As multichannel banking climbs the agenda, financial institutions must ensure their IT infrastructure is up to the task. Massimo Milanta, managing director of UniCredit Global Information Services, explains how the bank is reconfiguring its IT platforms to log services, create efficiencies and ensure compliance in a rapidly evolving environment.
Future Banking: What are the urgent issues you're facing regarding data centre management at UniCredit?
Massimo Milanta: We have a complex environment to manage. We have six large data centres - two in Munich, two in Verona and two in Vienna - which form the core of our solution for Western countries.
Firstly, one major point of focus is moving towards a cloud transformation. We would like to standardise the kind of environment and services offered by the data centre so that we can save time and costs.
Secondly, we are focusing on setting up what we call 'virtual segregated data centres', which are a set of homogenous applications that are segregated at the centre. Through limiting the interconnections, we can reduce the chain effect of problems spreading between applications.
The third main trend we are investigating is the utilisation of system logs. These tell us about the quality of the services we are providing and help us estimate the business volume. In case of a sudden drop in business, when compared with historical trends, we can deduce that we have an issue even before the client tells us.
What innovations in technology enable you to control the vast amount of information you have on your customers?
We are just starting to experiment with using the big data technologies; for example, we are using a new type of semantic engine that can extract and categorise information that is by nature unstructured. This helps us collect information about the navigation of our users in our system.
Obviously, we continue to use structural database systems, including some of the newest database machines and appliances.
How do you ensure the highest standards of security to give your customers peace of mind?
In the last two years, we have created a new department, IT security, which is separate from IT infrastructure - historically, the two worked together. We implemented this change in order to give a better focus on information security, which is becoming a primary interest for the bank. We have experts that perform a penetration test on our system to see how susceptible we are to potential threats.
Three years ago, we were more easily penetrated than today, just because we knew less about security. We are also working a lot in defending our clients against the threats of internet banking. We believe the biggest threat is by malware in the client's PC, which wants to steal their password and operate in their place.
We have set up a heuristic understanding of the predictable behaviour of such engines - when we detect a pattern that is strange or repetitive, it stops the money transfer and we contact the client directly. In this way, we have anticipated a number of frauds and I think we are one of the best practices at this in Italy, where our losses are very marginal.
How is social media creating unprecedented challenges in terms of data management?
Social media is creating large quantities of data, which we are just now starting to analyse. We expect to collect a large amount of data, which we will configure using a semantic engine. This will have the task of passing through the text, identifying common patterns, so that information can be extracted.
What initiatives do you have in place, or are implementing, in terms of green data centre management and minimising energy consumption?
We have a continuous focus on green data centre management because we are committed to cost reduction; for example, we built one data centre in Munich with practically free cooling - we use the cold water from a nearby channel, which allows us to keep the data centre at the right temperature for most of the year.
We are reducing waste in the branches in the offices by automating the way that we shut down the workstations. We are also launching a vast programme to eliminate waste paper in our offices. This will involve revising the main processes in the bank, end to end, so that they are completely digital.
Overall, what do you see as the key IT challenges facing large financial institutions?
One of the major challenges of a large organisation like ours is to manage the complexity of our IT system. With more than a million components in our hardware infrastructure, it is so complex to manage our network that changing something is always a difficult process.
In order to address this issue, we are trying to separate our system into logical independent subenvironments, or to divide complexity into more manageable pieces; for example, by the end of the year, we plan to have our investment banking subsystem completely separated from the rest of the system, so that it's not affected by changes in the commercial banking system.
What are the leading causes of downtime, data loss and hardware damage, and how does your bank guard against them?
I don't remember having data loss. We have some downtime for sure, and there are two primary causes. One is hardware failure, which is inevitable - we have a lot of components, so it's normal to have failures every day. Usually these are solved immediately and the impact is negligible due to redundancies in the architecture, otherwise we provide a very flexible and fast escalation process in order to stop an emergency.
Often, the problems are due to changes in the application environment and infrastructure. Changes are part of life, but we put them under strict control. Every change has to be rated in terms of its potential impact on production, and the most effective changes are under scrutiny. This requires effort and bureaucracy, but these processes are inevitable in an organisation as large as ours.
How does IT in a huge financial institution like UniCredit cope with the ever-increasing demands of burgeoning bank regulations?
Let's say that we cope by investing a lot of money. This year, the regulatory agreement project constitutes more than 30% of our global investment.
Last year, we upgraded our email system in order to collect emails for 30 months, because this was requested by a regulator. We also have two big projects underway.
The first is putting in place an infrastructure for internal controls, which monitors the data on our system to check its compliance with regulation. When there is a control that is not fulfilled, the problem is automatically escalated and logged so it can have a resolution plan. This is quite a vast implementation, because it affects all the banks in the group.
The other big project is counterparty credit risk, which allows us to better mitigate the risk of the counterparty in the market transaction. This is necessary due to the new regulation in risk management, and it requires the utilisation of sophisticated algorithms for predicting the value of the risk of transactions.
What factors are most important to your clients?
We have two aspects that we believe are becoming more important to our clients. One is quality - clients are accepting fewer problems and delays, so we are becoming much more predictable. We are improving our ability to plan projects and provide a very predictable service level agreement introduction.
The second trend is cost transparency. In the past, it wasn't always so clear what clients were paying, and the nature of business drivers leading to these costs. Now, however, we are aiming to provide our clients with a better understanding of what they pay for each service.