Archive.fm

TechCentral (main feed)

Meet the CIO | TymeBank’s Bruce Paveley on building a digital bank

Meet the CIO is presented by Wipro.

Bruce Paveley says that when he moved from a senior IT role at Standard Bank in 2017 to the then-nascent start-up digital bank TymeBank, it was “a really big shock”. “You go from five buildings in the middle of Joburg, multiple floors, to an office in Rosebank that’s two floors, and that’s the bank, and you think, ‘Wow, is this really a bank? Can it work like this?” That was before TymeBank had launched its first commercial services, and long before it would go on to become South Africa’s most successful digital banking start-up with nearly 10 million customers and R6-billion in deposits and R3-billion in loans. Paveley’s love for computers started when his dad bought him a Sinclair ZX81 in the early 1980s when he was a youngster growing up in the small north coast town of Empangeni. Today, as chief technology officer at Tymebank, Paveley is leading a team that’s building the technology underpinnings (cloud-based, of course) of a modern digital bank. And it’s a fascinating story about using technology to challenge established industry incumbents. In this first episode of TechCentral’s new podcast series, Meet the CIO (presented by Wipro), Paveley chats to Duncan McLeod about what was involved in launching TymeBank from a technology perspective, the strategic choices it made and why, and what comes next in the bank’s journey. Paveley tells Meet the CIO about: • His upbringing in Empangeni and how he ended up pursuing a career in IT • The mainframe era, and his experience as a Cobol programmer • His IT career at Standard Bank, including his involvement in the bank’s big SAP project • Why he joined TymeBank • What was involved in building the new bank, and the role that technology played • TymeBank’s technology stack, and why the bank migrated from an on-premises solution to the cloud – and why it made the technology choices it did • Tyme Group’s internationalisation plans, and how technology is underpinning that expansion • How he works with the rest of the bank’s management team, and where technology fits into strategic decision-making • TymeBank’s approach to cybersecurity • What keeps him awake at night • And much, much more Meet the CIO is a new podcast series produced and published by TechCentral and published monthly. We talk to IT leaders across South Africa about the role of technology in their organisations. Don’t miss an episode by subscribing to TechCentral at youtube.com/techcentral.

Duration:
37m
Broadcast on:
02 Aug 2024
Audio Format:
aac
I'm Duncan McLeod, welcome to Meet the CIO brand new podcast series from Tech Central, where we're going to be speaking to software vendors and hardware vendors and the usual suspects in the industry, but rather to the end users of technology, the people task with using technology to grow their businesses. The chief information officers that make it all happen. The show will be published monthly over the next year, it's proudly supported by Whip Pro and we thank Whip Pro for their support and helping you bring this exciting interview series. Now, in Meet the CIO, we'll be talking to IT leaders across the length and breadth of South Africa. So make sure you don't miss an episode. You can subscribe to Meet the CIO and all of Tech Central's podcasts on YouTube at youtube.com/techcentral. Simply search Tech Central or Meet the CIO in your favourite podcasting app and hit that subscribe button. Now, our first guest on Meet the CIO is Bruce Pavely. Bruce is CIO at Time Bank, the digital challenger bank that's backed by Patrice Mosseper and Time Bank has a fascinating story to tell about how they're using technology to challenge the incumbents in the banking industry. Bruce, thank you for making the time. Thanks for being our first guest on Meet the CIO and welcome to our studio. Yeah, thank you very much. It's great to be here. Fantastic. So, Bruce, tell me a little bit about yourself and your background. I see you went to high school in Impangini in Northern Quazula, Natale. It's a tiny little town. It's quite a move from there into the world of banking and IT. Absolutely. So my folks moved out from Zimbabwe many, many years ago and we landed up there. I did all my schooling there, tiny little town in the early days. It's grown into a bit of a bigger town now but it was really fun and different to go to school in those days in a little farming community. Yeah, okay. So you have a fairly lengthy career now in the IT industry but you started out as a cobalt program. I hope I'm not giving away your age yet. I don't think many people know what cobalt is anymore. That's always my coffee joke when I go out and I meet people and ask them, do you know what cobalt stands for? And most times they don't. So do you know what cobalt stands for? I think it stands for common business orientated language. Wonderful. Yes, not many people get that right. I'm also showing my age. Yes, indeed. I never coded in cobalt but I know about it tonight. A lot of organisations in this country, funnily enough, still run cobalt. The bigger ones? Any company