CIO of Raiffeisenbank Nikita Shvetsov – about transfer of key development to insourcing, loan the practician of Google and Facebook
For the last few years the number of IT specialists in Raiffeisenbank grew up approximately three times, having exceeded 1.5 thousand people. One of the reasons of expansion of the state - transfer to insourcing of all key development. For what Raiffeisenbank made it what difficulties it faced and as borrows engineering practicians of the leading technology companies in an interview of TAdviser Nikita Shvetsov, CIO of Raiffeisenbank told.
Nikita Valeryevich, good afternoon! There is a wish to begin with a conversation on your strategy of digital transformation. What it consists in what problems solves?
Nikita Shvetsov: We mean two big directions by the digital strategy of bank: digital-optimization of the existing processes and new digital business. In the first case we speak about digitalization of processes and manual work, and in the second - about new digital products. Also our strategy includes maintenance of new business models, for example, direct partner interaction through Open API.
What for Raiffeisenbank is meant by digital transformation?
Nikita Shvetsov: For us it is first of all the best client experience which we provide including due to process automation. We automate the existing business, we use new technologies – we implement and we develop speech analytics, chat-bots, robotization of processes. In particular, we use RPA (robot process automation), technology which allow to automate accomplishment of the repeating monotonous work connected, for example, with filling of forms. We render digital services for business in the cities where we have no departments. The entrepreneur can open the account, receive the POS terminal and build the business, interacting with us far off.
It assumes that all user way now another, not such, as in the cities with the operating network of departments. People differently find information on our product, receive service, transfer the data to the bank representative, but at the same time their level is not lower than satisfaction, than with a classical format.
What happens in practice to development of digital transformation? What does she look like?
Nikita Shvetsov: To create digital products, the new organization structure is necessary. We created cross-functional teams which head Product Owners, or owners of products. These commands include all necessary roles for creation of a product: both business experts, and IT specialists.
That such structure earned, it is necessary to change a lot of things. Earlier the model looked approximately so: from business requirements came to IT, they got to the analyst, he in detail studied them, search of the external contractor or even the ready-made solution began further. Now our IT strategy provides transfer to insourcing of all key development. Because of it in 2017-2018 the number of IT specialists in bank considerably grew up and now exceeds 1.5 thousand people.
Actually you refuse outsourcing. In what advantage of such model?
Nikita Shvetsov: Nobody foreknows how to make guaranteed successful product whether it "will shoot" in the market. It is impossible to formulate from the very beginning requirements, then year them to implement, and at the exit to receive a product bomb. So it does not work. The only effective approach - it is consecutive, small steps to try, to put on the market, to look at reaction, to receive a feedback and to iteratsionno develop a product.
To build iterative approach, the small command which can quickly prototipirovat future product and test a prototype on potential consumers is necessary. In such command developers see result at once, can estimate influence of the work on business indicators, on metrics and a funnel of sales. It is powerful motivation for a command as developers want to see and know that people use their product and it brings someone benefit.
When using outsourcing it is impossible to reach the same flexibility and speed of development. Besides, in the organization knowledge of how the product works does not form.
What else your IT strategy has features?
Nikita Shvetsov: The most important is the choice of approach, optimal for us, to team work, a framework for scaling of commands. To scale Agile-approach on all organization, we consciously selected Large Scale Scrum (Scrum framework applied to a set of the commands working jointly on one product.). Implementation of this approach was our main task in 2019. It is not enough to change organizational structure and just to replace people between commands, it is necessary to rebuild processes of their interaction. It requires a lot of time and forces, especially taking into account that nobody usually loves changes.
In the structure of IT we selected four big domains: retail business, corporate business, finance and risks and also operations. Each domain has CTO (Chief Technical Officer) which defines the most effective technology strategy for the business direction. It includes management of services and products for each separate directorate.
The following item of strategy – implementation modern engineering the practician. And here we are guided by the top technology companies - Google, Facebook, Yandex. For example, one general platform is the cornerstone of several retail products. And for development acceleration it is important to us to give the chance to several product commands and to independently finish the platform, without ordering and without waiting for completions from the selected command. It is that internal open source or inner source when culture and development approaches of the open source software are applied within one big organization is called.
If earlier the developer did a separate component and demanded that nobody touched its code, then now we implement such engineering practicians for team work at whom there is a continuous integration (continuous integration), practice of development when the source code of several development teams is stored in the general repository and any change in the code causes automatic assembly and check by means of autotests.
As a result, if new editing "breaks" assembly, then such editing can be identified and corrected as fast as possible. Ideally in development process the command always has a ready assembly which can be put in produktiv. Such approach, obviously, incurs additional costs on infrastructure and on writing of autotests which in itself do not bear business value. Therefore it is heavy to explain from time to time to business why it is necessary. Understanding comes, but not at once. Tell that we for all products already constructed this process, I cannot, but in process of implementation the quantity and speed of releases will increase.
What changes with your arrival happened in structure and a command of the IT block?
