Morning, let me start by thanking the people at cooking a call for the opportunity to reflect on the last three years in digital identity and access at National Australia Bank. And if this was a conference in Australia, we would start with an acknowledgement of country. And I thought rather than skipping this, I just wanted to reiterate that NAB is proud of Australia being the home of the world's oldest living cultures. And a little later I will talk about sort of what that means for us and how we sort of trying to put that into practice. So let me get into it. Our identity access environment is custom developed and it has gone through multiple significant changes or worth talking about every single one of them has delivered benefits for our customers and the bank. But today I would like to focus on the last three years, not least because that's how long I've been there and therefore I can talk from personal experience and if you sort of take this as a story of growth as much as a story of what it means to put in a full-blown digital identity and access capability.
And if you try to sort of learn from my mistakes, I think that would be a good outcome. I would like to focus on three areas in this presentation where we've worked to improve the customer experience where we wanted to make life easier for our bankers, including our engineers, and hopefully in the not too distant future change how people in Australia engage in the digital economy. So first we put a lot of effort into, into consolidating anything to do with customer authentication. And the purpose really was no one else needs to bother with this except for us. We've changed how the bank looks at customer authorization and we put new capabilities in that actually allows allow us to deliver against that vision. And then last but not least, we've deliver, we've invested into a proposition to deliver digital identification to the Australian digital ecosystem. And that brings together public and private sector. We hope that we will be reducing the oversharing of data and we hope that it will, it's gonna be inclusive for all Australians, including our indigenous peoples and the many migrants like me.
So when I joined National Australia Bank, we were in the process of onboarding our digital bank and that sort of gave us the first exposure to a large scale customer facing integration. Previously we sort of had run this as a high transaction volume service, but that was always abstracted from the actual customers through other paths of the environment. And if I look back and sort of see what where we are today, then today nearly all of our channels use our service including our largest retail and business banking channels. And as such, I can say hello to Central idp. So in 2023 so far. So, but as part of the journey, we had the opportunity to lean into a couple of additional challenges and the first, and probably the most important one was that we wanted to provide channels with front end code that would allow them to accept the capability that would, where they would not have had to deal with provisioning, user objects, resetting passwords, delivering the login window and all the other nice things that come together with customer authentication.
And so we also wanted to deliver this in web and mobile. So no small ambition and I would invite you to say hello to the Identity Mini app. And in delivering that as a capability, we took a calculated risk because we built it on the notion that people will come and boy did they come. The second one was that we figured our contact center bankers needed a way to assist customers quickly and efficiently instead of waiting for a backend team to fix the customer problem. And we wanted to do this in a way that minimizes risk both for the customers and the bankers. And so again, I invite you to say hello to the user and device management mini app. And so what really made this success was that we worked closely with the contact center to understand what are the customer pain points, how bankers fixed them and how what can we do to actually support our bankers in that endeavor.
And it also gave us a good business case where we succeeded was that we improved the customer experience. Bankers were, were happy that they could support their customers right from the, and didn't have to wait for to help the customer. And third, we actually integrated anything contact center authentication related into a single location for the bankers. And that I would ask you to say hello to the interaction authentication mini app. And previously bankers sort of had to navigate through multiple systems to do things like IVR based authentication, device based authentication, knowledge based authentication. And we pulled all of that together and make sure that sort of, they have a single view of that and sort of from a contact center perspective improvements there are measured in seconds on calls. And so it really made a difference for, for our bankers.
So I'm sure there are a few left brained people in in this room and probably you have sort of counted a number of times I've asked you to say hello to this thing called mini app. So what is that for us it's I think one of the critical success factors in the sense that we were sort of ready as a central IDP and then the bank proceeded to invest in delivering front end experiences that would be reusable across channels, could be branded, would be easy to deploy and and to really put control back into the areas that had the subject matter expertise rather than sort of, than abstracting into the channel. And we've put a lot about that on social media and we want an award for it. And so if you're interested in sort of how all of this works, look up nex nex and then we'll give you all the gory details around that.