that has a mainframe? That's the main programming language on mainframes but it is really something of the past. You don't need it now to run the big systems like you used to have. That was the only way you could get the volume and the performance you're looking for. Nowadays the technology has moved on and it's different and those companies are stuck with what we call legacy. So they're trying to move off it, I'm sure because it is a very expensive platform but the cobalt skills have become very expensive. But difficult to find. I think an IT costs are quite high for staffing. My grandfather once said you pay peanuts to get monkeys. So you have to pay appropriately for the people you want to get. That's your business in a day. If IT is done, you can't run your business. So it's not about the costs, it's about the availability of this stuff. Do you use it all double in programming at all? I don't. You don't. So I gave that up about seven years ago, eight years ago. I used to do it and then the teams I managed got very upset with me because I used to go and dig around in their code. So they removed my access. I still have my previous employer, so I haven't done that in a while. So why did you get into IT? Was it just an interest in computers when you were growing up? So my dad bought me a little ZX Sinclair, ZX81. Amazing. And I think I was 12 or 13 at the time, plug it into your computer and that's where my fascination started. I'm amazed at how many people got started their programming careers on the ZX81. Correct. And it had a memory extension on the back, this big box. I remember. I had a ZX81 and if you knocked it too hard, the whole thing would crash. Correct. So you had to put a press stick there to hold it in. Yes. So that's when I plug it into your TV and I'll never forget it was the flight simulator, the first flight simulator. And I took it out the cupboard probably five or six years ago and I stuck it into the TV. You've still got it. And my dad has it. And I couldn't even understand what is going on the screen. So how I played flight simulator those days, I have no idea. But that was all there was. I guess it was wonderful. Amazing. Do you still play flight simulator today? I haven't in a while. I just don't have time. I've still got the joystick. I've got everything else. Let's check out the new version. It's actually very good. I'm not a big fan. I am. I am. Right. Let's talk about your career history. So you started out as a as a cobalt programmer. Was that on my mainframes for the banks? So it was mainframe for the banks. I actually started at Transnet Data View in those days. Yes. I mean, that's how I did all my training. I went through an internal training course on cobalt programming. It took a year. Then we got put into one of the department's there. And I looked after the catalog system for all the parts in Transnet. And from there I moved to BMW. I spent about 10 years there. And then in the early 2000s, I moved to Standard Bank. When I moved from manufacturing BMW, they shut down the mainframe in South Africa. They've moved it back to Germany. So I didn't really in those days, I thought this thing was going to be around a lot longer. So I didn't want to have to change what I was focusing on. So I looked for another opportunity to work on the mainframe still. And that's when I started in the bank. And it was really interesting. And that's where I got exposure to the non-mainframe type of thing. So Unix, Solaris, Linux, all those type of technologies. And it was really exciting to realise how much more creative you can be. But there's a lot less structure. So the mainframe protects itself in the way it's built and configured and the way you code. But all these other languages don't protect itself. So you have to be a different type of code. You have to bear that in mind when you do all the coding. Okay. So what was your role when you left Standard Bank? What was your final topic? So when I left you instead of bank, I was an executive for infrastructure and operations. I'd been heading up to infrastructure program for the SAP transformation project. That was really a huge project. Moving them, you know, a lot of the custom information, a lot of the systems out of the legacy of the mainframe onto SAP. Okay. Oh, that big SAP project. Yeah, yeah, yeah. That's a lot. So I performed many nights, many weekends. But it got done. So I was quite proud of that. Okay. Okay. And then how did the Time Bank opportunity came along? You joined Time Bank in 2017. I joined in 2017. Were you head-hunted? Not really. So I was in the market. I was looking for something different, something challenging. And Time Bank was on the market. I got referred there by somebody at one of our suppliers that I used when I was in the bank. And they said they needed somebody with the background of infrastructure and operations that I had. So I went for an interview. It was really a big shock. You go from five buildings in the middle of Joburg, multiple floors, to an office in Rosebank. That's two floors, you know, and that's the bank. And you think, wow, is this really a bank? Can it be a bank? Can it work like this? And