Banking has historically been one of the business sectors most resistant to disruption by technology. Since the first mortgage was issued in England in the 11th century, banks have built robust businesses with multiple moats: ubiquitous distribution through branches; unique expertise such as credit underwriting underpinned by both data and judgment; even the special status of being regulated institutions that supply credit, the lifeblood of economic growth, and have sovereign insurance for their liabilities (deposits). Moreover, consumer inertia in financial services is high. Consumers have generally been slow to change financial-services providers. Particularly in developed markets, consumers have historically gravitated toward the established and enduring brands in banking and insurance that were seen as bulwarks of stability even in times of turbulence.
The result has been a banking industry with defensible economics and a resilient business model. In recent decades, banks were also helped by the twin tailwinds of deregulation (in a period ushered in by the Depository Institutions Deregulation Act of 1980) and demographics (for example, the baby-boom generation came of age and entered its peak earning years). In the period between 1984 and 2007, US banks posted average returns on equity (ROE) of 13 percent. The last period of significant technological disruption, which was driven by the advent of commercial Internet and the dot-com boom, provided further evidence of the resilience of incumbent banks. In the eight-year period between the Netscape IPO and the acquisition of PayPal by eBay, more than 450 attackers—new digital currencies, wallets, networks, and so on—attempted to challenge incumbents. Fewer than 5 of these challengers survive as stand-alone entities today. In many ways, PayPal is the exception that proves the rule: it is tough to disrupt banks.
The fintech moment
This may now be changing. Our research into financial-technology (fintech) companies has found the number of start-ups is today greater than 2,000, compared with 800 in April 2015.1 Fintech companies are undoubtedly having a moment (Exhibit 1).
Globally, nearly $23 billion of venture capital and growth equity has been deployed to fintechs over the past five years, and this number is growing quickly: $12.2 billion was deployed in 2014 alone (Exhibit 2).
So we now ask the same question we asked during the height of the dot-com boom: is this time different? In many ways, the answer is no. But in some fundamental ways, the answer is yes. History is not repeating itself, but it is rhyming.
The moats historically surrounding banks are not different. Banks remain uniquely and systemically important to the economy; they are highly regulated institutions; they largely hold a monopoly on credit issuance and risk taking; they are the major repository for deposits, which customers largely identify with their primary financial relationship; they continue to be the gateways to the world’s largest payment systems; and they still attract the bulk of requests for credit.
Some things have changed, however. First, the financial crisis had a negative impact on trust in the banking system. Second, the ubiquity of mobile devices has begun to undercut the advantages of physical distribution that banks previously enjoyed. Smartphones enable a new payment paradigm as well as fully personalized customer services. In addition, there has been a massive increase in the availability of widely accessible, globally transparent data, coupled with a significant decrease in the cost of computing power. Two iPhone 6s handsets have more memory capacity than the International Space Station. As one fintech entrepreneur said, “In 1998, the first thing I did when I started up a fintech business was to buy servers. I don’t need to do that today—I can scale a business on the public cloud.” There has also been a significant demographic shift. Today, in the United States alone, 85 million millennials, all digital natives, are coming of age, and they are considerably more open than the 40 million Gen Xers who came of age during the dot-com boom were to considering a new financial-services provider that is not their parents’ bank. But perhaps most significantly for banks, consumers are more open to relationships that are focused on origination and sales (for example, Airbnb, Booking.com, and Uber), are personalized, and emphasize seamless or on-demand access to an added layer of service separate from the underlying provision of the service or product. Fintech players have an opportunity for customer disintermediation that could be significant: McKinsey’s 2015 Global Banking Annual Review estimates that banks earn an attractive 22 percent ROE from origination and sales, much higher than the bare-bones provision of credit, which generates only a 6 percent ROE (Exhibit 3).2
Fintech attackers: Six markers of success
While the current situation differs from the dot-com boom, the failure rate for fintech businesses is still likely to be high. However, in a minority of cases, fintechs that focus on the retail market will break through and build sustainable businesses, and they are likely to profoundly reshape certain areas of financial services—ultimately becoming far more successful than the scattered and largely subscale fintech winners of the dot-com boom. Absent any mitigating actions by banks, in five major retail-banking businesses—consumer finance, mortgages, lending to small and medium-size enterprises, retail payments, and wealth management—from 10 to 40 percent of bank revenues (depending on the business) could be at risk by 2025. Attackers are likely to force prices lower and cause margin compression.