But sort of for us it was the case that we now had control of our own experience and sort of could really deliver for the customer and the banker. And so can I just have a quick show of hands? Who thinks getting a team that is used to running a central idp implementing new grant types, managing scopes, keeping up with open Id connect to add a front end experience to their to the arsenal? Well no surprises here. That was not easy and I still have fond memory of my principal engineer coming to me and saying, ah, you, you know what you're getting sort of into, right? You sort of have to worry about customers, you need to keep them happy and need to worry about branding and then mobile and, and so, but, but sort of for me it was actually everything I wanted because sort of being there and sort of being hit over the head by the channels because you did something wrong that you really for the purpose it didn't have control over wasn't a particularly satisfying experience.
So, but with new capabilities comes to the mind for new skillsets and so where would we get the people from? And fortunately at that point we put something in place that is called the NAB Innovation Center Vietnam and all of a sudden we had access to a global network of engineers and many of them with a strong front end development capability. And I'm relatively certain that had we not sort of gone down that path, we would have not been successful in in the endeavor to sort of own the space back to front. So now some of you probably sort of laz over and go, ah, yes, you need something new, you get a provider and job done. But that was really not what we did. So what we did was that we wanted to have sort of a genuine front to back integration and our current backend squads, we split them and then we used those split components to create new squads that would be full stack and that were split across Australia and Vietnam.
And I have to really credit my delivery lead at the time who was really pushing hard for that model and he made it happen even though others were like all of your nuts, that's never gonna work. Keep the squads in Vietnam and Melbourne and sort of that's the, that's the way to go. The thing is that we actually integrated all this virtual working into the cadences and everything and hey pressor, the pandemic came and nothing, not much had to change because the teams were always working virtually to an extent and whether they were working from the office virtually or at home sort of didn't really make that much of a difference. So bonus, leaving that sort of behind the next one is something that I'm sort of really keen on and my team without fail gets mad at me when I talk about it. Let's see how it resonates here.
I think authentication is a lot of work, but the real potential is in authorization. And so what I mean by that is that you sort of take the myriad of business rules that are in your organization and sort of you distill the who can do what part and you put that into a policy engine. Easy, huh? No, so, so we weren't the first one at app that sort of to think about these things and I'm still sort of marginally proud of the fact that our business customer environment actually has a full-fledged self-service executable implementation where they can define the access that they need for their employers and and partners. And that gave us a really good foundation to sort of have the conversation and now say hello to policy-based authentication. So as you know, as you know, I'm, I'm really fond of saying hello. So afterwards please come along and say hello.
And I think the sort of looking back at it, I think financial services has a couple of unique circumstances or sort of couple of circumstances that make it make policy-based authentication authorization a really good fit. So first of all, we have a lot of people, and I mean a lot as in regulators who want us to know our customer. So that's one take and we do things at scale, mortgages, transaction accounts, whatnot. And so those things, two things together give you a really good starting point from a policy information perspective. We also do a lot of stuff digital and the complexity of the entitlement model is somewhat limited if you compare to workforce use cases and that actually makes policy administration somewhat easier And LA then last but not least, digital banking and open banking in the, in all its variations really sort of drove gateways, APIs and that part into the organization and that makes policy enforcement a lot easier.
I wanna be sort of clear that this is new sort of I, I know of mainframe based implementations of this, those concepts that were sort of delivered in the seventies, but for me sort of like passwords never wanna die. Policy-based authentications sort of seems to be an idea whose time never comes. But for us it actually has come through and in a big way in the sense that we've anchored this in our target state architecture, we procured the product, we implemented it and right now we are really seeing the benefits in terms of risk reduction, operational simplification and cost of delivery. Can I put my finger on what the success factors were? Not quite but sort of, I have a hunch that it's sort of getting architecture on board. I mean they love this stuff after all we found a couple of people in the environment that sort of had thought about it and and then sort of where where de predisposed and we actually brought them into the team.