they hadn't, you know, gone live yet. So I was there to help build out the infrastructure. And it was all on print at that stage. Okay. And I can discuss the journey to cloud. That's very interesting. At the moment, we probably 95% in the cloud. So we've moved away. But that was where my expertise was. And I was very proud I went for another interview at one of the other consulting firms. And I sit in, I've got all this SFP knowledge, 10 years of it, building, deploying. And the guy in the interview is a senior partner. They looked at me and said, please don't tell people that. We're moving away from these big monolithic systems. It's now smaller. So that was an interesting insight I found during the interview. I was going to ask, how does one go about starting a digital bank or a bank at all in the stay and age? Do you just simply go to a vendor and say, this is what I want to do? What is your solution? Or do you have to do a lot of your own work? There's multiple ways. So as we'd had the discussion before we started the intro this afternoon, you get a CIO and a CTO. CIO really builds everything themselves from scratch. CTO in my mind, this is my view of the two different roles. They're very similar. They look off to ITN and organization. But the CTO role is there to more look what's in the industry and how do you assemble capability in support of the business objectives? And my view is if you start building everything yourself, the ability to change and keep up with modern technology is quite difficult. So what we did is we went and looked in the market and we found specialist companies that fulfilled requirements that we had around the banking products. And when we went live, we were a really simple bank. We made sure you could put money into the bank EFT transfers from one bank to another. You could deposit money at a pick and pay till. So that was a direct deposit. We didn't have branches. We still don't. So we had to solve for that. The other one is the ability to use your card. The card obviously had to work. A bank without a card isn't a bank. And then EFT where you send money out the business. And those are the four products we launched with. And some of those, I think the card, we didn't buy that, build that solution. The EFT in and out the bank, we didn't build that solution. So the only one we built. Really? Correct. The one we built was the ability to deposit money at a tool point. So we've got a lot of ATMs around the country because every tool point in pick and pay in boxer is effectively our ATM. So we built that ourselves, partnered with pick and pay, and then enabled that direct entry. Is that because there wasn't an office shop solution available for that? Well, it was really because we were working with the partner pick and pay. And we had to connect their systems to our systems. And therefore, there wasn't really anything that we could do from do the direct integration. We've moved on since then. We have decided to build quite a bit of our own tech where we can't find suitable tech out in the market. And we also, in the last two, three years, focusing on our data. Now, when you run tech outside of your business, where does your data reside? Your data lives with another organization. So we're really looking at our strategy and where it makes sense. We're starting to build some of the tech ourselves. So we have direct access to our data. At the moment, we've got a huge data warehouse where we put all our operational and transactional data into the warehouse. But getting it from a third-party supplier back into our warehouse can be challenging due to volume. So that's why we're having a look at that strategy. So you mentioned you started with an on-prem solution and you have since moved to the cloud. What did that on-prem solution look like? Did you buy an underpinning banking platform that you built on? No. No. So you buy hardware. So you phone up Microsoft or any of the suppliers or IBM, and you say, "I need this type of hardware, this much memory, this much CPU, this much storage, disk." And then they go and they build it in a factory somewhere, it gets put on a ship, it gets shipped out to South Africa, sits in customs for you don't know how long. Then eventually you have to find a data center. We rented space and two data centers in South Africa. We didn't build our own. It was not necessary. And then you physically install that equipment, plug it into electricity, plug it into the network. You have engineers that log on to it and configure it, IP addresses, all those type of things. So it's really a lengthy process right from the ground up. Then the software you buy, you install on top of the operating system and the database that you've chosen to use. Fascinating. Fascinating. So you shifted over time to the cloud. What was the thinking behind that decision? So CBA, Commonwealth Bank of Australia, was the owner of the bank at the time. And they have a strategy at that point is when you build something new, you buy enough technology to support it for the first three to five years. So you don't have people in another day to center changing technology, having that downtime in order