We believe the attackers best positioned to create this kind of impact will be distinguished by the following six markers:
Advantaged modes of customer acquisition
Fintech start-ups must still build the most important asset of any business from scratch: customers. Banks already have them, and attackers will find it difficult to acquire them cost-effectively in most cases. Fintech attackers are subject to the same rules that apply to any e-commerce businesses. Over time, a key test of scalability is that gross margins increase while customer-acquisition costs decrease. During the dot-com boom, eBay, a commerce ecosystem with plenty of customers, was able to reduce PayPal’s cost of customer acquisition by more than 80 percent. Fintech attackers this time around will need to find ways to attract customers cost-effectively. In the payments point-of-sale (POS) space, several fintech attackers, such as Poynt and Revel, are seeking to capitalize on an industry disruption—the rollout of EMV (Europay, MasterCard, and Visa—the global standard for chip-based debit- and credit-card transactions) in the United States and the resulting acceleration of POS replacement cycles. They are attempting to leverage distribution from merchant processors and others with existing merchant relationships to acquire merchants as customers more quickly and less expensively than would otherwise be possible.
Step-function reduction in the cost to serve
The erosion of the advantages of physical distribution makes this a distinctive marker for the most disruptive fintech attackers. For example, many fintech lenders have up to a 400-basis-point cost advantage over banks because they have no physical-distribution costs. While this puts a premium on the importance of the first marker, it also enables fintech businesses to pass on significant benefits to customers with regard to cost and time to process loan applications.
Innovative uses of data
Perhaps the most exciting area of fintech innovation is the use of data. For example, several players are experimenting with new credit-scoring approaches—ranging from looking at college attended and majors for international students with thin or no credit files to trust scores based on social-network data. Many of these experiments will fail, stress-tested by credit and economic cycles (it is not hard to lend based on different underwriting criteria when times are good; the hard part is getting the money back when times are tough). But big data and advanced analytics offer transformative potential to predict “next best actions,” understand customer needs, and deliver financial services via new mechanisms ranging from mobile phones to wearables. Credit underwriting in banks often operates with a case-law mind-set and relies heavily on precedent. In a world where more than 90 percent of data has been created in the last two years, fintech data experiments hold promise for new products and services, delivered in new ways.
The most successful fintech attackers will not begin by revolutionizing all of banking or credit. They will cherry-pick, with discipline and focus, those customer segments most likely to be receptive to what they offer. For example, Wealthfront targets fee-averse millennials who favor automated software over human advisers. LendingHome targets motivated investment-property buyers looking for cost-effective mortgages with an accelerated cycle time. Across fintech, three segments—millennials, small businesses, and the underbanked—are particularly susceptible to this kind of cherry-picking. These segments, with their sensitivity to cost, openness to remote delivery and distribution, and large size, offer a major opportunity for fintech attackers to build and scale sustainable businesses that create value. Within these segments, many customers are open to innovative, remote fintech approaches not offered by traditional banks.
Leveraging existing infrastructure
Successful fintech attackers will embrace “coopetition” and find ways to engage with the existing ecosystem of banks. Lending Club’s credit supplier is Web Bank, and PayPal’s merchant acquirer is Wells Fargo. In the same way that Apple did not seek to rebuild telco infrastructure from scratch but instead intelligently leveraged what already existed, successful fintech attackers will find ways to partner with banks—for example, by acquiring underbanked customers that banks cannot serve, or acquiring small-business customers with a software-as-a-service offering to run the business overall while a bank partner supplies the credit. Apple Pay offers a template for this: with tokenization capabilities supplied by the payment networks, it seeks to provide an enhanced digital-wallet customer experience in partnership with banks.