And then last but not least, we had our new digital platform strategy that I talked about sort of NAVEX is part of that and that sort of really positioned as well to with with with this capability and again it was a risk in the sense that it wasn't quite significant investment. We sort of could have spent our money on other things that would've a faster payback, it would've lower. But we really sort of wanted to have this capability. We also took our time to build internal knowledge. So it wasn't sort of, we go from zero to a hero in a couple of months, but sort of we really sort of let the team build and experiment a little bit and get familiar with what we wanted to do. And also we chose a product that sort of didn't really give us everything that we wanted to but sort of based on the conversations that we had, we felt sort of it, it's a solid foundation that we can build on.
So if you're like me and think the stuff that we've talked about is exciting enough to give you a heart attack, then I think the next one will push you over the edge. And sort of a few months after starting at nab, someone sort of came to me and said, hey you know something about identity, right? You know how to spell it. Can you sort of come along and meet these people? And what I didn't know at the time was that that involvement would morph into something that I generally believe can shape how we do digital business for decades to come. So we are close to going to market with a digital identification proposition connect id and for that we partner with the Australian payments network provider and larger financial institutions in Australia as well as sort of some government departments. And for, for me, I mean that stuff is once in a lifetime.
So you get a work on the trust framework, you sort of do the engineering solution assisted by others in the room, you engage stakeholders, you make the business case, you consider legal implications, regulatory implications and I will not talk about it as long as I would like to because I don't want to spoil the presentation that my product managers will give Ed, sorry Martin in a couple of weeks time on that specific topic. But for me it's sort of, it's everything that the team sort of, it exemplifies everything that the team has gone through in terms of growth and capability building and and and ambition over the years. And so when I sort of said at the beginning I want sort of to acknowledge the world's oldest living cultures and sort of be there for them, then really for us a driving force is to make this proposition as inclusive as possible and that specifically means that we consider our first peoples as well as the many migrants that choose to call Australia home every year.
So in summary, awesome engineering team was the starting point. Critical component operations down pat, effective and efficient rollout of features, onboarding channels at scale. And then we were given and we took the opportunity to sort of make this into something a lot bigger and allowing us to sort of create a genuine digital capability where we do customer research, design investment planning, visions, roadmaps and top-notch engineering. And without a doubt there was a lot of learning and I, I still think I'm going through a learning curve in, in the sense that had, you asked me in the beginning what's a design brief sort of how, how do you put a focus group together who can sort of give you a target state user journey, why would you bother with personas? What does a product manager do? What do you do to make NPS better? I was like, no, I had no idea.
But really sort of what I've learned over the last little while is that great digital editing access perspectives come from a place where design, engineering product and architecture work together and really not in sequence. And so I've covered a lot of ground and if you take nothing away then it's painful to listen to all for 15 minutes. I just wanted to sort of leave you with three things. One is dream big. So even if you have a limited remit, no one stops you from imagining what it could look like and doing so actually prepares you when the opportunity for when the opportunity arises. Second deadline access is as much a business challenge as an as an engineering one. And so if you are on the business side, find your engineers and partner with them. If you are on the engineering side, find your business and if you don't have one, think about building one. And third just be proud. I've now had the opportunity a number of times to reflect on these kind of things and whether it's for a presentation like this, for an award submission for social media post, really sort of thinking back what you've done over the years and and putting it on paper is incredibly rewarding and certainly for me helps to sort of get out of the daily mess and to an extent reward myself. And with that I hope there's time for questions. Thank you very
So thank you. So we have time for one question. There is a, a gentleman in the center there with his hand.
Thank you very much. I'm keen on getting to know you were mentioning, okay. Okay. The legacy system was using Exacto.
It is still using Exacto. Yes. Still
Using Exacto. Yeah. So you were not shifting from Exacto say policies to feedback policies, but you were integrating that into your new solution, right? Correct.
Oh, okay. Thank you. Thank you very much for the questions. So perhaps we can, because we have to keep to time, perhaps we can go to the next speaker. Thank you very much indeed. Thank you.