Transformation is no longer only about growth & efficiency. It involves aspects like compliance, security and explainability that are impacting NBFCs. These issues are explored in this panel at NBFC’s Tomorrow:
Panelists
- Arjun Krishna, Senior Solutions Architect, GitLab
- Vishal Nagadiya, Head – IT, Western Capital Advisors
- Himanshu Rastogi, Head – Analytics, Edelweiss Retail Finance
- Vaibhav Tambe, Founder, TransBnk (Moderator)
Vaibhav: Technology teams are the most pivotal part in most of the NBFCs. How exactly has this role has evolved over last 3-4 years, especially in analytics and customer services?
Himanshu: The role of data has been pivotal in today’s era. The role of customer analytics especially in NBFCs, you have 3-4 main axes where you see the change. First, you can use it for customer profiling and determine the level of risk. From there, you can have quite a few use cases, such as what kind of loan amount to offer the customer, what kind of services, etc. Starting with the least risky, the organization may want to take more exposure to that customer. You want his/her experience to be very good so that the customer stays with you.
The second is real-time fraud analytics. When the customer is making a transaction, you identify at real-time whether this transaction is genuine or not. A lot of companies are employing AI tools to detect such fraud.
Vishal: Every aspect of doing business has changed, including technology. We have identified how we can track the fraud cases, how we can analyze the information better. At the end of the day, what remains constant is customer service at the end of the day, providing the right, best experience to the customer. To give an example, initially, everybody started moving to cloud, to one single cloud environment. And then the technology evolved and we moved to multi-cloud environment, a hybrid environment, with some on the cloud, multi-cloud situation and some on-prem, just to ensure that the business keeps on running. At the end of the day, the fundamental principle is to be risk averse. Another example – initially, identity management was just login, username and password, but now things have changed, we have single sign-on ZTNA, etc.
Arjun: Fundamentally companies want to be able to change quickly. So, building new features, making changes, adapting to the market is something everyone’s trying to do and they want to do it quick. To enable that, they also want to make sure any change they make is safe, secure, and not making them more vulnerable. So, AI, speed of development and security are 3 things which are core focus areas which we keep coming across.
Vaibhav: Earlier, the underwriting was done by the CRO or the risk team. Now the tech team is doing underwriting. So how do you trust these ecosystems of vendors or data service providers?
Himanshu: Data is bread and butter of analytics. It’s a raw material that you put in to get the final output. There are different ways to collect data and we want to do it ethically and in a transparent way. If a customer comes for a loan, we’ll have to take consent of the customer – that is one of the ways that we kind of underwrite the customer. We have different data sources. GST, of course, from 2017 has become a very important data resource for us. Some companies also do social profiling.
Vaibhav: The earlier monolithic architecture is now moving to microservices architecture. How do you see that happening?
Vishal: Digital transformation in an NBFC can be divided into 2 categories – either it’s a greenfield project, or transformation/migration from a legacy system to a new system. I’ve got an opportunity to work in both the kind of scenarios. It’s a different ballgame altogether. What also matters is what kind of customers you’re trying to service. For customers in tier 1 cities, 100% digital transformation really makes sense. But customers in tier 3 & 4 environments are not so tech savvy. So, the technology architecture will actually be defined by that. We also need to ensure scalability. The newer technologies have to ensure that they talk to other systems. When it comes to migrating, there are times that we are not able to solve that as well. So, architects also need to involve other solutions in place as well, like a middleware system, which can have an API architecture while at the same time talk to legacy systems.
In a microservices architecture, everything is API driven. We need to ensure that even the API is secure at the transaction level, at the user access level, etc. We also need to ensure that the systems are compliant as per the RBI regulations.
Vaibhav: Global tools or certifications – how crucial and cost effective are they?
Arjun: We need something as a guideline to work towards. Without them, then we would not know where to go and everyone would create their own. However, when you start to create a generic form and put that as a blanket over everyone, it could be a bit cumbersome. Some customers look at the guidelines and then modify them for themselves, depending on regulatory compliance, cost, etc. We need reusable frameworks because standards keep changing. So, we encourage customers to contribute to open source, contribute to common standards for maintaining these things so it’s easier and you’re not reinventing the wheel every time.
Vaibhav: What about the cost angle?
Arjun: Historically the cost of implementing has always been a challenge. By the time you start implementing something, there’s changes and then you need to start working on it again. We as technology vendors are trying to bring that cost down by not having customers reinvent the wheel every single time. And I think it’s going down.
Vaibhav: What about the customer experience – how to keep it intact and avoid surprises?
Himanshu: From analytics point of view, customer experience is the focus for most companies now. First of all, through analytics we have to see whether the customer is deserving or not. If the customer is deserving, we want to make their process as seamless as possible. If a customer is deserving, probably he should get a loan in his account with just 5-6 click. That is what the desired state could be. Of course, we’ll want to keep the customer informed at all times what is the state of the application. For example, if he’s applying for a loan, if he is rejected, if he is sanctioned, when the money is deposited into account, etc.
So, from analytics point of view, we have to decide exactly what information the customer is interested in. That is what needs to be shown to the customer and nothing else.
Vaibhav: The most important part to which this is central to the core is the risk management. Do you look at some of the existing established tools or do you want to create your own model to take care of the risks?
Vishal: Risk management fundamentally remains the same, even though technology has evolved with the use of AI ML. But at the end of the day, technology should bring in greater transparency and interoperability. With AI, one of the most used words is explainability, ie the model should be able to explain how the information has been processed. Also what matters is every data point that we are able to collect or process, there needs to be a trail for it. The source of truth has to be available. We should be able to trace it to the right source of truth, which means that there has to be an audit log. So even as we evolve, when we choose the latest technology, we should mitigate both the internal as well as external risks.
Fraud risk mitigation should be at the level of KYC as well. At the same time, we should also do my risk prevention while underwriting. So the systems needs to ensure that the bias is taken care of.
Along with that, security is also one point of risk. So when we are exposing the systems to multiple systems integration, we need to ensure that our policies and processes are set in such a way that our risk is contained.
Vaibhav: Sometimes regulators force you to implement something ASAP, sometimes the timelines are crazy. How do you think the support ecosystem or the support platforms, like ours or any other platforms, enables or helps the lenders or NBFCs to cope with these scenarios?
Arjun: The time from ideation to delivery has shortened. Also, the amount of change you’re bringing about in that particular release is getting smaller. So we believe in the concept of iterate, iterate and iterate, which is put out the smallest minimal viable feature out there, and do it quick. Go from releasing once a month to once a day to several times a day. For that, you need automation in place. If you have a lot of manual processes, this will not happen in minutes. So, we enable technology to be able to make changes really quick.
Another assistant to make changes quick is of course, AI. But are we sure where AI got that data from? Are we using someone else’s code? Are there licenses, is there security vulnerabilities which we’ve introduced without even realizing it? It’s an important consideration as we try to go quick.
Vaibhav: What is the role of AI actually in this?
Himanshu: So, 50-60% of the investments in technology platforms is into AI. These AI systems need to be governed from the compliance perspective. especially on data side with respect to customer consent.
Recent Articles:
NBFCs: Elevating Organizational IQ