Nikita Shvetsov: In November, 2018 we announced changes in an organization structure of IT. Now it is array structure. Developers, analysts, testers are in one division, but work everyone on a product in the command. There are product and service commands. Those which work on a product belong to product, one of the main attributes of which in Scrum – capability independently to make profit. Those commands which work on an internal process or the system of bank are service. And that, and other commands the purposes are set at the level of board.
In bank there are also communities on interests. For example, if developers write in Java, then they consist in the corresponding Java community. It helps them to develop professionally.
In addition to developers, analysts and testers, members of product and service commands are also Product Owner, Technical Lead and the Scrum-master. Product Owner - not the chief, but the business leader. The role of Product Owner is in explaining to a command what we do why it is necessary for the market and to prioritize tasks. All command has general product business objectives. All are responsible for result, and the command bonus is received by all, and not just the head. It motivates people to work for result.
I will note that a bonus system in bank changed a little. The bonus is defined depending on accomplishment of the purpose at the end of year now. Other new moment, important for commands, – the fact that their participants make the decision on an exception of this or that employee now. Not at once, of course, and after consecutive non-performance of the undertaken tasks by it.
The following big change – evolution of process of support of services of bank. Historically banks adhere to schemes at which the IT block ideologically is divided into two commands: development (change the bank) and maintenance (run the bank). The first creates new products, and then "gives them on support". The maintenance command, in turn, to minimize the risks, prepares huge regulations on the basis of which it accepts new products on support. It was a certain additional fence which needed to be passed to release the new version in production.
We changed this approach: the division of support of applications was defunct, the most part of employees of this division – the people who were engaged directly in support of applications were included in product commands: now the same groups which develop a product, are responsible also for its support. This significant change. The code can cease to work at night or, let us assume, in New year. If commands are interested in that they did not pull at their night, they write such code and so test it that it did not occur. But, of course, for mission critical of systems there is still a selected command which is in office 24x7.
The rest of employees of support of applications was sent to again formed division focused on work with platforms. Other employees passed into division of Technology Engineering.
Whether the command with your arrival was strongly updated? Whether other employees from Kaspersky Lab passed together with you?
Nikita Shvetsov: IT roles - and a part of people is in business - in bank more than 1500 people. This digit – result of triple growth for 2017-2018. Such significant growth in a command is connected with development of a huge number of products: the products only seen for clients about 20, and all in bank several tens of product commands.
Among IT specialists there are natives of Kaspersky, but to tell that there was a mass transition from this company, it is impossible. In bank there is a rule: any position of any level is open for the acting employees, and any can try the hand. Nearly 20% of vacancies last year are closed by internal candidates.
If to speak about new roles, four positions of CTO – for each direction of bank were formed. The specifics of the different directions of business required assignment to each of them of own CTO. Besides, the new infrastructure command for work with reference platforms was created. In particular, it is connected with those projects which, usually, require efforts of several commands, but not one. Also such new positions as Community lead and Senior community lead were created. These are people who create, administer and develop professional communities in bank.
Whether you continue a course of your predecessor, Andrey Popov, on transfer of product development to Agile? What exchanged since the end of 2018?
Nikita Shvetsov: We continue to build the Agile-organization. Now it occurs at qualitatively new level: it is not enough to do of it only at the level of IT. It was important to construct cross-functional teams led by Product Owner of business. What is already made? We selected approach, started everything, we see results - the amount of the implemented ideas grew many times. And it is told also by commands: on what it was required of half a year about one year earlier, now the command can implement itself in a month. There is a request for the high speed of changes.
You worked in Kaspersky Lab earlier. What competences and skills received in cybersecurity do you use during the work in bank?
Nikita Shvetsov: First of all, I make use of the experience on building of development process, engineering the practician. Why it is important? We want to employ from the market of the best innovators. Here we compete not only with banks. There is such industry stereotype that if you go to work to bank, be ready to bureaucracy and antediluvian technologies. Engineering practicians are necessary to us not only to move quicker, but also to involve strong developers. People do not want to work on old processes, do not want to use old technologies which do not increase their cost in the market.
Probably, not easy to select the amount of specific expenses on IT in the conditions of digital transformation. But, by your assessment, in 2019 these expenses grew or decreased?
Nikita Shvetsov: The cost level both on IT infrastructure, and considerably increased by people. And it will precisely continue to grow in 2020. We have more products, it is more than product commands. Together with them also the number of clients, and, so the amount of data which need to be processed and stored grows; the number of client transactions grows.
What your IT projects now the most resource-intensive?
Nikita Shvetsov: Perhaps, it is not obvious, but the biggest item of expenditure is salaries. At us not such high capital costs are only IT infrastructure. Most of all we put in people. Therefore the greatest resources are required for those projects in most of which of all people participate. Two key projects are mobile and the Internet banks for retail and for business, i.e. Raiffeisen Online and "Raiffeisen Business Online". These are two large commands which we call online channels. Commands are engaged in development and integration of a large number of products in online channels.