Managing risk and regulatory stakeholders
Fintech attackers are flying largely under the regulatory radar today, but they will attract attention as soon as they begin to attain meaningful scale. Those that ignore this dimension of building a successful business do so at their own peril. Regulatory tolerance for lapses on issues such as anti-money-laundering, compliance, credit-related disparate impact, and know-your-customer will be low. Those fintech players that build these capabilities will be much better positioned to succeed than those that do not. More broadly, regulation is a key swing factor in how fintech disruption could play out. Although unlikely to change the general direction, regulation could affect the speed and extent of disruption, if there were material shocks that warranted stronger regulatory involvement, such as cybersecurity issues with leading fintechs. The impact could also vary significantly by country, given different regulatory stances, such as Anglo-Saxon regulation on data usage versus other EU countries, payments-system directives in Europe that cause banks to open up their application programming interfaces to nonbanks, Brazil’s regulatory stance on peer-to-peer lending, and stricter regulation in some Asian markets.
As with disruptors in any market, the ultimate test of whether a fintech player succeeds or fails is whether these six markers combine to create a sustainable new business model. Consider what inventory means for Netflix or what storefronts are for Amazon. A successful business model would change the basis of competition and drive revenues differently; for example, data advantages may be more important than distribution, and revenues may not rely on traditional banking spread and fee economics. Despite what is likely to be a high failure rate among fintechs, the small number of winners will have a business-model edge that sustains them through economic and credit cycles and helps them build enduring brands.
Banks: Six digital imperatives
Banks are subject to a lot of noise about fintechs today. Optimism regarding technology is at a high, mobility is widely regarded as a game changer, and vast amounts of capital are being deployed in fintechs. Banks may be tempted to dismiss the noise entirely, or they may panic and overreact. We recommend a middle ground that focuses on separating the signals that are truly important from the noise. Specifically, this means that banks should be less preoccupied with individual fintech attackers and more focused on what these attackers represent—and build or buy the capabilities that matter for a digital future (Exhibit 4).
Use data-driven insights and analytics holistically across the bank
Attackers powered by data and analytics—be they fintechs, large consumer ecosystems (such as Apple, Facebook, and Google), or some of the more progressive financial institutions—are opening up new battlegrounds in areas like customer acquisition, customer servicing, credit provision, relationship deepening through cross-sell, and customer retention and loyalty. Consider the provision of credit—one of banking’s last big moats. Access to large quantities of transaction data, underwriting and custom-scoring customers for creditworthiness, understanding and managing through credit and economic cycles—these are unique assets, skills, and capabilities that banks have built and leveraged over centuries. But now the large-scale availability of new and big data (and the fact that banks no longer have a monopoly on such data) is pushing banks to radically transform just to keep up. Building a comprehensive data ecosystem to access customer data from within and beyond the bank, creating a 360-degree view of customer activities, creating a robust analytics-and-data infrastructure, and leveraging these to drive scientific (versus case-law-based) decisions across a broad range of activities from customer acquisition to servicing to cross-selling to collections—all are critical to a bank’s future success.
Create a well-designed, segmented, and integrated customer experience, rather than use one-size-fits-all distribution
The days of banking being dominated by physical distribution are rapidly coming to an end. The proliferation of mobile devices and shifting preferences among demographic groups mean that customers expect more real-time, cross-channel capabilities (such as status inquiries and problem resolution) than ever before. Physical distribution will still be relevant but far less important, and banks must learn to deliver services with a compelling design and a seamless unconventional customer experience. Banks must recognize that customer expectations are increasingly being set by nonbanks. Why does a mortgage application take weeks to process? Why does it take an extra week (or two) to get a debit card online versus in a branch? Why can’t a customer make a real-time payment from his or her phone to split a dinner check? Banks need to respond to these questions by improving their customer experience and meeting their customers’ changing expectations. Financial services is the only business where you can be rejected as a customer. In an age where mobile devices provide real-time transparency on just about everything, it is critical to provide customers with information about the status of an application or what other documents are required. Account balances must be consistent across channels, and banks should consider the real-time updating that an on-demand app such as Uber provides and aim to deliver that level of transparency when it matters. Such innovation provides opportunities for banks to improve and differentiate their customers’ cross-channel and cross-product experiences.
Build digital-marketing capabilities that equal e-commerce giants
Today, banks are in a fight for the customer, not only with other banks but also with nonbanks. The moats that have historically protected banks will not even begin to compensate for the wide gap in marketing skills that currently exists between e-commerce players and banks. Big data and the advanced-analytics capabilities described above are merely the foundation of digital marketing. Mastering digital media, content marketing, digital customer-life-cycle management, and marketing operations will be critical to banks’ success. Building these capabilities and recruiting and retaining digital-marketing talent will require considerable time and investment.
