How banks can react to big tech’s entry into financial services

This blog post continues the conversation we started in an earlier post about “grey swans”—low-likelihood, high-structural-impact events like extreme geopolitical turbulence, and major cyber-attacks. Here we talk about how banks might think about a potential massive advance of big tech players (e.g., Google, Amazon, Tencent, as well as their more local equivalents) into financial services.

Banks have been under pressure from these firms for some time. However, there’s a strong chance that this pressure will intensify as big tech firms increasingly leverage their strong consumer franchises and digital expertise to compete with banks. Here we consider the strategies and tactics open to banks, and how they might emerge stronger and more profitable from the big tech incursion.

Big techs have not yet taken significant market share outside China in financial services, and tend to avoid regulated markets; and when they do look to enter banking, they usually start by partnering with banks.

But big tech firms are making headway in ways that might not be measurable in terms of traditional market share. Consider big tech’s approach as disintermediation rather than direct entry into the regulated domain of financial services, or of their focus on the most capital-light and digitizable areas of business that are closest to their core. Take Amazon’s foray into small business lending, Apple’s entry into payments and consumer finance, or Facebook’s announced launch of Libra, a cryptocurrency.

It is imperative that banks respond to this potential now, as once big tech firms achieve scale it will become near impossible to compete on price, or with their ability to offer a distinctive client experience that builds consumer loyalty and trust. Ultimately, if not resisted, the tech attack will destroy the financial services industry’s margins—by taking some themselves and returning the rest to consumers.

So how to react? Banks can use a 2x2 matrix (Exhibit) to structure possible responses depending on the likelihood of required action and its incremental cost.


No brainers are actions that are necessary but do not incur significant incremental costs. Banks should make a detailed scenario analysis—establishing the value at risk, understanding the motivations and capabilities of potential attackers (both global and domestic), and positing potential strategies for a counter-attack. An effective tool here is a “black hat” strategy exercise that helps banks understand what an attacking player would do; or traditional war-gaming. Banks should also consider engaging with regulators early on, and educating their board members about the threat so that they are prepared for possibly radical and costly action. They should also closely monitor the market for emerging “star” companies in their target client segments and track partnerships that other financial firms are pursuing. 

Banks should also continue to forge ahead with the efforts they are—or should be—making to stay ahead of the competition. For example, digitizing processes to ensure a great customer experience and to keep costs down will also reinforce a bank’s defences at the most common attack points for tech firms. The same goes for advances in digital marketing, which reduce the cost of acquisition and improve consumer engagement. Banks should also continue to work on building customer loyalty through loyalty programs and explore how to turn their local presence and customer-specific knowledge into bulwarks against tech incursion.

Insurance policies are actions with relatively low incremental costs that address risks with small but non-zero probability of occurrence. They can be thought of as ways to future-proof the business.

Raising barriers is an example. Monoline financial services firms should consider diversifying into adjacent financial businesses—these areas don’t have to be profitable for the banks if they address a broader set of customer needs; for example, expanding from consumer finance to retail banking. By bundling products in a simple, transparent way, banks can make an attacker’s niche proposition look inferior. Banks with a narrow product set may need to find new partners to make this tactic work, expanding to, say, insurance or wealth management, or adding features like analytics, personal financial management, or peer-to-peer payments. Banks should also consider experimenting with new technology; for example, advanced payments schemes.

Another way to secure a stronger position in the market is through pre-emptive partnerships; for example, teaming up with local players (e.g., to share data to the extent permitted by regulation), with government (e.g., to provide payments infrastructure), or with large e-commerce players (e.g., to provide point-of-sale lending or joint loyalty programs). Making such partnerships work at scale would likely require the skill to build APIs related to some of the bank’s core functions, and having a dedicated partnership unit/venture fund.

A proactive regulatory stance also fits with this strategy. Regulators are interested in supporting a healthy, profitable, banking sector. Issues to address in this context could include: how opening banking to big tech might impact industry profitability in the long term; what kind of regulatory framework would ensure a sustainable competitive landscape (e.g., degree of open banking; requirements for data protection and on-shore data storage).

Big pre-emptive bets are the most important of the higher-cost actions, but success can be elusive. For a bank, the most critical decision is whether and how to significantly raise up your local game in payments, focussing on value-added services to merchants, and pushing hard to deliver new technology in payments, such as biometrics. Moves of this kind are costly, but could secure access for a bank to a unique and valuable set of customer data. Banks could also enter the data management space, as Australia’s Data Republic did by building an industry-wide data aggregation infrastructure. Or banks could focus on a client-data-protection agenda; in this latter case, banks can justifiably claim superior capabilities than their tech counterparts. 

Another type of a big bet would be to build an ecosystem—either focusing narrowly (like Hungary’s OTP in B2B and real estate) or pursuing a multitude of directions, like Ping An and Sberbank. Or simply scale linkups with tech companies themselves. For example, tech firms often lack non-digital distribution. In addition to risk management capabilities and a balance sheet, a bank can provide the physical network to complement an attacker’s digital channels, as well as contributing knowledge of local markets and customers. These capabilities are valuable to tech firms, for client onboarding, customer engagement, troubleshooting, and logistics. Consider Amazon’s venture into physical retail in India.

Finally, Plan Bs are actions banks should consider to deal with “nuclear scenarios”—only to be used as last resorts. Here’s one: temporarily slashing margins to the point where an attacker is dissuaded by the potential cost of investment. If a bank drops fees on payments to close to zero, it will be very difficult to create incentives for merchants to switch to a different provider. Banks can supplement this move with a carrot-and-stick approach—offering generous rewards, or disincentives, to prevent clients switching to new entrants. Other Plan B options could include:

  • Becoming the back-office of choice for the tech entrants into financial space—which would require a distinctive cost position; risk, cyber-security and operational capabilities; and a superior technological infrastructure
  • Building a digital bank adjacent to the main franchise that would match the customer experience and positioning of tech attackers; the risk of cannibalization may be outweighed by the overall defence of market share.

Size is a clear advantage in all four scenarios. Players with dominant market shares can invest to keep up with techs’ innovation, and have a better chance of fending off attack, especially where regulators provide something of a barrier to entry. Medium-size players have some options; they may be able to build a niche offering, or partner with tech giants. It is the smaller players who are most exposed. From the shareholder perspective, divesting such an asset—especially in challenged markets—might be the right strategy. If market exit is out of question, smaller banks can mount defences based on local knowledge, or try to grow their client base through partnerships. But in the longer run their prospects are grim.

For banks of all sizes, the first imperative is to understand the threat of big tech incursion, and the new competitive landscape, build an objective assessment of your own capabilities and market strengths, and develop a plan of response. It is important for banks to take action on all these fronts if they wish to maintain their position in the face of a big tech move into financial services.