Sometimes it seems the financial services industry operates on a completely different plane to everything else – expanding IT while elsewhere it’s contracting, paying bonuses when staff numbers are being slashed everywhere else and navel gazing when the real world is out chasing customers.

The next few years promise masses of IT activity in financial services, while in the rest of the world IT investment will, at best, be flat. Some exciting stuff is happening in financial services but let us look at the dull but worthy stuff first.

Shock or awe

Security. Some media like to exaggerate threats to life and limb, look at the current tizzy about bird flu. But this time the media could be accused of underplaying threats, according to Martha Bennett, research director, financial services Europe for Forrester Research. “It is not press hype. The security threat to online finance is changing and getting nastier,” she says. She also sees a big management problem. “Financial institutions need to tread a fine line between panicking customers and achieving investment through securing the customers. Banks need a new approach to customer security as consumers are already evaluating firms through their visible security and privacy protections.”

So they must tighten security but at the same time not scare away online users – who banks love because of the minuscule cost of their transactions. Most current username and password combinations are security risks, says Bennett, so customer authentication is a must. Banks should review and update phishing, online fraud and identity theft defences. They need to look carefully at business processes, for example, sending marketing emails and asking customers to click on links, or using online processes that can be easily cloned.

Banks will also need to control their own security by monitoring their websites through user profiling and protect assets by monitoring transactions. So City CIOs will be busy, and although this is navel gazing of a sort, without it the financial institutions are going to find life much tougher.

Applications renewal. Forrester Research reckons that European banks will spend 100 billion euros on renewing their application landscape over the next 10 years. That is a lot of work and money for IT and services vendors over that time. But banks have little choice if they want to keep up in the market. If you wanted to be really picky you could argue this is looking inward again but actually, the need to provide services for their customers is behind this. Forrester thinks financial institutions will renew applications out of existing budgets, so operating costs will continue to go down but it will still keep development teams mighty busy.

Innovation. The really big news for CIOs at financial institutions is that they will finally have a chance to be at the forefront of innovation and delivering business value, rather than being held back by tedious things like regulatory compliance, security and infrastructure.

Licensed to thrill

At a recent financial forum hosted by Forrester Research, European bankers were told that customers do not think much of their services. True, over 60 per cent of their customers said they were satisfied with their banks and only four per cent were thinking of changing their current accounts – but this is only because their customers’ expectations are so low and their apathy so high. They can’t be bothered to move their current accounts, but high value products like personal loans, investment funds and mortgages are different and customers are far more likely to shop around. Banks are going to have to start working a bit harder to get and keep their business.

Forrester calls this customer advocacy – where the perception is that the bank does what is best for its’ customers, rather than the bottom-line. At present less than a quarter of European banking customers believe this. This is where the CIO can really make a difference. Technology can offer stronger profiling, better sales tools, tighter channel integration and can build online banking to way beyond transaction processing. They will be really busy and having lots more fun than when they were doing regulatory compliance, infrastructure and boring old security.