Aggressively mitigate the potential cost advantage of attackers through radical simplification, process digitization, and streamlining
After the last dot-com boom, banks successfully electronified core processes. Now they must digitize them. The difference is crucial—an electronic loan-processing and fulfillment process at a bank largely implies the sharing and processing of PDF files of paper documents. We estimate that the majority of the cost of processing a mortgage is embedded in highly manual loops of work and rework. Digitizing a mortgage application would involve creating and manipulating data fields, such as borrower income and liabilities, in a largely automated manner in the cloud. This would be a multiyear process for banks, as it would require the integration of multiple legacy systems and potential replatforming to enable truly digitized processes. Simplification, digitization, and streamlining opportunities exist across large swaths of banking operations. The sooner banks attack these opportunities, the more prepared they will be to compete with fintech attackers that have a structurally lower cost base. New technologies will offer banks opportunities to test and scale to achieve efficiencies. For example, as the hype surrounding Bitcoin currency fades, it is clear that the “baby in the bathwater” may well be distributed ledger technologies that enable more cost-effective storage and rapid clearing and settlement of transactions in the banking back office.
Rapidly leverage and deploy the next generation of technologies, from mobile to agile to cloud
The technology agenda for banks and bank CIOs has become even more demanding and complex. First and foremost, “mobile first” is not just a buzzword—it is the clearest directive banks could receive from consumers about how they want to interact with their service providers. Second, banks must fortify not only their technologies, but also their internal processes and cultures, to defend customers’ data from breaches. Third, the pace of innovation in banking is accelerating rapidly, requiring banks to increase their speed to keep up, including software development through techniques such as agile and continuous delivery. Finally, significantly faster, nimbler, and dramatically lower-cost versions of processing and storage technologies are now commonplace. Banks need to move onto such platforms, retiring and replacing legacy systems quickly. Since such systems are neither easily nor quickly replaced, many banks may choose to move to a “two-speed architecture” approach that builds more flexible layers of technology on top of existing systems but still draws on and interacts with those systems to provide the next generation of technology agility and seamless customer experiences. From providing truly scalable application architecture with a particular emphasis on mobile to addressing the cybersecurity threats they face every day to learning agile delivery and modernizing their infrastructure, banks have a challenging but important road ahead in building next-generation-technology capabilities.
Rethink legacy organizational structures and decision rights to support a digital environment
The typical organization chart of any bank will show a matrix of products and channels, with physical distribution usually leading in size and scope. The profits and losses (P&Ls) that accompany these matrices vest power in the owners of the channels and products that are most likely to be in the firing line of fintech attackers. These attackers are typically oriented to customer metrics tied directly to their financial performance. In contrast, most banks have consensus-oriented cultures that require a long time to build alignment. Banks must complement their existing P&Ls with approaches that enable faster adaptability to external changes, and foster cultures that support speedier decision making. Banks must think hard about how best to organize to support the five preceding imperatives, asking what organizational structure and decision rights will most effectively support a data- and insight-driven operating model, a distinctive customer experience, digitized processes for greater efficiency, and next-generation-technology deployment. What innovations should take place within the bank? What should be developed in incubators or even in separate digital banks under separate brands? Should the bank have separate laboratories or a venture-capitalist-like investment vehicle to be able to experiment with new technologies?
Taken together, these six imperatives carry the same overall implication for banks as the six markers do for fintechs: a long-term shift in the nature of competition and successful business models. An overarching challenge for banks is how to “open up” structurally—with respect to how they leverage partnerships and how they permit other entities to access their capabilities. Those banks that pursue a thoughtful approach to meeting this challenge will be best positioned to evolve their business models and find new sources of value for their customers while performing well financially.
The age of fintechs is here. Will this time be different from the dot-com boom? Will most fintech attackers fail? Will the few attackers who succeed fundamentally reshape banking? Regardless of the odds of success for individual fintech attackers, banks must seek important signals amid the fintech noise in order to reposition their business models and cultures for success. There is no time to lose.