to upgrade. So they had bought five years worth of equipment for us to build the bank and run the bank for five years. As you went through and started looking at our product set, we found that the equipment that they had bought wasn't enough. So we had to make a decision. Either we invest more capex or was there something else? And AWS was just getting off the ground from a cloud perspective. Where bigger organizations thought that could be a possibility. So we started partnering with them, talking to them. And I think in the early days, we were also just a little bit of a guinea pig for Commonwealth Bank of Australia. So how do you lead into it? How do you manage security? And I was dead scared in those days of handing over control of your data center and your physical servers to a third party. How do you make sure that they apply the rules and regulations that you have inside around your cyber? For us, cyber is number one. We've got a thing called the cyber onion, which is all the different layers of defense where you protect your customers' data. And we make sure that that is never compromised. And we have a thing called cyber security non-negotiables, which was something we had also built and made sure that we never put anything into production that doesn't adhere to that. So that can slow you down a little bit while the developers are getting used to it. Your suppliers are getting used to it. And through that process, we realized we had to buy more technology. And then we looked at AWS. We looked at a few other cloud service providers at the time. We chose AWS because it was really more fit for entrepreneurial businesses. The other ones were more fit for big established corporates. Just so we went to AWS route. We haven't looked back. We had a few bumps along the way in the early days. They were learning. We were learning. Where the South African data scene was launched at that time. No, no, no, no. So we actually ran out of Ireland at the time. It was Frankfurt, actually. So it was Frankfurt. We both there. We ended up consolidating everything into Ireland. And now we've got some stuff running in Cape Town as well. Cape Town as well. Are they a regulatory or compliance issues related to where you host a bank? Absolutely. Absolutely. So the Reserve Bank will not typically allow you to host or run your services outside of the country, outside the borders of South Africa. Those are the rules and regulations at the time. What we did is we engaged the Reserve Bank. And it's hard and stick clear that the Reserve Bank is they're actually quite progressive. They want to change. They want to enable businesses, especially the banks. So we had quite a few meetings with them, explained to them the cyber side, how they get access to data. And my experience from my previous employer where I managed data centers was really handy because I could explain to them that whether we run technology outside the borders or even inside the country, if you had to go to one of the big banks now and say, I want the keys to your data center because I want your credit card information, there's no sign on a server rack that says credit card. I mean, there's 20, 30, 40,000 servers. So you need the people in the business to explain which service, hold which data, and you get to it from the office block anyway. And going through that discussion with Reserve Bank, I think it gave them quite a bit of comfort that even if it's housed overseas, we are still needed to give them access to the data. And we can do that. We've shown them that it's possible. Also, Ireland is a very stable environment. Politically, it's stable, infrastructure-wise, it's stable. So it gave all that certainty as well. And then they end up giving us approval to do it. And I think that led the way for all the other banks in South Africa to be able to go into cloud. It's not as easy as you just wake up in the morning and move everything to the cloud. You have to inform them, you have to tell them what you're doing, they keep record of it. And they have the ability to withdraw that at any point if they wish. But I don't think they're going to, as long as we behave. And when we started, we had zero customers. And when we were moving into the cloud, we probably only had 150,000, 200,000 customers at the time. So the risk in the country was very small. There's no banking sector risk. So I think they learned with us as well. How big is Time Bank today? Give me a snapshot of the business. You're approaching 10 million customers. We onboard on average 180, 200,000 customers each and every month. We've got 6 billion in deposits, 3 billion in loans. It's a big operation. It's very big. Well, we think it's huge, right? From where we've come. But when you put it next to the other big banks, we've still very small. But we're getting there. The public is trusting us with their money. They're transacting with us. They use their card a lot. And we still have a few features behind. I'll sit here and be honest. We've just launched our virtual card where you can put on your phone and you're watching, you can tap it. We've just enabled scheduled payments. And that's the basics. And