by John Gallant

Bank of America CIO Says Simplification and Risk Reduction Are Keys to IT Success

Jan 10, 201317 mins
CIOFinancial Services IndustryIT Leadership

Bank of America's Catherine Bessant talks about the advantages, and challenges, of being a non-technologist leading IT. She looks at the lessons she's learned from navigating the company's super-sized acquisitions. Bessant also talks about her team's bold plan to simplify dramatically the IT environment while reducing risk through design, aggressive training and more.

Catherine Bessant’s journey to the CIO role at Bank of America wasn’t your standard ascent through the ranks of IT. Bessant, now Global Technology and Operations Executive, leads a team of more than 100,000 employees and contractors who handle all technology and operations for the giant financial institution. But prior to tackling IT, Bessant was president of Global Corporate Banking, Global Treasury Services and the Global Product Solutions groups. She’s also served as chief marketing officer for the bank.

Catherin Bessant, CIO Bank of America

In this installment of the IDG Enterprise CIO Interview Series, Bessant spoke with IDG Enterprise’s Chief Content Officer John Gallant about the advantages–and challenges–of being a non-technologist leading IT. She also discusses the lessons she’s learned from navigating Bank of America’s super-sized acquisitions.

In addition, the oft-honored Bessant talkedmabout her team’s bold plan to simplify dramatically the IT environment and its goal to reduce risk through design, aggressive training and more. A lover of Shakespeare, Bessant also explains what lessons the Bard holds for IT leaders everywhere.

“To business that we love we rise betime and go to it with delight.”

William Shakespeare, “Anthony and Cleopatra”

Q: The last couple of years have been really tough for the banking industry, and I think people would be fascinated to know what, as CIO, was your role and strategy to help Bank of America through this challenging period?

A: Through any challenging period like this it takes several fundamentals. It takes great data, so that companies working through challenges can make good decisions. I hate the term “big data” so I’m not going to use it. But in any time of challenge, it is the CIO’s job to make sure that no stone is left unturned in terms of the quality of data and the comprehensiveness of data, and its usefulness in the firm.

The second thing that is very important, from a platform perspective, is not to compound the challenges. The availability of our critical applications, the quality of how we face off in the marketplace, what happens when our customers and clients interact with the firm–it’s our job in IT to make sure that our platform performance inspires confidence versus adds to the challenge. The third thing that’s most fundamental is being good at rapid-cycle development–to meet changing regulatory requirements, to really be facile and to rapidly respond to new needs.

Q: Let’s drill down into that. What were some of the top priorities for your team?

A: Over the last three years, we’ve been focused on some fundamental things. First, we’ve been focused on making sure the capabilities we deliver every day line up to the growth strategies of our businesses. We’ve had a stated strategy of integrating our capabilities so that in every customer or client moment, we’ve got the opportunity to present the full company to the customer or client, and to develop and deliver a full range of solutions. We’ve been very focused on ensuring that our IT work is a true enabler of the business growth strategy, because in a time of challenge you still have to produce revenue and you still have to produce net income.

Second, we’ve been very focused on simplifying the foundation of our IT and operating platforms, so reducing duplicative applications, ensuring that storage, compute time, every element of what it takes to actually produce an outcome, are as efficient and simple as possible. And those are two things in a challenged time that help produce bottom line [results], because they cut cost. But more importantly, it drives the other things that we’re talking about. If you have to do rapid-cycle development and you only have to change one platform versus three that do the same thing, you’re that much further ahead of the game. Simplification has been, almost like Ahab to the whale, a very intense focus, because it’s core to delivering platform performance and rapid-cycle development.

And then, reduction of risk overall. There are a lot of IT functions that carry certain operational risk, and ensuring that we do not add to the risk profile, but rather reduce the risk profile of the firm, has been a huge part of the emphasis.

Q: You’ve been quoted as saying you are “freakishly focused on simplification.” What does it really entail to simplify? What’s the advice you have for other IT leaders on what it really means to simplify?

A: What makes simplification talk actually turn into outcomes is that you have to be as focused on decommissioning as you are on creating new things. It is very tempting to create, and leave decommissioning to the next guy or the next girl or the next budget.

The second thing is ensuring that the entire management team at the CEO and C-suite level understands that funding simplification, while it might not produce revenue directly, produces outcomes that do drive revenue, and so it’s worthy of investment. It has not come down to this in our firm, but on a simplistic basis, if it came down to funding the next iPhone banking app or the collapse of 22 collateral management systems into one, the management team have to be united that the focus for a period of time has to be collapsing the 22 collateral management systems to one.

It takes real unification across the management team. Now, you know from your research that we’ve done both. We’ve deployed a lot of mobile and other capabilities into the marketplace. But business leaders outside of the IT function have to be willing to stand up and say–simplification, if we don’t simplify, I actually can’t get to my long-term objectives. It takes that kind of unification.

