Pub. 1 2012 Issue 7

16 l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s DEPLOYING MOBILE DEVICES ACROSS THE BANK: RISKS AND REWARDS B ANKERS USE MOBILE TECHNOLOGY IN MANY different ways. Some limit themselves to making phone calls and checking e-mail on bank-issued smartphones while oth- ers use their own devices to listen to music, take photos, get driving directions and communicate with family members. A growing number of bankers use mobile devices to make customer presentations. There are over 700,000 “apps” available and bankers are discovering new ways to use these tools to be more productive. However, there are risks associated with this new technology and bank management needs to understand and address these risks as part of a comprehensive, ongo- ing mobile strategy. Let’s look at a hypothetical, tech-savvy banker named Charlie. Charlie has enjoyed a high degree of success by embracing new technologies early and using them to provide a superior level of customer service. This sets him apart from his competitors. He always has the newest gadgets and customers really look forward to his presentations. Charlie invested in a new iPad. He bought a pocket-sized LCD projector that is rechargeable and can project a bright, clear image on any surface. Charlie can now give customer presentations anywhere. Charlie wants to customize his iPad presentations with actual customer data. He asks his bank I/T department if they can help him figure out the best way to do this. The I/T department tells Charlie that they are swamped with projects and that a hiring freeze makes it impossible for them to accommodate special requests like his. Undeterred, Charlie goes online and discovers that he can subscribe, for free, to a variety of personal cloud storage services. One of them catches his eye. It seems to offer plenty of free storage and Charlie remembers one of his neighbors saying good things about it. Charlie provides his information and clicks on the “register” button. A document of terms and conditions (27 pages long) appears on the screen. Charlie quickly clicks the “I have read and agree to all terms and condi- tions” button and he’s all set. Charlie uploads a variety of bank documents to the cloud service. Then, when he is at a customer location, he can quickly download that customer’s information to his iPad and make a crisp, customized pre- sentation. Everybody is happy. Let’s step back for a moment and look at what just happened. Charlie, on his own, signed up for a service that he knows very little about. He attested that he read and understood a set of terms and conditions that he did not actually read and certainly does not understand. Buried in the 27 page document are three items worth noting. First, Charlie attests that he is an official representative of his company (the bank) and has full authority to bind the bank to legal contracts. Second, Charlie agrees that, in the event of a security breach, regardless of cir- cumstances, the maximum liability of the cloud service is $20.00. Third, Charlie agrees that the cloud service may share any uploaded data with its partners, licensees and other parties. What began as an earnest effort to provide superior service to the bank’s customers has now potentially exposed the customers’ most sensitive personal financial information to an unknown audience. The mobile universe, while brimming with opportunities and creative solutions, is fraught with potential dangers. Banks need to develop comprehensive mobile strategies that maximize opportunities and mitigate risks. A mobile technology team should be as - sembledwith representation fromall areas of the bank, including compliance. The team should be kept in place as mobile technology is brand new and will grow and change over time. A final decision maker should be appointed. Most banks find that there are conflicting opinions as to which projects should be done first.Adecision maker breaks stalemates and prevents inaction. Once a strategy is in place, policies need to be developed. Will the bank provide mobile devices or is “bring your own device” (BYOD) the best way to go?Will the bank subsidize the cost of employees’personal devices? How? Will customer information be stored on mobile devices? If so, how will it be secured? When an employee has questions, will the bank’s help desk be the first place they go or the last? Will the help desk support any and all mobile devices or only those on a pre-approved list? If an employee uses their personal device for business use, are there any restrictions? Can they download whatever music and videos they choose and risk malware infections? Can they “jailbreak” their personal phone and still access the bank’s system? Asound mobile strategy and its associated policies require an appropriate investment of time and resources. Allowing employees to venture into the mobile world on their own is not fair to them and creates potentially serious risks for the bank and its customers. Once a game plan is implemented, it is important to track results. How has productivity increased? Howmuch money has been saved? Howmany new customers did we attract? Significant cost savings can be realized through mobile technology. Many banks now put board meeting packages on iPads instead of printing out thick binders ofmaterial eachmonth.The savings are significant and easilymeasured. Others send internal reports directly to employees’mobile devices and are able to eliminate 10% or more of their printers. The list goes on. The mobile universe holds great potential. Banks that plan properly will be able to deliver real value to their customers in a safe and profitable way. Jack Vonder-Heide is one of America’s leading experts on technology and its associated risks. He will be a keynote speaker at KBA’s Bank Technology Conference & Showcase on February 19-20 in Topeka. Jack may be reached at 630-789-8222 or jv@tbchq.com . By Jack Vonder-Heide