we're really trying to get the basics right. So whichever bank you come from, and you start banking with us, you get the same experience, the same tools and capability of the service. Who is the target market? Well, it's really the traditionally unbanked and low-income portion of the market. What we've found is there's not really a product out there that's simple and easy to use and that the people can understand. So if you look at our app, it's very basic, very simple and very intuitive. We have a big refresh planned for the next 12 to 18 months. And we had a huge debate internally at the ExCO to say, are we going to do a big bang, replace and put a new app out there? Or are we going to do an incremental change? And what we've decided to do is obviously do the incremental change. It's allowing our customers to grow as we change the product. So you'll be used to one screen, one day you'll log on and the screen will be slightly different. And you'll get this intuitive way of learning the new screen without changing the whole experience so that they can get used to that. A lot of our customers don't have smart sides. So we've very strong USSD-based. Interesting. Very, very strong. Everything you can do on the app, you can do on USSD, right down to approving debit, debit check transactions, debit check mandates. You can do all that on USSD. What is the split in the user base in terms of people using the smartphone app versus the USSD channel? Probably about 60% on USSD. Wow, that's amazing. That's huge. That's amazing. But we are now focusing. We've got a few tricks up our sleeve over the next 12 months to try and look at now the middle market. So we think we've got what we need to serve the low income of the market. Now we want to start serving the middle market. Interesting. Some other new banks from this market have started at the top of the way down. You guys have started down here and are working your way up. Correct. Interesting. Now, not many banks start with a transactional product. We started with a transactional product. We didn't start with a lending product. And I think if my memory says me right, we've got only bank in South Africa that ever started with transactional products. And anybody in a bank will know you don't make money there. You make money on the lending. Or you can make money on fees on transaction. We don't charge fees. Our fees are what we do, but it's very, very low. We've got a principle that we try and keep to, especially with the market we've got. Money in, money out, use your card for free. You will never pay banking fees. If you want to use an ATM, we get charged for that transaction from the ATM service provider, which over the other bank it is. So we pass it on to the customer, but we don't make profit off of that. Because you can go to a tool point that we can pay and you can withdraw money for free. So what is your business model? Make money on deposits. Make money out of deposits and value-added services. So a lot of electricity purchases, data, those type of things. But we are going to be looking at another way of making money out of people holding accounts, and the way we position the accounts. I'm not going to say too much today, but look out for it. It's coming. Nothing's going to be quite exciting. And there'll be a small fee attached to that, a monthly fee, I'm sure. But that's going to give you a lot of benefit and functionality with that. They're not going to like me calling them this, but legacy banks have a lot of information systems that they've built over years, lots of layers of middleware, talking to all the technologies and newer technologies, et cetera, et cetera. You're a relatively new bank in the market. You don't have a lot of that legacy. How much of an advantage is that for Time Bank versus the legacy banks? I think it's huge. So number one, the people we have working for us are people that know the current products and capabilities out in the market. We are forever spending time on R&D. What is there that we could use to improve our availability, our performance, and our speed to market? That for us is critical. So with legacy systems, you'll build and run products for 12, 18, 24 months. If we have a project longer than six months, we have a problem. We don't like that. So we try to be quick, innovative, and take things to the market. Legacy banks is not their fault. It's the way they've had to build solutions from the technology that was around 20, 25 years ago. And they're still sitting with it. They're still sitting at why are they still sitting with it? Because it's very expensive to move. You're going to take development cycles away from new and enhancements to just replace something that you've already got. But they will come at time where that's going to be too expensive, especially competing with the digital banks and the business model we have. We don't have branches. And therefore, our cost base is very low. We don't have branch systems either. The closest thing we've got to a legacy bank is a call center. Wow. So various Time X. Is that part of the IT department of Time Bank? How does it fit within the organization? No, it's not. It's