It takes a unique type of technologist, because, let’s stick with the example. To get from 22 collateral management systems to one may not appear to be a glamorous technological challenge. Another example: We just received some patents for a system that we’ve developed to manage intraday risk. There aren’t very many headlines in any publication that will ever be mentioned about a system to manage intraday exposures. But it takes the kind of technologist who really understands that that’s what directed innovation is all about.

It isn’t always about creating the next decoder ring. It is about making the firm function in a world-class way. I’ve been very fortunate, and we’ve done it deliberately, to recruit talent who understand that simplifying the foundation, believe it or not, is exciting. But it is not everyone’s cup of tea, and it really takes the right kind of technology leadership, too.

Q: Can you give a broader perspective of the overall strategy toward risk mitigation and reducing risk?

A: The best answer to risk is brilliant design. When you have the opportunity for green field design, it’s important to make sure that it’s designed for risk mitigation; again, not always glamorous, but absolutely achievable and, in my view, very exciting. When you don’t have the opportunity for green field, so in other words you’ve got long-established systems, you must understand what you would do to design for risk reduction if you had a blank sheet of paper, understand the distance between where you are and where you want to get to, and then really have a plan with the right aggressiveness.

Because sticking to those strategies over time is not for the faint of heart at all. It takes guts, it takes deep understanding of both the business and IT, and it takes a bull-doggedness to say ‘no, we’re not going to be distracted by the feature of the day’. We understand where we have to get to in order to reduce risk. We’re going to fund that concurrently with funding the development of new capabilities. I’ve been really fortunate because the things that you have heard me or seen me say publicly are also things our CEO says. So we’ve been very fortunate as a company to have a management team that’s united around these things. I don’t know what it would be like to be a CIO in a chain that was not convinced about the importance of simplification.

Q: I know you also do some pretty aggressive training and boot camps and things around that. Can you talk a little bit about how that works?

A: Well, I like the concept of boot camp because it implies everything I actually mean for it to imply. It implies intensity. It implies focus. It implies coming in one way and leaving another way. And that’s really what we’ve been doing. Boot camp one was around reduction of risk and understanding of operational risks in both technology and operating capabilities. Boot camp two focused very much on process-by-process control plans, so that we know where our fundamental controls are–and I’m going to totally geek out on you now–where our compensating controls are. And then boot camp three will focus on some specific issues of the day, which would, of course, include things like business continuity and cybersecurity. We’ve performed extraordinarily well in times of business continuity tests, but we’ve certainly been tested by Hurricane Sandy, the tsunami and earthquakes in Japan, with the global footprint where we operate. So, boot camp three will be about managing specific risks of the day.

Q: One of the things that we know from our audiences is that it’s very challenging is dealing with acquisitions. You have been through some really big acquisitions. What have you learned and what’s the advice for IT people on how to manage that process and make it work as successfully as possible?

A: Getting through transitions, making tough decisions and executing them, does not get better with time. So a key to success is using appropriate speed in decision making and execution. Any company like ours, which has gone through a number of acquisitions, a lot of what we’re simplifying is work left undecided or undone in various transitions over 25 years.

The focus of every transition is making sure the companies that come together face off into the marketplace with customers and clients as a unified company. What can’t happen is that the back office be left to be figured out later or handled in a subsequent budget period, because that adds to complexity, that makes the challenge of future revenue and future profitability harder because there’s an embedded underinvestment in completing the transition.

The big learnings for me are–run through the fire, don’t walk through it, and make sure that the back office work does not get left undone, un-transitioned or unconsolidated.

Q: I have to go back to one point you made at the beginning. You said ‘I hate big data.’ That puts you in the minority these days, when everybody seems enamored of it. Why do you hate it?

A: Well, I hate the term. I love good data. I hate the term actually because it implies something monumental out of something that should be fundamental, and should be basic, which is the creation of accurate, timely data on a reliable basis. And then the use of that data, by smart people in a company, who can turn it into market advantage. That’s what we do in business.

Even when I was using a slide rule or, worse yet, when we were doing spreadsheets on corporate customers with Lotus Notes, what you’re still doing is producing data and using it to make decisions. So to call it big data and to think of it as something monumental or something that’s all going to be so ethereal we’ll have to look to the sky to see it, that isn’t what it is at all. It’s the most fundamental thing we do in business, which is drive decision making from fact.

Q: Makes sense. So you come from a non-tech background as a CIO. What are the advantages and disadvantages of coming up through a different part of the company?

A: The advantage that it brings is I understand what the businesses are after. And we’ve done a good job of building a team that also understands what the businesses are after, and that tech doesn’t exist in isolation. In fact, tech’s only job is to support the business of the company, whether that business is customers and clients or that business is brilliant risk or capital management. So being able to understand, not the intersection, but the unique relationship between the supporting function tech has to play, and what the businesses that drive the company have to do, has given me a real advantage.

