Rise, created by Barclays, has organised a series of workshops to help Fintech start-ups understand how best to work with banks and other large enterprises in financial services. In this series of global interactive events, Barclays’ B2B experts have been guiding start-ups through the process of working with large financial institutions in an effort to make that easier – for both parties. In this article, three of those experts offer their advice to help start-ups engage with enterprises more effectively.
How Start-Ups can Engage with Banks
Mark Jannetta, Innovation Partner, Barclays Chief Technology Office, has a long history of working closely with FinTechs to help them navigate the challenges of working with corporates and execute rapidly on proof-of-concepts and experiments. He works with Barclays and external stakeholders to understand and define opportunities for the bank. Here are his three top pieces of advice for any start-up thinking of working with banks and other large financial services organisations.
1. Do your homework
Big banks and corporates are going to ask you questions about security and risk—it’s unavoidable. Corporations want to avoid working with companies that are going to adversely impact their business, whether that’s from a technology perspective or reputationally. So, it’s important to think not only what you do, but also how you do it. Barclays’ provides information that can help you familiarise yourself with the types of questions you’re likely to be asked. You don’t need to be an expert, but you need to show that you’ve done some homework.
2. Be persistent
Within any corporation, there can be multiple stakeholders, sign-offs and approvals. Be tenacious, follow up with your contact and stick with the process. If you don’t get a ‘yes’ from one side of the business, don’t be afraid to approach another department. Try to find someone that sees value in your product and let them act as a champion and guide to the corporation.
3. Demonstrate value, make it real
Find a way to quickly demonstrate the value of your proposition. Banks and corporates are time-poor and have a lot of competing priorities. Even if you have a great product, you still need a way to show your value with a light touch and in an inexpensive way. It’s important to make your offering tangible, so they understand what it is you do and why they should invest their time and resources. Ultimately, they’re interested in benefits – whether the proposition is going to save them money, add another revenue stream or provide some other benefit. If you have an amazing product, bring it to life with some figures.
The Most Common Mistakes with Procurement
Shalini Sahi, Director for Sourcing and Buying in Barclays India’s Global Procurement team, works closely with Barclays’ business units and suppliers to deliver innovative solutions for the bank, balancing costs against service levels and managing risks. She is co-chair of the gender diversity forum in India.
The procurement process is often the most challenging point in the collaboration between a start-up and a large corporate. Shalini explains why three things can make or break the relationship.
1. Start early and expect roadblocks
Standard procurement procedures are complex and can be difficult for start-ups. Putting the time in upfront to understand them will prevent delays caused by questions from the procuring organisation. For example, start-ups are benchmarked against other suppliers and are often asked to explain what makes their services unique – sometimes the answer is not clear. In addition, you’ll probably be asked to demonstrate how your start-up meets sustainability and diversity requirements, high on the list of many corporate supply chains. Expect these questions and have your answers ready.
2. Get your documentation in order
Start-ups are often unprepared for the procurement process because it can take a long time to provide corporates with documents such as company registration details, statutory accounts, insurance certificates, identification documents for founders and investors and IT architecture guides. That’s a lot of documents to uncover, create and review! Expect to be asked for these details, and be patient – contractual review can take a long time. It’s mainly focused on an analysis of data privacy and security, areas that large organisations will not compromise on. Other requirements you might be asked to meet (and demonstrate that you meet) include responsiveness and expectation management.
3. Think of the future
Most start-ups miss this. Once you’ve completed a contract with a corporate, take the time to reflect and summarise the highlights and lowlights. Present your inspirational moments, learnings and areas you would work to reinforce or improve in the future. This gesture will be highly appreciated by corporates, who will be planning for future enhancements in both their technology and their procurement practices.
Security Considerations for Start-ups
Sohel Patel, Cyber Innovation Lead, Barclays, focuses on innovation and bringing in new technologies into Barclays. This includes delivering security solutions to help internal and external customers. He supports and mentors cohorts as part of the Barclays Accelerator. Here he discusses how security controls are vital to any bank and the start-ups with work with, and describes what you can do to facilitate a cyber and compliance review by a bank.
Financial institutions must be strict on cyber. They manage money for customers and investors and have a responsibility to protect the information held on their behalf. It’s an obligation not just to customers and investors. Banks and other institutions are accountable to shareholders and also to various regulatory bodies.
Why do financial institutions care what third parties do? Many organisations obtain banks’ and their clients’ data, through the likes of APIs, so they must ensure that – however it’s shared – it’s protected. Evidence from the past shows that this has not always been the case. Take the example of Travelex and the potential theft of customer data during a cyber attack in December 2019. To mitigate security breaches like this, it’s incumbent on any bank to assesses the risk that third parties pose to the data we share and they use.
Within Barclays’ Chief Security Office, the External Cyber Assurance and Monitoring team’s sole responsibilities are to:
- Ensure that third parties have adequate controls in place prior to the sharing of any data
- Continuously monitor onboarded third parties’ security postures
Early on, it’s wise for start-ups to begin thinking about how well your company squares up in terms of its hardware, software, policies and capabilities to manage its defences and react to a security threat. This is your security posture. Don’t limit it to cybersecurity. Include physical security (security guards, locks and authorised access to data centres) and screening (background checks on employees).
Think about resiliency, including backups and solutions to restore systems as quickly as possible in the event of downtime.
As part of cyber controls, there are a number of frameworks that you should review and obtain certification for. These include NIST, ISO27001 and PCI DSS.
If you create a software product, it’s advisable to get it penetration tested to ensure that vulnerabilities are exposed early on and rectified.