totally outside of Time Bank South Africa. It stands at its own. The guy who runs it used to be the CTO of Time Bank South Africa. His name is Dieter. And when I took over from him, he went to focus on building that capability. That capability is there to support the group. And it supports the Philippines' go-time business, as well as the Vietnam go-time business. So we are multi-country bank and we've been running the Philippines' and business snaf for probably just over 12 months. And when they build solutions, it's for all banks at the same time. So we don't have development cycles just for South Africa teams, just for South Africa, just for the Philippines. We have it to cover the whole organization, all the banks in the different country. There's probably five or 10 percent nuance of an in-country nuance. I mean, we work with bank surf. They work with the equivalent called bank net. And the integration will be different, but the product, the look, the feel, so you get the economies of scale. One team building for multiple countries that makes the cost really, really low and super quick. I presume there's separate instances or IT systems that run each of these banks and these markets rather than being one system. At the moment, that is. But we're looking at a model to see where does it make sense to have one system. So we run in Ireland and in Cape Town data center. They will run in a data center closer to their region. We are also looking at this interconnectivity question. If you want to run a bank from another continent, is the internet fast enough? As you know, East and West cables, every now and again, get dredged up. We haven't been impacted by that. We've got DR across multiple links, and we've done that on purpose. But you never know one day when you will get impacted. So we're looking at how do you build fit-for-purpose in different countries, maybe different data centers, if it's meant to be, or maybe different systems. But the source code will be exactly the same, regardless of where it's deployed. Let's change direction a little bit and talk about IT management leadership within Time Bank and Time Group, for that matter. How do you work with the rest of the leadership team in the bank? And how important is technology to the business? How much does it feature in management meetings? It's huge. So I'll be the first to say, probably two years ago, we had a little bit of instability in our systems. And then it was the number one agenda item for the X going for the board. And Dieter and I always joke and say, "No news is good news." So from a Time X perspective, from a Time Bank South Africa, because we run all our operations here. That's just the development house and production, the coders in Time X. We do everything else here. So my view is no news is good news. At the moment, thankfully, we haven't been in the news. And the board meetings go quickly. The ex-girl meetings go quickly when we talk about IT. But we've had these interesting discussions in the past. Are we a business-led business, or technology business, lead business, or operational-led business? And I think there isn't one answer, forever. You go through different phases. So in the early days, we are definitely a technology-led bank. Technology drove the organization. And I think now we pivoting into the business side. Tech must support business. And as we go up the curve of the different type of customers we're looking for, we have to respond to their needs and their requirements. So we work really differently. Every morning at 8 o'clock, I run a meeting with the whole organization, all ex-girl members, all senior managers, all operational teams. And we cover each and every product that we've got in the bank, anything that's maybe not too healthy, or any customer complaints that seem to be a trend and we cover it end-to-end in that meeting. We also then have many other meetings where we do priority sessions. So the ex-girl sits together every two weeks, where we spend time and we look at our priorities and we run agile. So we can't give you a list of priorities for the next 24 months. We'll give you a list of priorities for the next six months. And then where do we have the money? What is the product requirement? What's going to make the most revenue for the organization? And what's the customer requirements? And we prioritize that. So we really work differently. We've got a very flat structure. Anybody in the organization can come and speak to me, or any of the ex-girl members, whenever they're like. We don't have offices. We're not on an ivory tower. We sit amongst the staff. We move around desks quite frequently. So we're really different. We're not a traditional hierarchical organization. A question I'm going to ask all the guests on meet the CIO. I'm sorry, I haven't prepped you beforehand if this question is coming. So apologies. But are there any productivity hacks that you would love to share with your colleagues out there in the industry? What software tools or procedures or programs or anything that you use on a daily basis that really make your job easier, that you think everyone should be using? Absolutely. So we do a