The other thing is–and our CEO would describe this as translation–being able to learn the discipline of technology and marry that with knowing the discipline of business, gives anyone who’s sitting in my seat an opportunity to translate in all directions differently. Prioritization is really hard when a classically trained technologist describes a project one way and a business is looking for ‘what does it give me in market share or customer penetration, or how does it change my ability to compete’?

It’s very hard to get a process of prioritization or to figure out what work to take on or to have a long-term strategy. So that transition element is really important. The disadvantage is, day one, the classic technologists wonder what you’re doing in the chair. I have a way of describing it, which is–there are artists and there’s an art gallery, and what I have brought to our team is the ability to manage the art gallery, because it’s what I’ve done in the firm. I know about inventory and revenue and profitability and operating leverage and talent management and risk management and the other things we were talking about.

Actually, those things are essential to the technologists that are producing great technological outcomes. But there is a day one skepticism, and it takes a sincere and real desire, on the part of someone sitting where I’ve been sitting, to actually learn. It takes humility, frankly, to learn and not to bluster through it, and that’s been very helpful. In fact, our Chief Risk Officer recently said to me, you’re going to have to give it to me in non-tech terms. And I thought that was a real mark of a moment, really, in a lot of ways.

Q: Yeah. It’s a crossing over. By the way, your background in marketing. That’s really one of the critical intersections in business today, the CIO, CMO role intersecting in order to drive business opportunity, understand customer needs better. So you’re in an ideal position with that.

A: It has been such a help to me to have had that experience, even on the very rare occasions when we have a service disruption, to be able to work with our marketing and communications team with a knowledge of what they have to do to help protect the firm’s brand in that moment. That experience has really enabled me to be much better at my CIO role now.

Q: Let’s talk about the evolving role of the CIO. You’ve seen this from both working with CIOs and being a CIO. How do you see the role evolving? How does it need to change?

A: Increasingly there is no such thing as front, middle and back office. And oftentimes, and you’ve probably read something like this, what we’re selling, in some cases, is technology. We’re not selling a new service; it’s still the deposit taking or the processing of payments, but we’re selling a technologically advanced way to deliver that capability. There’s a real unification of customer capabilities in technology and driving market share and business outcomes, the role of the CIO has to change.

The integration level with the business has to be high. Technology cannot be a black box. I was just in a conversation with someone about data center strategy and he has nothing to do with technology and operations, but actually has a lot to do with the consumption of data and the creation of data, and therefore the creation of the requirement to move it and store it and use it. And in order for us to be efficient, he has to understand as much as I do what causes the consumption of data, and I have to understand as much as he does in order to help him drive the resiliency requirements he has, the retrievable requirements that he has. You just can’t separate the two anymore.

The CIO also has to play a role in setting business strategy and setting firm-wide strategy, because if for no other reason than technology and operating expenses are, in most firms, a very big component of the expense base. And as we look at a world of thin margins in a lot of sectors, understanding the role of what we do strategically and how it can bend the cost curve of a firm, in our firm, is very important. So I think that the role is changing dramatically.

Q: For 2013, what are some of the key things on the horizon for you and your team?

A: Well, we’ve got several things, actually, that we’re going to work on. Obviously, continuing to drive mobility, to really continue our simplification effort. We’ve reached the tipping point in our journey, but we’ve still got a ways to go. But mobility across all the platforms, integration of our customer capabilities, continuing to drive that simplification. What we’re doing is translating the general objective into some pretty bold goals.

Some goals around creating relational versus hierarchical data, to say that you should be able to go pick a cell, not pick a cell through five other cells. Setting some objectives around bold thinking–what would happen if we only input every piece of data once? So really, 2013 is more of the same, but with a bolder edge to it and with a more forward foot, more aggressive three to five-year perspective.

Q: It’s my understanding that you’re a bit of a Shakespeare buff. What has Mr. Will Shakespeare taught you about leadership and running the CIO function?

A: Wow, okay, that’s the first time I’ve ever been asked that question. The best paper I ever wrote on Shakespeare followed a trail of my view that the reason Shakespeare is an important author, is that his ideas are timeless and they use allegory to make a point that is in fact a timeless point. And oddly enough, I was just thinking about this when I told you we were really working on a more three to five-year forward view in the work that we’re doing.

In reality, there is no such thing as a three-year view. It’s a 30-year view. And we have to make three-year decisions with a 30-year view. And really trying to figure out what those timeless characteristics are of a great technology or operating organization, that’s what fires me up about my job. And building a system that is elastic enough and foundationally strong and nimble enough to last 30 years, that’s what it’s all about. Because a lot of the platforms that we use today were in existence 30 years ago, so it’s a fundamental fact that we’re making 30-year decisions.

And that’s the whole point about Shakespeare. Shakespeare’s lessons, every one of them, are timeless lessons, and how to hold focus to making timeless decisions and designing platforms that are not subject to timed obsolescence, which I believe is possible actually. I think that’s what it’s all about.

Follow everything from on Twitter @CIOonline, on Facebook, and on Google +.