In the fall you announced reorganization of retail network. The saved money is going to be aimed at the development by IT. In what specifically projects them are going to be enclosed?
Nikita Shvetsov: We are focused on development of digital channels which make financial side of life of clients easier. In particular, voice analytics and chat-bots. For example, more and more clients prefer to communicate with bank through chats in mobile applications bank, in WhatsApp Telegram Viber, in Facebook-messenger. Even quicker to resolve issues of clients, we develop own chat-bot using machine learning based on real dialogs of operators.
What digital products do you consider flagman for Raiffeisenbank?
Nikita Shvetsov: We do not stake on one segment or on one product. In retail we actively develop our main online channel - mobile and Raiffeisen Online Internet bank in which all products are available. 80% of our clients use it, and this share grows. For small and large business there is a set of digital products: trade financing, online factoring, leasing, acquiring and another.
How do you estimate the level of digitalization of Raiffeisenbank?
Nikita Shvetsov: The high level of digitalization, in my opinion, is characteristic of Raiffeisenbank. And to it there are proofs. For example, our mobile bank is used by 80% of users, and this share grows. For small and large business there is a set of digital products: trade financing, online factoring, leasing, acquiring and another. However in bank and its products there are many opportunities for improvement and automation. In particular, the existing services can work even quicker and have even more options.
For 2019 the average client of Raiffeisenbank 60% more often began to use online channels and 30% less often to go to departments. Tell what it is connected with? With considerable improvement of quality of your online channels or something other?
Nikita Shvetsov: First, with improvement of functionality of mobile bank. Secondly, with the growing functionality and convenience of mobile devices. Thirdly, with increase in speed of mobile communication and availability of the mobile Internet. The ecosystem of the products in a varying degree connected with mobile bank had a certain impact.
The speech about payment services and in general about payment infrastructure. A role was also played by the System of fast payments.
Now more and more popular is a subject financial technical. Tell, please, about such solutions which are most effectively applied in bank.
Nikita Shvetsov: The bank actively cooperates both with the big and known financial technical-companies, and with startups within the program for work with innovations. The program is aimed at fast check of hypotheses and exists in bank since 2016. So, the bank pilots a set of solutions and services. Generally they concern chat-bots, voice analytics, sensing technologies and some other. About 20% of all piloted solutions annually get in produktiv.
In 2018 Raiffeisenbank had at least three serious failures very noticeable for users. After them measures were taken to increase reliability of systems. But at the end of May, 2019 there was again a noticeable failure which affected transactions in outlets and in ATMs. Because of what it happened? What systems of Raiffeisenbank require improvement that similar situations repeated less often?
Nikita Shvetsov: All failures had different character. In other words, the failure which took place in 2019 are not repetition of incidents of 2018. I will explain. In April, 2018 failure was connected with network infrastructure. In May, 2019 we faced unavailability of services within 20 minutes. We consider unavailability of service to the client as a serious incident. We sort all such cases in parts, we analyze that occurred. We establish the root reasons and we exclude a factor which led to failure - it allows to avoid repetition of a problem. Our services should be available in 99.99% of cases, and it is important to achieve this quality level from the engineering point of view.
We have several data centers to provide reliability. But it is not enough to have fault tolerance at the hardware level. It is necessary to build design of services that they could migrate automatically between data centers. Also always an important role is played by a human factor. We improve procedures that processes depended on people less - that a part of processes was started automatically. Unfortunately, iron can break, the developer can make a mistake, at the critical moments people are mistaken - and these are factors which we consider at creation of failsafe services.
What main calls for information security do you see now and how to resist to them?
Nikita Shvetsov: In my opinion, the main call, and not only for banks, but for any big organization, is that ideology "we will go marketing and we will select the best tools for protection" does not work any more. It is impossible just to pass on the check sheet, to select an antivirus and the firewall and to be in perfect security. To ensure safety of the big organization, the correct processes and people are necessary. And it is possible to call search of the corresponding IT specialists a call in information security field for the big organizations. As well as in development, it is difficult to attract and hold these experts in the field of security within one organization. Besides, in the market there are not enough specialists able to write the safe code and to train in it a large number of commands.
As we have very big IT infrastructure and a set of external services which interact with the user, our first priority - to train a command to write the safe code. We cannot in each command employ the selected specialist with experience in information security.
The second big direction - directly protection of infrastructure. And here we apply the best practices on creation of Security Operation Center (SOC), a command which quickly analyzes events, selects real incidents and fulfills them. According to the statistics on average, in the world at the companies 220 days leave to understand that there was cracking. If the company can trace it in minutes or even if hours, it is excellent result.
The third direction is a counteraction to fraud. Especially it is important in connection with the increased number of incidents using social engineering. It is possible to increase quantity of questions for identification of the client at a call to bank or to apply other measures, but any such innovation can give to users an inconvenience. As in case of products and services, we do the main rate on use of modern technologies, for example, of machine learning to find balance between security and convenience to the client.