thing called telemetry. Telemetry? Yes. And that was really a game changer for us. And that's it to us. It's people process technology. It's a typical answer that jumps into my head. So let me talk tech first. And I'll be accused of being a tech led IT guy, but that's all right. Telemetry is very important at multiple layers. So where I worked before, if there was an outage, we used to look at about 40 screens in a very, very big boardroom. And you wouldn't know where's the problem stemming from? So when I joined Tom Bank, I had a thing called a red dot. And I worked with another company, a local company called Sourcing. And I said to them, I want a red dot. And when I first met with them, what do you mean a red dot? I said, I want one screen with a big red dot or green dot in the middle. While everything's working, it's green. I don't need to know what's working because everything's working. And I changed the whole thing around not knowing what's working, but knowing what's not working. So when that red dot or the green dot turns red, you can click on it and it'll take you to the system that's having the problem. You can click on that and you can drill down to see if it's a database performance issue, memory issue or a CPU, you're running out of CPU or a hardware failure or just connectivity issues. And that really helped us in the early days. But what we found, it didn't give the engineers, the developers, the system engineers, the tools and the visibility they needed. So we've implemented a protocol day to dog that gives us end to end insight. And it's from the developers desk all the way into the call centers desk, all the way into the problem and incident management team. And even now myself, I've got an iPad that's always open on my desk. And I look at one thing, one thing all day long. And that's our card systems. It's open 24/7 in my office. While I'm working, I just look to the right and it'll be there. And I can see immediately if the card system is working or not working or struggling. So often, you'll tap your card and instead of waiting one second for the approval, it'll take two or three seconds. We see that, we respond and we act before the customer gets impacted. So I think our game changer is really telemetry end to end across every product we build from the front desk all the way back down to the developers. Because they must be proud of what they build and they must be able to see how it impacts the customer. And they're very close to the customer. All our staff, regardless of which department division you sit, you're very close to the customer that uses up on that. So it's a bespoke system that you've developed in-house. No, you buy it. So Datadog is the part of the shelf sourcing. They've got their own tooling that they've installed for us. So we don't grid and build anything ourselves. That's CIO, CTA. Yeah, okay. I want to chat a bit about, because it is such a top-of-mind issue that many organizations today have actually created another role in the C-suite, specifically to focus on cyber security. Is that something that Time Bank has done? Or is that filtered inside your purview? So you can do it in two ways. You can either do it in compliance, audit risk, or you can do it in IT. And what we did three years ago is we moved the business operation teams away from outside of IT, and they formed part of the IT team. So business ops actually reports to me as well. And that broke down all the silos of that team over there. They didn't give me the tools. They don't do this. They don't do that. And it's really changed the way we serve our customer. We do it quicker. We do it smarter. We do automation, all those type of things. So when it comes to cyber security at the moment, it reports into me in Time Bank. We've got a head of cyber. We use an external company that runs our SOC for us, our security operation center, and they do all the alerting. But when it comes to resolving problems, we do it with that. We've got a very small internal team, but we highly technology-driven. We've got a single suite of cyber products that we've bought from one company. Once again, lessons I learned from where I worked before. You'd buy a product, you'd buy another product, and they didn't talk to each other. So I made it very clear that when we build cyber-related technology, it's from one supplier, where you can get integration of product end to end, and you can track things right through your system from beginning to end. So yes, it reports into IT. How do you manage cyber security? I mean, we hear horror stories almost every day now about often the government websites that are being taken down, ransomware attacks, etc. I'm sure your systems are being probed all of the time. How do you manage that? I mean, in a bank, it's a particularly high risk. Maybe we spend a couple of minutes just talking about how you manage that risk and deal with it. I'm sure the regulator's also very much involved. It's high risk and high sensitivity. So what we make sure we do is we've got, firstly, all the right tooling, but we really strict around the way the tool gets implemented, the way developers code, and before anything