is used to capture, curate, store, distribute, discover, and manage content, such as electronic documents, statements, email, reports, etc. The point is to enable organizations to deliver relevant content to users in the appropriate context when and where they need it.
Like a foundation that's been left to decay, a legacy ECM system can jeopardize a bank's health. Such systems lack the flexibility and capability to evolve as new technologies and regulations disrupt the industry. Highly regulated industries like banks can easily be paralyzed by these systems, unable to move at an agile pace within the boundaries of compliance, profit, and bureaucracy of their organizations.
According to Gartner, if "IT modernization" efforts are not prioritized, banks can quickly fall behind.
Teams responsible for ECM systems in an organization should communicate shortcomings that might affect the well being of the business as a whole.
If you suspect there may be a risk in your bank, step back and take inventory of your infrastructure's health. As a starting point, determine whether or not your systems are facilitating or hindering objectives associated with critical business goals and requirements.
Looking at your current ECM system, there are a few key questions you can ask.
1. Is my current system hindering my customer service?
Legacy ECM systems were not designed with ease-of-use in mind. They were utilitarian in nature, designed to manage the lifecycle of data. Interoperability was not a concern, which led to an inherent problem of disparate silos and duplicated processes. It's only recently that ECM has seen a shift toward usability and interoperability.
Modern ECM systems have been designed to interoperate with one another and with other essential systems responsible for core banking, like e-presentment solutions; EPARS (Electronic Process for Automated Remittance Services); customer interaction; and ERP (enterprise resource planning) systems. All of these systems work together for a key purpose: improved customer engagement.
2. Do I have the ability to see a 360-degree view of my customer's experience?
If you want to see all of the touch-points of a customer's interactions, a legacy system will be very slow to turn around this type of request. Modern systems, however, can easily curate a customer’s journey in real-time and present it consistently, regardless of the device or calling system.
In some instances, an ECM system might interoperate with hundreds of different systems through flexible interfaces and APIs because so many aspects of a bank's customer service draw from the information stored within these systems.
3. Can my current ECM system absorb the increased content load from a merger or acquisition?
In a merger, everyone arrives with their own ECM vendor. In consolidating two institutions running two different systems, you’re facing a few different issues: interoperability, duplicated processes, and an increase in content load—the last of which is a significant challenge for many legacy systems.
Flexible scalability has not always been a priority for legacy ECM vendors, and this becomes painfully obvious during a merger. Consolidation projects can be navigated relatively easily if your ECM system is able to absorb the additional incoming content and streamline redundant processes between the two systems.
4. Is my current system able to secure, compress, and encrypt data in comparison to my preferred, cost-effective platform?
Consumer protection and cyber threats are widespread concerns today. The increasingly stringent regulations of the Payment Card Industry Data Security Standard (PCI DSS) specify a number of compliance requirements aimed at protecting consumer data. As a simple example, banks are required to encrypt data both stored at rest and in transit—conditions that many legacy ECM systems cannot satisfy without compromising performance by applying workarounds.
Applying bandages to legacy systems that aren't able to meet compliance challenges leads to compounding burdens on administration and maintenance. Meeting business continuity, scalability, interoperability, and security requirements within your legacy ECM systems is unnecessarily complex. Couple this with outdated software that can't tackle modern security risks, and you end up with a reactive environment—a breeding ground for disaster.
Hackers’ attacks coded decades ago still work on these stagnant legacy systems, putting sensitive data at risk. Every year we see new examples of security breaches that have jeopardized millions of customer records. Incident response simulations—where security professionals are pitted against your system—are a great practice to assess the current state of your infrastructure security, of which your ECM system is a big piece.
Securing your bank’s most valuable asset, customer information, is just the first step. You also need to ensure that it is always available, to the appropriate people. The downtime of mission-critical ECM systems can be tremendously costly. For large banks, downtime can easily amount to $10,000 per minute.
If your bank is at risk, what to do?
If the result of evaluating your existing ECM systems reveals shortcomings or risks, don't panic. Approach this daunting challenge with the understanding that it won't be solved in a day. You wouldn't try to rip out and swap the foundation of your entire house instantaneously; don't attempt it with your ECM system either.
Aim for a gradual process, evolving with the changing nature of technology and compliance—as well as your business goals. ECM should not be a set-it-and-forget-it strategy. Banks should evaluate their systems and rate them annually.
Taking this approach can prevent setting up the bank for another dead end down the road. Look at your future goals and determine your information management strategies. Where are you going with mobile and other digital business technologies? Do you need to accommodate an analytics system? Factor in any likely future essentials for a system that evolves with your needs.
Like a foundation, an ECM system should be carefully constructed and routinely checked. If you start being proactive and particular about your bank's ECM strategy, you'll soon notice that every area of your organization will become stronger and more secure.
About the author
Pat Sheehan is vice-president of development at Systemware, Inc., a leading ECM vendor.