that can be released into production, it goes through rigorous review of certain aspects, and we will not allow to go into production until that has been resolved. We do lots of testing, penetration testing. We do a lot of other testing as well. I'm not going to share all of it with you. Otherwise, everybody will know where to go and target. But like I said earlier, we've got this thing called a cyber-union, and we certainly believe in layers of defenses, like at home, right? You don't just have a gun under your pillar. You'll have an electric fence. You'll have beams. You'll have eyes inside. You'll have an armed response company that comes out. And if all of that fails, then they're going to steal your TV. And we try to make sure that we've got all of those up at any one time. Not saying that something isn't failing. Every now and again, something will fail. But because of the levels and layers you've got, you've got time to remediate it before there's been any negative. But you know what? You can only do so much. And the criminals are always trying to be one step ahead of you. So it's about staying abreast of the industry, understand where we are. We belong to many different cyber forums to try and understand what's the latest and greatest attacks that are out there and be proactive to try and prevent that. But I don't think you can ever say that a cyber breach is poor cyber security. There can be a way that people find their way in. But we are super, super, super strict around it. And all banks have to be super strict. If you're not a bank, you can be a little bit more lax on some of the things. But we really make sure that we look after our customers' data. That's our main product. Before deployment of new products into the market. If there's anything that keeps you awake at night, what is it? Two years ago, it was definitely availability of systems. We were growing at a fast rate. We were doubling our customers every year. So month on month, I was growing the environment by 30%, 40%, I mean, quarter on quarter by 30%. So that kept me awake a lot. Luckily, we over that hump our systems on our very, very stable. But we've put a lot of work and effort into making the system stable. So we do performance testing, peak testing, we know in November, we coming up to another Black Friday month. So we focus on that in September and October, December is another heart peak period for us. So we've made it our business of making sure that our systems are available and can handle the workload. And to be honest, I sleep quite well. Nowadays, we don't have many failures. We don't run batch in our bank either. I don't know if you're familiar with what batch means, but at that time, you shut your branches down, you collect all that data, you process it through the night, all the interbank transfers that came from all the other banks or the other corporates get put into files that run through the night. It's a really mainframe question. Hopefully by six o'clock years, hopefully by six o'clock in the morning, the systems are all online so the branches can open. It also runs on Unix. Windows also has batch jobs. But one of the founding principles we had is we want to be an online bank 24/7. We don't really understand what a Saturday and Sunday means in our business. We're available. All transactions work all the time. Lastly, Bruce, what's the outlook for your role over the next three years? How do you see the IT function within time bank evolving as the bank starts to mature and becomes a much bigger organization? So I think it's really exciting. We have to ensure that we build capability as we grow our organization. So we know we're done from deploying products, being innovative and having more customers. We want to be in the top three, at least from a number of customers in the next three years. So we must make sure that we live with that and we focus on that. I must also make sure that the support for customers when they log a query, things go wrong. I'll be the first person to sit here and say things go wrong. Two rules. Mustn't be wrong for very long and it must be fixed very quickly and you must keep the customer informed. So our focus over the next three years is customer service, customer service, customer service. And technology is a huge enabler of that to make sure that the customers get credit service. As we expand globally as well, I'm going to be more involved in the other banks in the different countries, giving them advice because we're either leading bank in the group from a size perspective. So lessons we've learned, we don't want to repeat. So how do we share that knowledge, how we create the capability that our operational teams can help build operational teams in the other countries so that they get up to speed quicker. They get through this change curve and new curve a lot quicker so that they're more productive quicker as well. This has been a fascinating conversation. Bruce Pavley is chief technology officer at Timebank. Thank you for being our first guest on Meet the CIO. It's much appreciated. Thank you. Thank you. Being a great privilege. Thank you very much. Appreciate it. Thank you. Thanks.